Merge pull request #34 from mikesaelim/cleanup-database

leanne73 · web-flow · commit 603312d7cf38 · 2024-05-17T18:33:59.000-05:00
Remove check for stale database that is no longer effective
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Removed
+
+* [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
+Removed check for stale database that no longer does anything
+
 ### Fixed
 
 * [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
diff --git a/README.md b/README.md
@@ -57,9 +57,12 @@ $ ruby-audit check -n
 
 After checking out the repo, run `bin/setup` to install dependencies.
 You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
-submodule used for testing. Then, run `rake spec` to run the tests.
+submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
 You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
+The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.
+By default, the database used for actual vulnerability checks is stored at `~/.local/share/ruby-advisory-db`.
+
 To install this gem onto your local machine, run `bundle exec rake install`.
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
diff --git a/lib/ruby_audit/cli.rb b/lib/ruby_audit/cli.rb
@@ -12,8 +12,6 @@ class CLI < ::Thor
     def check
       update unless options[:no_update]
 
-      check_for_stale_database
-
       scanner = Scanner.new
       vulnerable = false
 
@@ -30,7 +28,6 @@ def check
       end
     end
 
-    # Copied from bundler-audit master. Not present in 0.4.0.
     desc 'update', 'Updates the ruby-advisory-db'
     def update
       say 'Updating ruby-advisory-db ...'
@@ -45,14 +42,16 @@ def update
         say 'Skipping update', :yellow
       end
 
-      puts "ruby-advisory-db: #{Database.new.size} advisories"
+      database = Database.new
+      puts "ruby-advisory-db: #{database.size} advisories, " \
+           "last updated #{database.last_updated_at.utc}"
     end
 
     desc 'version', 'Prints the ruby-audit version'
     def version
       database = Database.new
-      puts "#{File.basename($PROGRAM_NAME)} #{VERSION} "\
-           "(advisories: #{database.size})"
+      puts "#{File.basename($PROGRAM_NAME)} #{VERSION} " \
+           "(advisories: #{database.size}, last updated: #{database.last_updated_at.utc})"
     end
 
     private
@@ -122,16 +121,5 @@ def print_advisory(gem, advisory)
     # rubocop:enable Metrics/MethodLength
     # rubocop:enable Metrics/CyclomaticComplexity
     # rubocop:enable Metrics/AbcSize
-
-    def check_for_stale_database
-      database = Database.new
-      return unless database.size == 89
-
-      # bundler-audit 0.4.0 comes bundled with an old verison of
-      # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
-      # or RubyGems. If #size == 89, the database has never been updated.
-      say 'The database must be updated before using RubyAudit', :red
-      exit 1
-    end
   end
 end
diff --git a/spec/cli_spec.rb b/spec/cli_spec.rb
