bibliothecary 8.2.2 → 8.2.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bibliothecary/analyser/determinations.rb +6 -0
  3. data/lib/bibliothecary/file_info.rb +4 -0
  4. data/lib/bibliothecary/multi_parsers/cyclonedx.rb +4 -2
  5. data/lib/bibliothecary/multi_parsers/dependencies_csv.rb +7 -4
  6. data/lib/bibliothecary/parsers/pypi.rb +42 -7
  7. data/lib/bibliothecary/related_files_info.rb +8 -1
  8. data/lib/bibliothecary/version.rb +1 -1
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4dd448ab1be90710e81700b68541de4ba3f17731a67a24f734c9ff12d0898d1f
4
- data.tar.gz: d595b3746c16a87f4442650f0c28ed07f9e4097875b0ca1b646b99914e9c699f
3
+ metadata.gz: 6f7fbf7ad34eaff5fc178a7befb091ec010341f3d5ad2a2b468c84c7fa3c3741
4
+ data.tar.gz: 7fd04a9d3d2e28e79cec97b15cd7983f558a8fa4351bc0d1819cdce74ad65a8c
5
5
  SHA512:
6
- metadata.gz: cd75677e52714d25f33ae3da3295d1146eba3679bb89c093d91840c8c3d8f65bac2365f21021d41e7e58b9d88fa6e4160375870e4fab0d6c4cdd4e753775d68f
7
- data.tar.gz: c3c70847f495b5c7eb3d0c4fe41454ae50534a4e131b6ef2618d31e3e188147c144363d31d024aab0daef76b62bec9e30f0cdd3d09ef4d61ae793912aaee184d
6
+ metadata.gz: 5a6488a468d0369e391329359622334d177fd7bcb6694efee45b25f8b5c0cd77145fd517606a7550744b5d17725440b98dc5b8b2f00801183498ac7dbfb9bfc4
7
+ data.tar.gz: 627e705c0201a891941bce2e2765cc9cd651473c49368270db4d0360fba6f15e3b645909bbe1052aebd2c5e24472ebfb07c7c90e68e87bf1558c40840c595c1d
data/lib/bibliothecary/analyser/determinations.rb CHANGED
@@ -22,6 +22,12 @@ module Bibliothecary
22
22
  first_matching_mapping_details(info)
23
23
  .fetch(:can_have_lockfile, true)
24
24
  end
25
+
26
+ def groupable?(info)
27
+ # More package managers are groupable than ungroupable, but the methods
28
+ # to get this information should be positive.
29
+ !first_matching_mapping_details(info).fetch(:ungroupable, false)
30
+ end
25
31
  end
26
32
  end
27
33
  end
data/lib/bibliothecary/file_info.rb CHANGED
@@ -49,5 +49,9 @@ module Bibliothecary
49
49
 
50
50
  @package_manager = nil
51
51
  end
52
+
53
+ def groupable?
54
+ @package_manager&.groupable?(self)
55
+ end
52
56
  end
53
57
  end
data/lib/bibliothecary/multi_parsers/cyclonedx.rb CHANGED
@@ -98,11 +98,13 @@ module Bibliothecary
98
98
  {
99
99
  match_filename('cyclonedx.json') => {
100
100
  kind: 'lockfile',
101
- parser: :parse_cyclonedx_json
101
+ parser: :parse_cyclonedx_json,
102
+ ungroupable: true
102
103
  },
103
104
  match_filename('cyclonedx.xml') => {
104
105
  kind: 'lockfile',
105
- parser: :parse_cyclonedx_xml
106
+ parser: :parse_cyclonedx_xml,
107
+ ungroupable: true
106
108
  }
107
109
  }
108
110
  end
data/lib/bibliothecary/multi_parsers/dependencies_csv.rb CHANGED
@@ -10,6 +10,7 @@ module Bibliothecary
10
10
  {
11
11
  match_filename('dependencies.csv') => {
12
12
  kind: 'lockfile',
13
+ ungroupable: true,
13
14
  parser: :parse_dependencies_csv
14
15
  }
15
16
  }
@@ -39,18 +40,20 @@ module Bibliothecary
39
40
  # Lockfiles have exact versions.
40
41
  "lockfile_requirement" => {
41
42
  match: [
42
- /^version$/i,
43
43
  /^(lockfile |)requirement$/i,
44
+ /^version$/i,
44
45
  ],
45
46
  },
46
47
  # Manifests have versions that can have operators.
48
+ # However, since Bibliothecary only currently supports analyzing a
49
+ # single file as a single thing (either manifest or lockfile)
50
+ # we can't return manifest-y data. Only take the lockfile requirement
51
+ # when processing dependencies.csv for now.
47
52
  "requirement" => {
48
53
  match: [
49
- /^manifest requirement$/i,
50
- /^version$/i,
51
54
  /^(lockfile |)requirement$/i,
55
+ /^version$/i,
52
56
  ],
53
- default: nil
54
57
  },
55
58
  "type" => {
56
59
  default: "runtime",
data/lib/bibliothecary/parsers/pypi.rb CHANGED
@@ -179,20 +179,55 @@ module Bibliothecary
179
179
  deps
180
180
  end
181
181
 
182
+ # While the thing in the repo that PyPI is using might be either in
183
+ # egg format or wheel format, PyPI uses "egg" in the fragment of the
184
+ # VCS URL to specify what package in the PyPI index the VCS URL
185
+ # should be treated as.
186
+ NoEggSpecified = Class.new(ArgumentError)
187
+
188
+ # Parses a requirements.txt file, following the
189
+ # https://pip.pypa.io/en/stable/cli/pip_install/#requirement-specifiers
190
+ # and https://pip.pypa.io/en/stable/topics/vcs-support/#git.
191
+ # Invalid lines in requirements.txt are skipped.
182
192
  def self.parse_requirements_txt(file_contents, options: {})
183
193
  deps = []
184
194
  file_contents.split("\n").each do |line|
185
- match = line.delete(' ').match(REQUIREMENTS_REGEXP)
186
- next unless match
187
- deps << {
188
- name: match[1],
189
- requirement: match[-1] || '*',
190
- type: 'runtime'
191
- }
195
+ if line['://']
196
+ begin
197
+ result = parse_requirements_txt_url(line)
198
+ rescue URI::Error, NoEggSpecified => e
199
+ next
200
+ end
201
+
202
+ deps << result.merge(
203
+ type: 'runtime'
204
+ )
205
+ else
206
+ match = line.delete(' ').match(REQUIREMENTS_REGEXP)
207
+ next unless match
208
+
209
+ deps << {
210
+ name: match[1],
211
+ requirement: match[-1] || '*',
212
+ type: 'runtime'
213
+ }
214
+ end
192
215
  end
193
216
  deps
194
217
  end
195
218
 
219
+ def self.parse_requirements_txt_url(url)
220
+ uri = URI.parse(url)
221
+ raise NoEggSpecified, "No egg specified in #{url}" unless uri.fragment
222
+
223
+ name = uri.fragment[/^egg=([^&]+)([&]|$)/, 1]
224
+ raise NoEggSpecified, "No egg specified in #{url}" unless name
225
+
226
+ requirement = uri.path[/@(.+)$/, 1]
227
+
228
+ { name: name, requirement: requirement || "*" }
229
+ end
230
+
196
231
  def self.pip_compile?(file_contents)
197
232
  return file_contents.include?("This file is autogenerated by pip-compile")
198
233
  rescue Exception # rubocop:disable Lint/RescueException
data/lib/bibliothecary/related_files_info.rb CHANGED
@@ -12,7 +12,14 @@ module Bibliothecary
12
12
 
13
13
  file_infos_by_directory = file_infos.group_by { |info| File.dirname(info.relative_path) }
14
14
  file_infos_by_directory.values.each do |file_infos_for_path|
15
- file_infos_by_directory_by_package_manager = file_infos_for_path.group_by { |info| info.package_manager}
15
+ groupable, ungroupable = file_infos_for_path.partition(&:groupable?)
16
+
17
+ # add ungroupable ones as separate RFIs
18
+ ungroupable.each do |file_info|
19
+ returns.append(RelatedFilesInfo.new([file_info]))
20
+ end
21
+
22
+ file_infos_by_directory_by_package_manager = groupable.group_by { |info| info.package_manager}
16
23
 
17
24
  file_infos_by_directory_by_package_manager.values.each do |file_infos_in_directory_for_package_manager|
18
25
  returns.append(RelatedFilesInfo.new(file_infos_in_directory_for_package_manager))
data/lib/bibliothecary/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "8.2.2"
2
+ VERSION = "8.2.5"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.2.2
4
+ version: 8.2.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-06 00:00:00.000000000 Z
11
+ date: 2022-05-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tomlrb