Module: Dependabot::UpdateCheckers::Ruby::Bundler::SharedBundlerHelpers

Included in:
LatestVersionFinder, VersionResolver
Defined in:
lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb

Constant Summary collapse

GIT_REGEX = 
/reset --hard [^\s]*` in directory (?<path>[^\s]*)/.freeze
GIT_REF_REGEX = 
/not exist in the repository (?<path>[^\s]*)\./.freeze
PATH_REGEX = 
/The path `(?<path>.*)` does not exist/.freeze
RETRYABLE_ERRORS = 
%w(
  Bundler::HTTPError
  Bundler::Fetcher::FallbackError
).freeze
RETRYABLE_PRIVATE_REGISTRY_ERRORS = 
%w(
  Bundler::GemNotFound
  Gem::InvalidSpecificationException
  Bundler::VersionConflict
  Bundler::HTTPError
  Bundler::Fetcher::FallbackError
).freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#credentialsObject (readonly)

Returns the value of attribute credentials.



33
34
35
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 33

def credentials
  @credentials
end

#dependency_filesObject (readonly)

Returns the value of attribute dependency_files.



33
34
35
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 33

def dependency_files
  @dependency_files
end

Instance Method Details

#gemfileObject 



228
229
230
231
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 228

def gemfile
  dependency_files.find { |f| f.name == "Gemfile" } ||
    dependency_files.find { |f| f.name == "gems.rb" }
end

#git_source_credentialsObject 



224
225
226
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 224

def git_source_credentials
  credentials.select { |cred| cred["type"] == "git_source" }
end

#handle_bundler_errors(error) ⇒ Object

rubocop:disable Metrics/CyclomaticComplexity rubocop:disable Metrics/PerceivedComplexity rubocop:disable Metrics/AbcSize rubocop:disable Metrics/MethodLength



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 92

def handle_bundler_errors(error)
  msg = error.error_class + " with message: " + error.error_message

  case error.error_class
  when "Bundler::Dsl::DSLError", "Bundler::GemspecError"
    # We couldn't evaluate the Gemfile, let alone resolve it
    raise Dependabot::DependencyFileNotEvaluatable, msg
  when "Bundler::Source::Git::MissingGitRevisionError"
    gem_name =
      error.error_message.match(GIT_REF_REGEX).
      named_captures["path"].
      split("/").last
    raise GitDependencyReferenceNotFound, gem_name
  when "Bundler::PathError"
    gem_name =
      error.error_message.match(PATH_REGEX).
      named_captures["path"].
      split("/").last.split("-")[0..-2].join
    raise Dependabot::PathDependenciesNotReachable, [gem_name]
  when "Bundler::Source::Git::GitCommandError"
    if error.error_message.match?(GIT_REGEX)
      # We couldn't find the specified branch / commit (or the two
      # weren't compatible).
      gem_name =
        error.error_message.match(GIT_REGEX).
        named_captures["path"].
        split("/").last.split("-")[0..-2].join
      raise GitDependencyReferenceNotFound, gem_name
    end

    bad_uris = inaccessible_git_dependencies.map { |s| s.source.uri }
    raise unless bad_uris.any?

    # We don't have access to one of repos required
    raise Dependabot::GitDependenciesNotReachable, bad_uris
  when "Bundler::GemNotFound", "Gem::InvalidSpecificationException",
       "Bundler::VersionConflict"
    # Bundler threw an error during resolution. Any of:
    # - the gem doesn't exist in any of the specified sources
    # - the gem wasn't specified properly
    # - the gem was specified at an incompatible version
    raise Dependabot::DependencyFileNotResolvable, msg
  when "Bundler::Fetcher::AuthenticationRequiredError"
    regex = /bundle config (?<source>.*) username:password/
    source = error.error_message.match(regex)[:source]
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::BadAuthenticationError"
    regex = /Bad username or password for (?<source>.*)\.$/
    source = error.error_message.match(regex)[:source]
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::CertificateFailureError"
    regex = /verify the SSL certificate for (?<source>.*)\.$/
    source = error.error_message.match(regex)[:source]
    raise Dependabot::PrivateSourceCertificateFailure, source
  when "Bundler::HTTPError"
    regex = /Could not fetch specs from (?<source>.*)$/
    if error.error_message.match?(regex)
      source = error.error_message.match(regex)[:source]
      raise if source.include?("rubygems.org")

      raise Dependabot::PrivateSourceTimedOut, source
    end

    # JFrog can serve a 403 if the credentials provided are good but
    # don't have access to a particular gem.
    raise unless error.error_message.include?("permitted to deploy")
    raise unless jfrog_source

    raise Dependabot::PrivateSourceAuthenticationFailure, jfrog_source
  else raise
  end
end

#in_a_temporary_bundler_context(error_handling: true) ⇒ Object

Bundler context setup #



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 39

def in_a_temporary_bundler_context(error_handling: true)
  base_directory = dependency_files.first.directory
  SharedHelpers.in_a_temporary_directory(base_directory) do |tmp_dir|
    write_temporary_dependency_files

    SharedHelpers.in_a_forked_process do
      # Set the path for path gemspec correctly
      ::Bundler.instance_variable_set(:@root, tmp_dir)

      # Remove installed gems from the default Rubygems index
      ::Gem::Specification.all = []

      # Set auth details
      relevant_credentials.each do |cred|
        token = cred["token"] ||
                "#{cred['username']}:#{cred['password']}"

        ::Bundler.settings.set_command_option(
          cred.fetch("host"),
          token.gsub("@", "%40F").gsub("?", "%3F")
        )
      end

      yield
    end
  end
rescue SharedHelpers::ChildProcessFailed => error
  retry_count ||= 0
  retry_count += 1
  if retryable_error?(error) && retry_count <= 2
    sleep(rand(1.0..5.0)) && retry
  end

  raise unless error_handling

  # Raise more descriptive errors
  handle_bundler_errors(error)
end

#inaccessible_git_dependenciesObject

rubocop:enable Metrics/CyclomaticComplexity rubocop:enable Metrics/PerceivedComplexity rubocop:enable Metrics/AbcSize rubocop:enable Metrics/MethodLength



169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 169

def inaccessible_git_dependencies
  in_a_temporary_bundler_context(error_handling: false) do
    ::Bundler::Definition.build(gemfile.name, nil, {}).dependencies.
      reject do |spec|
        next true unless spec.source.is_a?(::Bundler::Source::Git)

        # Piggy-back off some private Bundler methods to configure the
        # URI with auth details in the same way Bundler does.
        git_proxy = spec.source.send(:git_proxy)
        uri = spec.source.uri.gsub("git://", "https://")
        uri = git_proxy.send(:configured_uri_for, uri)
        uri += ".git" unless uri.end_with?(".git")
        uri += "/info/refs?service=git-upload-pack"

        begin
          Excon.get(
            uri,
            idempotent: true,
            **SharedHelpers.excon_defaults
          ).status == 200
        rescue Excon::Error::Socket, Excon::Error::Timeout
          false
        end
      end
  end
end

#jfrog_sourceObject 



196
197
198
199
200
201
202
203
204
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 196

def jfrog_source
  in_a_temporary_bundler_context(error_handling: false) do
    ::Bundler::Definition.build(gemfile.name, nil, {}).
      send(:sources).
      rubygems_remotes.
      find { |uri| uri.host.include?("jfrog") }&.
      host
  end
end

#lockfileObject 



233
234
235
236
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 233

def lockfile
  dependency_files.find { |f| f.name == "Gemfile.lock" } ||
    dependency_files.find { |f| f.name == "gems.locked" }
end

#private_registry_credentialsObject 



220
221
222
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 220

def private_registry_credentials
  credentials.select { |cred| cred["type"] == "rubygems_server" }
end

#relevant_credentialsObject 



216
217
218
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 216

def relevant_credentials
  private_registry_credentials + git_source_credentials
end

#retryable_error?(error) ⇒ Boolean

Returns:

  • (Boolean) 


78
79
80
81
82
83
84
85
86
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 78

def retryable_error?(error)
  return true if RETRYABLE_ERRORS.include?(error.error_class)

  unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
    return false
  end

  private_registry_credentials.any?
end

#sanitized_lockfile_bodyObject 



238
239
240
241
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 238

def sanitized_lockfile_body
  re = FileUpdaters::Ruby::Bundler::LockfileUpdater::LOCKFILE_ENDING
  lockfile.content.gsub(re, "")
end

#write_temporary_dependency_filesObject 



206
207
208
209
210
211
212
213
214
 
# File 'lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb', line 206

def write_temporary_dependency_files
  dependency_files.each do |file|
    path = file.name
    FileUtils.mkdir_p(Pathname.new(path).dirname)
    File.write(path, file.content)
  end

  File.write(lockfile.name, sanitized_lockfile_body) if lockfile
end