cocoapods-whitelist 0.0.7 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 750058d7d825d9b61916a46ea50350581cfe3518
-  data.tar.gz: 270b1db1faf90555f31e4c43c655b1d7494ce650
+SHA256:
+  metadata.gz: 4723e3d52ded2d24e5ea0fd987f13c26e50e75f4b4f3d8e3c331bf3f0917e7d9
+  data.tar.gz: 3cc1e0c08620d6d500299acfae29328e9a4230438073ea5d9b64defd3eea9b72
 SHA512:
-  metadata.gz: 63a7cdc92b231d590dcc66ccbd8e41f1c167da2147c7c041f009bc3da783c76f5ce6f892300c4d90b3b918ffeca0ed63d57214da7ccf1dfd6e7cc9489ee8f418
-  data.tar.gz: 2b4debab422c070ed134a2eddaa366b36004eeb2c1b2354007922070bb0864aede76215580ffd7da0923dc84ca07a94929879aa464a5a1a6b3c887cf887783d7
+  metadata.gz: f45764d3004aecd106e8003e4999dbb31636092376d093aecb0e68d0a6de19c7aa75372d43113b1f17147ceeb541af70f34647c7141c5efc319eae3f3418669d
+  data.tar.gz: e8791f4a18accaef77551c5c864c923b2aecdd18072c9703716fff7c3668637d7f47b983b1c5db6aec96e165bda72adbc20e823f5a37fc7d5f9dc1508cd8dd25

data/.circleci/config.yml

@@ -0,0 +1,30 @@
+version: 2
+jobs:
+  build:
+    docker:
+       - image: circleci/ruby:2.4.4-node
+         environment:
+           BUNDLER_VERSION: 2.0.2
+    resource_class: small
+    steps:
+      - checkout
+      - add_ssh_keys
+      - run:
+          name: Update Bundler
+          command: |
+            sudo gem update --system
+            sudo gem uninstall bundler
+            sudo rm /usr/local/bin/bundle
+            sudo rm /usr/local/bin/bundler
+            sudo gem install bundler
+      - run:
+          name: Run Build
+          command: |
+            bundle install --quiet --without static-dependencies 
+            gem build cocoapods-whitelist.gemspec --silent -q --backtrace
+            gem install *.gem --silent -q --backtrace
+            rm -rf *.gem
+            rm -rf Gemfile.lock
+      - run:
+          name: Run Tests
+          command: rake

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 0.1.0
+- Dependency Confusion validation implementation
+
+## 0.0.11
+- Enhancing dependencies linter by checking not only name but also version
+- Enabling CI
+
+## 0.0.10
+- Revert 0.0.8 validation rule
+
+## 0.0.9
+- Revert 0.0.8 validation rule
+
+## 0.0.8
+- Fix name validation rule
+
 ## 0.0.7
 - Add `outfile` parameter
 

