diffend 0.2.26 → 0.2.31

data/lib/diffend/request.rb

@@ -42,16 +42,21 @@ module Diffend
     class << self
       # Execute request
       #
-      # @param config [OpenStruct] diffend config
-      # @param endpoint_url [String]
-      # @param payload [Hash]
+      # @param request_object [Diffend::RequestObject]
       #
       # @return [Net::HTTPResponse] response from Diffend
-      def call(config, endpoint_url, payload)
+      def call(request_object)
         retry_count ||= -1
 
-        build_http(endpoint_url) do |http, uri|
-          response = http.request(build_request(uri, config, payload))
+        build_http(request_object.url) do |http, uri|
+          response = http.request(
+            build_request(
+              uri,
+              request_object.request_method,
+              request_object.config,
+              request_object.payload
+            )
+          )
 
           if SERVER_ERRORS.include?(response.code.to_i)
             raise Diffend::Errors::RequestServerError, response.code.to_i
@@ -66,8 +71,8 @@ module Diffend
 
         Diffend::HandleErrors::Report.call(
           exception: e,
-          payload: payload,
-          config: config,
+          payload: request_object.payload,
+          config: request_object.config,
           message: :request_error
         )
       rescue *CONNECTION_EXCEPTIONS => e
@@ -77,8 +82,8 @@ module Diffend
 
         Diffend::HandleErrors::Report.call(
           exception: e,
-          payload: payload,
-          config: config,
+          payload: request_object.payload,
+          config: request_object.config,
           message: :request_error
         )
       rescue *TIMEOUT_EXCEPTIONS => e
@@ -88,8 +93,8 @@ module Diffend
 
         Diffend::HandleErrors::Report.call(
           exception: e,
-          payload: payload,
-          config: config,
+          payload: request_object.payload,
+          config: request_object.config,
           message: :request_error
         )
       end
@@ -101,7 +106,7 @@ module Diffend
       def handle_retry(message, retry_count)
         return false if retry_count == RETRIES
 
-        Bundler.ui.error(message)
+        Bundler.ui.warn(message)
         sleep(exponential_backoff(retry_count))
 
         retry_count < RETRIES
@@ -118,25 +123,40 @@ module Diffend
           uri.port,
           use_ssl: uri.scheme == 'https',
           verify_mode: OpenSSL::SSL::VERIFY_NONE,
-          open_timeout: 5,
-          read_timeout: 5
+          open_timeout: 15,
+          read_timeout: 15
         ) { |http| yield(http, uri) }
       end
 
       # Build http post request and assigns headers and payload
       #
       # @param uri [URI::HTTPS]
+      # @param request_method [Symbol]
       # @param config [OpenStruct] Diffend config
       # @param payload [Hash] with versions to check
       #
-      # @return [Net::HTTP::Post]
-      def build_request(uri, config, payload)
-        Net::HTTP::Post
+      # @return [Net::HTTP::Post, Net::HTTP::Put]
+      def build_request(uri, request_method, config, payload)
+        pick_request_method(request_method)
           .new(uri.request_uri, HEADERS)
           .tap { |request| assign_auth(request, config) }
           .tap { |request| assign_payload(request, payload) }
       end
 
+      # Pick request method
+      #
+      # @param request_method [Symbol]
+      #
+      # @return [Net::HTTP::Post, Net::HTTP::Put]
+      def pick_request_method(request_method)
+        case request_method
+        when :post
+          Net::HTTP::Post
+        when :put
+          Net::HTTP::Put
+        end
+      end
+
       # Assigns basic authorization if provided in the config
       #
       # @param request [Net::HTTP::Post] prepared http post

data/lib/diffend/request_object.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Class responsible for preparing diffend request object
+  RequestObject = Struct.new(:config, :url, :payload, :request_method, keyword_init: true)
+end

data/lib/diffend/request_verdict.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Diffend
+  # Module responsible for fetching diffend verdict on local context
+  module RequestVerdict
+    class << self
+      # @param command [String] either install or update
+      # @param definition [Bundler::Definition] definition for your source
+      # @param config [OpenStruct] diffend config
+      def call(command, config, definition)
+        payload = Diffend::LocalContext.call(command, config.project_id, definition)
+
+        response = Diffend::Request.call(
+          build_request_object(command, config, payload)
+        )
+
+        JSON.parse(response.body)
+      rescue Bundler::GemNotFound
+        raise ::Diffend::Errors::DependenciesResolveException
+      rescue StandardError => e
+        Diffend::HandleErrors::Report.call(
+          exception: e,
+          payload: payload || {},
+          config: config,
+          message: :unhandled_exception,
+          report: true
+        )
+      end
+
+      # @param command [String] either install or update
+      # @param config [OpenStruct] diffend config
+      # @param payload [Hash]
+      #
+      # @return [Diffend::RequestObject]
+      def build_request_object(command, config, payload)
+        Diffend::RequestObject.new(
+          config: config,
+          url: commands_url(command, config.project_id),
+          payload: payload,
+          request_method: :post
+        )
+      end
+
+      # Provides diffend command endpoint url
+      #
+      # @param command [String] either install or update
+      # @param project_id [String] diffend project_id
+      #
+      # @return [String] diffend endpoint
+      def commands_url(command, project_id)
+        return ENV['DIFFEND_COMMAND_URL'] if ENV.key?('DIFFEND_COMMAND_URL')
+
+        "https://my.diffend.io/api/projects/#{project_id}/bundle/#{command}"
+      end
+    end
+  end
+end

data/lib/diffend/track.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Track what is run in production
+  class Track
+    # Time that we want to wait between track requests
+    TRACK_SLEEP = 15
+    # Time that we want to wait before we retry
+    RETRY_SLEEP = 15
+
+    # Initialize tracking
+    def initialize
+      @mutex = Mutex.new
+      @config = Diffend::Config.call
+    end
+
+    # Start tracking
+    def start
+      response = exec_request
+
+      perform(response['id'])
+    rescue Diffend::Errors::HandledException
+      sleep(RETRY_SLEEP)
+
+      retry
+    rescue StandardError => e
+      Diffend::HandleErrors::Report.call(
+        exception: e,
+        config: @config,
+        message: :unhandled_exception,
+        report: true,
+        raise_exception: false
+      )
+
+      sleep(RETRY_SLEEP)
+
+      retry
+    end
+
+    # @param request_id [String]
+    def perform(request_id)
+      loop do
+        @mutex.synchronize do
+          track_request(request_id)
+        end
+
+        sleep(TRACK_SLEEP)
+      end
+    end
+
+    # Perform an exec request
+    def exec_request
+      Diffend::Execute.call(Diffend::Commands::EXEC, @config)
+    end
+
+    # Perform a track request
+    #
+    # @param request_id [String]
+    def track_request(request_id)
+      Diffend::Request.call(
+        build_request_object(request_id)
+      )
+    end
+
+    # @param request_id [String]
+    #
+    # @return [Diffend::RequestObject]
+    def build_request_object(request_id)
+      Diffend::RequestObject.new(
+        config: @config,
+        url: track_url(@config.project_id, request_id),
+        payload: { id: request_id }.freeze,
+        request_method: :put
+      ).freeze
+    end
+
+    # @param project_id [String] diffend project_id
+    # @param request_id [String]
+    #
+    # @return [String]
+    def track_url(project_id, request_id)
+      "https://my.diffend.io/api/projects/#{project_id}/bundle/#{request_id}/track"
+    end
+  end
+end

data/lib/diffend/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Current version
+  VERSION = '0.2.31'
+end

data/plugins.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-require 'diffend'
+require 'diffend/plugin'
 
-Diffend.register
+Diffend::Plugin.register

data/scripts/generate_payload_for_file.rb

@@ -3,7 +3,6 @@
 require 'byebug'
 require 'diffend'
 
-
 command = 'install'
 project_id = nil
 
@@ -12,4 +11,4 @@ lockfile = ARGV[1]
 
 definition = Diffend::BuildBundlerDefinition.call(command, gemfile lockfile)
 
-pp Diffend::Voting::Versions::Remote.payload(command, project_id, definition)
+pp Diffend::LocalContext.call(command, project_id, definition)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: diffend
 version: !ruby/object:Gem::Version
-  version: 0.2.26
+  version: 0.2.31
 platform: ruby
 authors:
 - Tomasz Pajor
@@ -34,7 +34,7 @@ cert_chain:
   9MmF6uCQa1EjK2p8tYT0MnbHrFkoehxdX4VO9y99GAkhZyJNKPYPtyAUFV27sT2V
   LfCJRk4ifKIN/FUCwDSn8Cz0m6oH265q0p6wdzI6qrWOjP8tGOMBTA==
   -----END CERTIFICATE-----
-date: 2020-09-10 00:00:00.000000000 Z
+date: 2020-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -94,18 +94,28 @@ files:
 - lib/diffend.rb
 - lib/diffend/build_bundler_definition.rb
 - lib/diffend/commands.rb
+- lib/diffend/config.rb
 - lib/diffend/config/fetcher.rb
 - lib/diffend/config/file_finder.rb
 - lib/diffend/config/validator.rb
 - lib/diffend/errors.rb
+- lib/diffend/execute.rb
 - lib/diffend/handle_errors/build_exception_payload.rb
 - lib/diffend/handle_errors/display_to_stdout.rb
 - lib/diffend/handle_errors/messages.rb
 - lib/diffend/handle_errors/report.rb
+- lib/diffend/local_context.rb
+- lib/diffend/local_context/diffend.rb
+- lib/diffend/local_context/host.rb
+- lib/diffend/local_context/packages.rb
+- lib/diffend/local_context/platform.rb
+- lib/diffend/monitor.rb
+- lib/diffend/plugin.rb
 - lib/diffend/request.rb
-- lib/diffend/voting.rb
-- lib/diffend/voting/versions/local.rb
-- lib/diffend/voting/versions/remote.rb
+- lib/diffend/request_object.rb
+- lib/diffend/request_verdict.rb
+- lib/diffend/track.rb
+- lib/diffend/version.rb
 - plugins.rb
 - scripts/generate_payload_for_file.rb
 homepage: https://diffend.io
@@ -130,5 +140,5 @@ requirements: []
 rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
-summary: OSS supply chain security and management platform.
+summary: OSS supply chain security and management platform
 test_files: []

