class Dependabot::Gradle::FileParser::RepositoriesFinder

Constants

CENTRAL_REPO_URL

The Central Repo doesn't have special status for Gradle, but until we're confident we're selecting repos correctly it's wise to include it as a default.

GROOVY_MAVEN_REPO_REGEX
KOTLIN_MAVEN_REPO_REGEX
MAVEN_REPO_REGEX
REPOSITORIES_BLOCK_START
SUPPORTED_BUILD_FILE_NAMES

Attributes

dependency_files[R]
target_dependency_file[R]

Public Class Methods

new(dependency_files:, target_dependency_file:) click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 27
def initialize(dependency_files:, target_dependency_file:)
  @dependency_files = dependency_files
  @target_dependency_file = target_dependency_file
  raise "No target file!" unless target_dependency_file
end

Public Instance Methods

repository_urls() click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 33
def repository_urls
  repository_urls = []
  repository_urls += inherited_repository_urls
  repository_urls += own_buildfile_repository_urls
  repository_urls = repository_urls.uniq

  return repository_urls unless repository_urls.empty?

  [CENTRAL_REPO_URL]
end

Private Instance Methods

closing_bracket_index(string) click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 113
def closing_bracket_index(string)
  closes_required = 1

  string.chars.each_with_index do |char, index|
    closes_required += 1 if char == "{"
    closes_required -= 1 if char == "}"
    return index if closes_required.zero?
  end

  0
end
comment_free_content(buildfile) click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 135
def comment_free_content(buildfile)
  buildfile.content.
    gsub(%r{(?<=^|\s)//.*$}, "\n").
    gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
end
inherited_repository_urls() click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 48
def inherited_repository_urls
  return [] unless top_level_buildfile

  buildfile_content = comment_free_content(top_level_buildfile)
  subproject_blocks = []

  buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
    mtch = Regexp.last_match
    subproject_blocks <<
      mtch.post_match[0..closing_bracket_index(mtch.post_match)]
  end

  if top_level_buildfile != target_dependency_file
    buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
      mtch = Regexp.last_match
      subproject_blocks <<
        mtch.post_match[0..closing_bracket_index(mtch.post_match)]
    end
  end

  repository_urls_from(subproject_blocks.join("\n"))
end
own_buildfile_repository_urls() click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 71
def own_buildfile_repository_urls
  buildfile_content = comment_free_content(target_dependency_file)

  buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
    mtch = Regexp.last_match
    buildfile_content.gsub!(
      mtch.post_match[0..closing_bracket_index(mtch.post_match)],
      ""
    )
  end

  repository_urls_from(buildfile_content)
end
repository_urls_from(buildfile_content) click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 85
def repository_urls_from(buildfile_content)
  repository_urls = []

  repository_blocks = []
  buildfile_content.scan(REPOSITORIES_BLOCK_START) do
    mtch = Regexp.last_match
    repository_blocks <<
      mtch.post_match[0..closing_bracket_index(mtch.post_match)]
  end

  repository_blocks.each do |block|
    repository_urls << "https://maven.google.com/" if block.match?(/\sgoogle\(/)

    repository_urls << "https://repo.maven.apache.org/maven2/" if block.match?(/\smavenCentral\(/)

    repository_urls << "https://jcenter.bintray.com/" if block.match?(/\sjcenter\(/)

    block.scan(MAVEN_REPO_REGEX) do
      repository_urls << Regexp.last_match.named_captures.fetch("url")
    end
  end

  repository_urls.
    map { |url| url.strip.gsub(%r{/$}, "") }.
    select { |url| valid_url?(url) }.
    uniq
end
top_level_buildfile() click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 141
def top_level_buildfile
  @top_level_buildfile ||= dependency_files.find do |f|
    SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
  end
end
valid_url?(url) click to toggle source
# File lib/dependabot/gradle/file_parser/repositories_finder.rb, line 125
def valid_url?(url)
  # Reject non-http URLs because they're probably parsing mistakes
  return false unless url.start_with?("http")

  URI.parse(url)
  true
rescue URI::InvalidURIError
  false
end