spandx 0.11.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -2
  3. data/README.md +59 -2
  4. data/exe/spandx +3 -4
  5. data/lib/spandx.rb +13 -32
  6. data/lib/spandx/cli.rb +1 -30
  7. data/lib/spandx/cli/commands/build.rb +41 -0
  8. data/lib/spandx/cli/commands/pull.rb +21 -0
  9. data/lib/spandx/cli/commands/scan.rb +17 -2
  10. data/lib/spandx/cli/main.rb +54 -0
  11. data/lib/spandx/core/cache.rb +3 -3
  12. data/lib/spandx/core/circuit.rb +34 -0
  13. data/lib/spandx/core/dependency.rb +32 -7
  14. data/lib/spandx/core/gateway.rb +19 -0
  15. data/lib/spandx/core/{database.rb → git.rb} +7 -2
  16. data/lib/spandx/core/guess.rb +42 -4
  17. data/lib/spandx/core/http.rb +30 -5
  18. data/lib/spandx/core/license_plugin.rb +54 -0
  19. data/lib/spandx/core/null_gateway.rb +11 -0
  20. data/lib/spandx/core/parser.rb +8 -25
  21. data/lib/spandx/core/plugin.rb +15 -0
  22. data/lib/spandx/core/registerable.rb +27 -0
  23. data/lib/spandx/core/report.rb +30 -6
  24. data/lib/spandx/core/table.rb +29 -0
  25. data/lib/spandx/dotnet/index.rb +10 -5
  26. data/lib/spandx/dotnet/nuget_gateway.rb +20 -31
  27. data/lib/spandx/dotnet/parsers/csproj.rb +3 -12
  28. data/lib/spandx/dotnet/parsers/packages_config.rb +2 -10
  29. data/lib/spandx/dotnet/parsers/sln.rb +2 -2
  30. data/lib/spandx/java/gateway.rb +37 -0
  31. data/lib/spandx/java/index.rb +84 -2
  32. data/lib/spandx/java/metadata.rb +6 -3
  33. data/lib/spandx/java/parsers/maven.rb +11 -21
  34. data/lib/spandx/js/parsers/npm.rb +39 -0
  35. data/lib/spandx/js/parsers/yarn.rb +30 -0
  36. data/lib/spandx/js/yarn_lock.rb +67 -0
  37. data/lib/spandx/js/yarn_pkg.rb +59 -0
  38. data/lib/spandx/php/packagist_gateway.rb +25 -0
  39. data/lib/spandx/php/parsers/composer.rb +33 -0
  40. data/lib/spandx/python/index.rb +78 -0
  41. data/lib/spandx/python/parsers/pipfile_lock.rb +12 -16
  42. data/lib/spandx/python/pypi.rb +91 -8
  43. data/lib/spandx/python/source.rb +5 -1
  44. data/lib/spandx/{rubygems → ruby}/gateway.rb +8 -9
  45. data/lib/spandx/{rubygems → ruby}/parsers/gemfile_lock.rb +14 -16
  46. data/lib/spandx/spdx/catalogue.rb +1 -1
  47. data/lib/spandx/spdx/license.rb +12 -2
  48. data/lib/spandx/version.rb +1 -1
  49. data/spandx.gemspec +4 -1
  50. metadata +66 -10
  51. data/lib/spandx/cli/command.rb +0 -65
  52. data/lib/spandx/cli/commands/index.rb +0 -36
  53. data/lib/spandx/cli/commands/index/build.rb +0 -32
  54. data/lib/spandx/cli/commands/index/update.rb +0 -27
@@ -21,7 +21,11 @@ module Spandx
21
21
 
22
22
  def lookup(name, version, http: Spandx.http)
23
23
  response = http.get(uri_for(name, version))
24
- response if http.ok?(response)
24
+ if http.ok?(response)
25
+ JSON.parse(response.body)
26
+ else
27
+ {}
28
+ end
25
29
  end
26
30
 
27
31
  class << self
@@ -1,26 +1,25 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- module Rubygems
5
- class Gateway
4
+ module Ruby
5
+ class Gateway < ::Spandx::Core::Gateway
6
6
  # https://guides.rubygems.org/rubygems-org-api-v2/
7
7
  def initialize(http: Spandx.http)
8
8
  @http = http
9
9
  end
10
10
 
11
- def licenses_for(name, version)
12
- found = cache.licenses_for(name: name, version: version)
13
- found.any? ? found : details_on(name, version)['licenses'] || []
11
+ def licenses_for(dependency)
12
+ details_on(dependency.name, dependency.version)['licenses'] || []
13
+ end
14
+
15
+ def matches?(dependency)
16
+ dependency.package_manager == :rubygems
14
17
  end
15
18
 
16
19
  private
17
20
 
18
21
  attr_reader :http
19
22
 
20
- def cache
21
- @cache ||= ::Spandx::Core::Cache.new(:rubygems, url: 'https://github.com/mokhan/spandx-rubygems.git')
22
- end
23
-
24
23
  def details_on(name, version)
25
24
  url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
26
25
  response = http.get(url, default: {})
@@ -1,24 +1,19 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- module Rubygems
4
+ module Ruby
5
5
  module Parsers
6
6
  class GemfileLock < ::Spandx::Core::Parser
7
7
  STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n) (?<major>\d+)\.\d+\.\d+/m.freeze
8
8
 
9
- def self.matches?(filename)
9
+ def matches?(filename)
10
10
  filename.match?(/Gemfile.*\.lock/) ||
11
11
  filename.match?(/gems.*\.lock/)
12
12
  end
13
13
 
14
14
  def parse(lockfile)
15
15
  dependencies_from(lockfile).map do |specification|
16
- ::Spandx::Core::Dependency.new(
17
- name: specification.name,
18
- version: specification.version.to_s,
19
- licenses: licenses_for(specification),
20
- meta: specification
21
- )
16
+ map_from(specification)
22
17
  end
23
18
  end
24
19
 
@@ -33,14 +28,17 @@ module Spandx
33
28
  end
34
29
  end
35
30
 
36
- def licenses_for(specification)
37
- rubygems
38
- .licenses_for(specification.name, specification.version.to_s)
39
- .map { |x| catalogue[x] }
40
- end
41
-
42
- def rubygems
43
- @rubygems ||= Spandx::Rubygems::Gateway.new
31
+ def map_from(specification)
32
+ ::Spandx::Core::Dependency.new(
33
+ package_manager: :rubygems,
34
+ name: specification.name,
35
+ version: specification.version.to_s,
36
+ meta: {
37
+ dependencies: specification.dependencies,
38
+ platform: specification.platform,
39
+ source: specification.source
40
+ }
41
+ )
44
42
  end
45
43
  end
46
44
  end
@@ -37,7 +37,7 @@ module Spandx
37
37
  end
38
38
 
39
39
  def from_git
40
- from_json(Spandx.spdx_db.read('json/licenses.json'))
40
+ from_json(Spandx.git[:spdx].read('json/licenses.json'))
41
41
  end
42
42
 
43
43
  def empty
@@ -65,8 +65,8 @@ module Spandx
65
65
  @content ||= ::Spandx::Core::Content.new(raw_content)
66
66
  end
67
67
 
68
- def raw_content
69
- @raw_content ||= (Spandx.spdx_db.read("text/#{id}.txt") || '')
68
+ def content=(value)
69
+ @content = ::Spandx::Core::Content.new(value)
70
70
  end
71
71
 
72
72
  def <=>(other)
@@ -76,6 +76,16 @@ module Spandx
76
76
  def to_s
77
77
  id
78
78
  end
79
+
80
+ def self.unknown(text)
81
+ new(licenseId: 'Nonstandard', name: 'Unknown').tap { |x| x.content = text }
82
+ end
83
+
84
+ private
85
+
86
+ def raw_content
87
+ @raw_content ||= (Spandx.git[:spdx].read("text/#{id}.txt") || '')
88
+ end
79
89
  end
80
90
  end
81
91
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- VERSION = '0.11.0'
4
+ VERSION = '0.12.0'
5
5
  end
data/spandx.gemspec CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
14
14
  spec.description = 'A ruby interface to the SPDX catalogue. With a CLI that can scan project lockfiles to list out software licenses for each dependency'
15
15
  spec.homepage = 'https://github.com/mokhan/spandx'
16
16
  spec.license = 'MIT'
17
- spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
17
+ spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
18
18
 
19
19
  spec.metadata['homepage_uri'] = spec.homepage
20
20
  spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
@@ -35,10 +35,13 @@ Gem::Specification.new do |spec|
35
35
  spec.add_dependency 'net-hippie', '~> 0.3'
36
36
  spec.add_dependency 'nokogiri', '~> 1.10'
37
37
  spec.add_dependency 'thor'
38
+ spec.add_dependency 'zeitwerk', '~> 2.3'
38
39
 
39
40
  spec.add_development_dependency 'bundler-audit', '~> 0.6'
41
+ spec.add_development_dependency 'byebug', '~> 11.1'
40
42
  spec.add_development_dependency 'jaro_winkler', '~> 1.5'
41
43
  spec.add_development_dependency 'licensed', '~> 2.8'
44
+ spec.add_development_dependency 'parallel_tests', '~> 2.32'
42
45
  spec.add_development_dependency 'rake', '~> 13.0'
43
46
  spec.add_development_dependency 'rspec', '~> 3.0'
44
47
  spec.add_development_dependency 'rspec-benchmark', '~> 0.5'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spandx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 0.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-03-20 00:00:00.000000000 Z
11
+ date: 2020-04-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: addressable
@@ -86,6 +86,20 @@ dependencies:
86
86
  - - ">="
87
87
  - !ruby/object:Gem::Version
88
88
  version: '0'
89
+ - !ruby/object:Gem::Dependency
90
+ name: zeitwerk
91
+ requirement: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - "~>"
94
+ - !ruby/object:Gem::Version
95
+ version: '2.3'
96
+ type: :runtime
97
+ prerelease: false
98
+ version_requirements: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - "~>"
101
+ - !ruby/object:Gem::Version
102
+ version: '2.3'
89
103
  - !ruby/object:Gem::Dependency
90
104
  name: bundler-audit
91
105
  requirement: !ruby/object:Gem::Requirement
@@ -100,6 +114,20 @@ dependencies:
100
114
  - - "~>"
101
115
  - !ruby/object:Gem::Version
102
116
  version: '0.6'
117
+ - !ruby/object:Gem::Dependency
118
+ name: byebug
119
+ requirement: !ruby/object:Gem::Requirement
120
+ requirements:
121
+ - - "~>"
122
+ - !ruby/object:Gem::Version
123
+ version: '11.1'
124
+ type: :development
125
+ prerelease: false
126
+ version_requirements: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - "~>"
129
+ - !ruby/object:Gem::Version
130
+ version: '11.1'
103
131
  - !ruby/object:Gem::Dependency
104
132
  name: jaro_winkler
105
133
  requirement: !ruby/object:Gem::Requirement
@@ -128,6 +156,20 @@ dependencies:
128
156
  - - "~>"
129
157
  - !ruby/object:Gem::Version
130
158
  version: '2.8'
159
+ - !ruby/object:Gem::Dependency
160
+ name: parallel_tests
161
+ requirement: !ruby/object:Gem::Requirement
162
+ requirements:
163
+ - - "~>"
164
+ - !ruby/object:Gem::Version
165
+ version: '2.32'
166
+ type: :development
167
+ prerelease: false
168
+ version_requirements: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - "~>"
171
+ - !ruby/object:Gem::Version
172
+ version: '2.32'
131
173
  - !ruby/object:Gem::Dependency
132
174
  name: rake
133
175
  requirement: !ruby/object:Gem::Requirement
@@ -255,20 +297,26 @@ files:
255
297
  - exe/spandx
256
298
  - lib/spandx.rb
257
299
  - lib/spandx/cli.rb
258
- - lib/spandx/cli/command.rb
259
- - lib/spandx/cli/commands/index.rb
260
- - lib/spandx/cli/commands/index/build.rb
261
- - lib/spandx/cli/commands/index/update.rb
300
+ - lib/spandx/cli/commands/build.rb
301
+ - lib/spandx/cli/commands/pull.rb
262
302
  - lib/spandx/cli/commands/scan.rb
303
+ - lib/spandx/cli/main.rb
263
304
  - lib/spandx/core/cache.rb
305
+ - lib/spandx/core/circuit.rb
264
306
  - lib/spandx/core/content.rb
265
- - lib/spandx/core/database.rb
266
307
  - lib/spandx/core/dependency.rb
308
+ - lib/spandx/core/gateway.rb
309
+ - lib/spandx/core/git.rb
267
310
  - lib/spandx/core/guess.rb
268
311
  - lib/spandx/core/http.rb
312
+ - lib/spandx/core/license_plugin.rb
313
+ - lib/spandx/core/null_gateway.rb
269
314
  - lib/spandx/core/parser.rb
315
+ - lib/spandx/core/plugin.rb
316
+ - lib/spandx/core/registerable.rb
270
317
  - lib/spandx/core/report.rb
271
318
  - lib/spandx/core/score.rb
319
+ - lib/spandx/core/table.rb
272
320
  - lib/spandx/dotnet/index.rb
273
321
  - lib/spandx/dotnet/nuget_gateway.rb
274
322
  - lib/spandx/dotnet/package_reference.rb
@@ -276,14 +324,22 @@ files:
276
324
  - lib/spandx/dotnet/parsers/packages_config.rb
277
325
  - lib/spandx/dotnet/parsers/sln.rb
278
326
  - lib/spandx/dotnet/project_file.rb
327
+ - lib/spandx/java/gateway.rb
279
328
  - lib/spandx/java/index.rb
280
329
  - lib/spandx/java/metadata.rb
281
330
  - lib/spandx/java/parsers/maven.rb
331
+ - lib/spandx/js/parsers/npm.rb
332
+ - lib/spandx/js/parsers/yarn.rb
333
+ - lib/spandx/js/yarn_lock.rb
334
+ - lib/spandx/js/yarn_pkg.rb
335
+ - lib/spandx/php/packagist_gateway.rb
336
+ - lib/spandx/php/parsers/composer.rb
337
+ - lib/spandx/python/index.rb
282
338
  - lib/spandx/python/parsers/pipfile_lock.rb
283
339
  - lib/spandx/python/pypi.rb
284
340
  - lib/spandx/python/source.rb
285
- - lib/spandx/rubygems/gateway.rb
286
- - lib/spandx/rubygems/parsers/gemfile_lock.rb
341
+ - lib/spandx/ruby/gateway.rb
342
+ - lib/spandx/ruby/parsers/gemfile_lock.rb
287
343
  - lib/spandx/spdx/catalogue.rb
288
344
  - lib/spandx/spdx/gateway.rb
289
345
  - lib/spandx/spdx/license.rb
@@ -304,7 +360,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
304
360
  requirements:
305
361
  - - ">="
306
362
  - !ruby/object:Gem::Version
307
- version: 2.4.0
363
+ version: 2.5.0
308
364
  required_rubygems_version: !ruby/object:Gem::Requirement
309
365
  requirements:
310
366
  - - ">="
@@ -1,65 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Spandx
4
- module Cli
5
- class Command
6
- extend Forwardable
7
-
8
- def_delegators :command, :run
9
-
10
- def execute(*)
11
- raise(NotImplementedError, "#{self.class}##{__method__} must be implemented")
12
- end
13
-
14
- def command(**options)
15
- require 'tty-command'
16
- TTY::Command.new(options)
17
- end
18
-
19
- def cursor
20
- require 'tty-cursor'
21
- TTY::Cursor
22
- end
23
-
24
- def editor
25
- require 'tty-editor'
26
- TTY::Editor
27
- end
28
-
29
- def generator
30
- require 'tty-file'
31
- TTY::File
32
- end
33
-
34
- def pager(**options)
35
- require 'tty-pager'
36
- TTY::Pager.new(options)
37
- end
38
-
39
- def platform
40
- require 'tty-platform'
41
- TTY::Platform.new
42
- end
43
-
44
- def prompt(**options)
45
- require 'tty-prompt'
46
- TTY::Prompt.new(options)
47
- end
48
-
49
- def screen
50
- require 'tty-screen'
51
- TTY::Screen
52
- end
53
-
54
- def which(*args)
55
- require 'tty-which'
56
- TTY::Which.which(*args)
57
- end
58
-
59
- def exec_exist?(*args)
60
- require 'tty-which'
61
- TTY::Which.exist?(*args)
62
- end
63
- end
64
- end
65
- end
@@ -1,36 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Spandx
4
- module Cli
5
- module Commands
6
- class Index < Thor
7
- require 'spandx/cli/commands/index/build'
8
- require 'spandx/cli/commands/index/update'
9
-
10
- namespace :index
11
-
12
- desc 'build', 'Build a package index'
13
- method_option :help, aliases: '-h', type: :boolean, desc: 'Display usage information'
14
- method_option :directory, aliases: '-d', type: :string, desc: 'Directory to build index in', default: '.index'
15
- def build(*)
16
- if options[:help]
17
- invoke :help, ['build']
18
- else
19
- Spandx::Cli::Commands::Index::Build.new(options).execute
20
- end
21
- end
22
-
23
- desc 'update', 'Update the offline indexes'
24
- method_option :help, aliases: '-h', type: :boolean,
25
- desc: 'Display usage information'
26
- def update(*)
27
- if options[:help]
28
- invoke :help, ['update']
29
- else
30
- Spandx::Cli::Commands::Index::Update.new(options).execute
31
- end
32
- end
33
- end
34
- end
35
- end
36
- end
@@ -1,32 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Spandx
4
- module Cli
5
- module Commands
6
- class Index
7
- class Build < Spandx::Cli::Command
8
- def initialize(options)
9
- @options = options
10
- end
11
-
12
- def execute(output: $stdout)
13
- catalogue = Spandx::Spdx::Catalogue.from_git
14
- indexes.each do |index|
15
- index.update!(catalogue: catalogue, output: output)
16
- end
17
- output.puts 'OK'
18
- end
19
-
20
- private
21
-
22
- def indexes
23
- [
24
- Spandx::Dotnet::Index.new(directory: @options[:directory]),
25
- Spandx::Java::Index.new(directory: @options[:directory]),
26
- ]
27
- end
28
- end
29
- end
30
- end
31
- end
32
- end