cocoapods-whitelist 0.0.10 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b5e6eca5022d389d3b4365d67027985c72e8a5e5
-  data.tar.gz: 6c81391a25a039e470609b4f9c5dbbaf82fa325d
+SHA256:
+  metadata.gz: 8db09e9db31c86562ece1491930f2adccc7ed6db5297f63bfbfdfa59ec0eccbb
+  data.tar.gz: 5df5e48ef9a8a3ed4e5bb870639cd91ed6e26d2c45409eb5ae83e47bfbdcb3a4
 SHA512:
-  metadata.gz: 22e7d9d0427233fb8f3685422f6ba6839beed969c9de482bb98de6c77ba28cb29ef2f6338fedc8a185642bb6e3e01ce55aefee7c5570bdf4c5c21c4ef88c29e1
-  data.tar.gz: 00c0638eca55e951f4c31820003dd9d2adf75c300a866410e318229c18eef047952289bfeb6b51f6487e793fff0d498d44e43dab39a2324bd2dec72f69a28e5e
+  metadata.gz: caa0386ed5f8cfd44e1fadbce177bcdd941eb144b62a9bf4f772a38895e18c98fe6443b8bf116ae007fc97263313521000849256852c5d2ff902d7fc7be71443
+  data.tar.gz: 4547337346ebf721b9814d740772a0a12ba3a86fb75fd461c43293c77a1f29cd103909e66d446fc99412c24e1b854b7c80d07eecfc4b235adc20574923574b03

data/.circleci/config.yml

@@ -0,0 +1,30 @@
+version: 2
+jobs:
+  build:
+    docker:
+       - image: circleci/ruby:2.4.4-node
+         environment:
+           BUNDLER_VERSION: 2.0.2
+    resource_class: small
+    steps:
+      - checkout
+      - add_ssh_keys
+      - run:
+          name: Update Bundler
+          command: |
+            sudo gem update --system
+            sudo gem uninstall bundler
+            sudo rm /usr/local/bin/bundle
+            sudo rm /usr/local/bin/bundler
+            sudo gem install bundler
+      - run:
+          name: Run Build
+          command: |
+            bundle install --quiet --without static-dependencies 
+            gem build cocoapods-whitelist.gemspec --silent -q --backtrace
+            gem install *.gem --silent -q --backtrace
+            rm -rf *.gem
+            rm -rf Gemfile.lock
+      - run:
+          name: Run Tests
+          command: rake

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 0.2.1
+### Changed
+- Improve dependency injection message to inform the local source is being used.
+
+## 0.2.0
+### Changed
+- Avoid using whitelist to validate dependencies source
+
+## 0.1.0
+- Dependency Confusion validation implementation
+
+## 0.0.11
+- Enhancing dependencies linter by checking not only name but also version
+- Enabling CI
+
+## 0.0.10
+- Revert 0.0.8 validation rule
+
 ## 0.0.9
 - Revert 0.0.8 validation rule
 

