Module: Dependabot::Cargo::Helpers

Extended by:
T::Sig
Defined in:
lib/dependabot/cargo/helpers.rb

Class Method Summary collapse

Class Method Details

.bypass_cargo_credential_providersObject 



21
22
23
 
# File 'lib/dependabot/cargo/helpers.rb', line 21

def self.bypass_cargo_credential_providers
  ENV["CARGO_REGISTRY_GLOBAL_CREDENTIAL_PROVIDERS"] ||= ""
end

.sanitize_cargo_config(config_content) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/dependabot/cargo/helpers.rb', line 35

def self.sanitize_cargo_config(config_content)
  parsed = TomlRB.parse(config_content)
  return config_content unless parsed.is_a?(Hash)

  registries = parsed["registries"]
  if registries.is_a?(Hash)
    registries.each_value do |registry_config|
      registry_config.delete("credential-provider") if registry_config.is_a?(Hash)
    end
  end

  # Also strip credential-provider from [registry] (crates.io default registry). Users who `cargo publish`
  # from CI may have this set. It's a per-registry override that takes precedence over the global env var,
  # so we need to remove it to prevent Cargo from trying to look up a token.
  registry = parsed["registry"]
  registry.delete("credential-provider") if registry.is_a?(Hash)

  TomlRB.dump(parsed)
rescue TomlRB::Error => e
  raise Dependabot::DependencyFileNotParseable.new(
    ".cargo/config.toml",
    "Failed to parse Cargo config file: #{e.message}"
  )
end