data/Gemfile.lock

@@ -1,87 +1,106 @@
 PATH
   remote: .
   specs:
-    cocoapods-whitelist (0.0.6)
+    cocoapods-whitelist (0.0.11)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (2.3.5)
-    activesupport (4.2.8)
-      i18n (~> 0.7)
+    CFPropertyList (3.0.3)
+    activesupport (5.2.4.5)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    algoliasearch (1.27.5)
+      httpclient (~> 2.8, >= 2.8.3)
+      json (>= 1.5.1)
+    atomos (0.1.3)
     bacon (1.2.0)
-    claide (1.0.1)
-    cocoapods (1.2.1)
-      activesupport (>= 4.0.2, < 5)
-      claide (>= 1.0.1, < 2.0)
-      cocoapods-core (= 1.2.1)
-      cocoapods-deintegrate (>= 1.0.1, < 2.0)
-      cocoapods-downloader (>= 1.1.3, < 2.0)
+    claide (1.0.3)
+    cocoapods (1.10.1)
+      addressable (~> 2.6)
+      claide (>= 1.0.2, < 2.0)
+      cocoapods-core (= 1.10.1)
+      cocoapods-deintegrate (>= 1.0.3, < 2.0)
+      cocoapods-downloader (>= 1.4.0, < 2.0)
       cocoapods-plugins (>= 1.0.0, < 2.0)
       cocoapods-search (>= 1.0.0, < 2.0)
-      cocoapods-stats (>= 1.0.0, < 2.0)
-      cocoapods-trunk (>= 1.2.0, < 2.0)
+      cocoapods-trunk (>= 1.4.0, < 2.0)
       cocoapods-try (>= 1.1.0, < 2.0)
       colored2 (~> 3.1)
       escape (~> 0.0.4)
-      fourflusher (~> 2.0.1)
+      fourflusher (>= 2.3.0, < 3.0)
       gh_inspector (~> 1.0)
-      molinillo (~> 0.5.7)
+      molinillo (~> 0.6.6)
       nap (~> 1.0)
-      ruby-macho (~> 1.1)
-      xcodeproj (>= 1.4.4, < 2.0)
-    cocoapods-core (1.2.1)
-      activesupport (>= 4.0.2, < 5)
+      ruby-macho (~> 1.4)
+      xcodeproj (>= 1.19.0, < 2.0)
+    cocoapods-core (1.10.1)
+      activesupport (> 5.0, < 6)
+      addressable (~> 2.6)
+      algoliasearch (~> 1.0)
+      concurrent-ruby (~> 1.1)
       fuzzy_match (~> 2.0.4)
       nap (~> 1.0)
-    cocoapods-deintegrate (1.0.1)
-    cocoapods-downloader (1.1.3)
+      netrc (~> 0.11)
+      public_suffix
+      typhoeus (~> 1.0)
+    cocoapods-deintegrate (1.0.4)
+    cocoapods-downloader (1.4.0)
     cocoapods-plugins (1.0.0)
       nap
     cocoapods-search (1.0.0)
-    cocoapods-stats (1.0.0)
-    cocoapods-trunk (1.2.0)
+    cocoapods-trunk (1.5.0)
       nap (>= 0.8, < 2.0)
-      netrc (= 0.7.8)
-    cocoapods-try (1.1.0)
+      netrc (~> 0.11)
+    cocoapods-try (1.2.0)
     colored2 (3.1.2)
+    concurrent-ruby (1.1.8)
     escape (0.0.4)
-    fourflusher (2.0.1)
+    ethon (0.12.0)
+      ffi (>= 1.3.0)
+    ffi (1.14.2)
+    fourflusher (2.3.1)
     fuzzy_match (2.0.4)
-    gh_inspector (1.0.3)
-    i18n (0.8.4)
-    metaclass (0.0.4)
-    minitest (5.10.2)
-    mocha (1.2.1)
-      metaclass (~> 0.0.1)
+    gh_inspector (1.1.3)
+    httpclient (2.8.3)
+    i18n (1.8.9)
+      concurrent-ruby (~> 1.0)
+    json (2.5.1)
+    minitest (5.14.4)
+    mocha (1.12.0)
     mocha-on-bacon (0.2.3)
       mocha (>= 0.13.0)
-    molinillo (0.5.7)
-    nanaimo (0.2.3)
+    molinillo (0.6.6)
+    nanaimo (0.3.0)
     nap (1.1.0)
-    netrc (0.7.8)
+    netrc (0.11.0)
     prettybacon (0.0.2)
       bacon (~> 1.2)
-    rake (12.0.0)
-    ruby-macho (1.1.0)
+    public_suffix (4.0.6)
+    rake (12.3.3)
+    ruby-macho (1.4.0)
     thread_safe (0.3.6)
-    tzinfo (1.2.3)
+    typhoeus (1.4.0)
+      ethon (>= 0.9.0)
+    tzinfo (1.2.9)
       thread_safe (~> 0.1)
-    xcodeproj (1.4.4)
-      CFPropertyList (~> 2.3.3)
-      claide (>= 1.0.1, < 2.0)
+    xcodeproj (1.19.0)
+      CFPropertyList (>= 2.3.3, < 4.0)
+      atomos (~> 0.1.3)
+      claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.2.3)
+      nanaimo (~> 0.3.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   bacon
-  bundler (~> 1.3)
+  bundler (~> 2.0)
   cocoapods
   cocoapods-whitelist!
   mocha
@@ -90,4 +109,4 @@ DEPENDENCIES
   rake (~> 12.0)
 
 BUNDLED WITH
-   1.14.6
+   2.0.2

data/README.md

@@ -10,7 +10,7 @@ Validate Podspec's dependencies against a whitelist of pods.
 
 - As a command
 ```
-$ pod whitelist [--podspec=PODSPEC] [--config=WHITELIST_FILE_OR_URL] [--fail-on-error]
+$ pod whitelist [--podspec=PODSPEC] [--config=WHITELIST_FILE_OR_URL] [--outfile=PATH] [--fail-on-error]
 ```
 
 - As plugin, add into the Podfile of your tests app
@@ -23,3 +23,24 @@ If not Podspec is passed by parameter, the command search into the current and p
 You can specify a custom whitelist. By default use a whitelist hosted in [GitHub](https://github.com/mercadolibre/mobile-dependencies_whitelist/blob/master/ios-whitelist.json)
 
 By default exit with status 0, unless you add the parameter `--fail-on-error`
+
+## Development
+### Install dependencies
+```
+bundle install
+```
+
+### Run test
+```
+rake
+```
+
+### Publish in RubyGems
+1. Build
+```
+gem build cocoapods-whitelist.gemspec
+```
+2. Publish
+```
+gem push cocoapods-whitelist-{version}.gem
+```

data/cocoapods-whitelist.gemspec

@@ -18,6 +18,6 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'rake', '~> 12.0'
 end

data/lib/cocoapods-whitelist/client/whitelist_resolver.rb

@@ -0,0 +1,46 @@
+require 'singleton'
+require 'cocoapods-whitelist/model/allowed_dependency'
+
+class WhitelistResolver
+    include Singleton
+    attr_accessor :whitelist
+    attr_accessor :whitelist_loaded
+    attr_accessor :whitelist_url
+
+    def config 
+        @whitelist ||= []
+    end 
+
+    def initialize()
+        @whitelist_url = DEFAULT_WHITELIST_URL
+        load_whitelist()
+    end
+
+    def get_whitelist(whitelist_url = DEFAULT_WHITELIST_URL)
+        @whitelist_loaded = @whitelist_url == whitelist_url
+        @whitelist_url = whitelist_url
+
+        load_whitelist() unless @whitelist_loaded
+        return @whitelist
+    end
+
+    def load_whitelist
+        begin
+            open(@whitelist_url) { |io|
+                buffer = io.read
+                @whitelist = parse_whitelist(buffer)
+                @whitelist_loaded = true
+            }
+        rescue OpenURI::HTTPError => e
+            status = e.io.status.join(' ')
+            raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
+        end
+    end
+
+    def parse_whitelist(raw_whitelist)
+        json = JSON.parse(raw_whitelist)
+        return json["whitelist"].map { |dependencyJson|
+            AllowedDependency.new(dependencyJson["name"], dependencyJson["version"], dependencyJson["expire"], dependencyJson["source"], dependencyJson["target"])
+        }
+    end
+end

data/lib/cocoapods-whitelist/command/whitelist.rb

@@ -1,16 +1,10 @@
 require 'open-uri'
+require_relative '../client/whitelist_resolver'
 
+POD_NAME_REGEX = /^([^\/]+)(?:\/.*)*$/
+POD_BASE_REGEX_POSITION = 0
 DEFAULT_WHITELIST_URL = "https://raw.githubusercontent.com/mercadolibre/mobile-dependencies_whitelist/master/ios-whitelist.json"
 
-class AllowedDependency
-  attr_accessor :name
-  attr_accessor :version
-  def initialize(name, version)
-    @name = name
-    @version = version
- end
-end
-
 module Pod
   class Command
     class Whitelist < Command
@@ -47,7 +41,7 @@ module Pod
 
       def run
         prepare_outfile
-        whitelist = get_whitelist
+        whitelist = WhitelistResolver.instance.get_whitelist(@whitelist_url)
         specifications = get_podspec_specifications
 
         if specifications.empty?
@@ -83,12 +77,25 @@ module Pod
           # Skip subspec dependency
           next if parentName && name.start_with?("#{parentName}/")
 
+          if versions.length != 1
+            not_allowed.push("#{name} (#{versions.join(", ")}) Reason: A specific version must be defined for every dependency (just one). " +
+            "Suggestion: find this dependency in your Podspec and add the version listed in the whitelist.")
+            next
+          end
+
           allowedDependency = whitelist.select { |item|
-             /#{item.name}/ =~ name && (versions.empty? || !item.version || versions.grep(/#{item.version}/).any?)
+            name.start_with?(item.name.match(POD_NAME_REGEX).captures[POD_BASE_REGEX_POSITION]) && (!item.version || versions.grep(/#{item.version}/).any?) && (item.target == 'production')
+          }
+
+          # Checks if any of the allowed dependencies are expired, if so, fail with error
+          allowedDependency.each { |dependency|
+            if dependency.expire?
+              not_allowed.push("#{name} Reason: Expired version. Please check the whitelist.")
+            end
           }
 
           if allowedDependency.empty?
-            not_allowed.push("#{name} (#{versions.join(", ")})")
+            not_allowed.push("#{name} (#{versions.join(", ")}) Reason: Specified version hasn't match any whitelisted version or Pod name is not valid")
             next
           end
         end
@@ -110,25 +117,6 @@ module Pod
         end
       end
 
-      def get_whitelist
-        begin
-          open(@whitelist_url) { |io|
-            buffer = io.read
-            parse_whitelist(buffer)
-          }
-        rescue OpenURI::HTTPError => e
-          status = e.io.status.join(' ')
-          raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
-        end
-      end
-
-      def parse_whitelist(raw_whitelist)
-        json = JSON.parse(raw_whitelist)
-        return json["whitelist"].map { |dependencyJson|
-          AllowedDependency.new(dependencyJson["name"], dependencyJson["version"])
-        }
-      end
-
       def get_podspec_specifications
         if @pospec_path
           return [Pod::Specification.from_file(@pospec_path)]
@@ -146,7 +134,7 @@ module Pod
         return podspecs.map { |path|  Pod::Specification.from_file(path) }
       end
 
-      def show_error_message(message)     
+      def show_error_message(message)
         unless @outfile == nil
           IO.write(@outfile, "#{message}\n", mode: 'a')
         end

data/lib/cocoapods-whitelist/gem_version.rb

@@ -1,3 +1,3 @@
 module CocoapodsWhitelist
-  VERSION = "0.0.7"
+  VERSION = "0.1.0"
 end

data/lib/cocoapods-whitelist/hook.rb

@@ -0,0 +1 @@
+require 'cocoapods-whitelist/hook/resolver'

data/lib/cocoapods-whitelist/hook/resolver.rb

@@ -0,0 +1,23 @@
+require_relative '../validator/source_validator'
+require_relative '../model/sources'
+
+module Pod
+    class Resolver
+        alias original_search_for search_for
+        ## Filter specifications
+        def search_for(dependency)
+            specifications = original_search_for(dependency)
+
+            validator = SourceValidator.new(get_sources())
+            filtered = validator.filter_dependency(dependency.root_name, specifications)
+
+            if filtered.empty? && specifications.first ## If you have a dependency problem, then no specification is returned from :search_for
+                Pod::UI.puts "Dependency #{dependency.root_name} comes from source #{specifications.first.spec_source.url} is NOT allowed".red 
+                Pod::UI.puts "If you thing this is a mistake, please check the whitelist".red
+                raise Informative.new()
+            end
+
+            specifications
+        end
+    end
+end

data/lib/cocoapods-whitelist/model/allowed_dependency.rb

@@ -0,0 +1,23 @@
+class AllowedDependency
+    attr_accessor :name
+    attr_accessor :version
+    attr_accessor :expire
+    attr_accessor :source
+    attr_accessor :target
+
+    def initialize(name, version, expire, source, target)
+      @name = name
+      @version = version
+      @expire = expire
+      @source = source
+      @target = target
+    end
+  
+    def expire?
+      if @expire != nil
+        expire = DateTime.parse(@expire,"%Y-%m-%d")
+        return expire < DateTime.now
+      end
+      return false
+    end
+end

data/lib/cocoapods-whitelist/model/sources.rb

@@ -0,0 +1,6 @@
+def get_sources
+    { 
+        "public" => "https://cdn.cocoapods.org/", 
+        "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+    }
+end