data/Gemfile.lock

@@ -1,30 +1,34 @@
 PATH
   remote: .
   specs:
-    cocoapods-whitelist (0.0.9)
+    cocoapods-whitelist (0.2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.0)
-    activesupport (4.2.11.1)
-      i18n (~> 0.7)
+    CFPropertyList (3.0.3)
+    activesupport (5.2.4.5)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    algoliasearch (1.27.5)
+      httpclient (~> 2.8, >= 2.8.3)
+      json (>= 1.5.1)
     atomos (0.1.3)
     bacon (1.2.0)
-    claide (1.0.2)
-    cocoapods (1.7.3)
-      activesupport (>= 4.0.2, < 5)
+    claide (1.0.3)
+    cocoapods (1.10.1)
+      addressable (~> 2.6)
       claide (>= 1.0.2, < 2.0)
-      cocoapods-core (= 1.7.3)
+      cocoapods-core (= 1.10.1)
       cocoapods-deintegrate (>= 1.0.3, < 2.0)
-      cocoapods-downloader (>= 1.2.2, < 2.0)
+      cocoapods-downloader (>= 1.4.0, < 2.0)
       cocoapods-plugins (>= 1.0.0, < 2.0)
       cocoapods-search (>= 1.0.0, < 2.0)
-      cocoapods-stats (>= 1.0.0, < 2.0)
-      cocoapods-trunk (>= 1.3.1, < 2.0)
+      cocoapods-trunk (>= 1.4.0, < 2.0)
       cocoapods-try (>= 1.1.0, < 2.0)
       colored2 (~> 3.1)
       escape (~> 0.0.4)
@@ -33,52 +37,63 @@ GEM
       molinillo (~> 0.6.6)
       nap (~> 1.0)
       ruby-macho (~> 1.4)
-      xcodeproj (>= 1.10.0, < 2.0)
-    cocoapods-core (1.7.3)
-      activesupport (>= 4.0.2, < 6)
+      xcodeproj (>= 1.19.0, < 2.0)
+    cocoapods-core (1.10.1)
+      activesupport (> 5.0, < 6)
+      addressable (~> 2.6)
+      algoliasearch (~> 1.0)
+      concurrent-ruby (~> 1.1)
       fuzzy_match (~> 2.0.4)
       nap (~> 1.0)
+      netrc (~> 0.11)
+      public_suffix
+      typhoeus (~> 1.0)
     cocoapods-deintegrate (1.0.4)
-    cocoapods-downloader (1.2.2)
+    cocoapods-downloader (1.4.0)
     cocoapods-plugins (1.0.0)
       nap
     cocoapods-search (1.0.0)
-    cocoapods-stats (1.1.0)
-    cocoapods-trunk (1.3.1)
+    cocoapods-trunk (1.5.0)
       nap (>= 0.8, < 2.0)
       netrc (~> 0.11)
-    cocoapods-try (1.1.0)
+    cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.8)
     escape (0.0.4)
+    ethon (0.12.0)
+      ffi (>= 1.3.0)
+    ffi (1.14.2)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
-    i18n (0.9.5)
+    httpclient (2.8.3)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
-    metaclass (0.0.4)
-    minitest (5.11.3)
-    mocha (1.9.0)
-      metaclass (~> 0.0.1)
+    json (2.5.1)
+    minitest (5.14.4)
+    mocha (1.12.0)
     mocha-on-bacon (0.2.3)
       mocha (>= 0.13.0)
     molinillo (0.6.6)
-    nanaimo (0.2.6)
+    nanaimo (0.3.0)
     nap (1.1.0)
     netrc (0.11.0)
     prettybacon (0.0.2)
       bacon (~> 1.2)
-    rake (12.3.2)
+    public_suffix (4.0.6)
+    rake (12.3.3)
     ruby-macho (1.4.0)
     thread_safe (0.3.6)
-    tzinfo (1.2.5)
+    typhoeus (1.4.0)
+      ethon (>= 0.9.0)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
-    xcodeproj (1.10.0)
+    xcodeproj (1.19.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.2.6)
+      nanaimo (~> 0.3.0)
 
 PLATFORMS
   ruby
@@ -94,4 +109,4 @@ DEPENDENCIES
   rake (~> 12.0)
 
 BUNDLED WITH
-   2.0.1
+   2.1.4

data/lib/cocoapods-whitelist/client/whitelist_resolver.rb

@@ -0,0 +1,46 @@
+require 'singleton'
+require 'cocoapods-whitelist/model/allowed_dependency'
+
+class WhitelistResolver
+    include Singleton
+    attr_accessor :whitelist
+    attr_accessor :whitelist_loaded
+    attr_accessor :whitelist_url
+
+    def config 
+        @whitelist ||= []
+    end 
+
+    def initialize()
+        @whitelist_url = DEFAULT_WHITELIST_URL
+        load_whitelist()
+    end
+
+    def get_whitelist(whitelist_url = DEFAULT_WHITELIST_URL)
+        @whitelist_loaded = @whitelist_url == whitelist_url
+        @whitelist_url = whitelist_url
+
+        load_whitelist() unless @whitelist_loaded
+        return @whitelist
+    end
+
+    def load_whitelist
+        begin
+            open(@whitelist_url) { |io|
+                buffer = io.read
+                @whitelist = parse_whitelist(buffer)
+                @whitelist_loaded = true
+            }
+        rescue OpenURI::HTTPError => e
+            status = e.io.status.join(' ')
+            raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
+        end
+    end
+
+    def parse_whitelist(raw_whitelist)
+        json = JSON.parse(raw_whitelist)
+        return json["whitelist"].map { |dependencyJson|
+            AllowedDependency.new(dependencyJson["name"], dependencyJson["version"], dependencyJson["expire"], dependencyJson["source"], dependencyJson["target"])
+        }
+    end
+end

data/lib/cocoapods-whitelist/command/whitelist.rb

@@ -1,26 +1,10 @@
 require 'open-uri'
+require_relative '../client/whitelist_resolver'
 
