spandx 0.12.3 → 0.13.0

data/lib/spandx/spdx/expression.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Spdx
+    class Expression < Parslet::Parser
+      # https://spdx.org/spdx-specification-21-web-version
+      #
+      # idstring              = 1*(ALPHA / DIGIT / "-" / "." )
+      # license-id            = <short form license identifier in Appendix I.1>
+      # license-exception-id  = <short form license exception identifier in Appendix I.2>
+      # license-ref           = ["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)
+      # simple-expression = license-id / license-id"+" / license-ref
+      # compound-expression =  1*1(simple-expression /
+      #                             simple-expression "WITH" license-exception-id /
+      #                             compound-expression "AND" compound-expression /
+      #                             compound-expression "OR" compound-expression ) /
+      #                           "(" compound-expression ")" )
+      #
+      # license-expression =  1*1(simple-expression / compound-expression)
+      rule(:lparen) { str('(') }
+      rule(:rparen) { str(')') }
+      rule(:digit) { match('\d') }
+      rule(:space) { match('\s') }
+      rule(:space?) { space.maybe }
+      rule(:alpha) { match['a-zA-Z'] }
+      rule(:colon) { str(':') }
+      rule(:dot) { str('.') }
+      rule(:plus) { str('+') }
+      rule(:plus?) { plus.maybe }
+      rule(:hyphen) { str('-') }
+      rule(:hyphen?) { hyphen.maybe }
+      rule(:with_op) { str('with') | str('WITH') }
+      rule(:and_op) { str('AND') | str('and') }
+      rule(:or_op) { str('OR') | str('or') }
+
+      # idstring              = 1*(ALPHA / DIGIT / "-" / "." )
+      rule(:id_character) { alpha | digit | hyphen | dot }
+      rule(:id_string) { id_character.repeat(1) }
+
+      # license-id = <short form license identifier in Appendix I.1>
+      rule(:license_id) do
+        id_string
+      end
+
+      # license-ref = ["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)
+      rule(:license_ref) do
+        (str('DocumentRef-') >> id_string >> colon).repeat(0, 1) >> str('LicenseRef-') >> id_string
+      end
+
+      # simple-expression = license-id / license-id"+" / license-ref
+      rule(:simple_expression) do
+        license_id >> plus? | license_ref
+      end
+
+      rule(:exception) do
+        match['eE'] >> str('xception')
+      end
+
+      rule(:version) do
+        digit >> dot >> digit
+      end
+
+      # license-exception-id = <short form license exception identifier in Appendix I.2>
+      rule(:license_exception_id) do
+        # alpha.repeat(1) >> hyphen >> exception >> (hyphen? >> version)
+        id_string
+      end
+
+      # simple-expression "WITH" license-exception-id
+      rule(:with_expression) do
+        simple_expression.as(:left) >> space >> with_op.as(:op) >> space >> license_exception_id.as(:right)
+      end
+
+      rule(:binary_operator) do
+        (or_op | and_op).as(:op)
+      end
+
+      rule(:binary_right) do
+        space >> binary_operator >> space >> (binary_expression | simple_expression).as(:right)
+      end
+
+      # compound-expression "AND" compound-expression
+      # compound-expression "OR" compound-expression
+      rule(:binary_expression) do
+        simple_expression.as(:left) >> binary_right
+      end
+
+      # (BSD-2-Clause OR MIT OR Apache-2.0)
+      #
+      #
+      # compound-expression =  1*1(
+      #     simple-expression /
+      #     simple-expression "WITH" license-exception-id /
+      #     compound-expression "AND" compound-expression /
+      #     compound-expression "OR" compound-expression
+      #   ) / "(" compound-expression ")")
+      rule(:compound_expression) do
+        lparen >> compound_expression >> space? >> rparen |
+          (
+            binary_expression |
+            with_expression |
+            simple_expression.as(:left)
+          ).repeat(1, 1)
+      end
+
+      # license-expression =  1*1(simple-expression / compound-expression)
+      rule(:license_expression) do
+        (compound_expression | simple_expression).repeat(1, 1)
+      end
+
+      root(:license_expression)
+    end
+  end
+end

data/lib/spandx/spdx/license.rb

@@ -61,14 +61,6 @@ module Spandx
         attributes[:referenceNumber] = value
       end
 
-      def content
-        @content ||= ::Spandx::Core::Content.new(raw_content)
-      end
-
-      def content=(value)
-        @content = ::Spandx::Core::Content.new(value)
-      end
-
       def <=>(other)
         id <=> other.id
       end
@@ -77,14 +69,12 @@ module Spandx
         id
       end
 
-      def self.unknown(text)
-        new(licenseId: 'Nonstandard', name: 'Unknown').tap { |x| x.content = text }
+      def inspect
+        "#<Spandx::Spdx::License id='#{id}'>"
       end
 
-      private
-
-      def raw_content
-        @raw_content ||= (Spandx.git[:spdx].read("text/#{id}.txt") || '')
+      def self.unknown(text)
+        new(licenseId: 'Nonstandard', name: text)
       end
     end
   end

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.12.3'
+  VERSION = '0.13.0'
 end

data/spandx.gemspec

@@ -7,18 +7,18 @@ require 'spandx/version'
 Gem::Specification.new do |spec|
   spec.name          = 'spandx'
   spec.version       = Spandx::VERSION
-  spec.authors       = ['mo khan']
-  spec.email         = ['mo@mokhan.ca']
+  spec.authors       = ['Can Eldem', 'mo khan']
+  spec.email         = ['eldemcan@gmail.com', 'mo@mokhan.ca']
 
   spec.summary       = 'A ruby interface to the SPDX catalogue.'
-  spec.description   = 'A ruby interface to the SPDX catalogue. With a CLI that can scan project lockfiles to list out software licenses for each dependency'
-  spec.homepage      = 'https://github.com/mokhan/spandx'
+  spec.description   = 'Spanx is a ruby API for interacting with the spdx.org software license catalogue. This gem includes a command line interface to scan a software project for the software licenses that are associated with each dependency in the project. Spandx also allows you to hook additional information for each dependency found. For instance, you can add plugin to Spandx to find and report vulnerabilities for the dependencies it found.'
+  spec.homepage      = 'https://spandx.github.io/'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
 
   spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
-  spec.metadata['changelog_uri'] = 'https://github.com/mokhan/spandx/blob/master/CHANGELOG.md'
+  spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
+  spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/master/CHANGELOG.md'
 
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     Dir.glob('exe/*') +
@@ -29,25 +29,28 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.extensions    = ['ext/spandx/extconf.rb']
 
