Adds a test to ensure that patched_versions has an open ended upper l… #302
Conversation
spec/gem_example.rb
Outdated
|
|
||
| # If a gem is unpatched this test makes no sense | ||
| unless patched_versions.none? | ||
| expect(versions.any? { |version| version.match(/^>=|^>/)}).to be_truthy |
There was a problem hiding this comment.
There may be advisories where multiple version families were patched. Thus the last version family would probably be >= .... Example:
patched_versions:
- "~> 1.0.1"
- "~> 1.1.5"
- "~> 1.2.9"
- ">= 1.3.0"
I think a better test would be to ensure that the last patched_versions element is always open-ended.
There was a problem hiding this comment.
Good suggestion, I ended up having to sort the versions that the conditions applied to in order to make this work because the order is not consistent...
gems/fog-dragonfly/OSVDB-90647.yml
Outdated
| @@ -14,3 +14,5 @@ description: | | |||
| cvss_v2: 7.5 | |||
| unaffected_versions: | |||
| - "< 0.7.0" | |||
| patched_versions: | |||
| - ">= 0.9.13" | |||
There was a problem hiding this comment.
According to the original advisory, 0.9.14 contains the patch. https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo
|
Hopefully this should do the trick PTAL @postmodern |
errm
force-pushed
the
errm/open-ended-upper-limit
branch
from
47f4629 to
e6bdeb0
Compare
|
Bump ... |
|
LGTM (and would have caught the Rubocop issue above) @postmodern I believe this addresses your concerns. |
…imit
Fixes #285