data/lib/cocoapods-whitelist/validator/source_validator.rb

@@ -0,0 +1,52 @@
+require_relative '../client/whitelist_resolver'
+require 'singleton'
+
+class SourceValidator
+    attr_accessor :sources
+    def initialize(sources)
+        @sources = sources
+    end
+
+    def filter_dependency(pod, specifications)
+        ## Avoid checking the same pod many times
+        return [specifications.first] if DependencyCounter.instance.is_checked(pod) && !specifications.empty?
+
+        filtered = specifications.select { |spec| spec_is_valid(pod, spec) }
+
+        return filtered
+    end
+
+    def spec_is_valid(pod, spec)
+      
+        # Allow external dependencies (using :git or :path), which create a local podspec
+        return true if !spec.defined_in_file.nil? && spec.defined_in_file.to_s.include?('/Pods/Local Podspecs')
+        
+        # Allow every dependency that comes from our private specs sources
+        return true if spec.spec_source.url == @sources["private"]
+
+        whitelist = WhitelistResolver.instance.get_whitelist
+        whitelist.each { |dependency|
+            next unless dependency.name == pod
+            return true unless spec.spec_source.url != @sources[dependency.source]
+        }
+        return false
+    end
+
+end
+
+class DependencyCounter
+    include Singleton
+    attr_accessor :dependencies_checked
+
+    def initialize()
+        @dependencies_checked ||= []
+    end
+
+    def is_checked(podname)
+        included = @dependencies_checked.include? podname
+        @dependencies_checked.push(podname) unless included
+
+        return included
+    end
+
+end

data/lib/cocoapods_plugin.rb

@@ -1,4 +1,5 @@
 require 'cocoapods-whitelist/command'
+require 'cocoapods-whitelist/hook'
 
 module Whitelist
   Pod::HooksManager.register('cocoapods-whitelist', :pre_install) do |context, options|

data/spec/mocks/bad_name.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'Meli', '~>5.1'
+
+end

data/spec/mocks/whitelist.json

@@ -1,9 +1,38 @@
 {
-	"whitelist": [{
-		"name": "MeliSDK",
-		"version": "^~>5.[0-9]+$"
-	}, {
-		"name": "MLRecommendations",
-		"version": null
-	}]
+	"whitelist": [
+		{
+			"name": "MeliSDK",
+			"version": "^~>5.[0-9]+$",
+			"target": "production"
+		},
+		{
+			"name": "MLRecommendations",
+			"version": null,
+			"target": "production"
+		},
+		{
+			"expire": "2100-11-15",
+			"name": "MLBilling",
+			"version": null,
+			"target": "production"
+		},
+		{
+			"expire": "2016-11-15",
+			"name": "MLOnDemandResources",
+			"version": "^~>5.[0-9]+$",
+			"source": "public",
+			"target": "production"
+		},
+		{
+			"name": "MLMyPod",
+			"version": "^~>1.[0-9]+$",
+			"source": "public",
+			"target": "production"
+		},
+		{
+			"name": "MLMyDependency",
+			"version": "1.0.0|2.0.0",
+			"target": "production"
+		}
+	]
 }

data/spec/mocks/whitelist_with_expired_dependencies.json

@@ -0,0 +1,24 @@
+{
+	"whitelist": [{
+		"name": "MeliSDK",
+		"version": "^~>5.[0-9]+$"
+	}, {
+		"name": "MLRecommendations",
+		"version": null
+	}, {
+    "name": "CHTCollectionViewWaterfallLayout2",
+    "version": "^~>\\s?0.[0-9]+$",
+    "expire": "2017-11-01"
+  },
+  {
+    "name": "CHTCollectionViewWaterfallLayout3",
+    "version": "^~>\\s?0.[0-9]+$",
+    "expire" : "2017-12-01"
+  },
+  {
+    "name": "CHTCollectionViewWaterfallLayout4",
+    "version": "^~>\\s?0.[0-9]+$",
+    "expire" : "2017-11-01"
+  }
+  ]
+}

data/spec/mocks/whitelisted_podname.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+    s.name         = "MLMyPod"
+    s.version      = "1.17.0"
+    s.summary      = "Componente de search"
+    s.homepage     = "http://www.mercadolibre.com.ar"
+    s.license      = "none"
+    s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+    s.platform     = :ios, "7.0"
+    s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+    s.requires_arc = true
+  
+  end
+  