   spec.add_dependency 'addressable', '~> 2.7'
   spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
   spec.add_dependency 'net-hippie', '~> 0.3'
   spec.add_dependency 'nokogiri', '~> 1.10'
+  spec.add_dependency 'parslet', '~> 2.0'
   spec.add_dependency 'thor'
+  spec.add_dependency 'tty-progressbar', '~> 0.17'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
+  spec.add_development_dependency 'benchmark-ips', '~> 2.8'
   spec.add_development_dependency 'bundler-audit', '~> 0.6'
   spec.add_development_dependency 'byebug', '~> 11.1'
-  spec.add_development_dependency 'jaro_winkler', '~> 1.5'
   spec.add_development_dependency 'licensed', '~> 2.8'
-  spec.add_development_dependency 'parallel_tests', '~> 2.32'
   spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rake-compiler', '~> 1.1'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark', '~> 0.5'
   spec.add_development_dependency 'rubocop', '~> 0.52'
   spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
-  spec.add_development_dependency 'text', '~> 1.3'
+  spec.add_development_dependency 'ruby-prof', '~> 1.3'
   spec.add_development_dependency 'vcr', '~> 5.0'
   spec.add_development_dependency 'webmock', '~> 3.7'
 end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.12.3
+  version: 0.13.0
 platform: ruby
 authors:
+- Can Eldem
 - mo khan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-04-19 00:00:00.000000000 Z
+date: 2020-05-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -72,6 +73,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: parslet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -86,6 +101,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: tty-progressbar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.17'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.17'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -101,47 +130,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
-  name: bundler-audit
+  name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '2.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '2.8'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '0.6'
 - !ruby/object:Gem::Dependency
-  name: jaro_winkler
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '11.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '11.1'
 - !ruby/object:Gem::Dependency
   name: licensed
   requirement: !ruby/object:Gem::Requirement
@@ -157,33 +186,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.8'
 - !ruby/object:Gem::Dependency
-  name: parallel_tests
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.32'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.32'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -241,7 +270,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.22'
 - !ruby/object:Gem::Dependency
-  name: text
+  name: ruby-prof
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -282,19 +311,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.7'
-description: A ruby interface to the SPDX catalogue. With a CLI that can scan project
-  lockfiles to list out software licenses for each dependency
+description: Spanx is a ruby API for interacting with the spdx.org software license
+  catalogue. This gem includes a command line interface to scan a software project
+  for the software licenses that are associated with each dependency in the project.
+  Spandx also allows you to hook additional information for each dependency found.
+  For instance, you can add plugin to Spandx to find and report vulnerabilities for
+  the dependencies it found.
 email:
+- eldemcan@gmail.com
 - mo@mokhan.ca
 executables:
 - spandx
-extensions: []
+extensions:
+- ext/spandx/extconf.rb
 extra_rdoc_files: []
 files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
 - exe/spandx
+- ext/spandx/extconf.rb
 - lib/spandx.rb
 - lib/spandx/cli.rb
 - lib/spandx/cli/commands/build.rb
@@ -303,17 +339,22 @@ files:
 - lib/spandx/cli/main.rb
 - lib/spandx/core/cache.rb
 - lib/spandx/core/circuit.rb
+- lib/spandx/core/concurrent.rb
 - lib/spandx/core/content.rb
+- lib/spandx/core/data_file.rb
 - lib/spandx/core/dependency.rb
 - lib/spandx/core/gateway.rb
 - lib/spandx/core/git.rb
 - lib/spandx/core/guess.rb
 - lib/spandx/core/http.rb
+- lib/spandx/core/index_file.rb
 - lib/spandx/core/license_plugin.rb
-- lib/spandx/core/null_gateway.rb
+- lib/spandx/core/line_io.rb
 - lib/spandx/core/parser.rb
+- lib/spandx/core/path_traversal.rb
 - lib/spandx/core/plugin.rb
 - lib/spandx/core/registerable.rb
+- lib/spandx/core/relation.rb
 - lib/spandx/core/report.rb
 - lib/spandx/core/score.rb
 - lib/spandx/core/table.rb
@@ -342,17 +383,19 @@ files:
 - lib/spandx/ruby/gateway.rb
 - lib/spandx/ruby/parsers/gemfile_lock.rb
 - lib/spandx/spdx/catalogue.rb
+- lib/spandx/spdx/composite_license.rb
+- lib/spandx/spdx/expression.rb
 - lib/spandx/spdx/gateway.rb
 - lib/spandx/spdx/license.rb
 - lib/spandx/version.rb
 - spandx.gemspec
-homepage: https://github.com/mokhan/spandx
+homepage: https://spandx.github.io/
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/mokhan/spandx
-  source_code_uri: https://github.com/mokhan/spandx
-  changelog_uri: https://github.com/mokhan/spandx/blob/master/CHANGELOG.md
+  homepage_uri: https://spandx.github.io/
+  source_code_uri: https://github.com/spandx/spandx
+  changelog_uri: https://github.com/spandx/spandx/blob/master/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -361,7 +404,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="