cocoapods-whitelist 0.0.11 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac35a09134957238dfebe24132c80aa456c46bd4fe0b30e4a8615b210321b614
-  data.tar.gz: ee7d647d915058f1da78c3d86ae95781a0423e98a87b4f43e005c9d37d418c7d
+  metadata.gz: 4723e3d52ded2d24e5ea0fd987f13c26e50e75f4b4f3d8e3c331bf3f0917e7d9
+  data.tar.gz: 3cc1e0c08620d6d500299acfae29328e9a4230438073ea5d9b64defd3eea9b72
 SHA512:
-  metadata.gz: 6773f81644aa4b7dfa24c61bac7b4e86a6902a6d6a41d3aa3e05940418bd4cf860437836c577047237f2e4fdb69bd4c82b89f02da84376b6255402605a980888
-  data.tar.gz: 3bffec4b9f7e462532a99fd5dfc1908a6376f21c8dbf2fcb2959c719432034878b29a68230b169bcc3f4d7785151172aca5b0536d68b33cbc414d8b522917b5b
+  metadata.gz: f45764d3004aecd106e8003e4999dbb31636092376d093aecb0e68d0a6de19c7aa75372d43113b1f17147ceeb541af70f34647c7141c5efc319eae3f3418669d
+  data.tar.gz: e8791f4a18accaef77551c5c864c923b2aecdd18072c9703716fff7c3668637d7f47b983b1c5db6aec96e165bda72adbc20e823f5a37fc7d5f9dc1508cd8dd25

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 0.1.0
+- Dependency Confusion validation implementation
+
 ## 0.0.11
 - Enhancing dependencies linter by checking not only name but also version
 - Enabling CI

data/Gemfile.lock

@@ -6,25 +6,29 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.0)
-    activesupport (4.2.11.1)
-      i18n (~> 0.7)
+    CFPropertyList (3.0.3)
+    activesupport (5.2.4.5)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    algoliasearch (1.27.5)
+      httpclient (~> 2.8, >= 2.8.3)
+      json (>= 1.5.1)
     atomos (0.1.3)
     bacon (1.2.0)
-    claide (1.0.2)
-    cocoapods (1.7.3)
-      activesupport (>= 4.0.2, < 5)
+    claide (1.0.3)
+    cocoapods (1.10.1)
+      addressable (~> 2.6)
       claide (>= 1.0.2, < 2.0)
-      cocoapods-core (= 1.7.3)
+      cocoapods-core (= 1.10.1)
       cocoapods-deintegrate (>= 1.0.3, < 2.0)
-      cocoapods-downloader (>= 1.2.2, < 2.0)
+      cocoapods-downloader (>= 1.4.0, < 2.0)
       cocoapods-plugins (>= 1.0.0, < 2.0)
       cocoapods-search (>= 1.0.0, < 2.0)
-      cocoapods-stats (>= 1.0.0, < 2.0)
-      cocoapods-trunk (>= 1.3.1, < 2.0)
+      cocoapods-trunk (>= 1.4.0, < 2.0)
       cocoapods-try (>= 1.1.0, < 2.0)
       colored2 (~> 3.1)
       escape (~> 0.0.4)
@@ -33,52 +37,63 @@ GEM
       molinillo (~> 0.6.6)
       nap (~> 1.0)
       ruby-macho (~> 1.4)
-      xcodeproj (>= 1.10.0, < 2.0)
-    cocoapods-core (1.7.3)
-      activesupport (>= 4.0.2, < 6)
+      xcodeproj (>= 1.19.0, < 2.0)
+    cocoapods-core (1.10.1)
+      activesupport (> 5.0, < 6)
+      addressable (~> 2.6)
+      algoliasearch (~> 1.0)
+      concurrent-ruby (~> 1.1)
       fuzzy_match (~> 2.0.4)
       nap (~> 1.0)
+      netrc (~> 0.11)
+      public_suffix
+      typhoeus (~> 1.0)
     cocoapods-deintegrate (1.0.4)
-    cocoapods-downloader (1.2.2)
+    cocoapods-downloader (1.4.0)
     cocoapods-plugins (1.0.0)
       nap
     cocoapods-search (1.0.0)
-    cocoapods-stats (1.1.0)
-    cocoapods-trunk (1.3.1)
+    cocoapods-trunk (1.5.0)
       nap (>= 0.8, < 2.0)
       netrc (~> 0.11)
-    cocoapods-try (1.1.0)
+    cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.8)
     escape (0.0.4)
+    ethon (0.12.0)
+      ffi (>= 1.3.0)
+    ffi (1.14.2)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
-    i18n (0.9.5)
+    httpclient (2.8.3)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
-    metaclass (0.0.4)
-    minitest (5.11.3)
-    mocha (1.9.0)
-      metaclass (~> 0.0.1)
+    json (2.5.1)
+    minitest (5.14.4)
+    mocha (1.12.0)
     mocha-on-bacon (0.2.3)
       mocha (>= 0.13.0)
     molinillo (0.6.6)
-    nanaimo (0.2.6)
+    nanaimo (0.3.0)
     nap (1.1.0)
     netrc (0.11.0)
     prettybacon (0.0.2)
       bacon (~> 1.2)
-    rake (12.3.2)
+    public_suffix (4.0.6)
+    rake (12.3.3)
     ruby-macho (1.4.0)
     thread_safe (0.3.6)
-    tzinfo (1.2.5)
+    typhoeus (1.4.0)
+      ethon (>= 0.9.0)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
-    xcodeproj (1.10.0)
+    xcodeproj (1.19.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.2.6)
+      nanaimo (~> 0.3.0)
 
