Module: Dependabot::Bundler::UpdateChecker::SharedBundlerHelpers

Extended by:
T::Helpers, T::Sig
Includes:
Kernel
Included in:
Package::PackageDetailsFetcher, ConflictingDependencyResolver, ForceUpdater, LatestVersionFinder::DependencySource, VersionResolver
Defined in:
lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

Defined Under Namespace

Modules: BundlerErrorPatterns

Constant Summary collapse

GIT_REGEX =
/reset --hard [^\s]*` in directory (?<path>[^\s]*)/
GIT_REF_REGEX =
/not exist in the repository (?<path>[^\s]*)\./
PATH_REGEX =
/The path `(?<path>.*)` does not exist/
REGISTRY_METADATA_ERROR_REGEX =

Raised by Bundler when a registry's compact index (/info/<gem>) returns gem metadata it can't parse (e.g. an illformed ruby:/rubygems: requirement). This means the registry served bad data, not that the user's dependency files are broken. The trailing detail capture keeps Bundler's own explanation (e.g. Illformed requirement [...]) so the exact parse failure is preserved rather than discarded.

/error parsing the metadata for the gem (?<gem>\S+) \((?<version>[^)]+)\):?\s*(?<detail>.*)/m
RETRYABLE_ERRORS =
%w(
  Bundler::HTTPError
  Bundler::Fetcher::FallbackError
).freeze
RETRYABLE_PRIVATE_REGISTRY_ERRORS =
%w(
  Bundler::GemNotFound
  Gem::InvalidSpecificationException
  Bundler::VersionConflict
  Bundler::HTTPError
  Bundler::Fetcher::FallbackError
).freeze

Instance Method Summary collapse

Instance Method Details

#base_directoryObject



100
101
102
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 100

def base_directory
  T.must(dependency_files.first).directory
end

#credentialsObject



37
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 37

def credentials; end

#dependency_filesObject



31
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 31

def dependency_files; end

#gemfileObject



312
313
314
315
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 312

def gemfile
  dependency_files.find { |f| f.name == "Gemfile" } ||
    dependency_files.find { |f| f.name == "gems.rb" }
end

#handle_bundler_errors(error) ⇒ Object



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 119

def handle_bundler_errors(error)
  if error.error_class == "JSON::ParserError"
    msg = "Error evaluating your dependency files: #{error.message}"
    raise Dependabot::DependencyFileNotEvaluatable, msg
  end

  msg = error.error_class + " with message: " + error.message

  case error.error_class
  when "Bundler::Dsl::DSLError", "Bundler::GemspecError"
    # We couldn't evaluate the Gemfile, let alone resolve it
    raise (error) || Dependabot::DependencyFileNotEvaluatable.new(msg)
  when "Bundler::Source::Git::MissingGitRevisionError"
    match_data = error.message.match(GIT_REF_REGEX)
    gem_name = T.must(T.must(match_data).named_captures["path"])
                .split("/").last
    raise GitDependencyReferenceNotFound, T.must(gem_name)
  when "Bundler::PathError"
    match_data = error.message.match(PATH_REGEX)
    path = T.must(T.must(match_data).named_captures["path"])
    gem_name = T.must(T.must(path.split("/").last).split("-")[0..-2]).join
    raise Dependabot::PathDependenciesNotReachable, [gem_name]
  when "Bundler::Source::Git::GitCommandError"
    if error.message.match?(GIT_REGEX)
      # We couldn't find the specified branch / commit (or the two
      # weren't compatible).
      match_data = error.message.match(GIT_REGEX)
      path = T.must(T.must(match_data).named_captures["path"])
      gem_name = T.must(T.must(path.split("/").last).split("-")[0..-2]).join
      raise GitDependencyReferenceNotFound, gem_name
    end

    bad_uris = inaccessible_git_dependencies.map do |spec|
      spec.fetch("uri")
    end
    raise unless bad_uris.any?

    # We don't have access to one of repos required
    raise Dependabot::GitDependenciesNotReachable, bad_uris.uniq
  when "Bundler::GemNotFound", "Gem::InvalidSpecificationException",
       "Bundler::VersionConflict", "Bundler::CyclicDependencyError",
       "Bundler::SolveFailure"
    # Bundler threw an error during resolution. Any of:
    # - the gem doesn't exist in any of the specified sources
    # - the gem wasn't specified properly
    # - the gem was specified at an incompatible version
    raise Dependabot::DependencyFileNotResolvable, msg
  when "Bundler::Fetcher::AuthenticationRequiredError"
    regex = BundlerErrorPatterns::MISSING_AUTH_REGEX
    source = T.must(T.must(error.message.match(regex))[:source])
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::AuthenticationForbiddenError"
    regex = BundlerErrorPatterns::FORBIDDEN_AUTH_REGEX
    source = T.must(T.must(error.message.match(regex))[:source])
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::BadAuthenticationError"
    regex = BundlerErrorPatterns::BAD_AUTH_REGEX
    source = T.must(T.must(error.message.match(regex))[:source])
    raise Dependabot::PrivateSourceAuthenticationFailure, source
  when "Bundler::Fetcher::CertificateFailureError"
    regex = BundlerErrorPatterns::BAD_CERT_REGEX
    source = T.must(T.must(error.message.match(regex))[:source])
    raise Dependabot::PrivateSourceCertificateFailure, source
  when "Bundler::HTTPError"
    regex = BundlerErrorPatterns::HTTP_ERR_REGEX
    if error.message.match?(regex)
      source = T.must(T.must(error.message.match(regex))[:source])
      raise if [
        "rubygems.org",
        "www.rubygems.org"
      ].include?(URI(source).host)

      raise Dependabot::PrivateSourceTimedOut, source
    end

    # JFrog can serve a 403 if the credentials provided are good but
    # don't have access to a particular gem.
    raise unless error.message.include?("permitted to deploy")
    raise unless jfrog_source

    raise Dependabot::PrivateSourceAuthenticationFailure, jfrog_source
  else raise
  end
end

