Class: Gem::SpecificationPolicy

Inherits:

Object

• Object
• Gem::SpecificationPolicy

Includes:

UserInteraction

Defined in:

lib/rubygems/specification_policy.rb

Constant Summary

VALID_NAME_PATTERN =

:nodoc:

/\A[a-zA-Z0-9\.\-\_]+\z/.freeze

SPECIAL_CHARACTERS =

:nodoc:

/\A[#{Regexp.escape('.-_')}]+/.freeze

VALID_URI_PATTERN =

:nodoc:

%r{\Ahttps?:\/\/([^\s:@]+:[^\s:@]*@)?[A-Za-z\d\-]+(\.[A-Za-z\d\-]+)+\.?(:\d{1,5})?([\/?]\S*)?\z}.freeze

METADATA_LINK_KEYS =

%w[
  bug_tracker_uri
  changelog_uri
  documentation_uri
  homepage_uri
  mailing_list_uri
  source_code_uri
  wiki_uri
  funding_uri
].freeze

Instance Attribute Summary

• #packaging ⇒ Object

  If set to true, run packaging-specific checks, as well.

Instance Method Summary

• #initialize(specification) ⇒ SpecificationPolicy constructor

  :nodoc:.

• #validate(strict = false) ⇒ Object

  Does a sanity check on the specification.

• #validate_dependencies ⇒ Object

  Checks that the gem does not depend on itself.

• #validate_duplicate_dependencies ⇒ Object

  Checks that no duplicate dependencies are specified.

• #validate_metadata ⇒ Object

  Implementation for Specification#validate_metadata.

• #validate_optional(strict) ⇒ Object
• #validate_permissions ⇒ Object

  Issues a warning for each file to be packaged which is world-readable.

• #validate_required! ⇒ Object

  Does a sanity check on the specification.

Methods included from UserInteraction

#alert, #alert_error, #alert_warning, #ask, #ask_for_password, #ask_yes_no, #choose_from_list, #say, #terminate_interaction, #verbose

Methods included from DefaultUserInteraction

ui, #ui, ui=, #ui=, use_ui, #use_ui

Methods included from Text

#clean_text, #format_text, #levenshtein_distance, #min3, #truncate_text

Constructor Details

#initialize(specification) ⇒ SpecificationPolicy

:nodoc:

# File 'lib/rubygems/specification_policy.rb', line 25

def initialize(specification)
  @warnings = 0

  @specification = specification
end

Instance Attribute Details

#packaging ⇒ Object

If set to true, run packaging-specific checks, as well.

# File 'lib/rubygems/specification_policy.rb', line 34

def packaging
  @packaging
end

Instance Method Details

#validate(strict = false) ⇒ Object

Does a sanity check on the specification.

Raises InvalidSpecificationException if the spec does not pass the checks.

It also performs some validations that do not raise but print warning messages instead.

# File 'lib/rubygems/specification_policy.rb', line 45

def validate(strict = false)
  validate_required!

  validate_optional(strict) if packaging || strict

  true
end

#validate_dependencies ⇒ Object

Checks that the gem does not depend on itself. Checks that dependencies use requirements as we recommend. Warnings are issued when dependencies are open-ended or overly strict for semantic versioning.

# File 'lib/rubygems/specification_policy.rb', line 182

def validate_dependencies # :nodoc:
  warning_messages = []
  @specification.dependencies.each do |dep|
    if dep.name == @specification.name # warn on self reference
      warning_messages << "Self referencing dependency is unnecessary and strongly discouraged."
    end

    prerelease_dep = dep.requirements_list.any? do |req|
      Gem::Requirement.new(req).prerelease?
    end

    warning_messages << "prerelease dependency on #{dep} is not recommended" if
        prerelease_dep && !@specification.version.prerelease?

    open_ended = dep.requirement.requirements.all? do |op, version|
      !version.prerelease? && (op == ">" || op == ">=")
    end

    next unless open_ended
    op, dep_version = dep.requirement.requirements.first

    segments = dep_version.segments

    base = segments.first 2

    recommendation = if (op == ">" || op == ">=") && segments == [0]
      "  use a bounded requirement, such as '~> x.y'"
    else
      bugfix = if op == ">"
        ", '> #{dep_version}'"
      elsif op == ">=" && base != segments
        ", '>= #{dep_version}'"
      end

      "  if #{dep.name} is semantically versioned, use:\n" \
      "    add_#{dep.type}_dependency '#{dep.name}', '~> #{base.join "."}'#{bugfix}"
    end

    warning_messages << ["open-ended dependency on #{dep} is not recommended", recommendation].join("\n") + "\n"
  end
  if warning_messages.any?
    warning_messages.each {|warning_message| warning warning_message }
  end
end

#validate_duplicate_dependencies ⇒ Object

Checks that no duplicate dependencies are specified.

# File 'lib/rubygems/specification_policy.rb', line 156

def validate_duplicate_dependencies # :nodoc:
  # NOTE: see REFACTOR note in Gem::Dependency about types - this might be brittle
  seen = Gem::Dependency::TYPES.inject({}) {|types, type| types.merge({ type => {} }) }

  error_messages = []
  @specification.dependencies.each do |dep|
    if prev = seen[dep.type][dep.name]
      error_messages << <<-MESSAGE
duplicate dependency on #{dep}, (#{prev.requirement}) use:
  add_#{dep.type}_dependency '#{dep.name}', '#{dep.requirement}', '#{prev.requirement}'
      MESSAGE
    end

    seen[dep.type][dep.name] = dep
  end
  if error_messages.any?
    error error_messages.join
  end
end

#validate_metadata ⇒ Object

Implementation for Specification#validate_metadata

# File 'lib/rubygems/specification_policy.rb', line 121

def validate_metadata
  metadata = @specification.metadata

  unless Hash === metadata
    error "metadata must be a hash"
  end

  metadata.each do |key, value|
    entry = "metadata['#{key}']"
    unless key.is_a?(String)
      error "metadata keys must be a String"
    end

    if key.size > 128
      error "metadata key is too large (#{key.size} > 128)"
    end

    unless value.is_a?(String)
      error "#{entry} value must be a String"
    end

    if value.size > 1024
      error "#{entry} value is too large (#{value.size} > 1024)"
    end

    next unless METADATA_LINK_KEYS.include? key
    unless VALID_URI_PATTERN.match?(value)
      error "#{entry} has invalid link: #{value.inspect}"
    end
  end
end

#validate_optional(strict) ⇒ Object

# File 'lib/rubygems/specification_policy.rb', line 96

def validate_optional(strict)
  validate_licenses

  validate_permissions

  validate_values

  validate_dependencies

  validate_extensions

  validate_removed_attributes

  if @warnings > 0
    if strict
      error "specification has warnings"
    else
      alert_warning help_text
    end
  end
end

#validate_permissions ⇒ Object

Issues a warning for each file to be packaged which is world-readable.

Implementation for Specification#validate_permissions

# File 'lib/rubygems/specification_policy.rb', line 232

def validate_permissions
  return if Gem.win_platform?

  @specification.files.each do |file|
    next unless File.file?(file)
    next if File.stat(file).mode & 0o444 == 0o444
    warning "#{file} is not world-readable"
  end

  @specification.executables.each do |name|
    exec = File.join @specification.bindir, name
    next unless File.file?(exec)
    next if File.stat(exec).executable?
    warning "#{exec} is not executable"
  end
end

#validate_required! ⇒ Object

Does a sanity check on the specification.

Raises InvalidSpecificationException if the spec does not pass the checks.

Only runs checks that are considered necessary for the specification to be functional.

# File 'lib/rubygems/specification_policy.rb', line 62

def validate_required!
  validate_nil_attributes

  validate_rubygems_version

  validate_required_attributes

  validate_name

  validate_require_paths

  @specification.keep_only_files_and_directories

  validate_non_files

  validate_self_inclusion_in_files_list

  validate_specification_version

  validate_platform

  validate_array_attributes

  validate_authors_field

  validate_metadata

  validate_licenses_length

  validate_lazy_metadata

  validate_duplicate_dependencies
end