 PLATFORMS
   ruby

data/lib/cocoapods-whitelist/client/whitelist_resolver.rb

@@ -0,0 +1,46 @@
+require 'singleton'
+require 'cocoapods-whitelist/model/allowed_dependency'
+
+class WhitelistResolver
+    include Singleton
+    attr_accessor :whitelist
+    attr_accessor :whitelist_loaded
+    attr_accessor :whitelist_url
+
+    def config 
+        @whitelist ||= []
+    end 
+
+    def initialize()
+        @whitelist_url = DEFAULT_WHITELIST_URL
+        load_whitelist()
+    end
+
+    def get_whitelist(whitelist_url = DEFAULT_WHITELIST_URL)
+        @whitelist_loaded = @whitelist_url == whitelist_url
+        @whitelist_url = whitelist_url
+
+        load_whitelist() unless @whitelist_loaded
+        return @whitelist
+    end
+
+    def load_whitelist
+        begin
+            open(@whitelist_url) { |io|
+                buffer = io.read
+                @whitelist = parse_whitelist(buffer)
+                @whitelist_loaded = true
+            }
+        rescue OpenURI::HTTPError => e
+            status = e.io.status.join(' ')
+            raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
+        end
+    end
+
+    def parse_whitelist(raw_whitelist)
+        json = JSON.parse(raw_whitelist)
+        return json["whitelist"].map { |dependencyJson|
+            AllowedDependency.new(dependencyJson["name"], dependencyJson["version"], dependencyJson["expire"], dependencyJson["source"], dependencyJson["target"])
+        }
+    end
+end

data/lib/cocoapods-whitelist/command/whitelist.rb

@@ -1,27 +1,9 @@
 require 'open-uri'
+require_relative '../client/whitelist_resolver'
 
-DEFAULT_WHITELIST_URL = "https://raw.githubusercontent.com/mercadolibre/mobile-dependencies_whitelist/master/ios-whitelist.json"
 POD_NAME_REGEX = /^([^\/]+)(?:\/.*)*$/
 POD_BASE_REGEX_POSITION = 0
-
-class AllowedDependency
-  attr_accessor :name
-  attr_accessor :version
-  attr_accessor :expire
-  def initialize(name, version, expire)
-    @name = name
-    @version = version
-    @expire = expire
- end
-
- def expire?
-   if @expire != nil
-     expire = DateTime.parse(@expire,"%Y-%m-%d")
-     return expire < DateTime.now
-   end
-   return false
- end
-end
+DEFAULT_WHITELIST_URL = "https://raw.githubusercontent.com/mercadolibre/mobile-dependencies_whitelist/master/ios-whitelist.json"
 