data/lib/diffend/voting/versions/local.rb

@@ -1,304 +0,0 @@
-# frozen_string_literal: true
-
-module Diffend
-  module Voting
-    # Module responsible for handling both local and remote gem versions
-    module Versions
-      # Module responsible for preparing current or current/new versions of gems
-      class Local
-        # Definition of a local path, if it matches it means that we are the source
-        ME_PATH = '.'
-        # Sources that we expect to match ourselves too
-        ME_SOURCES = [
-          Bundler::Source::Gemspec,
-          Bundler::Source::Path
-        ].freeze
-        # List of dependency types
-        DEPENDENCIES_TYPES = {
-          direct: 0,
-          dependency: 1
-        }.freeze
-        # List of sources types
-        SOURCES_TYPES = {
-          valid: 0,
-          multiple_primary: 1
-        }.freeze
-        # List of gem sources types
-        GEM_SOURCES_TYPES = {
-          local: 0,
-          gemfile_source: 1,
-          gemfile_git: 2,
-          gemfile_path: 3
-        }.freeze
-
-        class << self
-          # @param command [String] either install or update
-          # @param definition [Bundler::Definition] definition for your source
-          def call(command, definition)
-            Bundler.ui.silence { definition.resolve_remotely! }
-
-            instance = new(definition)
-
-            case command
-            when Commands::INSTALL then instance.build_install
-            when Commands::UPDATE then instance.build_update
-            else
-              raise ArgumentError, "invalid command: #{command}"
-            end
-          end
-        end
-
-        # @param definition [Bundler::Definition] definition for your source
-        #
-        # @return [Hash] local dependencies
-        def initialize(definition)
-          @definition = definition
-          @direct_dependencies = Hash[definition.dependencies.map { |val| [val.name, val] }]
-          # Support case without Gemfile.lock
-          @locked_specs = @definition.locked_gems ? @definition.locked_gems.specs : []
-        end
-
-        # Build install specification
-        #
-        # @return [Hash]
-        def build_install
-          hash = build_main
-
-          @definition.specs.each do |spec|
-            next if skip?(spec.source)
-
-            locked_spec = @locked_specs.find { |s| s.name == spec.name }
-
-            hash['dependencies'][spec.name] = {
-              'platform' => build_spec_platform(spec, locked_spec),
-              'source' => build_spec_source(spec),
-              'type' => build_dependency_type(spec.name),
-              'versions' => build_versions(spec, locked_spec)
-            }
-          end
-
-          hash
-        end
-
-        # Build update specification
-        #
-        # @return [Hash]
-        def build_update
-          hash = build_main
-
-          @definition.specs.each do |spec|
-            next if skip?(spec.source)
-
-            locked_spec = @locked_specs.find { |s| s.name == spec.name }
-
-            hash['dependencies'][spec.name] = {
-              'platform' => build_spec_platform(spec, locked_spec),
-              'source' => build_spec_source(spec),
-              'type' => build_dependency_type(spec.name),
-              'versions' => build_versions(spec, locked_spec)
-            }
-          end
-
-          hash
-        end
-
-        private
-
-        # Build default specification
-        #
-        # @return [Hash]
-        def build_main
-          {
-            'dependencies' => {},
-            'sources' => build_sources,
-            'plugins' => {},
-            'platforms' => @definition.platforms.map(&:to_s)
-          }
-        end
-
-        # Build gem versions
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        # @param locked_spec [Bundler::LazySpecification, Gem::Specification, NilClass]
-        #
-        # @return [Array<String>]
-        def build_versions(spec, locked_spec = nil)
-          if locked_spec && locked_spec.version.to_s != spec.version.to_s
-            [locked_spec.version.to_s, spec.version.to_s]
-          else
-            [spec.version.to_s]
-          end
-        end
-
-        # @param specs [Array] specs that are direct dependencies
-        # @param name [String] spec name
-        #
-        # @return [Boolean] dependency type
-        def build_dependency_type(name)
-          if @direct_dependencies.key?(name)
-            DEPENDENCIES_TYPES[:direct]
-          else
-            DEPENDENCIES_TYPES[:dependency]
-          end
-        end
-
-        # Build gem platform
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        # @param locked_spec [Bundler::LazySpecification, Gem::Specification, NilClass]
-        #
-        # @return [String]
-        def build_spec_platform(spec, locked_spec)
-          parse_platform(
-            spec.platform || locked_spec&.platform || spec.send(:generic_local_platform)
-          )
-        end
-
-        # Parse gem platform
-        #
-        # @param platform [String, Gem::Platform]
-        #
-        # @return [String]
-        def parse_platform(platform)
-          case platform
-          when String then platform
-          when Gem::Platform then platform.os
-          end
-        end
-
-        # Build gem source type
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [Integer] internal gem source type
-        def build_spec_gem_source_type(source)
-          case source
-          when Bundler::Source::Metadata
-            GEM_SOURCES_TYPES[:local]
-          when Bundler::Source::Rubygems, Bundler::Source::Rubygems::Remote
-            GEM_SOURCES_TYPES[:gemfile_source]
-          when Bundler::Source::Git
-            GEM_SOURCES_TYPES[:gemfile_git]
-          when Bundler::Source::Path
-            GEM_SOURCES_TYPES[:gemfile_path]
-          else
-            raise ArgumentError, "unknown source #{source.class}"
-          end
-        end
-
-        # Build gem source
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        #
-        # @return [Hash]
-        def build_spec_source(spec)
-          source = source_for_spec(spec)
-
-          {
-            'type' => build_spec_gem_source_type(source),
-            'value' => source_name_from_source(source)
-          }
-        end
-
-        # Figure out source for gem
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        #
-        # @return [Bundler::Source] gem source type
-        def source_for_spec(spec)
-          return spec.remote if spec.remote
-
-          case spec.source
-          when Bundler::Source::Rubygems
-            spec
-              .source
-              .send(:remote_specs)
-              .search(Bundler::Dependency.new(spec.name, spec.version))
-              .last
-              .remote
-          when Bundler::Source::Metadata, Bundler::Source::Git, Bundler::Source::Path
-            spec.source
-          else
-            raise ArgumentError, "unknown source #{spec.source.class}"
-          end
-        end
-
-        # Build gem source name
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [String]
-        def source_name_from_source(source)
-          case source
-          when Bundler::Source::Metadata
-            ''
-          when Bundler::Source::Rubygems::Remote
-            source_name(source.anonymized_uri)
-          when Bundler::Source::Git
-            source.instance_variable_get(:@safe_uri)
-          when Bundler::Source::Path
-            source.path
-          else
-            raise ArgumentError, "unknown source #{source.class}"
-          end
-        end
-
-        # @param uri [Bundler::URI]
-        #
-        # @return [String]
-        def source_name(uri)
-          uri.to_s[0...-1]
-        end
-
-        # Build sources used in the Gemfile
-        #
-        # @return [Array<Hash>]
-        def build_sources
-          sources = @definition.send(:sources).rubygems_sources
-          hash = {}
-
-          sources.each do |source|
-            type = build_source_type(source.remotes)
-
-            source.remotes.each do |src|
-              hash[source_name(src)] = type
-            end
-          end
-
-          hash.map { |name, type| { 'name' => name, 'type' => type } }
-        end
-
-        # Build gem source type
-        #
-        # @param remotes [Array<Bundler::URI>]
-        #
-        # @return [Integer] internal source type
-        def build_source_type(remotes)
-          remotes.count > 1 ? SOURCES_TYPES[:multiple_primary] : SOURCES_TYPES[:valid]
-        end
-
-        # Checks if we should skip a source
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [Boolean] true if we should skip this source, false otherwise
-        def skip?(source)
-          return true if me?(source)
-
-          false
-        end
-
-        # Checks if it's a self source, this happens for repositories that are a gem
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [Boolean] true if it's a self source, false otherwise
-        def me?(source)
-          return false unless ME_SOURCES.include?(source.class)
-
-          source.path.to_s == ME_PATH
-        end
-      end
-    end
-  end
-end