dependabot-common 0.128.0 → 0.129.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/azure.rb +38 -9
  3. data/lib/dependabot/clients/bitbucket.rb +11 -1
  4. data/lib/dependabot/errors.rb +42 -22
  5. data/lib/dependabot/shared_helpers.rb +5 -20
  6. data/lib/dependabot/utils.rb +3 -0
  7. data/lib/dependabot/version.rb +1 -1
  8. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ac759f834287050eb32bc586ab8d414010e64283ff9f1f7be6b9dc481969ec3
4
- data.tar.gz: 38dc8a8d6e321e1f2c6ba817e1da7aeb656508560f795d5c2efbc7d900d93ae8
3
+ metadata.gz: c7174415aef0e15737217d314a45c2630aacae829ef4e513534ad6f4a4a20e0e
4
+ data.tar.gz: 0f995c8ec75f07917de8829386a070a2d1ac3dab21162299b2b0cb3fa83190b7
5
5
  SHA512:
6
- metadata.gz: b4d47dbe5867a869681d19779cbcea2fcf10cba21be3d9d0fb482821b1f8a375e95b04f4027a526c7cf527d74a109ae34e275ab63efabfb630463ef453da70bd
7
- data.tar.gz: 8d6d58686a1a1d70a61f61f4f1744c3946886121bceea01b9a6169cee9777c63098dff78d10e9132c1ec3789baa0871342cec291c2bec9cb01c5bfca25765f37
6
+ metadata.gz: 41418972531aedf8379e330be0fc3439ecf7ec7f9d247740be77f9dd2d4a7d6da7c63769fd615bcd378f4e13075a41fab52069557e7cd6f6227ed05058f33f2e
7
+ data.tar.gz: 81b2df6efb3465fd42563ea28fa728a170d0bac9b68f7bd0cf13cfe4783d04dbab2bed462e59f7c3cd0fbc4114fc085b57f43bf2fcaf32e66669d1f0a599708b
data/lib/dependabot/clients/azure.rb CHANGED
@@ -8,6 +8,14 @@ module Dependabot
8
8
  class Azure
9
9
  class NotFound < StandardError; end
10
10
 
11
+ class InternalServerError < StandardError; end
12
+
13
+ class ServiceNotAvailable < StandardError; end
14
+
15
+ class BadGateway < StandardError; end
16
+
17
+ RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
18
+
11
19
  MAX_PR_DESCRIPTION_LENGTH = 3999
12
20
 
13
21
  #######################
@@ -27,10 +35,11 @@ module Dependabot
27
35
  # Client #
28
36
  ##########
29
37
 
30
- def initialize(source, credentials)
38
+ def initialize(source, credentials, max_retries: 3)
31
39
  @source = source
32
40
  @credentials = credentials
33
41
  @auth_header = auth_header_for(credentials&.fetch("token", nil))
42
+ @max_retries = max_retries || 3
34
43
  end
35
44
 
36
45
  def fetch_commit(_repo, branch)
@@ -175,15 +184,24 @@ module Dependabot
175
184
  # rubocop:enable Metrics/ParameterLists
176
185
 
177
186
  def get(url)
178
- response = Excon.get(
179
- url,
180
- user: credentials&.fetch("username", nil),
181
- password: credentials&.fetch("password", nil),
182
- idempotent: true,
183
- **SharedHelpers.excon_defaults(
184
- headers: auth_header
187
+ response = nil
188
+
189
+ retry_connection_failures do
190
+ response = Excon.get(
191
+ url,
192
+ user: credentials&.fetch("username", nil),
193
+ password: credentials&.fetch("password", nil),
194
+ idempotent: true,
195
+ **SharedHelpers.excon_defaults(
196
+ headers: auth_header
197
+ )
185
198
  )
186
- )
199
+
200
+ raise InternalServerError if response.status == 500
201
+ raise BadGateway if response.status == 502
202
+ raise ServiceNotAvailable if response.status == 503
203
+ end
204
+
187
205
  raise NotFound if response.status == 404
188
206
 
189
207
  response
@@ -211,6 +229,17 @@ module Dependabot
211
229
 
212
230
  private
213
231
 
232
+ def retry_connection_failures
233
+ retry_attempt = 0
234
+
235
+ begin
236
+ yield
237
+ rescue *RETRYABLE_ERRORS
238
+ retry_attempt += 1
239
+ retry_attempt <= @max_retries ? retry : raise
240
+ end
241
+ end
242
+
214
243
  def auth_header_for(token)
215
244
  return {} unless token
216
245
 
data/lib/dependabot/clients/bitbucket.rb CHANGED
@@ -18,6 +18,7 @@ module Dependabot
18
18
 
19
19
  def initialize(credentials:)
20
20
  @credentials = credentials
21
+ @auth_header = auth_header_for(credentials&.fetch("token", nil))
21
22
  end
22
23
 
23
24
  def fetch_commit(repo, branch)
@@ -72,7 +73,9 @@ module Dependabot
72
73
  user: credentials&.fetch("username", nil),
73
74
  password: credentials&.fetch("password", nil),
74
75
  idempotent: true,
75
- **Dependabot::SharedHelpers.excon_defaults
76
+ **Dependabot::SharedHelpers.excon_defaults(
77
+ headers: auth_header
78
+ )
76
79
  )
77
80
  raise Unauthorized if response.status == 401
78
81
  raise Forbidden if response.status == 403
@@ -89,6 +92,13 @@ module Dependabot
89
92
 
90
93
  private
91
94
 
95
+ def auth_header_for(token)
96
+ return {} unless token
97
+
98
+ { "Authorization" => "Bearer #{token}" }
99
+ end
100
+
101
+ attr_reader :auth_header
92
102
  attr_reader :credentials
93
103
 
94
104
  def base_url
data/lib/dependabot/errors.rb CHANGED
@@ -1,24 +1,45 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/shared_helpers"
3
+ require "dependabot/utils"
4
4
 
5
5
  module Dependabot
6
6
  class DependabotError < StandardError
7
- def initialize(msg = nil)
8
- msg = sanitize_message(msg)
9
- super(msg)
7
+ BASIC_AUTH_REGEX = %r{://(?<auth>[^:]*:[^@%\s]+(@|%40))}.freeze
8
+ # Remove any path segment from fury.io sources
9
+ FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}.freeze
10
+
11
+ def initialize(message = nil)
12
+ super(sanitize_message(message))
10
13
  end
11
14
 
12
15
  private
13
16
 
14
17
  def sanitize_message(message)
15
- return unless message
18
+ return message unless message.is_a?(String)
16
19
 
17
20
  path_regex =
18
- Regexp.escape(SharedHelpers::BUMP_TMP_DIR_PATH) + "\/" +
19
- Regexp.escape(SharedHelpers::BUMP_TMP_FILE_PREFIX) + "[^/]*"
21
+ Regexp.escape(Utils::BUMP_TMP_DIR_PATH) + "\/" +
22
+ Regexp.escape(Utils::BUMP_TMP_FILE_PREFIX) + "[a-zA-Z0-9-]*"
23
+
24
+ message = message.gsub(/#{path_regex}/, "dependabot_tmp_dir").strip
25
+ filter_sensitive_data(message)
26
+ end
27
+
28
+ def filter_sensitive_data(message)
29
+ replace_capture_groups(message, BASIC_AUTH_REGEX, "")
30
+ end
31
+
32
+ def sanitize_source(source)
33
+ source = filter_sensitive_data(source)
34
+ replace_capture_groups(source, FURY_IO_PATH_REGEX, "<redacted>")
35
+ end
36
+
37
+ def replace_capture_groups(string, regex, replacement)
38
+ return string unless string.is_a?(String)
20
39
 
21
- message.gsub(/#{path_regex}/, "dependabot_tmp_dir")
40
+ string.scan(regex).flatten.compact.reduce(string) do |original_msg, match|
41
+ original_msg.gsub(match, replacement)
42
+ end
22
43
  end
23
44
  end
24
45
 
@@ -35,7 +56,6 @@ module Dependabot
35
56
 
36
57
  def initialize(branch_name, msg = nil)
37
58
  @branch_name = branch_name
38
- msg = sanitize_message(msg)
39
59
  super(msg)
40
60
  end
41
61
  end
@@ -101,10 +121,10 @@ module Dependabot
101
121
  attr_reader :source
102
122
 
103
123
  def initialize(source)
104
- @source = source.gsub(%r{(?<=\.fury\.io)/[A-Za-z0-9]{20}(?=/)}, "")
124
+ @source = sanitize_source(source)
105
125
  msg = "The following source could not be reached as it requires "\
106
126
  "authentication (and any provided details were invalid or lacked "\
107
- "the required permissions): #{source}"
127
+ "the required permissions): #{@source}"
108
128
  super(msg)
109
129
  end
110
130
  end
@@ -113,8 +133,8 @@ module Dependabot
113
133
  attr_reader :source
114
134
 
115
135
  def initialize(source)
116
- @source = source.gsub(%r{(?<=\.fury\.io)/[A-Za-z0-9]{20}(?=/)}, "")
117
- super("The following source timed out: #{source}")
136
+ @source = sanitize_source(source)
137
+ super("The following source timed out: #{@source}")
118
138
  end
119
139
  end
120
140
 
@@ -122,8 +142,8 @@ module Dependabot
122
142
  attr_reader :source
123
143
 
124
144
  def initialize(source)
125
- @source = source.gsub(%r{(?<=\.fury\.io)/[A-Za-z0-9]{20}(?=/)}, "")
126
- super("Could not verify the SSL certificate for #{source}")
145
+ @source = sanitize_source(source)
146
+ super("Could not verify the SSL certificate for #{@source}")
127
147
  end
128
148
  end
129
149
 
@@ -132,7 +152,7 @@ module Dependabot
132
152
 
133
153
  def initialize(environment_variable)
134
154
  @environment_variable = environment_variable
135
- super("Missing environment variable #{environment_variable}")
155
+ super("Missing environment variable #{@environment_variable}")
136
156
  end
137
157
  end
138
158
 
@@ -149,10 +169,10 @@ module Dependabot
149
169
 
150
170
  def initialize(*dependency_urls)
151
171
  @dependency_urls =
152
- dependency_urls.flatten.map { |uri| uri.gsub(/x-access-token.*?@/, "") }
172
+ dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
153
173
 
154
174
  msg = "The following git URLs could not be retrieved: "\
155
- "#{dependency_urls.join(', ')}"
175
+ "#{@dependency_urls.join(', ')}"
156
176
  super(msg)
157
177
  end
158
178
  end
@@ -163,7 +183,7 @@ module Dependabot
163
183
  def initialize(dependency)
164
184
  @dependency = dependency
165
185
 
166
- msg = "The branch or reference specified for #{dependency} could not "\
186
+ msg = "The branch or reference specified for #{@dependency} could not "\
167
187
  "be retrieved"
168
188
  super(msg)
169
189
  end
@@ -175,7 +195,7 @@ module Dependabot
175
195
  def initialize(*dependencies)
176
196
  @dependencies = dependencies.flatten
177
197
  msg = "The following path based dependencies could not be retrieved: "\
178
- "#{dependencies.join(', ')}"
198
+ "#{@dependencies.join(', ')}"
179
199
  super(msg)
180
200
  end
181
201
  end
@@ -188,8 +208,8 @@ module Dependabot
188
208
  @declared_path = declared_path
189
209
  @discovered_path = discovered_path
190
210
 
191
- msg = "The module path '#{declared_path}' found in #{go_mod} doesn't "\
192
- "match the actual path '#{discovered_path}' in the dependency's "\
211
+ msg = "The module path '#{@declared_path}' found in #{@go_mod} doesn't "\
212
+ "match the actual path '#{@discovered_path}' in the dependency's "\
193
213
  "go.mod"
194
214
  super(msg)
195
215
  end
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -8,12 +8,12 @@ require "digest"
8
8
  require "open3"
9
9
  require "shellwords"
10
10
 