+POD_NAME_REGEX = /^([^\/]+)(?:\/.*)*$/
+POD_BASE_REGEX_POSITION = 0
 DEFAULT_WHITELIST_URL = "https://raw.githubusercontent.com/mercadolibre/mobile-dependencies_whitelist/master/ios-whitelist.json"
 
-class AllowedDependency
-  attr_accessor :name
-  attr_accessor :version
-  attr_accessor :expire
-  def initialize(name, version, expire)
-    @name = name
-    @version = version
-    @expire = expire
- end
-
- def expire?
-   if @expire != nil
-     expire = DateTime.parse(@expire,"%Y-%m-%d")
-     return expire < DateTime.now
-   end
-   return false
- end
-end
-
 module Pod
   class Command
     class Whitelist < Command
@@ -57,7 +41,7 @@ module Pod
 
       def run
         prepare_outfile
-        whitelist = get_whitelist
+        whitelist = WhitelistResolver.instance.get_whitelist(@whitelist_url)
         specifications = get_podspec_specifications
 
         if specifications.empty?
@@ -93,19 +77,25 @@ module Pod
           # Skip subspec dependency
           next if parentName && name.start_with?("#{parentName}/")
 
+          if versions.length != 1
+            not_allowed.push("#{name} (#{versions.join(", ")}) Reason: A specific version must be defined for every dependency (just one). " +
+            "Suggestion: find this dependency in your Podspec and add the version listed in the whitelist.")
+            next
+          end
+
           allowedDependency = whitelist.select { |item|
-            /#{item.name}/ =~ name && (versions.empty? || !item.version || versions.grep(/#{item.version}/).any?)
+            name.start_with?(item.name.match(POD_NAME_REGEX).captures[POD_BASE_REGEX_POSITION]) && (!item.version || versions.grep(/#{item.version}/).any?) && (item.target == 'production')
           }
 
           # Checks if any of the allowed dependencies are expired, if so, fail with error
           allowedDependency.each { |dependency|
             if dependency.expire?
-              not_allowed.push("#{name} (Expired)")
+              not_allowed.push("#{name} Reason: Expired version. Please check the whitelist.")
             end
           }
 
           if allowedDependency.empty?
-            not_allowed.push("#{name} (#{versions.join(", ")})")
+            not_allowed.push("#{name} (#{versions.join(", ")}) Reason: Specified version hasn't match any whitelisted version or Pod name is not valid")
             next
           end
         end
@@ -127,25 +117,6 @@ module Pod
         end
       end
 
-      def get_whitelist
-        begin
-          open(@whitelist_url) { |io|
-            buffer = io.read
-            parse_whitelist(buffer)
-          }
-        rescue OpenURI::HTTPError => e
-          status = e.io.status.join(' ')
-          raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
-        end
-      end
-
-      def parse_whitelist(raw_whitelist)
-        json = JSON.parse(raw_whitelist)
-        return json["whitelist"].map { |dependencyJson|
-          AllowedDependency.new(dependencyJson["name"], dependencyJson["version"], dependencyJson["expire"])
-        }
-      end
-
       def get_podspec_specifications
         if @pospec_path
           return [Pod::Specification.from_file(@pospec_path)]

data/lib/cocoapods-whitelist/gem_version.rb

@@ -1,3 +1,3 @@
 module CocoapodsWhitelist
-  VERSION = "0.0.10"
+  VERSION = "0.2.1"
 end

data/lib/cocoapods-whitelist/helpers/source_helper.rb

@@ -0,0 +1,29 @@
+require_relative '../model/sources'
+require 'singleton'
+
+# In charge of host the Pods names that comes from our private sources
+#
+# NOTE: The safest way to handle this was to host the complete specification and not only the pods 
+#       names as rubydocs specified
+#       (https://www.rubydoc.info/github/CocoaPods/Core/Pod/Source#all_specs-instance_method)
+#        However, the execution time was considerably slower. 
+#
+class SourceHelper
+    include Singleton
+    attr_accessor :specs
+
+    def initialize()
+        @specs ||= []
+    end
+
+    def setup(sources, private_sources)      
+        private_sources = sources.select {|s| private_sources.include? s.url}
+        private_sources.each do |s| 
+            @specs.concat s.pods
+        end
+    end
+
+    def is_filled
+        return !@specs.empty?
+    end
+end

data/lib/cocoapods-whitelist/hook/resolver.rb

@@ -0,0 +1,44 @@
+require_relative '../validator/source_validator'
+require_relative '../helpers/source_helper'
+require_relative '../model/sources'
+
+module Pod
+    class Resolver
+        alias original_search_for search_for
+        ## Filter specifications
+        def search_for(dependency)
+            ## If you have a dependency problem, then no specification is returned from :search_for
+            specifications = original_search_for(dependency)
+
+            valid_specifications = validate_dependency(dependency, specifications)
+
+            ## If we have removed some specifications due to dependency injection, inform the user once.
+            if valid_specifications.size != specifications.size and !informed_di_set.include?(dependency.root_name)
+                Pod::UI.puts "WARNING: More than 1 specification for dependency #{dependency.root_name} was found. Using private source.".yellow
+                informed_di_set.add(dependency.root_name)
+            end
+
+            valid_specifications
+        end
+
+        private
+
+        # Returns the valids specifications for a given dependency
+        # Params:
+        # +dependency+:: dependency to be validated
+        # +specifications+:: potencial unsecure specs
+        # @returns the result of the validation
+        def validate_dependency(dependency, specifications)
+            private_sources = get_private_sources()
+            SourceHelper.instance.setup(sources, private_sources) unless SourceHelper.instance.is_filled
+            validator = SourceValidator.new(SourceHelper.instance.specs, private_sources)
+            return validator.filter_dependency(dependency.root_name, specifications)
+        end
+
+        # A set where we save the dependencies which already informed of a dependency injection.
+        # @returns a set of dependency_name
+        def informed_di_set
+            @invalid_specifications_set ||= Set.new
+        end
+    end
+end

data/lib/cocoapods-whitelist/hook.rb

@@ -0,0 +1 @@
+require 'cocoapods-whitelist/hook/resolver'

data/lib/cocoapods-whitelist/model/allowed_dependency.rb

@@ -0,0 +1,23 @@
+class AllowedDependency
+    attr_accessor :name
+    attr_accessor :version
+    attr_accessor :expire
+    attr_accessor :source
+    attr_accessor :target
+
+    def initialize(name, version, expire, source, target)
+      @name = name
+      @version = version
+      @expire = expire
+      @source = source
+      @target = target
+    end
+  
+    def expire?
+      if @expire != nil
+        expire = DateTime.parse(@expire,"%Y-%m-%d")
+        return expire < DateTime.now
+      end
+      return false
+    end
+end

data/lib/cocoapods-whitelist/model/sources.rb

@@ -0,0 +1,3 @@
+def get_private_sources
+    [ "git@github.com:mercadolibre/mobile-ios_specs.git" ] 
+end

data/lib/cocoapods-whitelist/validator/source_validator.rb

@@ -0,0 +1,33 @@
+require 'singleton'
+
+class SourceValidator
+    attr_accessor :private_specs
+    attr_accessor :private_sources
+    def initialize(private_specs, private_sources)
+        @private_specs = private_specs
+        @private_sources = private_sources
+    end
+
+    # Filters the valids specifications for a given pod
+    # Params:
+    # +pod+:: podname to be validated
+    # +specifications+:: potencial unsecure specs
+    # @returs valid specs
+    def filter_dependency(pod, specifications)
+        return specifications.select { |spec| spec_is_valid(pod, spec) }  
+    end
+
+    def spec_is_valid(pod, spec)
+        # Allow external dependencies (using :git or :path), which create a local podspec
+        return true if !spec.defined_in_file.nil? && spec.defined_in_file.to_s.include?('/Pods/Local Podspecs')
+        
+        # Allow every dependency that comes from our privates sources
+        return true if @private_sources.include? spec.spec_source.url
+
+        # NO dependency that comes from a public source should be in our private specs
+        return true if !@private_specs.include? spec.name
+
+        return false
+    end
+
+end

data/lib/cocoapods_plugin.rb

@@ -1,4 +1,5 @@
 require 'cocoapods-whitelist/command'
+require 'cocoapods-whitelist/hook'
 
 module Whitelist
   Pod::HooksManager.register('cocoapods-whitelist', :pre_install) do |context, options|

data/spec/mocks/whitelist.json

@@ -2,18 +2,37 @@
 	"whitelist": [
 		{
 			"name": "MeliSDK",
-			"version": "^~>5.[0-9]+$"
-		}, {
+			"version": "^~>5.[0-9]+$",
+			"target": "production"
+		},
+		{
 			"name": "MLRecommendations",
-			"version": null
-		}, {
-		 "name": "MLBilling",
-		 "version": null,
-		 "expire" : "2100-11-15"
-	 }, {
-		"name": "MLOnDemandResources",
-		"version": "^~>5.[0-9]+$",
-		"expire" : "2016-11-15"
+			"version": null,
+			"target": "production"
+		},
+		{
+			"expire": "2100-11-15",
+			"name": "MLBilling",
+			"version": null,
+			"target": "production"
+		},
+		{
+			"expire": "2016-11-15",
+			"name": "MLOnDemandResources",
+			"version": "^~>5.[0-9]+$",
+			"source": "public",
+			"target": "production"
+		},
+		{
+			"name": "MLMyPod",
+			"version": "^~>1.[0-9]+$",
+			"source": "public",
+			"target": "production"
+		},
+		{
+			"name": "MLMyDependency",
+			"version": "1.0.0|2.0.0",
+			"target": "production"
 		}
 	]
 }

data/spec/mocks/whitelisted_podname.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+    s.name         = "MLMyPod"
+    s.version      = "1.17.0"
+    s.summary      = "Componente de search"
+    s.homepage     = "http://www.mercadolibre.com.ar"
+    s.license      = "none"
+    s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+    s.platform     = :ios, "7.0"
+    s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+    s.requires_arc = true
+  
+  end
+  

data/spec/mocks/with_allowed_subspec.podspec

@@ -0,0 +1,18 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+
+  s.subspec "Suggestion" do |suggestion|
+    suggestion.resource = "LibraryComponents/Suggestions/assets/*.*", "LibraryComponents/Suggestions/classes/*.xib"
+    suggestion.source_files = "LibraryComponents/Suggestions/classes/*.{h,m,c}"
+    suggestion.dependency "MeliSDK/Error", "~>5.0"
+  end
+
+end

data/spec/mocks/with_more_than_one_version_in_subspec.podspec

@@ -0,0 +1,19 @@
+
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+
+  s.subspec "Suggestion" do |suggestion|
+    suggestion.resource = "LibraryComponents/Suggestions/assets/*.*", "LibraryComponents/Suggestions/classes/*.xib"
+    suggestion.source_files = "LibraryComponents/Suggestions/classes/*.{h,m,c}"
+    suggestion.dependency "MeliSDK", ">5.0", "<6.0"
+  end
+
+end

data/spec/mocks/with_not_allowed_subspec.podspec

@@ -0,0 +1,18 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+
+  s.subspec "Suggestion" do |suggestion|
+    suggestion.resource = "LibraryComponents/Suggestions/assets/*.*", "LibraryComponents/Suggestions/classes/*.xib"
+    suggestion.source_files = "LibraryComponents/Suggestions/classes/*.{h,m,c}"
+    suggestion.dependency "MyMeliSDK/Error", "~>5.0"
+  end
+
+end

data/spec/mocks/with_similar_name_not_allowed.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MercadoPagoSDK', '~>1.0.0'
+
+end

data/spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLMyDependency', '1.0.0'
+
+end

data/spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLMyDependency', '2.0.0'
+
+end

data/spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLMyDependency', '~> 1.0'
+
+end

data/spec/source_helper_spec.rb

@@ -0,0 +1,66 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe SourceHelper do
+    describe 'behaviour' do
+        it 'should group the private specs from the differents private sources' do
+
+            SourceHelper.instance.specs = [] # Avoid a non-empty SourceHelper
+
+            private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git", "git@github.com:testable/testable_specs.git" ]
+            
+            private_meli_specs = ["MyMELIPod1", "MyMELIPod2", "MyMELIPod3"]
+            meli_mock = mock()
+            meli_mock.stubs(:url).returns("git@github.com:mercadolibre/mobile-ios_specs.git")
+            meli_mock.stubs(:pods).returns(private_meli_specs)
+
+            private_cocoapods_cdn_specs = ["MyPublicPod1", "MyPublicPod2", "MyPublicPod2"]
+            cocoapods_cdn_mock = mock()
+            cocoapods_cdn_mock.stubs(:url).returns("https://cdn.cocoapods.org/")
+            cocoapods_cdn_mock.stubs(:pods).returns(private_cocoapods_cdn_specs)
+
+            private_testable_specs = ["MyTestablePod1", "MyTestablePod2", "MyTestablePod2"]
+            testable_mock = mock()
+            testable_mock.stubs(:url).returns("git@github.com:testable/testable_specs.git")
+            testable_mock.stubs(:pods).returns(private_testable_specs)
+
+            sources = [meli_mock, cocoapods_cdn_mock, testable_mock]
+
+            expected_result = [ "MyMELIPod1", "MyMELIPod2", "MyMELIPod3", "MyTestablePod1", "MyTestablePod2", "MyTestablePod2" ]
+            
+            validator = SourceHelper.instance.setup(sources, private_sources)
+            
+            SourceHelper.instance.specs.size.should.equal 6
+            SourceHelper.instance.is_filled.should.be.true
+            SourceHelper.instance.specs.should.equal expected_result
+        end
+        
+        it 'should not be filled if not specs been added' do
+
+            SourceHelper.instance.specs = [] # Avoid a non-empty SourceHelper
+
+            private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git", "git@github.com:testable/testable_specs.git" ]
+            
+            private_meli_specs = []
+            meli_mock = mock()
+            meli_mock.stubs(:url).returns("git@github.com:mercadolibre/mobile-ios_specs.git")
+            meli_mock.stubs(:pods).returns(private_meli_specs)
+
+            private_cocoapods_cdn_specs = []
+            cocoapods_cdn_mock = mock()
+            cocoapods_cdn_mock.stubs(:url).returns("https://cdn.cocoapods.org/")
+            cocoapods_cdn_mock.stubs(:pods).returns(private_cocoapods_cdn_specs)
+
+            private_testable_specs = []
+            testable_mock = mock()
+            testable_mock.stubs(:url).returns("git@github.com:testable/testable_specs.git")
+            testable_mock.stubs(:pods).returns(private_testable_specs)
+
+            sources = [meli_mock, cocoapods_cdn_mock, testable_mock]
+            
+            validator = SourceHelper.instance.setup(sources, private_sources)
+            
+            SourceHelper.instance.specs.size.should.equal 0
+            SourceHelper.instance.is_filled.should.not.be.true
+        end 
+    end
+end

data/spec/source_validator_spec.rb

@@ -0,0 +1,72 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe SourceValidator do
+    describe 'functionality' do
+      it 'external dependency that comes from a public source should be valid' do
+
+        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_specs = ["MyPod1", "MyPod1", "MyPod3"]
+
+        stub_url = stub(:url => 'https://cdn.cocoapods.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        spec_mock.stubs(:name).returns("MyExternalPod")
+        
+        validator = SourceValidator.new(private_specs, private_sources)
+        filtered = validator.filter_dependency("MyExternalPod", [spec_mock])
+
+        filtered.size.should.equal 1
+      end
+
+      it 'internal dependency that comes from a public source should not be valid' do
+        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_specs = ["MyPod1", "MyPod1", "MyPod3", "MyInternalPod"]
+
+        stub_url = stub(:url => 'https://cdn.cocoapods.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        spec_mock.stubs(:name).returns("MyInternalPod")
+        
+        validator = SourceValidator.new(private_specs, private_sources)
+        filtered = validator.filter_dependency("MyInternalPod", [spec_mock])
+
+        filtered.should.empty?
+      end
+
+      it 'internal dependency that comes from private source should be valid' do
+
+        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_specs = ["MyPod1", "MyPod1", "MyPod3", "MyInternalPod"]
+
+        stub_url = stub(:url => 'git@github.com:mercadolibre/mobile-ios_specs.git')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        spec_mock.stubs(:name).returns("MyInternalPod")
+        
+        validator = SourceValidator.new(private_specs, private_sources)
+        filtered = validator.filter_dependency("MyInternalPod", [spec_mock])
+
+        filtered.size.should.equal 1
+      end
+
+      it 'development pods should be valid' do
+
+        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_specs = ["MyPod1", "MyPod1", "MyPod3", "MyInternalPod"]
+
+        stub_url = stub(:url => '')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns('./Users/Pods/Local Podspecs/MLMyDevelopmentPod.podspec')
+        spec_mock.stubs(:name).returns("MLMyDevelopmentPod")
+        
+        validator = SourceValidator.new(private_specs, private_sources)
+        filtered = validator.filter_dependency('MLMyDevelopmentPod', [spec_mock])
+
+        filtered.size.should.equal 1
+      end
+    end
+end

