Merge pull request #2615 from dependabot/jurre/add-extensions

Use `file` utility to check if files are binary

Dockerfile

@@ -21,6 +21,7 @@ RUN apt-get update \
     gnupg2 \
     curl \
     wget \
+    file \
     zlib1g-dev \
     liblzma-dev \
     tzdata \

bundler/spec/dependabot/bundler/file_updater_spec.rb

@@ -1702,6 +1702,7 @@
         it "does not base64 encode vendored code" do
           updater.updated_dependency_files.
             select { |f| f.name.start_with?(added) }.
+            reject { |f| f.name.end_with?(".bundlecache") }.
             each { |f| expect(f.content_encoding).to eq("") }
         end
       end

common/lib/dependabot/file_updaters/vendor_updater.rb

@@ -5,35 +5,6 @@
 module Dependabot
   module FileUpdaters
     class VendorUpdater
-      # notable filenames without a reliable extension:
-      TEXT_FILE_NAMES = [
-        "README",
-        "LICENSE",
-        "Gemfile",
-        "Gemfile.lock",
-        ".bundlecache",
-        ".gitignore"
-      ].freeze
-
-      TEXT_FILE_EXTS = [
-        # code
-        ".rb",
-        ".erb",
-        ".gemspec",
-        ".js",
-        ".html",
-        # config
-        ".json",
-        ".xml",
-        ".toml",
-        ".yaml",
-        ".yml",
-        # docs
-        ".md",
-        ".txt",
-        ".go"
-      ].freeze
-
       def initialize(repo_contents_path:, vendor_dir:)
         @repo_contents_path = repo_contents_path
         @vendor_dir = vendor_dir
@@ -73,13 +44,16 @@ def updated_vendor_cache_files(base_directory:)
 
       private
 
+      BINARY_ENCODINGS = %w(application/x-tarbinary binary).freeze
+
       attr_reader :repo_contents_path, :vendor_dir
 
       def binary_file?(path)
-        return false if TEXT_FILE_NAMES.include?(File.basename(path))
-        return false if TEXT_FILE_EXTS.include?(File.extname(path))
+        return false unless File.exist?(path)
+
+        encoding = `file -b --mime-encoding #{path}`.strip
 
-        true
+        BINARY_ENCODINGS.include?(encoding)
       end
     end
   end

common/spec/dependabot/file_fetchers/vendor_updater_spec.rb

@@ -19,18 +19,18 @@
     updater.updated_vendor_cache_files(base_directory: repo_contents_path)
   end
 
-  before do
-    in_cloned_repository(repo_contents_path) do
-      # change a vendor file like an updater would
-      `mv vendor/cache/business-1.4.0.gem vendor/cache/business-1.5.0.gem`
-    end
-  end
-
   after do
     FileUtils.remove_entry repo_contents_path
   end
 
   describe "#updated_vendor_cache_files" do
+    before do
+      in_cloned_repository(repo_contents_path) do
+        # change a vendor file like an updater would
+        `mv vendor/cache/business-1.4.0.gem vendor/cache/business-1.5.0.gem`
+      end
+    end
+
     it "returns the updated files" do
       expect(updated_files.map(&:name)).to eq(
         %w(
@@ -41,7 +41,11 @@
     end
 
     it "marks binary files as such" do
-      expect(updated_files.first.binary?).to be_truthy
+      file = updated_files.find do |f|
+        f.name == "vendor/cache/business-1.5.0.gem"
+      end
+
+      expect(file.binary?).to be_truthy
     end
 
     it "marks deleted files as such" do
@@ -81,6 +85,22 @@
     end
   end
 
+  describe "binary encoding" do
+    let(:project_name) { "binary_files" }
+
+    %w(test.zip test_bin test.png test.gem .bundlecache).each do |name|
+      it "marks #{name} files correctly" do
+        in_cloned_repository(repo_contents_path) do
+          `mv vendor/cache/#{name} vendor/cache/new_#{name}`
+        end
+
+        file = updated_files.find { |f| f.name == "vendor/cache/new_#{name}" }
+
+        expect(file.binary?).to be_truthy
+      end
+    end
+  end
+
   private
 
   def in_cloned_repository(repo_contents_path, &block)