cocoapods-protected-dependencies 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/cocoapods-protected-dependencies.rb +1 -0
- data/lib/cocoapods-protected-dependencies/config.rb +47 -0
- data/lib/cocoapods-protected-dependencies/gem_version.rb +3 -0
- data/lib/cocoapods-protected-dependencies/hook.rb +1 -0
- data/lib/cocoapods-protected-dependencies/hook/resolver.rb +22 -0
- data/lib/cocoapods_plugin.rb +6 -0
- metadata +106 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 8c700906e21cff422cbddf28322ad9dfd4a51ba51b8245d109c4ef4a267fc4bb
|
4
|
+
data.tar.gz: 86e9639391ba85e57a8f5f360eea5e2524b848ac59c629f162e79d0e71ae2e1d
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 3bc397653697bc5df3c398ada0a43ec1422baff3480313ac4e85596fafbddf33a1d05446a13d6135ff33b9eaf3062964600077c5d066a8aee4560a1bfe7242f3
|
7
|
+
data.tar.gz: 8a76d1d2706b375720ea844805590b92b180d563ea341270b14b1db797a1f5cdc3bd68f96ddfc102a7a10e8287230158339663ce15208e6191014857a8a06444
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'cocoapods-protected-dependencies/gem_version'
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'singleton'
|
2
|
+
require 'yaml'
|
3
|
+
|
4
|
+
module CocoapodsProtectedPrivate
|
5
|
+
class Configuration
|
6
|
+
include Singleton
|
7
|
+
attr_accessor :config
|
8
|
+
|
9
|
+
def config
|
10
|
+
@config ||= []
|
11
|
+
end
|
12
|
+
|
13
|
+
def initialize()
|
14
|
+
load_configuration()
|
15
|
+
end
|
16
|
+
|
17
|
+
def load_configuration
|
18
|
+
unless File.file?('protected-specs.yml')
|
19
|
+
Pod::UI.puts "No 'protected-specs.yml' file, make sure you have created one".red
|
20
|
+
return
|
21
|
+
end
|
22
|
+
|
23
|
+
@config = YAML.load(File.read('protected-specs.yml'))
|
24
|
+
end
|
25
|
+
|
26
|
+
def filter_dependency(pod, specifications)
|
27
|
+
filtered = specifications.select { |spec| spec_is_valid(pod, spec) }
|
28
|
+
|
29
|
+
Pod::UI.puts "Dependency #{pod} is not allowed".red if filtered.empty?
|
30
|
+
|
31
|
+
return filtered
|
32
|
+
end
|
33
|
+
|
34
|
+
def spec_is_valid(pod, spec)
|
35
|
+
# Allow external dependencies (using :git or :path), which create a local podspec
|
36
|
+
return true if !spec.defined_in_file.nil? && spec.defined_in_file.to_s.include?('/Pods/Local Podspecs')
|
37
|
+
|
38
|
+
config.each { |repo|
|
39
|
+
next unless repo['source'] == spec.spec_source.url
|
40
|
+
|
41
|
+
return true if !repo['lib'].nil? && repo['lib'].include?(pod)
|
42
|
+
return true if !repo['regex'].nil? && pod.match(Regexp.new repo['regex'])
|
43
|
+
}
|
44
|
+
return false
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'cocoapods-protected-dependencies/hook/resolver'
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'cocoapods-protected-dependencies/config'
|
2
|
+
|
3
|
+
module Pod
|
4
|
+
class Resolver
|
5
|
+
attr_accessor :cached_specifications
|
6
|
+
|
7
|
+
def cached_specifications
|
8
|
+
@cached_specifications ||= {}
|
9
|
+
end
|
10
|
+
|
11
|
+
alias original_search_for search_for
|
12
|
+
## Filter specifications
|
13
|
+
def search_for(dependency)
|
14
|
+
specifications = original_search_for(dependency)
|
15
|
+
|
16
|
+
if cached_specifications[dependency.name].nil?
|
17
|
+
cached_specifications[dependency.name] = CocoapodsProtectedPrivate::Configuration.instance.filter_dependency(dependency.root_name, specifications)
|
18
|
+
end
|
19
|
+
cached_specifications[dependency.name]
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
metadata
ADDED
@@ -0,0 +1,106 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cocoapods-protected-dependencies
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- itay
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2021-02-16 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: cocoapods-core
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.8'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.8'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: cocoapods
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.8'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.8'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: bundler
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.3'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '12.3'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '12.3'
|
69
|
+
description: CocoaPods is vulnerable to duplicated Pods in Private and Public repos,
|
70
|
+
this plugin provides a way to prevent a dependency from using a different source
|
71
|
+
email:
|
72
|
+
- itay@itaysoft.com
|
73
|
+
executables: []
|
74
|
+
extensions: []
|
75
|
+
extra_rdoc_files: []
|
76
|
+
files:
|
77
|
+
- lib/cocoapods-protected-dependencies.rb
|
78
|
+
- lib/cocoapods-protected-dependencies/config.rb
|
79
|
+
- lib/cocoapods-protected-dependencies/gem_version.rb
|
80
|
+
- lib/cocoapods-protected-dependencies/hook.rb
|
81
|
+
- lib/cocoapods-protected-dependencies/hook/resolver.rb
|
82
|
+
- lib/cocoapods_plugin.rb
|
83
|
+
homepage: https://github.com/itaybre/cocoapods-protected-dependencies
|
84
|
+
licenses:
|
85
|
+
- MIT
|
86
|
+
metadata: {}
|
87
|
+
post_install_message:
|
88
|
+
rdoc_options: []
|
89
|
+
require_paths:
|
90
|
+
- lib
|
91
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - ">="
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '0'
|
96
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
97
|
+
requirements:
|
98
|
+
- - ">="
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: '0'
|
101
|
+
requirements: []
|
102
|
+
rubygems_version: 3.0.8
|
103
|
+
signing_key:
|
104
|
+
specification_version: 4
|
105
|
+
summary: Protect your project from being vulnerable to Dependency Confusion
|
106
|
+
test_files: []
|