RubyGems - bundler-sbom - Versions diffs - 0.3.0 → 0.3.1 - Mend

bundler-sbom 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/bundler/sbom/cyclonedx.rb +1 -15
data/lib/bundler/sbom/spdx.rb +2 -16
data/lib/bundler/sbom/spec_license_finder.rb +26 -0
data/lib/bundler/sbom/version.rb +1 -1
data/lib/bundler/sbom.rb +1 -0
metadata +2 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c2d31deef79ab54416961ff900632cf386f95207f35afd2c2e491d97c53d4c0e
-  data.tar.gz: 6060186d5f3394f12f9c58a2ad1aa4a01b554500f58ef606403536675e506f18
+  metadata.gz: 25aca7901f1cf5074fa7d089541543e1626e61a2ed2969729fd5cd2e5308e831
+  data.tar.gz: fa38d57d57377305b21fe0deae6907ebd4bca352443c3b9ea5cc0ca068270927
 SHA512:
-  metadata.gz: bb372a7bf2da186dcdf3a3406f236682b35b3aba690a21f3617a32cd94cebf85a4902e39a755a0e1698ff463a9f37fa8c79a425230ab6d1b68c16d1790dbb476
-  data.tar.gz: aab0fffe6b7c684d8bb07c33040f2f5897c00d9353e5809b665333a714ee6175a36a2eae4ac01d8427c5b273e3911e91fadc8580f486d4dc04db0ec9f6ec337d
+  metadata.gz: '028fb94c9fd911c34a0c73cef0c2f49e97a4a6278090cbd46595d46311181b351239f643d83a546c17eb63eaa8222b3873810310ca99504531aa02c5822a3735'
+  data.tar.gz: e91cc42c49bf6f4d62528fe4c97c9942bef964afc6f48af9e8bebb96ed588929344eb06557549019855ebfd0cda2cb2950a167091fbc49c934bc1c3f5d697cd7

data/lib/bundler/sbom/cyclonedx.rb CHANGED Viewed

@@ -37,21 +37,7 @@ module Bundler
           gem_key = "#{spec.name}:#{spec.version}"
           next if seen_gems.include?(gem_key)
           seen_gems.add(gem_key)
-          begin
-            gemspec = Gem::Specification.find_by_name(spec.name, spec.version)
-            licenses = []
-            if gemspec
-              if gemspec.license && !gemspec.license.empty?
-                licenses << gemspec.license
-              end
-              if gemspec.licenses && !gemspec.licenses.empty?
-                licenses.concat(gemspec.licenses)
-              end
-              licenses.uniq!
-            end
-          rescue Gem::LoadError
-            licenses = []
-          end
+          licenses = SpecLicenseFinder.find_licenses(spec)
           component = {
             "type" => "library",

data/lib/bundler/sbom/spdx.rb CHANGED Viewed

@@ -27,22 +27,8 @@ module Bundler
           gem_key = "#{spec.name}:#{spec.version}"
           next if seen_gems.include?(gem_key)
           seen_gems.add(gem_key)
-          begin
-            gemspec = Gem::Specification.find_by_name(spec.name, spec.version)
-            licenses = []
-            if gemspec
-              if gemspec.license && !gemspec.license.empty?
-                licenses << gemspec.license
-              end
-              if gemspec.licenses && !gemspec.licenses.empty?
-                licenses.concat(gemspec.licenses)
-              end
-              licenses.uniq!
-            end
-            license_string = licenses.empty? ? "NOASSERTION" : licenses.join(", ")
-          rescue Gem::LoadError
-            license_string = "NOASSERTION"
-          end
+          licenses = SpecLicenseFinder.find_licenses(spec)
+          license_string = licenses.empty? ? "NOASSERTION" : licenses.join(", ")
           package = {
             "SPDXID" => "SPDXRef-Package-#{spec.name}",

data/lib/bundler/sbom/spec_license_finder.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Bundler
+  module Sbom
+    module SpecLicenseFinder
+      def self.find_licenses(spec)
+        gemspec = spec.__materialize__ if spec.respond_to?(:__materialize__)
+        begin
+          gemspec ||= Gem::Specification.find_by_name(spec.name, spec.version)
+        rescue Gem::LoadError
+          # ignore
+        end
+        licenses = []
+        if gemspec
+          if gemspec.respond_to?(:license) && gemspec.license && !gemspec.license.empty?
+            licenses << gemspec.license
+          end
+          if gemspec.respond_to?(:licenses) && gemspec.licenses && !gemspec.licenses.empty?
+            licenses.concat(gemspec.licenses)
+          end
+          licenses.uniq!
+        end
+        licenses
+      end
+    end
+  end
+end

data/lib/bundler/sbom/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Bundler
   module Sbom
-    VERSION = "0.3.0"
+    VERSION = "0.3.1"
   end
 end

data/lib/bundler/sbom.rb CHANGED Viewed

@@ -1,3 +1,4 @@
 require "bundler/sbom/version"
+require "bundler/sbom/spec_license_finder"
 require "bundler/sbom/generator"
 require "bundler/sbom/cli"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bundler-sbom
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - SHIBATA Hiroshi
@@ -54,6 +54,7 @@ files:
 - lib/bundler/sbom/generator.rb
 - lib/bundler/sbom/reporter.rb
 - lib/bundler/sbom/spdx.rb
+- lib/bundler/sbom/spec_license_finder.rb
 - lib/bundler/sbom/version.rb
 - plugins.rb
 homepage: https://github.com/hsbt/bundler-sbom