cocoapods-protected-dependencies 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 8c700906e21cff422cbddf28322ad9dfd4a51ba51b8245d109c4ef4a267fc4bb
4
+ data.tar.gz: 86e9639391ba85e57a8f5f360eea5e2524b848ac59c629f162e79d0e71ae2e1d
5
+ SHA512:
6
+ metadata.gz: 3bc397653697bc5df3c398ada0a43ec1422baff3480313ac4e85596fafbddf33a1d05446a13d6135ff33b9eaf3062964600077c5d066a8aee4560a1bfe7242f3
7
+ data.tar.gz: 8a76d1d2706b375720ea844805590b92b180d563ea341270b14b1db797a1f5cdc3bd68f96ddfc102a7a10e8287230158339663ce15208e6191014857a8a06444
@@ -0,0 +1 @@
1
+ require 'cocoapods-protected-dependencies/gem_version'
@@ -0,0 +1,47 @@
1
+ require 'singleton'
2
+ require 'yaml'
3
+
4
+ module CocoapodsProtectedPrivate
5
+ class Configuration
6
+ include Singleton
7
+ attr_accessor :config
8
+
9
+ def config
10
+ @config ||= []
11
+ end
12
+
13
+ def initialize()
14
+ load_configuration()
15
+ end
16
+
17
+ def load_configuration
18
+ unless File.file?('protected-specs.yml')
19
+ Pod::UI.puts "No 'protected-specs.yml' file, make sure you have created one".red
20
+ return
21
+ end
22
+
23
+ @config = YAML.load(File.read('protected-specs.yml'))
24
+ end
25
+
26
+ def filter_dependency(pod, specifications)
27
+ filtered = specifications.select { |spec| spec_is_valid(pod, spec) }
28
+
29
+ Pod::UI.puts "Dependency #{pod} is not allowed".red if filtered.empty?
30
+
31
+ return filtered
32
+ end
33
+
34
+ def spec_is_valid(pod, spec)
35
+ # Allow external dependencies (using :git or :path), which create a local podspec
36
+ return true if !spec.defined_in_file.nil? && spec.defined_in_file.to_s.include?('/Pods/Local Podspecs')
37
+
38
+ config.each { |repo|
39
+ next unless repo['source'] == spec.spec_source.url
40
+
41
+ return true if !repo['lib'].nil? && repo['lib'].include?(pod)
42
+ return true if !repo['regex'].nil? && pod.match(Regexp.new repo['regex'])
43
+ }
44
+ return false
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,3 @@
1
+ module CocoapodsProtectedPrivate
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1 @@
1
+ require 'cocoapods-protected-dependencies/hook/resolver'
@@ -0,0 +1,22 @@
1
+ require 'cocoapods-protected-dependencies/config'
2
+
3
+ module Pod
4
+ class Resolver
5
+ attr_accessor :cached_specifications
6
+
7
+ def cached_specifications
8
+ @cached_specifications ||= {}
9
+ end
10
+
11
+ alias original_search_for search_for
12
+ ## Filter specifications
13
+ def search_for(dependency)
14
+ specifications = original_search_for(dependency)
15
+
16
+ if cached_specifications[dependency.name].nil?
17
+ cached_specifications[dependency.name] = CocoapodsProtectedPrivate::Configuration.instance.filter_dependency(dependency.root_name, specifications)
18
+ end
19
+ cached_specifications[dependency.name]
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,6 @@
1
+ require 'cocoapods'
2
+ require 'cocoapods-core'
3
+ require 'cocoapods-protected-dependencies/hook'
4
+
5
+ module CocoapodsProtectedPrivate
6
+ end
metadata ADDED
@@ -0,0 +1,106 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cocoapods-protected-dependencies
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - itay
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-02-16 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: cocoapods-core
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.8'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.8'
27
+ - !ruby/object:Gem::Dependency
28
+ name: cocoapods
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.8'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.8'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '12.3'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '12.3'
69
+ description: CocoaPods is vulnerable to duplicated Pods in Private and Public repos,
70
+ this plugin provides a way to prevent a dependency from using a different source
71
+ email:
72
+ - itay@itaysoft.com
73
+ executables: []
74
+ extensions: []
75
+ extra_rdoc_files: []
76
+ files:
77
+ - lib/cocoapods-protected-dependencies.rb
78
+ - lib/cocoapods-protected-dependencies/config.rb
79
+ - lib/cocoapods-protected-dependencies/gem_version.rb
80
+ - lib/cocoapods-protected-dependencies/hook.rb
81
+ - lib/cocoapods-protected-dependencies/hook/resolver.rb
82
+ - lib/cocoapods_plugin.rb
83
+ homepage: https://github.com/itaybre/cocoapods-protected-dependencies
84
+ licenses:
85
+ - MIT
86
+ metadata: {}
87
+ post_install_message:
88
+ rdoc_options: []
89
+ require_paths:
90
+ - lib
91
+ required_ruby_version: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ required_rubygems_version: !ruby/object:Gem::Requirement
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ version: '0'
101
+ requirements: []
102
+ rubygems_version: 3.0.8
103
+ signing_key:
104
+ specification_version: 4
105
+ summary: Protect your project from being vulnerable to Dependency Confusion
106
+ test_files: []