dependabot-gradle 0.127.0 → 0.127.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 209f92297c17db791826c8a5159bbd542651d564fe3d96b3cbaf44d3f615acfd
-  data.tar.gz: b0b92d28f29f379fcb0bb307f30dcf5ecee298f3616560c21b538be8cae78ecb
+  metadata.gz: 7a411c5177e1d5fb791abde79c28e1bf3e8f6163f6955b059c7737d3b7487407
+  data.tar.gz: c3f5785b9e4ff1cd9a153605200c00117fb03890a006c0571fb70bc579637430
 SHA512:
-  metadata.gz: f2d1cc72f6db9f123cc31a8532550a1b0ab97249c3361381b52ef66e012e3e5b82d820b0125458ca54f6c9b47d175dc9a49f6bbfb399aa3118c486254d556550
-  data.tar.gz: d10be05e721c219c75611cc4cb944b6fe8c45d8958aaced978def5ca487043dc1f2e79d44223d1806dd1eb66cf46063e51b00df18ece8e35ce3a0b0781f557fa
+  metadata.gz: 8af89262dcdaa0cce5fb6790a222a09bb65ec32ccdfcfd2996a570760c15c4250fa627a02b1dcaf8e34ec30b07295c81d16d2c3379918091fe5d21572f5d754e
+  data.tar.gz: 9d67cc3cb9332c7df3a0360dd64adc6e5469b9f6cc354b5a62c33bdfe384a33b3b200562b9bac79d99d21ebeb5dd5bab709670c8b91970dd195fbcd1d2ac0a6e

data/lib/dependabot/gradle/file_fetcher.rb

@@ -8,12 +8,20 @@ module Dependabot
     class FileFetcher < Dependabot::FileFetchers::Base
       require_relative "file_fetcher/settings_file_parser"
 
+      SUPPORTED_BUILD_FILE_NAMES =
+        %w(build.gradle build.gradle.kts).freeze
+
+      SUPPORTED_SETTINGS_FILE_NAMES =
+        %w(settings.gradle settings.gradle.kts).freeze
+
       def self.required_files_in?(filenames)
-        filenames.include?("build.gradle")
+        filenames.any? do |filename|
+          SUPPORTED_BUILD_FILE_NAMES.include?(filename)
+        end
       end
 
       def self.required_files_message
-        "Repo must contain a build.gradle."
+        "Repo must contain a build.gradle / build.gradle.kts file."
       end
 
       private
@@ -27,7 +35,11 @@ module Dependabot
       end
 
       def buildfile
-        @buildfile ||= fetch_file_from_host("build.gradle")
+        @buildfile ||= begin
+          file = supported_build_file
+          @buildfile_name ||= file.name if file
+          fetch_file_from_host(file.name) if file
+        end
       end
 
       def subproject_buildfiles
@@ -39,7 +51,7 @@ module Dependabot
           subproject_paths
 
         subproject_paths.map do |path|
-          fetch_file_from_host(File.join(path, "build.gradle"))
+          fetch_file_from_host(File.join(path, @buildfile_name))
         rescue Dependabot::DependencyFileNotFound
           # Gradle itself doesn't worry about missing subprojects, so we don't
           nil
@@ -74,8 +86,28 @@ module Dependabot
       end
 
       def settings_file
-        @settings_file ||= fetch_file_from_host("settings.gradle")
-      rescue Dependabot::DependencyFileNotFound
+        @settings_file ||= begin
+          file = supported_settings_file
+          fetch_file_from_host(file.name) if file
+        rescue Dependabot::DependencyFileNotFound
+          nil
+        end
+      end
+
+      def supported_build_file
+        supported_file(SUPPORTED_BUILD_FILE_NAMES)
+      end
+
+      def supported_settings_file
+        supported_file(SUPPORTED_SETTINGS_FILE_NAMES)
+      end
+
+      def supported_file(supported_file_names)
+        supported_file_names.each do |supported_file_name|
+          file = fetch_file_if_present(supported_file_name)
+          return file if file
+        end
+
         nil
       end
     end

data/lib/dependabot/gradle/file_parser.rb

@@ -18,6 +18,8 @@ module Dependabot
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "file_parser/property_value_finder"
 
+      SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
+
       PROPERTY_REGEX =
         /
           (?:\$\{property\((?<property_name>[^:\s]*?)\)\})|
@@ -36,6 +38,7 @@ module Dependabot
       PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze
       PLUGIN_BLOCK_ENTRY_REGEX =
         /id\s+"(?<id>#{PART})"\s+version\s+"(?<version>#{VSN_PART})"/.freeze
+      PLUGIN_ID_REGEX = /['"](?<id>#{PART})['"]/.freeze
 
       def parse
         dependency_set = DependencySet.new
@@ -51,7 +54,7 @@ module Dependabot
       private
 
       def map_value_regex(key)
-        /(?:^|\s|,|\()#{Regexp.quote(key)}:\s*['"](?<value>[^'"]+)['"]/
+        /(?:^|\s|,|\()#{Regexp.quote(key)}(\s*=|:)\s*['"](?<value>[^'"]+)['"]/
       end
 
       def buildfile_dependencies(buildfile)
@@ -146,10 +149,11 @@ module Dependabot
 
         plugin_blocks.each do |blk|
           blk.lines.each do |line|
-            name    = line.match(/id\s+['"](?<id>#{PART})['"]/)&.
-                      named_captures&.fetch("id")
-            version = line.match(/version\s+['"](?<version>#{VSN_PART})['"]/)&.
-                      named_captures&.fetch("version")
+            name_regex = /id(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/
+            name = line.match(name_regex)&.named_captures&.fetch("id")
+            version_regex = /version\s+['"](?<version>#{VSN_PART})['"]/
+            version = line.match(version_regex)&.named_captures&.
+                fetch("version")
             next unless name && version
 
             details = { name: name, group: "plugins", version: version }
@@ -286,15 +290,16 @@ module Dependabot
       end
 
       def buildfiles
-        @buildfiles ||=
-          dependency_files.select { |f| f.name.end_with?("build.gradle") }
+        @buildfiles ||= dependency_files.select do |f|
+          f.name.end_with?(*SUPPORTED_BUILD_FILE_NAMES)
+        end
       end
 
       def script_plugin_files
         @script_plugin_files ||=
           buildfiles.flat_map do |buildfile|
             buildfile.content.
-              scan(/apply from:\s+['"]([^'"]+)['"]/).flatten.
+              scan(/apply from(\s+=|:)\s+['"]([^'"]+)['"]/).flatten.
               map { |f| dependency_files.find { |bf| bf.name == f } }.
               compact
           end.
@@ -302,7 +307,13 @@ module Dependabot
       end
 
       def check_required_files
-        raise "No build.gradle!" unless get_original_file("build.gradle")
+        raise "No build.gradle or build.gradle.kts!" unless original_file
+      end
+
+      def original_file
+        dependency_files.find do |f|
+          SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
+        end
       end
     end
   end

data/lib/dependabot/gradle/file_parser/property_value_finder.rb

@@ -7,6 +7,8 @@ module Dependabot
     class FileParser
       class PropertyValueFinder
         # rubocop:disable Layout/LineLength
+        SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
+
         QUOTED_VALUE_REGEX =
           /\s*['"][^\s]+['"]\s*/.freeze
 
@@ -15,20 +17,63 @@ module Dependabot
           /\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/.freeze
 
         # project.hasProperty('property') ? project.getProperty('property') :
-        HAS_PROPERTY_REGEX =
+        GROOVY_HAS_PROPERTY_REGEX =
           /\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s*:/.freeze
 
+        # if(project.hasProperty("property")) project.getProperty("property") else
+        KOTLIN_HAS_PROPERTY_REGEX =
+          /\s*if\s*\(project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\)\s+project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s+else\s+/.freeze
+
+        GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
+          /(?:#{FIND_PROPERTY_REGEX}|#{GROOVY_HAS_PROPERTY_REGEX})?/.freeze
+
+        KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
+          /(?:#{FIND_PROPERTY_REGEX}|#{KOTLIN_HAS_PROPERTY_REGEX})?/.freeze
+
         PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
-          /(?:#{FIND_PROPERTY_REGEX}|#{HAS_PROPERTY_REGEX})?/.freeze
+          /(#{GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}|#{KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX})?/.freeze
+
+        VALUE_REGEX =
+          /#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/.freeze
+
+        GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX =
+          /(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{VALUE_REGEX}/.freeze
+
+        KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX =
+          /\s*extra\[['"](?<name>[^\s=]+)['"]\]\s*=#{VALUE_REGEX}/.freeze
+
+        KOTLIN_SINGLE_PROPERTY_SET_REGEX =
+          /\s*set\(['"](?<name>[^\s=]+)['"]\s*,#{VALUE_REGEX}\)/.freeze
+
+        KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX =
+          /\s*extra\.#{KOTLIN_SINGLE_PROPERTY_SET_REGEX}/.freeze
+
+        KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX =
+          /(#{KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX}|#{KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX})/.freeze
 
         SINGLE_PROPERTY_DECLARATION_REGEX =
-          /(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/.freeze
+          /(#{KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX}|#{GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX})/.freeze
 
-        MULTI_PROPERTY_DECLARATION_REGEX =
+        GROOVY_MULTI_PROPERTY_DECLARATION_REGEX =
           /(?:^|\s+|ext.)(?<namespace>[^\s=]+)\s*=\s*\[(?<values>[^\]]+)\]/m.freeze
 
+        KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX =
+          /\s*(?<namespace>[^\s=]+)\.apply\s*{(?<values>[^\]]+)}/m.freeze
+
+        KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX =
+          /\s*extra\[['"](?<namespace>[^\s=]+)['"]\]\s*=\s*mapOf\((?<values>[^\]]+)\)/m.freeze
+
+        MULTI_PROPERTY_DECLARATION_REGEX =
+          /(#{KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX}|#{GROOVY_MULTI_PROPERTY_DECLARATION_REGEX})/.freeze
+
+        KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX =
+          /(?:^|\s+)['"](?<name>[^\s:]+)['"]\s*to#{VALUE_REGEX}\s*/.freeze
+
+        REGULAR_NAMESPACED_DECLARATION_REGEX =
+          /(?:^|\s+)(?<name>[^\s:]+)\s*[:=]#{VALUE_REGEX}\s*/.freeze
+
         NAMESPACED_DECLARATION_REGEX =
-          /(?:^|\s+)(?<name>[^\s:]+)\s*:#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]\s*/.freeze
+          /(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})/.freeze
         # rubocop:enable Layout/LineLength
 
         def initialize(dependency_files:)
@@ -78,6 +123,9 @@ module Dependabot
           @properties[buildfile.name].
             merge!(fetch_single_property_declarations(buildfile))
 
+          @properties[buildfile.name].
+            merge!(fetch_kotlin_block_property_declarations(buildfile))
+
           @properties[buildfile.name].
             merge!(fetch_multi_property_declarations(buildfile))
 
@@ -104,6 +152,36 @@ module Dependabot
           properties
         end
 
+        def fetch_kotlin_block_property_declarations(buildfile)
+          properties = {}
+
+          prepared_content(buildfile).
+            scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
+              captures = Regexp.last_match.named_captures
+              namespace = captures.fetch("namespace")
+
+              captures.fetch("values").
+                scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
+                  declaration_string = Regexp.last_match.to_s.strip
+                  sub_captures = Regexp.last_match.named_captures
+                  name = sub_captures.fetch("name")
+                  full_name = if namespace == "extra"
+                                name
+                              else
+                                [namespace, name].join(".")
+                              end
+
+                  properties[full_name] = {
+                    value: sub_captures.fetch("value"),
+                    declaration_string: declaration_string,
+                    file: buildfile.name
+                  }
+                end
+            end
+
+          properties
+        end
+
         def fetch_multi_property_declarations(buildfile)
           properties = {}
 
@@ -136,8 +214,9 @@ module Dependabot
         end
 
         def top_level_buildfile
-          @top_level_buildfile ||=
-            dependency_files.find { |f| f.name == "build.gradle" }
+          @top_level_buildfile ||= dependency_files.find do |f|
+            SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
+          end
         end
       end
     end

data/lib/dependabot/gradle/file_parser/repositories_finder.rb

@@ -6,15 +6,24 @@ module Dependabot
   module Gradle
     class FileParser
       class RepositoriesFinder
+        SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
+
         # The Central Repo doesn't have special status for Gradle, but until
         # we're confident we're selecting repos correctly it's wise to include
         # it as a default.
         CENTRAL_REPO_URL = "https://repo.maven.apache.org/maven2"
 
         REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze
-        MAVEN_REPO_REGEX =
+
+        GROOVY_MAVEN_REPO_REGEX =
           /maven\s*\{[^\}]*\surl[\s\(]\s*['"](?<url>[^'"]+)['"]/.freeze
 
+        KOTLIN_MAVEN_REPO_REGEX =
+          /maven\(['"](?<url>[^'"]+)['"]\)/.freeze
+
+        MAVEN_REPO_REGEX =
+          /(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/.freeze
+
         def initialize(dependency_files:, target_dependency_file:)
           @dependency_files = dependency_files
           @target_dependency_file = target_dependency_file
@@ -130,8 +139,9 @@ module Dependabot
         end
 
         def top_level_buildfile
-          @top_level_buildfile ||=
-            dependency_files.find { |f| f.name == "build.gradle" }
+          @top_level_buildfile ||= dependency_files.find do |f|
+            SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
+          end
         end
       end
     end

data/lib/dependabot/gradle/file_updater.rb

@@ -10,8 +10,10 @@ module Dependabot
       require_relative "file_updater/dependency_set_updater"
       require_relative "file_updater/property_value_updater"
 
+      SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
+
       def self.updated_files_regex
-        [/^build\.gradle$/, %r{/build\.gradle$}]
+        [/^build\.gradle(\.kts)?$/, %r{/build\.gradle(\.kts)?$}]
       end
 
       def updated_dependency_files
@@ -38,7 +40,13 @@ module Dependabot
       private
 
       def check_required_files
-        raise "No build.gradle!" unless get_original_file("build.gradle")
+        raise "No build.gradle or build.gradle.kts!" unless original_file
+      end
+
+      def original_file
+        dependency_files.find do |f|
+          SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
+        end
       end
 
       def update_buildfiles_for_dependency(buildfiles:, dependency:)
@@ -131,7 +139,8 @@ module Dependabot
             next false unless line.include?(dependency.name.split(":").first)
             next false unless line.include?(dependency.name.split(":").last)
           else
-            name_regex = /id\s+['"]#{Regexp.quote(dependency.name)}['"]/
+            name_regex_value = /['"]#{Regexp.quote(dependency.name)}['"]/
+            name_regex = /id(\s+#{name_regex_value}|\(#{name_regex_value}\))/
             next false unless line.match?(name_regex)
           end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.127.0
+  version: 0.127.1
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.127.0
+        version: 0.127.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.127.0
+        version: 0.127.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement