cocoapods-whitelist 0.5.5 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +1 -1
- data/.pre-commit-config.yaml +1 -7
- data/CHANGELOG.md +6 -2
- data/Gemfile +1 -1
- data/Gemfile.lock +63 -29
- data/README.md +8 -8
- data/cocoapods-whitelist.gemspec +4 -4
- data/lib/cocoapods-allowlist/client/allowlist_resolver.rb +84 -0
- data/lib/{cocoapods-whitelist/command/whitelist.rb → cocoapods-allowlist/command/allowlist.rb} +32 -19
- data/lib/cocoapods-allowlist/command.rb +1 -0
- data/lib/cocoapods-allowlist/gem_version.rb +3 -0
- data/lib/cocoapods-allowlist/helpers/config_url.rb +4 -0
- data/lib/cocoapods-allowlist/helpers/git.rb +16 -0
- data/lib/cocoapods-allowlist/hook.rb +1 -0
- data/lib/{cocoapods-whitelist → cocoapods-allowlist}/model/allowed_dependency.rb +11 -7
- data/lib/cocoapods-allowlist/utils/command.rb +10 -0
- data/lib/cocoapods-allowlist.rb +1 -0
- data/lib/cocoapods_plugin.rb +4 -4
- data/spec/allowlist_resolver_spec.rb +24 -0
- data/spec/{whitelist_spec.rb → allowlist_spec.rb} +59 -59
- data/spec/mocks/{whitelist.json → allowlist.json} +3 -3
- data/spec/mocks/{whitelist_with_expired_dependencies.json → allowlist_with_expired_dependencies.json} +4 -4
- metadata +36 -33
- data/lib/cocoapods-whitelist/client/whitelist_resolver.rb +0 -54
- data/lib/cocoapods-whitelist/command.rb +0 -1
- data/lib/cocoapods-whitelist/gem_version.rb +0 -3
- data/lib/cocoapods-whitelist/hook.rb +0 -1
- data/lib/cocoapods-whitelist.rb +0 -1
- data/spec/whitelist_resolver_spec.rb +0 -24
- /data/lib/{cocoapods-whitelist → cocoapods-allowlist}/exclude/excluded.json +0 -0
- /data/lib/{cocoapods-whitelist → cocoapods-allowlist}/helpers/source_helper.rb +0 -0
- /data/lib/{cocoapods-whitelist → cocoapods-allowlist}/hook/resolver.rb +0 -0
- /data/lib/{cocoapods-whitelist → cocoapods-allowlist}/model/sources.rb +0 -0
- /data/lib/{cocoapods-whitelist → cocoapods-allowlist}/model/validation_excluded.rb +0 -0
- /data/lib/{cocoapods-whitelist → cocoapods-allowlist}/validator/source_validator.rb +0 -0
- /data/spec/mocks/{whitelisted_podname.podspec → allowlisted_podname.podspec} +0 -0
- /data/spec/mocks/{with_whitelisted_dependency_fixed_versions_v1.podspec → with_allowlisted_dependency_fixed_versions_v1.podspec} +0 -0
- /data/spec/mocks/{with_whitelisted_dependency_fixed_versions_v2.podspec → with_allowlisted_dependency_fixed_versions_v2.podspec} +0 -0
- /data/spec/mocks/{with_whitelisted_dependency_fixed_versions_variable.podspec → with_allowlisted_dependency_fixed_versions_variable.podspec} +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d685e7d3ecfd6024fdbb0b9577d62d53d280e7f346e14d48dc88e34a0e9784f
|
4
|
+
data.tar.gz: 7dbfabce7783d4ca5272b62247201cda5dcda61c507e8994496fc60d11e764e4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 254bbf0617736c0c8887f24a295d5fb17a8582be275d5d1bd70d1632ad4e8d1f96b04993b01fa49170fd054be1073c89a53cd0f39ece5dfa9c59e28379efdc66
|
7
|
+
data.tar.gz: f17cfb337c52ec7fb52daf2b6b212725bdffff2ebb07d7ce80d656941485a5c2303328f39fa977500b7fa5592579329c0cc21497ad5e345c521eb6befbb4e6e2
|
data/.circleci/config.yml
CHANGED
@@ -21,7 +21,7 @@ jobs:
|
|
21
21
|
name: Run Build
|
22
22
|
command: |
|
23
23
|
bundle install --quiet --without static-dependencies
|
24
|
-
gem build cocoapods-
|
24
|
+
gem build cocoapods-allowlist.gemspec --silent -q --backtrace
|
25
25
|
gem install *.gem --silent -q --backtrace
|
26
26
|
rm -rf *.gem
|
27
27
|
rm -rf Gemfile.lock
|
data/.pre-commit-config.yaml
CHANGED
@@ -6,10 +6,4 @@ repos:
|
|
6
6
|
- id: pre_commit_hook
|
7
7
|
stages: [commit]
|
8
8
|
- id: post_commit_hook
|
9
|
-
stages: [post-commit]
|
10
|
-
- repo: https://github.com/melisource/fury_datasec-git-hooks
|
11
|
-
rev: 1.0.3
|
12
|
-
hooks:
|
13
|
-
- id: pre_commit_hook
|
14
|
-
stages: [commit]
|
15
|
-
verbose: true
|
9
|
+
stages: [post-commit]
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## 0.6.0
|
2
|
+
### Added
|
3
|
+
- Se agrega soporte para allowlist en melisource
|
4
|
+
|
1
5
|
## 0.5.5
|
2
6
|
### Fixed
|
3
7
|
- Update private source spec repo URL to prioritize private sources over public sources in order to address potential Dependency Confusion vulnerability.
|
@@ -12,7 +16,7 @@
|
|
12
16
|
|
13
17
|
## 0.4.0
|
14
18
|
### Changed
|
15
|
-
- Add "allows_granular_projects" flag to
|
19
|
+
- Add "allows_granular_projects" flag to allowlist for support the projects specified
|
16
20
|
|
17
21
|
## 0.2.1
|
18
22
|
### Changed
|
@@ -20,7 +24,7 @@
|
|
20
24
|
|
21
25
|
## 0.2.0
|
22
26
|
### Changed
|
23
|
-
- Avoid using
|
27
|
+
- Avoid using allowlist to validate dependencies source
|
24
28
|
|
25
29
|
## 0.1.0
|
26
30
|
- Dependency Confusion validation implementation
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,33 +1,44 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cocoapods-whitelist (0.
|
4
|
+
cocoapods-whitelist (0.6.0)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
8
8
|
specs:
|
9
|
-
CFPropertyList (3.0.
|
9
|
+
CFPropertyList (3.0.7)
|
10
|
+
base64
|
11
|
+
nkf
|
10
12
|
rexml
|
11
|
-
activesupport (
|
12
|
-
|
13
|
+
activesupport (7.2.2)
|
14
|
+
base64
|
15
|
+
benchmark (>= 0.3)
|
16
|
+
bigdecimal
|
17
|
+
concurrent-ruby (~> 1.0, >= 1.3.1)
|
18
|
+
connection_pool (>= 2.2.5)
|
19
|
+
drb
|
13
20
|
i18n (>= 1.6, < 2)
|
21
|
+
logger (>= 1.4.2)
|
14
22
|
minitest (>= 5.1)
|
15
|
-
|
16
|
-
|
17
|
-
addressable (2.8.
|
18
|
-
public_suffix (>= 2.0.2, <
|
23
|
+
securerandom (>= 0.3)
|
24
|
+
tzinfo (~> 2.0, >= 2.0.5)
|
25
|
+
addressable (2.8.7)
|
26
|
+
public_suffix (>= 2.0.2, < 7.0)
|
19
27
|
algoliasearch (1.27.5)
|
20
28
|
httpclient (~> 2.8, >= 2.8.3)
|
21
29
|
json (>= 1.5.1)
|
22
30
|
atomos (0.1.3)
|
23
31
|
bacon (1.2.0)
|
32
|
+
base64 (0.2.0)
|
33
|
+
benchmark (0.4.0)
|
34
|
+
bigdecimal (3.1.8)
|
24
35
|
claide (1.1.0)
|
25
|
-
cocoapods (1.
|
36
|
+
cocoapods (1.16.2)
|
26
37
|
addressable (~> 2.8)
|
27
38
|
claide (>= 1.0.2, < 2.0)
|
28
|
-
cocoapods-core (= 1.
|
39
|
+
cocoapods-core (= 1.16.2)
|
29
40
|
cocoapods-deintegrate (>= 1.0.3, < 2.0)
|
30
|
-
cocoapods-downloader (>= 1
|
41
|
+
cocoapods-downloader (>= 2.1, < 3.0)
|
31
42
|
cocoapods-plugins (>= 1.0.0, < 2.0)
|
32
43
|
cocoapods-search (>= 1.0.0, < 2.0)
|
33
44
|
cocoapods-trunk (>= 1.6.0, < 2.0)
|
@@ -39,8 +50,8 @@ GEM
|
|
39
50
|
molinillo (~> 0.8.0)
|
40
51
|
nap (~> 1.0)
|
41
52
|
ruby-macho (>= 2.3.0, < 3.0)
|
42
|
-
xcodeproj (>= 1.
|
43
|
-
cocoapods-core (1.
|
53
|
+
xcodeproj (>= 1.27.0, < 2.0)
|
54
|
+
cocoapods-core (1.16.2)
|
44
55
|
activesupport (>= 5.0, < 8)
|
45
56
|
addressable (~> 2.8)
|
46
57
|
algoliasearch (~> 1.0)
|
@@ -51,7 +62,7 @@ GEM
|
|
51
62
|
public_suffix (~> 4.0)
|
52
63
|
typhoeus (~> 1.0)
|
53
64
|
cocoapods-deintegrate (1.0.5)
|
54
|
-
cocoapods-downloader (1
|
65
|
+
cocoapods-downloader (2.1)
|
55
66
|
cocoapods-plugins (1.0.0)
|
56
67
|
nap
|
57
68
|
cocoapods-search (1.0.1)
|
@@ -60,50 +71,73 @@ GEM
|
|
60
71
|
netrc (~> 0.11)
|
61
72
|
cocoapods-try (1.2.0)
|
62
73
|
colored2 (3.1.2)
|
63
|
-
concurrent-ruby (1.
|
74
|
+
concurrent-ruby (1.3.4)
|
75
|
+
connection_pool (2.4.1)
|
76
|
+
drb (2.2.1)
|
64
77
|
escape (0.0.4)
|
65
78
|
ethon (0.16.0)
|
66
79
|
ffi (>= 1.15.0)
|
67
|
-
ffi (1.
|
80
|
+
ffi (1.17.0)
|
81
|
+
ffi (1.17.0-aarch64-linux-gnu)
|
82
|
+
ffi (1.17.0-aarch64-linux-musl)
|
83
|
+
ffi (1.17.0-arm-linux-gnu)
|
84
|
+
ffi (1.17.0-arm-linux-musl)
|
85
|
+
ffi (1.17.0-arm64-darwin)
|
86
|
+
ffi (1.17.0-x86-linux-gnu)
|
87
|
+
ffi (1.17.0-x86-linux-musl)
|
88
|
+
ffi (1.17.0-x86_64-darwin)
|
89
|
+
ffi (1.17.0-x86_64-linux-gnu)
|
90
|
+
ffi (1.17.0-x86_64-linux-musl)
|
68
91
|
fourflusher (2.3.1)
|
69
92
|
fuzzy_match (2.0.4)
|
70
93
|
gh_inspector (1.1.3)
|
71
94
|
httpclient (2.8.3)
|
72
|
-
i18n (1.14.
|
95
|
+
i18n (1.14.6)
|
73
96
|
concurrent-ruby (~> 1.0)
|
74
|
-
json (2.
|
75
|
-
|
76
|
-
|
97
|
+
json (2.8.2)
|
98
|
+
logger (1.6.1)
|
99
|
+
minitest (5.25.2)
|
100
|
+
mocha (2.6.1)
|
77
101
|
ruby2_keywords (>= 0.0.5)
|
78
102
|
mocha-on-bacon (0.2.3)
|
79
103
|
mocha (>= 0.13.0)
|
80
104
|
molinillo (0.8.0)
|
81
|
-
nanaimo (0.
|
105
|
+
nanaimo (0.4.0)
|
82
106
|
nap (1.1.0)
|
83
107
|
netrc (0.11.0)
|
108
|
+
nkf (0.2.0)
|
84
109
|
prettybacon (0.0.2)
|
85
110
|
bacon (~> 1.2)
|
86
111
|
public_suffix (4.0.7)
|
87
112
|
rake (12.3.3)
|
88
|
-
rexml (3.
|
113
|
+
rexml (3.3.9)
|
89
114
|
ruby-macho (2.5.1)
|
90
115
|
ruby2_keywords (0.0.5)
|
91
|
-
|
116
|
+
securerandom (0.3.2)
|
117
|
+
typhoeus (1.4.1)
|
92
118
|
ethon (>= 0.9.0)
|
93
119
|
tzinfo (2.0.6)
|
94
120
|
concurrent-ruby (~> 1.0)
|
95
|
-
xcodeproj (1.
|
121
|
+
xcodeproj (1.27.0)
|
96
122
|
CFPropertyList (>= 2.3.3, < 4.0)
|
97
123
|
atomos (~> 0.1.3)
|
98
124
|
claide (>= 1.0.2, < 2.0)
|
99
125
|
colored2 (~> 3.1)
|
100
|
-
nanaimo (~> 0.
|
101
|
-
rexml (
|
102
|
-
zeitwerk (2.6.12)
|
126
|
+
nanaimo (~> 0.4.0)
|
127
|
+
rexml (>= 3.3.6, < 4.0)
|
103
128
|
|
104
129
|
PLATFORMS
|
130
|
+
aarch64-linux-gnu
|
131
|
+
aarch64-linux-musl
|
132
|
+
arm-linux-gnu
|
133
|
+
arm-linux-musl
|
134
|
+
arm64-darwin
|
105
135
|
ruby
|
106
|
-
|
136
|
+
x86-linux-gnu
|
137
|
+
x86-linux-musl
|
138
|
+
x86_64-darwin
|
139
|
+
x86_64-linux-gnu
|
140
|
+
x86_64-linux-musl
|
107
141
|
|
108
142
|
DEPENDENCIES
|
109
143
|
bacon
|
@@ -117,4 +151,4 @@ DEPENDENCIES
|
|
117
151
|
rake (~> 12.0)
|
118
152
|
|
119
153
|
BUNDLED WITH
|
120
|
-
2.
|
154
|
+
2.5.21
|
data/README.md
CHANGED
@@ -1,26 +1,26 @@
|
|
1
|
-
# cocoapods-
|
1
|
+
# cocoapods-allowlist
|
2
2
|
|
3
|
-
Validate Podspec's dependencies against a
|
3
|
+
Validate Podspec's dependencies against a allowlist of pods.
