pact_broker 2.14.0 → 2.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1bff63de2839f330d5263f10405807c379b9bf19
-  data.tar.gz: dca5739d3c0ac1ff475d562cbef60aa1f7f4dca5
+  metadata.gz: 404111dc7e6ebc927394295e7d75df78fdd1a1e3
+  data.tar.gz: 52f7cbf51020f206ae07a5a876c4d04d4adecec8
 SHA512:
-  metadata.gz: 670ad21e3643323cd4aab278693fe568462121f7df52f98244fc3575c0a23d8b09368091b528cb52757d6304fe0485645630a76ecde396df887703acb9282da4
-  data.tar.gz: 05e0e8605022baba6a5b6b09be2812e1c628fde7d0b287e72796a63b6c7f07c3620e18fb93acfe5ab979db14b85333088a1dba15eef390008ab6aaef08852ece
+  metadata.gz: b0e7b2db30b4e2f4045cfb391c23b88df8384676d314e867bdc7ef72597eadce0f0abf6c13bd6186269bb01573e71b912cfa34a307ddef2cf8076a2977d72020
+  data.tar.gz: afd391d5952f47ac4278c676e2846521b94b6d58fdc7c6658697dfbbcb0d8f9b2e4e77b160c605a6abf8353854bdfc4fa958669ba72ef4d75bf48c1835bdcd9d

data/.gitignore

@@ -13,6 +13,7 @@ test/tmp
 test/version_tmp
 tmp
 reports
+dev
 
 # YARD artifacts
 .yardoc

data/.ruby-version

@@ -1 +1 @@
-2.3.4
+2.4.0

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+<a name="v2.15.0"></a>
+### v2.15.0 (2018-02-26)
+
+
+#### Features
+
+* upgrade to latest versions of padrino-core and sinatra to fix CVE-2018-7212	 ([08ba1cb](/../../commit/08ba1cb))
+
+* **http**
+  * set http options globally	 ([cdf36ba](/../../commit/cdf36ba))
+
+* **ssl**
+  * allow single certificates to be uploaded	 ([9417f10](/../../commit/9417f10))
+
+
 <a name="v2.14.0"></a>
 ### v2.14.0 (2018-02-15)
 

data/CONTRIBUTING.md

@@ -7,15 +7,23 @@ Please provide the following information with your issue to enable us to respond
 
 * The relevant versions of the gems or packages you are using.
 * The steps to recreate your issue.
-* An executable code example where possible. You can use the [pact-ruby-e2e-example] codebase to quickly recreate your issue.
-* Where you are using a pact broker deployed on third party infrastructure, please include the relevant details.
+* An executable code example where possible.
+* Details of the environment the Pact Broker is deployed in (eg. docker, AWS, local machine)
 
 # Pull requests
+
 * Write tests for any changes
 * Follow existing code style and conventions
 * Separate unrelated changes into multiple pull requests
+* [Squash your commits](squash) into one commit before submitting your PR.
+* Use [semantic commit messages](semantic-commit-messages) so that your changes will show up correctly in the generated change log.
+
 * For bigger changes, make sure you start a discussion first by creating an issue and explaining the intended change
 
+See [DEVELOPER_SETUP.md](./DEVELOPER_SETUP.md) and [DEVELOPER_DOCUMENTATION.md](./DEVELOPER_DOCUMENTATION.md) for more information.
+
 [wiki]: https://github.com/pact-foundation/pact_broker/wiki
 [stackoverflow]: https://stackoverflow.com/questions/tagged/pact-broker
 [pact-ruby-e2e-example]: https://github.com/pact-foundation/pact-ruby-e2e-example
+[semantic-commit-messages]: http://karma-runner.github.io/2.0/dev/git-commit-msg.html
+[squash]: https://github.com/todotxt/todo.txt-android/wiki/Squash-All-Commits-Related-to-a-Single-Issue-into-a-Single-Commit

data/DEVELOPER_SETUP.md

@@ -0,0 +1,15 @@
+# Developer setup
+
+* You will need to install Ruby 2.4, and preferably a ruby version manager. I recommend using [chruby](chruby) and [ruby-install](ruby-install).
+* Install bundler (the Ruby gem dependency manager) `gem install bundler`
+* Check out the pact_broker repository.
+* Run `bundle exec pact_broker:dev:setup`. This will create an example application that you can run locally, that uses the local source code.
+* To run the example:
+
+      cd dev
+      bundle exec rackup
+
+* The application will be available on `http://localhost:9292`
+
+[chruby]: https://github.com/postmodern/chruby
+[ruby-install]: https://github.com/postmodern/ruby-install

data/README.md

@@ -59,6 +59,8 @@ The following funcationality is in beta release. Your feedback would be apprecia
 1. The Consumer CI determines if the pact has been verified by running `pact-broker can-i-deploy --pacticipant CONSUMER_NAME --version CONSUMER_VERSION ...` (see documentation [here](https://github.com/pact-foundation/pact_broker-client#can-i-deploy))
 1. If the pact has been verified, the deployment can proceed.
 
+Read more about how to use the Pact Broker in the [overview][overview] on the wiki page.
+
 ## Documentation
 
 See the [wiki][wiki] for documentation on the Pact Broker.
@@ -163,3 +165,4 @@ Please read the [UPGRADING.md](UPGRADING.md) documentation before upgrading your
 [pact-docs]: http://docs.pact.io
 [cli]: https://github.com/pact-foundation/pact-ruby-standalone/releases
 [travisyml]: https://github.com/pact-foundation/pact_broker/blob/master/.travis.yml
+[overview]: https://github.com/pact-foundation/pact_broker/wiki/Overview

data/lib/pact_broker/badges/service.rb

@@ -3,6 +3,7 @@ require 'uri'
 require 'pact_broker/project_root'
 require 'pact_broker/logging'
 require 'pact_broker/configuration'
+require 'pact_broker/build_http_options'
 
 module PactBroker
   module Badges
@@ -102,12 +103,10 @@ module PactBroker
       def do_request(uri)
         with_cache uri do
           request = Net::HTTP::Get.new(uri)
-          Net::HTTP.start(uri.hostname, uri.port,
-              use_ssl: uri.scheme == 'https',
-              read_timeout: 3,
-              open_timeout: 1,
-              ssl_timeout: 1,
-              continue_timeout: 1) do |http|
+          options = {read_timeout: 3, open_timeout: 1, ssl_timeout: 1, continue_timeout: 1}
+          options.merge! PactBroker::BuildHttpOptions.call(uri)
+
+          Net::HTTP.start(uri.hostname, uri.port, :ENV, options) do |http|
             http.request request
           end
         end

data/lib/pact_broker/build_http_options.rb

@@ -0,0 +1,32 @@
+require 'pact_broker/services'
+
+module PactBroker
+  class BuildHttpOptions
+    extend PactBroker::Services
+
+    def self.call  uri
+      uri = URI(uri)
+      options = {}
+      
+      if uri.scheme == 'https'
+        options[:use_ssl] = true
+        options[:cert_store] = cert_store
+        if disable_ssl_verification?
+          options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
+        else
+          options[:verify_mode] = OpenSSL::SSL::VERIFY_PEER
+        end
+      end
+      options
+    end
+    
+    def self.disable_ssl_verification?
+      PactBroker.configuration.disable_ssl_verification
+    end
+    
+    def self.cert_store
+      certificate_service.cert_store
+    end    
+  end
+end
+

data/lib/pact_broker/certificates/service.rb

@@ -25,7 +25,7 @@ module PactBroker
 
       def find_all_certificates
         Certificate.collect do | certificate |
-          cert_arr = certificate.content.split(/(-----END [^\-]+-----)/).each_slice(2).map(&:join)
+          cert_arr = certificate.content.split(/(-----END [^\-]+-----)/).each_slice(2).map(&:join).map(&:strip).select{|s| !s.empty?}
           cert_arr.collect do |c|
             begin
               OpenSSL::X509::Certificate.new(c)

data/lib/pact_broker/configuration.rb

@@ -18,7 +18,8 @@ module PactBroker
       :shields_io_base_url,
       :check_for_potential_duplicate_pacticipant_names,
       :webhook_retry_schedule,
-      :semver_formats
+      :semver_formats,
+      :disable_ssl_verification
     ]
 
     attr_accessor :log_dir, :database_connection, :auto_migrate_db, :use_hal_browser, :html_pact_renderer
@@ -28,6 +29,7 @@ module PactBroker
     attr_accessor :semver_formats
     attr_accessor :enable_public_badge_access, :shields_io_base_url
     attr_accessor :webhook_retry_schedule
+    attr_accessor :disable_ssl_verification
     attr_writer :logger
 
     def initialize
@@ -60,6 +62,7 @@ module PactBroker
       config.semver_formats = ["%M.%m.%p%s%d", "%M.%m", "%M"]
       config.webhook_retry_schedule = [10, 60, 120, 300, 600, 1200] #10 sec, 1 min, 2 min, 5 min, 10 min, 20 min => 38 minutes
       config.check_for_potential_duplicate_pacticipant_names = true
+      config.disable_ssl_verification = false
       config
     end
 

data/lib/pact_broker/domain/webhook_request.rb

@@ -1,3 +1,4 @@
+require 'pact_broker/build_http_options'
 require 'pact_broker/domain/webhook_request_header'
 require 'pact_broker/domain/webhook_execution_result'
 require 'pact_broker/logging'
@@ -5,7 +6,7 @@ require 'pact_broker/messages'
 require 'net/http'
 require 'pact_broker/webhooks/redact_logs'
 require 'pact_broker/api/pact_broker_urls'
-require 'pact_broker/services'
+require 'pact_broker/build_http_options'
 
 module PactBroker
 
@@ -24,7 +25,6 @@ module PactBroker
 
       include PactBroker::Logging
       include PactBroker::Messages
-      include PactBroker::Services
 
       attr_accessor :method, :url, :headers, :body, :username, :password, :uuid
 
@@ -104,13 +104,8 @@ module PactBroker
 
       def do_request uri, req
         logger.info "Making webhook #{uuid} request #{to_s}"
-        options = {}
-        if uri.scheme == 'https'
-          options[:use_ssl] = true
-          options[:verify_mode] = OpenSSL::SSL::VERIFY_PEER
-          options[:cert_store] = cert_store
-        end
-        Net::HTTP.start(uri.hostname, uri.port, options) do |http|
+        options = PactBroker::BuildHttpOptions.call(uri)
+        Net::HTTP.start(uri.hostname, uri.port, :ENV, options) do |http|
           http.request req
         end
       end
@@ -174,10 +169,6 @@ module PactBroker
         escaped_pact_url = CGI::escape(pact_url)
         url.gsub('${pactbroker.pactUrl}', escaped_pact_url)
       end
-
-      def cert_store
-        certificate_service.cert_store
-      end
     end
   end
 end

data/lib/pact_broker/version.rb

@@ -1,3 +1,3 @@
 module PactBroker
-  VERSION = '2.14.0'
+  VERSION = '2.15.0'
 end

data/pact_broker.gemspec

@@ -32,7 +32,8 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency 'rack', '~>2.0'
   gem.add_runtime_dependency 'redcarpet', '>=3.3.2', '~>3.3'
   gem.add_runtime_dependency 'pact-support'
-  gem.add_runtime_dependency 'padrino-core', '~>0.14.1'
+  gem.add_runtime_dependency 'padrino-core', '>= 0.14.3', '~> 0.14'
+  gem.add_runtime_dependency 'sinatra', '>= 2.0.1'
   gem.add_runtime_dependency 'haml', '~>4.0'
   gem.add_runtime_dependency 'sucker_punch', '~>2.0'
   gem.add_runtime_dependency 'rack-protection', '~>2.0'

data/spec/lib/pact_broker/build_http_options_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+require 'pact_broker/build_http_options'
+
+module PactBroker
+  describe BuildHttpOptions do
+
+    subject { PactBroker::BuildHttpOptions.call(url) }
+
+    context "default http options" do
+      before do
+        PactBroker.configuration.disable_ssl_verification = false
+      end
+
+      describe "when given an insecure URL" do
+        let(:url) { 'http://example.org/insecure' }
+        
+        it "should provide an empty configuration object" do
+          expect(subject).to eq({})
+        end
+        
+      end
+      
+      describe "when given a secure URL" do
+        let(:url) { 'https://example.org/secure' }
+        
+        it "should validate the full certificate chain" do
+          expect(subject).to include({:use_ssl => true, :verify_mode => 1})
+        end
+        
+      end
+    end
+    
+    context "disable_ssl_verification is set to true" do
+      before do
+        PactBroker.configuration.disable_ssl_verification = true
+      end
+      
+      let(:url) { 'https://example.org/secure' }
+      
+      describe "when given a secure URL" do
+        it "should not validate certificates" do
+          expect(subject).to include({:use_ssl => true, :verify_mode => 0})
+        end
+      end
+    end
+  end
+end

data/spec/lib/pact_broker/certificates/service_spec.rb

@@ -36,12 +36,21 @@ module PactBroker
 
         subject { Service.find_all_certificates }
 
-        context "with a valid certificate file" do
+        context "with a valid certificate chain" do
           it "returns all the X509 Certificate objects" do
             expect(subject.size).to eq 2
           end
         end
 
+        context "with a valid CA file" do
+          let(:certificate_content) { File.read('spec/fixtures/certificates/cacert.pem') }
+
+          it "returns all the X509 Certificate objects" do
+            expect(PactBroker.logger).to_not receive(:error).with(/Error.*1234/)
+            expect(subject.size).to eq 1
+          end
+        end
+
         context "with an invalid certificate file" do
           let(:certificate_content) { File.read('spec/fixtures/certificate-invalid.pem') }
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pact_broker
 version: !ruby/object:Gem::Version
-  version: 2.14.0
+  version: 2.15.0
 platform: ruby
 authors:
 - Bethany Skurrie
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-15 00:00:00.000000000 Z
+date: 2018-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -182,16 +182,36 @@ dependencies:
   name: padrino-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.3
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.1
+        version: '0.14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.3
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.1
+        version: '0.14'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.1
 - !ruby/object:Gem::Dependency
   name: haml
   requirement: !ruby/object:Gem::Requirement
@@ -494,6 +514,7 @@ files:
 - CHANGELOG.md
 - CONTRIBUTING.md
 - DEVELOPER_DOCUMENTATION.md
+- DEVELOPER_SETUP.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -694,6 +715,7 @@ files:
 - lib/pact_broker/api/resources/webhooks.rb
 - lib/pact_broker/app.rb
 - lib/pact_broker/badges/service.rb
+- lib/pact_broker/build_http_options.rb
 - lib/pact_broker/certificates/certificate.rb
 - lib/pact_broker/certificates/service.rb
 - lib/pact_broker/config/load.rb
@@ -985,6 +1007,7 @@ files:
 - spec/lib/pact_broker/api/resources/webhooks_spec.rb
 - spec/lib/pact_broker/app_spec.rb
 - spec/lib/pact_broker/badges/service_spec.rb
+- spec/lib/pact_broker/build_http_options_spec.rb
 - spec/lib/pact_broker/certificates/service_spec.rb
 - spec/lib/pact_broker/config/load_spec.rb
 - spec/lib/pact_broker/config/save_and_load_spec.rb
@@ -1248,6 +1271,7 @@ test_files:
 - spec/lib/pact_broker/api/resources/webhooks_spec.rb
 - spec/lib/pact_broker/app_spec.rb
 - spec/lib/pact_broker/badges/service_spec.rb
+- spec/lib/pact_broker/build_http_options_spec.rb
 - spec/lib/pact_broker/certificates/service_spec.rb
 - spec/lib/pact_broker/config/load_spec.rb
 - spec/lib/pact_broker/config/save_and_load_spec.rb