spandx 0.13.2 → 0.15.0

data/lib/spandx/core/http.rb

@@ -27,7 +27,7 @@ module Spandx
             client.get(escape ? Addressable::URI.escape(uri) : uri)
           end
         end
-      rescue *Net::Hippie::CONNECTION_ERRORS
+      rescue *Net::Hippie::CONNECTION_ERRORS, URI::InvalidURIError
         default
       end
 
@@ -36,12 +36,12 @@ module Spandx
       end
 
       def self.default_driver
-        @default_driver ||= Net::Hippie::Client.new.tap do |client|
-          client.logger = Spandx.logger
-          client.open_timeout = 1
-          client.read_timeout = 5
-          client.follow_redirects = 3
-        end
+        @default_driver ||= Net::Hippie::Client.new(
+          follow_redirects: 3,
+          logger: Spandx.logger,
+          open_timeout: 1,
+          read_timeout: 5
+        )
       end
 
       private

data/lib/spandx/core/index_file.rb

@@ -26,6 +26,8 @@ module Spandx
           until min >= max
             mid = mid_for(min, max)
             row = reader.row(mid)
+            return unless row
+
             comparison = yield row
             return row if comparison.zero?
 

data/lib/spandx/core/license_plugin.rb

@@ -8,7 +8,8 @@ module Spandx
       end
 
       def enhance(dependency)
-        return dependency unless known?(dependency.package_manager)
+        package_manager = package_manager_for(dependency)
+        return dependency unless known?(package_manager)
         return enhance_from_metadata(dependency) if available_in?(dependency.meta)
 
         licenses_for(dependency).each do |text|
@@ -25,12 +26,14 @@ module Spandx
       end
 
       def cache_for(dependency, git: Spandx.git)
-        git = git[dependency.package_manager.to_sym] || git[:cache]
-        Spandx::Core::Cache.new(dependency.package_manager, root: "#{git.root}/.index")
+        package_manager = package_manager_for(dependency)
+        git = git[package_manager.to_sym] || git[:cache]
+        key = key_for(package_manager)
+        Spandx::Core::Cache.new(key, root: "#{git.root}/.index")
       end
 
       def known?(package_manager)
-        %i[nuget maven rubygems npm yarn pypi composer].include?(package_manager)
+        %i[nuget maven rubygems npm yarn pypi composer apk].include?(package_manager)
       end
 
       def gateway_for(dependency)
@@ -49,6 +52,14 @@ module Spandx
         end
         dependency
       end
+
+      def key_for(package_manager)
+        package_manager == :yarn ? :npm : package_manager
+      end
+
+      def package_manager_for(dependency)
+        dependency.package_manager
+      end
     end
   end
 end

data/lib/spandx/core/parser.rb

@@ -9,8 +9,8 @@ module Spandx
         end
       end
 
-      def matches?(_filename)
-        raise ::Spandx::Error, :matches?
+      def match?(_path)
+        raise ::Spandx::Error, :match?
       end
 
       def parse(_dependency)
@@ -20,10 +20,15 @@ module Spandx
       class << self
         include Registerable
 
+        def parse(path)
+          self.for(path).parse(path)
+        end
+
         def for(path)
-          return UNKNOWN if !File.exist?(path) || File.size(path).zero?
+          path = Pathname.new(path)
+          return UNKNOWN if !path.exist? || path.zero?
 
-          find { |x| x.matches?(File.basename(path)) } || UNKNOWN
+          find { |x| x.match?(path) } || UNKNOWN
         end
       end
     end

data/lib/spandx/core/path_traversal.rb

@@ -6,7 +6,7 @@ module Spandx
       attr_reader :root
 
       def initialize(root, recursive: true)
-        @root = root
+        @root = Pathname.new(root)
         @recursive = recursive
       end
 
@@ -14,27 +14,18 @@ module Spandx
         each_file_in(root, &block)
       end
 
-      def to_enum
-        Enumerator.new do |yielder|
-          each do |item|
-            yielder.yield item
-          end
-        end
-      end
-
       private
 
       def recursive?
         @recursive
       end
 
-      def each_file_in(dir, &block)
-        files = File.directory?(dir) ? Dir.glob(File.join(dir, '*')) : [dir]
+      def each_file_in(path, &block)
+        files = path.directory? ? path.children : [path]
         files.each do |file|
-          if File.directory?(file)
+          if file.directory?
             each_file_in(file, &block) if recursive?
           else
-            Spandx.logger.debug(file)
             block.call(file)
           end
         end

data/lib/spandx/core/plugin.rb

@@ -9,6 +9,12 @@ module Spandx
 
       class << self
         include Registerable
+
+        def enhance(dependency)
+          Plugin.all.inject(dependency) do |memo, plugin|
+            plugin.enhance(memo)
+          end
+        end
       end
     end
   end

data/lib/spandx/core/thread_pool.rb

@@ -3,14 +3,14 @@
 module Spandx
   module Core
     class ThreadPool
-      def initialize(size: Etc.nprocessors)
+      def initialize(size: 1)
         @size = size
         @queue = Queue.new
-        @pool = size.times.map { start_worker_thread }
+        @pool = size.times.map { start_worker_thread(@queue) }
       end
 
-      def schedule(*args, &block)
-        @queue.enq([block, args])
+      def run(*args, &job)
+        @queue.enq([job, args])
       end
 
       def done?
@@ -19,14 +19,14 @@ module Spandx
 
       def shutdown
         @size.times do
-          schedule { throw :exit }
+          run { throw :exit }
         end
 
         @pool.map(&:join)
       end
 
-      def self.open
-        pool = new
+      def self.open(**args)
+        pool = new(**args)
         yield pool
       ensure
         pool.shutdown
@@ -34,12 +34,12 @@ module Spandx
 
       private
 
-      def start_worker_thread
-        Thread.new do
+      def start_worker_thread(queue)
+        Thread.new(queue) do |q|
           catch(:exit) do
             loop do
-              job, args = @queue.deq
-              job.call(*args)
+              job, args = q.deq
+              job.call(args)
             end
           end
         end

data/lib/spandx/dotnet/nuget_gateway.rb

@@ -69,7 +69,7 @@ module Spandx
 
       def fetch_json(url)
         response = http.get(url)
-        http.ok?(response) ? JSON.parse(response.body) : {}
+        http.ok?(response) ? Oj.load(response.body) : {}
       end
 
       def fetch_xml(url)

data/lib/spandx/dotnet/parsers/csproj.rb

@@ -4,22 +4,22 @@ module Spandx
   module Dotnet
     module Parsers
       class Csproj < ::Spandx::Core::Parser
-        def matches?(filename)
-          ['.csproj', '.props'].include?(File.extname(filename))
+        def match?(path)
+          ['.csproj', '.props'].include?(path.extname)
         end
 
-        def parse(lockfile)
+        def parse(path)
           ProjectFile
-            .new(lockfile)
+            .new(path)
             .package_references
-            .map { |x| map_from(x) }
+            .map { |x| map_from(path, x) }
         end
 
         private
 
-        def map_from(package_reference)
+        def map_from(path, package_reference)
           ::Spandx::Core::Dependency.new(
-            package_manager: :nuget,
+            path: path,
             name: package_reference.name,
             version: package_reference.version,
             meta: package_reference

data/lib/spandx/dotnet/parsers/packages_config.rb

@@ -4,22 +4,22 @@ module Spandx
   module Dotnet
     module Parsers
       class PackagesConfig < ::Spandx::Core::Parser
-        def matches?(filename)
-          filename.match?(/packages\.config/)
+        def match?(path)
+          path.basename.fnmatch?('packages.config')
         end
 
-        def parse(lockfile)
-          Nokogiri::XML(IO.read(lockfile))
+        def parse(path)
+          Nokogiri::XML(path.read)
             .search('//package')
-            .map { |node| map_from(node) }
+            .map { |node| map_from(path, node) }
         end
 
         private
 
-        def map_from(node)
+        def map_from(path, node)
           name = attribute_for('id', node)
           version = attribute_for('version', node)
-          ::Spandx::Core::Dependency.new(package_manager: :nuget, name: name, version: version)
+          ::Spandx::Core::Dependency.new(name: name, version: version, path: path)
         end
 
         def attribute_for(key, node)

data/lib/spandx/dotnet/parsers/sln.rb

@@ -4,29 +4,26 @@ module Spandx
   module Dotnet
     module Parsers
       class Sln < ::Spandx::Core::Parser
-        def matches?(filename)
-          filename.match?(/.*\.sln/)
+        def match?(path)
+          path.extname == '.sln'
         end
 
-        def parse(file_path)
-          project_paths_from(file_path).map do |path|
-            ::Spandx::Core::Parser
-              .for(path)
-              .parse(path)
+        def parse(path)
+          project_paths_from(path).map do |project_path|
+            ::Spandx::Core::Parser.parse(project_path)
           end.flatten
         end
 
         private
 
-        def project_paths_from(file_path)
-          IO.readlines(file_path).map do |line|
+        def project_paths_from(path)
+          path.each_line.map do |line|
             next unless project_line?(line)
 
-            path = project_path_from(line)
-            next unless path
+            project_path = project_path_from(line)
+            next unless project_path
 
-            path = File.join(File.dirname(file_path), path)
-            Pathname.new(path).cleanpath.to_path
+            path.dirname.join(project_path).cleanpath.to_path
           end.compact
         end
 

data/lib/spandx/dotnet/project_file.rb

@@ -6,9 +6,9 @@ module Spandx
       attr_reader :catalogue, :document, :nuget
 
       def initialize(path)
-        @path = path
-        @dir = File.dirname(path)
-        @document = Nokogiri::XML(IO.read(path)).tap(&:remove_namespaces!)
+        @path = Pathname(path)
+        @dir = @path.dirname
+        @document = Nokogiri::XML(@path.read).tap(&:remove_namespaces!)
       end
 
       def package_references

data/lib/spandx/java/parsers/maven.rb

@@ -4,26 +4,26 @@ module Spandx
   module Java
     module Parsers
       class Maven < ::Spandx::Core::Parser
-        def matches?(filename)
-          File.basename(filename) == 'pom.xml'
+        def match?(path)
+          path.basename.fnmatch?('pom.xml')
         end
 
-        def parse(filename)
-          document = Nokogiri.XML(IO.read(filename)).tap(&:remove_namespaces!)
+        def parse(path)
+          document = Nokogiri.XML(path.read).tap(&:remove_namespaces!)
           document.search('//project/dependencies/dependency').map do |node|
-            map_from(node)
+            map_from(path, node)
           end
         end
 
         private
 
-        def map_from(node)
+        def map_from(path, node)
           artifact_id = node.at_xpath('./artifactId').text
           group_id = node.at_xpath('./groupId').text
           version = node.at_xpath('./version').text
 
           ::Spandx::Core::Dependency.new(
-            package_manager: :maven,
+            path: path,
             name: "#{group_id}:#{artifact_id}",
             version: version
           )

data/lib/spandx/js/parsers/npm.rb

@@ -4,30 +4,30 @@ module Spandx
   module Js
     module Parsers
       class Npm < ::Spandx::Core::Parser
-        def matches?(filename)
+        def match?(filename)
           File.basename(filename) == 'package-lock.json'
         end
 
-        def parse(file_path)
+        def parse(path)
           items = Set.new
-          each_metadata(file_path) do |metadata|
-            items.add(map_from(metadata))
+          each_metadata(path) do |metadata|
+            items.add(map_from(path, metadata))
           end
           items
         end
 
         private
 
-        def each_metadata(file_path)
-          package_lock = JSON.parse(IO.read(file_path))
+        def each_metadata(path)
+          package_lock = Oj.load(path.read)
           package_lock['dependencies'].each do |name, metadata|
             yield metadata.merge('name' => name)
           end
         end
 
-        def map_from(metadata)
+        def map_from(path, metadata)
           Spandx::Core::Dependency.new(
-            package_manager: :npm,
+            path: path,
             name: metadata['name'],
             version: metadata['version'],
             meta: metadata

data/lib/spandx/js/parsers/yarn.rb

@@ -4,21 +4,21 @@ module Spandx
   module Js
     module Parsers
       class Yarn < ::Spandx::Core::Parser
-        def matches?(filename)
-          File.basename(filename) == 'yarn.lock'
+        def match?(filename)
+          filename.basename.fnmatch?('yarn.lock')
         end
 
-        def parse(file_path)
-          YarnLock.new(file_path).each_with_object(Set.new) do |metadata, memo|
-            memo << map_from(metadata)
+        def parse(path)
+          YarnLock.new(path).each_with_object(Set.new) do |metadata, memo|
+            memo << map_from(path, metadata)
           end
         end
 
         private
 
-        def map_from(metadata)
+        def map_from(path, metadata)
           ::Spandx::Core::Dependency.new(
-            package_manager: :yarn,
+            path: path,
             name: metadata['name'],
             version: metadata['version'],
             meta: metadata

data/lib/spandx/js/yarn_pkg.rb

@@ -27,7 +27,7 @@ module Spandx
         response = http.get(uri, escape: false)
 
         if http.ok?(response)
-          json = JSON.parse(response.body)
+          json = Oj.load(response.body)
           json['versions'] ? json['versions'][dependency.version] : json
         else
           {}