diffend 0.2.29 → 0.2.30

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9c978cd44ce6f9c52de63870eea0ccf2534b851a1034318447d60afb08998479
-  data.tar.gz: 220475fd0f2f47b16ebd3882cd602e45475d0f1dc92cb9cdc21f41996940c305
+  metadata.gz: 52618cdf40375202e18c1cdaa481554084f3b92f337fd61c089e147f0027e982
+  data.tar.gz: 859f390055e3030d3a357b604067e6c05814f653225a802136563be4bc32f9ee
 SHA512:
-  metadata.gz: eb0966e3eecffe872a833ad135004ff177fa3d8e1930dec40533fc62fc71af4047f075512b6df9cb1f898d3654ce2303ce9fcee17c55c1dd1d212da3f27d249d
-  data.tar.gz: 7d2baad903c1425fdfe8f9f64f2cd741f9de01a504333307e82bab6066d36b968177549d23846e3bca66a87532687058ba39c78b802e8cd3bfc0f3406820c644
+  metadata.gz: 9f17436faa3bdabe77c891c930bb9dac01f426ae715d37035d7727112e221526ac003daa44d196dbb056f4c21bca49589a7799e36bef81db6bf8b3c29012adb5
+  data.tar.gz: 232310953c6dc8cd500aac54b0fd8d7f9980457b40032021b46bf7753f62c8a7d6167486c3e15e0d2e940101b47b8b8cdd8af67577eca7ba626b2db9706724c6

data/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## [Unreleased][master]
 
+## [0.2.30] (2020-09-21)
+- handle dependencies resolve issues ([#51](https://github.com/diffend-io/diffend-ruby/pull/51))
+- better detection when to start `Diffend::Monitor` ([#50](https://github.com/diffend-io/diffend-ruby/pull/50))
+- cleanup structure ([#47](https://github.com/diffend-io/diffend-ruby/pull/47))
+
 ## [0.2.29] (2020-09-21)
 - fix command reporting on jruby ([#48](https://github.com/diffend-io/diffend-ruby/pull/48))
 
@@ -67,7 +72,8 @@
 
 - initial release
 
-[master]: https://github.com/diffend-io/diffend-ruby/compare/v0.2.29...HEAD
+[master]: https://github.com/diffend-io/diffend-ruby/compare/v0.2.30...HEAD
+[0.2.30]: https://github.com/diffend-io/diffend-ruby/compare/v0.2.29...v0.2.30
 [0.2.29]: https://github.com/diffend-io/diffend-ruby/compare/v0.2.28...v0.2.29
 [0.2.28]: https://github.com/diffend-io/diffend-ruby/compare/v0.2.27...v0.2.28
 [0.2.27]: https://github.com/diffend-io/diffend-ruby/compare/v0.2.26...v0.2.27

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    diffend (0.2.29)
+    diffend (0.2.30)
 
 GEM
   remote: https://rubygems.org/

data/diffend.gemspec

@@ -2,7 +2,7 @@
 
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'diffend'
+require 'diffend/version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'diffend'
@@ -11,8 +11,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['contact@diffend.io']
 
   spec.summary       = 'OSS supply chain security and management platform'
-  spec.summary       = 'OSS supply chain security and management platform.'
-  spec.homepage      = Diffend::HOMEPAGE
+  spec.homepage      = 'https://diffend.io'
   spec.license       = 'Prosperity Public License'
 
   if $PROGRAM_NAME.end_with?('gem')

data/lib/diffend.rb

@@ -1,142 +1,4 @@
 # frozen_string_literal: true
 
-%w[
-  bundler
-].each(&method(:require))
-
-%w[
-  build_bundler_definition
-  errors
-  config/fetcher
-  config/file_finder
-  config/validator
-  commands
-  handle_errors/messages
-  handle_errors/build_exception_payload
-  handle_errors/display_to_stdout
-  handle_errors/report
-  request_object
-  request
-  voting
-  track
-].each { |file| require "diffend/#{file}" }
-
-%w[
-  versions/local
-  versions/remote
-].each { |file| require "diffend/voting/#{file}" }
-
-# Diffend main namespace
 module Diffend
-  # Current plugin version
-  VERSION = '0.2.29'
-  # Diffend homepage
-  HOMEPAGE = 'https://diffend.io'
-
-  class << self
-    # Registers the plugin and add before install all hook
-    def register
-      Bundler::Plugin.add_hook('before-install-all') do |_|
-        execute
-      end
-    end
-
-    # Execute diffend plugin
-    def execute
-      return unless enabled?
-
-      verify_version
-
-      config = fetch_config
-
-      Diffend::Voting.call(
-        command,
-        config,
-        Diffend::BuildBundlerDefinition.call(
-          command,
-          Bundler.default_gemfile,
-          Bundler.default_lockfile
-        )
-      )
-    rescue Diffend::Errors::HandledException
-      return if ENV['DIFFEND_IGNORE_ERRORS'] == 'true'
-
-      exit 255
-    rescue StandardError => e
-      Diffend::HandleErrors::Report.call(
-        exception: e,
-        config: config,
-        message: :unhandled_exception,
-        report: true,
-        raise_exception: false
-      )
-
-      return if ENV['DIFFEND_IGNORE_ERRORS'] == 'true'
-
-      exit 255
-    end
-
-    def verify_version
-      return if ENV['DIFFEND_DEVELOPMENT'] == 'true'
-      return if installed_version == VERSION
-
-      build_outdated_version_message(installed_version)
-        .tap(&Bundler.ui.method(:error))
-
-      exit 2
-    end
-
-    # @return [String] installed plugin version
-    def installed_version
-      Bundler::Plugin
-        .index
-        .plugin_path('diffend')
-        .basename
-        .to_s
-        .split('-')
-        .last
-    end
-
-    # Checks if plugin is enabled
-    #
-    # @return [Boolean] true if enabled, false otherwise
-    def enabled?
-      Bundler
-        .default_gemfile
-        .read
-        .split("\n")
-        .reject(&:empty?)
-        .map(&:strip)
-        .select { |line| line.start_with?('plugin') }
-        .any? { |line| line.include?('diffend') }
-    end
-
-    # @param version [Hash] installed version
-    #
-    # @return [String]
-    def build_outdated_version_message(version)
-      <<~MSG
-        \nYou are running an outdated version (#{version}) of the plugin, which will lead to issues.
-        \nPlease upgrade to the latest one (#{VERSION}) by executing "rm -rf .bundle/plugin".\n
-      MSG
-    end
-
-    # Command that was run with bundle
-    #
-    # @return [String]
-    def command
-      ARGV.first || Bundler.feature_flag.default_cli_command.to_s
-    end
-
-    # Fetch diffend config file
-    #
-    # @return [OpenStruct, nil] configuration object
-    #
-    # @raise [Errors::MissingConfigurationFile] when no config file
-    def fetch_config
-      Config::Fetcher.call(
-        File.expand_path('..', Bundler.bin_path)
-      )
-    end
-  end
 end

data/lib/diffend/config.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Diffend config object
+  module Config
+    class << self
+      # Build diffend config object
+      #
+      # @return [OpenStruct, nil]
+      #
+      # @raise [Errors::MissingConfigurationFile] when no config file
+      def call
+        Diffend::Config::Fetcher.call(
+          File.expand_path('..', ::Bundler.bin_path)
+        )
+      end
+    end
+  end
+end

data/lib/diffend/errors.rb

@@ -23,5 +23,7 @@ module Diffend
     RequestServerError = Class.new(BaseError)
     # Raised when we had an exception that we know how to handle
     HandledException = Class.new(BaseError)
+    # Raised when we are unable to resolve dependencies
+    DependenciesResolveException = Class.new(BaseError)
   end
 end

data/lib/diffend/{voting.rb → execute.rb}

@@ -1,18 +1,30 @@
 # frozen_string_literal: true
 
 module Diffend
-  # Verifies voting verdicts for gems
-  module Voting
+  # Executes a check for a given command
+  module Execute
     class << self
       # Build verdict
       #
       # @param command [String] either install or update
       # @param config [OpenStruct] diffend config
-      # @param definition [Bundler::Definition] definition for your source
-      def call(command, config, definition)
-        Versions::Remote
-          .call(command, config, definition)
+      def call(command, config)
+        Diffend::RequestVerdict
+          .call(command, config, build_definition(command))
           .tap { |response| build_message(command, config, response) }
+      rescue Diffend::Errors::DependenciesResolveException
+        # We are unable to resolve dependencies, no message will be printed
+      end
+
+      # Build bundler definition
+      #
+      # @return [Bundler::Definition]
+      def build_definition(command)
+        Diffend::BuildBundlerDefinition.call(
+          command,
+          Bundler.default_gemfile,
+          Bundler.default_lockfile
+        )
       end
 
       # @param command [String] either install or update

data/lib/diffend/local_context.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Module responsible for building local context
+  module LocalContext
+    class << self
+      # Build diffend, host, packages, and platform specific information
+      #
+      # @param command [String] either install or update
+      # @param project_id [String] diffend project_id
+      # @param definition [Bundler::Definition] definition for your source
+      #
+      # @return [Hash] payload for diffend endpoint
+      def call(command, project_id, definition)
+        {
+          'diffend' => Diffend.call(project_id),
+          'host' => Host.call,
+          'packages' => Packages.call(command, definition),
+          'platform' => Platform.call
+        }.freeze
+      end
+    end
+  end
+end

data/lib/diffend/local_context/diffend.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Module responsible for building local context
+  module LocalContext
+    # Module responsible for building diffend information from local context
+    module Diffend
+      # API version
+      API_VERSION = '0.1'
+      # Platform type ruby
+      PLATFORM_TYPE = 0
+
+      private_constant :API_VERSION, :PLATFORM_TYPE
+
+      class << self
+        # Build diffend information
+        #
+        # @param project_id [String, nil] diffend project_id
+        #
+        # @return [Hash]
+        def call(project_id)
+          {
+            'api_version' => API_VERSION,
+            'environment' => ENV['DIFFEND_ENV'],
+            'project_id' => project_id,
+            'type' => PLATFORM_TYPE,
+            'version' => ::Diffend::VERSION
+          }.freeze
+        end
+      end
+    end
+  end
+end

data/lib/diffend/local_context/host.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require 'etc'
+
+module Diffend
+  # Module responsible for building local context
+  module LocalContext
+    # Module responsible for building host information from local context
+    module Host
+      class << self
+        # Build host information
+        #
+        # @return [Hash]
+        def call
+          uname = Etc.uname
+
+          {
+            'command' => command,
+            'ips' => ips,
+            'name' => uname[:nodename],
+            'system' => {
+              'machine' => uname[:machine],
+              'name' => uname[:sysname],
+              'release' => uname[:release],
+              'version' => uname[:version]
+            },
+            'tags' => tags,
+            'user' => Etc.getpwuid(Process.uid).name,
+            'pid' => Process.pid
+          }.freeze
+        end
+
+        private
+
+        # Build host command information
+        #
+        # @return [Hash]
+        def command
+          if File.exist?($PROGRAM_NAME)
+            if defined?(JRUBY_VERSION)
+              name = $PROGRAM_NAME.split('/').last.strip
+              command = "#{name} #{ARGV.join(' ')}"
+            else
+              array = `ps -p #{Process.pid} -o command=`.strip.split(' ')
+              array.shift if array.first.end_with?('bin/ruby')
+              name = array.shift.split('/').last.strip
+              command = "#{name} #{array.join(' ')}"
+            end
+
+            { 'name' => command, 'title' => '' }
+          else
+            { 'name' => ARGV.join(' '), 'title' => $PROGRAM_NAME }
+          end
+        end
+
+        # Build host ips, except localhost and loopback
+        #
+        # @return [Array<String>]
+        def ips
+          Socket.ip_address_list.map do |ip|
+            next if ip.ipv4_loopback? || ip.ipv6_loopback? || ip.ipv6_linklocal?
+
+            ip.ip_address
+          end.compact
+        end
+
+        # Build host tags
+        #
+        # @return [Array]
+        def tags
+          tags = []
+
+          if ENV.key?('GITHUB_ACTIONS')
+            tags << 'ci'
+            tags << 'ci-github'
+          end
+
+          if ENV.key?('CIRCLECI')
+            tags << 'ci'
+            tags << 'ci-circle'
+          end
+
+          tags
+        end
+      end
+    end
+  end
+end

