class Dependabot::Dep::FileParser
Constants
- REQUIREMENT_TYPES
Public Instance Methods
parse()
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 25 def parse dependency_set = DependencySet.new dependency_set += manifest_dependencies dependency_set += lockfile_dependencies dependency_set.dependencies end
Private Instance Methods
appears_in_lockfile?(dependency_name)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 121 def appears_in_lockfile?(dependency_name) parsed_file(lockfile).fetch("projects", []). any? { |details| details["name"] == dependency_name } end
check_required_files()
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 168 def check_required_files %w(Gopkg.toml Gopkg.lock).each do |filename| raise "No #{filename}!" unless get_original_file(filename) end end
git_declaration?(declaration)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 126 def git_declaration?(declaration) return true if declaration["branch"] || declaration["revision"] return false unless declaration["version"] return false unless declaration["version"].match?(/^[A-Za-z0-9]/) Dep::Requirement.new(declaration["version"]) false rescue Gem::Requirement::BadRequirementError true end
git_source(path)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 137 def git_source(path) Dependabot::Dep::PathConverter.git_url_for_path(path) rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e if e.message == "Cannot detect VCS" msg = e.message + " for #{path}" raise Dependabot::DependencyFileNotResolvable, msg end if e.message.end_with?("Not Found") msg = "#{path} returned a 404" raise Dependabot::DependencyFileNotResolvable, msg end raise end
lockfile()
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 164 def lockfile @lockfile ||= get_original_file("Gopkg.lock") end
lockfile_dependencies()
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 59 def lockfile_dependencies dependency_set = DependencySet.new parsed_file(lockfile).fetch("projects", []).each do |details| dependency_set << Dependency.new( name: details.fetch("name"), version: version_from_lockfile(details), package_manager: "dep", requirements: [] ) end dependency_set end
manifest()
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 160 def manifest @manifest ||= get_original_file("Gopkg.toml") end
manifest_dependencies()
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 34 def manifest_dependencies dependency_set = DependencySet.new REQUIREMENT_TYPES.each do |type| parsed_file(manifest).fetch(type, []).each do |details| next if lockfile && !appears_in_lockfile?(details.fetch("name")) next if missing_version_in_manifest_and_lockfile(details) dependency_set << Dependency.new( name: details.fetch("name"), version: version_from_declaration(details), package_manager: "dep", requirements: [{ requirement: requirement_from_declaration(details), file: manifest.name, groups: [], source: source_from_declaration(details) }] ) end end dependency_set end
missing_version_in_manifest_and_lockfile(declaration)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 174 def missing_version_in_manifest_and_lockfile(declaration) return false if git_declaration?(declaration) lockfile_decl = parsed_file(lockfile). fetch("projects", []). find { |details| details["name"] == declaration["name"] } lockfile_decl&.fetch("version", nil).nil? end
parsed_file(file)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 153 def parsed_file(file) @parsed_file ||= {} @parsed_file[file.name] ||= TomlRB.parse(file.content) rescue TomlRB::ParseError, TomlRB::ValueOverwriteError raise Dependabot::DependencyFileNotParseable, file.path end
requirement_from_declaration(declaration)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 78 def requirement_from_declaration(declaration) raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash) return if git_declaration?(declaration) declaration["version"] end
source_from_declaration(declaration)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 86 def source_from_declaration(declaration) source = declaration["source"] || declaration["name"] git_source_url = git_source(source) if git_source_url && git_declaration?(declaration) { type: "git", url: git_source_url, branch: declaration["branch"], ref: declaration["revision"] || declaration["version"] } elsif git_declaration?(declaration) raise "No git source for a git declaration!" else { type: "default", source: source } end end
version_from_declaration(declaration)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 108 def version_from_declaration(declaration) lockfile_details = parsed_file(lockfile).fetch("projects", []). find { |details| details["name"] == declaration.fetch("name") } if source_from_declaration(declaration).fetch(:type) == "git" lockfile_details["revision"] || version_from_lockfile(lockfile_details) else version_from_lockfile(lockfile_details) end end
version_from_lockfile(details)
click to toggle source
# File lib/dependabot/dep/file_parser.rb, line 74 def version_from_lockfile(details) details["version"]&.sub(/^v?/, "") || details.fetch("revision") end