 module Pod
   class Command
@@ -59,7 +41,7 @@ module Pod
 
       def run
         prepare_outfile
-        whitelist = get_whitelist
+        whitelist = WhitelistResolver.instance.get_whitelist(@whitelist_url)
         specifications = get_podspec_specifications
 
         if specifications.empty?
@@ -102,7 +84,7 @@ module Pod
           end
 
           allowedDependency = whitelist.select { |item|
-            name.start_with?(item.name.match(POD_NAME_REGEX).captures[POD_BASE_REGEX_POSITION]) && (!item.version || versions.grep(/#{item.version}/).any?)
+            name.start_with?(item.name.match(POD_NAME_REGEX).captures[POD_BASE_REGEX_POSITION]) && (!item.version || versions.grep(/#{item.version}/).any?) && (item.target == 'production')
           }
 
           # Checks if any of the allowed dependencies are expired, if so, fail with error
@@ -135,25 +117,6 @@ module Pod
         end
       end
 
-      def get_whitelist
-        begin
-          open(@whitelist_url) { |io|
-            buffer = io.read
-            parse_whitelist(buffer)
-          }
-        rescue OpenURI::HTTPError => e
-          status = e.io.status.join(' ')
-          raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
-        end
-      end
-
-      def parse_whitelist(raw_whitelist)
-        json = JSON.parse(raw_whitelist)
-        return json["whitelist"].map { |dependencyJson|
-          AllowedDependency.new(dependencyJson["name"], dependencyJson["version"], dependencyJson["expire"])
-        }
-      end
-
       def get_podspec_specifications
         if @pospec_path
           return [Pod::Specification.from_file(@pospec_path)]

data/lib/cocoapods-whitelist/gem_version.rb

@@ -1,3 +1,3 @@
 module CocoapodsWhitelist
-  VERSION = "0.0.11"
+  VERSION = "0.1.0"
 end

data/lib/cocoapods-whitelist/hook.rb

@@ -0,0 +1 @@
+require 'cocoapods-whitelist/hook/resolver'

data/lib/cocoapods-whitelist/hook/resolver.rb

@@ -0,0 +1,23 @@
+require_relative '../validator/source_validator'
+require_relative '../model/sources'
+
+module Pod
+    class Resolver
+        alias original_search_for search_for
+        ## Filter specifications
+        def search_for(dependency)
+            specifications = original_search_for(dependency)
+
+            validator = SourceValidator.new(get_sources())
+            filtered = validator.filter_dependency(dependency.root_name, specifications)
+
+            if filtered.empty? && specifications.first ## If you have a dependency problem, then no specification is returned from :search_for
+                Pod::UI.puts "Dependency #{dependency.root_name} comes from source #{specifications.first.spec_source.url} is NOT allowed".red 
+                Pod::UI.puts "If you thing this is a mistake, please check the whitelist".red
+                raise Informative.new()
+            end
+
+            specifications
+        end
+    end
+end

data/lib/cocoapods-whitelist/model/allowed_dependency.rb

@@ -0,0 +1,23 @@
+class AllowedDependency
+    attr_accessor :name
+    attr_accessor :version
+    attr_accessor :expire
+    attr_accessor :source
+    attr_accessor :target
+
+    def initialize(name, version, expire, source, target)
+      @name = name
+      @version = version
+      @expire = expire
+      @source = source
+      @target = target
+    end
+  
+    def expire?
+      if @expire != nil
+        expire = DateTime.parse(@expire,"%Y-%m-%d")
+        return expire < DateTime.now
+      end
+      return false
+    end
+end

data/lib/cocoapods-whitelist/model/sources.rb

@@ -0,0 +1,6 @@
+def get_sources
+    { 
+        "public" => "https://cdn.cocoapods.org/", 
+        "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+    }
+end

