diff --git a/hex/lib/dependabot/hex/file_fetcher.rb b/hex/lib/dependabot/hex/file_fetcher.rb index c1563087e1..d49b82ddd0 100644 --- a/hex/lib/dependabot/hex/file_fetcher.rb +++ b/hex/lib/dependabot/hex/file_fetcher.rb @@ -79,10 +79,16 @@ def subapp_mixfiles end def support_files - mixfile.content.scan(SUPPORT_FILE).map do |support_file_args| - path = Pathname.new(File.join(*support_file_args.compact.reverse)). - cleanpath.to_path - fetch_file_from_host(path).tap { |f| f.support_file = true } + mixfiles = [mixfile] + subapp_mixfiles + + mixfiles.flat_map do |mixfile| + mixfile_dir = mixfile.path.sub("/mix.exs", "").delete_prefix("/") + + mixfile.content.gsub(/__DIR__/, "\"#{mixfile_dir}\"").scan(SUPPORT_FILE).map do |support_file_args| + path = Pathname.new(File.join(*support_file_args.compact.reverse)). + cleanpath.to_path + fetch_file_from_host(path).tap { |f| f.support_file = true } + end end end end diff --git a/hex/spec/dependabot/hex/file_fetcher_spec.rb b/hex/spec/dependabot/hex/file_fetcher_spec.rb index 677a99ab62..3d17a61b11 100644 --- a/hex/spec/dependabot/hex/file_fetcher_spec.rb +++ b/hex/spec/dependabot/hex/file_fetcher_spec.rb @@ -251,6 +251,33 @@ end end + context "when one of apps evals a top level file" do + before do + stub_request(:get, url + "apps/bank_web/mix.exs?ref=sha"). + with(headers: { "Authorization" => "token token" }). + to_return( + status: 200, + body: fixture("github", "contents_elixir_bank_web_mixfile_with_eval.json"), + headers: json_header + ) + + stub_request(:get, url + "evaled.exs?ref=sha"). + with(headers: { "Authorization" => "token token" }). + to_return( + status: 200, + body: + fixture("github", "contents_todo_txt.json"), + headers: json_header + ) + end + + it "fetches the evaled file" do + expect(file_fetcher_instance.files.count).to eq(5) + expect(file_fetcher_instance.files.map(&:name)). + to include("evaled.exs") + end + end + context "when the apps folder doesn't exist" do before do stub_request(:get, url + "apps?ref=sha"). diff --git a/hex/spec/fixtures/github/contents_elixir_bank_web_mixfile_with_eval.json b/hex/spec/fixtures/github/contents_elixir_bank_web_mixfile_with_eval.json new file mode 100644 index 0000000000..e8056767bc --- /dev/null +++ b/hex/spec/fixtures/github/contents_elixir_bank_web_mixfile_with_eval.json @@ -0,0 +1,18 @@ +{ + "name": "mix.exs", + "path": "apps/bank_web/mix.exs", + "sha": "19b0da37d40f6ba67c1f3da4133da98d1a9d02de", + "size": 1691, + "url": "https://api.github.com/repos/wojtekmach/acme_bank/contents/apps/bank_web/mix.exs?ref=master", + "html_url": "https://github.com/wojtekmach/acme_bank/blob/master/apps/bank_web/mix.exs", + "git_url": "https://api.github.com/repos/wojtekmach/acme_bank/git/blobs/19b0da37d40f6ba67c1f3da4133da98d1a9d02de", + "download_url": "https://raw.githubusercontent.com/wojtekmach/acme_bank/master/apps/bank_web/mix.exs", + "type": "file", + "content": "ZGVmbW9kdWxlIEJhbmtXZWIuTWl4ZmlsZSBkbwogIHVzZSBNaXguUHJvamVjdAogIEBzb21ldGhpbmcgQ29kZS5ldmFsX2ZpbGUoIi4uLy4uL2V2YWxlZC5leHMiLCBfX0RJUl9fKQoKICBkZWYgcHJvamVjdCBkbwogICAgW2FwcDogOmJhbmtfd2ViLAogICAgIHZlcnNpb246ICIwLjAuMSIsCiAgICAgYnVpbGRfcGF0aDogIi4uLy4uL19idWlsZCIsCiAgICAgY29uZmlnX3BhdGg6ICIuLi8uLi9jb25maWcvY29uZmlnLmV4cyIsCiAgICAgZGVwc19wYXRoOiAiLi4vLi4vZGVwcyIsCiAgICAgbG9ja2ZpbGU6ICIuLi8uLi9taXgubG9jayIsCiAgICAgZWxpeGlyOiAiPj0gMS40LjIiLAogICAgIGVsaXhpcmNfcGF0aHM6IGVsaXhpcmNfcGF0aHMoTWl4LmVudiksCiAgICAgY29tcGlsZXJzOiBbOnBob2VuaXgsIDpnZXR0ZXh0XSArKyBNaXguY29tcGlsZXJzLAogICAgIGJ1aWxkX2VtYmVkZGVkOiBNaXguZW52ID09IDpwcm9kLAogICAgIHN0YXJ0X3Blcm1hbmVudDogTWl4LmVudiA9PSA6cHJvZCwKICAgICBkb2NzOiBbbWFpbjogInJlYWRtZSIsIGV4dHJhczogWyJSRUFETUUubWQiXV0sCiAgICAgYWxpYXNlczogYWxpYXNlcygpLAogICAgIGRlcHM6IGRlcHMoKV0KICBlbmQKCiAgIyBDb25maWd1cmF0aW9uIGZvciB0aGUgT1RQIGFwcGxpY2F0aW9uLgogICMKICAjIFR5cGUgYG1peCBoZWxwIGNvbXBpbGUuYXBwYCBmb3IgbW9yZSBpbmZvcm1hdGlvbi4KICBkZWYgYXBwbGljYXRpb24gZG8KICAgIFttb2Q6IHtCYW5rV2ViLkFwcGxpY2F0aW9uLCBbXX0sCiAgICAgYXBwbGljYXRpb25zOiBbOnBob2VuaXgsIDpwaG9lbml4X3B1YnN1YiwgOnBob2VuaXhfaHRtbCwgOmNvd2JveSwgOmxvZ2dlciwgOmdldHRleHQsCiAgICAgICAgICAgICAgICAgICAgOnBob2VuaXhfZWN0bywgOmJhbmssIDptZXNzZW5nZXIsIDphdXRoXV0KICBlbmQKCiAgIyBTcGVjaWZpZXMgd2hpY2ggcGF0aHMgdG8gY29tcGlsZSBwZXIgZW52aXJvbm1lbnQuCiAgZGVmcCBlbGl4aXJjX3BhdGhzKDp0ZXN0KSwgZG86IFsibGliIiwgIndlYiIsICJ0ZXN0L3N1cHBvcnQiXQogIGRlZnAgZWxpeGlyY19wYXRocyhfKSwgICAgIGRvOiBbImxpYiIsICJ3ZWIiXQoKICAjIFNwZWNpZmllcyB5b3VyIHByb2plY3QgZGVwZW5kZW5jaWVzLgogICMKICAjIFR5cGUgYG1peCBoZWxwIGRlcHNgIGZvciBleGFtcGxlcyBhbmQgb3B0aW9ucy4KICBkZWZwIGRlcHMgZG8KICAgIFt7OnBob2VuaXgsICJ+PiAxLjIifSwKICAgICB7OnBob2VuaXhfcHVic3ViLCAifj4gMS4wLjAifSwKICAgICB7OnBob2VuaXhfZWN0bywgIn4+IDMuMCJ9LAogICAgIHs6cGhvZW5peF9odG1sLCAifj4gMi41In0sCiAgICAgezpwaG9lbml4X2xpdmVfcmVsb2FkLCAifj4gMS4wIiwgb25seTogOmRldn0sCiAgICAgezpnZXR0ZXh0LCAifj4gMC4xMSJ9LAogICAgIHs6Y293Ym95LCAifj4gMS4wIn0sCgogICAgIHs6YmFuaywgaW5fdW1icmVsbGE6IHRydWV9XQogIGVuZAoKICAjIEFsaWFzZXMgYXJlIHNob3J0Y3V0cyBvciB0YXNrcyBzcGVjaWZpYyB0byB0aGUgY3VycmVudCBwcm9qZWN0LgogICMgRm9yIGV4YW1wbGUsIHRvIGNyZWF0ZSwgbWlncmF0ZSBhbmQgcnVuIHRoZSBzZWVkcyBmaWxlIGF0IG9uY2U6CiAgIwogICMgICAgICQgbWl4IGVjdG8uc2V0dXAKICAjCiAgIyBTZWUgdGhlIGRvY3VtZW50YXRpb24gZm9yIGBNaXhgIGZvciBtb3JlIGluZm8gb24gYWxpYXNlcy4KICBkZWZwIGFsaWFzZXMgZG8KICAgIFtdCiAgZW5kCmVuZAo=", + "encoding": "base64", + "_links": { + "self": "https://api.github.com/repos/wojtekmach/acme_bank/contents/apps/bank_web/mix.exs?ref=master", + "git": "https://api.github.com/repos/wojtekmach/acme_bank/git/blobs/19b0da37d40f6ba67c1f3da4133da98d1a9d02de", + "html": "https://github.com/wojtekmach/acme_bank/blob/master/apps/bank_web/mix.exs" + } +} \ No newline at end of file