diffend 0.2.15

data/bin/ldiff

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'ldiff' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("diff-lcs", "ldiff")

data/bin/rake

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rake", "rake")

data/bin/rspec

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")

data/certs/mensfeld.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEODCCAqCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDDBhtYWNp
+ZWovREM9bWVuc2ZlbGQvREM9cGwwHhcNMTkwNzMwMTQ1NDU0WhcNMjAwNzI5MTQ1
+NDU0WjAjMSEwHwYDVQQDDBhtYWNpZWovREM9bWVuc2ZlbGQvREM9cGwwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC9fCwtaHZG2SyyNXiH8r0QbJQx/xxl
+dkvwWz9QGJO+O8rEx20FB1Ab+MVkfOscwIv5jWpmk1U9whzDPl1uFtIbgu+sk+Zb
+uQlZyK/DPN6c+/BbBL+RryTBRyvkPLoCVwm7uxc/JZ1n4AI6eF4cCZ2ieZ9QgQbU
+MQs2QPqs9hT50Ez/40GnOdadVfiDDGz+NME2C4ms0BriXwZ1tcRTfJIHe2xjIbbb
+y5qRGfsLKcgMzvLQR24olixyX1MR0s4+Wveq3QL/gBhL4veUcv+UABJA8IJR0kyB
+seHHutusiwZ1v3SjjjW1xLLrc2ARV0mgCb0WaK2T4iA3oFTGLh6Ydz8LNl31KQFv
+94nRd8IhmJxrhQ6dQ/WT9IXoa5S9lfT5lPJeINemH4/6QPABzf9W2IZlCdI9wCdB
+TBaw57MKneGAYZiKjw6OALSy2ltQUCl3RqFl3VP7n8uFy1U987Q5VIIQ3O1UUsQD
+Oe/h+r7GUU4RSPKgPlrwvW9bD/UQ+zF51v8CAwEAAaN3MHUwCQYDVR0TBAIwADAL
+BgNVHQ8EBAMCBLAwHQYDVR0OBBYEFJNIBHdfEUD7TqHqIer2YhWaWhwcMB0GA1Ud
+EQQWMBSBEm1hY2llakBtZW5zZmVsZC5wbDAdBgNVHRIEFjAUgRJtYWNpZWpAbWVu
+c2ZlbGQucGwwDQYJKoZIhvcNAQELBQADggGBAKA4eqko6BTNhlysip6rfBkVTGri
+ZXsL+kRb2hLvsQJS/kLyM21oMlu+LN0aPj3qEFR8mE/YeDD8rLAfruBRTltPNbR7
+xA5eE1gkxY5LfExUtK3b2wPqfmo7mZgfcsMwfYg/tUXw1WpBCnrhAJodpGH6SXmp
+A40qFUZst0vjiOoO+aTblIHPmMJXoZ3K42dTlNKlEiDKUWMRKSgpjjYGEYalFNWI
+hHfCz2r8L2t+dYdMZg1JGbEkq4ADGsAA8ioZIpJd7V4hI17u5TCdi7X5wh/0gN0E
+CgP+nLox3D+l2q0QuQEkayr+auFYkzTCkF+BmEk1D0Ru4mcf3F4CJvEmW4Pzbjqt
+i1tsCWPtJ4E/UUKnKaWKqGbjrjHJ0MuShYzHkodox5IOiCXIQg+1+YSzfXUV6WEK
+KJG/fhg1JV5vVDdVy6x+tv5SQ5ctU0feCsVfESi3rE3zRd+nvzE9HcZ5aXeL1UtJ
+nT5Xrioegu2w1jPyVEgyZgTZC5rvD0nNS5sFNQ==
+-----END CERTIFICATE-----

data/certs/tomaszpajor.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIERDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBt0b21l
+ay9EQz1wb2xpc2hnZWVrcy9EQz1jb20wHhcNMjAwNzA3MTY0NjU0WhcNMjEwNzA3
+MTY0NjU0WjAmMSQwIgYDVQQDDBt0b21lay9EQz1wb2xpc2hnZWVrcy9EQz1jb20w
+ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDPRTvPuofdtL/wFEPOwPUr
+vR0XHzM/ADb2GBuzu6fzgmoxaYXBe8A++0BbgFvK47T04i8bsbXnfkxrkz/nupQ5
+SK2DPgS4HWnADuyBuyBY7LT4O1wwlytdlHtJgQV6NIcbprcOs/ZQKnimZpW9uByu
+FoN3i94pAEQhuzK0S+wWPvSm22+6XGtCuOzyFGdnCJjGUOkCRno5Nx34MWz0NpJ3
+9Ekkyy8g2cLvBcUdfeSrY7WsJ5cPCNrBs5cMuV426s1dDrhuvsW+sacwwY/4/LBw
+JzEX4/zS+lsVIX+iOoIFGJdeGnpEWqKgWoaskxqseFi661td1n9UaMXxgoaYh/oX
+3fJOy2jsZFboZ/eJ5rfciXLiCqSERGkEA+QcA2/jC/d77YJ1FfJW9uwJs3kptf4D
+p6h8wuA3T6rN4QrxkGBYzOfUJ2zSQy1cFu0rTZiYdKo9X6BunnxhmUExNng7advu
+qo8IDinyRlqA5+sOLXd4W3AS/RfF2nrayZNa3khTmmUCAwEAAaN9MHswCQYDVR0T
+BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFHRFOZPwpgOd2m8FIOodOii+OiID
+MCAGA1UdEQQZMBeBFXRvbWVrQHBvbGlzaGdlZWtzLmNvbTAgBgNVHRIEGTAXgRV0
+b21la0Bwb2xpc2hnZWVrcy5jb20wDQYJKoZIhvcNAQELBQADggGBAKWFwYTGZVoy
+Bj3L9lvGOXpz8VWNoptFNHdncpaw1MMhS8UHcPQOUEiExX5ZH7MARy1fBjMXzIh9
+41ZpCjR+S6uCEpzUcg5Z/kEWa/wOW6tqrX+zfyxFATDI20pYaQWOLepjbDxePFMZ
+GAlIX5UNsze04A+wArXAttZB4oPt6loS1ao0GNdMb+syYMLzZUTW/sY2rm8zP4Mz
+Kt+zjoqMxQ1Jf+EwH+0uq8Tj5BJcmG6mWYM+ljvRbxBwfimoUBUCQe6KIDouF0Og
+uwLMY7X3jSERta4SxyY+iY7qNLsmG370GIGYbHuIiCwubFXt8jiPJZEdPE1xuzVF
+CLsYItzC28UQEWrVe6sJ0Fuqv5VHM6t8jNClkXDwzf95efFlGSCFN4t+/dywVIK8
+9MmF6uCQa1EjK2p8tYT0MnbHrFkoehxdX4VO9y99GAkhZyJNKPYPtyAUFV27sT2V
+LfCJRk4ifKIN/FUCwDSn8Cz0m6oH265q0p6wdzI6qrWOjP8tGOMBTA==
+-----END CERTIFICATE-----

data/diffend.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'diffend'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'diffend'
+  spec.version       = Diffend::VERSION
+  spec.authors       = ['Tomasz Pajor']
+  spec.email         = ['contact@diffend.io']
+
+  spec.summary       = 'OSS supply chain security and management platform'
+  spec.summary       = 'OSS supply chain security and management platform.'
+  spec.homepage      = Diffend::HOMEPAGE
+  spec.license       = 'Prosperity Public License'
+
+  if $PROGRAM_NAME.end_with?('gem')
+    spec.signing_key = File.expand_path('~/.ssh/gem-private_key.pem')
+  end
+
+  spec.cert_chain    = %w[certs/tomaszpajor.pem]
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
+  spec.require_paths = %w[lib]
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+end

data/lib/diffend.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+%w[
+  bundler
+].each(&method(:require))
+
+%w[
+  config/fetcher
+  config/file_finder
+  commands
+  errors
+  voting
+].each { |file| require "diffend/#{file}" }
+
+%w[
+  request
+  versions/local
+  versions/remote
+].each { |file| require "diffend/voting/#{file}" }
+
+# Diffend main namespace
+module Diffend
+  # Current plugin version
+  VERSION = '0.2.15'
+  # Diffend homepage
+  HOMEPAGE = 'https://diffend.io'
+
+  class << self
+    # Registers the plugin and add before install all hook
+    def register
+      Bundler::Plugin.add_hook('before-install-all') do |_|
+        Diffend::Voting.call(
+          command,
+          build_definition(command)
+        )
+      end
+    end
+
+    # Build clean instance of bundler definition, as we don't want to pollute the main one
+    #
+    # @param command [String] bundler command that we are executing
+    #
+    # @return [Bundler::Definition]
+    def build_definition(command)
+      unlock = command == 'update' ? true : nil
+
+      Bundler.configure
+
+      Bundler::Definition.build(
+        Bundler.default_gemfile,
+        Bundler.default_lockfile,
+        unlock
+      )
+    end
+
+    # Command that was run with bundle
+    #
+    # @return [String]
+    def command
+      ARGV.first || Diffend::Commands::INSTALL
+    end
+  end
+end

data/lib/diffend/commands.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Modules grouping supported bundler commands
+  module Commands
+    # Install bundler command
+    INSTALL = 'install'
+    # Update bundler command
+    UPDATE = 'update'
+  end
+end

data/lib/diffend/config/fetcher.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module Diffend
+  # Module for all the components related to setting up the config
+  module Config
+    # Class responsible for fetching the config from .diffend.yml
+    module Fetcher
+      class << self
+        # @param build_path [String] path of the current build
+        # @return [OpenStruct] open struct with config details
+        # @example
+        #   details = Fetcher.new.call('./')
+        #   details.build_path #=> './'
+        def call(build_path)
+          OpenStruct.new(
+            YAML.safe_load(
+              ERB.new(
+                File.read(
+                  FileFinder.call(build_path)
+                )
+              ).result
+            ).merge(build_path: build_path)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/diffend/config/file_finder.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Diffend
+  module Config
+    # Class used to figure out the file from which we should load the settings
+    module FileFinder
+      # Names of the files or paths where we will look for the settings
+      #
+      # @note We do the double dot trick, to look outside of the current dir because when
+      #   executed from a docker container, we copy the local uncommitted settings into the
+      #   dir above the app location not to pollute the reset state of the git repo
+      #
+      # @note Order is important, as for local env we should load from
+      #   local file (if present first)
+      FILE_NAMES = %w[
+        .diffend.yml
+      ].map { |name| ["../#{name}", name] }.tap(&:flatten!).freeze
+
+      private_constant :FILE_NAMES
+
+      class << self
+        # Looks for Diffend settings file for a given env
+        #
+        # @param build_path [String] path of the current build
+        #
+        # @return [String] path to the file from which we should load all the settings
+        def call(build_path)
+          FILE_NAMES
+            .map { |name| File.join(build_path, name) }
+            .map { |name| Dir[name] }
+            .find { |selection| !selection.empty? }
+            .tap { |path| path || raise(Errors::MissingConfigurationFile) }
+            .first
+        end
+      end
+    end
+  end
+end

data/lib/diffend/errors.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Build runner app errors
+  module Errors
+    # Base error class from which all the errors should inherit
+    BaseError = Class.new(StandardError)
+    # Raised when we couldn't find a valid configuration file
+    MissingConfigurationFile = Class.new(BaseError)
+    # When unsupported response returned from the endpoint
+    UnsupportedResponse = Class.new(BaseError)
+    # When unsupported action returned from the endpoint
+    UnsupportedAction = Class.new(BaseError)
+  end
+end

data/lib/diffend/voting.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Verifies voting verdicts for gems
+  module Voting
+    class << self
+      # Build verdict
+      #
+      # @param command [String] either install or update
+      # @param definition [Bundler::Definition] definition for your source
+      def call(command, definition)
+        Versions::Remote
+          .call(command, definition)
+          .tap { |response| build_message(command, response) }
+      end
+
+      def build_message(command, response)
+        if response.key?('error')
+          build_error(response)
+        elsif response.key?('action')
+          build_verdict(command, response)
+        else
+          raise UnsupportedResponse, response['action']
+        end
+      end
+
+      def build_error(response)
+        build_error_message(response)
+          .tap(&Bundler.ui.method(:error))
+
+        exit 1
+      end
+
+      def build_verdict(command, response)
+        case response['action']
+        when 'allow'
+          build_allow_message(command, response)
+            .tap(&Bundler.ui.method(:confirm))
+        when 'deny'
+          build_deny_message(command, response)
+            .tap(&Bundler.ui.method(:error))
+
+          exit 1
+        else
+          raise UnsupportedAction, response['action']
+        end
+      end
+
+      def build_error_message(response)
+        <<~MSG
+          \nDiffend returned an error for your request.\n
+          #{response['error']}\n
+        MSG
+      end
+
+      def build_allow_message(command, response)
+        <<~MSG
+          \nDiffend reported an allow verdict for #{command} command for this project.\n
+          All of our #{response['allows_count'] + response['denies_count']} checks succeeded.\n
+          #{response['review_url']}\n
+        MSG
+      end
+
+      def build_deny_message(command, response)
+        <<~MSG
+          \nDiffend reported a deny verdict for #{command} command for this project.\n
+          #{response['denies_count']} out of our #{response['allows_count'] + response['denies_count']} checks failed. Please go to the url below and review the issues.\n
+          #{response['review_url']}\n
+        MSG
+      end
+    end
+  end
+end

data/lib/diffend/voting/request.rb

@@ -0,0 +1,171 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'openssl'
+require 'json'
+require 'securerandom'
+
+module Diffend
+  module Voting
+    # Module responsible for doing request to Diffend
+    module Request
+      # List of connection exceptions
+      CONNECTION_EXCEPTIONS = [
+        Errno::ECONNRESET,
+        Errno::ENETUNREACH,
+        Errno::EHOSTUNREACH,
+        Errno::ECONNREFUSED
+      ].freeze
+      # List of timeout exceptions
+      TIMEOUT_EXCEPTIONS = [
+        Net::OpenTimeout,
+        Net::ReadTimeout
+      ].freeze
+      # Request headers
+      HEADERS = { 'Content-Type': 'application/json' }.freeze
+
+      private_constant :HEADERS
+
+      class << self
+        # Execute request to Diffend
+        #
+        # @param command [String] either install or update
+        # @param payload [Hash] with versions to check
+        # @param config [OpenStruct] Diffend config
+        #
+        # @return [Net::HTTPResponse] response from Diffend
+        def call(command, payload, config)
+          retry_count ||= 0
+          build_http(command, config.project_id) do |http, uri|
+            http.request(build_request(uri, config, payload))
+          end
+        rescue *CONNECTION_EXCEPTIONS => e
+          Bundler.ui.error('We experienced a connection issue, retrying...')
+          sleep(exponential_backoff(retry_count))
+          retry_count += 1
+
+          retry if retry_count < 3
+
+          puts prepare_report(payload, e)
+          Bundler.ui.error('^^^ Above is the dump of your request ^^^')
+          Bundler.ui.error(build_request_error_message)
+
+          exit 1
+        rescue *TIMEOUT_EXCEPTIONS => e
+          Bundler.ui.error('We experienced a timeout issue, retrying...')
+          sleep(exponential_backoff(retry_count))
+          retry_count += 1
+
+          retry if retry_count < 3
+
+          puts prepare_report(payload, e)
+          Bundler.ui.error('^^^ Above is the dump of your request ^^^')
+          Bundler.ui.error(build_request_error_message)
+
+          exit 1
+        rescue StandardError => e
+          puts prepare_report(payload, e)
+          Bundler.ui.error('^^^ Above is the dump of your request ^^^')
+          Bundler.ui.error(build_unhandled_exception_message)
+
+          exit 1
+        end
+
+        # Builds http connection object
+        #
+        # @param command [String] either install or update
+        # @param project_id [String] diffend project_id
+        def build_http(command, project_id)
+          uri = URI(endpoint_url(command, project_id))
+
+          Net::HTTP.start(
+            uri.host,
+            uri.port,
+            use_ssl: uri.scheme == 'https',
+            verify_mode: OpenSSL::SSL::VERIFY_NONE,
+            open_timeout: 5,
+            read_timeout: 5
+          ) { |http| yield(http, uri) }
+        end
+
+        # Build http post request and assigns headers and payload
+        #
+        # @param uri [URI::HTTPS]
+        # @param config [OpenStruct] Diffend config
+        # @param payload [Hash] with versions to check
+        #
+        # @return [Net::HTTP::Post]
+        def build_request(uri, config, payload)
+          Net::HTTP::Post
+            .new(uri.request_uri, HEADERS)
+            .tap { |request| assign_auth(request, config) }
+            .tap { |request| assign_payload(request, payload) }
+        end
+
+        # Assigns basic authorization if provided in the config
+        #
+        # @param request [Net::HTTP::Post] prepared http post
+        # @param config [OpenStruct] Diffend config
+        def assign_auth(request, config)
+          return unless config
+          return unless config.shareable_id
+          return unless config.shareable_key
+
+          request.basic_auth(config.shareable_id, config.shareable_key)
+        end
+
+        # Assigns payload as json
+        #
+        # @param request [Net::HTTP::Post] prepared http post
+        # @param payload [Hash] with versions to check
+        def assign_payload(request, payload)
+          request.body = JSON.dump(payload: payload)
+        end
+
+        # Provides diffend endpoint url
+        #
+        # @param command [String] either install or update
+        # @param project_id [String] diffend project_id
+        #
+        # @return [String] diffend endpoint
+        def endpoint_url(command, project_id)
+          return ENV['DIFFEND_URL'] if ENV.key?('DIFFEND_URL')
+
+          "https://my.diffend.io/api/projects/#{project_id}/bundle/#{command}"
+        end
+
+        def exponential_backoff(retry_count)
+          2**(retry_count + 1)
+        end
+
+        def build_request_error_message
+          <<~MSG
+            \nWe were unable to process your request at this time. We recorded this incident in our system and will review it.\n
+            If you think that this is a bug, don't hesitate.\n
+            Create an issue on https://github.com/diffend-io/diffend-ruby/issues\n
+          MSG
+        end
+
+        def build_unhandled_exception_message
+          <<~MSG
+            \nSomething went really wrong. We recorded this incident in our system and will review it.\n
+            This is a bug, don't hesitate.\n
+            Create an issue on https://github.com/diffend-io/diffend-ruby/issues\n
+          MSG
+        end
+
+        def prepare_report(payload, exception)
+          {
+            request_id: SecureRandom.uuid,
+            payload: payload,
+            exception: {
+              class: exception.class,
+              message: exception.message,
+              backtrace: exception.backtrace
+            }
+          }.to_json
+        end
+      end
+    end
+  end
+end