gitrob 0.0.6 → 1.0.0

data/lib/gitrob/models/assessment.rb

@@ -0,0 +1,96 @@
+module Gitrob
+  module Models
+    class Assessment < Sequel::Model
+      set_allowed_columns :name, :endpoint, :site, :verify_ssl, :finished
+
+      one_to_many :github_access_tokens
+      one_to_many :owners
+      one_to_many :repositories
+      one_to_many :blobs
+      one_to_many :flags
+      one_to_many :primary_comparisons,
+                  :class => :"Gitrob::Models::Comparison",
+                  :key   => :primary_assessment_id
+      one_to_many :secondary_comparisons,
+                  :class => :"Gitrob::Models::Comparison",
+                  :key   => :secondary_assessment_id
+
+      def validate
+        super
+        validates_presence [:endpoint, :site, :verify_ssl]
+      end
+
+      def name
+        values[:name] || fallback_name
+      end
+
+      def save_owner(owner)
+        owner = Gitrob::Utils.symbolize_hash_keys(owner.to_hash)
+        allowed_columns = Gitrob::Models::Owner.allowed_columns
+        owner[:github_id] = owner.delete(:id)
+        data = owner.select { |k, _v| allowed_columns.include?(k.to_sym) }
+        owner = Gitrob::Models::Owner.new(data)
+        self.owners_count += 1
+        add_owner(owner)
+      end
+
+      def save_repository(repository, owner)
+        repository = Gitrob::Utils.symbolize_hash_keys(repository.to_hash)
+        allowed_columns = Gitrob::Models::Repository.allowed_columns
+        repository[:github_id] = repository.delete(:id)
+        data = repository.select { |k, _v| allowed_columns.include?(k.to_sym) }
+        repository = Gitrob::Models::Repository.new(data)
+        repository.owner = owner
+        self.repositories_count += 1
+        repository.owner.repositories_count += 1
+        repository.owner.save
+        add_repository(repository)
+      end
+
+      def save_blob(blob, repository, owner)
+        allowed_columns = Gitrob::Models::Blob.allowed_columns
+        data = blob.select { |k, _v| allowed_columns.include?(k.to_sym) }
+        blob = Gitrob::Models::Blob.new(data)
+        blob.repository = repository
+        blob.owner = owner
+        self.blobs_count += 1
+        blob.owner.blobs_count += 1
+        blob.owner.save
+        blob.repository.blobs_count += 1
+        blob.repository.save
+        add_blob(blob)
+      end
+
+      def save_github_access_token(token)
+        add_github_access_token(
+          Gitrob::Models::GithubAccessToken.new(:token => token)
+        )
+      end
+
+      def comparable_assessments
+        owner_ids      = owners.map(&:github_id)
+        comparison_ids = primary_comparisons_dataset
+                          .select_map(:secondary_assessment_id) +
+                         secondary_comparisons_dataset
+                          .select_map(:primary_assessment_id)
+        self.class
+          .where("id NOT IN ?", [id] + comparison_ids)
+          .where(:finished => true, :deleted => false)
+          .order(:created_at)
+          .eager(:owners).reverse.all.select  do |a|
+            !(a.owners.map(&:github_id) & owner_ids).empty?
+          end
+      end
+
+      def comparable_assessment?(assessment)
+        comparable_assessments.map(&:id).include?(assessment.id)
+      end
+
+      private
+
+      def fallback_name
+        reload.values[:created_at].strftime("%A, %d %b %Y %H:%M")
+      end
+    end
+  end
+end

data/lib/gitrob/models/blob.rb

@@ -0,0 +1,50 @@
+module Gitrob
+  module Models
+    class Blob < Sequel::Model
+      set_allowed_columns :path, :size, :sha
+
+      SHA_REGEX = /[a-f0-9]{40}/
+      TEST_BLOB_INDICATORS = %w(test spec fixture mock stub fake demo sample)
+      LARGE_BLOB_THRESHOLD = 102_400
+
+      one_to_many :flags
+      many_to_one :repository
+      many_to_one :owner
+      many_to_one :assessment
+      many_to_many :comparisons
+
+      def validate
+        super
+        validates_presence [:path, :size, :sha]
+        validates_format SHA_REGEX, :sha
+      end
+
+      def filename
+        File.basename(path)
+      end
+
+      def extension
+        File.extname(path)[1..-1]
+      end
+
+      def test_blob?
+        TEST_BLOB_INDICATORS.each do |indicator|
+          return true if path.downcase.include?(indicator)
+        end
+        false
+      end
+
+      def html_url
+        "#{repository.html_url}/blob/#{repository.default_branch}/#{path}"
+      end
+
+      def history_html_url
+        "#{repository.html_url}/commits/#{repository.default_branch}/#{path}"
+      end
+
+      def large?
+        size.to_i > LARGE_BLOB_THRESHOLD
+      end
+    end
+  end
+end