|
4
4
|
|
5
5
|
## Installation
|
6
6
|
|
7
|
-
$ gem install cocoapods-
|
7
|
+
$ gem install cocoapods-allowlist
|
8
8
|
|
9
9
|
## Usage
|
10
10
|
|
11
11
|
- As a command
|
12
12
|
```
|
13
|
-
$ pod
|
13
|
+
$ pod allowlist [--podspec=PODSPEC] [--config=ALLOWLIST_FILE_OR_URL] [--outfile=PATH] [--fail-on-error]
|
14
14
|
```
|
15
15
|
|
16
16
|
- As plugin, add into the Podfile of your tests app
|
17
17
|
```
|
18
|
-
plugin 'cocoapods-
|
18
|
+
plugin 'cocoapods-allowlist'
|
19
19
|
```
|
20
20
|
|
21
21
|
If not Podspec is passed by parameter, the command search into the current and parent directory.
|
22
22
|
|
23
|
-
You can specify a custom
|
23
|
+
You can specify a custom allowlist. By default use a allowlist hosted in [GitHub](https://github.com/melisource/fury_mobile-dependencies-allowlist/blob/master/ios-allowlist.json)
|
24
24
|
|
25
25
|
By default exit with status 0, unless you add the parameter `--fail-on-error`
|
26
26
|
|
@@ -38,9 +38,9 @@ rake
|
|
38
38
|
### Publish in RubyGems
|
39
39
|
1. Build
|
40
40
|
```
|
41
|
-
gem build cocoapods-
|
41
|
+
gem build cocoapods-allowlist.gemspec
|
42
42
|
```
|
43
43
|
2. Publish
|
44
44
|
```
|
45
|
-
gem push cocoapods-
|
45
|
+
gem push cocoapods-allowlist-{version}.gem
|
46
46
|
```
|
data/cocoapods-whitelist.gemspec
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
lib = File.expand_path('../lib', __FILE__)
|
3
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'cocoapods-
|
4
|
+
require 'cocoapods-allowlist/gem_version.rb'
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = 'cocoapods-whitelist'
|
8
|
-
spec.version =
|
8
|
+
spec.version = CocoapodsAllowlist::VERSION
|
9
9
|
spec.authors = ['Mobile Team']
|
10
10
|
spec.email = ['mobile@mercadolibre.com']
|
11
|
-
spec.description = %q{A short description of cocoapods-
|
12
|
-
spec.summary = %q{A longer description of cocoapods-
|
11
|
+
spec.description = %q{A short description of cocoapods-allowlist.}
|
12
|
+
spec.summary = %q{A longer description of cocoapods-allowlist.}
|
13
13
|
spec.homepage = 'https://github.com/melisource/mobile-cocoapods_whitelist'
|
14
14
|
spec.license = 'MIT'
|
15
15
|
|
@@ -0,0 +1,84 @@
|
|
1
|
+
|
2
|
+
require 'singleton'
|
3
|
+
require 'open-uri'
|
4
|
+
require 'json'
|
5
|
+
require 'fileutils'
|
6
|
+
require_relative '../helpers/git'
|
7
|
+
require_relative '../model/allowed_dependency'
|
8
|
+
require_relative '../helpers/config_url'
|
9
|
+
|
10
|
+
class AllowlistResolver
|
11
|
+
include Singleton
|
12
|
+
attr_accessor :allowlist
|
13
|
+
attr_accessor :allowlist_loaded
|
14
|
+
attr_accessor :allowlist_url
|
15
|
+
attr_accessor :allowlist_directory
|
16
|
+
attr_accessor :allowlist_branch
|
17
|
+
|
18
|
+
def config
|
19
|
+
@allowlist ||= []
|
20
|
+
end
|
21
|
+
|
22
|
+
def initialize()
|
23
|
+
@allowlist_url = ConfigURL::ALLOWLIST_SSH
|
24
|
+
@allowlist_directory = nil
|
25
|
+
@allowlist_branch = "master"
|
26
|
+
load_allowlist()
|
27
|
+
end
|
28
|
+
|
29
|
+
def get_allowlist(allowlist_url = ConfigURL::ALLOWLIST_SSH)
|
30
|
+
@allowlist_loaded = @allowlist_url == allowlist_url
|
31
|
+
@allowlist_url = allowlist_url
|
32
|
+
|
33
|
+
load_allowlist() unless @allowlist_loaded
|
34
|
+
return @allowlist
|
35
|
+
end
|
36
|
+
|
37
|
+
def load_allowlist
|
38
|
+
begin
|
39
|
+
create_temp_directory
|
40
|
+
GitHelper.clone_from_branch(@allowlist_url, @allowlist_directory, @allowlist_branch)
|
41
|
+
file_path = File.join(@allowlist_directory, "ios-allowlist.json")
|
42
|
+
|
43
|
+
if File.exist?(file_path)
|
44
|
+
file = File.read(file_path)
|
45
|
+
@allowlist = parse_allowlist(file)
|
46
|
+
@allowlist_loaded = true
|
47
|
+
else
|
48
|
+
raise "File not found: #{file_path}"
|
49
|
+
end
|
50
|
+
rescue OpenURI::HTTPError => e
|
51
|
+
status = e.io.status.join(' ')
|
52
|
+
raise "Failed to fetch allowlist from '#{@allowlist_url}'.\n Error: #{status}"
|
53
|
+
rescue => e
|
54
|
+
raise "Failed to load allowlist: #{e.message}"
|
55
|
+
ensure
|
56
|
+
cleanup
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def parse_allowlist(raw_allowlist)
|
61
|
+
json = JSON.parse(raw_allowlist)
|
62
|
+
return json["allowlist"].map { |dependencyJson|
|
63
|
+
AllowedDependency.new(
|
64
|
+
dependencyJson["name"],
|
65
|
+
dependencyJson["version"],
|
66
|
+
dependencyJson["expires"],
|
67
|
+
dependencyJson["source"],
|
68
|
+
dependencyJson["target"],
|
69
|
+
dependencyJson["allows_granular_projects"]
|
70
|
+
)
|
71
|
+
}
|
72
|
+
end
|
73
|
+
|
74
|
+
private
|
75
|
+
|
76
|
+
def create_temp_directory
|
77
|
+
@allowlist_directory ||= File.join(Dir.tmpdir, "allowlist")
|
78
|
+
FileUtils.mkdir_p(@allowlist_directory) unless File.exist?(@allowlist_directory)
|
79
|
+
end
|
80
|
+
|
81
|
+
def cleanup
|
82
|
+
FileUtils.rm_rf(@allowlist_directory) if @allowlist_directory && Dir.exist?(@allowlist_directory)
|
83
|
+
end
|
84
|
+
end
|
data/lib/{cocoapods-whitelist/command/whitelist.rb → cocoapods-allowlist/command/allowlist.rb}
RENAMED
@@ -1,16 +1,15 @@
|
|
1
1
|
require 'open-uri'
|
2
2
|
require 'json'
|
3
|
-
require_relative '../client/
|
3
|
+
require_relative '../client/allowlist_resolver'
|
4
4
|
require_relative '../model/validation_excluded'
|
5
|
-
|
6
|
-
DEFAULT_WHITELIST_URL = "https://raw.githubusercontent.com/mercadolibre/mobile-dependencies_whitelist/master/ios-whitelist.json"
|
5
|
+
require_relative '../helpers/config_url'
|
7
6
|
|
8
7
|
module Pod
|
9
8
|
class Command
|
10
|
-
class
|
11
|
-
self.summary = "Validate Podspec's dependencies against a
|
9
|
+
class Allowlist < Command
|
10
|
+
self.summary = "Validate Podspec's dependencies against a allowlist of pods."
|
12
11
|
self.description = <<-DESC
|
13
|
-
Validate Podspec's dependencies against a
|
12
|
+
Validate Podspec's dependencies against a allowlist of pods.