data/lib/cocoapods-whitelist/validator/source_validator.rb

@@ -0,0 +1,52 @@
+require_relative '../client/whitelist_resolver'
+require 'singleton'
+
+class SourceValidator
+    attr_accessor :sources
+    def initialize(sources)
+        @sources = sources
+    end
+
+    def filter_dependency(pod, specifications)
+        ## Avoid checking the same pod many times
+        return [specifications.first] if DependencyCounter.instance.is_checked(pod) && !specifications.empty?
+
+        filtered = specifications.select { |spec| spec_is_valid(pod, spec) }
+
+        return filtered
+    end
+
+    def spec_is_valid(pod, spec)
+      
+        # Allow external dependencies (using :git or :path), which create a local podspec
+        return true if !spec.defined_in_file.nil? && spec.defined_in_file.to_s.include?('/Pods/Local Podspecs')
+        
+        # Allow every dependency that comes from our private specs sources
+        return true if spec.spec_source.url == @sources["private"]
+
+        whitelist = WhitelistResolver.instance.get_whitelist
+        whitelist.each { |dependency|
+            next unless dependency.name == pod
+            return true unless spec.spec_source.url != @sources[dependency.source]
+        }
+        return false
+    end
+
+end
+
+class DependencyCounter
+    include Singleton
+    attr_accessor :dependencies_checked
+
+    def initialize()
+        @dependencies_checked ||= []
+    end
+
+    def is_checked(podname)
+        included = @dependencies_checked.include? podname
+        @dependencies_checked.push(podname) unless included
+
+        return included
+    end
+
+end

data/lib/cocoapods_plugin.rb

@@ -1,4 +1,5 @@
 require 'cocoapods-whitelist/command'
+require 'cocoapods-whitelist/hook'
 
 module Whitelist
   Pod::HooksManager.register('cocoapods-whitelist', :pre_install) do |context, options|

data/spec/mocks/whitelist.json

@@ -2,25 +2,37 @@
 	"whitelist": [
 		{
 			"name": "MeliSDK",
-			"version": "^~>5.[0-9]+$"
+			"version": "^~>5.[0-9]+$",
+			"target": "production"
 		},
 		{
 			"name": "MLRecommendations",
-			"version": null
+			"version": null,
+			"target": "production"
 		},
 		{
 			"expire": "2100-11-15",
 			"name": "MLBilling",
-			"version": null
+			"version": null,
+			"target": "production"
 		},
 		{
 			"expire": "2016-11-15",
 			"name": "MLOnDemandResources",
-			"version": "^~>5.[0-9]+$"
+			"version": "^~>5.[0-9]+$",
+			"source": "public",
+			"target": "production"
+		},
+		{
+			"name": "MLMyPod",
+			"version": "^~>1.[0-9]+$",
+			"source": "public",
+			"target": "production"
 		},
 		{
 			"name": "MLMyDependency",
-			"version": "1.0.0|2.0.0"
+			"version": "1.0.0|2.0.0",
+			"target": "production"
 		}
 	]
 }

data/spec/mocks/whitelisted_podname.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+    s.name         = "MLMyPod"
+    s.version      = "1.17.0"
+    s.summary      = "Componente de search"
+    s.homepage     = "http://www.mercadolibre.com.ar"
+    s.license      = "none"
+    s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+    s.platform     = :ios, "7.0"
+    s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+    s.requires_arc = true
+  
+  end
+  

data/spec/source_validator_spec.rb

@@ -0,0 +1,95 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe SourceValidator do
+    describe 'functionality' do
+      it 'external dependency that is not on the whitelist should not be valid' do
+
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'https://cdn.cocoapods.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MyExternalPod', [spec_mock])
+
+        filtered.should.empty?
+
+      end
+
+      it 'external dependency that is on the whitelist should be valid' do
+
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'https://cdn.cocoapods.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('RxSwift', [spec_mock])
+
+        filtered.size.should.equal 1
+
+      end
+
+      it 'internal dependency that comes from private source should be valid' do
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'git@github.com:mercadolibre/mobile-ios_specs.git')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MLMyPod', [spec_mock])
+
+        filtered.size.should.equal 1
+
+      end
+
+      it 'internal dependency that comes from unknown source should not be valid' do
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'https://cdn.malicious.source.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MLOnDemandResources', [spec_mock])
+
+        filtered.should.empty?
+      end
+
+      it 'development pods should be valid' do
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => '')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns('./Users/Pods/Local Podspecs/MLMyDevelopmentPod.podspec')
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MLMyDevelopmentPod', [spec_mock])
+
+        filtered.size.should.equal 1
+      end
+    end
+end

data/spec/spec_helper.rb

@@ -10,7 +10,7 @@ require 'pretty_bacon'
 require 'pathname'
 require 'cocoapods'
 
