diffend 0.2.29 → 0.2.30

data/lib/diffend/local_context/platform.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Module responsible for building local context
+  module LocalContext
+    # Module responsible for building platform information from local context
+    module Platform
+      class << self
+        # Build platform information
+        #
+        # @return [Hash]
+        def call
+          {
+            'bundler' => {
+              'version' => Bundler::VERSION
+            },
+            'environment' => environment,
+            'ruby' => ruby_information,
+            'rubygems' => {
+              'specification_version' => Gem::Specification::CURRENT_SPECIFICATION_VERSION,
+              'version' => Gem::VERSION
+            }
+          }.freeze
+        end
+
+        private
+
+        # Build platform ruby information
+        #
+        # @return [Hash]
+        def ruby_information
+          if defined?(JRUBY_VERSION)
+            revision = JRUBY_REVISION.to_s
+            version = JRUBY_VERSION
+          else
+            revision = RUBY_REVISION.to_s
+            version = RUBY_ENGINE_VERSION
+          end
+
+          {
+            'engine' => RUBY_ENGINE,
+            'patchlevel' => RUBY_PATCHLEVEL,
+            'release_date' => RUBY_RELEASE_DATE,
+            'revision' => revision,
+            'version' => version
+          }
+        end
+
+        # Build platform environment information
+        #
+        # @return [String]
+        def environment
+          ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development'
+        end
+      end
+    end
+  end
+end

data/lib/diffend/monitor.rb

@@ -1,30 +1,36 @@
 # frozen_string_literal: true
 
+ENV['DIFFEND_ENV'] ||= 'development'
+
 %w[
-  build_bundler_definition
+  version
   errors
+  build_bundler_definition
+  commands
+  config
   config/fetcher
   config/file_finder
   config/validator
-  commands
   handle_errors/messages
   handle_errors/build_exception_payload
   handle_errors/display_to_stdout
   handle_errors/report
   request_object
   request
-  voting
+  local_context/diffend
+  local_context/host
+  local_context/packages
+  local_context/platform
+  local_context
+  request_verdict
+  execute
   track
 ].each { |file| require "diffend/#{file}" }
 
-%w[
-  versions/local
-  versions/remote
-].each { |file| require "diffend/voting/#{file}" }
+return if ENV['DIFFEND_ENV'].strip.empty?
+return if %w[development test].include?(ENV['DIFFEND_ENV'])
 
-unless %w[development test].include?(ENV['DIFFEND_ENV'])
-  Thread.new do
-    track = Diffend::Track.new
-    track.start
-  end
+Thread.new do
+  track = Diffend::Track.new
+  track.start
 end

data/lib/diffend/plugin.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+ENV['DIFFEND_ENV'] ||= 'development'
+
+%w[
+  bundler
+].each(&method(:require))
+
+%w[
+  version
+  errors
+  build_bundler_definition
+  commands
+  config
+  config/fetcher
+  config/file_finder
+  config/validator
+  handle_errors/messages
+  handle_errors/build_exception_payload
+  handle_errors/display_to_stdout
+  handle_errors/report
+  request_object
+  request
+  local_context/diffend
+  local_context/host
+  local_context/packages
+  local_context/platform
+  local_context
+  request_verdict
+  execute
+  track
+].each { |file| require "diffend/#{file}" }
+
+module Diffend
+  module Plugin
+    class << self
+      # Registers the plugin and add before install all hook
+      def register
+        ::Bundler::Plugin.add_hook('before-install-all') do |_|
+          execute
+        end
+      end
+
+      # Execute diffend plugin
+      def execute
+        return unless enabled?
+
+        verify_version
+
+        config = Diffend::Config.call
+
+        Diffend::Execute.call(command, config)
+      rescue Diffend::Errors::HandledException
+        return if ENV['DIFFEND_IGNORE_ERRORS'] == 'true'
+
+        exit 255
+      rescue StandardError => e
+        Diffend::HandleErrors::Report.call(
+          exception: e,
+          config: config,
+          message: :unhandled_exception,
+          report: true,
+          raise_exception: false
+        )
+
+        return if ENV['DIFFEND_IGNORE_ERRORS'] == 'true'
+
+        exit 255
+      end
+
+      def verify_version
+        return if ENV['DIFFEND_DEVELOPMENT'] == 'true'
+        return if installed_version == Diffend::VERSION
+
+        build_outdated_version_message(installed_version)
+          .tap(&::Bundler.ui.method(:error))
+
+        exit 2
+      end
+
+      # @return [String] installed plugin version
+      def installed_version
+        ::Bundler::Plugin
+          .index
+          .plugin_path('diffend')
+          .basename
+          .to_s
+          .split('-')
+          .last
+      end
+
+      # Checks if plugin is enabled
+      #
+      # @return [Boolean] true if enabled, false otherwise
+      def enabled?
+        ::Bundler
+          .default_gemfile
+          .read
+          .split("\n")
+          .reject(&:empty?)
+          .map(&:strip)
+          .select { |line| line.start_with?('plugin') }
+          .any? { |line| line.include?('diffend') }
+      end
+
+      # @param version [Hash] installed version
+      #
+      # @return [String]
+      def build_outdated_version_message(version)
+        <<~MSG
+          \nYou are running an outdated version (#{version}) of the plugin, which will lead to issues.
+          \nPlease upgrade to the latest one (#{VERSION}) by executing "rm -rf .bundle/plugin".\n
+        MSG
+      end
+
+      # Command that was run with bundle
+      #
+      # @return [String]
+      def command
+        ARGV.first || ::Bundler.feature_flag.default_cli_command.to_s
+      end
+    end
+  end
+end

data/lib/diffend/request_verdict.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Diffend
+  # Module responsible for fetching diffend verdict on local context
+  module RequestVerdict
+    class << self
+      # @param command [String] either install or update
+      # @param definition [Bundler::Definition] definition for your source
+      # @param config [OpenStruct] diffend config
+      def call(command, config, definition)
+        payload = Diffend::LocalContext.call(command, config.project_id, definition)
+
+        response = Diffend::Request.call(
+          build_request_object(command, config, payload)
+        )
+
+        JSON.parse(response.body)
+      rescue Bundler::GemNotFound
+        raise ::Diffend::Errors::DependenciesResolveException
+      rescue StandardError => e
+        Diffend::HandleErrors::Report.call(
+          exception: e,
+          payload: payload || {},
+          config: config,
+          message: :unhandled_exception,
+          report: true
+        )
+      end
+
+      # @param command [String] either install or update
+      # @param config [OpenStruct] diffend config
+      # @param payload [Hash]
+      #
+      # @return [Diffend::RequestObject]
+      def build_request_object(command, config, payload)
+        Diffend::RequestObject.new(
+          config: config,
+          url: commands_url(command, config.project_id),
+          payload: payload,
+          request_method: :post
+        )
+      end
+
+      # Provides diffend command endpoint url
+      #
+      # @param command [String] either install or update
+      # @param project_id [String] diffend project_id
+      #
+      # @return [String] diffend endpoint
+      def commands_url(command, project_id)
+        return ENV['DIFFEND_COMMAND_URL'] if ENV.key?('DIFFEND_COMMAND_URL')
+
+        "https://my.diffend.io/api/projects/#{project_id}/bundle/#{command}"
+      end
+    end
+  end
+end

data/lib/diffend/track.rb

@@ -11,7 +11,7 @@ module Diffend
     # Initialize tracking
     def initialize
       @mutex = Mutex.new
-      @config = fetch_config
+      @config = Diffend::Config.call
     end
 
     # Start tracking
@@ -50,15 +50,7 @@ module Diffend
 
     # Perform an exec request
     def exec_request
-      Diffend::Voting.call(
-        Diffend::Commands::EXEC,
-        @config,
-        Diffend::BuildBundlerDefinition.call(
-          Diffend::Commands::EXEC,
-          Bundler.default_gemfile,
-          Bundler.default_lockfile
-        )
-      )
+      Diffend::Execute.call(Diffend::Commands::EXEC, @config)
     end
 
     # Perform a track request
@@ -82,17 +74,6 @@ module Diffend
       ).freeze
     end
 
-    # Fetch diffend config file
-    #
-    # @return [OpenStruct, nil] configuration object
-    #
-    # @raise [Errors::MissingConfigurationFile] when no config file
-    def fetch_config
-      Config::Fetcher.call(
-        File.expand_path('..', Bundler.bin_path)
-      )
-    end
-
     # @param project_id [String] diffend project_id
     # @param request_id [String]
     #

data/lib/diffend/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Diffend
+  # Current version
+  VERSION = '0.2.30'
+end

data/plugins.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-require 'diffend'
+require 'diffend/plugin'
 
-Diffend.register
+Diffend::Plugin.register

data/scripts/generate_payload_for_file.rb

@@ -3,7 +3,6 @@
 require 'byebug'
 require 'diffend'
 
-
 command = 'install'
 project_id = nil
 
@@ -12,4 +11,4 @@ lockfile = ARGV[1]
 
 definition = Diffend::BuildBundlerDefinition.call(command, gemfile lockfile)
 
-pp Diffend::Voting::Versions::Remote.payload(command, project_id, definition)
+pp Diffend::LocalContext.call(command, project_id, definition)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: diffend
 version: !ruby/object:Gem::Version
-  version: 0.2.29
+  version: 0.2.30
 platform: ruby
 authors:
 - Tomasz Pajor
@@ -94,21 +94,28 @@ files:
 - lib/diffend.rb
 - lib/diffend/build_bundler_definition.rb
 - lib/diffend/commands.rb
+- lib/diffend/config.rb
 - lib/diffend/config/fetcher.rb
 - lib/diffend/config/file_finder.rb
 - lib/diffend/config/validator.rb
 - lib/diffend/errors.rb
+- lib/diffend/execute.rb
 - lib/diffend/handle_errors/build_exception_payload.rb
 - lib/diffend/handle_errors/display_to_stdout.rb
 - lib/diffend/handle_errors/messages.rb
 - lib/diffend/handle_errors/report.rb
+- lib/diffend/local_context.rb
+- lib/diffend/local_context/diffend.rb
+- lib/diffend/local_context/host.rb
+- lib/diffend/local_context/packages.rb
+- lib/diffend/local_context/platform.rb
 - lib/diffend/monitor.rb
+- lib/diffend/plugin.rb
 - lib/diffend/request.rb
 - lib/diffend/request_object.rb
+- lib/diffend/request_verdict.rb
 - lib/diffend/track.rb
-- lib/diffend/voting.rb
-- lib/diffend/voting/versions/local.rb
-- lib/diffend/voting/versions/remote.rb
+- lib/diffend/version.rb
 - plugins.rb
 - scripts/generate_payload_for_file.rb
 homepage: https://diffend.io
@@ -133,5 +140,5 @@ requirements: []
 rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
-summary: OSS supply chain security and management platform.
+summary: OSS supply chain security and management platform
 test_files: []

data/lib/diffend/voting/versions/local.rb

@@ -1,304 +0,0 @@
-# frozen_string_literal: true
-
-module Diffend
-  module Voting
-    # Module responsible for handling both local and remote gem versions
-    module Versions
-      # Module responsible for preparing current or current/new versions of gems
-      class Local
-        # Definition of a local path, if it matches it means that we are the source
-        ME_PATH = '.'
-        # Sources that we expect to match ourselves too
-        ME_SOURCES = [
-          Bundler::Source::Gemspec,
-          Bundler::Source::Path
-        ].freeze
-        # List of dependency types
-        DEPENDENCIES_TYPES = {
-          direct: 0,
-          dependency: 1
-        }.freeze
-        # List of sources types
-        SOURCES_TYPES = {
-          valid: 0,
-          multiple_primary: 1
-        }.freeze
-        # List of gem sources types
-        GEM_SOURCES_TYPES = {
-          local: 0,
-          gemfile_source: 1,
-          gemfile_git: 2,
-          gemfile_path: 3
-        }.freeze
-
-        class << self
-          # @param command [String] either install or update
-          # @param definition [Bundler::Definition] definition for your source
-          def call(command, definition)
-            Bundler.ui.silence { definition.resolve_remotely! }
-
-            instance = new(definition)
-
-            case command
-            when Commands::INSTALL, Commands::EXEC then instance.build_install
-            when Commands::UPDATE then instance.build_update
-            else
-              raise ArgumentError, "invalid command: #{command}"
-            end
-          end
-        end
-
-        # @param definition [Bundler::Definition] definition for your source
-        #
-        # @return [Hash] local dependencies
-        def initialize(definition)
-          @definition = definition
-          @direct_dependencies = Hash[definition.dependencies.map { |val| [val.name, val] }]
-          # Support case without Gemfile.lock
-          @locked_specs = @definition.locked_gems ? @definition.locked_gems.specs : []
-        end
-
-        # Build install specification
-        #
-        # @return [Hash]
-        def build_install
-          hash = build_main
-
-          @definition.specs.each do |spec|
-            next if skip?(spec.source)
-
-            locked_spec = @locked_specs.find { |s| s.name == spec.name }
-
-            hash['dependencies'][spec.name] = {
-              'platform' => build_spec_platform(spec, locked_spec),
-              'source' => build_spec_source(spec),
-              'type' => build_dependency_type(spec.name),
-              'versions' => build_versions(spec, locked_spec)
-            }
-          end
-
-          hash
-        end
-
-        # Build update specification
-        #
-        # @return [Hash]
-        def build_update
-          hash = build_main
-
-          @definition.specs.each do |spec|
-            next if skip?(spec.source)
-
-            locked_spec = @locked_specs.find { |s| s.name == spec.name }
-
-            hash['dependencies'][spec.name] = {
-              'platform' => build_spec_platform(spec, locked_spec),
-              'source' => build_spec_source(spec),
-              'type' => build_dependency_type(spec.name),
-              'versions' => build_versions(spec, locked_spec)
-            }
-          end
-
-          hash
-        end
-
-        private
-
-        # Build default specification
-        #
-        # @return [Hash]
-        def build_main
-          {
-            'dependencies' => {},
-            'sources' => build_sources,
-            'plugins' => {},
-            'platforms' => @definition.platforms.map(&:to_s)
-          }
-        end
-
-        # Build gem versions
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        # @param locked_spec [Bundler::LazySpecification, Gem::Specification, NilClass]
-        #
-        # @return [Array<String>]
-        def build_versions(spec, locked_spec = nil)
-          if locked_spec && locked_spec.version.to_s != spec.version.to_s
-            [locked_spec.version.to_s, spec.version.to_s]
-          else
-            [spec.version.to_s]
-          end
-        end
-
-        # @param specs [Array] specs that are direct dependencies
-        # @param name [String] spec name
-        #
-        # @return [Boolean] dependency type
-        def build_dependency_type(name)
-          if @direct_dependencies.key?(name)
-            DEPENDENCIES_TYPES[:direct]
-          else
-            DEPENDENCIES_TYPES[:dependency]
-          end
-        end
-
-        # Build gem platform
