dependabot-maven 0.140.3 → 0.141.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/metadata_finder.rb +5 -17
  3. data/lib/dependabot/maven/update_checker/version_finder.rb +16 -12
  4. data/lib/dependabot/maven/utils/auth_headers_finder.rb +56 -0
  5. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: faa01084789ce9d35656ae869fec4869cca61e2df243e1ddaeb74b2282c8c314
4
- data.tar.gz: 665edebdc3fbdd17a11e19952df56a2e9025f3e93ff13bdab68a53f11c2676d0
3
+ metadata.gz: 151a0ba3ce7459d72866cfb1f41905cf273d8511aba880175ee61425b1d926ca
4
+ data.tar.gz: b2608b35aed7d66344017049d42c0a245a5611f475768c21a711a82d929180d1
5
5
  SHA512:
6
- metadata.gz: 53fc158fc5e63b88681d89a3561167331012accf9765a8be2d49840679ac654eb7116058155d5ccc4f32732979c7dcdf8f67cbdfcbf898fdd9e8eb8d4edc8c5e
7
- data.tar.gz: 3dc3738180ca20c9894b915dde558c49830fef8f93ea9de75604e46bf360662d6fe7a4b880218fee3abf57ccebdb440b7e6873d8e2a3655a85c7f02b06f57626
6
+ metadata.gz: 56eee00d65f6ffcd920792299fc18a5478e1989d0a982ad7b1e717d87cace69b39ffc467d40fe8afd723f1a2f0225b164497812670d9d3128bb389f9748cce94
7
+ data.tar.gz: 597decbc541d8dbabb9fb9cf193cee11bd7e75523be05177e3dd5dcd813b85317d1815801c923870e4e37c9e306552614fcf388fcdfba578d0133ea500672e3a
data/lib/dependabot/maven/metadata_finder.rb CHANGED
@@ -6,6 +6,7 @@ require "dependabot/metadata_finders/base"
6
6
  require "dependabot/file_fetchers/base"
7
7
  require "dependabot/maven/file_parser"
8
8
  require "dependabot/maven/file_parser/repositories_finder"
9
+ require "dependabot/maven/utils/auth_headers_finder"
9
10
 
10
11
  module Dependabot
11
12
  module Maven
@@ -104,7 +105,7 @@ module Dependabot
104
105
  "#{dependency.version}/"\
105
106
  "#{dependency_artifact_id}-#{dependency.version}.pom",
106
107
  idempotent: true,
107
- **SharedHelpers.excon_defaults(headers: auth_details)
108
+ **SharedHelpers.excon_defaults(headers: auth_headers)
108
109
  )
109
110
 
110
111
  @dependency_pom_file = Nokogiri::XML(response.body)
@@ -135,7 +136,7 @@ module Dependabot
135
136
  response = Excon.get(
136
137
  substitute_properties_in_source_url(url, pom),
137
138
  idempotent: true,
138
- **SharedHelpers.excon_defaults(headers: auth_details)
139
+ **SharedHelpers.excon_defaults(headers: auth_headers)
139
140
  )
140
141
 
141
142
  Nokogiri::XML(response.body)
@@ -156,21 +157,8 @@ module Dependabot
156
157
  "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}"
157
158
  end
158
159
 
159
- def auth_details
160
- cred =
161
- credentials.select { |c| c["type"] == "maven_repository" }.
162
- find do |c|
163
- cred_url = c.fetch("url").gsub(%r{/+$}, "")
164
- next false unless cred_url == maven_repo_url
165
-
166
- c.fetch("username", nil)
167
- end
168
-
169
- return {} unless cred
170
-
171
- token = cred.fetch("username") + ":" + cred.fetch("password")
172
- encoded_token = Base64.encode64(token).delete("\n")
173
- { "Authorization" => "Basic #{encoded_token}" }
160
+ def auth_headers
161
+ @auth_headers ||= Utils::AuthHeadersFinder.new(credentials).auth_headers(maven_repo_url)
174
162
  end
175
163
  end
176
164
  end
data/lib/dependabot/maven/update_checker/version_finder.rb CHANGED
@@ -6,6 +6,7 @@ require "dependabot/maven/file_parser/repositories_finder"
6
6
  require "dependabot/maven/update_checker"
7
7
  require "dependabot/maven/version"
8
8
  require "dependabot/maven/requirement"
9
+ require "dependabot/maven/utils/auth_headers_finder"
9
10
 
10
11
  module Dependabot
11
12
  module Maven
@@ -152,10 +153,8 @@ module Dependabot
152
153
  url = repository_details.fetch("url")
153
154
  response = Excon.head(
154
155
  dependency_files_url(url, version),
155
- user: repository_details.fetch("username"),
156
- password: repository_details.fetch("password"),
157
156
  idempotent: true,
158
- **SharedHelpers.excon_defaults
157
+ **SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
159
158
  )
160
159
 
161
160
  response.status < 400
@@ -173,10 +172,8 @@ module Dependabot
173
172
  begin
174
173
  response = Excon.get(
175
174
  dependency_metadata_url(repository_details.fetch("url")),
176
- user: repository_details.fetch("username"),
177
- password: repository_details.fetch("password"),
178
175
  idempotent: true,
179
- **Dependabot::SharedHelpers.excon_defaults
176
+ **Dependabot::SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
180
177
  )
181
178
  check_response(response, repository_details.fetch("url"))
182
179
 
@@ -206,10 +203,10 @@ module Dependabot
206
203
 
207
204
  @repositories =
208
205
  details.reject do |repo|
209
- next if repo["password"]
206
+ next if repo["auth_headers"]
210
207
 
211
- # Reject this entry if an identical one with a password exists
212
- details.any? { |r| r["url"] == repo["url"] && r["password"] }
208
+ # Reject this entry if an identical one with non-empty auth_headers exists
209
+ details.any? { |r| r["url"] == repo["url"] && r["auth_headers"] != {} }
213
210
  end
214
211
  end
215
212
 
@@ -219,7 +216,7 @@ module Dependabot
219
216
  new(dependency_files: dependency_files).
220
217
  repository_urls(pom: pom).
221
218
  map do |url|
222
- { "url" => url, "username" => nil, "password" => nil }
219
+ { "url" => url, "auth_headers" => {} }
223
220
  end
224
221
  end
225
222
 
@@ -229,8 +226,7 @@ module Dependabot
229
226
  map do |cred|
230
227
  {
231
228
  "url" => cred.fetch("url").gsub(%r{/+$}, ""),
232
- "username" => cred.fetch("username", nil),
233
- "password" => cred.fetch("password", nil)
229
+ "auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))
234
230
  }
235
231
  end
236
232
  end
@@ -287,6 +283,14 @@ module Dependabot
287
283
 
288
284
  %w(http:// https://).map { |p| p + central_url_without_protocol }
289
285
  end
286
+
287
+ def auth_headers_finder
288
+ @auth_headers_finder ||= Utils::AuthHeadersFinder.new(credentials)
289
+ end
290
+
291
+ def auth_headers(maven_repo_url)
292
+ auth_headers_finder.auth_headers(maven_repo_url)
293
+ end
290
294
  end
291
295
  end
292
296
  end
data/lib/dependabot/maven/utils/auth_headers_finder.rb ADDED
@@ -0,0 +1,56 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module Maven
5
+ module Utils
6
+ class AuthHeadersFinder
7
+ def initialize(credentials)
8
+ @credentials = credentials
9
+ end
10
+
11
+ def auth_headers(maven_repo_url)
12
+ cred =
13
+ credentials.select { |c| c["type"] == "maven_repository" }.
14
+ find do |c|
15
+ cred_url = c.fetch("url").gsub(%r{/+$}, "")
16
+ next false unless cred_url == maven_repo_url
17
+
18
+ c.fetch("username", nil)
19
+ end
20
+
21
+ return gitlab_auth_headers(maven_repo_url) unless cred
22
+
23
+ token = cred.fetch("username") + ":" + cred.fetch("password")
24
+ encoded_token = Base64.strict_encode64(token)
25
+ { "Authorization" => "Basic #{encoded_token}" }
26
+ end
27
+
28
+ private
29
+
30
+ attr_reader :credentials
31
+
32
+ def gitlab_auth_headers(maven_repo_url)
33
+ return {} unless gitlab_maven_repo?(URI(maven_repo_url).path)
34
+
35
+ cred =
36
+ credentials.select { |c| c["type"] == "git_source" }.
37
+ find do |c|
38
+ cred_host = c.fetch("host").gsub(%r{/+$}, "")
39
+ next false unless URI(maven_repo_url).host == cred_host
40
+
41
+ c.fetch("password", nil)
42
+ end
43
+
44
+ return {} unless cred
45
+
46
+ { "Private-Token" => cred.fetch("password") }
47
+ end
48
+
49
+ def gitlab_maven_repo?(maven_repo_path)
50
+ gitlab_maven_repo_reg = %r{^/api/v4.*/packages/maven/?$}.freeze
51
+ maven_repo_path.match?(gitlab_maven_repo_reg)
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.140.3
4
+ version: 0.141.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.140.3
19
+ version: 0.141.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.140.3
26
+ version: 0.141.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -199,6 +199,7 @@ files:
199
199
  - lib/dependabot/maven/update_checker/property_updater.rb
200
200
  - lib/dependabot/maven/update_checker/requirements_updater.rb
201
201
  - lib/dependabot/maven/update_checker/version_finder.rb
202
+ - lib/dependabot/maven/utils/auth_headers_finder.rb
202
203
  - lib/dependabot/maven/version.rb
203
204
  homepage: https://github.com/dependabot/dependabot-core
204
205
  licenses: