spandx 0.11.0 → 0.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -2
- data/README.md +59 -2
- data/exe/spandx +3 -4
- data/lib/spandx.rb +13 -32
- data/lib/spandx/cli.rb +1 -30
- data/lib/spandx/cli/commands/build.rb +41 -0
- data/lib/spandx/cli/commands/pull.rb +21 -0
- data/lib/spandx/cli/commands/scan.rb +17 -2
- data/lib/spandx/cli/main.rb +54 -0
- data/lib/spandx/core/cache.rb +3 -3
- data/lib/spandx/core/circuit.rb +34 -0
- data/lib/spandx/core/dependency.rb +32 -7
- data/lib/spandx/core/gateway.rb +19 -0
- data/lib/spandx/core/{database.rb → git.rb} +7 -2
- data/lib/spandx/core/guess.rb +42 -4
- data/lib/spandx/core/http.rb +30 -5
- data/lib/spandx/core/license_plugin.rb +54 -0
- data/lib/spandx/core/null_gateway.rb +11 -0
- data/lib/spandx/core/parser.rb +8 -25
- data/lib/spandx/core/plugin.rb +15 -0
- data/lib/spandx/core/registerable.rb +27 -0
- data/lib/spandx/core/report.rb +30 -6
- data/lib/spandx/core/table.rb +29 -0
- data/lib/spandx/dotnet/index.rb +10 -5
- data/lib/spandx/dotnet/nuget_gateway.rb +20 -31
- data/lib/spandx/dotnet/parsers/csproj.rb +3 -12
- data/lib/spandx/dotnet/parsers/packages_config.rb +2 -10
- data/lib/spandx/dotnet/parsers/sln.rb +2 -2
- data/lib/spandx/java/gateway.rb +37 -0
- data/lib/spandx/java/index.rb +84 -2
- data/lib/spandx/java/metadata.rb +6 -3
- data/lib/spandx/java/parsers/maven.rb +11 -21
- data/lib/spandx/js/parsers/npm.rb +39 -0
- data/lib/spandx/js/parsers/yarn.rb +30 -0
- data/lib/spandx/js/yarn_lock.rb +67 -0
- data/lib/spandx/js/yarn_pkg.rb +59 -0
- data/lib/spandx/php/packagist_gateway.rb +25 -0
- data/lib/spandx/php/parsers/composer.rb +33 -0
- data/lib/spandx/python/index.rb +78 -0
- data/lib/spandx/python/parsers/pipfile_lock.rb +12 -16
- data/lib/spandx/python/pypi.rb +91 -8
- data/lib/spandx/python/source.rb +5 -1
- data/lib/spandx/{rubygems → ruby}/gateway.rb +8 -9
- data/lib/spandx/{rubygems → ruby}/parsers/gemfile_lock.rb +14 -16
- data/lib/spandx/spdx/catalogue.rb +1 -1
- data/lib/spandx/spdx/license.rb +12 -2
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +4 -1
- metadata +66 -10
- data/lib/spandx/cli/command.rb +0 -65
- data/lib/spandx/cli/commands/index.rb +0 -36
- data/lib/spandx/cli/commands/index/build.rb +0 -32
- data/lib/spandx/cli/commands/index/update.rb +0 -27
data/lib/spandx/python/source.rb
CHANGED
@@ -1,26 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Spandx
|
4
|
-
module
|
5
|
-
class Gateway
|
4
|
+
module Ruby
|
5
|
+
class Gateway < ::Spandx::Core::Gateway
|
6
6
|
# https://guides.rubygems.org/rubygems-org-api-v2/
|
7
7
|
def initialize(http: Spandx.http)
|
8
8
|
@http = http
|
9
9
|
end
|
10
10
|
|
11
|
-
def licenses_for(
|
12
|
-
|
13
|
-
|
11
|
+
def licenses_for(dependency)
|
12
|
+
details_on(dependency.name, dependency.version)['licenses'] || []
|
13
|
+
end
|
14
|
+
|
15
|
+
def matches?(dependency)
|
16
|
+
dependency.package_manager == :rubygems
|
14
17
|
end
|
15
18
|
|
16
19
|
private
|
17
20
|
|
18
21
|
attr_reader :http
|
19
22
|
|
20
|
-
def cache
|
21
|
-
@cache ||= ::Spandx::Core::Cache.new(:rubygems, url: 'https://github.com/mokhan/spandx-rubygems.git')
|
22
|
-
end
|
23
|
-
|
24
23
|
def details_on(name, version)
|
25
24
|
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
26
25
|
response = http.get(url, default: {})
|
@@ -1,24 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Spandx
|
4
|
-
module
|
4
|
+
module Ruby
|
5
5
|
module Parsers
|
6
6
|
class GemfileLock < ::Spandx::Core::Parser
|
7
7
|
STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n) (?<major>\d+)\.\d+\.\d+/m.freeze
|
8
8
|
|
9
|
-
def
|
9
|
+
def matches?(filename)
|
10
10
|
filename.match?(/Gemfile.*\.lock/) ||
|
11
11
|
filename.match?(/gems.*\.lock/)
|
12
12
|
end
|
13
13
|
|
14
14
|
def parse(lockfile)
|
15
15
|
dependencies_from(lockfile).map do |specification|
|
16
|
-
|
17
|
-
name: specification.name,
|
18
|
-
version: specification.version.to_s,
|
19
|
-
licenses: licenses_for(specification),
|
20
|
-
meta: specification
|
21
|
-
)
|
16
|
+
map_from(specification)
|
22
17
|
end
|
23
18
|
end
|
24
19
|
|
@@ -33,14 +28,17 @@ module Spandx
|
|
33
28
|
end
|
34
29
|
end
|
35
30
|
|
36
|
-
def
|
37
|
-
|
38
|
-
|
39
|
-
.
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
31
|
+
def map_from(specification)
|
32
|
+
::Spandx::Core::Dependency.new(
|
33
|
+
package_manager: :rubygems,
|
34
|
+
name: specification.name,
|
35
|
+
version: specification.version.to_s,
|
36
|
+
meta: {
|
37
|
+
dependencies: specification.dependencies,
|
38
|
+
platform: specification.platform,
|
39
|
+
source: specification.source
|
40
|
+
}
|
41
|
+
)
|
44
42
|
end
|
45
43
|
end
|
46
44
|
end
|
data/lib/spandx/spdx/license.rb
CHANGED
@@ -65,8 +65,8 @@ module Spandx
|
|
65
65
|
@content ||= ::Spandx::Core::Content.new(raw_content)
|
66
66
|
end
|
67
67
|
|
68
|
-
def
|
69
|
-
@
|
68
|
+
def content=(value)
|
69
|
+
@content = ::Spandx::Core::Content.new(value)
|
70
70
|
end
|
71
71
|
|
72
72
|
def <=>(other)
|
@@ -76,6 +76,16 @@ module Spandx
|
|
76
76
|
def to_s
|
77
77
|
id
|
78
78
|
end
|
79
|
+
|
80
|
+
def self.unknown(text)
|
81
|
+
new(licenseId: 'Nonstandard', name: 'Unknown').tap { |x| x.content = text }
|
82
|
+
end
|
83
|
+
|
84
|
+
private
|
85
|
+
|
86
|
+
def raw_content
|
87
|
+
@raw_content ||= (Spandx.git[:spdx].read("text/#{id}.txt") || '')
|
88
|
+
end
|
79
89
|
end
|
80
90
|
end
|
81
91
|
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
|
|
14
14
|
spec.description = 'A ruby interface to the SPDX catalogue. With a CLI that can scan project lockfiles to list out software licenses for each dependency'
|
15
15
|
spec.homepage = 'https://github.com/mokhan/spandx'
|
16
16
|
spec.license = 'MIT'
|
17
|
-
spec.required_ruby_version = Gem::Requirement.new('>= 2.
|
17
|
+
spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
|
18
18
|
|
19
19
|
spec.metadata['homepage_uri'] = spec.homepage
|
20
20
|
spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
|
@@ -35,10 +35,13 @@ Gem::Specification.new do |spec|
|
|
35
35
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
36
36
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
37
37
|
spec.add_dependency 'thor'
|
38
|
+
spec.add_dependency 'zeitwerk', '~> 2.3'
|
38
39
|
|
39
40
|
spec.add_development_dependency 'bundler-audit', '~> 0.6'
|
41
|
+
spec.add_development_dependency 'byebug', '~> 11.1'
|
40
42
|
spec.add_development_dependency 'jaro_winkler', '~> 1.5'
|
41
43
|
spec.add_development_dependency 'licensed', '~> 2.8'
|
44
|
+
spec.add_development_dependency 'parallel_tests', '~> 2.32'
|
42
45
|
spec.add_development_dependency 'rake', '~> 13.0'
|
43
46
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
44
47
|
spec.add_development_dependency 'rspec-benchmark', '~> 0.5'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-04-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -86,6 +86,20 @@ dependencies:
|
|
86
86
|
- - ">="
|
87
87
|
- !ruby/object:Gem::Version
|
88
88
|
version: '0'
|
89
|
+
- !ruby/object:Gem::Dependency
|
90
|
+
name: zeitwerk
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - "~>"
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '2.3'
|
96
|
+
type: :runtime
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - "~>"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '2.3'
|
89
103
|
- !ruby/object:Gem::Dependency
|
90
104
|
name: bundler-audit
|
91
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,6 +114,20 @@ dependencies:
|
|
100
114
|
- - "~>"
|
101
115
|
- !ruby/object:Gem::Version
|
102
116
|
version: '0.6'
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: byebug
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '11.1'
|
124
|
+
type: :development
|
125
|
+
prerelease: false
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - "~>"
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: '11.1'
|
103
131
|
- !ruby/object:Gem::Dependency
|
104
132
|
name: jaro_winkler
|
105
133
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,6 +156,20 @@ dependencies:
|
|
128
156
|
- - "~>"
|
129
157
|
- !ruby/object:Gem::Version
|
130
158
|
version: '2.8'
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: parallel_tests
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - "~>"
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '2.32'
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - "~>"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '2.32'
|
131
173
|
- !ruby/object:Gem::Dependency
|
132
174
|
name: rake
|
133
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,20 +297,26 @@ files:
|
|
255
297
|
- exe/spandx
|
256
298
|
- lib/spandx.rb
|
257
299
|
- lib/spandx/cli.rb
|
258
|
-
- lib/spandx/cli/
|
259
|
-
- lib/spandx/cli/commands/
|
260
|
-
- lib/spandx/cli/commands/index/build.rb
|
261
|
-
- lib/spandx/cli/commands/index/update.rb
|
300
|
+
- lib/spandx/cli/commands/build.rb
|
301
|
+
- lib/spandx/cli/commands/pull.rb
|
262
302
|
- lib/spandx/cli/commands/scan.rb
|
303
|
+
- lib/spandx/cli/main.rb
|
263
304
|
- lib/spandx/core/cache.rb
|
305
|
+
- lib/spandx/core/circuit.rb
|
264
306
|
- lib/spandx/core/content.rb
|
265
|
-
- lib/spandx/core/database.rb
|
266
307
|
- lib/spandx/core/dependency.rb
|
308
|
+
- lib/spandx/core/gateway.rb
|
309
|
+
- lib/spandx/core/git.rb
|
267
310
|
- lib/spandx/core/guess.rb
|
268
311
|
- lib/spandx/core/http.rb
|
312
|
+
- lib/spandx/core/license_plugin.rb
|
313
|
+
- lib/spandx/core/null_gateway.rb
|
269
314
|
- lib/spandx/core/parser.rb
|
315
|
+
- lib/spandx/core/plugin.rb
|
316
|
+
- lib/spandx/core/registerable.rb
|
270
317
|
- lib/spandx/core/report.rb
|
271
318
|
- lib/spandx/core/score.rb
|
319
|
+
- lib/spandx/core/table.rb
|
272
320
|
- lib/spandx/dotnet/index.rb
|
273
321
|
- lib/spandx/dotnet/nuget_gateway.rb
|
274
322
|
- lib/spandx/dotnet/package_reference.rb
|
@@ -276,14 +324,22 @@ files:
|
|
276
324
|
- lib/spandx/dotnet/parsers/packages_config.rb
|
277
325
|
- lib/spandx/dotnet/parsers/sln.rb
|
278
326
|
- lib/spandx/dotnet/project_file.rb
|
327
|
+
- lib/spandx/java/gateway.rb
|
279
328
|
- lib/spandx/java/index.rb
|
280
329
|
- lib/spandx/java/metadata.rb
|
281
330
|
- lib/spandx/java/parsers/maven.rb
|
331
|
+
- lib/spandx/js/parsers/npm.rb
|
332
|
+
- lib/spandx/js/parsers/yarn.rb
|
333
|
+
- lib/spandx/js/yarn_lock.rb
|
334
|
+
- lib/spandx/js/yarn_pkg.rb
|
335
|
+
- lib/spandx/php/packagist_gateway.rb
|
336
|
+
- lib/spandx/php/parsers/composer.rb
|
337
|
+
- lib/spandx/python/index.rb
|
282
338
|
- lib/spandx/python/parsers/pipfile_lock.rb
|
283
339
|
- lib/spandx/python/pypi.rb
|
284
340
|
- lib/spandx/python/source.rb
|
285
|
-
- lib/spandx/
|
286
|
-
- lib/spandx/
|
341
|
+
- lib/spandx/ruby/gateway.rb
|
342
|
+
- lib/spandx/ruby/parsers/gemfile_lock.rb
|
287
343
|
- lib/spandx/spdx/catalogue.rb
|
288
344
|
- lib/spandx/spdx/gateway.rb
|
289
345
|
- lib/spandx/spdx/license.rb
|
@@ -304,7 +360,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
304
360
|
requirements:
|
305
361
|
- - ">="
|
306
362
|
- !ruby/object:Gem::Version
|
307
|
-
version: 2.
|
363
|
+
version: 2.5.0
|
308
364
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
309
365
|
requirements:
|
310
366
|
- - ">="
|
data/lib/spandx/cli/command.rb
DELETED
@@ -1,65 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Cli
|
5
|
-
class Command
|
6
|
-
extend Forwardable
|
7
|
-
|
8
|
-
def_delegators :command, :run
|
9
|
-
|
10
|
-
def execute(*)
|
11
|
-
raise(NotImplementedError, "#{self.class}##{__method__} must be implemented")
|
12
|
-
end
|
13
|
-
|
14
|
-
def command(**options)
|
15
|
-
require 'tty-command'
|
16
|
-
TTY::Command.new(options)
|
17
|
-
end
|
18
|
-
|
19
|
-
def cursor
|
20
|
-
require 'tty-cursor'
|
21
|
-
TTY::Cursor
|
22
|
-
end
|
23
|
-
|
24
|
-
def editor
|
25
|
-
require 'tty-editor'
|
26
|
-
TTY::Editor
|
27
|
-
end
|
28
|
-
|
29
|
-
def generator
|
30
|
-
require 'tty-file'
|
31
|
-
TTY::File
|
32
|
-
end
|
33
|
-
|
34
|
-
def pager(**options)
|
35
|
-
require 'tty-pager'
|
36
|
-
TTY::Pager.new(options)
|
37
|
-
end
|
38
|
-
|
39
|
-
def platform
|
40
|
-
require 'tty-platform'
|
41
|
-
TTY::Platform.new
|
42
|
-
end
|
43
|
-
|
44
|
-
def prompt(**options)
|
45
|
-
require 'tty-prompt'
|
46
|
-
TTY::Prompt.new(options)
|
47
|
-
end
|
48
|
-
|
49
|
-
def screen
|
50
|
-
require 'tty-screen'
|
51
|
-
TTY::Screen
|
52
|
-
end
|
53
|
-
|
54
|
-
def which(*args)
|
55
|
-
require 'tty-which'
|
56
|
-
TTY::Which.which(*args)
|
57
|
-
end
|
58
|
-
|
59
|
-
def exec_exist?(*args)
|
60
|
-
require 'tty-which'
|
61
|
-
TTY::Which.exist?(*args)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Cli
|
5
|
-
module Commands
|
6
|
-
class Index < Thor
|
7
|
-
require 'spandx/cli/commands/index/build'
|
8
|
-
require 'spandx/cli/commands/index/update'
|
9
|
-
|
10
|
-
namespace :index
|
11
|
-
|
12
|
-
desc 'build', 'Build a package index'
|
13
|
-
method_option :help, aliases: '-h', type: :boolean, desc: 'Display usage information'
|
14
|
-
method_option :directory, aliases: '-d', type: :string, desc: 'Directory to build index in', default: '.index'
|
15
|
-
def build(*)
|
16
|
-
if options[:help]
|
17
|
-
invoke :help, ['build']
|
18
|
-
else
|
19
|
-
Spandx::Cli::Commands::Index::Build.new(options).execute
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
desc 'update', 'Update the offline indexes'
|
24
|
-
method_option :help, aliases: '-h', type: :boolean,
|
25
|
-
desc: 'Display usage information'
|
26
|
-
def update(*)
|
27
|
-
if options[:help]
|
28
|
-
invoke :help, ['update']
|
29
|
-
else
|
30
|
-
Spandx::Cli::Commands::Index::Update.new(options).execute
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Cli
|
5
|
-
module Commands
|
6
|
-
class Index
|
7
|
-
class Build < Spandx::Cli::Command
|
8
|
-
def initialize(options)
|
9
|
-
@options = options
|
10
|
-
end
|
11
|
-
|
12
|
-
def execute(output: $stdout)
|
13
|
-
catalogue = Spandx::Spdx::Catalogue.from_git
|
14
|
-
indexes.each do |index|
|
15
|
-
index.update!(catalogue: catalogue, output: output)
|
16
|
-
end
|
17
|
-
output.puts 'OK'
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
|
22
|
-
def indexes
|
23
|
-
[
|
24
|
-
Spandx::Dotnet::Index.new(directory: @options[:directory]),
|
25
|
-
Spandx::Java::Index.new(directory: @options[:directory]),
|
26
|
-
]
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|