package_protections 2.5.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0c09fbdc359d1dc28d4168fc0041dc385ea8a5b78c77436c598d5f6fd3eb24d6
|
|
4
|
+
data.tar.gz: 7ab7d9d30955c98c8213434b80923a96602a2489e2b822b9e8f75f3ff25145e8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0027653c627faaacdc1e7dfe57342d10130b93cd833a5083091c54fbc48ba106366768671ce703cdf5c4576dcd53db10a39cc59f0262fc18b06153d00ddcc284
|
|
7
|
+
data.tar.gz: 1494769fd3a1120add3da651cba6b0c826cc990890669810eb1532404ef1e2820470628bc89a77794589b819ed557da9cb3127910deebe2780854d560760ad9d
|
|
@@ -121,41 +121,6 @@ module PackageProtections
|
|
|
121
121
|
@loaded_client_configuration = false
|
|
122
122
|
end
|
|
123
123
|
|
|
124
|
-
sig { returns(T::Array[T::Hash[T.untyped, T.untyped]]) }
|
|
125
|
-
def self.rubocop_todo_ymls
|
|
126
|
-
@rubocop_todo_ymls = T.let(@rubocop_todo_ymls, T.nilable(T::Array[T::Hash[T.untyped, T.untyped]]))
|
|
127
|
-
@rubocop_todo_ymls ||= begin
|
|
128
|
-
todo_files = Pathname.glob('**/.rubocop_todo.yml')
|
|
129
|
-
todo_files.map do |todo_file|
|
|
130
|
-
YAML.load_file(todo_file)
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
sig { void }
|
|
136
|
-
def self.bust_rubocop_todo_yml_cache
|
|
137
|
-
@rubocop_todo_ymls = nil
|
|
138
|
-
end
|
|
139
|
-
|
|
140
|
-
sig { params(rule: String).returns(T::Set[String]) }
|
|
141
|
-
def self.exclude_for_rule(rule)
|
|
142
|
-
excludes = T.let(Set.new, T::Set[String])
|
|
143
|
-
|
|
144
|
-
Private.rubocop_todo_ymls.each do |todo_yml|
|
|
145
|
-
next if !todo_yml
|
|
146
|
-
|
|
147
|
-
config = todo_yml[rule]
|
|
148
|
-
next if config.nil?
|
|
149
|
-
|
|
150
|
-
exclude_list = config['Exclude']
|
|
151
|
-
next if exclude_list.nil?
|
|
152
|
-
|
|
153
|
-
excludes += exclude_list
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
excludes
|
|
157
|
-
end
|
|
158
|
-
|
|
159
124
|
sig { void }
|
|
160
125
|
def self.load_client_configuration
|
|
161
126
|
@loaded_client_configuration ||= T.let(false, T.nilable(T::Boolean))
|
|
@@ -13,14 +13,7 @@ module PackageProtections
|
|
|
13
13
|
sig { params(original_package: ParsePackwerk::Package).returns(ProtectedPackage) }
|
|
14
14
|
def self.from(original_package)
|
|
15
15
|
metadata = original_package.metadata['protections'] || {}
|
|
16
|
-
|
|
17
16
|
valid_identifiers = PackageProtections.all.map(&:identifier)
|
|
18
|
-
invalid_identifiers = metadata.keys - valid_identifiers
|
|
19
|
-
|
|
20
|
-
if invalid_identifiers.any?
|
|
21
|
-
raise IncorrectPublicApiUsageError.new("Invalid configuration for package `#{original_package.name}`. The metadata keys #{invalid_identifiers.inspect} are not valid behaviors under the `protection` metadata namespace. Valid keys are #{valid_identifiers.inspect}. See https://github.com/rubyatscale/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
|
|
22
|
-
end
|
|
23
|
-
|
|
24
17
|
protections = {}
|
|
25
18
|
metadata.each_key do |protection_key|
|
|
26
19
|
protection = PackageProtections.with_identifier(protection_key)
|
|
@@ -32,18 +25,8 @@ module PackageProtections
|
|
|
32
25
|
end
|
|
33
26
|
|
|
34
27
|
unspecified_protections = valid_identifiers - protections.keys
|
|
35
|
-
protections_requiring_explicit_configuration = T.let([], T::Array[Identifier])
|
|
36
28
|
unspecified_protections.each do |protection_key|
|
|
37
|
-
|
|
38
|
-
if !protection.default_behavior.fail_never?
|
|
39
|
-
protections_requiring_explicit_configuration << protection.identifier
|
|
40
|
-
end
|
|
41
|
-
protections[protection_key] = protection.default_behavior
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
if protections_requiring_explicit_configuration.any?
|
|
45
|
-
error = "All protections must explicitly set unless their default behavior is `fail_never`. Missing protections: #{protections_requiring_explicit_configuration.join(', ')}"
|
|
46
|
-
raise IncorrectPublicApiUsageError, error
|
|
29
|
+
protections[protection_key] = PackageProtections.with_identifier(protection_key).default_behavior
|
|
47
30
|
end
|
|
48
31
|
|
|
49
32
|
new(
|
|
@@ -55,13 +38,7 @@ module PackageProtections
|
|
|
55
38
|
|
|
56
39
|
sig { params(protection: ProtectionInterface, metadata: T::Hash[T.untyped, T.untyped], package: ParsePackwerk::Package).returns(ViolationBehavior) }
|
|
57
40
|
def self.get_violation_behavior(protection, metadata, package)
|
|
58
|
-
|
|
59
|
-
unmet_preconditions = protection.unmet_preconditions_for_behavior(behavior, package)
|
|
60
|
-
if !unmet_preconditions.nil?
|
|
61
|
-
raise IncorrectPublicApiUsageError.new("#{protection.identifier} protection does not have the valid preconditions. #{unmet_preconditions}. See https://github.com/rubyatscale/package_protections#readme for more info") # rubocop:disable Style/RaiseArgs
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
behavior
|
|
41
|
+
ViolationBehavior.from_raw_value(metadata[protection.identifier])
|
|
65
42
|
end
|
|
66
43
|
|
|
67
44
|
sig { params(key: Identifier).returns(ViolationBehavior) }
|
|
@@ -75,18 +75,13 @@ module PackageProtections
|
|
|
75
75
|
[]
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
-
sig { void }
|
|
79
|
-
def self.bust_rubocop_todo_yml_cache
|
|
80
|
-
Private.bust_rubocop_todo_yml_cache
|
|
81
|
-
end
|
|
82
|
-
|
|
83
78
|
sig do
|
|
84
79
|
override.params(
|
|
85
80
|
protected_packages: T::Array[ProtectedPackage]
|
|
86
81
|
).returns(T::Array[Offense])
|
|
87
82
|
end
|
|
88
83
|
def get_offenses_for_existing_violations(protected_packages)
|
|
89
|
-
exclude_list =
|
|
84
|
+
exclude_list = RuboCop::Packs.exclude_for_rule(cop_name)
|
|
90
85
|
offenses = []
|
|
91
86
|
|
|
92
87
|
protected_packages.each do |package|
|
data/lib/package_protections.rb
CHANGED
|
@@ -91,6 +91,49 @@ module PackageProtections
|
|
|
91
91
|
).compact
|
|
92
92
|
end
|
|
93
93
|
|
|
94
|
+
sig do
|
|
95
|
+
returns(T::Array[String])
|
|
96
|
+
end
|
|
97
|
+
def self.validate!
|
|
98
|
+
errors = T.let([], T::Array[String])
|
|
99
|
+
valid_identifiers = PackageProtections.all.map(&:identifier)
|
|
100
|
+
|
|
101
|
+
ParsePackwerk.all.each do |p|
|
|
102
|
+
metadata = p.metadata['protections'] || {}
|
|
103
|
+
|
|
104
|
+
# Validate that there are no invalid keys
|
|
105
|
+
invalid_identifiers = metadata.keys - valid_identifiers
|
|
106
|
+
if invalid_identifiers.any?
|
|
107
|
+
errors << "Invalid configuration for package `#{p.name}`. The metadata keys #{invalid_identifiers.inspect} are not a valid behavior under the `protection` metadata namespace. Valid keys are #{valid_identifiers.inspect}. See https://github.com/rubyatscale/package_protections#readme for more info"
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
# Validate that all protections requiring configuration have explicit configuration
|
|
111
|
+
unspecified_protections = valid_identifiers - metadata.keys
|
|
112
|
+
protections_requiring_explicit_configuration = unspecified_protections.reject do |protection_key|
|
|
113
|
+
protection = PackageProtections.with_identifier(protection_key)
|
|
114
|
+
protection.default_behavior.fail_never?
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
protections_requiring_explicit_configuration.each do |protection_identifier|
|
|
118
|
+
errors << "All protections must explicitly set unless their default behavior is `fail_never`. Missing protection #{protection_identifier} for package #{p.name}."
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
# Validate that all protections have all preconditions met
|
|
122
|
+
metadata.each do |protection_identifier, value|
|
|
123
|
+
next if !valid_identifiers.include?(protection_identifier)
|
|
124
|
+
|
|
125
|
+
behavior = ViolationBehavior.from_raw_value(value)
|
|
126
|
+
protection = PackageProtections.with_identifier(protection_identifier)
|
|
127
|
+
unmet_preconditions = protection.unmet_preconditions_for_behavior(behavior, p)
|
|
128
|
+
if unmet_preconditions
|
|
129
|
+
errors << "#{protection_identifier} protection does not have the valid preconditions in #{p.name}. #{unmet_preconditions}. See https://github.com/rubyatscale/package_protections#readme for more info"
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
errors
|
|
135
|
+
end
|
|
136
|
+
|
|
94
137
|
#
|
|
95
138
|
# PackageProtections.set_defaults! sets any unset protections to their default enforcement
|
|
96
139
|
#
|
|
@@ -121,6 +164,6 @@ module PackageProtections
|
|
|
121
164
|
sig { void }
|
|
122
165
|
def self.bust_cache!
|
|
123
166
|
Private.bust_cache!
|
|
124
|
-
|
|
167
|
+
RuboCop::Packs.bust_cache!
|
|
125
168
|
end
|
|
126
169
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: package_protections
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gusto Engineers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-10-
|
|
11
|
+
date: 2022-10-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -232,7 +232,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
232
232
|
- !ruby/object:Gem::Version
|
|
233
233
|
version: '0'
|
|
234
234
|
requirements: []
|
|
235
|
-
rubygems_version: 3.
|
|
235
|
+
rubygems_version: 3.1.6
|
|
236
236
|
signing_key:
|
|
237
237
|
specification_version: 4
|
|
238
238
|
summary: Package protections for Rails apps
|