data/spec/spec_helper.rb

@@ -10,7 +10,7 @@ require 'pretty_bacon'
 require 'pathname'
 require 'cocoapods'
 
-Mocha::Configuration.prevent(:stubbing_non_existent_method)
+Mocha.configure { |c| c.stubbing_non_existent_method = :prevent }
 
 require 'cocoapods_plugin'
 

data/spec/whitelist_resolver_spec.rb

@@ -0,0 +1,24 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+WHITELIST_PATH = './spec/mocks/whitelist.json'
+
+describe WhitelistResolver do
+    describe 'functionality' do
+        it 'whitelist should be loaded from an specific url' do
+            whitelist = WhitelistResolver.instance.get_whitelist(WHITELIST_PATH)
+            whitelist.size.should.equal 6
+        end
+        
+        it 'if not URL is specified, whitelist comes from default URL' do
+            whitelist = WhitelistResolver.instance.get_whitelist
+            whitelist.should.not.empty?
+        end
+
+        it 'whitelist should not be loaded twice' do
+            WhitelistResolver.instance.get_whitelist(WHITELIST_PATH)
+            loaded = WhitelistResolver.instance.whitelist_loaded
+
+            loaded.should.be.true    
+        end
+    end
+end

data/spec/whitelist_spec.rb

@@ -8,21 +8,15 @@ module Pod
       it 'registers itself' do
         Command.parse(%w{ whitelist }).should.be.instance_of Command::Whitelist
       end
-
-      it 'parse whitelist json' do
-        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}"])
-        dependencies = command.get_whitelist
-        dependencies.size.should.equal 4
-      end
     end
 
     describe 'validations' do
-      it 'dependency without version should be valid' do
+      it 'dependency without version should not be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
         specification = Pod::Specification.from_file('./spec/mocks/without_version.podspec')
         command.expects(:get_podspec_specifications).returns([specification])
-        lambda { command.run }.should.not.raise
+        lambda { command.run }.should.raise Informative
       end
 
       it 'dependency with major version fixed should be valid' do
@@ -48,6 +42,14 @@ module Pod
         lambda { command.run }.should.raise Informative
       end
 
+      it 'not allowed similar dependency should not be valid' do
+        # Whitelist: ('MercadoPagoSDKV4', '~>5.*') | Podspec: ('MercadoPagoSDK')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_similar_name_not_allowed.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'dependency with not allowed version should be valid' do
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
         specification = Pod::Specification.from_file('./spec/mocks/with_fixed_version.podspec')
@@ -79,6 +81,14 @@ module Pod
         lambda { command.run }.should.raise Informative
       end
 
+      it 'dependency with two versions requierement should not be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_more_than_one_version_in_subspec.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'dependency not allowed in subspec should not be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
@@ -87,6 +97,22 @@ module Pod
         lambda { command.run }.should.raise Informative
       end
 
+      it 'subspec dependency allowed in the whitelist should be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK/Error')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_allowed_subspec.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise
+      end
+
+      it 'subspec dependency not allowed in the whitelist should not be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('MyMeliSDK/Error')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_not_allowed_subspec.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'podspec without dependencies should be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
@@ -111,6 +137,30 @@ module Pod
         lambda { command.run }.should.not.raise
       end
 
