Merge pull request #370 from themetric/fix_get_version_gemfile

Fix get version gemfile regexp and add tests

Merge pull request #370 from themetric/fix_get_version_gemfile
Fix get version gemfile regexp and add tests
b378274b · Justin · 9361ada6 · 45d9757a · b378274b · b378274b
隐藏空白更改
内联并排

Showing with 29 addition and 4 deletion

lib/brakeman/processors/gem_processor.rb lib/brakeman/processors/gem_processor.rb +5 -4

test/tests/brakeman.rb test/tests/brakeman.rb +24 -0

未找到文件。
--- a/lib/brakeman/processors/gem_processor.rb
+++ b/lib/brakeman/processors/gem_processor.rb
@@ -40,11 +40,12 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor

    exp
  end
-
-  #Need to implement generic gem version check
+  
+  # Supports .rc2 but not ~>, >=, or <=
  def get_version name, gem_lock
-    match = gem_lock.match(/\s#{name} \((\d+.\d+.\d+.*)\)$/)
-    match[1] if match
+    if gem_lock =~ /\s#{name} \((\w(\.\w+)*)\)(?:\n|\r\n)/ 
+      $1
+    end 
  end

  def get_rails_version gem_lock

--- a/test/tests/brakeman.rb
+++ b/test/tests/brakeman.rb
@@ -60,6 +60,7 @@ class BaseCheckTests < Test::Unit::TestCase
  def test_version_between_pre_release
    assert version_between?("3.2.9.rc2", "3.2.5", "4.0.0")
  end
+
 end

 class ConfigTests < Test::Unit::TestCase
@@ -202,3 +203,26 @@ class ConfigTests < Test::Unit::TestCase
    output_format_tester({:output_files => ['xx.html', 'xx.pdf', 'xx.csv', 'xx.tabs', 'xx.json']}, [:to_html, :to_pdf, :to_csv, :to_tabs, :to_json])
  end
 end
+
+class GemProcessorTests < Test::Unit::TestCase
+  FakeTracker = Struct.new(:config)
+
+  def setup 
+    @tracker = FakeTracker.new({}) 
+    @gem_processor = Brakeman::GemProcessor.new @tracker 
+    @eol_representations = ["\r\n", "\n"] 
+    @gem_locks = @eol_representations.inject({}) {|h, eol| 
+      h[eol] = "    paperclip (3.2.1)#    erubis (4.3.1)#     rails (3.2.1.rc2)#    simplecov (1.1)#".gsub('#', eol); h 
+    }
+  end 
+
+  def test_get_version 
+    @gem_locks.each do |eol, gem_lock|      
+      assert_equal "4.3.1", @gem_processor.get_version("erubis", gem_lock), "Couldn't match gemlock with eol: #{eol}}"
+      assert_equal "3.2.1", @gem_processor.get_version("paperclip", gem_lock), "Couldn't match gemlock with eol: #{eol}"
+      assert_equal "3.2.1.rc2", @gem_processor.get_version("rails", gem_lock), "Couldn't match gemlock with eol: #{eol}"  
+      assert_equal "1.1", @gem_processor.get_version("simplecov", gem_lock), "Couldn't match gemlock with eol: #{eol}"
+    end 
+  end 
+
+end