class Dependabot::Dep::FileParser

Constants

REQUIREMENT_TYPES

Public Instance Methods

parse() click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 25
def parse
  dependency_set = DependencySet.new
  dependency_set += manifest_dependencies
  dependency_set += lockfile_dependencies
  dependency_set.dependencies
end

Private Instance Methods

appears_in_lockfile?(dependency_name) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 121
def appears_in_lockfile?(dependency_name)
  parsed_file(lockfile).fetch("projects", []).
    any? { |details| details["name"] == dependency_name }
end
check_required_files() click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 168
def check_required_files
  %w(Gopkg.toml Gopkg.lock).each do |filename|
    raise "No #{filename}!" unless get_original_file(filename)
  end
end
git_declaration?(declaration) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 126
def git_declaration?(declaration)
  return true if declaration["branch"] || declaration["revision"]
  return false unless declaration["version"]
  return false unless declaration["version"].match?(/^[A-Za-z0-9]/)

  Dep::Requirement.new(declaration["version"])
  false
rescue Gem::Requirement::BadRequirementError
  true
end
git_source(path) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 137
def git_source(path)
  Dependabot::Dep::PathConverter.git_url_for_path(path)
rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
  if e.message == "Cannot detect VCS"
    msg = e.message + " for #{path}"
    raise Dependabot::DependencyFileNotResolvable, msg
  end

  if e.message.end_with?("Not Found")
    msg = "#{path} returned a 404"
    raise Dependabot::DependencyFileNotResolvable, msg
  end

  raise
end
lockfile() click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 164
def lockfile
  @lockfile ||= get_original_file("Gopkg.lock")
end
lockfile_dependencies() click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 59
def lockfile_dependencies
  dependency_set = DependencySet.new

  parsed_file(lockfile).fetch("projects", []).each do |details|
    dependency_set << Dependency.new(
      name: details.fetch("name"),
      version: version_from_lockfile(details),
      package_manager: "dep",
      requirements: []
    )
  end

  dependency_set
end
manifest() click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 160
def manifest
  @manifest ||= get_original_file("Gopkg.toml")
end
manifest_dependencies() click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 34
def manifest_dependencies
  dependency_set = DependencySet.new

  REQUIREMENT_TYPES.each do |type|
    parsed_file(manifest).fetch(type, []).each do |details|
      next if lockfile && !appears_in_lockfile?(details.fetch("name"))
      next if missing_version_in_manifest_and_lockfile(details)

      dependency_set << Dependency.new(
        name: details.fetch("name"),
        version: version_from_declaration(details),
        package_manager: "dep",
        requirements: [{
          requirement: requirement_from_declaration(details),
          file: manifest.name,
          groups: [],
          source: source_from_declaration(details)
        }]
      )
    end
  end

  dependency_set
end
missing_version_in_manifest_and_lockfile(declaration) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 174
def missing_version_in_manifest_and_lockfile(declaration)
  return false if git_declaration?(declaration)

  lockfile_decl =
    parsed_file(lockfile).
    fetch("projects", []).
    find { |details| details["name"] == declaration["name"] }
  lockfile_decl&.fetch("version", nil).nil?
end
parsed_file(file) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 153
def parsed_file(file)
  @parsed_file ||= {}
  @parsed_file[file.name] ||= TomlRB.parse(file.content)
rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
  raise Dependabot::DependencyFileNotParseable, file.path
end
requirement_from_declaration(declaration) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 78
def requirement_from_declaration(declaration)
  raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)

  return if git_declaration?(declaration)

  declaration["version"]
end
source_from_declaration(declaration) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 86
def source_from_declaration(declaration)
  source = declaration["source"] || declaration["name"]

  git_source_url = git_source(source)

  if git_source_url && git_declaration?(declaration)
    {
      type: "git",
      url: git_source_url,
      branch: declaration["branch"],
      ref: declaration["revision"] || declaration["version"]
    }
  elsif git_declaration?(declaration)
    raise "No git source for a git declaration!"
  else
    {
      type: "default",
      source: source
    }
  end
end
version_from_declaration(declaration) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 108
def version_from_declaration(declaration)
  lockfile_details =
    parsed_file(lockfile).fetch("projects", []).
    find { |details| details["name"] == declaration.fetch("name") }

  if source_from_declaration(declaration).fetch(:type) == "git"
    lockfile_details["revision"] ||
      version_from_lockfile(lockfile_details)
  else
    version_from_lockfile(lockfile_details)
  end
end
version_from_lockfile(details) click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 74
def version_from_lockfile(details)
  details["version"]&.sub(/^v?/, "") || details.fetch("revision")
end