cutting_edge 0.0.1

data/lib/cutting_edge/badge.rb

@@ -0,0 +1,46 @@
+require 'victor'
+
+class Badge
+  BADGE_OPTIONS = {
+    up_to_date: {
+      bg_color: '#32CD32',
+      text: 'up-to-date',
+      width: 180
+    },
+    out_of_date: {
+      bg_color: '#ff0000',
+      text: 'out-of-date',
+      width: 190
+    },
+    unknown: {
+      bg_color: '#666',
+      text: 'unknown',
+      width: 170
+    }
+  }
+
+  def self.build_badge(status, num=nil)
+    if ! [:up_to_date, :out_of_date, :unknown].include?(status)
+      status = :unknown
+    end
+    number = Integer(num) rescue nil if num
+
+    svg = Victor::SVG.new width: BADGE_OPTIONS[status][:width], height: 32, template: :html
+
+    style = {
+      stroke: '#d3d3d3',
+      stroke_width: 4
+    }
+
+    svg.build do
+      rect x: 0, y: 0, width: BADGE_OPTIONS[status][:width], height: 32, fill: BADGE_OPTIONS[status][:bg_color], style: style
+
+      g font_size: 14, font_family: 'arial', fill: 'white' do
+        text "#{number} Dependencies #{BADGE_OPTIONS[status][:text]}", x: 10, y: 20
+      end
+    end
+    return svg.render
+  end
+
+end
+

data/lib/cutting_edge/langs.rb

@@ -0,0 +1,123 @@
+require 'ostruct'
+require 'toml-rb'
+
+class Gem::Dependency
+  TYPES = [:runtime, :development, :build]
+end
+
+module LanguageHelpers
+  # Return a mock construct that mimicks Gem::Dependency for depedencies we tried to parse, but weren't valid.
+  def unknown_dependency(name, type = :runtime)
+    OpenStruct.new(name: name, type: type, requirement: 'unknown')
+  end
+
+  # For each dependency, find its latest version and return the two together. Takes account of invalid or dependencies (see #unknown_dependency)
+  #
+  # results - Array of Gem::Dependencies and unknown dependencies.
+  #
+  # Returns an Array of tuples of each dependency and its latest version: e.g., [[<Gem::Dependency>, <Gem::Version>]]
+  def dependency_with_latest(results)
+    results.map do |dependency|
+      [dependency, dependency.requirement.to_s == 'unknown' ? nil : latest_version(dependency.name)]
+    end
+  end
+
+  def log_error(message)
+    logger.error(message) if ::CuttingEdge::App.enable_logging
+  end
+end
+
+class Language
+  include ::SemanticLogger::Loggable
+  extend LanguageHelpers
+end
+
+module LanguageVersionHelpers
+
+  private
+
+  def canonical_version(version)
+    version.match(/^\./) ? "0#{version}" : version
+  end
+
+  # Translate wildcard (*) requirement to Ruby/Gem compatible requirement
+  #
+  # req - String version requirement
+  #
+  # Returns a translated String version requirement
+  def translate_wildcard(req)
+    if req =~ /!=/ # Negative Wildcard
+      # Turn != 1.1.* into >= 1.2, < 1.1
+      req.sub!('.*', '.0')
+      req.sub!('!=', '')
+      begin
+        v = Gem::Version.new(req) # Create the bumped version using Gem::Version so pre-release handling will work
+      rescue ArgumentError => e
+        return nil
+      end
+      lower_bound = ">= #{v.bump.version}"
+      upper_bound = "< #{v.version}"
+      [lower_bound, upper_bound]
+    elsif req =~ /^\s*\*\s*/
+      '>= 0' # Turn * into >= 0
+    else
+      "~> #{req.sub('.*', '.0').sub('=', '')}" # Turn =1.1.* or 1.1.* into ~> 1.1.0
+    end
+  end
+
+  # Translate SemVer Caret requirement to Ruby/Gem compatible requirement
+  # Caret requirement:
+  # lower bound = the unmodified version
+  # upper bound = take the left most non-zero digit and +1 it
+  #
+  # req - String version requirement
+  #
+  # Returns a translated String version requirement
+  def translate_caret(req)
+    req.sub!('^', '')
+    begin
+      version = Gem::Version.new(req)
+    rescue ArgumentError => e
+      return nil
+    end
+    segments = version.version.split('.')
+    index = segments.find_index {|seg| seg.to_i > 0} # Find the leftmost non-zero digit.
+    index = segments.rindex {|seg| seg.to_i == 0} unless index # If there is none, find the last 0.
+    segments[index] = segments[index].to_i + 1
+    upper_bound = segments[0..index].join('.')
+    [">= #{version.version}", "< #{upper_bound}"]
+  end
+
+  def parse_toml(content, sections)
+    begin
+      config = TomlRB.parse(content)
+    rescue TomlRB::ParseError => e
+      log_error("Encountered error when parsing TOML: #{e.class} #{e.message}")
+      return []
+    end    
+    results = []
+
+    sections.each do |dependency_type, section_name|
+      packages = config[section_name] || next
+      packages.each do |name, info|
+        requirement = info.fetch('version', nil) rescue info
+        if requirement
+          requirements = requirement.split(',').map {|req| translate_requirement(req)}
+          next if requirements.include?(nil) # If a sub-requirement failed to translate, skip this entire dependency.
+          begin
+            results << Gem::Dependency.new(name, requirements, dependency_type)
+          rescue StandardError => e
+            log_error("Encountered error when parsing requirement #{requirements}: #{e.class} #{e.message}")             
+            next
+          end
+        else
+          results << unknown_dependency(name, dependency_type)
+        end
+      end
+    end
+    results
+  end
+
+end
+
+Dir[File.expand_path('../langs/*.rb', __FILE__)].each { |f| require f }

data/lib/cutting_edge/langs/python.rb

@@ -0,0 +1,102 @@
+require 'rubygems'
+require 'http'
+
+class PythonLang < Language
+  # For Requirements.txt
+  # See https://iscompatible.readthedocs.io/en/latest/
+  COMPARATORS = />=|>|<=|<|==/
+  VERSION_NUM = /\d[\.\w]*/
+  SUFFIX_OPTION = /\s*(\[.*\])?/
+  NAME = /[^,]+/
+  REGEX = /^(#{NAME})\s*(#{COMPARATORS})\s*(#{VERSION_NUM})(\s*,\s*(#{COMPARATORS})\s*(#{VERSION_NUM}))?#{SUFFIX_OPTION}$/
+
+  API_URL = 'https://pypi.org/pypi/'
+
+  PIPFILE_SECTIONS = {
+    :runtime => 'packages',
+    :development => 'dev-packages'
+  }
+
+  extend LanguageVersionHelpers
+
+  class << self
+
+    # Defaults for projects in this language
+    def locations(name = nil)
+      ['requirements.txt', 'Pipfile']
+    end
+
+    # Parse a dependency file
+    #
+    # name - String contents of the file
+    # content - String contents of the file
+    #
+    # Returns an Array of tuples of each dependency and its latest version: [[<Gem::Dependency>, <Gem::Version>]]
+    def parse_file(name, content)
+      return nil unless content
+      if name =~ /\.txt$/
+        results = parse_requirements(content)
+      elsif name =~ /Pipfile/
+        results = parse_toml(content, PIPFILE_SECTIONS)
+      end
+      dependency_with_latest(results) if results
+    end
+
+    def parse_requirements(content)
+      results = []
+      content.each_line do |line|
+        next if line =~ /^\s*-e/ # ignore 'editable' dependencies
+        if line =~ COMPARATORS
+          next unless match = line.match(REGEX) # Skip this line if it doesn't conform to our expectations
+          name, first_comp, first_version, _ignore, second_comp, second_version = match.captures
+          first_comp = '=' if first_comp == '=='
+          second_comp = '=' if second_comp == '=='
+          dep = Gem::Dependency.new(name, "#{first_comp} #{first_version}")
+          dep.requirement.concat(["#{second_comp} #{second_version}"]) if second_comp && second_version
+        else
+          dep = Gem::Dependency.new(line.strip) # requries version to be >= 0
+        end
+        results << dep
+      end
+      results
+    end
+
+    # Find the latest versions of a dependency by name
+    #
+    # name - String name of the dependency
+    #
+    # Returns a Gem::Version
+    def latest_version(name)
+      begin
+        content = HTTP.timeout(::CuttingEdge::LAST_VERSION_TIMEOUT).follow(max_hops: 1).get(::File.join(API_URL, name, 'json')).parse
+        version = content['info']['version']
+        Gem::Version.new(canonical_version(version))
+      rescue StandardError, HTTP::TimeoutError => e
+        log_error("Encountered error when fetching latest version of #{name}: #{e.class} #{e.message}")
+        nil
+      end
+    end
+
+    # Translate version requirement syntax for Pipfiles to a String or Array of Strings that Gem::Dependency.new understands
+    # Pipfile support * and != requirements, which Ruby does not
+    # See https://www.python.org/dev/peps/pep-0440/#version-matching
+    # 
+    # req - String version requirement
+    #
+    # Returns a translated String version requirement
+    def translate_requirement(req)
+    req.sub!('~=', '~>')
+    req.sub!('==', '=')
+      case req
+      when /\*/
+        translate_wildcard(req)
+      when '!='
+        req.sub!('!=', '')
+        ["< #{req}", "> #{req}"]
+      else
+        req
+      end
+    end
+
+  end
+end

data/lib/cutting_edge/langs/ruby.rb

@@ -0,0 +1,47 @@
+require 'gemnasium/parser'
+require 'rubygems'
+
+class RubyLang < Language
+
+  class << self
+
+    # Defaults for projects in this language
+    def locations(name)
+      ["#{name}.gemspec", 'Gemfile']
+    end
+
+    # Parse a dependency file
+    #
+    # name - String contents of the file
+    # content - String contents of the file
+    #
+    # Returns an Array of tuples of each dependency and its latest version: [[<Bundler::Dependency>, <Gem::Version>]]
+    def parse_file(name, content)
+      return nil unless content
+      results = name =~ /gemspec/ ? parse_gemspec(content) : parse_gemfile(content)
+      dependency_with_latest(results)
+    end
+
+    def latest_version(name)
+      # Fancy todo: cache these?
+      begin
+        Gem::SpecFetcher.fetcher.spec_for_dependency(Gem::Dependency.new(name, nil)).flatten.first.version
+      rescue StandardError => e
+        log_error("Encountered error when fetching latest version of #{name}: #{e.class} #{e.message}")
+        nil
+      end
+    end
+
+    def parse_ruby(type, content)
+      Gemnasium::Parser.send(type, content).dependencies
+    end
+
+    def parse_gemspec(content)
+      parse_ruby(:gemspec, content)
+    end
+
+    def parse_gemfile(content)
+      parse_ruby(:gemfile, content)
+    end
+  end
+end

data/lib/cutting_edge/langs/rust.rb

@@ -0,0 +1,68 @@
+require 'rubygems'
+require 'http'
+
+class RustLang < Language
+  API_URL = 'https://crates.io/api/v1/crates'
+
+  CARGOFILE_SECTIONS = {
+    :runtime => 'dependencies',
+    :development => 'dev-dependencies',
+    :build => 'build-dependencies'
+  }
+
+  extend LanguageVersionHelpers
+
+  class << self
+
+    # Defaults for projects in this language
+    def locations(name = nil)
+      ['Cargo.toml']
+    end
+
+    # Parse a dependency file
+    #
+    # name - String contents of the file
+    # content - String contents of the file
+    #
+    # Returns an Array of tuples of each dependency and its latest version: [[<Gem::Dependency>, <Gem::Version>]]
+    def parse_file(name, content)
+      return nil unless content
+      results = parse_toml(content, CARGOFILE_SECTIONS)
+      dependency_with_latest(results) if results
+    end
+
+    # Find the latest versions of a dependency by name
+    #
+    # name - String name of the dependency
+    #
+    # Returns a Gem::Version
+    def latest_version(name)
+      begin
+        content = HTTP.timeout(::CuttingEdge::LAST_VERSION_TIMEOUT).get(::File.join(API_URL, name)).parse
+        version = content['crate']['max_version']
+        Gem::Version.new(canonical_version(version))
+      rescue StandardError, HTTP::Error => e
+        log_error("Encountered error when fetching latest version of #{name}: #{e.class} #{e.message}")
+        nil
+      end
+    end
+
+    # Translate Cargo version requirement syntax to a String or Array of Strings that Gem::Dependency.new understands
+    # Cargo.toml files support * and ^ (wildcard and caret) requirements, which Ruby does not
+    # See: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
+    # 
+    # req - String version requirement
+    #
+    # Returns a translated String version requirement
+    def translate_requirement(req)
+      if req =~ /~|<|>|\*|=/
+        return translate_wildcard(req) if req =~ /\*/
+        req.sub!('~', '~>')
+        req
+      else
+        translate_caret(req)
+      end
+    end
+
+  end
+end

data/lib/cutting_edge/repo.rb

@@ -0,0 +1,67 @@
+require File.expand_path('../langs.rb', __FILE__)
+
+module CuttingEdge
+  class Repository
+
+    DEPENDENCY_TYPES = [:runtime] # Which dependency types to accept (default only :runtime, excludes :development).
+    DEFAULT_LANG = 'ruby'
+
+    attr_reader :token, :locations, :lang
+    attr_accessor :dependency_types
+
+    def initialize(org, name, lang = nil, locations = nil, branch = nil, token = nil)
+      @org     = org
+      @name    = name
+      @branch  = branch  || 'master'
+      @token   = token
+      @lang    = lang || DEFAULT_LANG
+      @locations = {}
+      (locations || get_lang(@lang).locations(name)).each do |loc|
+        @locations[loc] = url_for_file(loc)
+      end
+      @dependency_types = DEPENDENCY_TYPES
+    end
+
+    def source
+      ''
+    end
+
+    def identifier
+      File.join(source, @org, @name)
+    end
+
+    def url_for_file(file)
+      file
+    end
+
+    private
+
+    def get_lang(lang)
+      Object.const_get("::#{lang.capitalize}Lang")
+    end
+  end
+
+  class GithubRepository < Repository
+    HOST = 'https://raw.githubusercontent.com'
+
+    def source
+      'github'
+    end
+
+    def url_for_file(file)
+      File.join(HOST, @org, @name, @branch, file)
+    end
+  end
+
+  class GitlabRepository < Repository
+    HOST = 'https://gitlab.com/'
+
+    def source
+      'gitlab'
+    end
+
+    def url_for_file(file)
+      File.join(HOST, @org, @name, 'raw', @branch, file)
+    end
+  end
+end