bibliothecary 6.10.5 → 6.12.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +28 -0
- data/README.md +1 -0
- data/lib/bibliothecary.rb +4 -2
- data/lib/bibliothecary/analyser.rb +4 -0
- data/lib/bibliothecary/parsers/conda.rb +3 -4
- data/lib/bibliothecary/parsers/maven.rb +16 -2
- data/lib/bibliothecary/parsers/npm.rb +23 -0
- data/lib/bibliothecary/parsers/nuget.rb +33 -1
- data/lib/bibliothecary/parsers/pypi.rb +29 -1
- data/lib/bibliothecary/runner.rb +21 -12
- data/lib/bibliothecary/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b4ff3342bf7c25f326b256ca8db4b5c44285bafcec2c66733d4628e829bfb0d5
|
|
4
|
+
data.tar.gz: 55536bfc9d528ecfc99300dca1c723dc3ce3444a83af581963940b7c268901cf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed2f8a734345a88266b2410bfa6559cda8a9fc4b43d946ee5fab89700de1ec57e45441e1e924c70a2ff6641991649a924158577cbf3de10dab00f4cff267c296
|
|
7
|
+
data.tar.gz: 3e5f7ac3867b68b07c25c2d2364629440a377ac21f74d9b4cfd680d3f0069aa54f64aa470ab86261546c7f572cec559ccb5937cfe292d2d1ee9139b222c8c08c
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
version: 2.1
|
|
2
|
+
orbs:
|
|
3
|
+
ruby: circleci/ruby@0.1.2
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
test:
|
|
7
|
+
docker:
|
|
8
|
+
- image: circleci/ruby:2.6.6-stretch-node
|
|
9
|
+
executor: ruby/default
|
|
10
|
+
steps:
|
|
11
|
+
- checkout
|
|
12
|
+
- run:
|
|
13
|
+
name: Which bundler?
|
|
14
|
+
command: bundle -v
|
|
15
|
+
- ruby/bundle-install
|
|
16
|
+
- run:
|
|
17
|
+
name: Run specs
|
|
18
|
+
command: bundle exec rake spec
|
|
19
|
+
- run:
|
|
20
|
+
name: CodeClimate
|
|
21
|
+
command: bundle exec codeclimate-test-reporter
|
|
22
|
+
|
|
23
|
+
workflows:
|
|
24
|
+
version: 2.1
|
|
25
|
+
test:
|
|
26
|
+
jobs:
|
|
27
|
+
- test
|
|
28
|
+
|
data/README.md
CHANGED
data/lib/bibliothecary.rb
CHANGED
|
@@ -21,8 +21,8 @@ module Bibliothecary
|
|
|
21
21
|
runner.load_file_list(path)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
def self.
|
|
25
|
-
runner.
|
|
24
|
+
def self.applicable_package_managers(info)
|
|
25
|
+
runner.applicable_package_managers(info)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def self.load_file_info_list(path)
|
|
@@ -63,6 +63,8 @@ module Bibliothecary
|
|
|
63
63
|
|
|
64
64
|
class << self
|
|
65
65
|
attr_writer :configuration
|
|
66
|
+
alias analyze analyse
|
|
67
|
+
alias analyze_file analyse_file
|
|
66
68
|
end
|
|
67
69
|
|
|
68
70
|
def self.runner
|
|
@@ -101,6 +101,7 @@ module Bibliothecary
|
|
|
101
101
|
def analyse(folder_path, file_list)
|
|
102
102
|
analyse_file_info(file_list.map { |full_path| FileInfo.new(folder_path, full_path) })
|
|
103
103
|
end
|
|
104
|
+
alias analyze analyse
|
|
104
105
|
|
|
105
106
|
def analyse_file_info(file_info_list)
|
|
106
107
|
matching_info = file_info_list
|
|
@@ -111,10 +112,12 @@ module Bibliothecary
|
|
|
111
112
|
.merge(related_paths: related_paths(info, matching_info))
|
|
112
113
|
end
|
|
113
114
|
end
|
|
115
|
+
alias analyze_file_info analyse_file_info
|
|
114
116
|
|
|
115
117
|
def analyse_contents(filename, contents)
|
|
116
118
|
analyse_contents_from_info(FileInfo.new(nil, filename, contents))
|
|
117
119
|
end
|
|
120
|
+
alias analyze_contents analyse_contents
|
|
118
121
|
|
|
119
122
|
def analyse_contents_from_info(info)
|
|
120
123
|
# If your Parser needs to return multiple responses for one file, please override this method
|
|
@@ -126,6 +129,7 @@ module Bibliothecary
|
|
|
126
129
|
rescue Bibliothecary::FileParsingError => e
|
|
127
130
|
Bibliothecary::Analyser::create_error_analysis(platform_name, info.relative_path, kind, e.message)
|
|
128
131
|
end
|
|
132
|
+
alias analyze_contents_from_info analyse_contents_from_info
|
|
129
133
|
|
|
130
134
|
# calling this with contents=nil can produce less-informed
|
|
131
135
|
# results, but kept for back compat
|
|
@@ -26,14 +26,13 @@ module Bibliothecary
|
|
|
26
26
|
}
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def self.parse_conda(info)
|
|
30
|
-
dependencies = call_conda_parser_web(info,
|
|
29
|
+
def self.parse_conda(info, kind = "manifest")
|
|
30
|
+
dependencies = call_conda_parser_web(info, kind)[kind.to_sym]
|
|
31
31
|
dependencies.map { |dep| dep.merge(type: "runtime") }
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def self.parse_conda_lockfile(info)
|
|
35
|
-
|
|
36
|
-
dependencies.map { |dep| dep.merge(type: "runtime") }
|
|
35
|
+
parse_conda(info, "lockfile")
|
|
37
36
|
end
|
|
38
37
|
|
|
39
38
|
private_class_method def self.call_conda_parser_web(file_contents, kind)
|
|
@@ -205,8 +205,8 @@ module Bibliothecary
|
|
|
205
205
|
json = JSON.parse(response.body)
|
|
206
206
|
return [] unless json['dependencies']
|
|
207
207
|
json['dependencies'].map do |dependency|
|
|
208
|
-
name =
|
|
209
|
-
next unless name =~
|
|
208
|
+
name = gradle_dependency_name(dependency["group"], dependency["name"])
|
|
209
|
+
next unless name =~ /[\w-]+\.[\w_-]+(\.[\w-])?\:[\w-]/
|
|
210
210
|
{
|
|
211
211
|
name: name,
|
|
212
212
|
requirement: dependency["version"],
|
|
@@ -215,6 +215,20 @@ module Bibliothecary
|
|
|
215
215
|
end.compact
|
|
216
216
|
end
|
|
217
217
|
|
|
218
|
+
def self.gradle_dependency_name(group, name)
|
|
219
|
+
if group.empty? && name.include?(":")
|
|
220
|
+
group, name = name.split(":", 2)
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
# Strip comments, and single/doublequotes
|
|
224
|
+
[group, name].map do |part|
|
|
225
|
+
part
|
|
226
|
+
.gsub(/\s*\/\/.*$/, "") # Comments
|
|
227
|
+
.gsub(/^["']/, "") # Beginning single/doublequotes
|
|
228
|
+
.gsub(/["']$/, "") # Ending single/doublequotes
|
|
229
|
+
end.join(":")
|
|
230
|
+
end
|
|
231
|
+
|
|
218
232
|
def self.extract_pom_info(xml, location, parent_properties = {})
|
|
219
233
|
extract_pom_dep_info(xml, xml, location, parent_properties)
|
|
220
234
|
end
|
|
@@ -22,6 +22,10 @@ module Bibliothecary
|
|
|
22
22
|
match_filename("package-lock.json") => {
|
|
23
23
|
kind: 'lockfile',
|
|
24
24
|
parser: :parse_package_lock
|
|
25
|
+
},
|
|
26
|
+
match_filename("npm-ls.json") => {
|
|
27
|
+
kind: 'lockfile',
|
|
28
|
+
parser: :parse_ls
|
|
25
29
|
}
|
|
26
30
|
}
|
|
27
31
|
end
|
|
@@ -75,6 +79,25 @@ module Bibliothecary
|
|
|
75
79
|
}
|
|
76
80
|
end
|
|
77
81
|
end
|
|
82
|
+
|
|
83
|
+
def self.parse_ls(file_contents)
|
|
84
|
+
manifest = JSON.parse(file_contents)
|
|
85
|
+
|
|
86
|
+
transform_tree_to_array(manifest.fetch('dependencies', {}))
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
private_class_method def self.transform_tree_to_array(deps_by_name)
|
|
90
|
+
deps_by_name.map do |name, metadata|
|
|
91
|
+
[
|
|
92
|
+
{
|
|
93
|
+
name: name,
|
|
94
|
+
requirement: metadata["version"],
|
|
95
|
+
lockfile_requirement: metadata.fetch("from", "").split('@').last,
|
|
96
|
+
type: "runtime"
|
|
97
|
+
}
|
|
98
|
+
] + transform_tree_to_array(metadata.fetch("dependencies", {}))
|
|
99
|
+
end.flatten(1)
|
|
100
|
+
end
|
|
78
101
|
end
|
|
79
102
|
end
|
|
80
103
|
end
|
|
@@ -35,7 +35,11 @@ module Bibliothecary
|
|
|
35
35
|
match_filename("paket.lock") => {
|
|
36
36
|
kind: 'lockfile',
|
|
37
37
|
parser: :parse_paket_lock
|
|
38
|
-
}
|
|
38
|
+
},
|
|
39
|
+
match_filename("project.assets.json") => {
|
|
40
|
+
kind: 'lockfile',
|
|
41
|
+
parser: :parse_project_assets_json
|
|
42
|
+
},
|
|
39
43
|
}
|
|
40
44
|
end
|
|
41
45
|
|
|
@@ -137,6 +141,34 @@ module Bibliothecary
|
|
|
137
141
|
# we only have to enforce uniqueness by name because paket ensures that there is only the single version globally in the project
|
|
138
142
|
packages.uniq {|package| package[:name] }
|
|
139
143
|
end
|
|
144
|
+
|
|
145
|
+
def self.parse_project_assets_json(file_contents)
|
|
146
|
+
manifest = JSON.parse file_contents
|
|
147
|
+
|
|
148
|
+
frameworks = {}
|
|
149
|
+
manifest.fetch("targets",[]).each do |framework, deps|
|
|
150
|
+
frameworks[framework] = deps
|
|
151
|
+
.select { |name, details| details["type"] == "package" }
|
|
152
|
+
.map do |name, details|
|
|
153
|
+
name_split = name.split("/")
|
|
154
|
+
{
|
|
155
|
+
name: name_split[0],
|
|
156
|
+
requirement: name_split[1],
|
|
157
|
+
type: "runtime"
|
|
158
|
+
}
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
if frameworks.size > 0
|
|
163
|
+
# we should really return multiple manifests, but bibliothecary doesn't
|
|
164
|
+
# do that yet so at least pick deterministically.
|
|
165
|
+
|
|
166
|
+
# Note, frameworks can be empty, so remove empty ones and then return the last sorted item if any
|
|
167
|
+
frameworks = frameworks.delete_if { |k, v| v.empty? }
|
|
168
|
+
return frameworks[frameworks.keys.sort.last] unless frameworks.empty?
|
|
169
|
+
end
|
|
170
|
+
[]
|
|
171
|
+
end
|
|
140
172
|
end
|
|
141
173
|
end
|
|
142
174
|
end
|
|
@@ -39,7 +39,24 @@ module Bibliothecary
|
|
|
39
39
|
match_filename("poetry.lock") => {
|
|
40
40
|
kind: 'lockfile',
|
|
41
41
|
parser: :parse_poetry_lock
|
|
42
|
-
}
|
|
42
|
+
},
|
|
43
|
+
# Pip dependencies can be embedded in conda environment files
|
|
44
|
+
match_filename("environment.yml") => {
|
|
45
|
+
parser: :parse_conda,
|
|
46
|
+
kind: "manifest",
|
|
47
|
+
},
|
|
48
|
+
match_filename("environment.yaml") => {
|
|
49
|
+
parser: :parse_conda,
|
|
50
|
+
kind: "manifest",
|
|
51
|
+
},
|
|
52
|
+
match_filename("environment.yml.lock") => {
|
|
53
|
+
parser: :parse_conda,
|
|
54
|
+
kind: "lockfile",
|
|
55
|
+
},
|
|
56
|
+
match_filename("environment.yaml.lock") => {
|
|
57
|
+
parser: :parse_conda,
|
|
58
|
+
kind: "lockfile",
|
|
59
|
+
},
|
|
43
60
|
}
|
|
44
61
|
end
|
|
45
62
|
|
|
@@ -53,6 +70,17 @@ module Bibliothecary
|
|
|
53
70
|
map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
|
|
54
71
|
end
|
|
55
72
|
|
|
73
|
+
def self.parse_conda(file_contents)
|
|
74
|
+
contents = YAML.safe_load(file_contents)
|
|
75
|
+
return [] unless contents
|
|
76
|
+
|
|
77
|
+
dependencies = contents["dependencies"]
|
|
78
|
+
pip = dependencies.find { |dep| dep.is_a?(Hash) && dep["pip"]}
|
|
79
|
+
return [] unless pip
|
|
80
|
+
|
|
81
|
+
Pypi.parse_requirements_txt(pip["pip"].join("\n"))
|
|
82
|
+
end
|
|
83
|
+
|
|
56
84
|
def self.map_dependencies(packages, type)
|
|
57
85
|
return [] unless packages
|
|
58
86
|
packages.map do |name, info|
|
data/lib/bibliothecary/runner.rb
CHANGED
|
@@ -26,20 +26,16 @@ module Bibliothecary
|
|
|
26
26
|
|
|
27
27
|
analyses
|
|
28
28
|
end
|
|
29
|
+
alias analyze analyse
|
|
29
30
|
|
|
30
31
|
# deprecated; use load_file_info_list.
|
|
31
32
|
def load_file_list(path)
|
|
32
33
|
load_file_info_list(path).map { |info| info.full_path }
|
|
33
34
|
end
|
|
34
35
|
|
|
35
|
-
def
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
info.package_manager = matches[0] if matches.length == 1
|
|
40
|
-
|
|
41
|
-
# this is a bug at the moment if it's raised (we don't handle it sensibly)
|
|
42
|
-
raise "Multiple package managers fighting over #{info.relative_path}: #{matches.map(&:to_s)}" if matches.length > 1
|
|
36
|
+
def applicable_package_managers(info)
|
|
37
|
+
managers = package_managers.select { |pm| pm.match_info?(info) }
|
|
38
|
+
managers.length > 0 ? managers : [nil]
|
|
43
39
|
end
|
|
44
40
|
|
|
45
41
|
def package_managers
|
|
@@ -48,29 +44,41 @@ module Bibliothecary
|
|
|
48
44
|
|
|
49
45
|
def load_file_info_list_from_paths(paths)
|
|
50
46
|
file_list = []
|
|
47
|
+
|
|
51
48
|
paths.each do |path|
|
|
52
49
|
info = FileInfo.new(nil, path)
|
|
53
50
|
|
|
54
51
|
next if ignored_files.include?(info.relative_path)
|
|
55
52
|
|
|
56
|
-
|
|
57
|
-
|
|
53
|
+
applicable_package_managers(info).each do |package_manager|
|
|
54
|
+
file = info.dup
|
|
55
|
+
file.package_manager = package_manager
|
|
56
|
+
|
|
57
|
+
file_list.push(file)
|
|
58
|
+
end
|
|
58
59
|
end
|
|
60
|
+
|
|
59
61
|
file_list
|
|
60
62
|
end
|
|
61
63
|
|
|
62
64
|
def load_file_info_list(path)
|
|
63
65
|
file_list = []
|
|
66
|
+
|
|
64
67
|
Find.find(path) do |subpath|
|
|
65
68
|
info = FileInfo.new(path, subpath)
|
|
69
|
+
|
|
66
70
|
Find.prune if FileTest.directory?(subpath) && ignored_dirs.include?(info.relative_path)
|
|
67
71
|
next unless FileTest.file?(subpath)
|
|
68
72
|
next if ignored_files.include?(info.relative_path)
|
|
69
73
|
|
|
70
|
-
|
|
74
|
+
applicable_package_managers(info).each do |package_manager|
|
|
75
|
+
file = info.dup
|
|
76
|
+
file.package_manager = package_manager
|
|
71
77
|
|
|
72
|
-
|
|
78
|
+
file_list.push(file)
|
|
79
|
+
end
|
|
73
80
|
end
|
|
81
|
+
|
|
74
82
|
file_list
|
|
75
83
|
end
|
|
76
84
|
|
|
@@ -87,6 +95,7 @@ module Bibliothecary
|
|
|
87
95
|
pm.analyse_contents(file_path, contents)
|
|
88
96
|
end.flatten.uniq.compact
|
|
89
97
|
end
|
|
98
|
+
alias analyze_file analyse_file
|
|
90
99
|
|
|
91
100
|
# this skips manifests sometimes because it doesn't look at file
|
|
92
101
|
# contents and can't establish from only regexes that the thing
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bibliothecary
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.12.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Nesbitt
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-05-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: toml-rb
|
|
@@ -216,6 +216,7 @@ executables:
|
|
|
216
216
|
extensions: []
|
|
217
217
|
extra_rdoc_files: []
|
|
218
218
|
files:
|
|
219
|
+
- ".circleci/config.yml"
|
|
219
220
|
- ".codeclimate.yml"
|
|
220
221
|
- ".github/CONTRIBUTING.md"
|
|
221
222
|
- ".gitignore"
|
|
@@ -288,7 +289,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
288
289
|
- !ruby/object:Gem::Version
|
|
289
290
|
version: '0'
|
|
290
291
|
requirements: []
|
|
291
|
-
rubygems_version: 3.
|
|
292
|
+
rubygems_version: 3.1.2
|
|
292
293
|
signing_key:
|
|
293
294
|
specification_version: 4
|
|
294
295
|
summary: Find and parse manifests
|