cyclonedx-cocoapods 1.1.2 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/lib/cyclonedx/cocoapods/bom_builder.rb +20 -3
  4. data/lib/cyclonedx/cocoapods/cli_runner.rb +3 -2
  5. data/lib/cyclonedx/cocoapods/podfile_analyzer.rb +33 -9
  6. data/lib/cyclonedx/cocoapods/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d9413e8c99e608e82f87b4075e907eb9fd137fd9f67a2c00bb277cf5c7fc2e21
4
- data.tar.gz: fd8be60d19ee1e2d84f53bbc16e66734eaffb9b2375f462219bd097fbdb7ef1c
3
+ metadata.gz: f9377b14e9d7b5f41db0b12693b58dd37367e05e72f8ab208178c6d79f38234b
4
+ data.tar.gz: a8402aabb0a9eb157bbbaab4782a3fc6ce731003b48037c54cb1dc7e2d5fb289
5
5
  SHA512:
6
- metadata.gz: 8b1e44bed24cddcce4e550047b39c849167f60d4e3ac86006365a991e70de3de3634a9de0ef90df7e7a3f93a9c255b5df271526a3731b91739726cc400c23889
7
- data.tar.gz: f8778db86758639e8c2888a0ccd67d9209d8dac2282e422d75c18a40831c3e89a8c0cac10d8392965b8a47c01341b197dc424912470bc300e06c355e76d76415
6
+ metadata.gz: 7fe8629cb7313126a55d2cbae4e7f69ea6fc365336b56093eab5a23e3a27d4fde848a892926ce2fc201509af9c9e4adb9cf59e0940841a03023e344817be2aa2
7
+ data.tar.gz: 8cc8b64ddcf4292e14c4698e55899a2b6c72de7ed1ed5ee7adcef316fa315286e52b108a5d000a5fa6f6e42333fd752633b7eeb0142fa603b615b05fef688c8e
data/CHANGELOG.md CHANGED
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
4
4
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
5
5
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
6
 
7
+ ## [1.2.0]
8
+
9
+ ### Added
10
+ - Includes dependency relationship information for each of the components. ([Issue #58](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/58)) [@fnxpt](https://github.com/fnxpt).
11
+
12
+ ### Changed
13
+ - Components and dependencies are output in alphabetically sorted order by `purl` to increase reproducability of BOM generation. ([Issue #59](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/59)) [@macblazer](https://github.com/macblazer).
14
+
7
15
  ## [1.1.2]
8
16
 
9
17
  ### Changed
data/lib/cyclonedx/cocoapods/bom_builder.rb CHANGED
@@ -84,6 +84,7 @@ module CycloneDX
84
84
  end
85
85
  end
86
86
  xml.purl purl
87
+ xml.bomRef purl
87
88
  unless homepage.nil?
88
89
  xml.externalReferences do
89
90
  xml.reference(type: HOMEPAGE_REFERENCE_TYPE) do
@@ -119,10 +120,12 @@ module CycloneDX
119
120
  class BOMBuilder
120
121
  NAMESPACE = 'http://cyclonedx.org/schema/bom/1.4'
121
122
 
122
- attr_reader :component, :pods
123
+ attr_reader :component, :pods, :dependencies
123
124
 
124
- def initialize(component: nil, pods:)
125
- @component, @pods = component, pods
125
+ def initialize(pods:, component: nil, dependencies: nil)
126
+ @pods = pods.sort_by(&:purl)
127
+ @component = component
128
+ @dependencies = dependencies&.sort
126
129
  end
127
130
 
128
131
  def bom(version: 1)
@@ -136,12 +139,26 @@ module CycloneDX
136
139
  pod.add_to_bom(xml)
137
140
  end
138
141
  end
142
+
143
+ xml.dependencies do
144
+ bom_dependencies(xml, dependencies)
145
+ end
139
146
  end
140
147
  end.to_xml
141
148
  end
142
149
 
143
150
  private
144
151
 
152
+ def bom_dependencies(xml, dependencies)
153
+ dependencies&.each do |key, array|
154
+ xml.dependency(ref: key) do
155
+ array.sort.each do |value|
156
+ xml.dependency(ref: value)
157
+ end
158
+ end
159
+ end
160
+ end
161
+
145
162
  def bom_metadata(xml)
146
163
  xml.metadata do
147
164
  xml.timestamp Time.now.getutc.strftime('%Y-%m-%dT%H:%M:%SZ')
data/lib/cyclonedx/cocoapods/cli_runner.rb CHANGED
@@ -40,10 +40,11 @@ module CycloneDX
40
40
 
41
41
  analyzer = PodfileAnalyzer.new(logger: @logger, exclude_test_targets: options[:exclude_test_targets])
42
42
  podfile, lockfile = analyzer.ensure_podfile_and_lock_are_present(options)
43
- pods = analyzer.parse_pods(podfile, lockfile)
43
+ pods, dependencies = analyzer.parse_pods(podfile, lockfile)
44
44
  analyzer.populate_pods_with_additional_info(pods)
45
45
 
46
- bom = BOMBuilder.new(component: component_from_options(options), pods: pods).bom(version: options[:bom_version] || 1)
46
+ builder = BOMBuilder.new(pods: pods, component: component_from_options(options), dependencies: dependencies)
47
+ bom = builder.bom(version: options[:bom_version] || 1)
47
48
  write_bom_to_file(bom: bom, options: options)
48
49
  rescue StandardError => e
49
50
  @logger.error ([e.message] + e.backtrace).join($/)
data/lib/cyclonedx/cocoapods/podfile_analyzer.rb CHANGED
@@ -41,7 +41,7 @@ module CycloneDX
41
41
  podfile_contents = File.read(podfile_path)
42
42
  plugin_syntax = /\s*plugin\s+['"]([^'"]+)['"]/
43
43
  plugin_names = podfile_contents.scan(plugin_syntax).flatten
44
-
44
+
45
45
  plugin_names.each do |plugin_name|
46
46
  @logger.debug("Loading plugin #{plugin_name}")
47
47
  begin
@@ -67,17 +67,32 @@ module CycloneDX
67
67
  lockfile = ::Pod::Lockfile.from_file(options[:podfile_lock_path])
68
68
  verify_synced_sandbox(lockfile)
69
69
  load_plugins(options[:podfile_path])
70
-
70
+
71
71
  return ::Pod::Podfile.from_file(options[:podfile_path]), lockfile
72
72
  end
73
73
 
74
74
 
75
75
  def parse_pods(podfile, lockfile)
76
76
  @logger.debug "Parsing pods from #{podfile.defined_in_file}"
77
- included_pods = create_list_of_included_pods(podfile, lockfile)
78
- return lockfile.pod_names.select { |name| included_pods.include?(name) }.map do |name|
77
+ included_pods, dependencies = create_list_of_included_pods(podfile, lockfile)
78
+
79
+ pods = lockfile.pod_names.select { |name| included_pods.include?(name) }.map do |name|
79
80
  Pod.new(name: name, version: lockfile.version(name), source: source_for_pod(podfile, lockfile, name), checksum: lockfile.checksum(name))
80
81
  end
82
+
83
+ pod_dependencies = { }
84
+ dependencies.each {|key, value|
85
+ if lockfile.pod_names.include? key
86
+ pod = Pod.new(name: key, version: lockfile.version(key), source: source_for_pod(podfile, lockfile, key), checksum: lockfile.checksum(key))
87
+
88
+ pod_dependencies[pod.purl] = lockfile.pod_names.select { |name| value.include?(name) }.map do |name|
89
+ pod = Pod.new(name: name, version: lockfile.version(name), source: source_for_pod(podfile, lockfile, name), checksum: lockfile.checksum(name))
90
+ pod.purl
91
+ end
92
+ end
93
+ }
94
+
95
+ return pods, pod_dependencies
81
96
  end
82
97
 
83
98
 
@@ -89,7 +104,6 @@ module CycloneDX
89
104
  return pods
90
105
  end
91
106
 
92
-
93
107
  private
94
108
 
95
109
 
@@ -124,9 +138,12 @@ module CycloneDX
124
138
  pods_hash
125
139
  end
126
140
 
141
+
127
142
  def append_all_pod_dependencies(pods_used, pods_cache)
128
143
  result = pods_used
129
144
  original_number = 0
145
+ dependencies_hash = { }
146
+
130
147
  # Loop adding pod dependencies until we are not adding any more dependencies to the result
131
148
  # This brings in all the transitive dependencies of every top level pod.
132
149
  # Note this also handles two edge cases:
@@ -134,13 +151,20 @@ module CycloneDX
134
151
  # 2. Having a pod that has a platform-specific dependency that is unused for this Podfile.
135
152
  while result.length != original_number
136
153
  original_number = result.length
154
+
137
155
  pods_used.each { |pod_name|
138
- result.push(*pods_cache[pod_name]) unless !pods_cache.key?(pod_name) || pods_cache[pod_name].empty?
156
+ if pods_cache.key?(pod_name)
157
+ result.push(*pods_cache[pod_name])
158
+ dependencies_hash[pod_name] = pods_cache[pod_name].empty? ? [] : pods_cache[pod_name]
159
+ end
139
160
  }
161
+
140
162
  result = result.uniq
163
+ # maybe additional dependency processing needed here???
141
164
  pods_used = result
142
165
  end
143
- result
166
+
167
+ return result, dependencies_hash
144
168
  end
145
169
 
146
170
  def create_list_of_included_pods(podfile, lockfile)
@@ -152,9 +176,9 @@ module CycloneDX
152
176
 
153
177
  topLevelDeps = includedTargets.map(&:dependencies).flatten.uniq
154
178
  pods_used = topLevelDeps.map(&:name).uniq
155
- pods_used = append_all_pod_dependencies(pods_used, pods_cache)
179
+ pods_used, dependencies = append_all_pod_dependencies(pods_used, pods_cache)
156
180
 
157
- return pods_used.sort
181
+ return pods_used.sort, dependencies
158
182
  end
159
183
 
160
184
 
data/lib/cyclonedx/cocoapods/version.rb CHANGED
@@ -21,6 +21,6 @@
21
21
 
22
22
  module CycloneDX
23
23
  module CocoaPods
24
- VERSION = '1.1.2'
24
+ VERSION = '1.2.0'
25
25
  end
26
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cyclonedx-cocoapods
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - José González
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2023-06-16 00:00:00.000000000 Z
12
+ date: 2024-01-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cocoapods