Merge branch 'master' into bug-fix-cycle-14

Author: murtaza-swati

Gemfile.lock

@@ -325,7 +325,7 @@ GEM
     rb-fsevent (0.9.8)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rbtrace (0.4.12)
+    rbtrace (0.4.14)
       ffi (>= 1.0.6)
       msgpack (>= 0.4.3)
       optimist (>= 3.0.0)

lib/travis/api/app/endpoint/setting_endpoint.rb

@@ -2,6 +2,11 @@
 
 class Travis::Api::App
   class SettingsEndpoint < Endpoint
+    include ActiveSupport::Callbacks
+
+    define_callbacks :after_save
+
+    set_callback :after_save, :after, :save_audit
     set(:prefix) { "/settings/" << name[/[^:]+$/].underscore }
 
     class << self
@@ -38,6 +43,7 @@ def define_routes!
     # Rails style methods for easy overriding
     def index
       respond_with(collection, type: name, version: :v2)
+
     end
 
     def show
@@ -48,9 +54,12 @@ def update
       disallow_migrating!(repo)
 
       record.update(JSON.parse(request.body.read)[singular_name])
-
       if record.valid?
+        @changes = { :"env_vars" => { created: "name: #{record.name}, is_public: #{record.public}, branch: #{record.branch || 'all'} " } } if is_env_var?
+
         repo_settings.save
+        run_callbacks :after_save if is_env_var?
+
         respond_with(record, type: singular_name, version: :v2)
       else
         status 422
@@ -62,9 +71,12 @@ def create
       disallow_migrating!(repo)
 
       record = collection.create(JSON.parse(request.body.read)[singular_name])
-
       if record.valid?
+        @changes = { :"env_vars" => { created: "name: #{record.name}, is_public: #{record.public}, branch: #{record.branch || 'all'}" } } if is_env_var?
+
         repo_settings.save
+        run_callbacks :after_save if is_env_var?
+
         respond_with(record, type: singular_name, version: :v2)
       else
         status 422
@@ -76,7 +88,11 @@ def destroy
       disallow_migrating!(repo)
 
       record = collection.destroy(params[:id]) || record_not_found
+      @changes = { :"env_vars" => { destroyed: "name: #{record.name}, is_public: #{record.public}, branch: #{record.branch || 'all'} " } } if is_env_var?
+
       repo_settings.save
+      run_callbacks :after_save if is_env_var?
+
       respond_with(record, type: singular_name, version: :v2)
     end
 
@@ -89,7 +105,7 @@ def collection
     end
 
     def repo
-      Repository.find(params[:repository_id])
+      @repo = Repository.find(params[:repository_id])
     end
 
     # This method can't be called "settings" because it clashes with
@@ -107,5 +123,21 @@ def record
     def record_not_found
       halt(404, { error: "Could not find a requested setting" })
     end
+
+    def changes
+      @changes
+    end
+
+    def is_env_var?
+      singular_name == 'env_var'
+    end
+
+    private
+
+    def save_audit
+      change_source = access_token.app_id == 2 ? 'admin-v2' : 'travis-api'
+      Travis::API::V3::Models::Audit.create!(owner: current_user, change_source: change_source, source: @repo, source_changes: { settings: self.changes })
+      @changes = {}
+    end
   end
 end

lib/travis/api/v3/models/custom_key.rb

@@ -0,0 +1,45 @@
+module Travis::API::V3
+  class Models::CustomKey < Model
+    belongs_to :owner, polymorphic: true
+
+    serialize :private_key, Travis::Model::EncryptedColumn.new
+
+    validates_each :private_key do |record, attr, private_key|
+      record.errors.add(attr, :missing_attr, message: 'missing_attr') if private_key.blank?
+      record.errors.add(attr, :invalid_pem, message: 'invalid_pem') unless record.valid_pem?
+    end
+
+    def save_key!(owner_type, owner_id, name, description, private_key, added_by)
+      self.owner_type = owner_type
+      self.owner_id = owner_id
+      self.private_key = private_key
+      self.name = name
+      self.description = description
+      self.added_by = added_by
+
+      if self.valid?
+        self.fingerprint = calculate_fingerprint(private_key)
+        self.public_key = OpenSSL::PKey::RSA.new(private_key).public_key.to_s
+
+        self.save!
+      end
+
+      self
+    end
+
+    def valid_pem?
+      private_key && OpenSSL::PKey::RSA.new(private_key)
+      true
+    rescue OpenSSL::PKey::RSAError
+      false
+    end
+
+    private
+
+    def calculate_fingerprint(source)
+      rsa_key = OpenSSL::PKey::RSA.new(source)
+      public_ssh_rsa = "\x00\x00\x00\x07ssh-rsa" + rsa_key.e.to_s(0) + rsa_key.n.to_s(0)
+      OpenSSL::Digest::MD5.new(public_ssh_rsa).hexdigest.scan(/../).join(':')
+    end
+  end
+end

lib/travis/api/v3/models/env_vars.rb

@@ -2,16 +2,24 @@
 
 module Travis::API::V3
   class Models::EnvVars < Travis::Settings::Collection
-    include Models::JsonSync
+    include Models::JsonSync, ActiveSupport::Callbacks
+    extend ActiveSupport::Concern
     model Models::EnvVar
+    define_callbacks :after_save
 
+    set_callback :after_save, :after, :save_audit
+
+    attr_accessor :user, :change_source
     # See Models::JsonSync
     def to_h
       { 'env_vars' => map(&:to_h).map(&:stringify_keys) }
     end
 
     def create(attributes)
-      super(attributes).tap { sync! }
+      @changes = { :"env_vars" => { created: "#{attributes.except("value")}" } }
+      env_var = super(attributes).tap { sync! }
+      run_callbacks :after_save
+      env_var
     end
 
     def add(env_var)
@@ -20,11 +28,28 @@ def add(env_var)
     end
 
     def destroy(id)
-      super(id).tap { sync! }
+      env_var = find(id)
+      @changes = { :"env_vars" => { deleted: "#{env_var.attributes.delete("value")}" } }
+      deleted_env_var = super(id).tap { sync! }
+      run_callbacks :after_save
+      deleted_env_var
     end
 
     def repository
       @repository ||= Models::Repository.find(additional_attributes[:repository_id])
     end
+    
+    def changes
+      @changes
+    end
+
+    private
+
+    def save_audit
+      if self.change_source
+        Travis::API::V3::Models::Audit.create!(owner: self.user, change_source: self.change_source, source: self.repository, source_changes: { settings: self.changes })
+        @changes = {}
+      end
+    end
   end
 end

lib/travis/api/v3/models/organization.rb

@@ -29,6 +29,11 @@ def build_priorities_enabled?
       Travis::Features.owner_active?(:build_priorities_org, self)
     end
 
+    def custom_keys
+      return @custom_keys if defined? @custom_keys
+      @custom_keys = Models::CustomKey.where(owner_type: 'Organization', owner_id: id)
+    end
+
     alias members users
   end
 end

lib/travis/api/v3/models/scan_result.rb

@@ -0,0 +1,28 @@
+
+module Travis::API::V3
+  class Models::ScanResult
+    attr_reader :id, :log_id, :job_id, :owner_id, :owner_type, :created_at, :formatted_content, :issues_found, :archived, :purged_at,
+      :job_number, :build_id, :build_number, :job_finished_at, :commit_sha, :commit_compare_url, :commit_branch, :repository_id
+
+    def initialize(attributes = {})
+      @id = attributes.fetch('id')
+      @log_id = attributes.fetch('log_id')
+      @job_id = attributes.fetch('job_id')
+      @owner_id = attributes.fetch('owner_id')
+      @owner_type = attributes.fetch('owner_type')
+      @created_at = attributes.fetch('created_at')
+      @formatted_content = attributes.fetch('formatted_content')
+      @issues_found = attributes.fetch('issues_found')
+      @archived = attributes.fetch('archived')
+      @purged_at = attributes.fetch('purged_at')
+      @job_number = attributes.fetch('job_number')
+      @build_id = attributes.fetch('build_id')
+      @build_number = attributes.fetch('build_number')
+      @job_finished_at = attributes.fetch('job_finished_at')
+      @commit_sha = attributes.fetch('commit_sha')
+      @commit_compare_url = attributes.fetch('commit_compare_url')
+      @commit_branch = attributes.fetch('commit_branch')
+      @repository_id = attributes.fetch('repository_id')
+    end
+  end
+end

lib/travis/api/v3/models/scanner_collection.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Travis::API::V3
+  class Models::ScannerCollection
+    def initialize(collection, total_count)
+      @collection = collection
+      @total_count = total_count
+    end
+
+    def count(*)
+      @total_count
+    end
+
+    def limit(*)
+      self
+    end
+
+    def offset(*)
+      self
+    end
+
+    def map
+      return @collection.map unless block_given?
+
+      @collection.map { |x| yield x }
+    end
+
+    def to_sql
+      "scanner_query:#{Time.now.to_i}"
+    end
+  end
+end

lib/travis/api/v3/models/user.rb

@@ -82,5 +82,10 @@ def installation
     def github?
       vcs_type == 'GithubUser'
     end
+
+    def custom_keys
+      return @custom_keys if defined? @custom_keys
+      @custom_keys = Models::CustomKey.where(owner_type: 'User', owner_id: id)
+    end
   end
 end

lib/travis/api/v3/permissions/repository.rb

@@ -42,6 +42,10 @@ def create_request?
       write?
     end
 
+    def check_scan_results?
+      write?
+    end
+
     def admin?
       access_control.adminable? object
     end

lib/travis/api/v3/queries/custom_key.rb

@@ -0,0 +1,65 @@
+module Travis::API::V3
+  class Queries::CustomKey < Query
+    def create(params, current_user)
+      raise UnprocessableEntity, 'Key with this identifier already exists.' unless Travis::API::V3::Models::CustomKey.where(name: params['name'], owner_id: params['owner_id'], owner_type: params['owner_type']).count.zero?
+
+      if params['owner_type'] == 'User'
+        org_ids = User.find(params['owner_id']).organizations.map(&:id)
+
+        raise UnprocessableEntity, 'Key with this identifier already exists in one of your organizations.' unless Travis::API::V3::Models::CustomKey.where(name: params['name'], owner_id: org_ids, owner_type: 'Organization').count.zero?
+      elsif params['owner_type'] == 'Organization'
+        user_ids = Membership.where(organization_id: params['owner_id']).map(&:user_id)
+
+        raise UnprocessableEntity, 'Key with this identifier already exists for your user.' unless Travis::API::V3::Models::CustomKey.where(name: params['name'], owner_id: user_ids, owner_type: 'User').count.zero?
+      end
+
+      key = Travis::API::V3::Models::CustomKey.new.save_key!(
+        params['owner_type'],
+        params['owner_id'],
+        params['name'],
+        params['description'],
+        params['private_key'],
+        params['added_by']
+      )
+      handle_errors(key) unless key.valid?
+
+      Travis::API::V3::Models::Audit.create!(
+        owner: current_user,
+        change_source: 'travis-api',
+        source: key,
+        source_changes: {
+          action: 'create',
+          fingerprint: key.fingerprint
+        }
+      )
+
+      key
+    end
+
+    def delete(params, current_user)
+      key = Travis::API::V3::Models::CustomKey.find(params['id'])
+      Travis::API::V3::Models::Audit.create!(
+        owner: current_user,
+        change_source: 'travis-api',
+        source: key,
+        source_changes: {
+          action: 'delete',
+          name: key.name,
+          owner_type: key.owner_type,
+          owner_id: key.owner_id,
+          fingerprint: key.fingerprint
+        }
+      )
+
+      key.destroy
+    end
+
+    private
+
+    def handle_errors(key)
+      private_key = key.errors[:private_key]
+      raise UnprocessableEntity, 'This key is not a private key.' if private_key.include?('invalid_pem')
+      raise WrongParams         if private_key.include?('missing_attr')
+    end
+  end
+end