|
14
13
|
DESC
|
15
14
|
|
16
15
|
self.arguments = [ CLAide::Argument.new('config', false),
|
@@ -27,7 +26,7 @@ module Pod
|
|
27
26
|
end
|
28
27
|
|
29
28
|
def initialize(argv)
|
30
|
-
@
|
29
|
+
@allowlist_url = argv ? argv.option('config', ConfigURL::ALLOWLIST_SSH) : ConfigURL::ALLOWLIST_SSH
|
31
30
|
@pospec_path = argv ? argv.option('podspec') : nil
|
32
31
|
@fail_on_error = argv ? argv.flag?('fail-on-error') : false
|
33
32
|
@outfile = argv ? argv.option('outfile') : nil
|
@@ -36,12 +35,12 @@ module Pod
|
|
36
35
|
end
|
37
36
|
|
38
37
|
def validate!
|
39
|
-
help! "A
|
38
|
+
help! "A allowlist file or URL is needed." unless @allowlist_url
|
40
39
|
end
|
41
40
|
|
42
41
|
def run
|
43
42
|
prepare_outfile
|
44
|
-
|
43
|
+
allowlist = AllowlistResolver.instance.get_allowlist(@allowlist_url)
|
45
44
|
load_excluded()
|
46
45
|
specifications = get_podspec_specifications
|
47
46
|
|
@@ -53,7 +52,7 @@ module Pod
|
|
53
52
|
specifications.map do |specification|
|
54
53
|
unless @excluded_list.one? {|excluded| excluded.name == specification.name }
|
55
54
|
Pod::UI.notice "#{specification.name} validating"
|
56
|
-
validate_dependencies(JSON.parse(specification.to_json),
|
55
|
+
validate_dependencies(JSON.parse(specification.to_json), allowlist)
|
57
56
|
end
|
58
57
|
end
|
59
58
|
|
@@ -62,20 +61,21 @@ module Pod
|
|
62
61
|
|
63
62
|
def show_result_message
|
64
63
|
return unless @failure
|
65
|
-
message = "Please check your dependencies.\nYou can see the allowed dependencies at #{
|
64
|
+
message = "Please check your dependencies.\nYou can see the allowed dependencies at #{ConfigURL::ALLOWLIST_URL}"
|
66
65
|
show_error_message(message)
|
67
66
|
if @fail_on_error
|
68
67
|
raise Informative.new()
|
69
68
|
end
|
70
69
|
end
|
71
70
|
|
72
|
-
# Checks the dependencies the project contains are in the
|
73
|
-
def validate_dependencies(podspec,
|
71
|
+
# Checks the dependencies the project contains are in the allowlist
|
72
|
+
def validate_dependencies(podspec, allowlist, parentName = nil)
|
74
73
|
pod_name = parentName ? "#{parentName}/#{podspec['name']}" : podspec['name']
|
75
74
|
UI.puts "Verifying dependencies in #{pod_name}".green
|
76
75
|
|
77
76
|
dependencies = podspec["dependencies"] ? podspec["dependencies"] : []
|
78
77
|
not_allowed = []
|
78
|
+
alert_allowed = []
|
79
79
|
|
80
80
|
dependencies.each do |name, versions|
|
81
81
|
# Skip subspec dependency
|
@@ -83,11 +83,11 @@ module Pod
|
|
83
83
|
|
84
84
|
if versions.length != 1
|
85
85
|
not_allowed.push("#{name} (#{versions.join(", ")}) Reason: A specific version must be defined for every dependency (just one). " +
|
86
|
-
"Suggestion: find this dependency in your Podspec and add the version listed in the
|
86
|
+
"Suggestion: find this dependency in your Podspec and add the version listed in the allowlist.")
|
87
87
|
next
|
88
88
|
end
|
89
89
|
|
90
|
-
allowedDependency =
|
90
|
+
allowedDependency = allowlist.select { |item|
|
91
91
|
(/^#{item.name}/ =~ name) && (!item.version || versions.grep(/#{item.version}/).any?) && (item.target == 'production')
|
92
92
|
}
|
93
93
|
|
@@ -106,14 +106,19 @@ module Pod
|
|
106
106
|
end
|
107
107
|
|
108
108
|
# Checks if any of the allowed dependencies are expired, if so, fail with error
|
109
|
-
if dependency.
|
110
|
-
not_allowed.push("#{name} Reason: Expired version. Please check the
|
109
|
+
if dependency.expired?
|
110
|
+
not_allowed.push("#{name} Reason: Expired version. Please check the allowlist.")
|
111
|
+
end
|
112
|
+
|
113
|
+
# Check if any of the allowed dependencies are close to expiring, if so, fail with error
|
114
|
+
if dependency.expiring?
|
115
|
+
alert_allowed.push("#{name} Reason: Version will expire in #{dependency.expires}. Please check your dependencies.")
|
111
116
|
end
|
112
117
|
|
113
118
|
}
|
114
119
|
|
115
120
|
if allowedDependency.empty?
|
116
|
-
not_allowed.push("#{name} (#{versions.join(", ")}) Reason: Specified version hasn't match any
|
121
|
+
not_allowed.push("#{name} (#{versions.join(", ")}) Reason: Specified version hasn't match any allowlisted version or Pod name is not valid")
|
117
122
|
next
|
118
123
|
end
|
119
124
|
end
|
@@ -127,10 +132,18 @@ module Pod
|
|
127
132
|
UI.puts " OK".green
|
128
133
|
end
|
129
134
|
|
135
|
+
|
136
|
+
if alert_allowed.any?
|
137
|
+
show_error_message(" Warning: Found dependencies allowed that contain warnings:")
|
138
|
+
alert_allowed.each {|dependency| show_error_message(" - #{dependency}")}
|
139
|
+
else
|
140
|
+
UI.puts " OK".green
|
141
|
+
end
|
142
|
+
|
130
143
|
# Validate subspecs dependencies
|
131
144
|
if podspec["subspecs"]
|
132
145
|
podspec["subspecs"].each do |subspec|
|
133
|
-
validate_dependencies(subspec,
|
146
|
+
validate_dependencies(subspec, allowlist, pod_name)
|
134
147
|
end
|
135
148
|
end
|
136
149
|
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'cocoapods-allowlist/command/allowlist'
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require_relative '../utils/command'
|
2
|
+
|
3
|
+
# For execute git commands
|
4
|
+
class GitHelper
|
5
|
+
# Download from a specific branch
|
6
|
+
def self.clone_from_branch(url, destination, branch)
|
7
|
+
Command.execute("git clone --quiet --depth 1 -b #{branch} --single-branch #{url} #{destination}")
|
8
|
+
end
|
9
|
+
|
10
|
+
# Get the latest commit hash
|
11
|
+
def self.get_latest_commit(directory)
|
12
|
+
Dir.chdir(directory) do
|
13
|
+
Command.execute("git rev-parse HEAD").strip
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'cocoapods-allowlist/hook/resolver'
|
@@ -1,25 +1,29 @@
|
|
1
1
|
class AllowedDependency
|
2
2
|
attr_accessor :name
|
3
3
|
attr_accessor :version
|
4
|
-
attr_accessor :
|
4
|
+
attr_accessor :expires
|
5
5
|
attr_accessor :source
|
6
6
|
attr_accessor :target
|
7
7
|
attr_accessor :allows_granular_projects
|
8
8
|
|
9
|
-
def initialize(name, version,
|
9
|
+
def initialize(name, version, expires, source, target, allows_granular_projects)
|
10
10
|
@name = name
|
11
11
|
@version = version
|
12
|
-
@
|
12
|
+
@expires = expires
|
13
13
|
@source = source
|
14
14
|
@target = target
|
15
15
|
@allows_granular_projects = allows_granular_projects
|
16
16
|
end
|
17
17
|
|
18
|
-
def
|
19
|
-
if @
|
20
|
-
|
21
|
-
return
|
18
|
+
def expired?
|
19
|
+
if @expires != nil
|
20
|
+
expires = DateTime.parse(@expires,"%Y-%m-%d")
|
21
|
+
return expires < DateTime.now
|
22
22
|
end
|
23
23
|
return false
|
24
24
|
end
|
25
|
+
|
26
|
+
def expiring?
|
27
|
+
return @expires != nil
|
28
|
+
end
|
25
29
|
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'cocoapods-allowlist/gem_version'
|
data/lib/cocoapods_plugin.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
-
require 'cocoapods-
|
2
|
-
require 'cocoapods-
|
1
|
+
require 'cocoapods-allowlist/command'
|
2
|
+
require 'cocoapods-allowlist/hook'
|
3
3
|
|
4
|
-
module
|
4
|
+
module Allowlist
|
5
5
|
Pod::HooksManager.register('cocoapods-whitelist', :pre_install) do |context, options|
|
6
6
|
argv = CLAide::ARGV.new(options)
|
7
|
-
Pod::Command::
|
7
|
+
Pod::Command::Allowlist.new(argv).run
|
8
8
|
end
|
9
9
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require File.expand_path('../spec_helper', __FILE__)
|
2
|
+
|
3
|
+
ALLOWLIST_PATH = './spec/mocks/allowlist.json'
|
4
|
+
|
5
|
+
describe AllowlistResolver do
|
6
|
+
describe 'functionality' do
|
7
|
+
it 'allowlist should be loaded from an specific url' do
|
8
|
+
allowlist = AllowlistResolver.instance.get_allowlist(ALLOWLIST_PATH)
|
9
|
+
allowlist.size.should.equal 11
|
10
|
+
end
|
11
|
+
|
12
|
+
it 'if not URL is specified, allowlist comes from default URL' do
|
13
|
+
allowlist = AllowlistResolver.instance.get_allowlist
|
14
|
+
allowlist.should.not.empty?
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'allowlist should not be loaded twice' do
|
18
|
+
AllowlistResolver.instance.get_allowlist(ALLOWLIST_PATH)
|
19
|
+
loaded = AllowlistResolver.instance.allowlist_loaded
|
20
|
+
|
21
|
+
loaded.should.be.true
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -1,209 +1,209 @@
|
|
1
1
|
require File.expand_path('../spec_helper', __FILE__)
|
2
2
|
|
3
|
-
|
3
|
+
ALLOWLIST_FILE = './spec/mocks/allowlist.json'
|
4
4
|
|
5
5
|
module Pod
|
6
|
-
describe Command::
|
6
|
+
describe Command::Allowlist do
|
7
7
|
describe 'general' do
|
8
8
|
it 'registers itself' do
|
9
|
-
Command.parse(%w{
|
9
|
+
Command.parse(%w{ allowlist }).should.be.instance_of Command::Allowlist
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
13
13
|
describe 'validations' do
|
14
14
|
it 'dependency without version should not be valid' do
|
15
|
-
#
|
16
|
-
command = Command.parse(['
|
15
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK')
|
16
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
17
17
|
specification = Pod::Specification.from_file('./spec/mocks/without_version.podspec')
|
18
18
|
command.expects(:get_podspec_specifications).returns([specification])
|
19
19
|
lambda { command.run }.should.raise Informative
|
20
20
|
end
|
21
21
|
|
22
22
|
it 'dependency with major version fixed should be valid' do
|
23
|
-
#
|
24
|
-
command = Command.parse(['
|
23
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK', '~>5.0')
|
24
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
25
25
|
specification = Pod::Specification.from_file('./spec/mocks/major_version_fixed.podspec')
|
26
26
|
command.expects(:get_podspec_specifications).returns([specification])
|
27
27
|
lambda { command.run }.should.not.raise
|
28
28
|
end
|
29
29
|
|
30
30
|
it 'dependency with incorrect name should not be valid' do
|
31
|
-
#
|
32
|
-
command = Command.parse(['
|
31
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('Meli', '~>5.0')
|
32
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
33
33
|
specification = Pod::Specification.from_file('./spec/mocks/bad_name.podspec')
|
34
34
|
command.expects(:get_podspec_specifications).returns([specification])
|
35
35
|
lambda { command.run }.should.raise Informative
|
36
36
|
end
|
37
37
|
|
38
38
|
it 'not allowed dependency should not be valid' do
|
39
|
-
command = Command.parse(['
|
39
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
40
40
|
specification = Pod::Specification.from_file('./spec/mocks/not_allowed.podspec')
|
41
41
|
command.expects(:get_podspec_specifications).returns([specification])
|
42
42
|
lambda { command.run }.should.raise Informative
|
43
43
|
end
|
44
44
|
|
45
45
|
it 'not allowed similar dependency should not be valid' do
|
46
|
-
#
|
47
|
-
command = Command.parse(['
|
46
|
+
# Allowlist: ('MercadoPagoSDKV4', '~>5.*') | Podspec: ('MercadoPagoSDK')
|
47
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
48
48
|
specification = Pod::Specification.from_file('./spec/mocks/with_similar_name_not_allowed.podspec')
|
49
49
|
command.expects(:get_podspec_specifications).returns([specification])
|
50
50
|
lambda { command.run }.should.raise Informative
|
51
51
|
end
|
52
52
|
|
53
53
|
it 'dependency with not allowed version should be valid' do
|
54
|
-
command = Command.parse(['
|
54
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
55
55
|
specification = Pod::Specification.from_file('./spec/mocks/with_fixed_version.podspec')
|
56
56
|
command.expects(:get_podspec_specifications).returns([specification])
|
57
57
|
lambda { command.run }.should.raise Informative
|
58
58
|
end
|
59
59
|
|
60
60
|
it 'expired dependency should not be valid' do
|
61
|
-
#
|
62
|
-
command = Command.parse(['
|
61
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
62
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
63
63
|
specification = Pod::Specification.from_file('./spec/mocks/with_expired_dependencies.podspec')
|
64
64
|
command.expects(:get_podspec_specifications).returns([specification])
|
65
65
|
lambda { command.run }.should.raise Informative
|
66
66
|
end
|
67
67
|
|
68
68
|
it 'not yet expired dependency should be valid' do
|
69
|
-
#
|
70
|
-
command = Command.parse(['
|
69
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
70
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
71
71
|
specification = Pod::Specification.from_file('./spec/mocks/with_not_yet_expired_dependencies.podspec')
|
72
72
|
command.expects(:get_podspec_specifications).returns([specification])
|
73
73
|
lambda { command.run }.should.not.raise Informative
|
74
74
|
end
|
75
75
|
|
76
76
|
it 'dependency with two versions requierement should not be valid' do
|
77
|
-
#
|
78
|
-
command = Command.parse(['
|
77
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
78
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
79
79
|
specification = Pod::Specification.from_file('./spec/mocks/with_two_requirement.podspec')
|
80
80
|
command.expects(:get_podspec_specifications).returns([specification])
|
81
81
|
lambda { command.run }.should.raise Informative
|
82
82
|
end
|
83
83
|
|
84
84
|
it 'dependency with two versions requierement should not be valid' do
|
85
|
-
#
|
86
|
-
command = Command.parse(['
|
85
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
86
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
87
87
|
specification = Pod::Specification.from_file('./spec/mocks/with_more_than_one_version_in_subspec.podspec')
|
88
88
|
command.expects(:get_podspec_specifications).returns([specification])
|
89
89
|
lambda { command.run }.should.raise Informative
|
90
90
|
end
|
91
91
|
|
92
92
|
it 'dependency not allowed in subspec should not be valid' do
|
93
|
-
#
|
94
|
-
command = Command.parse(['
|
93
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
94
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
95
95
|
specification = Pod::Specification.from_file('./spec/mocks/with_not_allowed_in_subspec.podspec')
|
96
96
|
command.expects(:get_podspec_specifications).returns([specification])
|
97
97
|
lambda { command.run }.should.raise Informative
|
98
98
|
end
|
99
99
|
|
100
|
-
it 'subspec dependency allowed in the
|
101
|
-
#
|
102
|
-
command = Command.parse(['
|
100
|
+
it 'subspec dependency allowed in the allowlist should be valid' do
|
101
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('MeliSDK/Error')
|
102
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
103
103
|
specification = Pod::Specification.from_file('./spec/mocks/with_allowed_subspec_v1.podspec')
|
104
104
|
command.expects(:get_podspec_specifications).returns([specification])
|
105
105
|
lambda { command.run }.should.not.raise
|
106
106
|
end
|
107
107
|
|
108
|
-
it 'dependency not allowed in the
|
109
|
-
#
|
110
|
-
command = Command.parse(['
|
108
|
+
it 'dependency not allowed in the allowlist should not be valid' do
|
109
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('MyMeliSDK/Error')
|
110
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
111
111
|
specification = Pod::Specification.from_file('./spec/mocks/with_not_allowed_subspec_v1.podspec')
|
112
112
|
command.expects(:get_podspec_specifications).returns([specification])
|
113
113
|
lambda { command.run }.should.raise Informative
|
114
114
|
end
|
115
115
|
|
116
116
|
it 'podspec without dependencies should be valid' do
|
117
|
-
#
|
118
|
-
command = Command.parse(['
|
117
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
118
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
119
119
|
specification = Pod::Specification.from_file('./spec/mocks/without_dependencies.podspec')
|
120
120
|
command.expects(:get_podspec_specifications).returns([specification])
|
121
121
|
lambda { command.run }.should.not.raise
|
122
122
|
end
|
123
123
|
|
124
124
|
it 'podspec with allowed dependencies in subspec should be valid' do
|
125
|
-
#
|
126
|
-
command = Command.parse(['
|
125
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Subspec: ('MeliSDK')
|
126
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
127
127
|
specification = Pod::Specification.from_file('./spec/mocks/with_allowed_in_subspec.podspec')
|
128
128
|
command.expects(:get_podspec_specifications).returns([specification])
|
129
129
|
lambda { command.run }.should.not.raise
|
130
130
|
end
|
131
131
|
|
132
132
|
it 'podspec with dependency not restricted by version should be valid' do
|
133
|
-
#
|
134
|
-
command = Command.parse(['
|
133
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('MLRecommendations', '~>1.0.0')
|
134
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
135
135
|
specification = Pod::Specification.from_file('./spec/mocks/free_version.podspec')
|
136
136
|
command.expects(:get_podspec_specifications).returns([specification])
|
137
137
|
lambda { command.run }.should.not.raise
|
138
138
|
end
|
139
139
|
|
140
|
-
it 'fixed mayor dependency in
|
141
|
-
#
|
142
|
-
command = Command.parse(['
|
143
|
-
specification = Pod::Specification.from_file('./spec/mocks/
|
140
|
+
it 'fixed mayor dependency in allowlist and podspec should not fail on first option' do
|
141
|
+
# Allowlist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency', '1.0.0')
|
142
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
143
|
+
specification = Pod::Specification.from_file('./spec/mocks/with_allowlisted_dependency_fixed_versions_v1.podspec')
|
144
144
|
command.expects(:get_podspec_specifications).returns([specification])
|
145
145
|
lambda { command.run }.should.not.raise
|
146
146
|
end
|
147
147
|
|
148
|
-
it 'fixed mayor dependency in
|
149
|
-
#
|
150
|
-
command = Command.parse(['
|
151
|
-
specification = Pod::Specification.from_file('./spec/mocks/
|
148
|
+
it 'fixed mayor dependency in allowlist and podspec should not fail on second option' do
|
149
|
+
# Allowlist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency', '2.0.0')
|
150
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
151
|
+
specification = Pod::Specification.from_file('./spec/mocks/with_allowlisted_dependency_fixed_versions_v2.podspec')
|
152
152
|
command.expects(:get_podspec_specifications).returns([specification])
|
153
153
|
lambda { command.run }.should.not.raise
|
154
154
|
end
|
155
155
|
|
156
|
-
it 'fixed mayor dependency in
|
157
|
-
#
|
158
|
-
command = Command.parse(['
|
159
|
-
specification = Pod::Specification.from_file('./spec/mocks/
|
156
|
+
it 'fixed mayor dependency in allowlist but not in podspec should fail' do
|
157
|
+
# Allowlist: ('MLMyDependency', '1.0.0|2.0.0') | Podspec: ('MLMyDependency', '~> 1.0')
|
158
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
159
|
+
specification = Pod::Specification.from_file('./spec/mocks/with_allowlisted_dependency_fixed_versions_variable.podspec')
|
160
160
|
command.expects(:get_podspec_specifications).returns([specification])
|
161
161
|
lambda { command.run }.should.raise Informative
|
162
162
|
end
|
163
163
|
|
164
164
|
it 'not allowed dependency should not raise exception if --fail-on-error is not present' do
|
165
|
-
#
|
166
|
-
command = Command.parse(['
|
165
|
+
# Allowlist: ('MeliSDK', '~>5.*') | Podspec: ('AFNetworking')
|
166
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--podspec=./spec/mocks/not_allowed.podspec"])
|
167
167
|
lambda { command.run }.should.not.raise
|
168
168
|
end
|
169
169
|
|
170
170
|
it 'should not fail when no podspecs are found' do
|
171
|
-
command = Command.parse(['
|
171
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}"])
|
172
172
|
lambda { command.run }.should.not.raise
|
173
173
|
end
|
174
174
|
|
175
175
|
it 'allowed granular dependency should be valid' do
|
176
|
-
command = Command.parse(['
|
176
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
177
177
|
specification = Pod::Specification.from_file('./spec/mocks/allowed_with_granular.podspec')
|
178
178
|
command.expects(:get_podspec_specifications).returns([specification])
|
179
179
|
lambda { command.run }.should.not.raise Informative
|
180
180
|
end
|
181
181
|
|
182
182
|
it 'not allowed granular dependency should not be valid' do
|
183
|
-
command = Command.parse(['
|
183
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
184
184
|
specification = Pod::Specification.from_file('./spec/mocks/not_allowed_with_granular_v1.podspec')
|
185
185
|
command.expects(:get_podspec_specifications).returns([specification])
|
186
186
|
lambda { command.run }.should.raise Informative
|
187
187
|
end
|
188
188
|
|
189
189
|
it 'not allowed granular subspec dependency should not be valid' do
|
190
|
-
command = Command.parse(['
|
190
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
191
191
|
specification = Pod::Specification.from_file('./spec/mocks/not_allowed_with_granular_v2.podspec')
|
192
192
|
command.expects(:get_podspec_specifications).returns([specification])
|
193
193
|
lambda { command.run }.should.raise Informative
|
194
194
|
end
|
195
195
|
|
196
|
-
it 'subspec dependency allowed in the
|
197
|
-
#
|
198
|
-
command = Command.parse(['
|
196
|
+
it 'subspec dependency allowed in the allowlist should be valid' do
|
197
|
+
# Allowlist: ('AndesUI/Core') | Podspec: ('AndesUI/Core')
|
198
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
199
199
|
specification = Pod::Specification.from_file('./spec/mocks/with_allowed_subspec_v2.podspec')
|
200
200
|
command.expects(:get_podspec_specifications).returns([specification])
|
201
201
|
lambda { command.run }.should.not.raise
|
202
202
|
end
|
203
203
|
|
204
|
-
it 'subspec dependency not allowed in the
|
205
|
-
#
|
206
|
-
command = Command.parse(['
|
204
|
+
it 'subspec dependency not allowed in the allowlist should not be valid' do
|
205
|
+
# Allowlist: ('AndesUI/Core') | Podspec: ('AndesUI/Icons')
|
206
|
+
command = Command.parse(['allowlist', "--config=#{ALLOWLIST_FILE}", "--fail-on-error"])
|
207
207
|
specification = Pod::Specification.from_file('./spec/mocks/with_not_allowed_subspec_v2.podspec')
|
208
208
|
command.expects(:get_podspec_specifications).returns([specification])
|
209
209
|
lambda { command.run }.should.raise Informative
|
@@ -1,5 +1,5 @@
|
|
1
1
|
{
|
2
|
-
"
|
2
|
+
"allowlist": [
|
3
3
|
{
|
4
4
|
"name": "MeliSDK",
|
5
5
|
"version": "^~>5.[0-9]+$",
|
@@ -11,13 +11,13 @@
|
|
11
11
|
"target": "production"
|
12
12
|
},
|
13
13
|
{
|
14
|
-
"
|
14
|
+
"expires": "2100-11-15",
|
15
15
|
"name": "MLBilling",
|
16
16
|
"version": null,
|
17
17
|
"target": "production"
|
18
18
|
},
|
19
19
|
{
|
20
|
-
"
|
20
|
+
"expires": "2016-11-15",
|
21
21
|
"name": "MLOnDemandResources",
|
22
22
|
"version": "^~>5.[0-9]+$",
|
23
23
|
"source": "public",
|
@@ -1,5 +1,5 @@
|
|
1
1
|
{
|
2
|
-
"
|
2
|
+
"allowlist": [{
|
3
3
|
"name": "MeliSDK",
|
4
4
|
"version": "^~>5.[0-9]+$"
|
5
5
|
}, {
|
@@ -8,17 +8,17 @@
|
|
8
8
|
}, {
|
9
9
|
"name": "CHTCollectionViewWaterfallLayout2",
|
10
10
|
"version": "^~>\\s?0.[0-9]+$",
|
11
|
-
"
|
11
|
+
"expires": "2017-11-01"
|
12
12
|
},
|
13
13
|
{
|
14
14
|
"name": "CHTCollectionViewWaterfallLayout3",
|
15
15
|
"version": "^~>\\s?0.[0-9]+$",
|
16
|
-
"
|
16
|
+
"expires" : "2017-12-01"
|
17
17
|
},
|
18
18
|
{
|
19
19
|
"name": "CHTCollectionViewWaterfallLayout4",
|
20
20
|
"version": "^~>\\s?0.[0-9]+$",
|
21
|
-
"
|
21
|
+
"expires" : "2017-11-01"
|
22
22
|
}
|
23
23
|
]
|
24
24
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cocoapods-whitelist
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mobile Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2025-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -38,7 +38,7 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '12.0'
|
41
|
-
description: A short description of cocoapods-
|
41
|
+
description: A short description of cocoapods-allowlist.
|
42
42
|
email:
|
43
43
|
- mobile@mercadolibre.com
|
44
44
|
executables: []
|
@@ -56,33 +56,41 @@ files:
|
|
56
56
|
- README.md
|
57
57
|
- Rakefile
|
58
58
|
- cocoapods-whitelist.gemspec
|
59
|
-
- lib/cocoapods-
|
60
|
-
- lib/cocoapods-
|
61
|
-
- lib/cocoapods-
|
62
|
-
- lib/cocoapods-
|
63
|
-
- lib/cocoapods-
|
64
|
-
- lib/cocoapods-
|
65
|
-
- lib/cocoapods-
|
66
|
-
- lib/cocoapods-
|
67
|
-
- lib/cocoapods-
|
68
|
-
- lib/cocoapods-
|
69
|
-
- lib/cocoapods-
|
70
|
-
- lib/cocoapods-
|
71
|
-
- lib/cocoapods-
|
59
|
+
- lib/cocoapods-allowlist.rb
|
60
|
+
- lib/cocoapods-allowlist/client/allowlist_resolver.rb
|
61
|
+
- lib/cocoapods-allowlist/command.rb
|
62
|
+
- lib/cocoapods-allowlist/command/allowlist.rb
|
63
|
+
- lib/cocoapods-allowlist/exclude/excluded.json
|
64
|
+
- lib/cocoapods-allowlist/gem_version.rb
|
65
|
+
- lib/cocoapods-allowlist/helpers/config_url.rb
|
66
|
+
- lib/cocoapods-allowlist/helpers/git.rb
|
67
|
+
- lib/cocoapods-allowlist/helpers/source_helper.rb
|
68
|
+
- lib/cocoapods-allowlist/hook.rb
|
69
|
+
- lib/cocoapods-allowlist/hook/resolver.rb
|
70
|
+
- lib/cocoapods-allowlist/model/allowed_dependency.rb
|
71
|
+
- lib/cocoapods-allowlist/model/sources.rb
|
72
|
+
- lib/cocoapods-allowlist/model/validation_excluded.rb
|
73
|
+
- lib/cocoapods-allowlist/utils/command.rb
|
74
|
+
- lib/cocoapods-allowlist/validator/source_validator.rb
|
72
75
|
- lib/cocoapods_plugin.rb
|
76
|
+
- spec/allowlist_resolver_spec.rb
|
77
|
+
- spec/allowlist_spec.rb
|
73
78
|
- spec/mocks/allowed_with_granular.podspec
|
79
|
+
- spec/mocks/allowlist.json
|
80
|
+
- spec/mocks/allowlist_with_expired_dependencies.json
|
81
|
+
- spec/mocks/allowlisted_podname.podspec
|
74
82
|
- spec/mocks/bad_name.podspec
|
75
83
|
- spec/mocks/free_version.podspec
|
76
84
|
- spec/mocks/major_version_fixed.podspec
|
77
85
|
- spec/mocks/not_allowed.podspec
|
78
86
|
- spec/mocks/not_allowed_with_granular_v1.podspec
|
79
87
|
- spec/mocks/not_allowed_with_granular_v2.podspec
|
80
|
-
- spec/mocks/whitelist.json
|
81
|
-
- spec/mocks/whitelist_with_expired_dependencies.json
|
82
|
-
- spec/mocks/whitelisted_podname.podspec
|
83
88
|
- spec/mocks/with_allowed_in_subspec.podspec
|
84
89
|
- spec/mocks/with_allowed_subspec_v1.podspec
|
85
90
|
- spec/mocks/with_allowed_subspec_v2.podspec
|
91
|
+
- spec/mocks/with_allowlisted_dependency_fixed_versions_v1.podspec
|
92
|
+
- spec/mocks/with_allowlisted_dependency_fixed_versions_v2.podspec
|
93
|
+
- spec/mocks/with_allowlisted_dependency_fixed_versions_variable.podspec
|
86
94
|
- spec/mocks/with_expired_dependencies.podspec
|
87
95
|
- spec/mocks/with_fixed_version.podspec
|
88
96
|
- spec/mocks/with_more_than_one_version_in_subspec.podspec
|
@@ -92,16 +100,11 @@ files:
|
|
92
100
|
- spec/mocks/with_not_yet_expired_dependencies.podspec
|
93
101
|
- spec/mocks/with_similar_name_not_allowed.podspec
|
94
102
|
- spec/mocks/with_two_requirement.podspec
|
95
|
-
- spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec
|
96
|
-
- spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec
|
97
|
-
- spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
|
98
103
|
- spec/mocks/without_dependencies.podspec
|
99
104
|
- spec/mocks/without_version.podspec
|
100
105
|
- spec/source_helper_spec.rb
|
101
106
|
- spec/source_validator_spec.rb
|
102
107
|
- spec/spec_helper.rb
|
103
|
-
- spec/whitelist_resolver_spec.rb
|
104
|
-
- spec/whitelist_spec.rb
|
105
108
|
homepage: https://github.com/melisource/mobile-cocoapods_whitelist
|
106
109
|
licenses:
|
107
110
|
- MIT
|
@@ -124,21 +127,26 @@ requirements: []
|
|
124
127
|
rubygems_version: 3.3.26
|
125
128
|
signing_key:
|
126
129
|
specification_version: 4
|
127
|
-
summary: A longer description of cocoapods-
|
130
|
+
summary: A longer description of cocoapods-allowlist.
