Ruby: Add test case for rb/insecure-dependency

hmac · hmac · commit 3d96c5e6dbe3 · 2022-04-01T15:30:07.000+13:00
This tests that we recognise kwargs in hashrocket style:

    gem "foo", "1.2.3", :git =&gt; "..."

as well as the modern style:

    gem "foo", "1.2.3", git: "..."
diff --git a/ruby/ql/test/query-tests/security/cwe-300/Gemfile b/ruby/ql/test/query-tests/security/cwe-300/Gemfile
@@ -43,6 +43,12 @@ gem "jwt", "1.2.3", git: "ftp://github.com/jwt/ruby-jwt" # $result=BAD
 gem "jwt", "1.2.3", git: "ftps://github.com/jwt/ruby-jwt" # GOOD
 gem "jwt", "1.2.3", git: "unknown://github.com/jwt/ruby-jwt" # GOOD
 
+gem "jwt", "1.2.3", :git => "https://github.com/jwt/ruby-jwt" # GOOD
+gem "jwt", "1.2.3", :git => "http://github.com/jwt/ruby-jwt" # $result=BAD
+gem "jwt", "1.2.3", :git => "ftp://github.com/jwt/ruby-jwt" # $result=BAD
+gem "jwt", "1.2.3", :git => "ftps://github.com/jwt/ruby-jwt" # GOOD
+gem "jwt", "1.2.3", :git => "unknown://github.com/jwt/ruby-jwt" # GOOD
+
 gem "jwt", "1.2.3", source: "https://rubygems.org" # GOOD
 gem "jwt", "1.2.3", source: "http://rubygems.org" # $result=BAD
 gem "jwt", "1.2.3", source: "ftp://rubygems.org" # $result=BAD