-Mocha::Configuration.prevent(:stubbing_non_existent_method)
+Mocha.configure { |c| c.stubbing_non_existent_method = :prevent }
 
 require 'cocoapods_plugin'
 

data/spec/whitelist_resolver_spec.rb

@@ -0,0 +1,22 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe WhitelistResolver do
+    describe 'functionality' do
+        it 'whitelist should be loaded from an specific url' do
+            whitelist = WhitelistResolver.instance.get_whitelist(WHITELIST_FILE)
+            whitelist.size.should.equal 6
+        end
+        
+        it 'if not URL is specified, whitelist comes from default URL' do
+            whitelist = WhitelistResolver.instance.get_whitelist
+            whitelist.should.not.empty?
+        end
+
+        it 'whitelist should not be loaded twice' do
+            WhitelistResolver.instance.get_whitelist(WHITELIST_FILE)
+            loaded = WhitelistResolver.instance.whitelist_loaded
+
+            loaded.should.be.true    
+        end
+    end
+end

data/spec/whitelist_spec.rb

@@ -8,12 +8,6 @@ module Pod
       it 'registers itself' do
         Command.parse(%w{ whitelist }).should.be.instance_of Command::Whitelist
       end
-
-      it 'parse whitelist json' do
-        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}"])
-        dependencies = command.get_whitelist
-        dependencies.size.should.equal 5
-      end
     end
 
     describe 'validations' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cocoapods-whitelist
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.1.0
 platform: ruby
 authors:
 - Mobile Team
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-22 00:00:00.000000000 Z
+date: 2021-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -55,9 +55,15 @@ files:
 - Rakefile
 - cocoapods-whitelist.gemspec
 - lib/cocoapods-whitelist.rb
+- lib/cocoapods-whitelist/client/whitelist_resolver.rb
 - lib/cocoapods-whitelist/command.rb
 - lib/cocoapods-whitelist/command/whitelist.rb
 - lib/cocoapods-whitelist/gem_version.rb
+- lib/cocoapods-whitelist/hook.rb
+- lib/cocoapods-whitelist/hook/resolver.rb
+- lib/cocoapods-whitelist/model/allowed_dependency.rb
+- lib/cocoapods-whitelist/model/sources.rb
+- lib/cocoapods-whitelist/validator/source_validator.rb
 - lib/cocoapods_plugin.rb
 - spec/mocks/bad_name.podspec
 - spec/mocks/free_version.podspec
@@ -65,6 +71,7 @@ files:
 - spec/mocks/not_allowed.podspec
 - spec/mocks/whitelist.json
 - spec/mocks/whitelist_with_expired_dependencies.json
+- spec/mocks/whitelisted_podname.podspec
 - spec/mocks/with_allowed_in_subspec.podspec
 - spec/mocks/with_allowed_subspec.podspec
 - spec/mocks/with_expired_dependencies.podspec
@@ -80,13 +87,15 @@ files:
 - spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
 - spec/mocks/without_dependencies.podspec
 - spec/mocks/without_version.podspec
+- spec/source_validator_spec.rb
 - spec/spec_helper.rb
+- spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb
 homepage: https://github.com/mercadolibre/mobile-cocoapods_whitelist
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -101,9 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
-signing_key: 
+rubygems_version: 3.0.9
+signing_key:
 specification_version: 4
 summary: A longer description of cocoapods-whitelist.
 test_files:
@@ -113,6 +121,7 @@ test_files:
 - spec/mocks/not_allowed.podspec
 - spec/mocks/whitelist.json
 - spec/mocks/whitelist_with_expired_dependencies.json
+- spec/mocks/whitelisted_podname.podspec
 - spec/mocks/with_allowed_in_subspec.podspec
 - spec/mocks/with_allowed_subspec.podspec
 - spec/mocks/with_expired_dependencies.podspec
@@ -128,5 +137,7 @@ test_files:
 - spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
 - spec/mocks/without_dependencies.podspec
 - spec/mocks/without_version.podspec
+- spec/source_validator_spec.rb
 - spec/spec_helper.rb
+- spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb