diffend 0.2.15

data/lib/diffend/voting/versions/local.rb

@@ -0,0 +1,200 @@
+# frozen_string_literal: true
+
+module Diffend
+  module Voting
+    # Module responsible for handling both local and remote gem versions
+    module Versions
+      # Module responsible for preparing current or current/new versions of gems
+      class Local
+        # Definition of a local path, if it matches it means that we are the source
+        ME_PATH = '.'
+        # Sources that we expect to match ourselves too
+        ME_SOURCES = [
+          Bundler::Source::Gemspec,
+          Bundler::Source::Path
+        ].freeze
+        DEPENDENCIES = {
+          direct: 0,
+          dep: 1
+        }.freeze
+        SOURCES = {
+          valid: 0,
+          multiple_primary: 1
+        }.freeze
+        GEM_SOURCES = {
+          local: 0,
+          gemfile: 1
+        }.freeze
+
+        class << self
+          # @param command [String] either install or update
+          # @param definition [Bundler::Definition] definition for your source
+          def call(command, definition)
+            Bundler.ui.silence { definition.resolve_remotely! }
+
+            instance = new(definition)
+
+            case command
+            when Commands::INSTALL then instance.build_install
+            when Commands::UPDATE then instance.build_update
+            else
+              raise ArgumentError, "invalid command: #{command}"
+            end
+          end
+        end
+
+        # @param definition [Bundler::Definition] definition for your source
+        #
+        # @return [Hash] local dependencies
+        def initialize(definition)
+          @definition = definition
+          @direct_dependencies = Hash[definition.dependencies.map { |val| [val.name, val] }]
+          @main_source = definition.send(:sources).rubygems_sources.last
+          # Support case without Gemfile.lock
+          @locked_specs = @definition.locked_gems ? @definition.locked_gems.specs : []
+        end
+
+        def build_install
+          hash = build_main
+
+          @definition.requested_specs.each do |spec|
+            next if skip?(spec.source)
+
+            locked_spec = @locked_specs.find { |s| s.name == spec.name }
+
+            spec2 = locked_spec || spec
+
+            hash['dependencies'][spec2.name] = {
+              'platform' => build_spec_platform(spec2),
+              'source' => build_spec_source(spec2),
+              'type' => build_dependency_type(spec2.name),
+              'versions' => build_versions(spec2)
+            }
+          end
+
+          hash
+        end
+
+        # @param definition [Bundler::Definition] definition for your source
+        def build_update
+          hash = build_main
+
+          @definition.requested_specs.each do |spec|
+            next if skip?(spec.source)
+
+            locked_spec = @locked_specs.find { |s| s.name == spec.name }
+
+            hash['dependencies'][spec.name] = {
+              'platform' => build_spec_platform(spec),
+              'source' => build_spec_source(spec),
+              'type' => build_dependency_type(spec.name),
+              'versions' => build_versions(spec, locked_spec)
+            }
+          end
+
+          hash
+        end
+
+        private
+
+        def build_main
+          {
+            'dependencies' => {},
+            'sources' => build_sources,
+            'plugins' => {},
+            'platforms' => @definition.platforms.map(&:to_s)
+          }
+        end
+
+        def build_versions(spec, locked_spec = nil)
+          locked_spec ? [locked_spec.version.to_s, spec.version.to_s] : [spec.version.to_s]
+        end
+
+        # @param specs [Array] specs that are direct dependencies
+        # @param name [String] spec name
+        #
+        # @return [Boolean] dependency type
+        def build_dependency_type(name)
+          @direct_dependencies.key?(name) ? DEPENDENCIES[:direct] : DEPENDENCIES[:dep]
+        end
+
+        def build_spec_platform(spec)
+          spec.platform || spec.send(:generic_local_platform)
+        end
+
+        def build_spec_source(spec)
+          if @direct_dependencies.key?(spec.name)
+            dep_spec = @direct_dependencies[spec.name]
+
+            if dep_spec.source
+              { 'type' => GEM_SOURCES[:gemfile], 'url' => source_name_from_source(dep_spec.source) }
+            else
+              { 'type' => GEM_SOURCES[:gemfile], 'url' => source_name_from_source(@main_source) }
+            end
+          else
+            if spec.source.respond_to?(:remotes)
+              { 'type' => GEM_SOURCES[:gemfile], 'url' => source_name_from_source(spec.source) }
+            else
+              { 'type' => GEM_SOURCES[:local], 'url' => '' }
+            end
+          end
+        end
+
+        def source_name_from_source(source)
+          source_name(source.remotes.first)
+        end
+
+        def source_name(name)
+          name.to_s[0...-1]
+        end
+
+        def build_sources
+          sources = @definition.send(:sources).rubygems_sources
+          hash = []
+
+          sources.each do |source|
+            type = source.remotes.count > 1 ? SOURCES[:multiple_primary] : SOURCES[:valid]
+
+            source.remotes.each do |src|
+              hash << { 'name' => source_name(src), 'type' => type }
+            end
+          end
+
+          hash
+        end
+
+        # Checks if we should skip a source
+        #
+        # @param source [Bundler::Source::Git, Bundler::Source::Rubygems]
+        #
+        # @return [Boolean] true if we should skip this source, false otherwise
+        def skip?(source)
+          return true if git?(source)
+          return true if me?(source)
+
+          false
+        end
+
+        # Checks if it's a git source
+        #
+        # @param source [Bundler::Source::Git, Bundler::Source::Rubygems]
+        #
+        # @return [Boolean] true if it's a git source, false otherwise
+        def git?(source)
+          source.instance_of?(Bundler::Source::Git)
+        end
+
+        # Checks if it's a self source, this happens for repositories that are a gem
+        #
+        # @param source [Bundler::Source::Path,Bundler::Source::Git,Bundler::Source::Rubygems]
+        #
+        # @return [Boolean] true if it's a self source, false otherwise
+        def me?(source)
+          return false unless ME_SOURCES.include?(source.class)
+
+          source.path.to_s == ME_PATH
+        end
+      end
+    end
+  end
+end

data/lib/diffend/voting/versions/remote.rb

@@ -0,0 +1,174 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'etc'
+
+module Diffend
+  module Voting
+    # Module responsible for handling both local and remote gem versions
+    module Versions
+      # Module responsible for fetching safe/malicious votes
+      # for current or current/new versions of gems
+      module Remote
+        # API version
+        API_VERSION = '0.1'
+        # Platform type ruby
+        PLATFORM_TYPE = 0
+
+        private_constant :API_VERSION, :PLATFORM_TYPE
+
+        class << self
+          # @param command [String] either install or update
+          # @param definition [Bundler::Definition] definition for your source
+          def call(command, definition)
+            config = fetch_config
+
+            response = Request.call(
+              command, payload(command, config&.project_id, definition), config
+            )
+
+            JSON.parse(response.body)
+          end
+
+          # Build diffend, host, packages, and platform specific information
+          #
+          # @param command [String] either install or update
+          # @param project_id [String] diffend project_id
+          # @param definition [Bundler::Definition] definition for your source
+          #
+          # @return [Hash] payload for diffend endpoint
+          def payload(command, project_id, definition)
+            {
+              'diffend' => build_diffend(project_id),
+              'host' => build_host,
+              'packages' => Local.call(command, definition),
+              'platform' => build_platform
+            }.freeze
+          end
+
+          # Build diffend information
+          #
+          # @param project_id [String, nil] diffend project_id
+          #
+          # @return [Hash]
+          def build_diffend(project_id)
+            {
+              'api_version' => API_VERSION,
+              'environment' => build_diffend_environment,
+              'project_id' => project_id,
+              'type' => PLATFORM_TYPE,
+              'version' => Diffend::VERSION
+            }.freeze
+          end
+
+          # Build diffend environment information
+          #
+          # @return [String]
+          def build_diffend_environment
+            ENV['DIFFEND_ENV'] || 'development'
+          end
+
+          # Build platform information
+          #
+          # @return [Hash]
+          def build_platform
+            {
+              'bundler' => {
+                'version' => Bundler::VERSION
+              },
+              'environment' => build_platform_environment,
+              'ruby' => build_platform_ruby,
+              'rubygems' => {
+                'specification_version' => Gem::Specification::CURRENT_SPECIFICATION_VERSION,
+                'version' => Gem::VERSION
+              }
+            }.freeze
+          end
+
+          def build_platform_ruby
+            if defined?(JRUBY_VERSION)
+              revision = JRUBY_REVISION.to_s
+              version = JRUBY_VERSION
+            else
+              revision = RUBY_REVISION.to_s
+              version = RUBY_ENGINE_VERSION
+            end
+
+            {
+              'engine' => RUBY_ENGINE,
+              'patchlevel' => RUBY_PATCHLEVEL,
+              'release_date' => RUBY_RELEASE_DATE,
+              'revision' => revision,
+              'version' => version
+            }
+          end
+
+          # Build platform environment information
+          #
+          # @return [String]
+          def build_platform_environment
+            ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development'
+          end
+
+          # Build host information
+          #
+          # @return [Hash]
+          def build_host
+            uname = Etc.uname
+
+            {
+              'command' => { 'name' => '', 'options' => '' },
+              'ips' => build_host_ips,
+              'name' => uname[:nodename],
+              'system' => {
+                'machine' => uname[:machine],
+                'name' => uname[:sysname],
+                'release' => uname[:release],
+                'version' => uname[:version]
+              },
+              'tags' => build_host_tags,
+              'user' => Etc.getlogin
+            }.freeze
+          end
+
+          def build_host_ips
+            Socket.ip_address_list.map do |ip|
+              next if ip.ipv4_loopback? || ip.ipv6_loopback? || ip.ipv6_linklocal?
+
+              ip.ip_address
+            end.compact
+          end
+
+          def build_host_tags
+            tags = []
+
+            if ENV.key?('GITHUB_ACTIONS')
+              tags << 'ci'
+              tags << 'ci-github'
+            end
+
+            if ENV.key?('CIRCLECI')
+              tags << 'ci'
+              tags << 'ci-circle'
+            end
+
+            tags
+          end
+
+          # Fetch coditsu config file
+          #
+          # @return [OpenStruct, nil] configuration object
+          #
+          # @raise [Errors::MissingConfigurationFile] when no config file
+          def fetch_config
+            Config::Fetcher.call(
+              File.expand_path('..', Bundler.bin_path)
+            )
+          rescue Errors::MissingConfigurationFile
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/plugins.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'diffend'
+
+Diffend.register

data/scripts/generate_payload_for_file.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'byebug'
+require 'diffend'
+
+
+command = 'install'
+project_id = nil
+
+gemfile = ARGV[0]
+lockfile = ARGV[1]
+
+definition = Bundler::Definition.build(gemfile, lockfile, true)
+
+pp Diffend::Voting::Versions::Remote.payload(command, project_id, definition)

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: diffend
+version: !ruby/object:Gem::Version
+  version: 0.2.15
+platform: ruby
+authors:
+- Tomasz Pajor
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIERDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBt0b21l
+  ay9EQz1wb2xpc2hnZWVrcy9EQz1jb20wHhcNMjAwNzA3MTY0NjU0WhcNMjEwNzA3
+  MTY0NjU0WjAmMSQwIgYDVQQDDBt0b21lay9EQz1wb2xpc2hnZWVrcy9EQz1jb20w
+  ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDPRTvPuofdtL/wFEPOwPUr
+  vR0XHzM/ADb2GBuzu6fzgmoxaYXBe8A++0BbgFvK47T04i8bsbXnfkxrkz/nupQ5
+  SK2DPgS4HWnADuyBuyBY7LT4O1wwlytdlHtJgQV6NIcbprcOs/ZQKnimZpW9uByu
+  FoN3i94pAEQhuzK0S+wWPvSm22+6XGtCuOzyFGdnCJjGUOkCRno5Nx34MWz0NpJ3
+  9Ekkyy8g2cLvBcUdfeSrY7WsJ5cPCNrBs5cMuV426s1dDrhuvsW+sacwwY/4/LBw
+  JzEX4/zS+lsVIX+iOoIFGJdeGnpEWqKgWoaskxqseFi661td1n9UaMXxgoaYh/oX
+  3fJOy2jsZFboZ/eJ5rfciXLiCqSERGkEA+QcA2/jC/d77YJ1FfJW9uwJs3kptf4D
+  p6h8wuA3T6rN4QrxkGBYzOfUJ2zSQy1cFu0rTZiYdKo9X6BunnxhmUExNng7advu
+  qo8IDinyRlqA5+sOLXd4W3AS/RfF2nrayZNa3khTmmUCAwEAAaN9MHswCQYDVR0T
+  BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFHRFOZPwpgOd2m8FIOodOii+OiID
+  MCAGA1UdEQQZMBeBFXRvbWVrQHBvbGlzaGdlZWtzLmNvbTAgBgNVHRIEGTAXgRV0
+  b21la0Bwb2xpc2hnZWVrcy5jb20wDQYJKoZIhvcNAQELBQADggGBAKWFwYTGZVoy
+  Bj3L9lvGOXpz8VWNoptFNHdncpaw1MMhS8UHcPQOUEiExX5ZH7MARy1fBjMXzIh9
+  41ZpCjR+S6uCEpzUcg5Z/kEWa/wOW6tqrX+zfyxFATDI20pYaQWOLepjbDxePFMZ
+  GAlIX5UNsze04A+wArXAttZB4oPt6loS1ao0GNdMb+syYMLzZUTW/sY2rm8zP4Mz
+  Kt+zjoqMxQ1Jf+EwH+0uq8Tj5BJcmG6mWYM+ljvRbxBwfimoUBUCQe6KIDouF0Og
+  uwLMY7X3jSERta4SxyY+iY7qNLsmG370GIGYbHuIiCwubFXt8jiPJZEdPE1xuzVF
+  CLsYItzC28UQEWrVe6sJ0Fuqv5VHM6t8jNClkXDwzf95efFlGSCFN4t+/dywVIK8
+  9MmF6uCQa1EjK2p8tYT0MnbHrFkoehxdX4VO9y99GAkhZyJNKPYPtyAUFV27sT2V
+  LfCJRk4ifKIN/FUCwDSn8Cz0m6oH265q0p6wdzI6qrWOjP8tGOMBTA==
+  -----END CERTIFICATE-----
+date: 2020-07-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email:
+- contact@diffend.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".coditsu/ci.yml"
+- ".diffend.yml"
+- ".github/workflows/ci.yml"
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- bin/bundle
+- bin/byebug
+- bin/htmldiff
+- bin/ldiff
+- bin/rake
+- bin/rspec
+- certs/mensfeld.pem
+- certs/tomaszpajor.pem
+- diffend.gemspec
+- lib/diffend.rb
+- lib/diffend/commands.rb
+- lib/diffend/config/fetcher.rb
+- lib/diffend/config/file_finder.rb
+- lib/diffend/errors.rb
+- lib/diffend/voting.rb
+- lib/diffend/voting/request.rb
+- lib/diffend/voting/versions/local.rb
+- lib/diffend/voting/versions/remote.rb
+- plugins.rb
+- scripts/generate_payload_for_file.rb
+homepage: https://diffend.io
+licenses:
+- Prosperity Public License
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: OSS supply chain security and management platform.
+test_files: []