Log to stderr when we encounter an unsupported vulnerability

Author: dblandin

lib/cc/engine/bundler_audit/analyzer.rb

@@ -4,18 +4,21 @@ module BundlerAudit
       class Analyzer
         GemfileLockNotFound = Class.new(StandardError)
 
-        def initialize(directory:, io: STDOUT)
+        def initialize(directory:, stdout: STDOUT, stderr: STDERR)
           @directory = directory
-          @io = io
+          @stdout = stdout
+          @stderr = stderr
         end
 
         def run
           if gemfile_lock_exists?
             Dir.chdir(directory) do
               Bundler::Audit::Scanner.new.scan do |vulnerability|
-                issue = issue_for_vulerability(vulnerability)
-
-                io.print("#{issue.to_json}\0")
+                if issue = issue_for_vulerability(vulnerability)
+                  stdout.print("#{issue.to_json}\0")
+                else
+                  stderr.print("Unsupported vulnerability: #{vulnerability.class.name}")
+                end
               end
             end
           else
@@ -25,7 +28,7 @@ def run
 
         private
 
-        attr_reader :directory, :io
+        attr_reader :directory, :stdout, :stderr
 
         def issue_for_vulerability(vulnerability)
           case vulnerability

spec/cc/engine/bundler_audit/analyzer_spec.rb

@@ -5,35 +5,51 @@ module CC::Engine::BundlerAudit
     describe "#run" do
       it "raises an error when no Gemfile.lock exists" do
         directory = fixture_directory("no_gemfile_lock")
-        io = StringIO.new
 
-        expect { Analyzer.new(directory: directory, io: io).run }.
+        expect { Analyzer.new(directory: directory).run }.
           to raise_error(Analyzer::GemfileLockNotFound)
       end
 
       it "emits issues for unpatched gems in Gemfile.lock" do
-        io = StringIO.new
         directory = fixture_directory("unpatched_versions")
 
-        issues = analyze_directory(directory, io)
+        issues = analyze_directory(directory)
 
         expect(issues).to eq(expected_issues("unpatched_versions"))
       end
 
       it "emits issues for insecure sources in Gemfile.lock" do
-        io = StringIO.new
         directory = fixture_directory("insecure_source")
 
-        issues = analyze_directory(directory, io)
+        issues = analyze_directory(directory)
 
         expect(issues).to eq(expected_issues("insecure_source"))
       end
 
-      def analyze_directory(directory, io)
-        audit = Analyzer.new(directory: directory, io: io)
+      it "logs to stderr when we encounter an unsupported vulnerability" do
+        directory = fixture_directory("unpatched_versions")
+        stderr = StringIO.new
+
+        stub_vulnerability("UnhandledVulnerability")
+
+        analyze_directory(directory, stderr: stderr)
+
+        expect(stderr.string).to eq("Unsupported vulnerability: UnhandledVulnerability")
+      end
+
+      def analyze_directory(directory, stdout: StringIO.new, stderr: StringIO.new)
+        audit = Analyzer.new(directory: directory, stdout: stdout, stderr: stderr)
         audit.run
 
-        io.string.split("\0").map { |issue| JSON.load(issue) }
+        stdout.string.split("\0").map { |issue| JSON.load(issue) }
+      end
+
+      def stub_vulnerability(name)
+        scanner = double(:scanner)
+        vulnerability = double(:vulnerability, class: double(name: name))
+
+        allow(Bundler::Audit::Scanner).to receive(:new).and_return(scanner)
+        allow(scanner).to receive(:scan).and_yield(vulnerability)
       end
 
       def expected_issues(fixture)