archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-25 22:14:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
ruby/spec/bundler/install/security_policy_spec.rb
David Rodríguez 16823d4a05 [rubygems/rubygems] Remove unnecessary assertions on exitstatus 
Since our helpers now raise by default if the subcommand fails, these
will never actually fail and are not necessary.

6153b9321e
2020-07-15 16:05:12 +09:00

72 lines
2.2 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
require "rubygems/security"
# unfortunately, testing signed gems with a provided CA is extremely difficult
# as 'gem cert' is currently the only way to add CAs to the system.
RSpec.describe "policies with unsigned gems" do
before do
build_security_repo
gemfile <<-G
source "#{file_uri_for(security_repo)}"
gem "rack"
gem "signed_gem"
G
end
it "will work after you try to deploy without a lock" do
bundle "install --deployment", :raise_on_error => false
bundle :install
expect(the_bundle).to include_gems "rack 1.0", "signed_gem 1.0"
end
it "will fail when given invalid security policy" do
bundle "install --trust-policy=InvalidPolicyName", :raise_on_error => false
expect(err).to include("RubyGems doesn't know about trust policy")
end
it "will fail with High Security setting due to presence of unsigned gem" do
bundle "install --trust-policy=HighSecurity", :raise_on_error => false
expect(err).to include("security policy didn't allow")
end
it "will fail with Medium Security setting due to presence of unsigned gem" do
bundle "install --trust-policy=MediumSecurity", :raise_on_error => false
expect(err).to include("security policy didn't allow")
end
it "will succeed with no policy" do
bundle "install"
end
end
RSpec.describe "policies with signed gems and no CA" do
before do
build_security_repo
gemfile <<-G
source "#{file_uri_for(security_repo)}"
gem "signed_gem"
G
end
it "will fail with High Security setting, gem is self-signed" do
bundle "install --trust-policy=HighSecurity", :raise_on_error => false
expect(err).to include("security policy didn't allow")
end
it "will fail with Medium Security setting, gem is self-signed" do
bundle "install --trust-policy=MediumSecurity", :raise_on_error => false
expect(err).to include("security policy didn't allow")
end
it "will succeed with Low Security setting, low security accepts self signed gem" do
bundle "install --trust-policy=LowSecurity"
expect(the_bundle).to include_gems "signed_gem 1.0"
end
it "will succeed with no policy" do
bundle "install"
expect(the_bundle).to include_gems "signed_gem 1.0"
end
end
Reference in a new issue View git blame Copy permalink