Have Scanner#initialize raise Bundler::GemfileLockNotFound if no Gemf…

…ile.lock exists. * Catch Bundler::GemfileLockNotFound in Bundler::Audit::CLI#check, print the error message, and exit 1.
rubysec · Dec 18, 2020 · 021f85f · 021f85f
1 parent 71ea5bd
commit 021f85f
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 4 deletions.
diff --git a/lib/bundler/audit/cli.rb b/lib/bundler/audit/cli.rb
@@ -55,7 +55,12 @@ def check(dir=Dir.pwd)
         end
 
         database = Database.new(options[:database])
-        scanner  = Scanner.new(dir,options[:gemfile_lock],database)
+        scanner  = begin
+                     Scanner.new(dir,options[:gemfile_lock],database)
+                   rescue Bundler::GemfileLockNotFound => exception
+                     say exception.message, :red
+                     exit 1
+                   end
         report   = scanner.report(:ignore => options.ignore)
 
         output = if options[:output] then File.new(options[:output],'w')

diff --git a/lib/bundler/audit/scanner.rb b/lib/bundler/audit/scanner.rb
@@ -63,12 +63,21 @@ class Scanner
       # @param [Database] database
       #   The database to scan against.
       #
+      # @raise [Bundler::GemfileLockNotFound]
+      #   The `gemfile_lock` file could not be found within the `root`
+      #   directory.
+      #
       def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock',database=Database.new,config_dot_file='.bundler-audit.yml')
         @root     = File.expand_path(root)
         @database = database
-        @lockfile = LockfileParser.new(
-          File.read(File.join(@root,gemfile_lock))
-        )
+
+        gemfile_lock_path = File.join(@root,gemfile_lock)
+
+        unless File.file?(gemfile_lock_path)
+          raise(Bundler::GemfileLockNotFound,"Could not find #{gemfile_lock.inspect} in #{@root.inspect}")
+        end
+
+        @lockfile = LockfileParser.new(File.read(gemfile_lock_path))
 
         config_dot_file_full_path = File.join(@root,config_dot_file)
 

diff --git a/spec/integration_spec.rb b/spec/integration_spec.rb
@@ -79,6 +79,23 @@
     end
   end
 
+  context "when auditing a non-existent Gemfile.lock file" do
+    let(:bundle)    { 'secure' }
+    let(:directory) { File.join('spec','bundle',bundle) }
+    let(:root)      { File.expand_path(directory) }
+
+    let(:gemfile_lock) { 'Gemfile.foo.lock' }
+    let(:command) { "#{super()} --gemfile-lock #{gemfile_lock}" }
+
+    subject do
+      Dir.chdir(directory) { sh(command, :fail => true) }
+    end
+
+    it "should print an error message" do
+      expect(subject.strip).to eq("Could not find #{gemfile_lock.inspect} in #{root.inspect}")
+    end
+  end
+
   describe "update" do
 
     let(:update_command) { "#{command} update" }