spandx 0.13.3 → 0.15.1

data/lib/spandx/js/yarn_pkg.rb

@@ -27,7 +27,7 @@ module Spandx
         response = http.get(uri, escape: false)
 
         if http.ok?(response)
-          json = JSON.parse(response.body)
+          json = Oj.load(response.body)
           json['versions'] ? json['versions'][dependency.version] : json
         else
           {}

data/lib/spandx/os/parsers/apk.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Os
+    module Parsers
+      class Apk < ::Spandx::Core::Parser
+        def match?(path)
+          path.basename.fnmatch?('installed')
+        end
+
+        def parse(lockfile)
+          path = lockfile.to_s
+
+          [].tap do |items|
+            lockfile.open(mode: 'r') do |io|
+              each_package(io) do |data|
+                items.push(map_from(data, path))
+              end
+            end
+          end
+        end
+
+        private
+
+        def each_package(io)
+          package = {}
+
+          until io.eof?
+            line = io.readline.chomp
+            if line.empty?
+              yield package
+
+              package = {}
+            else
+              line.split(':').tap { |(key, value)| package[key] = value }
+            end
+          end
+        end
+
+        def map_from(data, path)
+          ::Spandx::Core::Dependency.new(
+            path: path,
+            name: data['P'],
+            version: data['V'],
+            meta: data.merge('license' => [data['L']])
+          )
+        end
+      end
+    end
+  end
+end

data/lib/spandx/os/parsers/dpkg.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Os
+    module Parsers
+      class Dpkg < ::Spandx::Core::Parser
+        class LineReader
+          attr_reader :io
+
+          def initialize(io)
+            @io = io
+          end
+
+          def each
+            yield read_package(io, Hash.new(''), nil) until io.eof?
+          end
+
+          private
+
+          def read_package(io, package, prev_key)
+            return package if io.eof?
+
+            line = io.readline.chomp
+            return package if line.empty?
+
+            key, value = split(line, prev_key)
+            package[key] += value
+            read_package(io, package, key)
+          end
+
+          def split(line, prev_key)
+            if prev_key && line.start_with?(' ')
+              [prev_key, line]
+            else
+              key, *rest = line.split(':')
+              value = rest&.join(':')&.strip
+              [key, value]
+            end
+          end
+        end
+
+        def match?(path)
+          path.basename.fnmatch?('status')
+        end
+
+        def parse(lockfile)
+          [].tap do |items|
+            lockfile.open(mode: 'r') do |io|
+              LineReader.new(io).each do |data|
+                items.push(map_from(data, lockfile.to_s))
+              end
+            end
+          end
+        end
+
+        private
+
+        def map_from(data, path)
+          ::Spandx::Core::Dependency.new(
+            path: path,
+            name: data['Package'],
+            version: data['Version'],
+            meta: data
+          )
+        end
+      end
+    end
+  end
+end

data/lib/spandx/php/packagist_gateway.rb

@@ -17,7 +17,7 @@ module Spandx
         response = http.get("https://repo.packagist.org/p/#{dependency.name}.json")
         return [] unless http.ok?(response)
 
-        json = JSON.parse(response.body)
+        json = Oj.load(response.body)
         json['packages'][dependency.name][dependency.version]['license']
       end
     end

data/lib/spandx/php/parsers/composer.rb

@@ -4,24 +4,24 @@ module Spandx
   module Php
     module Parsers
       class Composer < ::Spandx::Core::Parser
-        def matches?(filename)
-          File.basename(filename) == 'composer.lock'
+        def match?(path)
+          path.basename.fnmatch? 'composer.lock'
         end
 
-        def parse(file_path)
+        def parse(path)
           items = Set.new
-          composer_lock = JSON.parse(IO.read(file_path))
+          composer_lock = Oj.load(path.read)
           composer_lock['packages'].concat(composer_lock['packages-dev']).each do |dependency|
-            items.add(map_from(dependency))
+            items.add(map_from(path, dependency))
           end
           items
         end
 
         private
 
-        def map_from(dependency)
+        def map_from(path, dependency)
           Spandx::Core::Dependency.new(
-            package_manager: :composer,
+            path: path,
             name: dependency['name'],
             version: dependency['version'],
             meta: dependency

data/lib/spandx/python/parsers/pipfile_lock.rb

@@ -4,8 +4,8 @@ module Spandx
   module Python
     module Parsers
       class PipfileLock < ::Spandx::Core::Parser
-        def matches?(filename)
-          filename.match?(/Pipfile.*\.lock/)
+        def match?(path)
+          path.basename.fnmatch?('Pipfile*.lock')
         end
 
         def parse(lockfile)
@@ -19,10 +19,10 @@ module Spandx
         private
 
         def dependencies_from(lockfile)
-          json = JSON.parse(IO.read(lockfile))
+          json = Oj.load(lockfile.read)
           each_dependency(json) do |name, version|
             yield ::Spandx::Core::Dependency.new(
-              package_manager: :pypi,
+              path: lockfile,
               name: name,
               version: version,
               meta: json

data/lib/spandx/python/pypi.rb

@@ -49,19 +49,26 @@ module Spandx
       end
 
       def version_from(url)
-        path = SUBSTITUTIONS.inject(URI.parse(url).path.split('/')[-1]) do |memo, item|
-          memo.gsub(item, '')
-        end
-
+        path = cleanup(url)
         return if path.rindex('-').nil?
 
-        path.scan(/-\d+\..*/)[-1][1..-1]
+        section = path.scan(/-\d+\..*/)
+        section = path.scan(/-\d+\.?.*/) if section.empty?
+        section[-1][1..-1]
+      rescue StandardError => error
+        warn([url, error].inspect)
       end
 
       private
 
       attr_reader :http
 
+      def cleanup(url)
+        SUBSTITUTIONS.inject(URI.parse(url).path.split('/')[-1]) do |memo, item|
+          memo.gsub(item, '')
+        end
+      end
+
       def sources_for(dependency)
         return default_sources if dependency.meta.empty?
 
@@ -76,7 +83,7 @@ module Spandx
         sources.each do |source|
           html_from(source, '/simple/').css('a[href*="/simple"]').each do |node|
             each_version(source, node[:href]) do |dependency|
-              definition = source.lookup(dependency[:name], dependency[:version])
+              definition = source.lookup(dependency[:name], dependency[:version], http: http)
               yield dependency.merge(license: definition['license'])
             end
           end
@@ -93,7 +100,12 @@ module Spandx
 
       def html_from(source, path)
         url = URI.join(source.uri.to_s, path).to_s
-        Nokogiri::HTML(http.get(url).body)
+        response = http.get(url)
+        if http.ok?(response)
+          Nokogiri::HTML(response.body)
+        else
+          Nokogiri::HTML('<html><head></head><body></body></html>')
+        end
       end
     end
   end

data/lib/spandx/python/source.rb

@@ -22,7 +22,7 @@ module Spandx
       def lookup(name, version, http: Spandx.http)
         response = http.get(uri_for(name, version))
         if http.ok?(response)
-          JSON.parse(response.body)
+          Oj.load(response.body)
         else
           {}
         end

data/lib/spandx/ruby/gateway.rb

@@ -27,7 +27,7 @@ module Spandx
       end
 
       def parse(json)
-        JSON.parse(json)
+        Oj.load(json)
       end
     end
   end

data/lib/spandx/ruby/parsers/gemfile_lock.rb

@@ -6,31 +6,32 @@ module Spandx
       class GemfileLock < ::Spandx::Core::Parser
         STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n)   (?<major>\d+)\.\d+\.\d+/m.freeze
 
-        def matches?(filename)
-          filename.match?(/Gemfile.*\.lock/) ||
-            filename.match?(/gems.*\.lock/)
+        def match?(pathname)
+          basename = pathname.basename
+          basename.fnmatch?('Gemfile*.lock') ||
+            basename.fnmatch?('gems*.lock')
         end
 
         def parse(lockfile)
           dependencies_from(lockfile).map do |specification|
-            map_from(specification)
+            map_from(lockfile, specification)
           end
         end
 
         private
 
         def dependencies_from(filepath)
-          content = IO.read(filepath)
-          Dir.chdir(File.dirname(filepath)) do
+          content = filepath.read.sub(STRIP_BUNDLED_WITH, '')
+          Dir.chdir(filepath.dirname) do
             ::Bundler::LockfileParser
-              .new(content.sub(STRIP_BUNDLED_WITH, ''))
+              .new(content)
               .specs
           end
         end
 
-        def map_from(specification)
+        def map_from(lockfile, specification)
           ::Spandx::Core::Dependency.new(
-            package_manager: :rubygems,
+            path: lockfile,
             name: specification.name,
             version: specification.version.to_s,
             meta: {

data/lib/spandx/spdx/catalogue.rb

@@ -33,7 +33,7 @@ module Spandx
         end
 
         def from_file(path)
-          from_json(IO.read(path))
+          from_json(Pathname.new(path).read)
         end
 
         def from_git

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.13.3'
+  VERSION = '0.15.1'
 end

data/spandx.gemspec

@@ -34,12 +34,13 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'addressable', '~> 2.7'
   spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
-  spec.add_dependency 'nanospinner', '~> 1.0.0'
-  spec.add_dependency 'net-hippie', '~> 0.3'
+  spec.add_dependency 'net-hippie', '~> 1.0'
   spec.add_dependency 'nokogiri', '~> 1.10'
+  spec.add_dependency 'oj', '~> 3.10'
   spec.add_dependency 'parslet', '~> 2.0'
+  spec.add_dependency 'terminal-table', '~> 1.8'
   spec.add_dependency 'thor'
-  spec.add_dependency 'tty-screen', '~> 0.7'
+  spec.add_dependency 'tty-spinner', '~> 0.9'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
   spec.add_development_dependency 'benchmark-ips', '~> 2.8'
@@ -53,6 +54,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rubocop', '~> 0.52'
   spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
   spec.add_development_dependency 'ruby-prof', '~> 1.3'
-  spec.add_development_dependency 'vcr', '~> 5.0'
+  spec.add_development_dependency 'vcr', '~> 6.0'
   spec.add_development_dependency 'webmock', '~> 3.7'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.13.3
+  version: 0.15.1
 platform: ruby
 authors:
 - Can Eldem
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-21 00:00:00.000000000 Z
+date: 2020-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -46,47 +46,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
-  name: nanospinner
+  name: net-hippie
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: net-hippie
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.10'
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '3.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '3.10'
 - !ruby/object:Gem::Dependency
   name: parslet
   requirement: !ruby/object:Gem::Requirement
@@ -101,6 +101,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -116,19 +130,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: tty-screen
+  name: tty-spinner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -303,14 +317,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -353,6 +367,10 @@ files:
 - lib/spandx/cli/commands/pull.rb
 - lib/spandx/cli/commands/scan.rb
 - lib/spandx/cli/main.rb
+- lib/spandx/cli/printer.rb
+- lib/spandx/cli/printers/csv.rb
+- lib/spandx/cli/printers/json.rb
+- lib/spandx/cli/printers/table.rb
 - lib/spandx/core/cache.rb
 - lib/spandx/core/circuit.rb
 - lib/spandx/core/content.rb
@@ -369,10 +387,8 @@ files:
 - lib/spandx/core/plugin.rb
 - lib/spandx/core/registerable.rb
 - lib/spandx/core/relation.rb
-- lib/spandx/core/report.rb
 - lib/spandx/core/score.rb
-- lib/spandx/core/spinner.rb
-- lib/spandx/core/table.rb
+- lib/spandx/core/thread_pool.rb
 - lib/spandx/dotnet/index.rb
 - lib/spandx/dotnet/nuget_gateway.rb
 - lib/spandx/dotnet/package_reference.rb
@@ -388,6 +404,8 @@ files:
 - lib/spandx/js/parsers/yarn.rb
 - lib/spandx/js/yarn_lock.rb
 - lib/spandx/js/yarn_pkg.rb
+- lib/spandx/os/parsers/apk.rb
+- lib/spandx/os/parsers/dpkg.rb
 - lib/spandx/php/packagist_gateway.rb
 - lib/spandx/php/parsers/composer.rb
 - lib/spandx/python/index.rb
@@ -425,7 +443,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.