data/lib/diffend/local_context/packages.rb

@@ -0,0 +1,302 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Module responsible for building local context
+  module LocalContext
+    # Module responsible for building packages information from local context
+    class Packages
+      # Definition of a local path, if it matches it means that we are the source
+      ME_PATH = '.'
+      # Sources that we expect to match ourselves too
+      ME_SOURCES = [
+        Bundler::Source::Gemspec,
+        Bundler::Source::Path
+      ].freeze
+      # List of dependency types
+      DEPENDENCIES_TYPES = {
+        direct: 0,
+        dependency: 1
+      }.freeze
+      # List of sources types
+      SOURCES_TYPES = {
+        valid: 0,
+        multiple_primary: 1
+      }.freeze
+      # List of gem sources types
+      GEM_SOURCES_TYPES = {
+        local: 0,
+        gemfile_source: 1,
+        gemfile_git: 2,
+        gemfile_path: 3
+      }.freeze
+
+      class << self
+        # @param command [String] either install or update
+        # @param definition [Bundler::Definition] definition for your source
+        def call(command, definition)
+          Bundler.ui.silence { definition.resolve_remotely! }
+
+          instance = new(definition)
+
+          case command
+          when Commands::INSTALL, Commands::EXEC then instance.build_install
+          when Commands::UPDATE then instance.build_update
+          else
+            raise ArgumentError, "invalid command: #{command}"
+          end
+        end
+      end
+
+      # @param definition [Bundler::Definition] definition for your source
+      #
+      # @return [Hash] local dependencies
+      def initialize(definition)
+        @definition = definition
+        @direct_dependencies = Hash[definition.dependencies.map { |val| [val.name, val] }]
+        # Support case without Gemfile.lock
+        @locked_specs = @definition.locked_gems ? @definition.locked_gems.specs : []
+      end
+
+      # Build install specification
+      #
+      # @return [Hash]
+      def build_install
+        hash = build_main
+
+        @definition.specs.each do |spec|
+          next if skip?(spec.source)
+
+          locked_spec = @locked_specs.find { |s| s.name == spec.name }
+
+          hash['dependencies'][spec.name] = {
+            'platform' => build_spec_platform(spec, locked_spec),
+            'source' => build_spec_source(spec),
+            'type' => build_dependency_type(spec.name),
+            'versions' => build_versions(spec, locked_spec)
+          }
+        end
+
+        hash
+      end
+
+      # Build update specification
+      #
+      # @return [Hash]
+      def build_update
+        hash = build_main
+
+        @definition.specs.each do |spec|
+          next if skip?(spec.source)
+
+          locked_spec = @locked_specs.find { |s| s.name == spec.name }
+
+          hash['dependencies'][spec.name] = {
+            'platform' => build_spec_platform(spec, locked_spec),
+            'source' => build_spec_source(spec),
+            'type' => build_dependency_type(spec.name),
+            'versions' => build_versions(spec, locked_spec)
+          }
+        end
+
+        hash
+      end
+
+      private
+
+      # Build default specification
+      #
+      # @return [Hash]
+      def build_main
+        {
+          'dependencies' => {},
+          'sources' => build_sources,
+          'plugins' => {},
+          'platforms' => @definition.platforms.map(&:to_s)
+        }
+      end
+
+      # Build gem versions
+      #
+      # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
+      # @param locked_spec [Bundler::LazySpecification, Gem::Specification, NilClass]
+      #
+      # @return [Array<String>]
+      def build_versions(spec, locked_spec = nil)
+        if locked_spec && locked_spec.version.to_s != spec.version.to_s
+          [locked_spec.version.to_s, spec.version.to_s]
+        else
+          [spec.version.to_s]
+        end
+      end
+
+      # @param specs [Array] specs that are direct dependencies
+      # @param name [String] spec name
+      #
+      # @return [Boolean] dependency type
+      def build_dependency_type(name)
+        if @direct_dependencies.key?(name)
+          DEPENDENCIES_TYPES[:direct]
+        else
+          DEPENDENCIES_TYPES[:dependency]
+        end
+      end
+
+      # Build gem platform
+      #
+      # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
+      # @param locked_spec [Bundler::LazySpecification, Gem::Specification, NilClass]
+      #
+      # @return [String]
+      def build_spec_platform(spec, locked_spec)
+        parse_platform(
+          spec.platform || locked_spec&.platform || spec.send(:generic_local_platform)
+        )
+      end
+
+      # Parse gem platform
+      #
+      # @param platform [String, Gem::Platform]
+      #
+      # @return [String]
+      def parse_platform(platform)
+        case platform
+        when String then platform
+        when Gem::Platform then platform.os
+        end
+      end
+
+      # Build gem source type
+      #
+      # @param source [Bundler::Source] gem source type
+      #
+      # @return [Integer] internal gem source type
+      def build_spec_gem_source_type(source)
+        case source
+        when Bundler::Source::Metadata
+          GEM_SOURCES_TYPES[:local]
+        when Bundler::Source::Rubygems, Bundler::Source::Rubygems::Remote
+          GEM_SOURCES_TYPES[:gemfile_source]
+        when Bundler::Source::Git
+          GEM_SOURCES_TYPES[:gemfile_git]
+        when Bundler::Source::Path
+          GEM_SOURCES_TYPES[:gemfile_path]
+        else
+          raise ArgumentError, "unknown source #{source.class}"
+        end
+      end
+
+      # Build gem source
+      #
+      # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
+      #
+      # @return [Hash]
+      def build_spec_source(spec)
+        source = source_for_spec(spec)
+
+        {
+          'type' => build_spec_gem_source_type(source),
+          'value' => source_name_from_source(source)
+        }
+      end
+
+      # Figure out source for gem
+      #
+      # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
+      #
+      # @return [Bundler::Source] gem source type
+      def source_for_spec(spec)
+        return spec.remote if spec.remote
+
+        case spec.source
+        when Bundler::Source::Rubygems
+          spec
+            .source
+            .send(:remote_specs)
+            .search(Bundler::Dependency.new(spec.name, spec.version))
+            .last
+            .remote
+        when Bundler::Source::Metadata, Bundler::Source::Git, Bundler::Source::Path
+          spec.source
+        else
+          raise ArgumentError, "unknown source #{spec.source.class}"
+        end
+      end
+
+      # Build gem source name
+      #
+      # @param source [Bundler::Source] gem source type
+      #
+      # @return [String]
+      def source_name_from_source(source)
+        case source
+        when Bundler::Source::Metadata
+          ''
+        when Bundler::Source::Rubygems::Remote
+          source_name(source.anonymized_uri)
+        when Bundler::Source::Git
+          source.instance_variable_get(:@safe_uri)
+        when Bundler::Source::Path
+          source.path
+        else
+          raise ArgumentError, "unknown source #{source.class}"
+        end
+      end
+
+      # @param uri [Bundler::URI]
+      #
+      # @return [String]
+      def source_name(uri)
+        uri.to_s[0...-1]
+      end
+
+      # Build sources used in the Gemfile
+      #
+      # @return [Array<Hash>]
+      def build_sources
+        sources = @definition.send(:sources).rubygems_sources
+        hash = {}
+
+        sources.each do |source|
+          type = build_source_type(source.remotes)
+
+          source.remotes.each do |src|
+            hash[source_name(src)] = type
+          end
+        end
+
+        hash.map { |name, type| { 'name' => name, 'type' => type } }
+      end
+
+      # Build gem source type
+      #
+      # @param remotes [Array<Bundler::URI>]
+      #
+      # @return [Integer] internal source type
+      def build_source_type(remotes)
+        remotes.count > 1 ? SOURCES_TYPES[:multiple_primary] : SOURCES_TYPES[:valid]
+      end
+
+      # Checks if we should skip a source
+      #
+      # @param source [Bundler::Source] gem source type
+      #
+      # @return [Boolean] true if we should skip this source, false otherwise
+      def skip?(source)
+        return true if me?(source)
+
+        false
+      end
+
+      # Checks if it's a self source, this happens for repositories that are a gem
+      #
+      # @param source [Bundler::Source] gem source type
+      #
+      # @return [Boolean] true if it's a self source, false otherwise
+      def me?(source)
+        return false unless ME_SOURCES.include?(source.class)
+
+        source.path.to_s == ME_PATH
+      end
+    end
+  end
+end