spandx 0.13.2 → 0.13.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -2
- data/lib/spandx/cli.rb +2 -1
- data/lib/spandx/cli/commands/scan.rb +16 -30
- data/lib/spandx/core/http.rb +1 -1
- data/lib/spandx/core/index_file.rb +2 -0
- data/lib/spandx/core/license_plugin.rb +6 -1
- data/lib/spandx/core/spinner.rb +51 -0
- data/lib/spandx/python/source.rb +12 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +2 -1
- metadata +21 -9
- data/lib/spandx/core/concurrent.rb +0 -40
- data/lib/spandx/core/line_io.rb +0 -23
- data/lib/spandx/core/thread_pool.rb +0 -49
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4b36f49bab527c52c6d3f6ddf1d70e022422f70c678bf865231921982460a4b4
|
|
4
|
+
data.tar.gz: 5d31efbe54079dd42a07c46f9d47bbe508d712ebed5d7294537685112d170079
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: abe3e8e231a35f5861b3e85502a7b5c415684ce351756b0d64c77cfcf417bfd099e25587714c9e88b9a3ddb7309154921e0b57b4601bbe9aa74de7f057165773
|
|
7
|
+
data.tar.gz: 757dd76cebbd921d4034a69e794beffac0c9ff00ec846491b4037bf01a687d06aad5a8d258dccb59dc6cce6d94626dbb6df77eae53ccc8755982482a780bf65f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Version 0.13.
|
|
1
|
+
Version 0.13.3
|
|
2
2
|
|
|
3
3
|
# Changelog
|
|
4
4
|
|
|
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
9
9
|
|
|
10
10
|
## [Unreleased]
|
|
11
11
|
|
|
12
|
+
## [0.13.3] - 2020-05-19
|
|
13
|
+
### Fixed
|
|
14
|
+
- Ignore invalid URLs during scan.
|
|
15
|
+
|
|
12
16
|
## [0.13.2] - 2020-05-17
|
|
13
17
|
### Fixed
|
|
14
18
|
- Detect licenses when provided as an array.
|
|
@@ -177,7 +181,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
177
181
|
### Added
|
|
178
182
|
- Provide ruby API to the latest SPDX catalogue.
|
|
179
183
|
|
|
180
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.
|
|
184
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.3...HEAD
|
|
185
|
+
[0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
|
|
186
|
+
[0.13.2]: https://github.com/spandx/spandx/compare/v0.13.1...v0.13.2
|
|
187
|
+
[0.13.1]: https://github.com/spandx/spandx/compare/v0.13.0...v0.13.1
|
|
181
188
|
[0.13.0]: https://github.com/spandx/spandx/compare/v0.12.3...v0.13.0
|
|
182
189
|
[0.12.3]: https://github.com/spandx/spandx/compare/v0.12.2...v0.12.3
|
|
183
190
|
[0.12.2]: https://github.com/spandx/spandx/compare/v0.12.1...v0.12.2
|
data/lib/spandx/cli.rb
CHANGED
|
@@ -4,28 +4,26 @@ module Spandx
|
|
|
4
4
|
module Cli
|
|
5
5
|
module Commands
|
|
6
6
|
class Scan
|
|
7
|
-
|
|
8
|
-
def advance(*args); end
|
|
9
|
-
end.new
|
|
10
|
-
|
|
11
|
-
attr_reader :scan_path
|
|
7
|
+
attr_reader :scan_path, :spinner
|
|
12
8
|
|
|
13
9
|
def initialize(scan_path, options)
|
|
14
10
|
@scan_path = ::Pathname.new(scan_path)
|
|
15
11
|
@options = options
|
|
12
|
+
@spinner = options[:show_progress] ? ::Spandx::Core::Spinner.new : ::Spandx::Core::Spinner::NULL
|
|
16
13
|
require(options[:require]) if options[:require]
|
|
17
14
|
end
|
|
18
15
|
|
|
19
16
|
def execute(output: $stdout)
|
|
20
|
-
Spandx::Core::
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
17
|
+
report = ::Spandx::Core::Report.new
|
|
18
|
+
each_file do |file|
|
|
19
|
+
spinner.spin(file)
|
|
20
|
+
each_dependency_from(file) do |dependency|
|
|
21
|
+
spinner.spin(file)
|
|
22
|
+
report.add(dependency)
|
|
26
23
|
end
|
|
27
|
-
output.puts(format(report.to(@options[:format])))
|
|
28
24
|
end
|
|
25
|
+
spinner.stop
|
|
26
|
+
output.puts(format(report.to(@options[:format])))
|
|
29
27
|
end
|
|
30
28
|
|
|
31
29
|
private
|
|
@@ -36,16 +34,12 @@ module Spandx
|
|
|
36
34
|
.each { |file| yield file }
|
|
37
35
|
end
|
|
38
36
|
|
|
39
|
-
def each_dependency_from(file
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
bar.advance(1)
|
|
46
|
-
yield dependency
|
|
47
|
-
end
|
|
48
|
-
end
|
|
37
|
+
def each_dependency_from(file)
|
|
38
|
+
::Spandx::Core::Parser
|
|
39
|
+
.for(file)
|
|
40
|
+
.parse(file)
|
|
41
|
+
.map { |x| enhance(x) }
|
|
42
|
+
.each { |dependency| yield dependency }
|
|
49
43
|
end
|
|
50
44
|
|
|
51
45
|
def format(output)
|
|
@@ -57,14 +51,6 @@ module Spandx
|
|
|
57
51
|
.all
|
|
58
52
|
.inject(dependency) { |memo, plugin| plugin.enhance(memo) }
|
|
59
53
|
end
|
|
60
|
-
|
|
61
|
-
def title_for(file)
|
|
62
|
-
"#{file} [:bar, :elapsed] :percent"
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
def with_progress(title, total)
|
|
66
|
-
yield @options[:show_progress] ? TTY::ProgressBar.new(title, total: total) : NULL_BAR
|
|
67
|
-
end
|
|
68
54
|
end
|
|
69
55
|
end
|
|
70
56
|
end
|
data/lib/spandx/core/http.rb
CHANGED
|
@@ -26,7 +26,8 @@ module Spandx
|
|
|
26
26
|
|
|
27
27
|
def cache_for(dependency, git: Spandx.git)
|
|
28
28
|
git = git[dependency.package_manager.to_sym] || git[:cache]
|
|
29
|
-
|
|
29
|
+
key = key_for(dependency.package_manager)
|
|
30
|
+
Spandx::Core::Cache.new(key, root: "#{git.root}/.index")
|
|
30
31
|
end
|
|
31
32
|
|
|
32
33
|
def known?(package_manager)
|
|
@@ -49,6 +50,10 @@ module Spandx
|
|
|
49
50
|
end
|
|
50
51
|
dependency
|
|
51
52
|
end
|
|
53
|
+
|
|
54
|
+
def key_for(package_manager)
|
|
55
|
+
package_manager == :yarn ? :npm : package_manager
|
|
56
|
+
end
|
|
52
57
|
end
|
|
53
58
|
end
|
|
54
59
|
end
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spandx
|
|
4
|
+
module Core
|
|
5
|
+
class Spinner
|
|
6
|
+
NULL = Class.new do
|
|
7
|
+
def self.spin(*args); end
|
|
8
|
+
|
|
9
|
+
def self.stop(*args); end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
attr_reader :columns, :spinner
|
|
13
|
+
|
|
14
|
+
def initialize(columns: TTY::Screen.columns, output: $stderr)
|
|
15
|
+
@columns = columns
|
|
16
|
+
@spinner = Nanospinner.new(output)
|
|
17
|
+
@queue = Queue.new
|
|
18
|
+
@thread = Thread.new { work }
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def spin(message)
|
|
22
|
+
@queue.enq(justify(message))
|
|
23
|
+
yield if block_given?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def stop
|
|
27
|
+
@queue.clear
|
|
28
|
+
@queue.enq(:stop)
|
|
29
|
+
@thread.join
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
private
|
|
33
|
+
|
|
34
|
+
def justify(message)
|
|
35
|
+
message.to_s.ljust(columns - 3)
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def work
|
|
39
|
+
last_message = justify('')
|
|
40
|
+
loop do
|
|
41
|
+
message = @queue.empty? ? last_message : @queue.deq
|
|
42
|
+
break if message == :stop
|
|
43
|
+
|
|
44
|
+
spinner.spin(message)
|
|
45
|
+
last_message = message
|
|
46
|
+
sleep 0.1
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
data/lib/spandx/python/source.rb
CHANGED
|
@@ -28,11 +28,23 @@ module Spandx
|
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
def ==(other)
|
|
32
|
+
name == other.name &&
|
|
33
|
+
uri.to_s == other.uri.to_s &&
|
|
34
|
+
verify_ssl == other.verify_ssl
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def eql(other)
|
|
38
|
+
self == other
|
|
39
|
+
end
|
|
40
|
+
|
|
31
41
|
class << self
|
|
32
42
|
def sources_from(json)
|
|
33
43
|
meta = json['_meta']
|
|
34
44
|
meta['sources'].map do |hash|
|
|
35
45
|
new(hash)
|
|
46
|
+
rescue URI::InvalidURIError
|
|
47
|
+
default
|
|
36
48
|
end
|
|
37
49
|
end
|
|
38
50
|
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
|
@@ -34,11 +34,12 @@ Gem::Specification.new do |spec|
|
|
|
34
34
|
|
|
35
35
|
spec.add_dependency 'addressable', '~> 2.7'
|
|
36
36
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
|
37
|
+
spec.add_dependency 'nanospinner', '~> 1.0.0'
|
|
37
38
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
|
38
39
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
|
39
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
|
40
41
|
spec.add_dependency 'thor'
|
|
41
|
-
spec.add_dependency 'tty-
|
|
42
|
+
spec.add_dependency 'tty-screen', '~> 0.7'
|
|
42
43
|
spec.add_dependency 'zeitwerk', '~> 2.3'
|
|
43
44
|
|
|
44
45
|
spec.add_development_dependency 'benchmark-ips', '~> 2.8'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spandx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.13.
|
|
4
|
+
version: 0.13.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Can Eldem
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-05-
|
|
12
|
+
date: 2020-05-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -45,6 +45,20 @@ dependencies:
|
|
|
45
45
|
- - "<"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 3.0.0
|
|
48
|
+
- !ruby/object:Gem::Dependency
|
|
49
|
+
name: nanospinner
|
|
50
|
+
requirement: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 1.0.0
|
|
55
|
+
type: :runtime
|
|
56
|
+
prerelease: false
|
|
57
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: 1.0.0
|
|
48
62
|
- !ruby/object:Gem::Dependency
|
|
49
63
|
name: net-hippie
|
|
50
64
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -102,19 +116,19 @@ dependencies:
|
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
117
|
version: '0'
|
|
104
118
|
- !ruby/object:Gem::Dependency
|
|
105
|
-
name: tty-
|
|
119
|
+
name: tty-screen
|
|
106
120
|
requirement: !ruby/object:Gem::Requirement
|
|
107
121
|
requirements:
|
|
108
122
|
- - "~>"
|
|
109
123
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0.
|
|
124
|
+
version: '0.7'
|
|
111
125
|
type: :runtime
|
|
112
126
|
prerelease: false
|
|
113
127
|
version_requirements: !ruby/object:Gem::Requirement
|
|
114
128
|
requirements:
|
|
115
129
|
- - "~>"
|
|
116
130
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: '0.
|
|
131
|
+
version: '0.7'
|
|
118
132
|
- !ruby/object:Gem::Dependency
|
|
119
133
|
name: zeitwerk
|
|
120
134
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -341,7 +355,6 @@ files:
|
|
|
341
355
|
- lib/spandx/cli/main.rb
|
|
342
356
|
- lib/spandx/core/cache.rb
|
|
343
357
|
- lib/spandx/core/circuit.rb
|
|
344
|
-
- lib/spandx/core/concurrent.rb
|
|
345
358
|
- lib/spandx/core/content.rb
|
|
346
359
|
- lib/spandx/core/data_file.rb
|
|
347
360
|
- lib/spandx/core/dependency.rb
|
|
@@ -351,7 +364,6 @@ files:
|
|
|
351
364
|
- lib/spandx/core/http.rb
|
|
352
365
|
- lib/spandx/core/index_file.rb
|
|
353
366
|
- lib/spandx/core/license_plugin.rb
|
|
354
|
-
- lib/spandx/core/line_io.rb
|
|
355
367
|
- lib/spandx/core/parser.rb
|
|
356
368
|
- lib/spandx/core/path_traversal.rb
|
|
357
369
|
- lib/spandx/core/plugin.rb
|
|
@@ -359,8 +371,8 @@ files:
|
|
|
359
371
|
- lib/spandx/core/relation.rb
|
|
360
372
|
- lib/spandx/core/report.rb
|
|
361
373
|
- lib/spandx/core/score.rb
|
|
374
|
+
- lib/spandx/core/spinner.rb
|
|
362
375
|
- lib/spandx/core/table.rb
|
|
363
|
-
- lib/spandx/core/thread_pool.rb
|
|
364
376
|
- lib/spandx/dotnet/index.rb
|
|
365
377
|
- lib/spandx/dotnet/nuget_gateway.rb
|
|
366
378
|
- lib/spandx/dotnet/package_reference.rb
|
|
@@ -413,7 +425,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
413
425
|
- !ruby/object:Gem::Version
|
|
414
426
|
version: '0'
|
|
415
427
|
requirements: []
|
|
416
|
-
rubygems_version: 3.1.
|
|
428
|
+
rubygems_version: 3.1.3
|
|
417
429
|
signing_key:
|
|
418
430
|
specification_version: 4
|
|
419
431
|
summary: A ruby interface to the SPDX catalogue.
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Spandx
|
|
4
|
-
module Core
|
|
5
|
-
class Concurrent
|
|
6
|
-
include Enumerable
|
|
7
|
-
|
|
8
|
-
def self.map(items, pool:, &block)
|
|
9
|
-
queue = Queue.new
|
|
10
|
-
|
|
11
|
-
items.each do |item|
|
|
12
|
-
pool.schedule([item, block]) do |marshalled_item, callable|
|
|
13
|
-
queue.enq(callable.call(marshalled_item))
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
new(queue, items.size)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
attr_reader :queue, :size
|
|
21
|
-
|
|
22
|
-
def initialize(queue, size)
|
|
23
|
-
@queue = queue
|
|
24
|
-
@size = size
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def each
|
|
28
|
-
size.times { yield queue.deq }
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def to_enum
|
|
32
|
-
Enumerator.new do |yielder|
|
|
33
|
-
each do |item|
|
|
34
|
-
yielder.yield item
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|
data/lib/spandx/core/line_io.rb
DELETED
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Spandx
|
|
4
|
-
module Core
|
|
5
|
-
class LineIo
|
|
6
|
-
def initialize(absolute_path)
|
|
7
|
-
file_descriptor = IO.sysopen(absolute_path)
|
|
8
|
-
@io = IO.new(file_descriptor)
|
|
9
|
-
@buffer = ''
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def each(&block)
|
|
13
|
-
@buffer << @io.sysread(512) until @buffer.include?($INPUT_RECORD_SEPARATOR)
|
|
14
|
-
|
|
15
|
-
line, @buffer = @buffer.split($INPUT_RECORD_SEPARATOR, 2)
|
|
16
|
-
block.call(line)
|
|
17
|
-
each(&block)
|
|
18
|
-
rescue EOFError
|
|
19
|
-
@io.close
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
end
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Spandx
|
|
4
|
-
module Core
|
|
5
|
-
class ThreadPool
|
|
6
|
-
def initialize(size: Etc.nprocessors)
|
|
7
|
-
@size = size
|
|
8
|
-
@queue = Queue.new
|
|
9
|
-
@pool = size.times.map { start_worker_thread }
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def schedule(*args, &block)
|
|
13
|
-
@queue.enq([block, args])
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def done?
|
|
17
|
-
@queue.empty?
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def shutdown
|
|
21
|
-
@size.times do
|
|
22
|
-
schedule { throw :exit }
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
@pool.map(&:join)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def self.open
|
|
29
|
-
pool = new
|
|
30
|
-
yield pool
|
|
31
|
-
ensure
|
|
32
|
-
pool.shutdown
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
private
|
|
36
|
-
|
|
37
|
-
def start_worker_thread
|
|
38
|
-
Thread.new do
|
|
39
|
-
catch(:exit) do
|
|
40
|
-
loop do
|
|
41
|
-
job, args = @queue.deq
|
|
42
|
-
job.call(*args)
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
end
|