digital_femsa 1.1.0 → 1.1.1

data/spec/models/generated_models_coverage_spec.rb

@@ -0,0 +1,152 @@
+require 'spec_helper'
+
+RSpec.describe 'Generated models coverage smoke tests' do
+  model_classes = DigitalFemsa.constants.filter_map do |const_name|
+    constant = DigitalFemsa.const_get(const_name)
+    next unless constant.is_a?(Class)
+    next unless constant.respond_to?(:attribute_map)
+    next unless constant.respond_to?(:openapi_types)
+    next unless constant.respond_to?(:build_from_hash)
+    next unless constant.respond_to?(:_deserialize)
+
+    constant
+  rescue NameError
+    nil
+  end.sort_by(&:name)
+
+  sample_value_for = lambda do |type, attr_name: nil, depth: 0|
+    return nil if depth > 2
+
+    type_name = type.to_s
+
+    return 'https://example.com/webhook' if attr_name.to_s.include?('url')
+
+    case type_name
+    when 'String'
+      attr_name.to_s.include?('email') ? 'test@example.com' : 'sample'
+    when 'Integer'
+      1
+    when 'Float'
+      1.5
+    when 'Boolean'
+      true
+    when 'Date'
+      '2024-01-01'
+    when 'Time'
+      '2024-01-01T00:00:00Z'
+    when 'Object'
+      { 'key' => 'value' }
+    when /\AArray<(?<inner_type>.+)>\z/
+      [sample_value_for.call(Regexp.last_match[:inner_type], attr_name: attr_name, depth: depth + 1)]
+    when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
+      {
+        sample_value_for.call(Regexp.last_match[:k_type], depth: depth + 1) =>
+          sample_value_for.call(Regexp.last_match[:v_type], depth: depth + 1)
+      }
+    else
+      {}
+    end
+  end
+
+  candidate_values_for = lambda do |type, attr_name|
+    type_name = type.to_s
+    attr_name_str = attr_name.to_s
+
+    candidates = [sample_value_for.call(type, attr_name: attr_name)]
+
+    if type_name == 'String'
+      candidates.concat(
+        %w[private public MXN USD es en active inactive pending completed card cash transfer bank_transfer charge order customer webhook]
+      )
+      candidates << 'https://example.com/webhook' if attr_name_str.include?('url')
+      candidates << 'test@example.com' if attr_name_str.include?('email')
+      candidates << 'mx' if attr_name_str.include?('country')
+    elsif type_name == 'Integer'
+      candidates.concat([0, 20, 100, 1_700_000_000])
+    elsif type_name == 'Float'
+      candidates.concat([0.0, 2.5, 10.0])
+    elsif type_name == 'Boolean'
+      candidates << false
+    elsif type_name.match?(/\AArray<.+>\z/)
+      candidates << []
+    elsif type_name.match?(/\AHash<.+>\z/)
+      candidates << {}
+    end
+
+    candidates.compact.uniq
+  end
+
+  attributes_for = lambda do |klass|
+    klass.openapi_types.each_with_object({}) do |(attr, type), attrs|
+      assigned = false
+
+      candidate_values_for.call(type, attr).each do |value|
+        begin
+          klass.new(attrs.merge(attr => value))
+          attrs[attr] = value
+          assigned = true
+          break
+        rescue StandardError
+          next
+        end
+      end
+
+      next if assigned
+
+      begin
+        klass.new(attrs.merge(attr => nil))
+        attrs[attr] = nil
+      rescue StandardError
+        # Skip attributes that require highly specific values in custom setters.
+      end
+    end
+  end
+
+  model_classes.each do |klass|
+    it "smoke-tests #{klass.name}" do
+      attrs = attributes_for.call(klass)
+
+      begin
+        instance = klass.new(attrs)
+        another_instance = klass.new(attrs)
+      rescue StandardError => e
+        skip("Skipped strict model initialization: #{e.message}")
+      end
+
+      expect(klass.acceptable_attributes).to be_a(Array)
+      expect(klass.openapi_nullable).to be_a(Set)
+
+      expect { klass.new('invalid') }.to raise_error(ArgumentError)
+      expect { klass.new('__invalid_attribute__' => 'x') }.to raise_error(ArgumentError)
+
+      expect(instance.send(:==, another_instance)).to be(true)
+      expect(instance.send(:eql?, another_instance)).to be(true)
+      expect(instance.send(:hash)).to be_a(Integer)
+      expect { instance.send(:list_invalid_properties) }.not_to raise_error
+      expect { instance.send(:valid?) }.not_to raise_error
+
+      serialized_hash = instance.send(:to_hash)
+      expect(serialized_hash).to be_a(Hash)
+      expect(instance.send(:to_body)).to eq(serialized_hash)
+      expect(instance.send(:to_s)).to be_a(String)
+      expect(instance.send(:_to_hash, [1, nil, 2])).to eq([1, 2])
+      expect(instance.send(:_to_hash, { 'a' => 1 })).to eq('a' => 1)
+
+      rebuilt = klass.build_from_hash(serialized_hash) rescue nil
+      expect(rebuilt).to be_a(klass).or be_nil
+
+      expect(klass._deserialize('String', 1)).to eq('1')
+      expect(klass._deserialize('Integer', '1')).to eq(1)
+      expect(klass._deserialize('Float', '1.2')).to eq(1.2)
+      expect(klass._deserialize('Boolean', 'true')).to be(true)
+      expect(klass._deserialize('Boolean', 'false')).to be(false)
+      expect(klass._deserialize('Object', { 'a' => 1 })).to eq('a' => 1)
+      expect(klass._deserialize('Array<String>', [1, 2])).to eq(%w[1 2])
+      expect(klass._deserialize('Hash<String, Integer>', { 'a' => '1' })).to eq('a' => 1)
+      expect(klass._deserialize('Date', '2024-01-01')).to be_a(Date)
+      expect(klass._deserialize('Time', '2024-01-01T00:00:00Z')).to be_a(Time)
+      expect { klass._deserialize(klass.name.split('::').last, {}) rescue nil }.not_to raise_error
+
+    end
+  end
+end

data/spec/models/webhook_request_ssrf_protection_spec.rb

@@ -0,0 +1,275 @@
+require 'spec_helper'
+
+RSpec.describe DigitalFemsa::WebhookRequest, type: :model do
+  describe 'SSRF Protection' do
+    let(:valid_url) { 'https://example.com/webhook' }
+    let(:webhook_request) { DigitalFemsa::WebhookRequest.new(url: valid_url, synchronous: false) }
+
+    describe '#url=' do
+      context 'with valid URLs' do
+        it 'allows legitimate external URLs' do
+          expect { webhook_request.url = 'https://api.example.com/webhook' }.not_to raise_error
+        end
+
+        it 'allows HTTP URLs' do
+          expect { webhook_request.url = 'http://api.example.com/webhook' }.not_to raise_error
+        end
+
+        it 'allows URLs with standard ports' do
+          expect { webhook_request.url = 'https://example.com:443/webhook' }.not_to raise_error
+        end
+
+        it 'allows URLs with non-standard but safe ports' do
+          expect { webhook_request.url = 'https://example.com:9443/webhook' }.not_to raise_error
+        end
+      end
+
+      context 'with localhost variations' do
+        it 'blocks localhost' do
+          expect { webhook_request.url = 'https://localhost/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 127.0.0.1' do
+          expect { webhook_request.url = 'https://127.0.0.1/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 127.0.0.0' do
+          expect { webhook_request.url = 'https://127.0.0.0/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 0.0.0.0' do
+          expect { webhook_request.url = 'https://0.0.0.0/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks IPv6 localhost' do
+          expect { webhook_request.url = 'https://::1/webhook' }
+            .to raise_error(ArgumentError, /must be a valid URL/)
+        end
+
+        it 'blocks 127.0.0.2' do
+          expect { webhook_request.url = 'https://127.0.0.2/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 127.1.1.1' do
+          expect { webhook_request.url = 'https://127.1.1.1/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+      end
+
+      context 'with private IP ranges' do
+        it 'blocks 10.x.x.x range' do
+          expect { webhook_request.url = 'https://10.0.0.1/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 192.168.x.x range' do
+          expect { webhook_request.url = 'https://192.168.1.1/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 172.16-31.x.x range' do
+          expect { webhook_request.url = 'https://172.16.0.1/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 172.31.x.x range' do
+          expect { webhook_request.url = 'https://172.31.0.1/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks 169.254.x.x range (link-local)' do
+          expect { webhook_request.url = 'https://169.254.169.254/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+      end
+
+      context 'with internal hostnames' do
+        it 'blocks internal hostnames' do
+          expect { webhook_request.url = 'https://internal-service/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks database hostnames' do
+          expect { webhook_request.url = 'https://database.local/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks admin hostnames' do
+          expect { webhook_request.url = 'https://admin-panel/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks api-gateway hostnames' do
+          expect { webhook_request.url = 'https://api-gateway.internal/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+      end
+
+      context 'with DNS rebinding services' do
+        it 'blocks xip.io' do
+          expect { webhook_request.url = 'https://127.0.0.1.xip.io/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks nip.io' do
+          expect { webhook_request.url = 'https://192.168.1.1.nip.io/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks localtest.me' do
+          expect { webhook_request.url = 'https://localtest.me/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+      end
+
+      context 'with suspicious hostname patterns' do
+        it 'blocks internal- prefix' do
+          expect { webhook_request.url = 'https://internal-api/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks dev- prefix' do
+          expect { webhook_request.url = 'https://dev-service/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+
+        it 'blocks db- prefix' do
+          expect { webhook_request.url = 'https://db-primary/webhook' }
+            .to raise_error(ArgumentError, /hostname points to restricted network resource/)
+        end
+      end
+
+      context 'with restricted ports' do
+        it 'blocks SSH port' do
+          expect { webhook_request.url = 'https://example.com:22/webhook' }
+            .to raise_error(ArgumentError, /port is not allowed/)
+        end
+
+        it 'blocks database ports' do
+          expect { webhook_request.url = 'https://example.com:3306/webhook' }
+            .to raise_error(ArgumentError, /port is not allowed/)
+        end
+
+        it 'blocks Redis port' do
+          expect { webhook_request.url = 'https://example.com:6379/webhook' }
+            .to raise_error(ArgumentError, /port is not allowed/)
+        end
+
+        it 'blocks Elasticsearch port' do
+          expect { webhook_request.url = 'https://example.com:9200/webhook' }
+            .to raise_error(ArgumentError, /port is not allowed/)
+        end
+
+        it 'blocks MongoDB port' do
+          expect { webhook_request.url = 'https://example.com:27017/webhook' }
+            .to raise_error(ArgumentError, /port is not allowed/)
+        end
+
+        it 'allows standard HTTP port' do
+          expect { webhook_request.url = 'https://example.com:80/webhook' }.not_to raise_error
+        end
+
+        it 'allows standard HTTPS port' do
+          expect { webhook_request.url = 'https://example.com:443/webhook' }.not_to raise_error
+        end
+      end
+
+      context 'with invalid schemes' do
+        it 'blocks ftp scheme' do
+          expect { webhook_request.url = 'ftp://example.com/webhook' }
+            .to raise_error(ArgumentError, /must use http or https scheme/)
+        end
+
+        it 'blocks file scheme' do
+          expect { webhook_request.url = 'file:///etc/passwd' }
+            .to raise_error(ArgumentError, /must use http or https scheme/)
+        end
+
+        it 'blocks missing scheme' do
+          expect { webhook_request.url = '//example.com/webhook' }
+            .to raise_error(ArgumentError, /must use http or https scheme/)
+        end
+      end
+
+      context 'with malformed URLs' do
+        it 'blocks invalid URL format' do
+          expect { webhook_request.url = 'not-a-url' }
+            .to raise_error(ArgumentError, /must use http or https scheme/)
+        end
+
+        it 'blocks empty hostname' do
+          expect { webhook_request.url = 'https:///webhook' }
+            .to raise_error(ArgumentError, /hostname cannot be empty/)
+        end
+
+        it 'blocks nil URL' do
+          expect { webhook_request.url = nil }
+            .to raise_error(ArgumentError, /url cannot be nil/)
+        end
+      end
+    end
+
+    describe '#valid?' do
+      it 'returns true for valid URLs' do
+        webhook_request.url = 'https://example.com/webhook'
+        expect(webhook_request.valid?).to be true
+      end
+
+      it 'returns false for localhost URLs' do
+        webhook_request.instance_variable_set(:@url, 'https://localhost/webhook')
+        expect(webhook_request.valid?).to be false
+      end
+
+      it 'returns false for private IP URLs' do
+        webhook_request.instance_variable_set(:@url, 'https://192.168.1.1/webhook')
+        expect(webhook_request.valid?).to be false
+      end
+
+      it 'returns false for restricted ports' do
+        webhook_request.instance_variable_set(:@url, 'https://example.com:22/webhook')
+        expect(webhook_request.valid?).to be false
+      end
+
+      it 'returns false for invalid schemes' do
+        webhook_request.instance_variable_set(:@url, 'ftp://example.com/webhook')
+        expect(webhook_request.valid?).to be false
+      end
+    end
+
+    describe '#list_invalid_properties' do
+      it 'returns empty array for valid URLs' do
+        webhook_request.url = 'https://example.com/webhook'
+        expect(webhook_request.list_invalid_properties).to be_empty
+      end
+
+      it 'returns error for localhost URLs' do
+        webhook_request.instance_variable_set(:@url, 'https://localhost/webhook')
+        properties = webhook_request.list_invalid_properties
+        expect(properties).to include(/hostname points to restricted network resource/)
+      end
+
+      it 'returns error for private IP URLs' do
+        webhook_request.instance_variable_set(:@url, 'https://192.168.1.1/webhook')
+        properties = webhook_request.list_invalid_properties
+        expect(properties).to include(/hostname points to restricted network resource/)
+      end
+
+      it 'returns error for restricted ports' do
+        webhook_request.instance_variable_set(:@url, 'https://example.com:22/webhook')
+        properties = webhook_request.list_invalid_properties
+        expect(properties).to include(/port is not allowed/)
+      end
+
+      it 'returns error for invalid schemes' do
+        webhook_request.instance_variable_set(:@url, 'ftp://example.com/webhook')
+        properties = webhook_request.list_invalid_properties
+        expect(properties).to include(/must use http or https scheme/)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -10,6 +10,43 @@ Generator version: 7.5.0
 
 =end
 
+# Configure SimpleCov for code coverage
+require 'simplecov'
+require 'simplecov-json'
+
+SimpleCov.start do
+  # Minimum coverage threshold
+  minimum_coverage 80
+  
+  # Track files in the lib directory
+  track_files '{lib,app}/**/*.rb'
+  
+  # Exclude certain files from coverage
+  add_filter '/spec/'
+  add_filter '/vendor/'
+  add_filter '/tasks/'
+  add_filter '/config/'
+  
+  # Group coverage by file type
+  add_group 'Models', 'lib/digital_femsa/models'
+  add_group 'APIs', 'lib/digital_femsa/api'
+  add_group 'Core', 'lib/digital_femsa.rb'
+  add_group 'Configuration', 'lib/digital_femsa/configuration.rb'
+  add_group 'API Client', 'lib/digital_femsa/api_client.rb'
+  
+  # Use multiple formatters
+  formatters = SimpleCov::Formatter::MultiFormatter.new([
+    SimpleCov::Formatter::HTMLFormatter,
+    SimpleCov::Formatter::JSONFormatter
+  ])
+  SimpleCov.formatter = formatters
+  
+  # Add custom metrics
+  add_filter do |source_file|
+    source_file.lines.count < 5 # Exclude very small files
+  end
+end
+
 # load the gem
 require 'digital_femsa'
 

metadata

@@ -1,35 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: digital_femsa
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - DigitalFemsa
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-26 00:00:00.000000000 Z
+date: 2026-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.1
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.14.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.1
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.14.2
 - !ruby/object:Gem::Dependency
   name: faraday-multipart
   requirement: !ruby/object:Gem::Requirement
@@ -88,6 +82,7 @@ files:
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
+- Gemfile.lock
 - LICENSE
 - Makefile
 - README.md
@@ -425,6 +420,7 @@ files:
 - spec/api/customers_api_spec.rb
 - spec/api/discounts_api_spec.rb
 - spec/api/events_api_spec.rb
+- spec/api/generated_apis_coverage_spec.rb
 - spec/api/logs_api_spec.rb
 - spec/api/orders_api_spec.rb
 - spec/api/payment_link_api_spec.rb
@@ -437,6 +433,9 @@ files:
 - spec/api/transfers_api_spec.rb
 - spec/api/webhook_keys_api_spec.rb
 - spec/api/webhooks_api_spec.rb
+- spec/api_client_spec.rb
+- spec/models/generated_models_coverage_spec.rb
+- spec/models/webhook_request_ssrf_protection_spec.rb
 - spec/spec_helper.rb
 - ssl_data/ca_bundle.crt
 - templates/ruby/CUSTOM_VERSION.mustache
@@ -466,23 +465,27 @@ signing_key:
 specification_version: 4
 summary: This library provides https://api.digitalfemsa.io operations
 test_files:
-- spec/api/discounts_api_spec.rb
-- spec/api/payment_methods_api_spec.rb
+- spec/api/orders_api_spec.rb
+- spec/api/products_api_spec.rb
+- spec/api/generated_apis_coverage_spec.rb
+- spec/api/balances_api_spec.rb
+- spec/api/taxes_api_spec.rb
+- spec/api/webhooks_api_spec.rb
+- spec/api/shipping_contacts_api_spec.rb
 - spec/api/transfers_api_spec.rb
+- spec/api/charges_api_spec.rb
 - spec/api/companies_api_spec.rb
-- spec/api/taxes_api_spec.rb
-- spec/api/webhook_keys_api_spec.rb
 - spec/api/shippings_api_spec.rb
-- spec/api/api_keys_api_spec.rb
-- spec/api/payment_link_api_spec.rb
-- spec/api/charges_api_spec.rb
-- spec/api/balances_api_spec.rb
+- spec/api/customers_api_spec.rb
+- spec/api/discounts_api_spec.rb
 - spec/api/logs_api_spec.rb
-- spec/api/webhooks_api_spec.rb
-- spec/api/products_api_spec.rb
 - spec/api/transactions_api_spec.rb
-- spec/api/shipping_contacts_api_spec.rb
-- spec/api/orders_api_spec.rb
-- spec/api/customers_api_spec.rb
+- spec/api/webhook_keys_api_spec.rb
+- spec/api/payment_link_api_spec.rb
 - spec/api/events_api_spec.rb
+- spec/api/payment_methods_api_spec.rb
+- spec/api/api_keys_api_spec.rb
+- spec/api_client_spec.rb
+- spec/models/generated_models_coverage_spec.rb
+- spec/models/webhook_request_ssrf_protection_spec.rb
 - spec/spec_helper.rb