11
+ require "dependabot/utils"
12
+ require "dependabot/errors"
11
13
  require "dependabot/version"
12
14
 
13
15
  module Dependabot
14
16
  module SharedHelpers
15
- BUMP_TMP_FILE_PREFIX = "dependabot_"
16
- BUMP_TMP_DIR_PATH = "tmp"
17
17
  GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
18
18
  USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
19
19
  "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
@@ -21,21 +21,6 @@ module Dependabot
21
21
  "(+https://github.com/dependabot/dependabot-core)"
22
22
  SIGKILL = 9
23
23
 
24
- class ChildProcessFailed < StandardError
25
- attr_reader :error_class, :error_message, :error_backtrace
26
-
27
- def initialize(error_class:, error_message:, error_backtrace:)
28
- @error_class = error_class
29
- @error_message = error_message
30
- @error_backtrace = error_backtrace
31
-
32
- msg = "Child process raised #{error_class} with message: "\
33
- "#{error_message}"
34
- super(msg)
35
- set_backtrace(error_backtrace)
36
- end
37
- end
38
-
39
24
  def self.in_a_temporary_repo_directory(directory = "/",
40
25
  repo_contents_path = nil,
41
26
  &block)
@@ -53,15 +38,15 @@ module Dependabot
53
38
  end
54
39
 
55
40
  def self.in_a_temporary_directory(directory = "/")
56
- Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
57
- Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
41
+ Dir.mkdir(Utils::BUMP_TMP_DIR_PATH) unless Dir.exist?(Utils::BUMP_TMP_DIR_PATH)
42
+ Dir.mktmpdir(Utils::BUMP_TMP_FILE_PREFIX, Utils::BUMP_TMP_DIR_PATH) do |dir|
58
43
  path = Pathname.new(File.join(dir, directory)).expand_path
59
44
  FileUtils.mkpath(path)
60
45
  Dir.chdir(path) { yield(path) }
61
46
  end
62
47
  end
63
48
 
64
- class HelperSubprocessFailed < StandardError
49
+ class HelperSubprocessFailed < Dependabot::DependabotError
65
50
  attr_reader :error_class, :error_context, :trace
66
51
 
67
52
  def initialize(message:, error_context:, error_class: nil, trace: nil)
data/lib/dependabot/utils.rb CHANGED
@@ -4,6 +4,9 @@
4
4
  # dependabot-core.
5
5
  module Dependabot
6
6
  module Utils
7
+ BUMP_TMP_FILE_PREFIX = "dependabot_"
8
+ BUMP_TMP_DIR_PATH = "tmp"
9
+
7
10
  @version_classes = {}
8
11
 
9
12
  def self.version_class_for_package_manager(package_manager)
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.128.0"
4
+ VERSION = "0.129.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.128.0
4
+ version: 0.129.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-14 00:00:00.000000000 Z
11
+ date: 2021-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -292,28 +292,28 @@ dependencies:
292
292
  requirements:
293
293
  - - "~>"
294
294
  - !ruby/object:Gem::Version
295
- version: 1.6.0
295
+ version: 1.7.0
296
296
  type: :development
297
297
  prerelease: false
298
298
  version_requirements: !ruby/object:Gem::Requirement
299
299
  requirements:
300
300
  - - "~>"
301
301
  - !ruby/object:Gem::Version
302
- version: 1.6.0
302
+ version: 1.7.0
303
303
  - !ruby/object:Gem::Dependency
304
304
  name: simplecov
305
305
  requirement: !ruby/object:Gem::Requirement
306
306
  requirements:
307
307
  - - "~>"
308
308
  - !ruby/object:Gem::Version
309
- version: 0.20.0
309
+ version: 0.21.0
310
310
  type: :development
311
311
  prerelease: false
312
312
  version_requirements: !ruby/object:Gem::Requirement
313
313
  requirements:
314
314
  - - "~>"
315
315
  - !ruby/object:Gem::Version
316
- version: 0.20.0
316
+ version: 0.21.0
317
317
  - !ruby/object:Gem::Dependency
318
318
  name: simplecov-console
319
319
  requirement: !ruby/object:Gem::Requirement