archsight 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/archsight/annotations/annotation.rb +13 -1
  3. data/lib/archsight/import/license_analyzer.rb +14 -6
  4. data/lib/archsight/resources/base.rb +2 -2
  5. data/lib/archsight/resources/technology_artifact.rb +7 -3
  6. data/lib/archsight/version.rb +1 -1
  7. metadata +15 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 750620aa30b68f0a3cfa0f53be2d717ae0496b829e5ecc588a904b3bf39dbd10
4
- data.tar.gz: 8ddf46b557c7830212d0e699149ce2b53b9476c7748fc90c82480f22be226047
3
+ metadata.gz: 8ee7007a0546772a62713bcb356817a70693a69443b3e45644067fa56826244a
4
+ data.tar.gz: f17a4768edefc81a92c362007519abf811d9cecf02bdf33efbc66dcd94068abb
5
5
  SHA512:
6
- metadata.gz: 39b0cc9b3b321c1e2627197a8f2edb13bdb8fe78273e315b70c886d05d64da534769850f5991e70d6c38d549f7229988d3d2e03bbd075f01e9aad0b4b4aad802
7
- data.tar.gz: 69c4784e97d7c2aa01bf1030109a621f1eacdf4d7fe131d2e7c56eb29b42524ed3a68c69f97003ef804a7e38cedf118dc186157a948e5c81479191927955fa94
6
+ metadata.gz: 1f2180f2b82c024371d5dd2e448fbbfbe9face5e7501eaec3849ba19905aa1447bfd8acf6243fb80aaa079054ba02b1703a9261c53bb892a0fa42bf784df28d2
7
+ data.tar.gz: '049e2460736eab50bf6fdd881e8a25d99ac486d64e4988f938b82615e57a1061d26c73355c20af5981cc0f3d753767aabe4232d43fecb3c4269358e502bf4611'
data/lib/archsight/annotations/annotation.rb CHANGED
@@ -12,6 +12,7 @@ class Archsight::Annotations::Annotation
12
12
  @explicit_title = options[:title]
13
13
  @filter = options[:filter]
14
14
  @enum = options[:enum]
15
+ @validator = options[:validator]
15
16
  @sidebar = options.fetch(:sidebar, true)
16
17
  @list = options.fetch(:list, false)
17
18
  @editor = options.fetch(:editor, true)
@@ -54,7 +55,7 @@ class Archsight::Annotations::Annotation
54
55
  end
55
56
 
56
57
  def has_validation?
57
- @enum || @type.is_a?(Class)
58
+ @enum || @validator || @type.is_a?(Class)
58
59
  end
59
60
 
60
61
  # === Value Methods (for instance values) ===
@@ -85,6 +86,7 @@ class Archsight::Annotations::Annotation
85
86
  return errors if value.nil?
86
87
 
87
88
  validate_enum(value, errors)
89
+ validate_custom(value, errors) if errors.empty?
88
90
  validate_type(value, errors) if errors.empty?
89
91
  validate_code(value, errors) if errors.empty?
90
92
 
@@ -147,6 +149,16 @@ class Archsight::Annotations::Annotation
147
149
  end
148
150
  end
149
151
 
152
+ def validate_custom(value, errors)
153
+ return unless @validator
154
+
155
+ values = list? ? value.to_s.split(",").map(&:strip) : [value.to_s]
156
+ values.each do |v|
157
+ message = @validator.call(v) # steep:ignore
158
+ errors << message if message
159
+ end
160
+ end
161
+
150
162
  def validate_type(value, errors)
151
163
  return unless @type.is_a?(Class)
152
164
 
data/lib/archsight/import/license_analyzer.rb CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  require "open3"
4
4
  require "json"
5
+ require "spdx-licenses"
5
6
  require "archsight/import"
6
7
 
7
8
  # License detection and dependency license scanning for repositories
@@ -32,6 +33,7 @@ class Archsight::Import::LicenseAnalyzer
32
33
  { id: "Unlicense", re: /\bThis is free and unencumbered software\b/mi },
33
34
  { id: "CC0-1.0", re: /Creative Commons.*CC0|CC0 1\.0 Universal/mi },
34
35
  { id: "BSL-1.0", re: /Boost Software License/mi },
36
+ { id: "BUSL-1.1", re: /Business Source License.*1\.1/mi },
35
37
  { id: "EUPL-1.2", re: /European Union Public Licen[cs]e.*1\.2/mi }
36
38
  ].freeze
37
39
 
@@ -40,6 +42,7 @@ class Archsight::Import::LicenseAnalyzer
40
42
  "permissive" => %w[Apache-2.0 MIT BSD-3-Clause BSD-2-Clause ISC Unlicense CC0-1.0 BSL-1.0 0BSD Ruby],
41
43
  "copyleft" => %w[GPL-3.0 GPL-2.0 AGPL-3.0],
42
44
  "weak-copyleft" => %w[LGPL-3.0 LGPL-2.1 MPL-2.0 EUPL-1.2 CDDL-1.0],
45
+ "source-available" => %w[BUSL-1.1],
43
46
  "proprietary" => %w[proprietary]
44
47
  }.freeze
45
48
 
@@ -56,10 +59,8 @@ class Archsight::Import::LicenseAnalyzer
56
59
  \(c\)\s
57
60
  /xi
58
61
 
59
- # Known SPDX IDs for dual-license splitting
60
- KNOWN_SPDX = Set.new(
61
- CATEGORIES.values.flatten + %w[NOASSERTION unknown]
62
- ).freeze
62
+ # Custom non-SPDX values we accept
63
+ CUSTOM_LICENSE_VALUES = Set.new(%w[NOASSERTION proprietary unknown]).freeze
63
64
 
64
65
  # License file names to search (in order of priority)
65
66
  LICENSE_FILES = %w[
@@ -289,7 +290,7 @@ class Archsight::Import::LicenseAnalyzer
289
290
  parts = cleaned.split(%r{\s*/\s*|\s+OR\s+}i)
290
291
  parts.each do |part|
291
292
  normalized = normalize_spdx_single(part.strip)
292
- return normalized if KNOWN_SPDX.include?(normalized)
293
+ return normalized if known_spdx?(normalized)
293
294
  end
294
295
  end
295
296
 
@@ -322,6 +323,11 @@ class Archsight::Import::LicenseAnalyzer
322
323
  end
323
324
  end
324
325
 
326
+ # Check if a value is a known SPDX ID or one of our custom values
327
+ def known_spdx?(value)
328
+ CUSTOM_LICENSE_VALUES.include?(value) || SpdxLicenses.exist?(value)
329
+ end
330
+
325
331
  # Categorize a license SPDX identifier
326
332
  def categorize(spdx)
327
333
  CATEGORY_LOOKUP[spdx] || "unknown"
@@ -633,13 +639,15 @@ class Archsight::Import::LicenseAnalyzer
633
639
 
634
640
  strong_copyleft = CATEGORIES["copyleft"]
635
641
  weak_copyleft = CATEGORIES["weak-copyleft"]
642
+ source_available = CATEGORIES["source-available"]
636
643
 
637
644
  has_strong = license_names.any? { |l| strong_copyleft.include?(l) }
638
645
  has_weak = license_names.any? { |l| weak_copyleft.include?(l) }
646
+ has_source_available = license_names.any? { |l| source_available.include?(l) }
639
647
  unknown_count = license_names.count { |l| l == "unknown" }
640
648
  many_unknown = unknown_count.positive? && (unknown_count.to_f / license_names.size) > 0.5
641
649
 
642
- if has_strong || many_unknown
650
+ if has_strong || many_unknown || has_source_available
643
651
  "copyleft"
644
652
  elsif has_weak
645
653
  "weak-copyleft"
data/lib/archsight/resources/base.rb CHANGED
@@ -25,10 +25,10 @@ module Archsight
25
25
 
26
26
  # Define an annotation using the Annotation class
27
27
  def self.annotation(key, description: nil, filter: nil, title: nil, format: nil, enum: nil, sidebar: true,
28
- type: nil, list: false, editor: true)
28
+ type: nil, list: false, editor: true, validator: nil)
29
29
  @annotations ||= [] #: Array[Archsight::Annotations::Annotation]
30
30
  options = { description: description, filter: filter, title: title, format: format, enum: enum,
31
- sidebar: sidebar, type: type, list: list, editor: editor }
31
+ sidebar: sidebar, type: type, list: list, editor: editor, validator: validator }
32
32
  @annotations << Archsight::Annotations::Annotation.new(key, options)
33
33
  end
34
34
 
data/lib/archsight/resources/technology_artifact.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "uri"
4
+ require "spdx-licenses"
4
5
 
5
6
  # TechnologyArtifact usually a source code repository or container
6
7
  class Archsight::Resources::TechnologyArtifact < Archsight::Resources::Base
@@ -159,14 +160,17 @@ class Archsight::Resources::TechnologyArtifact < Archsight::Resources::Base
159
160
  enum: %w[unprivileged privileged]
160
161
 
161
162
  # License information
163
+ SPDX_CUSTOM_VALUES = Set.new(%w[NOASSERTION proprietary unknown]).freeze
164
+ SPDX_VALIDATOR = lambda { |v|
165
+ "invalid SPDX license identifier '#{v}'" unless SPDX_CUSTOM_VALUES.include?(v) || SpdxLicenses.exist?(v)
166
+ }
167
+
162
168
  annotation "license/spdx",
163
169
  description: "SPDX license identifier",
164
170
  title: "License",
165
171
  filter: :word,
166
172
  sidebar: false,
167
- enum: %w[Apache-2.0 MIT BSD-3-Clause BSD-2-Clause GPL-3.0 GPL-2.0 LGPL-3.0
168
- LGPL-2.1 MPL-2.0 ISC AGPL-3.0 Unlicense CC0-1.0 BSL-1.0 EUPL-1.2
169
- 0BSD CDDL-1.0 Ruby NOASSERTION proprietary unknown]
173
+ validator: SPDX_VALIDATOR
170
174
  annotation "license/file",
171
175
  description: "License file path",
172
176
  title: "License File",
data/lib/archsight/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  # Do not edit manually.
5
5
 
6
6
  module Archsight
7
- VERSION = "0.2.0"
7
+ VERSION = "0.2.1"
8
8
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: archsight
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vincent Landgraf
@@ -149,6 +149,20 @@ dependencies:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
151
  version: '4.0'
152
+ - !ruby/object:Gem::Dependency
153
+ name: spdx-licenses
154
+ requirement: !ruby/object:Gem::Requirement
155
+ requirements:
156
+ - - "~>"
157
+ - !ruby/object:Gem::Version
158
+ version: '1.0'
159
+ type: :runtime
160
+ prerelease: false
161
+ version_requirements: !ruby/object:Gem::Requirement
162
+ requirements:
163
+ - - "~>"
164
+ - !ruby/object:Gem::Version
165
+ version: '1.0'
152
166
  - !ruby/object:Gem::Dependency
153
167
  name: thor
154
168
  requirement: !ruby/object:Gem::Requirement