data/spec/mocks/with_allowed_subspec.podspec

@@ -0,0 +1,18 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+
+  s.subspec "Suggestion" do |suggestion|
+    suggestion.resource = "LibraryComponents/Suggestions/assets/*.*", "LibraryComponents/Suggestions/classes/*.xib"
+    suggestion.source_files = "LibraryComponents/Suggestions/classes/*.{h,m,c}"
+    suggestion.dependency "MeliSDK/Error", "~>5.0"
+  end
+
+end

data/spec/mocks/with_expired_dependencies.podspec

@@ -0,0 +1,12 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLOnDemandResources', '~>5.8'
+end

data/spec/mocks/with_more_than_one_version_in_subspec.podspec

@@ -0,0 +1,19 @@
+
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+
+  s.subspec "Suggestion" do |suggestion|
+    suggestion.resource = "LibraryComponents/Suggestions/assets/*.*", "LibraryComponents/Suggestions/classes/*.xib"
+    suggestion.source_files = "LibraryComponents/Suggestions/classes/*.{h,m,c}"
+    suggestion.dependency "MeliSDK", ">5.0", "<6.0"
+  end
+
+end

data/spec/mocks/with_not_allowed_subspec.podspec

@@ -0,0 +1,18 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+
+  s.subspec "Suggestion" do |suggestion|
+    suggestion.resource = "LibraryComponents/Suggestions/assets/*.*", "LibraryComponents/Suggestions/classes/*.xib"
+    suggestion.source_files = "LibraryComponents/Suggestions/classes/*.{h,m,c}"
+    suggestion.dependency "MyMeliSDK/Error", "~>5.0"
+  end
+
+end

data/spec/mocks/with_not_yet_expired_dependencies.podspec

@@ -0,0 +1,12 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLBilling', '~>5.8'
+end

data/spec/mocks/with_similar_name_not_allowed.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MercadoPagoSDK', '~>1.0.0'
+
+end

data/spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLMyDependency', '1.0.0'
+
+end

data/spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLMyDependency', '2.0.0'
+
+end

data/spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'MLMyDependency', '~> 1.0'
+
+end

data/spec/source_validator_spec.rb

@@ -0,0 +1,95 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe SourceValidator do
+    describe 'functionality' do
+      it 'external dependency that is not on the whitelist should not be valid' do
+
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'https://cdn.cocoapods.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MyExternalPod', [spec_mock])
+
+        filtered.should.empty?
+
+      end
+
+      it 'external dependency that is on the whitelist should be valid' do
+
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'https://cdn.cocoapods.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('RxSwift', [spec_mock])
+
+        filtered.size.should.equal 1
+
+      end
+
+      it 'internal dependency that comes from private source should be valid' do
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'git@github.com:mercadolibre/mobile-ios_specs.git')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MLMyPod', [spec_mock])
+
+        filtered.size.should.equal 1
+
+      end
+
+      it 'internal dependency that comes from unknown source should not be valid' do
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => 'https://cdn.malicious.source.org/')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns(nil?)
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MLOnDemandResources', [spec_mock])
+
+        filtered.should.empty?
+      end
+
+      it 'development pods should be valid' do
+        sources = { 
+            "public" => "https://cdn.cocoapods.org/", 
+            "private" => "git@github.com:mercadolibre/mobile-ios_specs.git" 
+        }
+
+        stub_url = stub(:url => '')
+        spec_mock = mock()
+        spec_mock.stubs(:spec_source).returns(stub_url)
+        spec_mock.stubs(:defined_in_file).returns('./Users/Pods/Local Podspecs/MLMyDevelopmentPod.podspec')
+        
+        validator = SourceValidator.new(sources)
+        filtered = validator.filter_dependency('MLMyDevelopmentPod', [spec_mock])
+
+        filtered.size.should.equal 1
+      end
+    end
+end

data/spec/spec_helper.rb

@@ -10,7 +10,7 @@ require 'pretty_bacon'
 require 'pathname'
 require 'cocoapods'
 
