cyclonedx-cocoapods 1.1.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f9377b14e9d7b5f41db0b12693b58dd37367e05e72f8ab208178c6d79f38234b
|
|
4
|
+
data.tar.gz: a8402aabb0a9eb157bbbaab4782a3fc6ce731003b48037c54cb1dc7e2d5fb289
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7fe8629cb7313126a55d2cbae4e7f69ea6fc365336b56093eab5a23e3a27d4fde848a892926ce2fc201509af9c9e4adb9cf59e0940841a03023e344817be2aa2
|
|
7
|
+
data.tar.gz: 8cc8b64ddcf4292e14c4698e55899a2b6c72de7ed1ed5ee7adcef316fa315286e52b108a5d000a5fa6f6e42333fd752633b7eeb0142fa603b615b05fef688c8e
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [1.2.0]
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
- Includes dependency relationship information for each of the components. ([Issue #58](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/58)) [@fnxpt](https://github.com/fnxpt).
|
|
11
|
+
|
|
12
|
+
### Changed
|
|
13
|
+
- Components and dependencies are output in alphabetically sorted order by `purl` to increase reproducability of BOM generation. ([Issue #59](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/59)) [@macblazer](https://github.com/macblazer).
|
|
14
|
+
|
|
7
15
|
## [1.1.2]
|
|
8
16
|
|
|
9
17
|
### Changed
|
|
@@ -84,6 +84,7 @@ module CycloneDX
|
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
86
|
xml.purl purl
|
|
87
|
+
xml.bomRef purl
|
|
87
88
|
unless homepage.nil?
|
|
88
89
|
xml.externalReferences do
|
|
89
90
|
xml.reference(type: HOMEPAGE_REFERENCE_TYPE) do
|
|
@@ -119,10 +120,12 @@ module CycloneDX
|
|
|
119
120
|
class BOMBuilder
|
|
120
121
|
NAMESPACE = 'http://cyclonedx.org/schema/bom/1.4'
|
|
121
122
|
|
|
122
|
-
attr_reader :component, :pods
|
|
123
|
+
attr_reader :component, :pods, :dependencies
|
|
123
124
|
|
|
124
|
-
def initialize(component: nil,
|
|
125
|
-
@
|
|
125
|
+
def initialize(pods:, component: nil, dependencies: nil)
|
|
126
|
+
@pods = pods.sort_by(&:purl)
|
|
127
|
+
@component = component
|
|
128
|
+
@dependencies = dependencies&.sort
|
|
126
129
|
end
|
|
127
130
|
|
|
128
131
|
def bom(version: 1)
|
|
@@ -136,12 +139,26 @@ module CycloneDX
|
|
|
136
139
|
pod.add_to_bom(xml)
|
|
137
140
|
end
|
|
138
141
|
end
|
|
142
|
+
|
|
143
|
+
xml.dependencies do
|
|
144
|
+
bom_dependencies(xml, dependencies)
|
|
145
|
+
end
|
|
139
146
|
end
|
|
140
147
|
end.to_xml
|
|
141
148
|
end
|
|
142
149
|
|
|
143
150
|
private
|
|
144
151
|
|
|
152
|
+
def bom_dependencies(xml, dependencies)
|
|
153
|
+
dependencies&.each do |key, array|
|
|
154
|
+
xml.dependency(ref: key) do
|
|
155
|
+
array.sort.each do |value|
|
|
156
|
+
xml.dependency(ref: value)
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
|
|
145
162
|
def bom_metadata(xml)
|
|
146
163
|
xml.metadata do
|
|
147
164
|
xml.timestamp Time.now.getutc.strftime('%Y-%m-%dT%H:%M:%SZ')
|
|
@@ -40,10 +40,11 @@ module CycloneDX
|
|
|
40
40
|
|
|
41
41
|
analyzer = PodfileAnalyzer.new(logger: @logger, exclude_test_targets: options[:exclude_test_targets])
|
|
42
42
|
podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
|
|
43
|
-
pods = analyzer.parse_pods(podfile, lockfile)
|
|
43
|
+
pods, dependencies = analyzer.parse_pods(podfile, lockfile)
|
|
44
44
|
analyzer.populate_pods_with_additional_info(pods)
|
|
45
45
|
|
|
46
|
-
|
|
46
|
+
builder = BOMBuilder.new(pods: pods, component: component_from_options(options), dependencies: dependencies)
|
|
47
|
+
bom = builder.bom(version: options[:bom_version] || 1)
|
|
47
48
|
write_bom_to_file(bom: bom, options: options)
|
|
48
49
|
rescue StandardError => e
|
|
49
50
|
@logger.error ([e.message] + e.backtrace).join($/)
|
|
@@ -41,7 +41,7 @@ module CycloneDX
|
|
|
41
41
|
podfile_contents = File.read(podfile_path)
|
|
42
42
|
plugin_syntax = /\s*plugin\s+['"]([^'"]+)['"]/
|
|
43
43
|
plugin_names = podfile_contents.scan(plugin_syntax).flatten
|
|
44
|
-
|
|
44
|
+
|
|
45
45
|
plugin_names.each do |plugin_name|
|
|
46
46
|
@logger.debug("Loading plugin #{plugin_name}")
|
|
47
47
|
begin
|
|
@@ -67,17 +67,32 @@ module CycloneDX
|
|
|
67
67
|
lockfile = ::Pod::Lockfile.from_file(options[:podfile_lock_path])
|
|
68
68
|
verify_synced_sandbox(lockfile)
|
|
69
69
|
load_plugins(options[:podfile_path])
|
|
70
|
-
|
|
70
|
+
|
|
71
71
|
return ::Pod::Podfile.from_file(options[:podfile_path]), lockfile
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
|
|
75
75
|
def parse_pods(podfile, lockfile)
|
|
76
76
|
@logger.debug "Parsing pods from #{podfile.defined_in_file}"
|
|
77
|
-
included_pods = create_list_of_included_pods(podfile, lockfile)
|
|
78
|
-
|
|
77
|
+
included_pods, dependencies = create_list_of_included_pods(podfile, lockfile)
|
|
78
|
+
|
|
79
|
+
pods = lockfile.pod_names.select { |name| included_pods.include?(name) }.map do |name|
|
|
79
80
|
Pod.new(name: name, version: lockfile.version(name), source: source_for_pod(podfile, lockfile, name), checksum: lockfile.checksum(name))
|
|
80
81
|
end
|
|
82
|
+
|
|
83
|
+
pod_dependencies = { }
|
|
84
|
+
dependencies.each {|key, value|
|
|
85
|
+
if lockfile.pod_names.include? key
|
|
86
|
+
pod = Pod.new(name: key, version: lockfile.version(key), source: source_for_pod(podfile, lockfile, key), checksum: lockfile.checksum(key))
|
|
87
|
+
|
|
88
|
+
pod_dependencies[pod.purl] = lockfile.pod_names.select { |name| value.include?(name) }.map do |name|
|
|
89
|
+
pod = Pod.new(name: name, version: lockfile.version(name), source: source_for_pod(podfile, lockfile, name), checksum: lockfile.checksum(name))
|
|
90
|
+
pod.purl
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
return pods, pod_dependencies
|
|
81
96
|
end
|
|
82
97
|
|
|
83
98
|
|
|
@@ -89,7 +104,6 @@ module CycloneDX
|
|
|
89
104
|
return pods
|
|
90
105
|
end
|
|
91
106
|
|
|
92
|
-
|
|
93
107
|
private
|
|
94
108
|
|
|
95
109
|
|
|
@@ -124,9 +138,12 @@ module CycloneDX
|
|
|
124
138
|
pods_hash
|
|
125
139
|
end
|
|
126
140
|
|
|
141
|
+
|
|
127
142
|
def append_all_pod_dependencies(pods_used, pods_cache)
|
|
128
143
|
result = pods_used
|
|
129
144
|
original_number = 0
|
|
145
|
+
dependencies_hash = { }
|
|
146
|
+
|
|
130
147
|
# Loop adding pod dependencies until we are not adding any more dependencies to the result
|
|
131
148
|
# This brings in all the transitive dependencies of every top level pod.
|
|
132
149
|
# Note this also handles two edge cases:
|
|
@@ -134,13 +151,20 @@ module CycloneDX
|
|
|
134
151
|
# 2. Having a pod that has a platform-specific dependency that is unused for this Podfile.
|
|
135
152
|
while result.length != original_number
|
|
136
153
|
original_number = result.length
|
|
154
|
+
|
|
137
155
|
pods_used.each { |pod_name|
|
|
138
|
-
|
|
156
|
+
if pods_cache.key?(pod_name)
|
|
157
|
+
result.push(*pods_cache[pod_name])
|
|
158
|
+
dependencies_hash[pod_name] = pods_cache[pod_name].empty? ? [] : pods_cache[pod_name]
|
|
159
|
+
end
|
|
139
160
|
}
|
|
161
|
+
|
|
140
162
|
result = result.uniq
|
|
163
|
+
# maybe additional dependency processing needed here???
|
|
141
164
|
pods_used = result
|
|
142
165
|
end
|
|
143
|
-
|
|
166
|
+
|
|
167
|
+
return result, dependencies_hash
|
|
144
168
|
end
|
|
145
169
|
|
|
146
170
|
def create_list_of_included_pods(podfile, lockfile)
|
|
@@ -152,9 +176,9 @@ module CycloneDX
|
|
|
152
176
|
|
|
153
177
|
topLevelDeps = includedTargets.map(&:dependencies).flatten.uniq
|
|
154
178
|
pods_used = topLevelDeps.map(&:name).uniq
|
|
155
|
-
pods_used = append_all_pod_dependencies(pods_used, pods_cache)
|
|
179
|
+
pods_used, dependencies = append_all_pod_dependencies(pods_used, pods_cache)
|
|
156
180
|
|
|
157
|
-
return pods_used.sort
|
|
181
|
+
return pods_used.sort, dependencies
|
|
158
182
|
end
|
|
159
183
|
|
|
160
184
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cyclonedx-cocoapods
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- José González
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-01-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: cocoapods
|