data/lib/gitrob/models/comparison.rb

@@ -0,0 +1,15 @@
+module Gitrob
+  module Models
+    class Comparison < Sequel::Model
+      set_allowed_columns :primary_assessment, :secondary_assessment
+
+      many_to_one :primary_assessment,
+                  :class => :"Gitrob::Models::Assessment"
+      many_to_one :secondary_assessment,
+                  :class => :"Gitrob::Models::Assessment"
+      many_to_many :blobs
+      many_to_many :repositories
+      many_to_many :owners
+    end
+  end
+end

data/lib/gitrob/models/flag.rb

@@ -0,0 +1,15 @@
+module Gitrob
+  module Models
+    class Flag < Sequel::Model
+      set_allowed_columns :caption, :description, :assessment
+
+      many_to_one :blob
+      many_to_one :assessment
+
+      def validate
+        super
+        validates_presence [:caption]
+      end
+    end
+  end
+end

data/lib/gitrob/models/github_access_token.rb

@@ -0,0 +1,17 @@
+module Gitrob
+  module Models
+    class GithubAccessToken < Sequel::Model
+      set_allowed_columns :token
+
+      TOKEN_REGEX = /[a-f0-9]{40}/
+
+      many_to_one :assessment
+
+      def validate
+        super
+        validates_presence [:token]
+        validates_format TOKEN_REGEX, :token
+      end
+    end
+  end
+end

data/lib/gitrob/models/owner.rb

@@ -0,0 +1,23 @@
+module Gitrob
+  module Models
+    class Owner < Sequel::Model
+      set_allowed_columns :github_id, :login, :type, :url,
+                          :html_url, :avatar_url, :name, :blog,
+                          :location, :email, :bio
+
+      ALLOWED_TYPES = %w(User Organization)
+
+      one_to_many :repositories
+      one_to_many :blobs
+      many_to_one :assessment
+      many_to_many :comparisons
+
+      def validate
+        super
+        validates_presence [:github_id, :login, :type, :url,
+                            :html_url, :avatar_url]
+        validates_includes ALLOWED_TYPES, :type
+      end
+    end
+  end
+end

data/lib/gitrob/models/repository.rb

@@ -0,0 +1,20 @@
+module Gitrob
+  module Models
+    class Repository < Sequel::Model
+      set_allowed_columns :github_id, :name, :full_name, :description,
+                          :private, :url, :html_url, :homepage, :size,
+                          :default_branch
+
+      one_to_many :blobs
+      many_to_one :assessment
+      many_to_one :owner
+      many_to_many :comparisons
+
+      def validate
+        super
+        validates_presence [:github_id, :name, :full_name, :private,
+                            :url, :html_url, :size, :default_branch]
+      end
+    end
+  end
+end

data/lib/gitrob/utils.rb

@@ -0,0 +1,19 @@
+module Gitrob
+  module Utils
+    def self.pluralize(count, singular, plural)
+      if count == 1
+        "#{count} #{singular}"
+      else
+        "#{count} #{plural}"
+      end
+    end
+
+    def self.symbolize_hash_keys(hash)
+      symbolized = {}
+      hash.each_pair do |k, v|
+        symbolized[k.to_sym] = v
+      end
+      symbolized
+    end
+  end
+end