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        # @param locked_spec [Bundler::LazySpecification, Gem::Specification, NilClass]
-        #
-        # @return [String]
-        def build_spec_platform(spec, locked_spec)
-          parse_platform(
-            spec.platform || locked_spec&.platform || spec.send(:generic_local_platform)
-          )
-        end
-
-        # Parse gem platform
-        #
-        # @param platform [String, Gem::Platform]
-        #
-        # @return [String]
-        def parse_platform(platform)
-          case platform
-          when String then platform
-          when Gem::Platform then platform.os
-          end
-        end
-
-        # Build gem source type
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [Integer] internal gem source type
-        def build_spec_gem_source_type(source)
-          case source
-          when Bundler::Source::Metadata
-            GEM_SOURCES_TYPES[:local]
-          when Bundler::Source::Rubygems, Bundler::Source::Rubygems::Remote
-            GEM_SOURCES_TYPES[:gemfile_source]
-          when Bundler::Source::Git
-            GEM_SOURCES_TYPES[:gemfile_git]
-          when Bundler::Source::Path
-            GEM_SOURCES_TYPES[:gemfile_path]
-          else
-            raise ArgumentError, "unknown source #{source.class}"
-          end
-        end
-
-        # Build gem source
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        #
-        # @return [Hash]
-        def build_spec_source(spec)
-          source = source_for_spec(spec)
-
-          {
-            'type' => build_spec_gem_source_type(source),
-            'value' => source_name_from_source(source)
-          }
-        end
-
-        # Figure out source for gem
-        #
-        # @param spec [Bundler::StubSpecification, Bundler::LazySpecification, Gem::Specification]
-        #
-        # @return [Bundler::Source] gem source type
-        def source_for_spec(spec)
-          return spec.remote if spec.remote
-
-          case spec.source
-          when Bundler::Source::Rubygems
-            spec
-              .source
-              .send(:remote_specs)
-              .search(Bundler::Dependency.new(spec.name, spec.version))
-              .last
-              .remote
-          when Bundler::Source::Metadata, Bundler::Source::Git, Bundler::Source::Path
-            spec.source
-          else
-            raise ArgumentError, "unknown source #{spec.source.class}"
-          end
-        end
-
-        # Build gem source name
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [String]
-        def source_name_from_source(source)
-          case source
-          when Bundler::Source::Metadata
-            ''
-          when Bundler::Source::Rubygems::Remote
-            source_name(source.anonymized_uri)
-          when Bundler::Source::Git
-            source.instance_variable_get(:@safe_uri)
-          when Bundler::Source::Path
-            source.path
-          else
-            raise ArgumentError, "unknown source #{source.class}"
-          end
-        end
-
-        # @param uri [Bundler::URI]
-        #
-        # @return [String]
-        def source_name(uri)
-          uri.to_s[0...-1]
-        end
-
-        # Build sources used in the Gemfile
-        #
-        # @return [Array<Hash>]
-        def build_sources
-          sources = @definition.send(:sources).rubygems_sources
-          hash = {}
-
-          sources.each do |source|
-            type = build_source_type(source.remotes)
-
-            source.remotes.each do |src|
-              hash[source_name(src)] = type
-            end
-          end
-
-          hash.map { |name, type| { 'name' => name, 'type' => type } }
-        end
-
-        # Build gem source type
-        #
-        # @param remotes [Array<Bundler::URI>]
-        #
-        # @return [Integer] internal source type
-        def build_source_type(remotes)
-          remotes.count > 1 ? SOURCES_TYPES[:multiple_primary] : SOURCES_TYPES[:valid]
-        end
-
-        # Checks if we should skip a source
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [Boolean] true if we should skip this source, false otherwise
-        def skip?(source)
-          return true if me?(source)
-
-          false
-        end
-
-        # Checks if it's a self source, this happens for repositories that are a gem
-        #
-        # @param source [Bundler::Source] gem source type
-        #
-        # @return [Boolean] true if it's a self source, false otherwise
-        def me?(source)
-          return false unless ME_SOURCES.include?(source.class)
-
-          source.path.to_s == ME_PATH
-        end
-      end
-    end
-  end
-end