+      it 'fixed mayor dependency in whitelist and podspec should not fail on first option' do
+        # Whitelist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency',  '1.0.0')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise
+      end
+
+      it 'fixed mayor dependency in whitelist and podspec should not fail on second option' do
+        # Whitelist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency',  '2.0.0')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise
+      end
+
+      it 'fixed mayor dependency in whitelist but not in podspec should fail' do
+        # Whitelist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency',  '~> 1.0')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'not allowed dependency should not raise exception if --fail-on-error is not present' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--podspec=./spec/mocks/not_allowed.podspec"])
@@ -121,7 +171,6 @@ module Pod
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}"])
         lambda { command.run }.should.not.raise
       end
-
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cocoapods-whitelist
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.2.1
 platform: ruby
 authors:
 - Mobile Team
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-10 00:00:00.000000000 Z
+date: 2021-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -45,6 +45,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".gitignore"
 - CHANGELOG.md
 - Gemfile
@@ -54,9 +55,16 @@ files:
 - Rakefile
 - cocoapods-whitelist.gemspec
 - lib/cocoapods-whitelist.rb
+- lib/cocoapods-whitelist/client/whitelist_resolver.rb
 - lib/cocoapods-whitelist/command.rb
 - lib/cocoapods-whitelist/command/whitelist.rb
 - lib/cocoapods-whitelist/gem_version.rb
+- lib/cocoapods-whitelist/helpers/source_helper.rb
+- lib/cocoapods-whitelist/hook.rb
+- lib/cocoapods-whitelist/hook/resolver.rb
+- lib/cocoapods-whitelist/model/allowed_dependency.rb
+- lib/cocoapods-whitelist/model/sources.rb
+- lib/cocoapods-whitelist/validator/source_validator.rb
 - lib/cocoapods_plugin.rb
 - spec/mocks/bad_name.podspec
 - spec/mocks/free_version.podspec
@@ -64,21 +72,32 @@ files:
 - spec/mocks/not_allowed.podspec
 - spec/mocks/whitelist.json
 - spec/mocks/whitelist_with_expired_dependencies.json
+- spec/mocks/whitelisted_podname.podspec
 - spec/mocks/with_allowed_in_subspec.podspec
+- spec/mocks/with_allowed_subspec.podspec
 - spec/mocks/with_expired_dependencies.podspec
 - spec/mocks/with_fixed_version.podspec
+- spec/mocks/with_more_than_one_version_in_subspec.podspec
 - spec/mocks/with_not_allowed_in_subspec.podspec
+- spec/mocks/with_not_allowed_subspec.podspec
 - spec/mocks/with_not_yet_expired_dependencies.podspec
+- spec/mocks/with_similar_name_not_allowed.podspec
 - spec/mocks/with_two_requirement.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
 - spec/mocks/without_dependencies.podspec
 - spec/mocks/without_version.podspec
+- spec/source_helper_spec.rb
+- spec/source_validator_spec.rb
 - spec/spec_helper.rb
+- spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb
 homepage: https://github.com/mercadolibre/mobile-cocoapods_whitelist
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -93,9 +112,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.0.8
+signing_key:
 specification_version: 4
 summary: A longer description of cocoapods-whitelist.
 test_files:
@@ -105,13 +123,24 @@ test_files:
 - spec/mocks/not_allowed.podspec
 - spec/mocks/whitelist.json
 - spec/mocks/whitelist_with_expired_dependencies.json
+- spec/mocks/whitelisted_podname.podspec
 - spec/mocks/with_allowed_in_subspec.podspec
+- spec/mocks/with_allowed_subspec.podspec
 - spec/mocks/with_expired_dependencies.podspec
 - spec/mocks/with_fixed_version.podspec
+- spec/mocks/with_more_than_one_version_in_subspec.podspec
 - spec/mocks/with_not_allowed_in_subspec.podspec
+- spec/mocks/with_not_allowed_subspec.podspec
 - spec/mocks/with_not_yet_expired_dependencies.podspec
+- spec/mocks/with_similar_name_not_allowed.podspec
 - spec/mocks/with_two_requirement.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
 - spec/mocks/without_dependencies.podspec
 - spec/mocks/without_version.podspec
+- spec/source_helper_spec.rb
+- spec/source_validator_spec.rb
 - spec/spec_helper.rb
+- spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb