dependabot-terraform 0.154.2 → 0.154.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 577017f589acb993b4fcf08e58a2cda719e9ea68f6af486c053728f5a653f9e5
-  data.tar.gz: 6d763e0245784ae10630f1a8baacc1de703e27f61345c251810d3fb2c690a034
+  metadata.gz: 1940c94cf36d511b5f215cde7e6ef9e5d9944253b02425678d3ccba855d211d3
+  data.tar.gz: 8febc5b9b592e91b15ceba2019f517211a8ee09cecd08e53c80af823fe92925c
 SHA512:
-  metadata.gz: 1b579aad402ed90b68dee06bd47414a8769cea3b37543275b39de840f5e4b7ad2b72f6a5972c9a2de0dc51f869e4d6cb4f627898232e99166fedd0ddee3b5a82
-  data.tar.gz: 1f9558e72cdc1986248f48df42867fae050f5b953bc1e9c5b8503231f0ba25fbfba1a46cb8c940c1ea73cbb6c318d98b3573bc4e2d4c7908fc445f1777153833
+  metadata.gz: ae2243b9bbf0c9e61b2bf0cb92849f00a557cd4e45ba137ea4831454faec879d77fd666636aa6a820b27daa505af77d42acea5a9ed57f5e74917ea59ce131203
+  data.tar.gz: dc40d3d659ffe40a08fd7d2912e9a2eeb09ae009f2bd4c8e73c5b2e096e511ec8def4e37f662a1057cf0b9c9a4b357b1d3559be0764ad46713aaf0aaec68e8e7

data/helpers/build

@@ -17,6 +17,6 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')"
 hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
 hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
 hcl2json_path="$install_dir/bin/hcl2json"
-wget -O "$hcl2json_path" "$hcl2json_url"
+curl -sSLfo "$hcl2json_path" "$hcl2json_url"
 echo "$hcl2json_checksum  $hcl2json_path" | sha256sum -c
 chmod +x "$install_dir/bin/hcl2json"

data/lib/dependabot/terraform/file_parser.rb

@@ -170,13 +170,11 @@ module Dependabot
       end
 
       def provider_source_from(source_address, name)
-        return [DEFAULT_REGISTRY, DEFAULT_NAMESPACE, name] unless source_address
-
-        matches = source_address.match(PROVIDER_SOURCE_ADDRESS)
+        matches = source_address&.match(PROVIDER_SOURCE_ADDRESS)
         [
-          matches[:hostname] || DEFAULT_REGISTRY,
-          matches[:namespace],
-          matches[:name] || name
+          matches.try(:[], :hostname) || DEFAULT_REGISTRY,
+          matches.try(:[], :namespace) || DEFAULT_NAMESPACE,
+          matches.try(:[], :name) || name
         ]
       end
 
@@ -233,20 +231,22 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       # See https://www.terraform.io/docs/modules/sources.html#http-urls for
       # details of how Terraform handle HTTP(S) sources for modules
-      def get_proxied_source(raw_source)
+      def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
         return raw_source unless raw_source.start_with?("http")
 
         uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
         return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
-        return raw_source if URI.parse(raw_source).query.include?("archive=")
+        return raw_source if URI.parse(raw_source).query&.include?("archive=")
 
         url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
+        host = URI.parse(raw_source).host
 
         response = Excon.get(
           url,
           idempotent: true,
           **SharedHelpers.excon_defaults
         )
+        raise PrivateSourceAuthenticationFailure, host if response.status == 401
 
         return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
 
@@ -254,6 +254,10 @@ module Dependabot
         doc.css("meta").find do |tag|
           tag.attributes&.fetch("name", nil)&.value == "terraform-get"
         end&.attributes&.fetch("content", nil)&.value
+      rescue Excon::Error::Socket, Excon::Error::Timeout => e
+        raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
+
+        raw_source
       end
       # rubocop:enable Metrics/PerceivedComplexity
 
@@ -273,7 +277,7 @@ module Dependabot
         path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
         query_uri = URI.parse(source_string)
         return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
-        return :http_archive if query_uri.query.include?("archive=")
+        return :http_archive if query_uri.query&.include?("archive=")
 
         raise "HTTP source, but not an archive!"
       end

data/lib/dependabot/terraform/registry_client.rb

@@ -58,15 +58,17 @@ module Dependabot
       #
       # @param dependency [Dependabot::Dependency] the dependency who's source
       # we're attempting to find
-      # @return Dependabot::Source
-      # @raise [Dependabot::DependabotError] when the source cannot be retrieved
+      # @return [nil, Dependabot::Source]
       def source(dependency:)
         type = dependency.requirements.first[:source][:type]
         base_url = service_url_for(service_key_for(type))
-        response = http_get!(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
+        response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
+        return nil unless response.status == 200
 
         source_url = JSON.parse(response.body).fetch("source")
         Source.from_url(source_url) if source_url
+      rescue JSON::ParserError, Excon::Error::Timeout
+        nil
       end
 
       # Perform service discovery and return the absolute URL for

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.154.2
+  version: 0.154.3
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-17 00:00:00.000000000 Z
+date: 2021-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.2
+        version: 0.154.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.2
+        version: 0.154.3
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement