cyclonedx-cocoapods 1.1.2 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f9377b14e9d7b5f41db0b12693b58dd37367e05e72f8ab208178c6d79f38234b
|
4
|
+
data.tar.gz: a8402aabb0a9eb157bbbaab4782a3fc6ce731003b48037c54cb1dc7e2d5fb289
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7fe8629cb7313126a55d2cbae4e7f69ea6fc365336b56093eab5a23e3a27d4fde848a892926ce2fc201509af9c9e4adb9cf59e0940841a03023e344817be2aa2
|
7
|
+
data.tar.gz: 8cc8b64ddcf4292e14c4698e55899a2b6c72de7ed1ed5ee7adcef316fa315286e52b108a5d000a5fa6f6e42333fd752633b7eeb0142fa603b615b05fef688c8e
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
6
6
|
|
7
|
+
## [1.2.0]
|
8
|
+
|
9
|
+
### Added
|
10
|
+
- Includes dependency relationship information for each of the components. ([Issue #58](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/58)) [@fnxpt](https://github.com/fnxpt).
|
11
|
+
|
12
|
+
### Changed
|
13
|
+
- Components and dependencies are output in alphabetically sorted order by `purl` to increase reproducability of BOM generation. ([Issue #59](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/59)) [@macblazer](https://github.com/macblazer).
|
14
|
+
|
7
15
|
## [1.1.2]
|
8
16
|
|
9
17
|
### Changed
|
@@ -84,6 +84,7 @@ module CycloneDX
|
|
84
84
|
end
|
85
85
|
end
|
86
86
|
xml.purl purl
|
87
|
+
xml.bomRef purl
|
87
88
|
unless homepage.nil?
|
88
89
|
xml.externalReferences do
|
89
90
|
xml.reference(type: HOMEPAGE_REFERENCE_TYPE) do
|
@@ -119,10 +120,12 @@ module CycloneDX
|
|
119
120
|
class BOMBuilder
|
120
121
|
NAMESPACE = 'http://cyclonedx.org/schema/bom/1.4'
|
121
122
|
|
122
|
-
attr_reader :component, :pods
|
123
|
+
attr_reader :component, :pods, :dependencies
|
123
124
|
|
124
|
-
def initialize(component: nil,
|
125
|
-
@
|
125
|
+
def initialize(pods:, component: nil, dependencies: nil)
|
126
|
+
@pods = pods.sort_by(&:purl)
|
127
|
+
@component = component
|
128
|
+
@dependencies = dependencies&.sort
|
126
129
|
end
|
127
130
|
|
128
131
|
def bom(version: 1)
|
@@ -136,12 +139,26 @@ module CycloneDX
|
|
136
139
|
pod.add_to_bom(xml)
|
137
140
|
end
|
138
141
|
end
|
142
|
+
|
143
|
+
xml.dependencies do
|
144
|
+
bom_dependencies(xml, dependencies)
|
145
|
+
end
|
139
146
|
end
|
140
147
|
end.to_xml
|
141
148
|
end
|
142
149
|
|
143
150
|
private
|
144
151
|
|
152
|
+
def bom_dependencies(xml, dependencies)
|
153
|
+
dependencies&.each do |key, array|
|
154
|
+
xml.dependency(ref: key) do
|
155
|
+
array.sort.each do |value|
|
156
|
+
xml.dependency(ref: value)
|
157
|
+
end
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
145
162
|
def bom_metadata(xml)
|
146
163
|
xml.metadata do
|
147
164
|
xml.timestamp Time.now.getutc.strftime('%Y-%m-%dT%H:%M:%SZ')
|
@@ -40,10 +40,11 @@ module CycloneDX
|
|
40
40
|
|
41
41
|
analyzer = PodfileAnalyzer.new(logger: @logger, exclude_test_targets: options[:exclude_test_targets])
|
42
42
|
podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
|
43
|
-
pods = analyzer.parse_pods(podfile, lockfile)
|
43
|
+
pods, dependencies = analyzer.parse_pods(podfile, lockfile)
|
44
44
|
analyzer.populate_pods_with_additional_info(pods)
|
45
45
|
|
46
|
-
|
46
|
+
builder = BOMBuilder.new(pods: pods, component: component_from_options(options), dependencies: dependencies)
|
47
|
+
bom = builder.bom(version: options[:bom_version] || 1)
|
47
48
|
write_bom_to_file(bom: bom, options: options)
|
48
49
|
rescue StandardError => e
|
49
50
|
@logger.error ([e.message] + e.backtrace).join($/)
|
@@ -41,7 +41,7 @@ module CycloneDX
|
|
41
41
|
podfile_contents = File.read(podfile_path)
|
42
42
|
plugin_syntax = /\s*plugin\s+['"]([^'"]+)['"]/
|
43
43
|
plugin_names = podfile_contents.scan(plugin_syntax).flatten
|
44
|
-
|
44
|
+
|
45
45
|
plugin_names.each do |plugin_name|
|
46
46
|
@logger.debug("Loading plugin #{plugin_name}")
|
47
47
|
begin
|
@@ -67,17 +67,32 @@ module CycloneDX
|
|
67
67
|
lockfile = ::Pod::Lockfile.from_file(options[:podfile_lock_path])
|
68
68
|
verify_synced_sandbox(lockfile)
|
69
69
|
load_plugins(options[:podfile_path])
|
70
|
-
|
70
|
+
|
71
71
|
return ::Pod::Podfile.from_file(options[:podfile_path]), lockfile
|
72
72
|
end
|
73
73
|
|
74
74
|
|
75
75
|
def parse_pods(podfile, lockfile)
|
76
76
|
@logger.debug "Parsing pods from #{podfile.defined_in_file}"
|
77
|
-
included_pods = create_list_of_included_pods(podfile, lockfile)
|
78
|
-
|
77
|
+
included_pods, dependencies = create_list_of_included_pods(podfile, lockfile)
|
78
|
+
|
79
|
+
pods = lockfile.pod_names.select { |name| included_pods.include?(name) }.map do |name|
|
79
80
|
Pod.new(name: name, version: lockfile.version(name), source: source_for_pod(podfile, lockfile, name), checksum: lockfile.checksum(name))
|
80
81
|
end
|
82
|
+
|
83
|
+
pod_dependencies = { }
|
84
|
+
dependencies.each {|key, value|
|
85
|
+
if lockfile.pod_names.include? key
|
86
|
+
pod = Pod.new(name: key, version: lockfile.version(key), source: source_for_pod(podfile, lockfile, key), checksum: lockfile.checksum(key))
|
87
|
+
|
88
|
+
pod_dependencies[pod.purl] = lockfile.pod_names.select { |name| value.include?(name) }.map do |name|
|
89
|
+
pod = Pod.new(name: name, version: lockfile.version(name), source: source_for_pod(podfile, lockfile, name), checksum: lockfile.checksum(name))
|
90
|
+
pod.purl
|
91
|
+
end
|
92
|
+
end
|
93
|
+
}
|
94
|
+
|
95
|
+
return pods, pod_dependencies
|
81
96
|
end
|
82
97
|
|
83
98
|
|
@@ -89,7 +104,6 @@ module CycloneDX
|
|
89
104
|
return pods
|
90
105
|
end
|
91
106
|
|
92
|
-
|
93
107
|
private
|
94
108
|
|
95
109
|
|
@@ -124,9 +138,12 @@ module CycloneDX
|
|
124
138
|
pods_hash
|
125
139
|
end
|
126
140
|
|
141
|
+
|
127
142
|
def append_all_pod_dependencies(pods_used, pods_cache)
|
128
143
|
result = pods_used
|
129
144
|
original_number = 0
|
145
|
+
dependencies_hash = { }
|
146
|
+
|
130
147
|
# Loop adding pod dependencies until we are not adding any more dependencies to the result
|
131
148
|
# This brings in all the transitive dependencies of every top level pod.
|
132
149
|
# Note this also handles two edge cases:
|
@@ -134,13 +151,20 @@ module CycloneDX
|
|
134
151
|
# 2. Having a pod that has a platform-specific dependency that is unused for this Podfile.
|
135
152
|
while result.length != original_number
|
136
153
|
original_number = result.length
|
154
|
+
|
137
155
|
pods_used.each { |pod_name|
|
138
|
-
|
156
|
+
if pods_cache.key?(pod_name)
|
157
|
+
result.push(*pods_cache[pod_name])
|
158
|
+
dependencies_hash[pod_name] = pods_cache[pod_name].empty? ? [] : pods_cache[pod_name]
|
159
|
+
end
|
139
160
|
}
|
161
|
+
|
140
162
|
result = result.uniq
|
163
|
+
# maybe additional dependency processing needed here???
|
141
164
|
pods_used = result
|
142
165
|
end
|
143
|
-
|
166
|
+
|
167
|
+
return result, dependencies_hash
|
144
168
|
end
|
145
169
|
|
146
170
|
def create_list_of_included_pods(podfile, lockfile)
|
@@ -152,9 +176,9 @@ module CycloneDX
|
|
152
176
|
|
153
177
|
topLevelDeps = includedTargets.map(&:dependencies).flatten.uniq
|
154
178
|
pods_used = topLevelDeps.map(&:name).uniq
|
155
|
-
pods_used = append_all_pod_dependencies(pods_used, pods_cache)
|
179
|
+
pods_used, dependencies = append_all_pod_dependencies(pods_used, pods_cache)
|
156
180
|
|
157
|
-
return pods_used.sort
|
181
|
+
return pods_used.sort, dependencies
|
158
182
|
end
|
159
183
|
|
160
184
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cyclonedx-cocoapods
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- José González
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2024-01-06 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: cocoapods
|