-Mocha::Configuration.prevent(:stubbing_non_existent_method)
+Mocha.configure { |c| c.stubbing_non_existent_method = :prevent }
 
 require 'cocoapods_plugin'
 

data/spec/whitelist_resolver_spec.rb

@@ -0,0 +1,22 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe WhitelistResolver do
+    describe 'functionality' do
+        it 'whitelist should be loaded from an specific url' do
+            whitelist = WhitelistResolver.instance.get_whitelist(WHITELIST_FILE)
+            whitelist.size.should.equal 6
+        end
+        
+        it 'if not URL is specified, whitelist comes from default URL' do
+            whitelist = WhitelistResolver.instance.get_whitelist
+            whitelist.should.not.empty?
+        end
+
+        it 'whitelist should not be loaded twice' do
+            WhitelistResolver.instance.get_whitelist(WHITELIST_FILE)
+            loaded = WhitelistResolver.instance.whitelist_loaded
+
+            loaded.should.be.true    
+        end
+    end
+end

data/spec/whitelist_spec.rb

@@ -8,21 +8,15 @@ module Pod
       it 'registers itself' do
         Command.parse(%w{ whitelist }).should.be.instance_of Command::Whitelist
       end
-
-      it 'parse whitelist json' do
-        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}"])
-        dependencies = command.get_whitelist
-        dependencies.size.should.equal 2
-      end
     end
 
     describe 'validations' do
-      it 'dependency without version should be valid' do
+      it 'dependency without version should not be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
         specification = Pod::Specification.from_file('./spec/mocks/without_version.podspec')
         command.expects(:get_podspec_specifications).returns([specification])
-        lambda { command.run }.should.not.raise
+        lambda { command.run }.should.raise Informative
       end
 
       it 'dependency with major version fixed should be valid' do
@@ -33,23 +27,53 @@ module Pod
         lambda { command.run }.should.not.raise
       end
 
+      # it 'dependency with incorrect name should not be valid' do
+      #   # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('Meli', '~>5.0')
+      #   command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+      #   specification = Pod::Specification.from_file('./spec/mocks/bad_name.podspec')
+      #   command.expects(:get_podspec_specifications).returns([specification])
+      #   lambda { command.run }.should.raise Informative
+      # end
+
       it 'not allowed dependency should not be valid' do
-        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
         specification = Pod::Specification.from_file('./spec/mocks/not_allowed.podspec')
         command.expects(:get_podspec_specifications).returns([specification])
         lambda { command.run }.should.raise Informative
       end
 
-      it 'dependency with not allowed version should not be valid' do
-        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
+      it 'not allowed similar dependency should not be valid' do
+        # Whitelist: ('MercadoPagoSDKV4', '~>5.*') | Podspec: ('MercadoPagoSDK')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_similar_name_not_allowed.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
+      it 'dependency with not allowed version should be valid' do
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
         specification = Pod::Specification.from_file('./spec/mocks/with_fixed_version.podspec')
         command.expects(:get_podspec_specifications).returns([specification])
         lambda { command.run }.should.raise Informative
       end
 
-      it 'dependency with two versions rquieremnt should not be valid' do
+      it 'expired dependency should not be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_expired_dependencies.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
+      it 'not yet expired dependency should be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_not_yet_expired_dependencies.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise Informative
+      end
+
+      it 'dependency with two versions requierement should not be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
         specification = Pod::Specification.from_file('./spec/mocks/with_two_requirement.podspec')
@@ -57,6 +81,14 @@ module Pod
         lambda { command.run }.should.raise Informative
       end
 
+      it 'dependency with two versions requierement should not be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_more_than_one_version_in_subspec.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'dependency not allowed in subspec should not be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
@@ -65,6 +97,22 @@ module Pod
         lambda { command.run }.should.raise Informative
       end
 
+      it 'subspec dependency allowed in the whitelist should be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK/Error')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_allowed_subspec.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise
+      end
+
+      it 'subspec dependency not allowed in the whitelist should not be valid' do
+        # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('MyMeliSDK/Error')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_not_allowed_subspec.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'podspec without dependencies should be valid' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
@@ -89,6 +137,30 @@ module Pod
         lambda { command.run }.should.not.raise
       end
 