data/lib/gitrob/version.rb

@@ -1,3 +1,3 @@
 module Gitrob
-  VERSION = "0.0.6"
+  VERSION = "1.0.0"
 end

data/lib/gitrob/web_app.rb

@@ -0,0 +1,292 @@
+require "sinatra/base"
+require "thin"
+
+module Gitrob
+  class WebApp < Sinatra::Base
+    CONTENT_SECURITY_POLICY = "default-src *; script-src 'self'; " \
+                              "style-src 'self' 'unsafe-inline'; " \
+                              "font-src 'self'; connect-src 'self'"
+
+    set :server, :thin
+    set :environment, :production
+    set :logging, false
+    set :sessions, true
+    set :app_file, __FILE__
+    set :root, File.expand_path("#{File.dirname(__FILE__)}/../../")
+    set :public_folder, proc { File.join(root, "public") }
+    set :views, proc { File.join(root, "views") }
+    set :run, proc { false }
+
+    helpers do
+      HUMAN_PREFIXES = %w(TB GB MB KB B).freeze
+
+      alias_method :h, :escape_html
+
+      def number_to_human_size(number)
+        s = number.to_f
+        i = HUMAN_PREFIXES.length - 1
+        while s > 512 && i > 0
+          i -= 1
+          s /= 1024
+        end
+        ((s > 9 || s.modulo(1) < 0.1 ? "%d" : "%.1f") % s) + "<strong>#{HUMAN_PREFIXES[i]}</strong>" # rubocop:disable Metrics/LineLength
+      end
+
+      def format_path(path)
+        dirname  = File.dirname(path)
+        basename = File.basename(path)
+        if dirname == "."
+          "<strong>#{h basename}</strong>"
+        else
+          "#{h ellipsisize(dirname, 60, 25)}/<strong>#{h basename}</strong>"
+        end
+      end
+
+      def ellipsisize(string, minimum_length=4, edge_length=3)
+        return string if string.length < minimum_length || string.length <= edge_length * 2 # rubocop:disable Metrics/LineLength
+        edge = "." * edge_length
+        mid_length = string.length - edge_length * 2
+        string.gsub(/(#{edge}).{#{mid_length},}(#{edge})/, '\1...\2')
+      end
+
+      def format_url(url)
+        return url if url.start_with?("http")
+        "http://#{url}"
+      end
+
+      def protect_from_request_forgery!
+        session[:csrf] ||= SecureRandom.hex(32)
+        halt(403, "CSRF attack prevented") if csrf_attack?
+      end
+
+      def csrf_token_from_request
+        csrf_token = env["HTTP_X_CSRF_TOKEN"] || params["_csrf"]
+        halt(403, "CSRF token not present in request") if csrf_token.to_s.empty?
+        csrf_token
+      end
+
+      def csrf_attack?
+        !request.safe? && csrf_token_from_request != session[:csrf]
+      end
+
+      def find_assessment(id)
+        Gitrob::Models::Assessment.first(
+          :id       => id.to_i,
+          :finished => true,
+          :deleted  => false
+        ) || halt(404)
+      end
+
+      def find_comparison(id)
+        Gitrob::Models::Comparison.first(
+          :id       => id.to_i,
+          :finished => true,
+          :deleted  => false
+        ) || halt(404)
+      end
+    end
+
+    before do
+      response.headers["Content-Security-Policy"] = CONTENT_SECURITY_POLICY
+      response.headers["X-Content-Type-Options"] = "nosniff"
+      response.headers["X-XSS-Protection"] = "1; mode=block"
+      response.headers["X-Frame-Options"] = "deny"
+      protect_from_request_forgery!
+    end
+
+    get "/" do
+      @assessments =
+        Gitrob::Models::Assessment
+        .where(:deleted => false)
+        .order(:created_at)
+        .reverse.all
+      erb :index
+    end
+
+    get "/assessments/_table" do
+      @assessments =
+        Gitrob::Models::Assessment
+        .where(:deleted => false)
+        .order(:created_at)
+        .reverse.all
+      erb :"assessments/_assessments", :layout => false
+    end
+
+    post "/assessments" do
+      if params[:assessment][:verify_ssl]
+        verify_ssl = true
+      else
+        verify_ssl = false
+      end
+      options = {
+        :endpoint      => params[:assessment][:endpoint],
+        :site          => params[:assessment][:site],
+        :verify_ssl    => verify_ssl,
+        :access_tokens => params[:assessment][:github_access_tokens]
+      }
+
+      Gitrob::Jobs::Assessment.perform_async(
+        params[:assessment][:targets],
+        options
+      )
+      status 202 # Accepted
+    end
+
+    get "/assessments/:id" do
+      redirect "/assessments/#{params[:id].to_i}/findings"
+    end
+
+    delete "/assessments/:id" do
+      @assessment = Gitrob::Models::Assessment.first(
+        :id       => params[:id].to_i,
+        :deleted  => false
+      ) || halt(404)
+      @assessment.deleted = true
+      @assessment.save
+      @assessment.destroy
+    end
+
+    get "/assessments/:id/findings" do
+      @assessment = find_assessment(params[:id])
+      @findings = @assessment.blobs_dataset.where("flags_count != 0")
+        .order(:path).eager(:repository, :flags).all
+      erb :"assessments/findings"
+    end
+
+    get "/assessments/:id/users" do
+      @assessment = find_assessment(params[:id])
+      @owners = @assessment.owners_dataset.order(:type)
+      erb :"assessments/users"
+    end
+
+    get "/assessments/:id/repositories" do
+      @assessment = find_assessment(params[:id])
+      @repositories = @assessment.repositories_dataset.order(:full_name).all
+      erb :"assessments/repositories"
+    end
+
+    get "/assessments/:id/compare" do
+      @assessment = find_assessment(params[:id])
+      @primary_comparisons = @assessment.primary_comparisons_dataset
+                                        .order(:created_at)
+                                        .reverse.all
+      @secondary_comparisons = @assessment.secondary_comparisons_dataset
+                                          .order(:created_at)
+                                          .reverse.all
+      @assessments = @assessment.comparable_assessments
+      erb :"assessments/compare"
+    end
+
+    get "/assessments/:id/compare/_comparables" do
+      @assessment = find_assessment(params[:id])
+      @assessments = @assessment.comparable_assessments
+      erb :"assessments/_comparable_assessments", :layout => false
+    end
+
+    get "/assessments/:id/compare/_comparisons" do
+      @assessment = find_assessment(params[:id])
+      @primary_comparisons = @assessment.primary_comparisons_dataset
+                                        .order(:created_at)
+                                        .reverse.all
+      @secondary_comparisons = @assessment.secondary_comparisons_dataset
+                                          .order(:created_at)
+                                          .reverse.all
+      erb :"assessments/_comparisons", :layout => false
+    end
+
+    get "/users/:id" do
+      @owner = Gitrob::Models::Owner.first(:id => params[:id].to_i) || halt(404)
+      @assessment = @owner.assessment
+      @repositories = @owner.repositories_dataset.order(:name).all
+      erb :"users/show", :layout => !request.xhr?
+    end
+
+    get "/repositories/:id" do
+      @repository = Gitrob::Models::Repository.first(
+        :id => params[:id].to_i
+      ) || halt(404)
+      @assessment = @repository.assessment
+      @blobs = @repository.blobs_dataset.order(:path).eager(:flags).all
+      erb :"repositories/show"
+    end
+
+    get "/blobs/:id" do
+      @blob = Gitrob::Models::Blob.first(:id => params[:id].to_i) || halt(404)
+      @assessment = @blob.assessment
+
+      if !@blob.large?
+        client_manager = Gitrob::Github::ClientManager.new(
+          :endpoint      => @assessment.endpoint,
+          :site          => @assessment.site,
+          :ssl           => {
+            :verify => @assessment.verify_ssl
+          },
+          :access_tokens => @assessment.github_access_tokens.map(&:token)
+        )
+        @content = Base64.decode64(
+          client_manager.sample.repos.contents.get(
+            @blob.repository.owner.login,
+            @blob.repository.name,
+            @blob.path).content
+        )
+      else
+        @content = nil
+      end
+
+      erb :"blobs/show", :layout => false
+    end
+
+    post "/comparisons" do
+      @assessment = find_assessment(params[:assessment_id])
+      @other_assessment = find_assessment(params[:other_assessment_id])
+
+      if @assessment.created_at > @other_assessment.created_at
+        Gitrob::Jobs::Comparison.perform_async(
+          @assessment, @other_assessment)
+      else
+        Gitrob::Jobs::Comparison.perform_async(
+          @other_assessment, @assessment)
+      end
+      status 202 # Accepted
+    end
+
+    get "/comparisons/:id" do
+      @comparison = find_comparison(params[:id])
+      @blobs = @comparison.blobs_dataset.order(:path)
+                          .eager(:flags, :repository).all
+      @repositories = @comparison.repositories_dataset.order(:full_name).all
+      @owners = @comparison.owners_dataset.order(:type).all
+      erb :"comparisons/show"
+    end
+
+    delete "/comparisons/:id" do
+      @comparison = Gitrob::Models::Comparison.first(
+        :id       => params[:id].to_i,
+        :deleted  => false
+      ) || halt(404)
+      @comparison.deleted = true
+      @comparison.save
+      @comparison.destroy
+    end
+
+    not_found do
+      status 404
+      erb :"errors/not_found"
+    end
+
+    error do
+      status 500
+      @error = env["sinatra.error"]
+      @error_details = JSON.pretty_generate(
+        :error => @error.class.to_s,
+        :message => @error.message,
+        :backtrace => @error.backtrace,
+        :request_method => env["REQUEST_METHOD"],
+        :request_path => env["REQUEST_PATH"],
+        :referer => env["HTTP_REFERER"],
+        :gitrob_version => Gitrob::VERSION
+      )
+      erb :"errors/internal_server_error"
+    end
+  end
+end