class Dependabot::Maven::MetadataFinder

Constants

DOT_SEPARATOR_REGEX

Private Instance Methods

auth_headers() click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 160
def auth_headers
  @auth_headers ||= Utils::AuthHeadersFinder.new(credentials).auth_headers(maven_repo_url)
end
dependency_artifact_id() click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 116
def dependency_artifact_id
  _group_id, artifact_id, _classifier = dependency.name.split(":")

  artifact_id
end
dependency_pom_file() click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 100
def dependency_pom_file
  return @dependency_pom_file unless @dependency_pom_file.nil?

  response = Excon.get(
    "#{maven_repo_dependency_url}/"\
    "#{dependency.version}/"\
    "#{dependency_artifact_id}-#{dependency.version}.pom",
    idempotent: true,
    **SharedHelpers.excon_defaults(headers: auth_headers)
  )

  @dependency_pom_file = Nokogiri::XML(response.body)
rescue Excon::Error::Timeout
  @dependency_pom_file = Nokogiri::XML("")
end
look_up_source() click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 18
def look_up_source
  tmp_source = look_up_source_in_pom(dependency_pom_file)
  return tmp_source if tmp_source

  return unless (parent = parent_pom_file(dependency_pom_file))

  tmp_source = look_up_source_in_pom(parent)
  return unless tmp_source

  return tmp_source if tmp_source.repo.end_with?(dependency_artifact_id)
  return tmp_source if repo_has_subdir_for_dep?(tmp_source)
end
look_up_source_in_pom(pom) click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 49
def look_up_source_in_pom(pom)
  potential_source_urls = [
    pom.at_css("project > url")&.content,
    pom.at_css("project > scm > url")&.content,
    pom.at_css("project > issueManagement > url")&.content
  ].compact

  source_url = potential_source_urls.find { |url| Source.from_url(url) }
  source_url ||= source_from_anywhere_in_pom(pom)
  source_url = substitute_properties_in_source_url(source_url, pom)

  Source.from_url(source_url)
end
maven_repo_dependency_url() click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 154
def maven_repo_dependency_url
  group_id, artifact_id = dependency.name.split(":")

  "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}"
end
maven_repo_url() click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 145
def maven_repo_url
  source = dependency.requirements.
           find { |r| r&.fetch(:source) }&.fetch(:source)

  source&.fetch(:url, nil) ||
    source&.fetch("url") ||
    Maven::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
end
parent_pom_file(pom) click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 122
def parent_pom_file(pom)
  doc = pom.dup
  doc.remove_namespaces!
  group_id = doc.at_xpath("/project/parent/groupId")&.content&.strip
  artifact_id =
    doc.at_xpath("/project/parent/artifactId")&.content&.strip
  version = doc.at_xpath("/project/parent/version")&.content&.strip

  return unless artifact_id && group_id && version

  url = "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}/"\
        "#{version}/"\
        "#{artifact_id}-#{version}.pom"

  response = Excon.get(
    substitute_properties_in_source_url(url, pom),
    idempotent: true,
    **SharedHelpers.excon_defaults(headers: auth_headers)
  )

  Nokogiri::XML(response.body)
end
repo_has_subdir_for_dep?(tmp_source) click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 31
def repo_has_subdir_for_dep?(tmp_source)
  @repo_has_subdir_for_dep ||= {}
  return @repo_has_subdir_for_dep[tmp_source] if @repo_has_subdir_for_dep.key?(tmp_source)

  fetcher =
    FileFetchers::Base.new(source: tmp_source, credentials: credentials)

  @repo_has_subdir_for_dep[tmp_source] =
    fetcher.send(:repo_contents, raise_errors: false).
    select { |f| f.type == "dir" }.
    any? { |f| dependency_artifact_id.end_with?(f.name) }
rescue Dependabot::BranchNotFound
  tmp_source.branch = nil
  retry
rescue Dependabot::RepoNotFound
  @repo_has_subdir_for_dep[tmp_source] = false
end
source_from_anywhere_in_pom(pom) click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 88
def source_from_anywhere_in_pom(pom)
  github_urls = []
  pom.to_s.scan(Source::SOURCE_REGEX) do
    github_urls << Regexp.last_match.to_s
  end

  github_urls.find do |url|
    repo = Source.from_url(url).repo
    repo.end_with?(dependency_artifact_id)
  end
end
substitute_properties_in_source_url(source_url, pom) click to toggle source
# File lib/dependabot/maven/metadata_finder.rb, line 63
def substitute_properties_in_source_url(source_url, pom)
  return unless source_url
  return source_url unless source_url.include?("${")

  regex = Maven::FileParser::PROPERTY_REGEX
  property_name = source_url.match(regex).named_captures["property"]
  doc = pom.dup
  doc.remove_namespaces!
  nm = property_name.sub(/^pom\./, "").sub(/^project\./, "")
  property_value =
    loop do
      candidate_node =
        doc.at_xpath("/project/#{nm}") ||
        doc.at_xpath("/project/properties/#{nm}") ||
        doc.at_xpath("/project/profiles/profile/properties/#{nm}")
      break(candidate_node.content) if candidate_node
      break unless nm.match?(DOT_SEPARATOR_REGEX)

      nm = nm.sub(DOT_SEPARATOR_REGEX, "/")
    end

  url = source_url.gsub(source_url.match(regex).to_s, property_value.to_s)
  substitute_properties_in_source_url(url, pom)
end