Module: Dependabot::Bundler::UpdateChecker::SharedBundlerHelpers

Included in:

ForceUpdater, LatestVersionFinder::DependencySource, VersionResolver

Defined in:

lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

Defined Under Namespace

Modules: BundlerErrorPatterns

Constant Summary

GIT_REGEX =

/reset --hard [^\s]*` in directory (?<path>[^\s]*)/.freeze

GIT_REF_REGEX =

/not exist in the repository (?<path>[^\s]*)\./.freeze

PATH_REGEX =

/The path `(?<path>.*)` does not exist/.freeze

RETRYABLE_ERRORS =

%w(
  Bundler::HTTPError
  Bundler::Fetcher::FallbackError
).freeze

RETRYABLE_PRIVATE_REGISTRY_ERRORS =

%w(
  Bundler::GemNotFound
  Gem::InvalidSpecificationException
  Bundler::VersionConflict
  Bundler::HTTPError
  Bundler::Fetcher::FallbackError
).freeze

Instance Attribute Summary

• #credentials ⇒ Object readonly

  Returns the value of attribute credentials.

• #dependency_files ⇒ Object readonly

  Returns the value of attribute dependency_files.

• #repo_contents_path ⇒ Object readonly

  Returns the value of attribute repo_contents_path.

Instance Method Summary

• #base_directory ⇒ Object
• #gemfile ⇒ Object
• #git_source_credentials ⇒ Object
• #handle_bundler_errors(error) ⇒ Object

  rubocop:disable Metrics/CyclomaticComplexity rubocop:disable Metrics/PerceivedComplexity rubocop:disable Metrics/AbcSize rubocop:disable Metrics/MethodLength.

• #in_a_native_bundler_context(error_handling: true) ⇒ Object

  Bundler context setup #.

• #inaccessible_git_dependencies ⇒ Object

  rubocop:enable Metrics/CyclomaticComplexity rubocop:enable Metrics/PerceivedComplexity rubocop:enable Metrics/AbcSize rubocop:enable Metrics/MethodLength.

• #jfrog_source ⇒ Object
• #lockfile ⇒ Object
• #private_registry_credentials ⇒ Object
• #relevant_credentials ⇒ Object
• #retryable_error?(error) ⇒ Boolean
• #sanitized_lockfile_body ⇒ Object

  TODO: Stop sanitizing the lockfile once we have bundler 2 installed.

• #using_bundler_2? ⇒ Boolean
• #write_temporary_dependency_files ⇒ Object

Instance Attribute Details

#credentials ⇒ Object (readonly)

Returns the value of attribute credentials.

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 41

def credentials
  @credentials
end

#dependency_files ⇒ Object (readonly)

Returns the value of attribute dependency_files.

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 41

def dependency_files
  @dependency_files
end

#repo_contents_path ⇒ Object (readonly)

Returns the value of attribute repo_contents_path.

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 41

def repo_contents_path
  @repo_contents_path
end

Instance Method Details

#base_directory ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 65

def base_directory
  dependency_files.first.directory
end

#gemfile ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 235

def gemfile
  dependency_files.find { |f| f.name == "Gemfile" } ||
    dependency_files.find { |f| f.name == "gems.rb" }
end

#git_source_credentials ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 229

def git_source_credentials
  credentials.
    select { |cred| cred["password"] || cred["token"] }.
    select { |cred| cred["type"] == "git_source" }
end

#handle_bundler_errors(error) ⇒ Object

rubocop:disable Metrics/CyclomaticComplexity rubocop:disable Metrics/PerceivedComplexity rubocop:disable Metrics/AbcSize rubocop:disable Metrics/MethodLength

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 84

def handle_bundler_errors(error)
  if error.error_class == "JSON::ParserError"
    msg = "Error evaluating your dependency files: #{error.message}"
    raise Dependabot::DependencyFileNotEvaluatable, msg
  end

  msg = error.error_class + " with message: " + error.message

  case error.error_class
  when "Bundler::Dsl::DSLError", "Bundler::GemspecError"
    # We couldn't evaluate the Gemfile, let alone resolve it
    raise Dependabot::DependencyFileNotEvaluatable, msg
  when "Bundler::Source::Git::MissingGitRevisionError"
    gem_name =
      error.message.match(GIT_REF_REGEX).
      named_captures["path"].
      split("/").last
    raise GitDependencyReferenceNotFound, gem_name
  when "Bundler::PathError"
    gem_name =
      error.message.match(PATH_REGEX).
      named_captures["path"].
      split("/").last.split("-")[0..-2].join
    raise Dependabot::PathDependenciesNotReachable, [gem_name]
  when "Bundler::Source::Git::GitCommandError"
    if error.message.match?(GIT_REGEX)
      # We couldn't find the specified branch / commit (or the two
      # weren't compatible).
      gem_name =
        error.message.match(GIT_REGEX).
        named_captures["path"].
        split("/").last.split("-")[0..-2].join
      raise GitDependencyReferenceNotFound, gem_name
    end

    bad_uris = inaccessible_git_dependencies.map do |spec|
      spec.fetch("uri")
    end
    raise unless bad_uris.any?

    # We don't have access to one of repos required
    raise Dependabot::GitDependenciesNotReachable, bad_uris.uniq
  when "Bundler::GemNotFound", "Gem::InvalidSpecificationException",
       "Bundler::VersionConflict", "Bundler::CyclicDependencyError"
    # Bundler threw an error during resolution. Any of:
    # - the gem doesn't exist in any of the specified sources
    # - the gem wasn't specified properly
    # - the gem was specified at an incompatible version
    raise Dependabot::DependencyFileNotResolvable, msg
  when "Bundler::Fetcher::AuthenticationRequiredError"
    regex = BundlerErrorPatterns::MISSING_AUTH_REGEX
    source = error.message.match(regex)[:source]
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::BadAuthenticationError"
    regex = BundlerErrorPatterns::BAD_AUTH_REGEX
    source = error.message.match(regex)[:source]
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::CertificateFailureError"
    regex = BundlerErrorPatterns::BAD_CERT_REGEX
    source = error.message.match(regex)[:source]
    raise Dependabot::PrivateSourceCertificateFailure, source
  when "Bundler::HTTPError"
    regex = BundlerErrorPatterns::HTTP_ERR_REGEX
    if error.message.match?(regex)
      source = error.message.match(regex)[:source]
      raise if source.end_with?("rubygems.org/")

      raise Dependabot::PrivateSourceTimedOut, source
    end

    # JFrog can serve a 403 if the credentials provided are good but
    # don't have access to a particular gem.
    raise unless error.message.include?("permitted to deploy")
    raise unless jfrog_source

    raise Dependabot::PrivateSourceAuthenticationFailure, jfrog_source
  else raise
  end
end

#in_a_native_bundler_context(error_handling: true) ⇒ Object

Bundler context setup #

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 47

def in_a_native_bundler_context(error_handling: true)
  SharedHelpers.
    in_a_temporary_repo_directory(base_directory,
                                  repo_contents_path) do |tmp_dir|
    write_temporary_dependency_files

    yield(tmp_dir)
  end
rescue SharedHelpers::HelperSubprocessFailed => e
  retry_count ||= 0
  retry_count += 1
  if retryable_error?(e) && retry_count <= 2
    sleep(rand(1.0..5.0)) && retry
  end

  error_handling ? handle_bundler_errors(e) : raise
end

#inaccessible_git_dependencies ⇒ Object

rubocop:enable Metrics/CyclomaticComplexity rubocop:enable Metrics/PerceivedComplexity rubocop:enable Metrics/AbcSize rubocop:enable Metrics/MethodLength

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 168

def inaccessible_git_dependencies
  in_a_native_bundler_context(error_handling: false) do |tmp_dir|
    git_specs = SharedHelpers.run_helper_subprocess(
      command: NativeHelpers.helper_path,
      function: "git_specs",
      args: {
        dir: tmp_dir,
        gemfile_name: gemfile.name,
        credentials: relevant_credentials,
        using_bundler_2: using_bundler_2?
      }
    )
    git_specs.reject do |spec|
      Excon.get(
        spec.fetch("auth_uri"),
        idempotent: true,
        **SharedHelpers.excon_defaults
      ).status == 200
    rescue Excon::Error::Socket, Excon::Error::Timeout
      false
    end
  end
end

#jfrog_source ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 192

def jfrog_source
  in_a_native_bundler_context(error_handling: false) do |dir|
    SharedHelpers.run_helper_subprocess(
      command: NativeHelpers.helper_path,
      function: "jfrog_source",
      args: {
        dir: dir,
        gemfile_name: gemfile.name,
        credentials: relevant_credentials,
        using_bundler_2: using_bundler_2?
      }
    )
  end
end

#lockfile ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 240

def lockfile
  dependency_files.find { |f| f.name == "Gemfile.lock" } ||
    dependency_files.find { |f| f.name == "gems.locked" }
end

#private_registry_credentials ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 224

def private_registry_credentials
  credentials.
    select { |cred| cred["type"] == "rubygems_server" }
end

#relevant_credentials ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 217

def relevant_credentials
  [
    *git_source_credentials,
    *private_registry_credentials
  ].select { |cred| cred["password"] || cred["token"] }
end

#retryable_error?(error) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 69

def retryable_error?(error)
  return true if error.error_class == "JSON::ParserError"
  return true if RETRYABLE_ERRORS.include?(error.error_class)

  unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
    return false
  end

  private_registry_credentials.any?
end

#sanitized_lockfile_body ⇒ Object

TODO: Stop sanitizing the lockfile once we have bundler 2 installed

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 246

def sanitized_lockfile_body
  re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
  lockfile.content.gsub(re, "")
end

#using_bundler_2? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 251

def using_bundler_2?
  return unless lockfile

  lockfile.content.match?(/BUNDLED WITH\s+2/m)
end

#write_temporary_dependency_files ⇒ Object

# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 207

def write_temporary_dependency_files
  dependency_files.each do |file|
    path = file.name
    FileUtils.mkdir_p(Pathname.new(path).dirname)
    File.write(path, file.content)
  end

  File.write(lockfile.name, sanitized_lockfile_body) if lockfile
end