From 5a4dd31ba7b15aeae714091d8e25eaf555f38984 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Fri, 10 May 2013 19:45:31 +0200
Subject: [PATCH] more rspecs #179

---
 lib/common/version_compare.rb              |  15 ++-
 spec/lib/common/version_compare_spec.rb    | 109 +++++++++++++++++++++
 spec/shared_examples/wp_item_vulnerable.rb |  12 ++-
 3 files changed, 131 insertions(+), 5 deletions(-)
 create mode 100644 spec/lib/common/version_compare_spec.rb

diff --git a/lib/common/version_compare.rb b/lib/common/version_compare.rb
index 0e1de16d..fc4e322f 100644
--- a/lib/common/version_compare.rb
+++ b/lib/common/version_compare.rb
@@ -9,7 +9,18 @@ class VersionCompare
   # @param [ String ] version2
   #
   # @return [ Boolean ]
-	def self.is_newer_or_same?(version1, version2)
-		(version1 == version2) || (Gem::Version.new(version1) < Gem::Version.new(version2))
+  def self.is_newer_or_same?(version1, version2)
+    return true if (version1 == version2)
+    # Both versions must be set
+    return false unless (version1 and version2)
+    return false if (version1.empty? or version2.empty?)
+    begin
+      return true if (Gem::Version.new(version1) < Gem::Version.new(version2))
+    rescue ArgumentError => e
+      # Example: ArgumentError: Malformed version number string a
+      return false if e.message =~ /Malformed version number string/
+      raise
+    end
+    return false
 	end
 end
diff --git a/spec/lib/common/version_compare_spec.rb b/spec/lib/common/version_compare_spec.rb
new file mode 100644
index 00000000..7cf7966b
--- /dev/null
+++ b/spec/lib/common/version_compare_spec.rb
@@ -0,0 +1,109 @@
+# encoding: UTF-8
+
+require 'spec_helper'
+
+describe 'VersionCompare' do
+  describe '::is_newer_or_same?' do
+    context 'version checked is newer' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_true }
+
+      it 'should return true' do
+        @version1 = '1.0'
+        @version2 = '2.0'
+      end
+
+      it 'should return true' do
+        @version1 = '1.0'
+        @version2 = '1.1'
+      end
+
+      it 'should return true' do
+        @version1 = '1.0a'
+        @version2 = '1.0b'
+      end
+
+      it 'should return true' do
+        @version1 = '1.0'
+        @version2 = '5000000'
+      end
+
+      it 'should return true' do
+        @version1 = '0'
+        @version2 = '1'
+      end
+    end
+
+    context 'version checked is older' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_false }
+
+      it 'should return false' do
+        @version1 = '1'
+        @version2 = '0'
+      end
+
+      it 'should return false' do
+        @version1 = '1.0'
+        @version2 = '0.5'
+      end
+
+      it 'should return false' do
+        @version1 = '500000'
+        @version2 = '1'
+      end
+
+      it 'should return false' do
+        @version1 = '1.6.3.7.3.4'
+        @version2 = '1.2.4.567.679.8.e'
+      end
+    end
+
+    context 'version checked is the same' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_true }
+
+      it 'should return true' do
+        @version1 = '1'
+        @version2 = '1'
+      end
+
+      it 'should return true' do
+        @version1 = 'a'
+        @version2 = 'a'
+      end
+
+    end
+
+    context 'version number causes Gem::Version new Exception' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_false }
+
+      it 'should return false' do
+        @version1 = 'a'
+        @version2 = 'b'
+      end
+    end
+
+    context 'one version number is not set' do
+      after { VersionCompare::is_newer_or_same?(@version1, @version2).should be_false }
+
+      it 'should return false (version2 nil)' do
+        @version1 = '1'
+        @version2 = nil
+      end
+
+      it 'should return false (version1 nil)' do
+        @version1 = nil
+        @version2 = '1'
+      end
+
+      it 'should return false (version2 empty)' do
+        @version1 = '1'
+        @version2 = ''
+      end
+
+      it 'should return false (version1 empty)' do
+        @version1 = ''
+        @version2 = '1'
+      end
+    end
+
+  end
+end
diff --git a/spec/shared_examples/wp_item_vulnerable.rb b/spec/shared_examples/wp_item_vulnerable.rb
index cd6640ef..5c25fd44 100644
--- a/spec/shared_examples/wp_item_vulnerable.rb
+++ b/spec/shared_examples/wp_item_vulnerable.rb
@@ -46,6 +46,7 @@ shared_examples 'WpItem::Vulnerable' do
     let(:newer) { Vulnerability.new('Newer', 'XSS', ['ref'], nil, version_newer) }
     let(:older) { Vulnerability.new('Older', 'XSS', ['ref'], nil, version_older) }
     let(:same) { Vulnerability.new('Same', 'XSS', ['ref'], nil, version_orig) }
+    let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', ['ref'], nil, nil) }
 
     before do
       stub_request(:get, /.*\/readme\.txt/i).to_return(status: 200, body: "Stable Tag: #{version_orig}")
@@ -53,20 +54,25 @@ shared_examples 'WpItem::Vulnerable' do
     end
 
     context 'check basic version comparing' do
-      it 'should return true' do
+      it 'should return true because checked version is newer' do
         subject.version.should == version_orig
         subject.vulnerable_to?(newer).should be_true
       end
 
-      it 'should return false' do
+      it 'should return false because checked version is older' do
         subject.version.should == version_orig
         subject.vulnerable_to?(older).should be_false
       end
 
-      it 'should return false' do
+      it 'should return false because checked version is the fixed version' do
         subject.version.should == version_orig
         subject.vulnerable_to?(same).should be_false
       end
+
+      it 'should return true because no fixed_in version is provided' do
+        subject.version.should == version_orig
+        subject.vulnerable_to?(no_fixed_info).should be_true
+      end
     end
 
     context 'no version found in wp_item' do