spandx 0.11.0 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -2
- data/README.md +59 -2
- data/exe/spandx +3 -4
- data/lib/spandx.rb +13 -32
- data/lib/spandx/cli.rb +1 -30
- data/lib/spandx/cli/commands/build.rb +41 -0
- data/lib/spandx/cli/commands/pull.rb +21 -0
- data/lib/spandx/cli/commands/scan.rb +17 -2
- data/lib/spandx/cli/main.rb +54 -0
- data/lib/spandx/core/cache.rb +3 -3
- data/lib/spandx/core/circuit.rb +34 -0
- data/lib/spandx/core/dependency.rb +32 -7
- data/lib/spandx/core/gateway.rb +19 -0
- data/lib/spandx/core/{database.rb → git.rb} +7 -2
- data/lib/spandx/core/guess.rb +42 -4
- data/lib/spandx/core/http.rb +30 -5
- data/lib/spandx/core/license_plugin.rb +54 -0
- data/lib/spandx/core/null_gateway.rb +11 -0
- data/lib/spandx/core/parser.rb +8 -25
- data/lib/spandx/core/plugin.rb +15 -0
- data/lib/spandx/core/registerable.rb +27 -0
- data/lib/spandx/core/report.rb +30 -6
- data/lib/spandx/core/table.rb +29 -0
- data/lib/spandx/dotnet/index.rb +10 -5
- data/lib/spandx/dotnet/nuget_gateway.rb +20 -31
- data/lib/spandx/dotnet/parsers/csproj.rb +3 -12
- data/lib/spandx/dotnet/parsers/packages_config.rb +2 -10
- data/lib/spandx/dotnet/parsers/sln.rb +2 -2
- data/lib/spandx/java/gateway.rb +37 -0
- data/lib/spandx/java/index.rb +84 -2
- data/lib/spandx/java/metadata.rb +6 -3
- data/lib/spandx/java/parsers/maven.rb +11 -21
- data/lib/spandx/js/parsers/npm.rb +39 -0
- data/lib/spandx/js/parsers/yarn.rb +30 -0
- data/lib/spandx/js/yarn_lock.rb +67 -0
- data/lib/spandx/js/yarn_pkg.rb +59 -0
- data/lib/spandx/php/packagist_gateway.rb +25 -0
- data/lib/spandx/php/parsers/composer.rb +33 -0
- data/lib/spandx/python/index.rb +78 -0
- data/lib/spandx/python/parsers/pipfile_lock.rb +12 -16
- data/lib/spandx/python/pypi.rb +91 -8
- data/lib/spandx/python/source.rb +5 -1
- data/lib/spandx/{rubygems → ruby}/gateway.rb +8 -9
- data/lib/spandx/{rubygems → ruby}/parsers/gemfile_lock.rb +14 -16
- data/lib/spandx/spdx/catalogue.rb +1 -1
- data/lib/spandx/spdx/license.rb +12 -2
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +4 -1
- metadata +66 -10
- data/lib/spandx/cli/command.rb +0 -65
- data/lib/spandx/cli/commands/index.rb +0 -36
- data/lib/spandx/cli/commands/index/build.rb +0 -32
- data/lib/spandx/cli/commands/index/update.rb +0 -27
data/lib/spandx/python/source.rb
CHANGED
@@ -1,26 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Spandx
|
4
|
-
module
|
5
|
-
class Gateway
|
4
|
+
module Ruby
|
5
|
+
class Gateway < ::Spandx::Core::Gateway
|
6
6
|
# https://guides.rubygems.org/rubygems-org-api-v2/
|
7
7
|
def initialize(http: Spandx.http)
|
8
8
|
@http = http
|
9
9
|
end
|
10
10
|
|
11
|
-
def licenses_for(
|
12
|
-
|
13
|
-
|
11
|
+
def licenses_for(dependency)
|
12
|
+
details_on(dependency.name, dependency.version)['licenses'] || []
|
13
|
+
end
|
14
|
+
|
15
|
+
def matches?(dependency)
|
16
|
+
dependency.package_manager == :rubygems
|
14
17
|
end
|
15
18
|
|
16
19
|
private
|
17
20
|
|
18
21
|
attr_reader :http
|
19
22
|
|
20
|
-
def cache
|
21
|
-
@cache ||= ::Spandx::Core::Cache.new(:rubygems, url: 'https://github.com/mokhan/spandx-rubygems.git')
|
22
|
-
end
|
23
|
-
|
24
23
|
def details_on(name, version)
|
25
24
|
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
26
25
|
response = http.get(url, default: {})
|
@@ -1,24 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Spandx
|
4
|
-
module
|
4
|
+
module Ruby
|
5
5
|
module Parsers
|
6
6
|
class GemfileLock < ::Spandx::Core::Parser
|
7
7
|
STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n) (?<major>\d+)\.\d+\.\d+/m.freeze
|
8
8
|
|
9
|
-
def
|
9
|
+
def matches?(filename)
|
10
10
|
filename.match?(/Gemfile.*\.lock/) ||
|
11
11
|
filename.match?(/gems.*\.lock/)
|
12
12
|
end
|
13
13
|
|
14
14
|
def parse(lockfile)
|
15
15
|
dependencies_from(lockfile).map do |specification|
|
16
|
-
|
17
|
-
name: specification.name,
|
18
|
-
version: specification.version.to_s,
|
19
|
-
licenses: licenses_for(specification),
|
20
|
-
meta: specification
|
21
|
-
)
|
16
|
+
map_from(specification)
|
22
17
|
end
|
23
18
|
end
|
24
19
|
|
@@ -33,14 +28,17 @@ module Spandx
|
|
33
28
|
end
|
34
29
|
end
|
35
30
|
|
36
|
-
def
|
37
|
-
|
38
|
-
|
39
|
-
.
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
31
|
+
def map_from(specification)
|
32
|
+
::Spandx::Core::Dependency.new(
|
33
|
+
package_manager: :rubygems,
|
34
|
+
name: specification.name,
|
35
|
+
version: specification.version.to_s,
|
36
|
+
meta: {
|
37
|
+
dependencies: specification.dependencies,
|
38
|
+
platform: specification.platform,
|
39
|
+
source: specification.source
|
40
|
+
}
|
41
|
+
)
|
44
42
|
end
|
45
43
|
end
|
46
44
|
end
|
data/lib/spandx/spdx/license.rb
CHANGED
@@ -65,8 +65,8 @@ module Spandx
|
|
65
65
|
@content ||= ::Spandx::Core::Content.new(raw_content)
|
66
66
|
end
|
67
67
|
|
68
|
-
def
|
69
|
-
@
|
68
|
+
def content=(value)
|
69
|
+
@content = ::Spandx::Core::Content.new(value)
|
70
70
|
end
|
71
71
|
|
72
72
|
def <=>(other)
|
@@ -76,6 +76,16 @@ module Spandx
|
|
76
76
|
def to_s
|
77
77
|
id
|
78
78
|
end
|
79
|
+
|
80
|
+
def self.unknown(text)
|
81
|
+
new(licenseId: 'Nonstandard', name: 'Unknown').tap { |x| x.content = text }
|
82
|
+
end
|
83
|
+
|
84
|
+
private
|
85
|
+
|
86
|
+
def raw_content
|
87
|
+
@raw_content ||= (Spandx.git[:spdx].read("text/#{id}.txt") || '')
|
88
|
+
end
|
79
89
|
end
|
80
90
|
end
|
81
91
|
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
|
|
14
14
|
spec.description = 'A ruby interface to the SPDX catalogue. With a CLI that can scan project lockfiles to list out software licenses for each dependency'
|
15
15
|
spec.homepage = 'https://github.com/mokhan/spandx'
|
16
16
|
spec.license = 'MIT'
|
17
|
-
spec.required_ruby_version = Gem::Requirement.new('>= 2.
|
17
|
+
spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
|
18
18
|
|
19
19
|
spec.metadata['homepage_uri'] = spec.homepage
|
20
20
|
spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
|
@@ -35,10 +35,13 @@ Gem::Specification.new do |spec|
|
|
35
35
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
36
36
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
37
37
|
spec.add_dependency 'thor'
|
38
|
+
spec.add_dependency 'zeitwerk', '~> 2.3'
|
38
39
|
|
39
40
|
spec.add_development_dependency 'bundler-audit', '~> 0.6'
|
41
|
+
spec.add_development_dependency 'byebug', '~> 11.1'
|
40
42
|
spec.add_development_dependency 'jaro_winkler', '~> 1.5'
|
41
43
|
spec.add_development_dependency 'licensed', '~> 2.8'
|
44
|
+
spec.add_development_dependency 'parallel_tests', '~> 2.32'
|
42
45
|
spec.add_development_dependency 'rake', '~> 13.0'
|
43
46
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
44
47
|
spec.add_development_dependency 'rspec-benchmark', '~> 0.5'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-04-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|
@@ -86,6 +86,20 @@ dependencies:
|
|
86
86
|
- - ">="
|
87
87
|
- !ruby/object:Gem::Version
|
88
88
|
version: '0'
|
89
|
+
- !ruby/object:Gem::Dependency
|
90
|
+
name: zeitwerk
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - "~>"
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '2.3'
|
96
|
+
type: :runtime
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - "~>"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '2.3'
|
89
103
|
- !ruby/object:Gem::Dependency
|
90
104
|
name: bundler-audit
|
91
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,6 +114,20 @@ dependencies:
|
|
100
114
|
- - "~>"
|
101
115
|
- !ruby/object:Gem::Version
|
102
116
|
version: '0.6'
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: byebug
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '11.1'
|
124
|
+
type: :development
|
125
|
+
prerelease: false
|
126
|
+
version_requirements: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - "~>"
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: '11.1'
|
103
131
|
- !ruby/object:Gem::Dependency
|
104
132
|
name: jaro_winkler
|
105
133
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,6 +156,20 @@ dependencies:
|
|
128
156
|
- - "~>"
|
129
157
|
- !ruby/object:Gem::Version
|
130
158
|
version: '2.8'
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: parallel_tests
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - "~>"
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '2.32'
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - "~>"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '2.32'
|
131
173
|
- !ruby/object:Gem::Dependency
|
132
174
|
name: rake
|
133
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,20 +297,26 @@ files:
|
|
255
297
|
- exe/spandx
|
256
298
|
- lib/spandx.rb
|
257
299
|
- lib/spandx/cli.rb
|
258
|
-
- lib/spandx/cli/
|
259
|
-
- lib/spandx/cli/commands/
|
260
|
-
- lib/spandx/cli/commands/index/build.rb
|
261
|
-
- lib/spandx/cli/commands/index/update.rb
|
300
|
+
- lib/spandx/cli/commands/build.rb
|
301
|
+
- lib/spandx/cli/commands/pull.rb
|
262
302
|
- lib/spandx/cli/commands/scan.rb
|
303
|
+
- lib/spandx/cli/main.rb
|
263
304
|
- lib/spandx/core/cache.rb
|
305
|
+
- lib/spandx/core/circuit.rb
|
264
306
|
- lib/spandx/core/content.rb
|
265
|
-
- lib/spandx/core/database.rb
|
266
307
|
- lib/spandx/core/dependency.rb
|
308
|
+
- lib/spandx/core/gateway.rb
|
309
|
+
- lib/spandx/core/git.rb
|
267
310
|
- lib/spandx/core/guess.rb
|
268
311
|
- lib/spandx/core/http.rb
|
312
|
+
- lib/spandx/core/license_plugin.rb
|
313
|
+
- lib/spandx/core/null_gateway.rb
|
269
314
|
- lib/spandx/core/parser.rb
|
315
|
+
- lib/spandx/core/plugin.rb
|
316
|
+
- lib/spandx/core/registerable.rb
|
270
317
|
- lib/spandx/core/report.rb
|
271
318
|
- lib/spandx/core/score.rb
|
319
|
+
- lib/spandx/core/table.rb
|
272
320
|
- lib/spandx/dotnet/index.rb
|
273
321
|
- lib/spandx/dotnet/nuget_gateway.rb
|
274
322
|
- lib/spandx/dotnet/package_reference.rb
|
@@ -276,14 +324,22 @@ files:
|
|
276
324
|
- lib/spandx/dotnet/parsers/packages_config.rb
|
277
325
|
- lib/spandx/dotnet/parsers/sln.rb
|
278
326
|
- lib/spandx/dotnet/project_file.rb
|
327
|
+
- lib/spandx/java/gateway.rb
|
279
328
|
- lib/spandx/java/index.rb
|
280
329
|
- lib/spandx/java/metadata.rb
|
281
330
|
- lib/spandx/java/parsers/maven.rb
|
331
|
+
- lib/spandx/js/parsers/npm.rb
|
332
|
+
- lib/spandx/js/parsers/yarn.rb
|
333
|
+
- lib/spandx/js/yarn_lock.rb
|
334
|
+
- lib/spandx/js/yarn_pkg.rb
|
335
|
+
- lib/spandx/php/packagist_gateway.rb
|
336
|
+
- lib/spandx/php/parsers/composer.rb
|
337
|
+
- lib/spandx/python/index.rb
|
282
338
|
- lib/spandx/python/parsers/pipfile_lock.rb
|
283
339
|
- lib/spandx/python/pypi.rb
|
284
340
|
- lib/spandx/python/source.rb
|
285
|
-
- lib/spandx/
|
286
|
-
- lib/spandx/
|
341
|
+
- lib/spandx/ruby/gateway.rb
|
342
|
+
- lib/spandx/ruby/parsers/gemfile_lock.rb
|
287
343
|
- lib/spandx/spdx/catalogue.rb
|
288
344
|
- lib/spandx/spdx/gateway.rb
|
289
345
|
- lib/spandx/spdx/license.rb
|
@@ -304,7 +360,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
304
360
|
requirements:
|
305
361
|
- - ">="
|
306
362
|
- !ruby/object:Gem::Version
|
307
|
-
version: 2.
|
363
|
+
version: 2.5.0
|
308
364
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
309
365
|
requirements:
|
310
366
|
- - ">="
|
data/lib/spandx/cli/command.rb
DELETED
@@ -1,65 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Cli
|
5
|
-
class Command
|
6
|
-
extend Forwardable
|
7
|
-
|
8
|
-
def_delegators :command, :run
|
9
|
-
|
10
|
-
def execute(*)
|
11
|
-
raise(NotImplementedError, "#{self.class}##{__method__} must be implemented")
|
12
|
-
end
|
13
|
-
|
14
|
-
def command(**options)
|
15
|
-
require 'tty-command'
|
16
|
-
TTY::Command.new(options)
|
17
|
-
end
|
18
|
-
|
19
|
-
def cursor
|
20
|
-
require 'tty-cursor'
|
21
|
-
TTY::Cursor
|
22
|
-
end
|
23
|
-
|
24
|
-
def editor
|
25
|
-
require 'tty-editor'
|
26
|
-
TTY::Editor
|
27
|
-
end
|
28
|
-
|
29
|
-
def generator
|
30
|
-
require 'tty-file'
|
31
|
-
TTY::File
|
32
|
-
end
|
33
|
-
|
34
|
-
def pager(**options)
|
35
|
-
require 'tty-pager'
|
36
|
-
TTY::Pager.new(options)
|
37
|
-
end
|
38
|
-
|
39
|
-
def platform
|
40
|
-
require 'tty-platform'
|
41
|
-
TTY::Platform.new
|
42
|
-
end
|
43
|
-
|
44
|
-
def prompt(**options)
|
45
|
-
require 'tty-prompt'
|
46
|
-
TTY::Prompt.new(options)
|
47
|
-
end
|
48
|
-
|
49
|
-
def screen
|
50
|
-
require 'tty-screen'
|
51
|
-
TTY::Screen
|
52
|
-
end
|
53
|
-
|
54
|
-
def which(*args)
|
55
|
-
require 'tty-which'
|
56
|
-
TTY::Which.which(*args)
|
57
|
-
end
|
58
|
-
|
59
|
-
def exec_exist?(*args)
|
60
|
-
require 'tty-which'
|
61
|
-
TTY::Which.exist?(*args)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Cli
|
5
|
-
module Commands
|
6
|
-
class Index < Thor
|
7
|
-
require 'spandx/cli/commands/index/build'
|
8
|
-
require 'spandx/cli/commands/index/update'
|
9
|
-
|
10
|
-
namespace :index
|
11
|
-
|
12
|
-
desc 'build', 'Build a package index'
|
13
|
-
method_option :help, aliases: '-h', type: :boolean, desc: 'Display usage information'
|
14
|
-
method_option :directory, aliases: '-d', type: :string, desc: 'Directory to build index in', default: '.index'
|
15
|
-
def build(*)
|
16
|
-
if options[:help]
|
17
|
-
invoke :help, ['build']
|
18
|
-
else
|
19
|
-
Spandx::Cli::Commands::Index::Build.new(options).execute
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
desc 'update', 'Update the offline indexes'
|
24
|
-
method_option :help, aliases: '-h', type: :boolean,
|
25
|
-
desc: 'Display usage information'
|
26
|
-
def update(*)
|
27
|
-
if options[:help]
|
28
|
-
invoke :help, ['update']
|
29
|
-
else
|
30
|
-
Spandx::Cli::Commands::Index::Update.new(options).execute
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Cli
|
5
|
-
module Commands
|
6
|
-
class Index
|
7
|
-
class Build < Spandx::Cli::Command
|
8
|
-
def initialize(options)
|
9
|
-
@options = options
|
10
|
-
end
|
11
|
-
|
12
|
-
def execute(output: $stdout)
|
13
|
-
catalogue = Spandx::Spdx::Catalogue.from_git
|
14
|
-
indexes.each do |index|
|
15
|
-
index.update!(catalogue: catalogue, output: output)
|
16
|
-
end
|
17
|
-
output.puts 'OK'
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
|
22
|
-
def indexes
|
23
|
-
[
|
24
|
-
Spandx::Dotnet::Index.new(directory: @options[:directory]),
|
25
|
-
Spandx::Java::Index.new(directory: @options[:directory]),
|
26
|
-
]
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|