dependabot-core 0.83.2 → 0.84.0

data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb

@@ -1,90 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_parsers/java/gradle"
-
-module Dependabot
-  module FileParsers
-    module Java
-      class Gradle
-        class PropertyValueFinder
-          PROPERTY_DECLARATION_REGEX =
-            /(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=\s*['"](?<value>[^\s]+)['"]/.
-            freeze
-
-          def initialize(dependency_files:)
-            @dependency_files = dependency_files
-          end
-
-          def property_details(property_name:, callsite_buildfile:)
-            # If the root project was specified, just look in the top-level
-            # buildfile
-            if property_name.start_with?("rootProject.")
-              property_name = property_name.sub("rootProject.", "")
-              return properties(top_level_buildfile).fetch(property_name, nil)
-            end
-
-            # If this project was specified strip the specifier
-            if property_name.start_with?("project.")
-              property_name = property_name.sub("project.", "")
-            end
-
-            # If a `properties` prefix was specified strip that out, too
-            if property_name.start_with?("properties.")
-              property_name = property_name.sub("properties.", "")
-            end
-
-            # Look for a property in the callsite buildfile. If that fails, look
-            # for the property in the top-level buildfile
-            if properties(callsite_buildfile).fetch(property_name, nil)
-              return properties(callsite_buildfile).fetch(property_name)
-            end
-
-            properties(top_level_buildfile).fetch(property_name, nil)
-          end
-
-          def property_value(property_name:, callsite_buildfile:)
-            property_details(
-              property_name: property_name,
-              callsite_buildfile: callsite_buildfile
-            )&.fetch(:value)
-          end
-
-          private
-
-          attr_reader :dependency_files
-
-          def properties(buildfile)
-            @properties ||= {}
-            return @properties[buildfile.name] if @properties[buildfile.name]
-
-            @properties[buildfile.name] = {}
-            prepared_content(buildfile).scan(PROPERTY_DECLARATION_REGEX) do
-              declaration_string = Regexp.last_match.to_s.strip
-              captures = Regexp.last_match.named_captures
-              name = captures.fetch("name").sub(/^ext\./, "")
-              @properties[buildfile.name][name] = {
-                value: captures.fetch("value"),
-                declaration_string: declaration_string,
-                file: buildfile.name
-              }
-            end
-
-            @properties[buildfile.name]
-          end
-
-          def prepared_content(buildfile)
-            # Remove any comments
-            buildfile.content.
-              gsub(%r{(?<=^|\s)//.*$}, "\n").
-              gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
-          end
-
-          def top_level_buildfile
-            @top_level_buildfile ||=
-              dependency_files.find { |f| f.name == "build.gradle" }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb

@@ -1,145 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_parsers/java/gradle"
-
-module Dependabot
-  module FileParsers
-    module Java
-      class Gradle
-        class RepositoriesFinder
-          # The Central Repo doesn't have special status for Gradle, but until
-          # we're confident we're selecting repos correctly it's wise to include
-          # it as a default.
-          CENTRAL_REPO_URL = "https://repo.maven.apache.org/maven2"
-
-          REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze
-          MAVEN_REPO_REGEX =
-            /maven\s*\{[^\}]*\surl[\s\(]\s*['"](?<url>[^'"]+)['"]/.freeze
-
-          def initialize(dependency_files:, target_dependency_file:)
-            @dependency_files = dependency_files
-            @target_dependency_file = target_dependency_file
-            raise "No target file!" unless target_dependency_file
-          end
-
-          def repository_urls
-            repository_urls = []
-            repository_urls += inherited_repository_urls
-            repository_urls += own_buildfile_repository_urls
-            repository_urls = repository_urls.uniq
-
-            return repository_urls unless repository_urls.empty?
