dependabot-common 0.95.1 → 0.95.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5b58d3a338e6b53ed32caf20c73246343b473d893d8b9bfdcebec27a4952f28
-  data.tar.gz: 6f0a68be8b3c8c23580023d0215c98fb459499478420876141cbb1ffb3a6a3d2
+  metadata.gz: 9f7232935dc073586ef8ecbb1ef3adfea19541485f74211cefd33c9025d30d01
+  data.tar.gz: e1516d883396351cdcc282a93f6b11c30c94128d9b176b698c46067772ca5fc7
 SHA512:
-  metadata.gz: 97ae77d64fe1a218a570484b22d8a959bd83b7a7ae9e6664b3874e84f0f187b6e86af8a67398ffc54833d26d4a6c2f78b1f7608f393bbf1f550088dada571d59
-  data.tar.gz: e9fba893c1a85c334142e7661c739dc602fc1d3e51352ff2a2443f424bd29e008b043a6ec25ba3f372467b1d06cf20f359b592350102c2397f39f76ca4953dc2
+  metadata.gz: 0b529b1074403b82ba80cfb22f99b3ac3e1231a99b96b54b86eb49974cf95e7ee95d3cf12e1d9d2bc6d7536713ec8510a8cb7c29063a0263f73d67687f0e7e9e
+  data.tar.gz: a0de54b828ee9958e0d6906a1cd09603f908460303dfb5eec3f55be4af48d44557edd80b666e40bde523687056f1e09a70dadef7bdd9edde354920646f1daacb

data/lib/dependabot.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+module Dependabot
+end

data/lib/dependabot/clients/bitbucket.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+require "dependabot/shared_helpers"
+require "excon"
+
+module Dependabot
+  module Clients
+    class Bitbucket
+      class NotFound < StandardError; end
+      class Unauthorized < StandardError; end
+      class Forbidden < StandardError; end
+
+      #######################
+      # Constructor methods #
+      #######################
+
+      def self.for_bitbucket_dot_org(credentials:)
+        credential =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          find { |cred| cred["host"] == "bitbucket.org" }
+
+        new(credential)
+      end
+
+      ##########
+      # Client #
+      ##########
+
+      def initialize(credentials)
+        @credentials = credentials
+      end
+
+      def fetch_commit(repo, branch)
+        path = "#{repo}/refs/branches/#{branch}"
+        response = get(base_url + path)
+
+        JSON.parse(response.body).fetch("target").fetch("hash")
+      end
+
+      def fetch_default_branch(repo)
+        response = get(base_url + repo)
+
+        JSON.parse(response.body).fetch("mainbranch").fetch("name")
+      end
+
+      def fetch_repo_contents(repo, commit = nil, path = nil)
+        raise "Commit is required if path provided!" if commit.nil? && path
+
+        api_path = "#{repo}/src"
+        api_path += "/#{commit}" if commit
+        api_path += "/#{path.gsub(%r{/+$}, '')}" if path
+        api_path += "?pagelen=100"
+        response = get(base_url + api_path)
+
+        JSON.parse(response.body).fetch("values")
+      end
+
+      def fetch_file_contents(repo, commit, path)
+        path = "#{repo}/src/#{commit}/#{path.gsub(%r{/+$}, '')}"
+        response = get(base_url + path)
+
+        response.body
+      end
+
+      def tags(repo)
+        path = "#{repo}/refs/tags?pagelen=100"
+        response = get(base_url + path)
+
+        JSON.parse(response.body).fetch("values")
+      end
+
+      def compare(repo, previous_tag, new_tag)
+        path = "#{repo}/commits/?include=#{new_tag}&exclude=#{previous_tag}"
+        response = get(base_url + path)
+
+        JSON.parse(response.body).fetch("values")
+      end
+
+      def get(url)
+        response = Excon.get(
+          url,
+          user: credentials&.fetch("username"),
+          password: credentials&.fetch("password"),
+          idempotent: true,
+          **Dependabot::SharedHelpers.excon_defaults
+        )
+        raise Unauthorized if response.status == 401
+        raise Forbidden if response.status == 403
+        raise NotFound if response.status == 404
+
+        response
+      end
+
+      private
+
+      attr_reader :credentials
+
+      def base_url
+        # TODO: Make this configurable when we support enterprise Bitbucket
+        "https://api.bitbucket.org/2.0/repositories/"
+      end
+    end
+  end
+end

data/lib/dependabot/clients/github_with_retries.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+require "octokit"
+
+module Dependabot
+  module Clients
+    class GithubWithRetries
+      DEFAULT_CLIENT_ARGS = {
+        connection_options: {
+          request: {
+            open_timeout: 2,
+            timeout: 5
+          }
+        }
+      }.freeze
+
+      RETRYABLE_ERRORS = [
+        Faraday::ConnectionFailed,
+        Faraday::TimeoutError,
+        Octokit::InternalServerError,
+        Octokit::BadGateway
+      ].freeze
+
+      #######################
+      # Constructor methods #
+      #######################
+
+      def self.for_source(source:, credentials:)
+        access_tokens =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          select { |cred| cred["host"] == source.hostname }.
+          map { |cred| cred.fetch("password") }
+
+        new(
+          access_tokens: access_tokens,
+          api_endpoint: source.api_endpoint
+        )
+      end
+
+      def self.for_github_dot_com(credentials:)
+        access_tokens =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          select { |cred| cred["host"] == "github.com" }.
+          map { |cred| cred.fetch("password") }
+
+        new(access_tokens: access_tokens)
+      end
+
+      #################
+      # VCS Interface #
+      #################
+
+      def fetch_commit(repo, branch)
+        response = ref(repo, "heads/#{branch}")
+
+        raise Octokit::NotFound if response.is_a?(Array)
+
+        response.object.sha
+      end
+
+      def fetch_default_branch(repo)
+        repository(repo).default_branch
+      end
+
+      ############
+      # Proxying #
+      ############
+
+      def initialize(max_retries: 3, **args)
+        args = DEFAULT_CLIENT_ARGS.merge(args)
+
+        access_tokens = args.delete(:access_tokens) || []
+        access_tokens << args[:access_token] if args[:access_token]
+        access_tokens << nil if access_tokens.empty?
+        access_tokens.uniq!
+
+        @max_retries = max_retries || 3
+        @clients = access_tokens.map do |token|
+          Octokit::Client.new(args.merge(access_token: token))
+        end
+      end
+
+      def method_missing(method_name, *args, &block)
+        untried_clients = @clients.dup
+        client = untried_clients.pop
+
+        begin
+          retry_connection_failures do
+            if client.respond_to?(method_name)
+              mutatable_args = args.map(&:dup)
+              client.public_send(method_name, *mutatable_args, &block)
+            else
+              super
+            end
+          end
+        rescue Octokit::NotFound, Octokit::Unauthorized, Octokit::Forbidden
+          raise unless (client = untried_clients.pop)
+
+          retry
+        end
+      end
+
+      def respond_to_missing?(method_name, include_private = false)
+        @clients.first.respond_to?(method_name) || super
+      end
+
+      def retry_connection_failures
+        retry_attempt = 0
+
+        begin
+          yield
+        rescue *RETRYABLE_ERRORS
+          retry_attempt += 1
+          retry_attempt <= @max_retries ? retry : raise
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/clients/gitlab.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require "gitlab"
+
+module Dependabot
+  module Clients
+    class Gitlab
+      #######################
+      # Constructor methods #
+      #######################
+
+      def self.for_source(source:, credentials:)
+        access_token =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          find { |cred| cred["host"] == source.hostname }&.
+          fetch("password")
+
+        new(
+          endpoint: source.api_endpoint,
+          private_token: access_token || ""
+        )
+      end
+
+      def self.for_gitlab_dot_com(credentials:)
+        access_token =
+          credentials.
+          select { |cred| cred["type"] == "git_source" }.
+          find { |cred| cred["host"] == "gitlab.com" }&.
+          fetch("password")
+
+        new(
+          endpoint: "https://gitlab.com/api/v4",
+          private_token: access_token || ""
+        )
+      end
+
+      #################
+      # VCS Interface #
+      #################
+
+      def fetch_commit(repo, branch)
+        branch(repo, branch).commit.id
+      end
+
+      def fetch_default_branch(repo)
+        project(repo).default_branch
+      end
+
+      ############
+      # Proxying #
+      ############
+
+      def initialize(**args)
+        @client = ::Gitlab::Client.new(args)
+      end
+
+      def method_missing(method_name, *args, &block)
+        if @client.respond_to?(method_name)
+          mutatable_args = args.map(&:dup)
+          @client.public_send(method_name, *mutatable_args, &block)
+        else
+          super
+        end
+      end
+
+      def respond_to_missing?(method_name, include_private = false)
+        @client.respond_to?(method_name) || super
+      end
+    end
+  end
+end

data/lib/dependabot/dependency.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+require "rubygems_version_patch"
+
+module Dependabot
+  class Dependency
+    @production_checks = {}
+
+    def self.production_check_for_package_manager(package_manager)
+      production_check = @production_checks[package_manager]
+      return production_check if production_check
+
+      raise "Unsupported package_manager #{package_manager}"
+    end
+
+    def self.register_production_check(package_manager, production_check)
+      @production_checks[package_manager] = production_check
+    end
+
+    attr_reader :name, :version, :requirements, :package_manager,
+                :previous_version, :previous_requirements
+
+    def initialize(name:, requirements:, package_manager:, version: nil,
+                   previous_version: nil, previous_requirements: nil)
+      @name = name
+      @version = version
+      @requirements = requirements.map { |req| symbolize_keys(req) }
+      @previous_version = previous_version
+      @previous_requirements =
+        previous_requirements&.map { |req| symbolize_keys(req) }
+      @package_manager = package_manager
+
+      check_values
+    end
+
+    def top_level?
+      requirements.any?
+    end
+
+    def to_h
+      {
+        "name" => name,
+        "version" => version,
+        "requirements" => requirements,
+        "previous_version" => previous_version,
+        "previous_requirements" => previous_requirements,
+        "package_manager" => package_manager
+      }
+    end
+
+    def appears_in_lockfile?
+      previous_version || (version && previous_requirements.nil?)
+    end
+
+    def production?
+      return true unless top_level?
+
+      groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
+
+      self.class.
+        production_check_for_package_manager(package_manager).
+        call(groups)
+    end
+
+    def display_name
+      return name unless %w(maven gradle).include?(package_manager)
+
+      name.split(":").last
+    end
+
+    def ==(other)
+      other.instance_of?(self.class) && to_h == other.to_h
+    end
+
+    def hash
+      to_h.hash
+    end
+
+    def eql?(other)
+      self.==(other)
+    end
+
+    private
+
+    def check_values
+      if [version, previous_version].any? { |v| v == "" }
+        raise ArgumentError, "blank strings must not be provided as versions"
+      end
+
+      requirement_fields = [requirements, previous_requirements].compact
+      unless requirement_fields.all? { |r| r.is_a?(Array) } &&
+             requirement_fields.flatten.all? { |r| r.is_a?(Hash) }
+        raise ArgumentError, "requirements must be an array of hashes"
+      end
+
+      required_keys = %i(requirement file groups source)
+      optional_keys = %i(metadata)
+      unless requirement_fields.flatten.
+             all? { |r| required_keys.sort == (r.keys - optional_keys).sort }
+        raise ArgumentError, "each requirement must have the following "\
+                             "required keys: #{required_keys.join(', ')}."\
+                             "Optionally, it may have the following keys: "\
+                             "#{optional_keys.join(', ')}."
+      end
+
+      return if requirement_fields.flatten.none? { |r| r[:requirement] == "" }
+
+      raise ArgumentError, "blank strings must not be provided as requirements"
+    end
+
+    def symbolize_keys(hash)
+      Hash[hash.keys.map { |k| [k.to_sym, hash[k]] }]
+    end
+  end
+end

data/lib/dependabot/dependency_file.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "pathname"
+
+module Dependabot
+  class DependencyFile
+    attr_accessor :name, :content, :directory, :type, :support_file
+
+    def initialize(name:, content:, directory: "/", type: "file",
+                   support_file: false)
+      @name = name
+      @content = content
+      @directory = clean_directory(directory)
+      @support_file = support_file
+
+      # Type is used *very* sparingly. It lets the git_modules updater know that
+      # a "file" is actually a submodule, and lets our Go updaters know which
+      # file represents the main.go.
+      # New use cases should be avoided if at all possible (and use the
+      # support_file flag instead)
+      @type = type
+    end
+
+    def to_h
+      {
+        "name" => name,
+        "content" => content,
+        "directory" => directory,
+        "type" => type
+      }
+    end
+
+    def path
+      Pathname.new(File.join(directory, name)).cleanpath.to_path
+    end
+
+    def ==(other)
+      other.instance_of?(self.class) && to_h == other.to_h
+    end
+
+    def hash
+      to_h.hash
+    end
+
+    def eql?(other)
+      self.==(other)
+    end
+
+    def support_file?
+      @support_file
+    end
+
+    private
+
+    def clean_directory(directory)
+      # Directory should always start with a `/`
+      directory.sub(%r{^/*}, "/")
+    end
+  end
+end