From 47f4629e9412bf150bcc830afb75496e4ca9ab88 Mon Sep 17 00:00:00 2001
From: Ed Robinson <edward-robinson@cookpad.com>
Date: Thu, 16 Nov 2017 12:44:17 +0000
Subject: [PATCH] Test the last sorted condition (rather than any) for open
 endedness

---
 gems/actionpack/CVE-2016-2097.yml | 3 ++-
 gems/actionpack/OSVDB-103440.yml  | 2 +-
 spec/gem_example.rb               | 6 ++++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/gems/actionpack/CVE-2016-2097.yml b/gems/actionpack/CVE-2016-2097.yml
index f690db2bc8..e006db05c3 100644
--- a/gems/actionpack/CVE-2016-2097.yml
+++ b/gems/actionpack/CVE-2016-2097.yml
@@ -87,4 +87,5 @@ unaffected_versions:
 
 patched_versions:
   - "~> 3.2.22.2"
-  - "~> 4.1.14, >= 4.1.14.2"
+  - "~> 4.1.14"
+  - ">= 4.1.14.2"
diff --git a/gems/actionpack/OSVDB-103440.yml b/gems/actionpack/OSVDB-103440.yml
index d66c05919e..d675b01a09 100644
--- a/gems/actionpack/OSVDB-103440.yml
+++ b/gems/actionpack/OSVDB-103440.yml
@@ -16,7 +16,7 @@ description: |
 cvss_v2: 5.0
 
 unaffected_versions:
-  - ~> 4.0.0
+  - ">= 4.0.0"
 
 patched_versions:
   - ">= 3.2.17"
diff --git a/spec/gem_example.rb b/spec/gem_example.rb
index cba38465c5..0cd3468e18 100644
--- a/spec/gem_example.rb
+++ b/spec/gem_example.rb
@@ -23,11 +23,13 @@
         unaffected_versions = advisory['unaffected_versions'] || []
         patched_versions    = advisory['patched_versions'] || []
 
-        versions  = unaffected_versions + patched_versions
+        versions = (unaffected_versions + patched_versions).sort_by do |v|
+          Gem::Version.new(v.match(/[0-9.]+\.\d+/)[0])
+        end
 
         # If a gem is unpatched this test makes no sense
         unless patched_versions.none?
-          expect(versions.any? { |version| version.match(/^>=|^>/)}).to be_truthy
+          expect(versions.last.match(/^>=|^>/)).to be_truthy
         end
       end
     end