-
-            [CENTRAL_REPO_URL]
-          end
-
-          private
-
-          attr_reader :dependency_files, :target_dependency_file
-
-          def inherited_repository_urls
-            return [] unless top_level_buildfile
-
-            buildfile_content = comment_free_content(top_level_buildfile)
-            subproject_blocks = []
-
-            buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
-              mtch = Regexp.last_match
-              subproject_blocks <<
-                mtch.post_match[0..closing_bracket_index(mtch.post_match)]
-            end
-
-            if top_level_buildfile != target_dependency_file
-              buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
-                mtch = Regexp.last_match
-                subproject_blocks <<
-                  mtch.post_match[0..closing_bracket_index(mtch.post_match)]
-              end
-            end
-
-            repository_urls_from(subproject_blocks.join("\n"))
-          end
-
-          def own_buildfile_repository_urls
-            buildfile_content = comment_free_content(target_dependency_file)
-
-            buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
-              mtch = Regexp.last_match
-              buildfile_content.gsub!(
-                mtch.post_match[0..closing_bracket_index(mtch.post_match)],
-                ""
-              )
-            end
-
-            repository_urls_from(buildfile_content)
-          end
-
-          def repository_urls_from(buildfile_content)
-            repository_urls = []
-
-            repository_blocks = []
-            buildfile_content.scan(REPOSITORIES_BLOCK_START) do
-              mtch = Regexp.last_match
-              repository_blocks <<
-                mtch.post_match[0..closing_bracket_index(mtch.post_match)]
-            end
-
-            repository_blocks.each do |block|
-              if block.include?(" google(")
-                repository_urls << "https://maven.google.com/"
-              end
-
-              if block.include?(" mavenCentral(")
-                repository_urls << "https://repo.maven.apache.org/maven2/"
-              end
-
-              if block.include?(" jcenter(")
-                repository_urls << "https://jcenter.bintray.com/"
-              end
-
-              block.scan(MAVEN_REPO_REGEX) do
-                repository_urls << Regexp.last_match.named_captures.fetch("url")
-              end
-            end
-
-            repository_urls.
-              map { |url| url.strip.gsub(%r{/$}, "") }.
-              select { |url| valid_url?(url) }.
-              uniq
-          end
-
-          def closing_bracket_index(string)
-            closes_required = 1
-
-            string.chars.each_with_index do |char, index|
-              closes_required += 1 if char == "{"
-              closes_required -= 1 if char == "}"
-              return index if closes_required.zero?
-            end
-          end
-
-          def valid_url?(url)
-            # Reject non-http URLs because they're probably parsing mistakes
-            return false unless url.start_with?("http")
-
-            URI.parse(url)
-            true
-          rescue URI::InvalidURIError
-            false
-          end
-
-          def comment_free_content(buildfile)
-            buildfile.content.
-              gsub(%r{(?<=^|\s)//.*$}, "\n").
-              gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
-          end
-
-          def top_level_buildfile
-            @top_level_buildfile ||=
-              dependency_files.find { |f| f.name == "build.gradle" }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/java/gradle.rb

@@ -1,176 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/base"
-require "dependabot/file_parsers/java/gradle"
-
-module Dependabot
-  module FileUpdaters
-    module Java
-      class Gradle < Dependabot::FileUpdaters::Base
-        require_relative "gradle/dependency_set_updater"
-        require_relative "gradle/property_value_updater"
-
-        def self.updated_files_regex
-          [/^build\.gradle$/, %r{/build\.gradle$}]
-        end
-
-        def updated_dependency_files
-          updated_files = buildfiles.dup
-
-          # Loop through each of the changed requirements, applying changes to
-          # all buildfiles for that change. Note that the logic is different
-          # here to other languages because Java has property inheritance across
-          # files (although we're not supporting it for gradle yet).
-          dependencies.each do |dependency|
-            updated_files = update_buildfiles_for_dependency(
-              buildfiles: updated_files,
-              dependency: dependency
-            )
-          end
-
-          updated_files = updated_files.reject { |f| buildfiles.include?(f) }
-
-          raise "No files changed!" if updated_files.none?
-
-          updated_files
-        end
-
-        private
-
-        def check_required_files
-          raise "No build.gradle!" unless get_original_file("build.gradle")
-        end
-
-        def update_buildfiles_for_dependency(buildfiles:, dependency:)
-          files = buildfiles.dup
-
-          # The UpdateChecker ensures the order of requirements is preserved
-          # when updating, so we can zip them together in new/old pairs.
-          reqs = dependency.requirements.zip(dependency.previous_requirements).
-                 reject { |new_req, old_req| new_req == old_req }
-
-          # Loop through each changed requirement and update the buildfiles
-          reqs.each do |new_req, old_req|
-            raise "Bad req match" unless new_req[:file] == old_req[:file]
-            next if new_req[:requirement] == old_req[:requirement]
-
-            buildfile = files.find { |f| f.name == new_req.fetch(:file) }
-
-            if new_req.dig(:metadata, :property_name)
-              files = update_files_for_property_change(files, old_req, new_req)
-            elsif new_req.dig(:metadata, :dependency_set)
-              files = update_files_for_dep_set_change(files, old_req, new_req)
-            else
-              files[files.index(buildfile)] =
-                update_version_in_buildfile(
-                  dependency,
-                  buildfile,
-                  old_req,
-                  new_req
-                )
-            end
-          end
-
-          files
-        end
-
-        def update_files_for_property_change(buildfiles, old_req, new_req)
-          files = buildfiles.dup
-          property_name = new_req.fetch(:metadata).fetch(:property_name)
-          buildfile = files.find { |f| f.name == new_req.fetch(:file) }
-
-          PropertyValueUpdater.new(dependency_files: files).
-            update_files_for_property_change(
-              property_name: property_name,
-              callsite_buildfile: buildfile,
-              previous_value: old_req.fetch(:requirement),
-              updated_value: new_req.fetch(:requirement)
-            )
-        end
-
-        def update_files_for_dep_set_change(buildfiles, old_req, new_req)
-          files = buildfiles.dup
-          dependency_set = new_req.fetch(:metadata).fetch(:dependency_set)
-          buildfile = files.find { |f| f.name == new_req.fetch(:file) }
-
-          DependencySetUpdater.new(dependency_files: files).
-            update_files_for_dep_set_change(
-              dependency_set: dependency_set,
-              buildfile: buildfile,
-              previous_requirement: old_req.fetch(:requirement),
-              updated_requirement: new_req.fetch(:requirement)
-            )
-        end
-
-        def update_version_in_buildfile(dependency, buildfile, previous_req,
-                                        requirement)
-          updated_content =
-            buildfile.content.gsub(
-              original_buildfile_declaration(dependency, previous_req),
-              updated_buildfile_declaration(
-                dependency,
-                previous_req,
-                requirement
-              )
-            )
-
-          if updated_content == buildfile.content
-            raise "Expected content to change!"
-          end
-
-          updated_file(file: buildfile, content: updated_content)
-        end
-
-        def original_buildfile_declaration(dependency, requirement)
-          # This implementation is limited to declarations that appear on a
-          # single line.
-          buildfile = buildfiles.find { |f| f.name == requirement.fetch(:file) }
-          buildfile.content.lines.find do |line|
-            line = evaluate_properties(line, buildfile)
-            next false unless line.include?(dependency.name.split(":").first)
-            next false unless line.include?(dependency.name.split(":").last)
-
-            line.include?(requirement.fetch(:requirement))
-          end
-        end
-
-        def evaluate_properties(string, buildfile)
-          result = string.dup
-
-          string.scan(FileParsers::Java::Gradle::PROPERTY_REGEX) do
-            prop_name = Regexp.last_match.named_captures.fetch("property_name")
-            property_value = property_value_finder.property_value(
-              property_name: prop_name,
-              callsite_buildfile: buildfile
-            )
-            next unless property_value
-
-            result.sub!(Regexp.last_match.to_s, property_value)
-          end
-
-          result
-        end
-
-        def property_value_finder
-          @property_value_finder ||=
-            FileParsers::Java::Gradle::PropertyValueFinder.
-            new(dependency_files: dependency_files)
-        end
-
-        def updated_buildfile_declaration(dependency, previous_req, requirement)
-          original_req_string = previous_req.fetch(:requirement)
-
-          original_buildfile_declaration(dependency, previous_req).gsub(
-            original_req_string,
-            requirement.fetch(:requirement)
-          )
-        end
-
-        def buildfiles
-          @buildfiles ||=
-            dependency_files.select { |f| f.name.end_with?("build.gradle") }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_parsers/java/gradle"
-require "dependabot/file_updaters/java/gradle"
-
-module Dependabot
-  module FileUpdaters
-    module Java
-      class Gradle
-        class DependencySetUpdater
-          def initialize(dependency_files:)
-            @dependency_files = dependency_files
-          end
-
-          def update_files_for_dep_set_change(dependency_set:,
-                                              buildfile:,
-                                              previous_requirement:,
-                                              updated_requirement:)
-            declaration_string =
-              original_declaration_string(dependency_set, buildfile)
-
-            return dependency_files unless declaration_string
-
-            updated_content = buildfile.content.sub(
-              declaration_string,
-              declaration_string.sub(
-                previous_requirement,
-                updated_requirement
-              )
-            )
-
-            updated_files = dependency_files.dup
-            updated_files[updated_files.index(buildfile)] =
-              update_file(file: buildfile, content: updated_content)
-
-            updated_files
-          end
-
-          private
-
-          attr_reader :dependency_files
-
-          def original_declaration_string(dependency_set, buildfile)
-            regex = FileParsers::Java::Gradle::DEPENDENCY_SET_DECLARATION_REGEX
-            dependency_sets = []
-            buildfile.content.scan(regex) do
-              dependency_sets << Regexp.last_match.to_s
-            end
-
-            dependency_sets.find do |mtch|
-              next unless mtch.include?(dependency_set[:group])
-
-              mtch.include?(dependency_set[:version])
-            end
-          end
-
-          def update_file(file:, content:)
-            updated_file = file.dup
-            updated_file.content = content
-            updated_file
-          end
-        end
-      end
-    end
-  end
-end