Merge branch '35629-upgrade-python' into 'master'v2.3.0

Upgrade python from 3.5 to 3.8 See merge request gitlab-org/security-products/license-management!101
author: Can Eldem <celdem@gitlab.com> 2020-01-09 11:26:40 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-01-09 11:26:40 +0000
commit: f16af48f9b7cf99e8d1cdb1e44dad9aad3a090b6 (patch)
tree: 3944b2eade680f90739f2f3805dfec1a7bb1a360 /spec/integration
parent: d51e4d90b3e7dbfc5b0a9ec90f37baf84dc105d0 (diff)
parent: d89872f850332736eb174f2b0ab28692fda6bf46 (diff)
2 files changed, 135 insertions, 0 deletions
diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb
new file mode 100644
index 0000000..5ff5f60
--- /dev/null
+++ b/spec/integration/python/pip_spec.rb
@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+RSpec.describe "pip" do
+  context "when a project depends on the latest version of pip" do
+    let(:requirements) { "sentry-sdk>=0.7.7" }
+
+    it 'produces a valid report' do
+      runner.add_file('requirements.txt', requirements)
+
+      report = runner.scan
+
+      expect(report).not_to be_empty
+      expect(report[:version]).to start_with('2')
+      expect(report[:dependencies].map { |x| x[:name] }).to include("sentry-sdk")
+      expect(report[:dependencies].find { |x| x[:name] == 'sentry-sdk' }[:licenses]).to match_array(["BSD-4-Clause"])
+    end
+  end
+
+  context "when the project has a dependency that depends on a minimum of python 3.6" do
+    let(:requirements) do
+      [
+        'boto3',
+        'aws-lambda-context>=1.0.0',
+        'jsonschema>=3.0.0',
+        'python-json-logger>=0.1.10',
+        'sentry-sdk>=0.7.7',
+        'https://s3-eu-west-1.amazonaws.com/new10-pypi/new10-logging-1.1.4.tar.gz',
+        'ptvsd',
+        'pylint',
+        'flake8',
+        'bandit',
+        'pydocstyle'
+      ].join("\n")
+    end
+
+    it 'produces a valid report' do
+      runner.add_file('requirements.txt', requirements)
+
+      report = runner.scan
+
+      expect(report).not_to be_empty
+      expect(report[:version]).to start_with('2')
+      expect(report[:licenses]).not_to be_empty
+      expect(report[:dependencies]).not_to be_empty
+    end
+  end
+end
diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb
new file mode 100644
index 0000000..179da2a
--- /dev/null
+++ b/spec/integration/ruby/bundler_spec.rb
@@ -0,0 +1,88 @@
+require 'spec_helper'
+
+RSpec.describe "bundler" do
+  context "when the project depends on an older version of ruby specified in a `.ruby-version` file" do
+    it 'installs the required ruby and produces a valid report' do
+      runner.add_file('.ruby-version', 'ruby-2.4.9')
+      runner.add_file('Gemfile') do
+        <<~RAW
+source 'https://rubygems.org'
+
+gem 'saml-kit'
+        RAW
+      end
+
+      report = runner.scan
+      expect(report).not_to be_empty
+      expect(report[:licenses]).not_to be_empty
+      expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit")
+    end
+  end
+
+  context "when a project depends on an older version of bundler" do
+    it 'produces a valid report' do
+      runner.add_file('Gemfile') do
+        <<~RAW
+source 'https://rubygems.org'
+
+gem 'saml-kit'
+        RAW
+      end
+      runner.add_file('Gemfile.lock') do
+        <<~RAW
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (6.0.2.1)
+      activesupport (= 6.0.2.1)
+    activesupport (6.0.2.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.2)
+    builder (3.2.4)
+    concurrent-ruby (1.1.5)
+    i18n (1.7.1)
+      concurrent-ruby (~> 1.0)
+    mini_portile2 (2.4.0)
+    minitest (5.13.0)
+    net-hippie (0.2.7)
+    nokogiri (1.10.7)
+      mini_portile2 (~> 2.4.0)
+    saml-kit (1.1.0)
+      activemodel (>= 4.2.0)
+      net-hippie (~> 0.1)
+      xml-kit (>= 0.3.0, < 1.0.0)
+    thread_safe (0.3.6)
+    tilt (2.0.10)
+    tzinfo (1.2.6)
+      thread_safe (~> 0.1)
+    xml-kit (0.4.0)
+      activemodel (>= 4.2.0)
+      builder (~> 3.2)
+      nokogiri (~> 1.10)
+      tilt (>= 1.4.1)
+      xmldsig (~> 0.6)
+    xmldsig (0.6.6)
+      nokogiri (>= 1.6.8, < 2.0.0)
+    zeitwerk (2.2.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  saml-kit
+
+BUNDLED WITH
+   1.17.3
+        RAW
+      end
+
+      report = runner.scan
+      expect(report).not_to be_empty
+      expect(report[:licenses]).not_to be_empty
+      expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit")
+    end
+  end
+end
author	Can Eldem <celdem@gitlab.com>	2020-01-09 11:26:40 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-01-09 11:26:40 +0000
commit	f16af48f9b7cf99e8d1cdb1e44dad9aad3a090b6 (patch)
tree	3944b2eade680f90739f2f3805dfec1a7bb1a360 /spec/integration
parent	d51e4d90b3e7dbfc5b0a9ec90f37baf84dc105d0 (diff)
parent	d89872f850332736eb174f2b0ab28692fda6bf46 (diff)