|
128
131
|
test_files:
|
132
|
+
- spec/allowlist_resolver_spec.rb
|
133
|
+
- spec/allowlist_spec.rb
|
129
134
|
- spec/mocks/allowed_with_granular.podspec
|
135
|
+
- spec/mocks/allowlist.json
|
136
|
+
- spec/mocks/allowlist_with_expired_dependencies.json
|
137
|
+
- spec/mocks/allowlisted_podname.podspec
|
130
138
|
- spec/mocks/bad_name.podspec
|
131
139
|
- spec/mocks/free_version.podspec
|
132
140
|
- spec/mocks/major_version_fixed.podspec
|
133
141
|
- spec/mocks/not_allowed.podspec
|
134
142
|
- spec/mocks/not_allowed_with_granular_v1.podspec
|
135
143
|
- spec/mocks/not_allowed_with_granular_v2.podspec
|
136
|
-
- spec/mocks/whitelist.json
|
137
|
-
- spec/mocks/whitelist_with_expired_dependencies.json
|
138
|
-
- spec/mocks/whitelisted_podname.podspec
|
139
144
|
- spec/mocks/with_allowed_in_subspec.podspec
|
140
145
|
- spec/mocks/with_allowed_subspec_v1.podspec
|
141
146
|
- spec/mocks/with_allowed_subspec_v2.podspec
|
147
|
+
- spec/mocks/with_allowlisted_dependency_fixed_versions_v1.podspec
|
148
|
+
- spec/mocks/with_allowlisted_dependency_fixed_versions_v2.podspec
|
149
|
+
- spec/mocks/with_allowlisted_dependency_fixed_versions_variable.podspec
|
142
150
|
- spec/mocks/with_expired_dependencies.podspec
|
143
151
|
- spec/mocks/with_fixed_version.podspec
|
144
152
|
- spec/mocks/with_more_than_one_version_in_subspec.podspec
|
@@ -148,13 +156,8 @@ test_files:
|
|
148
156
|
- spec/mocks/with_not_yet_expired_dependencies.podspec
|
149
157
|
- spec/mocks/with_similar_name_not_allowed.podspec
|
150
158
|
- spec/mocks/with_two_requirement.podspec
|
151
|
-
- spec/mocks/with_whitelisted_dependency_fixed_versions_v1.podspec
|
152
|
-
- spec/mocks/with_whitelisted_dependency_fixed_versions_v2.podspec
|
153
|
-
- spec/mocks/with_whitelisted_dependency_fixed_versions_variable.podspec
|
154
159
|
- spec/mocks/without_dependencies.podspec
|
155
160
|
- spec/mocks/without_version.podspec
|
156
161
|
- spec/source_helper_spec.rb
|
157
162
|
- spec/source_validator_spec.rb
|
158
163
|
- spec/spec_helper.rb
|
159
|
-
- spec/whitelist_resolver_spec.rb
|
160
|
-
- spec/whitelist_spec.rb
|
@@ -1,54 +0,0 @@
|
|
1
|
-
require 'singleton'
|
2
|
-
require 'open-uri'
|
3
|
-
require 'cocoapods-whitelist/model/allowed_dependency'
|
4
|
-
|
5
|
-
class WhitelistResolver
|
6
|
-
include Singleton
|
7
|
-
attr_accessor :whitelist
|
8
|
-
attr_accessor :whitelist_loaded
|
9
|
-
attr_accessor :whitelist_url
|
10
|
-
|
11
|
-
def config
|
12
|
-
@whitelist ||= []
|
13
|
-
end
|
14
|
-
|
15
|
-
def initialize()
|
16
|
-
@whitelist_url = DEFAULT_WHITELIST_URL
|
17
|
-
load_whitelist()
|
18
|
-
end
|
19
|
-
|
20
|
-
def get_whitelist(whitelist_url = DEFAULT_WHITELIST_URL)
|
21
|
-
@whitelist_loaded = @whitelist_url == whitelist_url
|
22
|
-
@whitelist_url = whitelist_url
|
23
|
-
|
24
|
-
load_whitelist() unless @whitelist_loaded
|
25
|
-
return @whitelist
|
26
|
-
end
|
27
|
-
|
28
|
-
def load_whitelist
|
29
|
-
begin
|
30
|
-
URI.open(@whitelist_url) { |io|
|
31
|
-
buffer = io.read
|
32
|
-
@whitelist = parse_whitelist(buffer)
|
33
|
-
@whitelist_loaded = true
|
34
|
-
}
|
35
|
-
rescue OpenURI::HTTPError => e
|
36
|
-
status = e.io.status.join(' ')
|
37
|
-
raise "Failed to fetch whitelist from '#{@whitelist_url}'.\n Error: #{status}"
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
def parse_whitelist(raw_whitelist)
|
42
|
-
json = JSON.parse(raw_whitelist)
|
43
|
-
return json["whitelist"].map { |dependencyJson|
|
44
|
-
AllowedDependency.new(
|
45
|
-
dependencyJson["name"],
|
46
|
-
dependencyJson["version"],
|
47
|
-
dependencyJson["expire"],
|
48
|
-
dependencyJson["source"],
|
49
|
-
dependencyJson["target"],
|
50
|
-
dependencyJson["allows_granular_projects"]
|
51
|
-
)
|
52
|
-
}
|
53
|
-
end
|
54
|
-
end
|
@@ -1 +0,0 @@
|
|
1
|
-
require 'cocoapods-whitelist/command/whitelist'
|
@@ -1 +0,0 @@
|
|
1
|
-
require 'cocoapods-whitelist/hook/resolver'
|
data/lib/cocoapods-whitelist.rb
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
require 'cocoapods-whitelist/gem_version'
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require File.expand_path('../spec_helper', __FILE__)
|
2
|
-
|
3
|
-
WHITELIST_PATH = './spec/mocks/whitelist.json'
|
4
|
-
|
5
|
-
describe WhitelistResolver do
|
6
|
-
describe 'functionality' do
|
7
|
-
it 'whitelist should be loaded from an specific url' do
|
8
|
-
whitelist = WhitelistResolver.instance.get_whitelist(WHITELIST_PATH)
|
9
|
-
whitelist.size.should.equal 11
|
10
|
-
end
|
11
|
-
|
12
|
-
it 'if not URL is specified, whitelist comes from default URL' do
|
13
|
-
whitelist = WhitelistResolver.instance.get_whitelist
|
14
|
-
whitelist.should.not.empty?
|
15
|
-
end
|
16
|
-
|
17
|
-
it 'whitelist should not be loaded twice' do
|
18
|
-
WhitelistResolver.instance.get_whitelist(WHITELIST_PATH)
|
19
|
-
loaded = WhitelistResolver.instance.whitelist_loaded
|
20
|
-
|
21
|
-
loaded.should.be.true
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|