digital_femsa 1.1.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95505b447016a0b25cb0fd3ffcc692f5dd7218e88166d818d68ef521d3cf0b6e
-  data.tar.gz: 63803ed21b19398750bd0f281f77c1688b4ea9077b5e7d8115e83f9f238919cb
+  metadata.gz: 0f0452baa0bfee1932378770877461e46eb16cfc255de3af8dc1b39927a42c1b
+  data.tar.gz: c83fdf5e1968a1258436da39e15673ae498d0ac04b3b7168fff97288f3ec2541
 SHA512:
-  metadata.gz: fd7e0e06fb721dd63255e72ceec83fb8c4c7fb6187ff07512c2a5a82dd1c58c1af24bab8a272c1608f233cf8d6df115d43e21807db3fe2ba3fa2f6dc0a41c561
-  data.tar.gz: f219280b929af93bfac269dd3f368a7a1123427d1e4da32ab2c299d6982201c6ade80f38c59b2622898ee138086e31f5c536170ff6e123d70b86080425be6597
+  metadata.gz: d719bf015ab2a8f6bbd20e3c9ac13e9c2c67ff815090c035f48a5d75e176c4b460c06224b37a3cbc2dfe1b998195040449531078b949590f8a82a2bd0157d42b
+  data.tar.gz: 75861af98201f94c25573cc4530dba0d28da4dd152d4276d2ed8c54078685b5ee52bd4c06e4f87e4c9ea126f041a4c74a93902b4d5ccf88b1ae807d595e5cad7

data/Gemfile

@@ -6,4 +6,6 @@ group :development, :test do
   gem 'rake', '~> 13.0.1'
   gem 'pry-byebug'
   gem 'rubocop', '~> 0.66.0'
+  gem 'simplecov', '~> 0.22.0'
+  gem 'simplecov-json', '~> 0.2'
 end

data/Gemfile.lock

@@ -0,0 +1,104 @@
+PATH
+  remote: .
+  specs:
+    digital_femsa (1.1.1)
+      faraday (= 2.14.2)
+      faraday-multipart
+      marcel
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.3)
+    byebug (13.0.0)
+      reline (>= 0.6.0)
+    coderay (1.1.3)
+    date (3.5.1)
+    diff-lcs (1.6.2)
+    docile (1.4.1)
+    faraday (2.14.2)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-multipart (1.2.0)
+      multipart-post (~> 2.0)
+    faraday-net_http (3.4.3)
+      net-http (~> 0.5)
+    io-console (0.8.2)
+    jaro_winkler (1.5.6)
+    json (2.19.7)
+    logger (1.7.0)
+    marcel (1.2.1)
+    method_source (1.1.0)
+    multipart-post (2.4.1)
+    net-http (0.9.1)
+      uri (>= 0.11.1)
+    parallel (1.28.0)
+    parser (3.3.11.1)
+      ast (~> 2.4.1)
+      racc
+    pry (0.16.0)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+      reline (>= 0.6.0)
+    pry-byebug (3.12.0)
+      byebug (~> 13.0)
+      pry (>= 0.13, < 0.17)
+    psych (5.3.1)
+      date
+      stringio
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    reline (0.6.3)
+      io-console (~> 0.5)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.8)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.7)
+    rubocop (0.66.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      psych (>= 3.1.0)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.6)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.13.2)
+    simplecov-json (0.2.3)
+      json
+      simplecov
+    simplecov_json_formatter (0.1.4)
+    stringio (3.2.0)
+    unicode-display_width (1.5.0)
+    uri (1.1.1)
+
+PLATFORMS
+  arm64-darwin-25
+  ruby
+
+DEPENDENCIES
+  digital_femsa!
+  pry-byebug
+  rake (~> 13.0.1)
+  rspec (~> 3.6, >= 3.6.0)
+  rubocop (~> 0.66.0)
+  simplecov (~> 0.22.0)
+  simplecov-json (~> 0.2)
+
+BUNDLED WITH
+   2.5.9

data/README.md

@@ -7,7 +7,7 @@ Femsa sdk
 This SDK is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project:
 
 - API version: 2.1.0
-- Package version: 1.1.0
+- Package version: 1.1.1
 - Build date: 2026-03-26T20:52:06.650476795Z[Etc/UTC]
 - Generator version: 7.5.0
 - Build package: org.openapitools.codegen.languages.RubyClientCodegen
@@ -26,16 +26,16 @@ gem build digital_femsa.gemspec
 Then either install the gem locally:
 
 ```shell
-gem install ./digital_femsa-1.1.0.gem
+gem install ./digital_femsa-1.1.1.gem
 ```
 
-(for development, run `gem install --dev ./digital_femsa-1.1.0.gem` to install the development dependencies)
+(for development, run `gem install --dev ./digital_femsa-1.1.1.gem` to install the development dependencies)
 
 or publish the gem to a gem hosting service, e.g. [RubyGems](https://rubygems.org/).
 
 Finally add this to the Gemfile:
 
-    gem 'digital_femsa', '~> 1.1.0'
+    gem 'digital_femsa', '~> 1.1.1'
 
 ### Install from Git
 

data/VERSION

@@ -1 +1 @@
-1.1.0
+1.1.1

data/config-ruby.json

@@ -3,7 +3,7 @@
   "gemAuthor": "DigitalFemsa",
   "gemName" : "digital_femsa",
   "gemLicense": "MIT",
-  "gemVersion": "1.1.0",
+  "gemVersion": "1.1.1",
   "hideGenerationTimestamp": false,
   "moduleName": "DigitalFemsa",
   "gemSummary" : "This library provides https://api.digitalfemsa.io operations",

data/digital_femsa.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = ">= 2.6"
   s.metadata    = {}
 
-  s.add_runtime_dependency 'faraday', '>= 1.0.1', '< 3.0'
+  s.add_runtime_dependency 'faraday', '= 2.14.2'
   s.add_runtime_dependency 'faraday-multipart'
   s.add_runtime_dependency 'marcel'
 

data/lib/digital_femsa/models/webhook_request.rb

@@ -12,6 +12,7 @@ Generator version: 7.5.0
 
 require 'date'
 require 'time'
+require 'uri'
 
 module DigitalFemsa
   # Parameters used to create or update a webhook.
@@ -86,9 +87,10 @@ module DigitalFemsa
         invalid_properties.push('invalid value for "url", url cannot be nil.')
       end
 
-      pattern = Regexp.new(/^(?!.*(localhost|127\.0\.0\.1)).*$/)
-      if @url !~ pattern
-        invalid_properties.push("invalid value for \"url\", must conform to the pattern #{pattern}.")
+      begin
+        validate_url_safety(@url) if @url
+      rescue ArgumentError => e
+        invalid_properties.push(e.message)
       end
 
       if @synchronous.nil?
@@ -103,7 +105,11 @@ module DigitalFemsa
     def valid?
       warn '[DEPRECATED] the `valid?` method is obsolete'
       return false if @url.nil?
-      return false if @url !~ Regexp.new(/^(?!.*(localhost|127\.0\.0\.1)).*$/)
+      begin
+        validate_url_safety(@url)
+      rescue ArgumentError
+        return false
+      end
       return false if @synchronous.nil?
       true
     end
@@ -115,12 +121,245 @@ module DigitalFemsa
         fail ArgumentError, 'url cannot be nil'
       end
 
-      pattern = Regexp.new(/^(?!.*(localhost|127\.0\.0\.1)).*$/)
-      if url !~ pattern
-        fail ArgumentError, "invalid value for \"url\", must conform to the pattern #{pattern}."
+      validate_url_safety(url)
+      @url = url
+    end
+
+    private
+
+    # Comprehensive URL validation to prevent SSRF attacks
+    # @param [String] url URL to validate
+    def validate_url_safety(url)
+      # Parse the URL to extract hostname
+      begin
+        uri = URI.parse(url)
+        hostname = uri.hostname
+        port = uri.port
+        
+        # Ensure URL has a valid scheme (http/https)
+        unless uri.scheme =~ /\A(https?)\z/
+          fail ArgumentError, "invalid value for \"url\", must use http or https scheme"
+        end
+
+        # Block if hostname is nil or empty
+        if hostname.nil? || hostname.empty?
+          fail ArgumentError, "invalid value for \"url\", hostname cannot be empty"
+        end
+
+        # Block localhost variations and private IP ranges
+        if hostname_matches_restricted_patterns?(hostname)
+          fail ArgumentError, "invalid value for \"url\", hostname points to restricted network resource"
+        end
+
+        # Block ports commonly used for internal services
+        if port_matches_restricted_ports?(port)
+          fail ArgumentError, "invalid value for \"url\", port is not allowed"
+        end
+
+      rescue URI::InvalidURIError
+        fail ArgumentError, "invalid value for \"url\", must be a valid URL"
       end
+    end
 
-      @url = url
+    # Check if hostname matches restricted patterns
+    # @param [String] hostname Hostname to check
+    # @return [Boolean] true if hostname is restricted
+    def hostname_matches_restricted_patterns?(hostname)
+      # Convert to lowercase for case-insensitive comparison
+      hostname = hostname.downcase
+
+      # Block localhost variations
+      localhost_patterns = [
+        'localhost',
+        '127.0.0.1',
+        '127.0.0.0',
+        '0.0.0.0',
+        '::1',
+        '0:0:0:0:0:0:0:1',
+        'ip6-localhost',
+        'ip6-loopback'
+      ]
+
+      # Block private IP ranges
+      private_ip_patterns = [
+        /^127\.\d+\.\d+\.\d+/,      # 127.0.0.0/8 (loopback)
+        /^10\.\d+\.\d+\.\d+/,       # 10.0.0.0/8
+        /^172\.(1[6-9]|2[0-9]|3[0-1])\.\d+\.\d+/,  # 172.16.0.0/12
+        /^192\.168\.\d+\.\d+/,      # 192.168.0.0/16
+        /^169\.254\.\d+\.\d+/,      # 169.254.0.0/16 (link-local)
+        /^224\.\d+\.\d+\.\d+/,      # 224.0.0.0/4 (multicast)
+        /^fc00:/,                    # fc00::/7 (IPv6 unique local)
+        /^fe80:/,                    # fe80::/10 (IPv6 link-local)
+        /^ff00:/                     # ff00::/8 (IPv6 multicast)
+      ]
+
+      # Block internal hostnames and services
+      internal_hostnames = [
+        'internal',
+        'intranet',
+        'corp',
+        'private',
+        'admin',
+        'management',
+        'api-gateway',
+        'database',
+        'cache',
+        'redis',
+        'mongo',
+        'mysql',
+        'postgres',
+        'elasticsearch',
+        'kibana',
+        'grafana',
+        'prometheus',
+        'consul',
+        'vault',
+        'etcd',
+        'zookeeper',
+        'kafka',
+        'rabbitmq'
+      ]
+
+      # Check localhost patterns
+      return true if localhost_patterns.include?(hostname)
+
+      # Check private IP ranges
+      private_ip_patterns.each do |pattern|
+        return true if hostname.match?(pattern)
+      end
+
+      # Check internal hostnames (including subdomains)
+      internal_hostnames.each do |internal_name|
+        return true if hostname.include?(internal_name)
+      end
+
+      # Check for common DNS rebinding services
+      dns_rebinding_domains = [
+        'xip.io',
+        'nip.io',
+        'sslip.io',
+        'localtest.me',
+        'vcap.me',
+        'localho.st',
+        '127-0-0-1.org.uk'
+      ]
+
+      dns_rebinding_domains.each do |domain|
+        return true if hostname.end_with?(domain)
+      end
+
+      # Check if hostname resolves to private IP (basic check)
+      # Note: In production, you might want to add actual DNS resolution here
+      if hostname_resolves_to_private_ip?(hostname)
+        return true
+      end
+
+      false
+    end
+
+    # Check if port matches restricted ports
+    # @param [Integer] port Port to check
+    # @return [Boolean] true if port is restricted
+    def port_matches_restricted_ports?(port)
+      return false if port.nil?  # Allow default ports
+
+      # Block ports commonly used for internal services
+      restricted_ports = [
+        22,    # SSH
+        23,    # Telnet
+        25,    # SMTP
+        53,    # DNS
+        135,   # Windows RPC
+        139,   # NetBIOS
+        445,   # SMB
+        1433,  # SQL Server
+        1521,  # Oracle
+        2049,  # NFS
+        2181,  # Zookeeper
+        3306,  # MySQL
+        3389,  # RDP
+        5432,  # PostgreSQL
+        5672,  # RabbitMQ
+        5984,  # CouchDB
+        6379,  # Redis
+        6380,  # Redis SSL
+        8080,  # Common internal web services
+        8081,  # Alternative web services
+        8443,  # Alternative HTTPS
+        9000,  # Common internal services
+        9042,  # Cassandra
+        9092,  # Kafka
+        9200,  # Elasticsearch
+        9300,  # Elasticsearch transport
+        11211, # Memcached
+        27017, # MongoDB
+        27018, # MongoDB shard
+        27019, # MongoDB config
+        5000,  # Common internal services
+        5001,  # Alternative services
+        6000,  # Common internal services
+        7000,  # Common internal services
+        7001,  # WebLogic
+        8000,  # Common internal services
+        8001,  # Alternative services
+        8009,  # AJP
+        8443,  # Tomcat SSL
+        8888,  # Common internal services
+        9001,  # Common internal services
+        9090,  # Common internal services
+        9091,  # Common internal services
+        9093,  # Common internal services
+        9999,  # Common internal services
+        10000, # Common internal services
+        10001, # Common internal services
+        10002, # Common internal services
+        10003, # Common internal services
+        10004, # Common internal services
+        10005, # Common internal services
+        10006, # Common internal services
+        10007, # Common internal services
+        10008, # Common internal services
+        10009, # Common internal services
+        10010  # Common internal services
+      ]
+
+      restricted_ports.include?(port)
+    end
+
+    # Basic check if hostname might resolve to private IP
+    # @param [String] hostname Hostname to check
+    # @return [Boolean] true if hostname might resolve to private IP
+    def hostname_resolves_to_private_ip?(hostname)
+      # This is a basic heuristic. In production, you might want to
+      # actually resolve the hostname and check the IP addresses.
+      
+      # Check for common patterns that might resolve to internal IPs
+      suspicious_patterns = [
+        /^internal-/,
+        /^private-/,
+        /^intranet-/,
+        /^corp-/,
+        /^dev-/,
+        /^test-/,
+        /^staging-/,
+        /^admin-/,
+        /^db-/,
+        /^cache-/,
+        /^api-/,
+        /^service-/,
+        /^worker-/,
+        /^node-/,
+        /^server-/,
+        /^host-/,
+        /^vm-/,
+        /^container-/
+      ]
+
+      suspicious_patterns.each do |pattern|
+        return true if hostname.match?(pattern)
+      end
+
+      false
     end
 
     # Checks equality by comparing each attribute.

data/lib/digital_femsa/version.rb

@@ -11,5 +11,5 @@ Generator version: 7.5.0
 =end
 
 module DigitalFemsa
-  VERSION = '1.1.0'
+  VERSION = '1.1.1'
 end

data/spec/api/balances_api_spec.rb

@@ -13,35 +13,37 @@ Generator version: 7.5.0
 require 'spec_helper'
 require 'json'
 
-# Unit tests for DigitalFemsa::BalancesApi
-# Automatically generated by openapi-generator (https://openapi-generator.tech)
-# Please update as you see appropriate
-describe 'BalancesApi' do
-  before do
-    # run before each test
-    @api_instance = DigitalFemsa::BalancesApi.new
-  end
+RSpec.describe DigitalFemsa::BalancesApi do
+  let(:config) { DigitalFemsa::Configuration.new }
+  let(:api_client) { instance_double(DigitalFemsa::ApiClient) }
+  let(:api_instance) { described_class.new(api_client) }
 
-  after do
-    # run after each test
+  before do
+    allow(api_client).to receive(:config).and_return(config)
+    allow(api_client).to receive(:select_header_accept).and_return('application/vnd.app-v2.1.0+json')
   end
 
   describe 'test an instance of BalancesApi' do
-    it 'should create an instance of BalancesApi' do
-      expect(@api_instance).to be_instance_of(DigitalFemsa::BalancesApi)
+    it 'creates an instance of BalancesApi' do
+      expect(api_instance).to be_instance_of(DigitalFemsa::BalancesApi)
     end
   end
 
-  # unit tests for get_balance
-  # Get a company's balance
-  # Get a company's balance
-  # @param [Hash] opts the optional parameters
-  # @option opts [String] :accept_language Use for knowing which language to use
-  # @return [BalanceResponse]
-  describe 'get_balance test' do
-    it 'should work' do
-      # assertion here. ref: https://rspec.info/features/3-12/rspec-expectations/built-in-matchers/
+  describe '#get_balance_with_http_info' do
+    it 'raises for invalid accept_language' do
+      expect do
+        api_instance.get_balance_with_http_info(accept_language: 'fr')
+      end.to raise_error(ArgumentError, /invalid value for "accept_language"/)
     end
-  end
 
+    it 'sends GET request to balance endpoint' do
+      expect(api_client).to receive(:call_api).with(:GET, '/balance', hash_including(
+        operation: :'BalancesApi.get_balance',
+        return_type: 'BalanceResponse'
+      )).and_return([:balance, 200, {}])
+
+      data = api_instance.get_balance(accept_language: 'es')
+      expect(data).to eq(:balance)
+    end
+  end
 end