+      it 'fixed mayor dependency in whitelist and podspec should not fail on first option' do
+        # Whitelist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency',  '1.0.0')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise
+      end
+
+      it 'fixed mayor dependency in whitelist and podspec should not fail on second option' do
+        # Whitelist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency',  '2.0.0')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise
+      end
+
+      it 'fixed mayor dependency in whitelist but not in podspec should fail' do
+        # Whitelist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency',  '~> 1.0')
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
       it 'not allowed dependency should not raise exception if --fail-on-error is not present' do
         # Whitelist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--podspec=./spec/mocks/not_allowed.podspec"])
@@ -99,7 +171,6 @@ module Pod
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}"])
         lambda { command.run }.should.not.raise
       end
-
     end
   end
 end

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: cocoapods-whitelist
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.1.0
 platform: ruby
 authors:
 - Mobile Team
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-05 00:00:00.000000000 Z
+date: 2021-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '12.0'
 description: A short description of cocoapods-whitelist.
@@ -45,7 +45,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".circleci/config.yml"
+- ".gitignore"
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -54,56 +55,89 @@ files:
 - Rakefile
 - cocoapods-whitelist.gemspec
 - lib/cocoapods-whitelist.rb
+- lib/cocoapods-whitelist/client/whitelist_resolver.rb
 - lib/cocoapods-whitelist/command.rb
 - lib/cocoapods-whitelist/command/whitelist.rb
 - lib/cocoapods-whitelist/gem_version.rb
+- lib/cocoapods-whitelist/hook.rb
+- lib/cocoapods-whitelist/hook/resolver.rb
+- lib/cocoapods-whitelist/model/allowed_dependency.rb
+- lib/cocoapods-whitelist/model/sources.rb
+- lib/cocoapods-whitelist/validator/source_validator.rb
 - lib/cocoapods_plugin.rb
+- spec/mocks/bad_name.podspec
 - spec/mocks/free_version.podspec
 - spec/mocks/major_version_fixed.podspec
 - spec/mocks/not_allowed.podspec
 - spec/mocks/whitelist.json
+- spec/mocks/whitelist_with_expired_dependencies.json
+- spec/mocks/whitelisted_podname.podspec
 - spec/mocks/with_allowed_in_subspec.podspec
+- spec/mocks/with_allowed_subspec.podspec
+- spec/mocks/with_expired_dependencies.podspec
 - spec/mocks/with_fixed_version.podspec
+- spec/mocks/with_more_than_one_version_in_subspec.podspec
 - spec/mocks/with_not_allowed_in_subspec.podspec
+- spec/mocks/with_not_allowed_subspec.podspec
+- spec/mocks/with_not_yet_expired_dependencies.podspec
+- spec/mocks/with_similar_name_not_allowed.podspec
 - spec/mocks/with_two_requirement.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
 - spec/mocks/without_dependencies.podspec
 - spec/mocks/without_version.podspec
+- spec/source_validator_spec.rb
 - spec/spec_helper.rb
+- spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb
 homepage: https://github.com/mercadolibre/mobile-cocoapods_whitelist
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.10
-signing_key: 
+rubygems_version: 3.0.9
+signing_key:
 specification_version: 4
 summary: A longer description of cocoapods-whitelist.
 test_files:
+- spec/mocks/bad_name.podspec
 - spec/mocks/free_version.podspec
 - spec/mocks/major_version_fixed.podspec
 - spec/mocks/not_allowed.podspec
 - spec/mocks/whitelist.json
+- spec/mocks/whitelist_with_expired_dependencies.json
+- spec/mocks/whitelisted_podname.podspec
 - spec/mocks/with_allowed_in_subspec.podspec
+- spec/mocks/with_allowed_subspec.podspec
+- spec/mocks/with_expired_dependencies.podspec
 - spec/mocks/with_fixed_version.podspec
+- spec/mocks/with_more_than_one_version_in_subspec.podspec
 - spec/mocks/with_not_allowed_in_subspec.podspec
+- spec/mocks/with_not_allowed_subspec.podspec
+- spec/mocks/with_not_yet_expired_dependencies.podspec
+- spec/mocks/with_similar_name_not_allowed.podspec
 - spec/mocks/with_two_requirement.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec
+- spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
 - spec/mocks/without_dependencies.podspec
 - spec/mocks/without_version.podspec
+- spec/source_validator_spec.rb
 - spec/spec_helper.rb
+- spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb