spandx 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -3
- data/lib/spandx/commands/scan.rb +4 -1
- data/lib/spandx/dependency.rb +21 -0
- data/lib/spandx/gateways/nuget.rb +55 -0
- data/lib/spandx/gateways/rubygems.rb +30 -0
- data/lib/spandx/parsers/csproj.rb +39 -0
- data/lib/spandx/parsers/gemfile_lock.rb +23 -14
- data/lib/spandx/parsers/packages_config.rb +37 -0
- data/lib/spandx/parsers/pipfile_lock.rb +3 -3
- data/lib/spandx/parsers.rb +9 -1
- data/lib/spandx/report.rb +2 -6
- data/lib/spandx/version.rb +1 -1
- data/lib/spandx.rb +6 -0
- data/spandx.gemspec +8 -4
- metadata +62 -26
- data/.github/workflows/ci.yml +0 -13
- data/.gitignore +0 -12
- data/.gitlab-ci.yml +0 -8
- data/.rspec +0 -3
- data/.rubocop.yml +0 -74
- data/Gemfile +0 -6
- data/Gemfile.lock +0 -74
- data/Rakefile +0 -13
- data/bin/cibuild +0 -19
- data/bin/console +0 -15
- data/bin/lint +0 -11
- data/bin/setup +0 -6
- data/bin/shipit +0 -10
- data/bin/test +0 -13
- data/lib/spandx/commands/.gitkeep +0 -0
- data/lib/spandx/templates/.gitkeep +0 -0
- data/lib/spandx/templates/scan/.gitkeep +0 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d69d6fb64c5305d1fa1131f35369cfb1d30003ec838da0098dd345fbad434024
|
4
|
+
data.tar.gz: a97bc7e6243841a4fe0bddfd5c9141c533474840c91cf4b84961d5a9f327ad90
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 06ce13d505da615593595b72ed44d0c0d409315eefdbbb69af9ea092a1d7230659c9a34d5492430bd748b4dfc0555a0b1ae28d7b2395172e202591efac2259c2
|
7
|
+
data.tar.gz: cc6e3ab63d93668286ff133fc46c3c7fcaa41498c0d44ae1d92b362839d4faaa010d25d4f4b7d5d566f164b295db2f776e98a23c0a3b6cbc476f1033bd92e8eb
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.1.
|
1
|
+
Version 0.1.4
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
All notable changes to this project will be documented in this file.
|
@@ -7,7 +7,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
7
7
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
8
8
|
|
9
9
|
## [Unreleased]
|
10
|
-
|
10
|
+
### Added
|
11
|
+
|
12
|
+
## [0.1.4] - 2020-01-22
|
13
|
+
### Added
|
14
|
+
- Add dependency on bundler
|
15
|
+
- Scan nuget `packages.config` files
|
16
|
+
- Scan dotnet `*.csproj` files
|
17
|
+
- Pull ruby gem license info from rubygems.org API V2.
|
11
18
|
|
12
19
|
## [0.1.3] - 2020-01-16
|
13
20
|
### Added
|
@@ -24,7 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
24
31
|
### Added
|
25
32
|
- Provide ruby API to the latest SPDX catalogue.
|
26
33
|
|
27
|
-
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.1.
|
34
|
+
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.1.4...HEAD
|
35
|
+
[0.1.3]: https://github.com/mokhan/spandx/compare/v0.1.3...v0.1.4
|
28
36
|
[0.1.3]: https://github.com/mokhan/spandx/compare/v0.1.2...v0.1.3
|
29
37
|
[0.1.2]: https://github.com/mokhan/spandx/compare/v0.1.1...v0.1.2
|
30
38
|
[0.1.1]: https://github.com/mokhan/spandx/compare/v0.1.0...v0.1.1
|
data/lib/spandx/commands/scan.rb
CHANGED
@@ -14,7 +14,10 @@ module Spandx
|
|
14
14
|
if lockfile.nil?
|
15
15
|
output.puts 'OK'
|
16
16
|
else
|
17
|
-
report =
|
17
|
+
report = Report.new
|
18
|
+
Parsers.for(lockfile).parse(lockfile).each do |dependency|
|
19
|
+
report.add(dependency)
|
20
|
+
end
|
18
21
|
output.puts report.to_json
|
19
22
|
end
|
20
23
|
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
class Dependency
|
5
|
+
attr_reader :name, :version, :licenses
|
6
|
+
|
7
|
+
def initialize(name:, version:, licenses: [])
|
8
|
+
@name = name
|
9
|
+
@version = version
|
10
|
+
@licenses = licenses
|
11
|
+
end
|
12
|
+
|
13
|
+
def to_h
|
14
|
+
{
|
15
|
+
name: name,
|
16
|
+
version: version,
|
17
|
+
licenses: licenses.map(&:id)
|
18
|
+
}
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Gateways
|
5
|
+
# https://api.nuget.org/v3-flatcontainer/#{name}/#{version}/#{name}.nuspec
|
6
|
+
# https://api.nuget.org/v3-flatcontainer/#{package.name}/index.json
|
7
|
+
# https://docs.microsoft.com/en-us/nuget/api/package-base-address-resource
|
8
|
+
class Nuget
|
9
|
+
def initialize(http: Spandx.http)
|
10
|
+
@http = http
|
11
|
+
end
|
12
|
+
|
13
|
+
def licenses_for(name, version)
|
14
|
+
document = nuspec_for(name, version)
|
15
|
+
|
16
|
+
exact_licenses_from(document) ||
|
17
|
+
guess_licenses_from(document)
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
attr_reader :http
|
23
|
+
|
24
|
+
def nuspec_url_for(name, version)
|
25
|
+
"https://api.nuget.org/v3-flatcontainer/#{name}/#{version}/#{name}.nuspec"
|
26
|
+
end
|
27
|
+
|
28
|
+
def nuspec_for(name, version)
|
29
|
+
from_xml(http.get(nuspec_url_for(name, version)).body)
|
30
|
+
end
|
31
|
+
|
32
|
+
def guess_license_in(content)
|
33
|
+
Licensee::ProjectFiles::LicenseFile.new(content).license.key.upcase
|
34
|
+
end
|
35
|
+
|
36
|
+
def from_xml(xml)
|
37
|
+
Nokogiri::XML(xml).tap(&:remove_namespaces!)
|
38
|
+
end
|
39
|
+
|
40
|
+
def exact_licenses_from(document)
|
41
|
+
if (licenses = document.search('//package/metadata/license')).any?
|
42
|
+
return licenses.map(&:text)
|
43
|
+
end
|
44
|
+
|
45
|
+
nil
|
46
|
+
end
|
47
|
+
|
48
|
+
def guess_licenses_from(document)
|
49
|
+
document
|
50
|
+
.search('//package/metadata/licenseUrl')
|
51
|
+
.map { |node| guess_license_in(Spandx.http.get(node.text).body) }
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Gateways
|
5
|
+
# https://guides.rubygems.org/rubygems-org-api-v2/
|
6
|
+
class Rubygems
|
7
|
+
def initialize(http: Spandx.http)
|
8
|
+
@http = http
|
9
|
+
end
|
10
|
+
|
11
|
+
def licenses_for(name, version)
|
12
|
+
details_on(name, version).fetch('licenses', [])
|
13
|
+
end
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
attr_reader :http
|
18
|
+
|
19
|
+
def details_on(name, version)
|
20
|
+
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
21
|
+
response = http.get(url, default: {})
|
22
|
+
http.ok?(response) ? parse(response.body) : {}
|
23
|
+
end
|
24
|
+
|
25
|
+
def parse(json)
|
26
|
+
JSON.parse(json)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Parsers
|
5
|
+
class Csproj < Base
|
6
|
+
def self.matches?(filename)
|
7
|
+
filename.match?(/.*\.csproj/)
|
8
|
+
end
|
9
|
+
|
10
|
+
def parse(lockfile)
|
11
|
+
document = from_xml(IO.read(lockfile))
|
12
|
+
document.search('//PackageReference').map do |node|
|
13
|
+
name = attribute_for('Include', node)
|
14
|
+
version = attribute_for('Version', node)
|
15
|
+
Dependency.new(
|
16
|
+
name: name,
|
17
|
+
version: version,
|
18
|
+
licenses: nuget.licenses_for(name, version).map { |x| catalogue[x] }
|
19
|
+
)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def from_xml(xml)
|
26
|
+
Nokogiri::XML(xml)
|
27
|
+
end
|
28
|
+
|
29
|
+
def attribute_for(key, node)
|
30
|
+
node.attribute(key)&.value&.strip ||
|
31
|
+
node.at_xpath("./#{key}")&.content&.strip
|
32
|
+
end
|
33
|
+
|
34
|
+
def nuget
|
35
|
+
@nuget ||= Gateways::Nuget.new
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -3,31 +3,40 @@
|
|
3
3
|
module Spandx
|
4
4
|
module Parsers
|
5
5
|
class GemfileLock < Base
|
6
|
+
STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n) (?<major>\d+)\.\d+\.\d+/m.freeze
|
7
|
+
|
6
8
|
def self.matches?(filename)
|
7
|
-
filename.match?(/Gemfile.*\.lock/)
|
9
|
+
filename.match?(/Gemfile.*\.lock/) ||
|
10
|
+
filename.match?(/gems.*\.lock/)
|
8
11
|
end
|
9
12
|
|
10
13
|
def parse(lockfile)
|
11
|
-
|
12
|
-
dependencies_from(
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
licenses: [catalogue[spec.license]]
|
14
|
+
content = IO.read(lockfile)
|
15
|
+
dependencies_from(content).map do |specification|
|
16
|
+
Dependency.new(
|
17
|
+
name: specification.name,
|
18
|
+
version: specification.version.to_s,
|
19
|
+
licenses: licenses_for(specification)
|
18
20
|
)
|
19
21
|
end
|
20
|
-
report
|
21
22
|
end
|
22
23
|
|
23
24
|
private
|
24
25
|
|
25
|
-
def dependencies_from(
|
26
|
+
def dependencies_from(content)
|
26
27
|
::Bundler::LockfileParser
|
27
|
-
.new(
|
28
|
-
.
|
29
|
-
|
30
|
-
|
28
|
+
.new(content.sub(STRIP_BUNDLED_WITH, ''))
|
29
|
+
.specs
|
30
|
+
end
|
31
|
+
|
32
|
+
def licenses_for(specification)
|
33
|
+
rubygems
|
34
|
+
.licenses_for(specification.name, specification.version.to_s)
|
35
|
+
.map { |x| catalogue[x] }
|
36
|
+
end
|
37
|
+
|
38
|
+
def rubygems
|
39
|
+
@rubygems ||= Gateways::Rubygems.new
|
31
40
|
end
|
32
41
|
end
|
33
42
|
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Parsers
|
5
|
+
class PackagesConfig < Base
|
6
|
+
def self.matches?(filename)
|
7
|
+
filename.match?(/packages\.config/)
|
8
|
+
end
|
9
|
+
|
10
|
+
def parse(lockfile)
|
11
|
+
Nokogiri::XML(IO.read(lockfile))
|
12
|
+
.search('//package')
|
13
|
+
.map { |node| map_from(node) }
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
|
18
|
+
def map_from(node)
|
19
|
+
name = attribute_for('id', node)
|
20
|
+
version = attribute_for('version', node)
|
21
|
+
Dependency.new(
|
22
|
+
name: name,
|
23
|
+
version: version,
|
24
|
+
licenses: nuget.licenses_for(name, version).map { |x| catalogue[x] }
|
25
|
+
)
|
26
|
+
end
|
27
|
+
|
28
|
+
def attribute_for(key, node)
|
29
|
+
node.attribute(key)&.value&.strip || node.at_xpath("./#{key}")&.content&.strip
|
30
|
+
end
|
31
|
+
|
32
|
+
def nuget
|
33
|
+
@nuget ||= Gateways::Nuget.new
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -8,15 +8,15 @@ module Spandx
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def parse(lockfile)
|
11
|
-
|
11
|
+
results = []
|
12
12
|
dependencies_from(lockfile) do |x|
|
13
|
-
|
13
|
+
results << Dependency.new(
|
14
14
|
name: x[:name],
|
15
15
|
version: x[:version],
|
16
16
|
licenses: x[:licenses]
|
17
17
|
)
|
18
18
|
end
|
19
|
-
|
19
|
+
results
|
20
20
|
end
|
21
21
|
|
22
22
|
private
|
data/lib/spandx/parsers.rb
CHANGED
@@ -1,18 +1,26 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'spandx/parsers/base'
|
4
|
+
require 'spandx/parsers/csproj'
|
4
5
|
require 'spandx/parsers/gemfile_lock'
|
6
|
+
require 'spandx/parsers/packages_config'
|
5
7
|
require 'spandx/parsers/pipfile_lock'
|
6
8
|
|
7
9
|
module Spandx
|
8
10
|
module Parsers
|
11
|
+
UNKNOWN = Class.new do
|
12
|
+
def self.parse(*_args)
|
13
|
+
[]
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
9
17
|
class << self
|
10
18
|
def for(path, catalogue: Spandx::Catalogue.latest)
|
11
19
|
result = ::Spandx::Parsers::Base.find do |x|
|
12
20
|
x.matches?(File.basename(path))
|
13
21
|
end
|
14
22
|
|
15
|
-
result&.new(catalogue: catalogue)
|
23
|
+
result&.new(catalogue: catalogue) || UNKNOWN
|
16
24
|
end
|
17
25
|
end
|
18
26
|
end
|
data/lib/spandx/report.rb
CHANGED
@@ -6,12 +6,8 @@ module Spandx
|
|
6
6
|
@report = report
|
7
7
|
end
|
8
8
|
|
9
|
-
def add(
|
10
|
-
@report[:packages].push(
|
11
|
-
name: name,
|
12
|
-
version: version,
|
13
|
-
licenses: licenses.map(&:id)
|
14
|
-
)
|
9
|
+
def add(dependency)
|
10
|
+
@report[:packages].push(dependency.to_h)
|
15
11
|
end
|
16
12
|
|
17
13
|
def to_h
|
data/lib/spandx/version.rb
CHANGED
data/lib/spandx.rb
CHANGED
@@ -1,13 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'bundler'
|
3
4
|
require 'forwardable'
|
4
5
|
require 'json'
|
6
|
+
require 'licensee'
|
5
7
|
require 'net/hippie'
|
8
|
+
require 'nokogiri'
|
6
9
|
require 'pathname'
|
7
10
|
|
8
11
|
require 'spandx/catalogue'
|
12
|
+
require 'spandx/dependency'
|
9
13
|
require 'spandx/gateways/http'
|
14
|
+
require 'spandx/gateways/nuget'
|
10
15
|
require 'spandx/gateways/pypi'
|
16
|
+
require 'spandx/gateways/rubygems'
|
11
17
|
require 'spandx/gateways/spdx'
|
12
18
|
require 'spandx/license'
|
13
19
|
require 'spandx/parsers'
|
data/spandx.gemspec
CHANGED
@@ -19,22 +19,26 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
|
20
20
|
spec.metadata['changelog_uri'] = 'https://github.com/mokhan/spandx/blob/master/CHANGELOG.md'
|
21
21
|
|
22
|
-
# Specify which files should be added to the gem when it is released.
|
23
|
-
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
24
22
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
25
|
-
|
23
|
+
Dir.glob('exe/*') +
|
24
|
+
Dir.glob('lib/**/**/*.{rb}') +
|
25
|
+
Dir.glob('*.{md,gemspec,txt}')
|
26
26
|
end
|
27
|
+
|
27
28
|
spec.bindir = 'exe'
|
28
29
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
29
30
|
spec.require_paths = ['lib']
|
30
31
|
|
32
|
+
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
33
|
+
spec.add_dependency 'licensee', '~> 9.13'
|
31
34
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
35
|
+
spec.add_dependency 'nokogiri', '~> 1.10'
|
32
36
|
spec.add_dependency 'thor', '~> 0.1'
|
33
|
-
spec.add_development_dependency 'bundler', '~> 2.0'
|
34
37
|
spec.add_development_dependency 'bundler-audit', '~> 0.6'
|
35
38
|
spec.add_development_dependency 'rake', '~> 13.0'
|
36
39
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
37
40
|
spec.add_development_dependency 'rubocop', '~> 0.52'
|
38
41
|
spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
|
42
|
+
spec.add_development_dependency 'vcr', '~> 5.0'
|
39
43
|
spec.add_development_dependency 'webmock', '~> 3.7'
|
40
44
|
end
|
metadata
CHANGED
@@ -1,15 +1,49 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-01-
|
11
|
+
date: 2020-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.16'
|
20
|
+
- - "<"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 3.0.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.16'
|
30
|
+
- - "<"
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 3.0.0
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: licensee
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '9.13'
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '9.13'
|
13
47
|
- !ruby/object:Gem::Dependency
|
14
48
|
name: net-hippie
|
15
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -25,33 +59,33 @@ dependencies:
|
|
25
59
|
- !ruby/object:Gem::Version
|
26
60
|
version: '0.3'
|
27
61
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
62
|
+
name: nokogiri
|
29
63
|
requirement: !ruby/object:Gem::Requirement
|
30
64
|
requirements:
|
31
65
|
- - "~>"
|
32
66
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
67
|
+
version: '1.10'
|
34
68
|
type: :runtime
|
35
69
|
prerelease: false
|
36
70
|
version_requirements: !ruby/object:Gem::Requirement
|
37
71
|
requirements:
|
38
72
|
- - "~>"
|
39
73
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
74
|
+
version: '1.10'
|
41
75
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
76
|
+
name: thor
|
43
77
|
requirement: !ruby/object:Gem::Requirement
|
44
78
|
requirements:
|
45
79
|
- - "~>"
|
46
80
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
48
|
-
type: :
|
81
|
+
version: '0.1'
|
82
|
+
type: :runtime
|
49
83
|
prerelease: false
|
50
84
|
version_requirements: !ruby/object:Gem::Requirement
|
51
85
|
requirements:
|
52
86
|
- - "~>"
|
53
87
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
88
|
+
version: '0.1'
|
55
89
|
- !ruby/object:Gem::Dependency
|
56
90
|
name: bundler-audit
|
57
91
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +156,20 @@ dependencies:
|
|
122
156
|
- - "~>"
|
123
157
|
- !ruby/object:Gem::Version
|
124
158
|
version: '1.22'
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: vcr
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - "~>"
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '5.0'
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - "~>"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '5.0'
|
125
173
|
- !ruby/object:Gem::Dependency
|
126
174
|
name: webmock
|
127
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -144,41 +192,29 @@ executables:
|
|
144
192
|
extensions: []
|
145
193
|
extra_rdoc_files: []
|
146
194
|
files:
|
147
|
-
- ".github/workflows/ci.yml"
|
148
|
-
- ".gitignore"
|
149
|
-
- ".gitlab-ci.yml"
|
150
|
-
- ".rspec"
|
151
|
-
- ".rubocop.yml"
|
152
195
|
- CHANGELOG.md
|
153
|
-
- Gemfile
|
154
|
-
- Gemfile.lock
|
155
196
|
- LICENSE.txt
|
156
197
|
- README.md
|
157
|
-
- Rakefile
|
158
|
-
- bin/cibuild
|
159
|
-
- bin/console
|
160
|
-
- bin/lint
|
161
|
-
- bin/setup
|
162
|
-
- bin/shipit
|
163
|
-
- bin/test
|
164
198
|
- exe/spandx
|
165
199
|
- lib/spandx.rb
|
166
200
|
- lib/spandx/catalogue.rb
|
167
201
|
- lib/spandx/cli.rb
|
168
202
|
- lib/spandx/command.rb
|
169
|
-
- lib/spandx/commands/.gitkeep
|
170
203
|
- lib/spandx/commands/scan.rb
|
204
|
+
- lib/spandx/dependency.rb
|
171
205
|
- lib/spandx/gateways/http.rb
|
206
|
+
- lib/spandx/gateways/nuget.rb
|
172
207
|
- lib/spandx/gateways/pypi.rb
|
208
|
+
- lib/spandx/gateways/rubygems.rb
|
173
209
|
- lib/spandx/gateways/spdx.rb
|
174
210
|
- lib/spandx/license.rb
|
175
211
|
- lib/spandx/parsers.rb
|
176
212
|
- lib/spandx/parsers/base.rb
|
213
|
+
- lib/spandx/parsers/csproj.rb
|
177
214
|
- lib/spandx/parsers/gemfile_lock.rb
|
215
|
+
- lib/spandx/parsers/packages_config.rb
|
178
216
|
- lib/spandx/parsers/pipfile_lock.rb
|
179
217
|
- lib/spandx/report.rb
|
180
|
-
- lib/spandx/templates/.gitkeep
|
181
|
-
- lib/spandx/templates/scan/.gitkeep
|
182
218
|
- lib/spandx/version.rb
|
183
219
|
- spandx.gemspec
|
184
220
|
homepage: https://github.com/mokhan/spandx
|
data/.github/workflows/ci.yml
DELETED
data/.gitignore
DELETED
data/.gitlab-ci.yml
DELETED
data/.rspec
DELETED
data/.rubocop.yml
DELETED
@@ -1,74 +0,0 @@
|
|
1
|
-
require:
|
2
|
-
- rubocop-rspec
|
3
|
-
|
4
|
-
AllCops:
|
5
|
-
Exclude:
|
6
|
-
- 'pkg/**/*'
|
7
|
-
- 'spec/fixtures/**/*'
|
8
|
-
TargetRubyVersion: 2.6
|
9
|
-
|
10
|
-
Layout/ArgumentAlignment:
|
11
|
-
EnforcedStyle: with_fixed_indentation
|
12
|
-
|
13
|
-
Layout/ParameterAlignment:
|
14
|
-
Enabled: true
|
15
|
-
EnforcedStyle: with_fixed_indentation
|
16
|
-
IndentationWidth: 2
|
17
|
-
|
18
|
-
Layout/EndOfLine:
|
19
|
-
EnforcedStyle: lf
|
20
|
-
|
21
|
-
Layout/FirstArrayElementIndentation:
|
22
|
-
EnforcedStyle: consistent
|
23
|
-
|
24
|
-
Layout/MultilineMethodCallIndentation:
|
25
|
-
Enabled: true
|
26
|
-
EnforcedStyle: indented
|
27
|
-
|
28
|
-
Lint/AmbiguousBlockAssociation:
|
29
|
-
Exclude:
|
30
|
-
- 'spec/**/*.rb'
|
31
|
-
|
32
|
-
Metrics/BlockLength:
|
33
|
-
Exclude:
|
34
|
-
- '*.gemspec'
|
35
|
-
- 'Rakefile'
|
36
|
-
- 'spec/**/*.rb'
|
37
|
-
|
38
|
-
Metrics/ModuleLength:
|
39
|
-
Exclude:
|
40
|
-
- 'spec/**/*.rb'
|
41
|
-
|
42
|
-
Metrics/LineLength:
|
43
|
-
Exclude:
|
44
|
-
- 'spec/**/*.rb'
|
45
|
-
IgnoredPatterns:
|
46
|
-
- '^#*'
|
47
|
-
|
48
|
-
Naming/RescuedExceptionsVariableName:
|
49
|
-
PreferredName: error
|
50
|
-
|
51
|
-
Style/Documentation:
|
52
|
-
Enabled: false
|
53
|
-
|
54
|
-
Style/StringLiterals:
|
55
|
-
EnforcedStyle: 'single_quotes'
|
56
|
-
|
57
|
-
Style/TrailingCommaInArrayLiteral:
|
58
|
-
Enabled: false
|
59
|
-
|
60
|
-
Style/TrailingCommaInHashLiteral:
|
61
|
-
Enabled: false
|
62
|
-
|
63
|
-
RSpec/ExampleLength:
|
64
|
-
Max: 80
|
65
|
-
|
66
|
-
RSpec/NamedSubject:
|
67
|
-
Enabled: false
|
68
|
-
|
69
|
-
RSpec/FilePath:
|
70
|
-
Enabled: false
|
71
|
-
|
72
|
-
RSpec/DescribeClass:
|
73
|
-
Exclude:
|
74
|
-
- 'spec/integration/**/*'
|
data/Gemfile
DELETED
data/Gemfile.lock
DELETED
@@ -1,74 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
spandx (0.1.3)
|
5
|
-
net-hippie (~> 0.3)
|
6
|
-
thor (~> 0.1)
|
7
|
-
|
8
|
-
GEM
|
9
|
-
remote: https://rubygems.org/
|
10
|
-
specs:
|
11
|
-
addressable (2.7.0)
|
12
|
-
public_suffix (>= 2.0.2, < 5.0)
|
13
|
-
ast (2.4.0)
|
14
|
-
bundler-audit (0.6.1)
|
15
|
-
bundler (>= 1.2.0, < 3)
|
16
|
-
thor (~> 0.18)
|
17
|
-
crack (0.4.3)
|
18
|
-
safe_yaml (~> 1.0.0)
|
19
|
-
diff-lcs (1.3)
|
20
|
-
hashdiff (1.0.0)
|
21
|
-
jaro_winkler (1.5.4)
|
22
|
-
net-hippie (0.3.1)
|
23
|
-
parallel (1.19.1)
|
24
|
-
parser (2.7.0.0)
|
25
|
-
ast (~> 2.4.0)
|
26
|
-
public_suffix (4.0.2)
|
27
|
-
rainbow (3.0.0)
|
28
|
-
rake (13.0.1)
|
29
|
-
rspec (3.9.0)
|
30
|
-
rspec-core (~> 3.9.0)
|
31
|
-
rspec-expectations (~> 3.9.0)
|
32
|
-
rspec-mocks (~> 3.9.0)
|
33
|
-
rspec-core (3.9.0)
|
34
|
-
rspec-support (~> 3.9.0)
|
35
|
-
rspec-expectations (3.9.0)
|
36
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
37
|
-
rspec-support (~> 3.9.0)
|
38
|
-
rspec-mocks (3.9.0)
|
39
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
40
|
-
rspec-support (~> 3.9.0)
|
41
|
-
rspec-support (3.9.0)
|
42
|
-
rubocop (0.78.0)
|
43
|
-
jaro_winkler (~> 1.5.1)
|
44
|
-
parallel (~> 1.10)
|
45
|
-
parser (>= 2.6)
|
46
|
-
rainbow (>= 2.2.2, < 4.0)
|
47
|
-
ruby-progressbar (~> 1.7)
|
48
|
-
unicode-display_width (>= 1.4.0, < 1.7)
|
49
|
-
rubocop-rspec (1.37.1)
|
50
|
-
rubocop (>= 0.68.1)
|
51
|
-
ruby-progressbar (1.10.1)
|
52
|
-
safe_yaml (1.0.5)
|
53
|
-
thor (0.20.3)
|
54
|
-
unicode-display_width (1.6.0)
|
55
|
-
webmock (3.7.6)
|
56
|
-
addressable (>= 2.3.6)
|
57
|
-
crack (>= 0.3.2)
|
58
|
-
hashdiff (>= 0.4.0, < 2.0.0)
|
59
|
-
|
60
|
-
PLATFORMS
|
61
|
-
ruby
|
62
|
-
|
63
|
-
DEPENDENCIES
|
64
|
-
bundler (~> 2.0)
|
65
|
-
bundler-audit (~> 0.6)
|
66
|
-
rake (~> 13.0)
|
67
|
-
rspec (~> 3.0)
|
68
|
-
rubocop (~> 0.52)
|
69
|
-
rubocop-rspec (~> 1.22)
|
70
|
-
spandx!
|
71
|
-
webmock (~> 3.7)
|
72
|
-
|
73
|
-
BUNDLED WITH
|
74
|
-
2.1.2
|
data/Rakefile
DELETED
@@ -1,13 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'bundler/audit/task'
|
4
|
-
require 'bundler/gem_tasks'
|
5
|
-
require 'rspec/core/rake_task'
|
6
|
-
require 'rubocop/rake_task'
|
7
|
-
|
8
|
-
RSpec::Core::RakeTask.new(:spec)
|
9
|
-
RuboCop::RakeTask.new(:rubocop)
|
10
|
-
Bundler::Audit::Task.new
|
11
|
-
|
12
|
-
task lint: [:rubocop, 'bundle:audit']
|
13
|
-
task default: :spec
|
data/bin/cibuild
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
#!/bin/sh
|
2
|
-
|
3
|
-
set -e
|
4
|
-
|
5
|
-
cd "$(dirname "$0")/.."
|
6
|
-
|
7
|
-
echo [$(date "+%H:%M:%S")] "==> Started at…"
|
8
|
-
|
9
|
-
# GC customizations
|
10
|
-
export RUBY_GC_MALLOC_LIMIT=79000000
|
11
|
-
export RUBY_GC_HEAP_INIT_SLOTS=800000
|
12
|
-
export RUBY_HEAP_FREE_MIN=100000
|
13
|
-
export RUBY_HEAP_SLOTS_INCREMENT=400000
|
14
|
-
export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
|
15
|
-
|
16
|
-
ruby -v
|
17
|
-
gem install bundler --conservative -v '~> 2.0'
|
18
|
-
bin/test
|
19
|
-
bin/lint
|
data/bin/console
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'bundler/setup'
|
5
|
-
require 'spandx'
|
6
|
-
|
7
|
-
# You can add fixtures and/or initialization code here to make experimenting
|
8
|
-
# with your gem easier. You can also use a different console, if you like.
|
9
|
-
|
10
|
-
# (If you use this, don't forget to add pry to your Gemfile!)
|
11
|
-
# require "pry"
|
12
|
-
# Pry.start
|
13
|
-
|
14
|
-
require 'irb'
|
15
|
-
IRB.start(__FILE__)
|
data/bin/lint
DELETED
data/bin/setup
DELETED
data/bin/shipit
DELETED
data/bin/test
DELETED
File without changes
|
File without changes
|
@@ -1 +0,0 @@
|
|
1
|
-
#
|