ecosystems-bibliothecary 14.3.0 → 15.0.0

data/lib/bibliothecary/parsers/cocoapods.rb

@@ -1,17 +1,22 @@
 # frozen_string_literal: true
 
-require "gemnasium/parser"
 require "yaml"
 
 module Bibliothecary
   module Parsers
     class CocoaPods
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::BundlerLikeManifest
 
       NAME_VERSION = '(?! )(.*?)(?: \(([^-]*)(?:-(.*))?\))?'
       NAME_VERSION_4 = /^ {4}#{NAME_VERSION}$/
 
+      # Podfile pattern: pod "Name", "version" or pod "Name"
+      # Matches: pod 'name' or pod "name" with optional version
+      POD_REGEXP = /^\s*pod\s+['"]([^'"]+)['"]\s*(?:,\s*['"]([^'"]+)['"])?/
+
+      # Podspec pattern: .dependency "Name", "version"
+      PODSPEC_DEPENDENCY = /\.dependency\s+['"]([^'"]+)['"]\s*(?:,\s*['"]([^'"]+)['"])?/
+
       def self.mapping
         {
           match_filename("Podfile") => {
@@ -35,35 +40,111 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
 
       def self.parse_podfile_lock(file_contents, options: {})
-        manifest = YAML.load file_contents
-        dependencies = manifest["PODS"].map do |row|
-          pod = row.is_a?(String) ? row : row.keys.first
-          match = pod.match(/(.+?)\s\((.+?)\)/i)
-          Dependency.new(
+        source = options.fetch(:filename, nil)
+        dependencies = []
+
+        # Match pod entries: "  - Name (version)" or "  - Name/Subspec (version)"
+        # Only process lines in PODS section (before DEPENDENCIES section)
+        pods_section = file_contents.split(/^DEPENDENCIES:/)[0]
+        pods_section.scan(/^  - ([^\s(]+(?:\/[^\s(]+)?)\s+\(([^)]+)\)/) do |name, version|
+          # Take only the base package name (before any /)
+          base_name = name.split("/").first
+          dependencies << Dependency.new(
             platform: platform_name,
-            name: match[1].split("/").first,
-            requirement: match[2],
+            name: base_name,
+            requirement: version,
             type: "runtime",
-            source: options.fetch(:filename, nil)
+            source: source
           )
-        end.compact
+        end
+
         ParserResult.new(dependencies: dependencies)
       end
 
       def self.parse_podspec(file_contents, options: {})
-        manifest = Gemnasium::Parser.send(:podspec, file_contents)
-        dependencies = parse_ruby_manifest(manifest, platform_name, options.fetch(:filename, nil))
-        ParserResult.new(dependencies: dependencies)
+        source = options.fetch(:filename, nil)
+        deps = []
+        seen_names = Set.new
+
+        file_contents.each_line do |line|
+          match = line.match(PODSPEC_DEPENDENCY)
+          next unless match
+
+          name = match[1]
+          # Strip subspec path (e.g., "Foo/Bar" -> "Foo")
+          base_name = name.split("/").first
+
+          # Deduplicate by base name
+          next if seen_names.include?(base_name)
+          seen_names.add(base_name)
+
+          deps << Dependency.new(
+            platform: platform_name,
+            name: base_name,
+            requirement: ">= 0",
+            type: "runtime",
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
       end
 
       def self.parse_podfile(file_contents, options: {})
-        manifest = Gemnasium::Parser.send(:podfile, file_contents)
-        dependencies = parse_ruby_manifest(manifest, platform_name, options.fetch(:filename, nil))
-        ParserResult.new(dependencies: dependencies)
+        source = options.fetch(:filename, nil)
+        deps = []
+        in_conditional = false
+        conditional_depth = 0
+
+        file_contents.each_line do |line|
+          # Track if/else/elsif blocks to skip pods inside them
+          if line =~ /^\s*if\s+/
+            in_conditional = true
+            conditional_depth += 1
+            next
+          end
+          if line =~ /^\s*(elsif|else)\s*/
+            next
+          end
+          if line =~ /^\s*end\s*$/ && in_conditional
+            conditional_depth -= 1
+            in_conditional = false if conditional_depth == 0
+            next
+          end
+
+          # Skip pods inside conditionals
+          next if in_conditional
+
+          match = line.match(POD_REGEXP)
+          next unless match
+
+          name = match[1]
+          version = match[2]
+
+          # Skip pods with special characters like + or subspecs with /
+          next if name.include?("+") || name.include?("/")
+
+          requirement = version ? normalize_version(version) : ">= 0"
+
+          deps << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: requirement,
+            type: "runtime",
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps)
+      end
+
+      def self.normalize_version(version)
+        # If version already has an operator, use as-is
+        return version if version =~ /^[~>=<]/
+        # Otherwise treat as exact version
+        "= #{version}"
       end
 
       def self.parse_json_manifest(file_contents, options: {})

data/lib/bibliothecary/parsers/cog.rb

@@ -15,8 +15,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
 
       def self.parse_cog_yaml(file_contents, options: {})
         source = options.fetch(:filename, 'cog.yaml')

data/lib/bibliothecary/parsers/conan.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+module Bibliothecary
+  module Parsers
+    class Conan
+      include Bibliothecary::Analyser
+
+      def self.mapping
+        {
+          match_filename("conanfile.py") => {
+            kind: "manifest",
+            parser: :parse_conanfile_py,
+          },
+          match_filename("conanfile.txt") => {
+            kind: "manifest",
+            parser: :parse_conanfile_txt,
+          },
+          match_filename("conan.lock") => {
+            kind: "lockfile",
+            parser: :parse_lockfile,
+          },
+        }
+      end
+
+
+      REQUIRES_PATTERN = /self\.requires\(\s*["']([^"']+)["']/
+
+      def self.parse_conanfile_py(file_contents, options: {})
+        dependencies = []
+
+        file_contents.scan(REQUIRES_PATTERN).each do |match|
+          name, version = parse_conan_reference(match[0])
+          next if name.nil? || name.empty?
+
+          dependencies << Dependency.new(
+            name: name,
+            requirement: version || "*",
+            type: "runtime",
+            source: options.fetch(:filename, nil),
+            platform: platform_name
+          )
+        end
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.parse_conanfile_txt(file_contents, options: {})
+        dependencies = []
+        current_section = nil
+
+        file_contents.each_line do |line|
+          line = line.strip
+          next if line.empty? || line.start_with?("#")
+
+          if line.match?(/^\[([^\]]+)\]$/)
+            current_section = line[1..-2]
+            next
+          end
+
+          next unless %w[requires build_requires].include?(current_section)
+
+          name, version = parse_conan_reference(line)
+          next if name.nil? || name.empty?
+
+          dependencies << Dependency.new(
+            name: name,
+            requirement: version || "*",
+            type: current_section == "requires" ? "runtime" : "development",
+            source: options.fetch(:filename, nil),
+            platform: platform_name
+          )
+        end
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.parse_lockfile(file_contents, options: {})
+        manifest = JSON.parse(file_contents)
+
+        if manifest.dig("graph_lock", "nodes")
+          parse_v1_lockfile(manifest, options: options)
+        else
+          parse_v2_lockfile(manifest, options: options)
+        end
+      end
+
+      def self.parse_v1_lockfile(lockfile, options: {})
+        dependencies = []
+
+        lockfile["graph_lock"]["nodes"].each_value do |node|
+          next if node["path"] && !node["path"].empty?
+
+          ref = node["pref"] || node["ref"]
+          next unless ref
+
+          name, version = parse_conan_reference(ref)
+          next if name.nil? || name.empty?
+
+          type = node["context"] == "build" ? "development" : "runtime"
+
+          dependencies << Dependency.new(
+            name: name,
+            requirement: version || "*",
+            type: type,
+            source: options.fetch(:filename, nil),
+            platform: platform_name
+          )
+        end
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.parse_v2_lockfile(lockfile, options: {})
+        dependencies = []
+
+        parse_requires(dependencies, lockfile["requires"], "runtime", options)
+        parse_requires(dependencies, lockfile["build_requires"], "development", options)
+        parse_requires(dependencies, lockfile["python_requires"], "development", options)
+
+        ParserResult.new(dependencies: dependencies)
+      end
+
+      def self.parse_requires(dependencies, requires, type, options)
+        return unless requires&.any?
+
+        requires.each do |ref|
+          name, version = parse_conan_reference(ref)
+          next if name.nil? || name.empty?
+
+          dependencies << Dependency.new(
+            name: name,
+            requirement: version || "*",
+            type: type,
+            source: options.fetch(:filename, nil),
+            platform: platform_name
+          )
+        end
+      end
+
+      # Parse Conan reference format:
+      # name/version[@username[/channel]][#recipe_revision][:package_id[#package_revision]][%timestamp]
+      def self.parse_conan_reference(ref)
+        return [nil, nil] if ref.nil? || ref.empty? || !ref.include?("/")
+
+        # Strip timestamp, package info, recipe revision, and user/channel
+        ref = ref.split("%", 2)[0]
+        ref = ref.split(":", 2)[0]
+        ref = ref.split("#", 2)[0]
+        ref = ref.split("@", 2)[0]
+
+        parts = ref.split("/", 2)
+        [parts[0], parts[1]]
+      end
+    end
+  end
+end

data/lib/bibliothecary/parsers/conda.rb

@@ -20,9 +20,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
 
       def self.parse_conda(file_contents, options: {})
         manifest = YAML.load(file_contents)

data/lib/bibliothecary/parsers/cpan.rb

@@ -21,8 +21,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
 
       def self.parse_json_manifest(file_contents, options: {})
         manifest = JSON.parse file_contents

data/lib/bibliothecary/parsers/cran.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "deb_control"
-
 module Bibliothecary
   module Parsers
     class CRAN
@@ -18,33 +16,56 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
 
       def self.parse_description(file_contents, options: {})
-        manifest = DebControl::ControlFileBase.parse(file_contents)
-        dependencies = parse_section(manifest, "Depends", options.fetch(:filename, nil)) +
-                       parse_section(manifest, "Imports", options.fetch(:filename, nil)) +
-                       parse_section(manifest, "Suggests", options.fetch(:filename, nil)) +
-                       parse_section(manifest, "Enhances", options.fetch(:filename, nil))
+        source = options.fetch(:filename, nil)
+        fields = parse_rfc822(file_contents)
+
+        dependencies = parse_deps(fields["Depends"], "depends", source) +
+                       parse_deps(fields["Imports"], "imports", source) +
+                       parse_deps(fields["Suggests"], "suggests", source) +
+                       parse_deps(fields["Enhances"], "enhances", source)
+
         ParserResult.new(dependencies: dependencies)
       end
 
-      def self.parse_section(manifest, name, source = nil)
-        return [] unless manifest.first[name]
+      def self.parse_rfc822(contents)
+        fields = {}
+        current_field = nil
+
+        contents.each_line do |line|
+          if line =~ /^([A-Za-z][A-Za-z0-9-]*):\s*(.*)/
+            current_field = $1
+            fields[current_field] = $2.strip
+          elsif line =~ /^\s+(.*)/ && current_field
+            # Continuation line
+            fields[current_field] += " " + $1.strip
+          end
+        end
+
+        fields
+      end
+
+      def self.parse_deps(value, type, source)
+        return [] unless value
+
+        value.split(",").map(&:strip).map do |dep_str|
+          next if dep_str.empty?
+
+          match = dep_str.match(REQUIRE_REGEXP)
+          next unless match
+
+          # Normalize whitespace: collapse multiple spaces, but preserve single space after operator
+          requirement = match[2]&.gsub(/\s+/, " ")&.strip || "*"
 
-        deps = manifest.first[name].delete("\n").split(",").map(&:strip)
-        deps.map do |dependency|
-          dep = dependency.match(REQUIRE_REGEXP)
           Dependency.new(
-            name: dep[1],
-            requirement: dep[2],
-            type: name.downcase,
+            name: match[1],
+            requirement: requirement,
+            type: type,
             source: source,
             platform: platform_name
           )
-        end
+        end.compact
       end
     end
   end

data/lib/bibliothecary/parsers/docker.rb

@@ -23,8 +23,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
 
       def self.parse_docker_compose(file_contents, options: {})
         source = options.fetch(:filename, 'docker-compose.yml')

data/lib/bibliothecary/parsers/dub.rb

@@ -1,19 +1,19 @@
 # frozen_string_literal: true
 
 require "json"
-require "sdl_parser"
 
 module Bibliothecary
   module Parsers
     class Dub
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
+
+      SDL_DEPENDENCY_REGEXP = /^dependency\s+"([^"]+)"(?:\s+version="([^"]+)")?/
 
       def self.mapping
         {
           match_filename("dub.json") => {
             kind: "manifest",
-            parser: :parse_json_runtime_manifest,
+            parser: :parse_json_manifest,
           },
           match_filename("dub.sdl") => {
             kind: "manifest",
@@ -22,13 +22,38 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
+      def self.parse_json_manifest(file_contents, options: {})
+        manifest = JSON.parse(file_contents)
+        dependencies = manifest.fetch("dependencies", {}).map do |name, requirement|
+          Dependency.new(
+            name: name,
+            requirement: requirement,
+            type: "runtime",
+            source: options.fetch(:filename, nil),
+            platform: platform_name
+          )
+        end
+        ParserResult.new(dependencies: dependencies)
+      end
 
       def self.parse_sdl_manifest(file_contents, options: {})
-        ParserResult.new(
-          dependencies: SdlParser.new(:runtime, file_contents, platform_name, options.fetch(:filename, nil)).dependencies
-        )
+        source = options.fetch(:filename, nil)
+        deps = []
+
+        file_contents.each_line do |line|
+          match = line.match(SDL_DEPENDENCY_REGEXP)
+          next unless match
+
+          deps << Dependency.new(
+            platform: platform_name,
+            name: match[1],
+            requirement: match[2] || ">= 0",
+            type: :runtime,
+            source: source
+          )
+        end
+
+        ParserResult.new(dependencies: deps.uniq)
       end
     end
   end

data/lib/bibliothecary/parsers/dvc.rb

@@ -15,8 +15,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
 
       def self.parse_dvc_yaml(file_contents, options: {})
         source = options.fetch(:filename, 'dvc.yaml')

data/lib/bibliothecary/parsers/elm.rb

@@ -6,7 +6,6 @@ module Bibliothecary
   module Parsers
     class Elm
       include Bibliothecary::Analyser
-      extend Bibliothecary::MultiParsers::JSONRuntime
 
       def self.mapping
         {
@@ -21,8 +20,19 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
+      def self.parse_json_runtime_manifest(file_contents, options: {})
+        manifest = JSON.parse(file_contents)
+        dependencies = manifest.fetch("dependencies", {}).map do |name, requirement|
+          Dependency.new(
+            name: name,
+            requirement: requirement,
+            type: "runtime",
+            source: options.fetch(:filename, nil),
+            platform: platform_name
+          )
+        end
+        ParserResult.new(dependencies: dependencies)
+      end
 
       def self.parse_json_lock(file_contents, options: {})
         manifest = JSON.parse file_contents

data/lib/bibliothecary/parsers/go.rb

@@ -72,9 +72,6 @@ module Bibliothecary
         }
       end
 
-      add_multi_parser(Bibliothecary::MultiParsers::CycloneDX)
-      add_multi_parser(Bibliothecary::MultiParsers::Spdx)
-      add_multi_parser(Bibliothecary::MultiParsers::DependenciesCSV)
 
       def self.parse_godep_json(file_contents, options: {})
         manifest = JSON.parse file_contents
@@ -132,8 +129,20 @@ module Bibliothecary
       end
 
       def self.parse_dep_lockfile(file_contents, options: {})
-        manifest = Tomlrb.parse file_contents
-        dependencies = map_dependencies(manifest, "projects", "name", "revision", "runtime", options.fetch(:filename, nil))
+        dependencies = []
+        # Split into [[projects]] blocks and extract fields from each
+        file_contents.split(/\[\[projects\]\]/).drop(1).each do |block|
+          name = block[/name\s*=\s*"([^"]+)"/, 1]
+          revision = block[/revision\s*=\s*"([^"]+)"/, 1]
+
+          dependencies << Dependency.new(
+            platform: platform_name,
+            name: name,
+            requirement: revision,
+            type: "runtime",
+            source: options.fetch(:filename, nil)
+          )
+        end
         ParserResult.new(dependencies: dependencies)
       end