#in_a_native_bundler_context(error_handling: true, &_blk) ⇒ Object



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 83

def in_a_native_bundler_context(error_handling: true, &_blk)
  SharedHelpers
    .in_a_temporary_repo_directory(base_directory,
                                   repo_contents_path) do |tmp_dir|
    write_temporary_dependency_files

    yield(tmp_dir.to_s)
  end
rescue SharedHelpers::HelperSubprocessFailed => e
  retry_count ||= 0
  retry_count += 1
  sleep(rand(1.0..5.0)) && retry if retryable_error?(e) && retry_count <= 2

  error_handling ? handle_bundler_errors(e) : raise
end

#inaccessible_git_dependenciesObject



248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 248

def inaccessible_git_dependencies
  in_a_native_bundler_context(error_handling: false) do |tmp_dir|
    git_specs = NativeHelpers.run_bundler_subprocess(
      bundler_version: bundler_version,
      function: "git_specs",
      options: options,
      args: {
        dir: tmp_dir,
        gemfile_name: T.must(gemfile).name,
        credentials: credentials
      }
    )
    git_specs.reject do |spec|
      uri = URI.parse(spec.fetch("auth_uri"))
      next false unless uri.scheme&.match?(/https?/o)

      Dependabot::RegistryClient.get(
        url: uri.to_s,
        headers: { "Accept-Encoding" => "gzip" }
      ).status == 200
    rescue Excon::Error::Socket, Excon::Error::Timeout
      false
    end
  end
end

#jfrog_sourceObject



275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 275

def jfrog_source
  @jfrog_source = T.let(@jfrog_source, T.nilable(String)) if @jfrog_source.nil?
  return @jfrog_source unless @jfrog_source.nil?

  @jfrog_source = in_a_native_bundler_context(error_handling: false) do |dir|
    NativeHelpers.run_bundler_subprocess(
      bundler_version: bundler_version,
      function: "jfrog_source",
      options: options,
      args: {
        dir: dir,
        gemfile_name: T.must(gemfile).name,
        credentials: credentials
      }
    )
  end
end

#lockfileObject



318
319
320
321
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 318

def lockfile
  dependency_files.find { |f| f.name == "Gemfile.lock" } ||
    dependency_files.find { |f| f.name == "gems.locked" }
end

#optionsObject



28
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 28

def options; end

#private_registry_credentialsObject



306
307
308
309
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 306

def private_registry_credentials
  credentials
    .select { |cred| cred["type"] == "rubygems_server" }
end

#private_registry_sourceObject



243
244
245
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 243

def private_registry_source
  private_registry_credentials.filter_map { |cred| cred["host"] }.first
end

#registry_metadata_error(error) ⇒ Object



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 216

def (error)
  match = error.message.match(REGISTRY_METADATA_ERROR_REGEX)
  return nil unless match

  source = private_registry_source
  return nil unless source

  # Bundler's original message identifies which gem/version the registry
  # served unparseable metadata for, and why (e.g. the illformed
  # requirement string). The structured job error only records the source
  # host, so log the full message here to keep the offending gem
  # diagnosable from the updater logs.
  Dependabot.logger.error(
    "Registry #{source} returned unparseable compact-index metadata for " \
    "#{match[:gem]} (#{match[:version]}); raising PrivateSourceBadResponse. " \
    "Original Bundler error: #{error.message.strip}"
  )

  parse_detail = match[:detail].to_s.strip.gsub(/\s*\n\s*/, "; ")
  detail = "Invalid gem metadata returned for #{match[:gem]} (#{match[:version]}) " \
           "by the source: #{source}"
  detail += " (#{parse_detail})" unless parse_detail.empty?

  Dependabot::PrivateSourceBadResponse.new(source, detail)
end

#repo_contents_pathObject



34
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 34

def repo_contents_path; end

#retryable_error?(error) ⇒ Boolean

Returns:

  • (Boolean)


105
106
107
108
109
110
111
112
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 105

def retryable_error?(error)
  return true if error.error_class == "JSON::ParserError"
  return true if RETRYABLE_ERRORS.include?(error.error_class)

  return false unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)

  private_registry_credentials.any?
end

#write_temporary_dependency_filesObject



294
295
296
297
298
299
300
301
302
303
# File 'lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb', line 294

def write_temporary_dependency_files
  dependency_files.each do |file|
    path = file.name
    FileUtils.mkdir_p(Pathname.new(path).dirname)
    File.write(path, file.content)
  end

  lockfile_obj = lockfile
  File.write(lockfile_obj.name, lockfile_obj.content) if lockfile_obj
end