spandx 0.13.5 → 0.16.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -2
- data/ext/spandx/spandx.c +2 -0
- data/lib/spandx.rb +1 -1
- data/lib/spandx/cli/commands/pull.rb +43 -4
- data/lib/spandx/cli/printers/table.rb +4 -3
- data/lib/spandx/core/data_file.rb +4 -0
- data/lib/spandx/core/dependency.rb +1 -0
- data/lib/spandx/core/git.rb +8 -6
- data/lib/spandx/core/http.rb +6 -6
- data/lib/spandx/core/license_plugin.rb +1 -1
- data/lib/spandx/os/parsers/apk.rb +51 -0
- data/lib/spandx/os/parsers/dpkg.rb +69 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +2 -2
- metadata +8 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ba0b42d3a015296733d9666c1d4b3b4bf89a86622941dd608eca9eef258f4e7a
|
4
|
+
data.tar.gz: 2dc3760f3e265a751a1b5affabfb13abeceb77d9c5980203fabea0758cc64347
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3e41d8d13f883bf9def9c684ff633c6d78077a25e999be320d5841e885cd3a45df39486a12fbee0eef8f632e32236dd294a1303901a401214b66c0dc387fd531
|
7
|
+
data.tar.gz: 451efa448a0c702593e694e25ef0d62dbe49683b33d304951284642176340a94fd3e355978782ebac0d32a5cf224a962f2c80b3afbb489e1ce0b1204191cc9e4
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.
|
1
|
+
Version 0.16.1
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -8,6 +8,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
|
+
|
12
|
+
## [0.16.1] - 2020-11-19
|
13
|
+
### Fixed
|
14
|
+
- Start spinner for table printer only
|
15
|
+
|
16
|
+
## [0.16.0] - 2020-11-19
|
17
|
+
### Changed
|
18
|
+
- Pull smaller license cache.
|
19
|
+
- Print index files after building them.
|
20
|
+
|
21
|
+
## [0.15.1] - 2020-11-18
|
22
|
+
### Fixed
|
23
|
+
- Rebuild index after pulling latest cache.
|
24
|
+
|
25
|
+
## [0.15.0] - 2020-11-18
|
26
|
+
### Added
|
27
|
+
- Parse `/var/lib/dpkg/status` file.
|
28
|
+
|
29
|
+
## [0.14.0] - 2020-11-14
|
30
|
+
### Added
|
31
|
+
- Parse `/lib/apk/db/installed` file.
|
32
|
+
|
11
33
|
## [0.13.5] - 2020-05-26
|
12
34
|
### Fixed
|
13
35
|
- Process PyPI package urls with single digit versions.
|
@@ -198,7 +220,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
198
220
|
### Added
|
199
221
|
- Provide ruby API to the latest SPDX catalogue.
|
200
222
|
|
201
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.
|
223
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.16.1...HEAD
|
224
|
+
[0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
|
225
|
+
[0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
|
226
|
+
[0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
|
227
|
+
[0.15.0]: https://github.com/spandx/spandx/compare/v0.14.0...v0.15.0
|
228
|
+
[0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
|
202
229
|
[0.13.5]: https://github.com/spandx/spandx/compare/v0.13.4...v0.13.5
|
203
230
|
[0.13.4]: https://github.com/spandx/spandx/compare/v0.13.3...v0.13.4
|
204
231
|
[0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
|
data/ext/spandx/spandx.c
CHANGED
data/lib/spandx.rb
CHANGED
@@ -45,7 +45,7 @@ module Spandx
|
|
45
45
|
@git ||= {
|
46
46
|
cache: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/cache.git'),
|
47
47
|
rubygems: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/rubygems-cache.git'),
|
48
|
-
spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git'),
|
48
|
+
spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git', default_branch: 'master'),
|
49
49
|
}
|
50
50
|
end
|
51
51
|
end
|
@@ -4,17 +4,56 @@ module Spandx
|
|
4
4
|
module Cli
|
5
5
|
module Commands
|
6
6
|
class Pull
|
7
|
+
attr_reader :cache_dir, :rubygems_cache_dir
|
8
|
+
|
7
9
|
def initialize(options)
|
8
10
|
@options = options
|
11
|
+
@cache_dir = Spandx.git[:cache].root.join('.index')
|
12
|
+
@rubygems_cache_dir = Spandx.git[:rubygems].root.join('.index')
|
9
13
|
end
|
10
14
|
|
11
|
-
def execute(output: $
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
+
def execute(output: $stderr)
|
16
|
+
sync(output)
|
17
|
+
build(output, ::Spandx::Core::Dependency::PACKAGE_MANAGERS.values.uniq)
|
18
|
+
index_files_in(cache_dir, rubygems_cache_dir).each do |item|
|
19
|
+
output.puts item.to_s.gsub(Dir.home, '~')
|
15
20
|
end
|
16
21
|
output.puts 'OK'
|
17
22
|
end
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def sync(output)
|
27
|
+
Spandx.git.each_value do |db|
|
28
|
+
with_spinner("Updating #{db.url}...", output: output) do
|
29
|
+
db.update!
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def build(output, sources)
|
35
|
+
with_spinner('Building index...', output: output) do
|
36
|
+
sources.each do |source|
|
37
|
+
Spandx::Core::Cache.new(source, root: cache_dir).rebuild_index
|
38
|
+
end
|
39
|
+
Spandx::Core::Cache.new(:rubygems, root: rubygems_cache_dir).rebuild_index
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def with_spinner(message, output:)
|
44
|
+
spinner = TTY::Spinner.new("[:spinner] #{message}", output: output)
|
45
|
+
spinner.auto_spin
|
46
|
+
yield
|
47
|
+
spinner.success('(done)')
|
48
|
+
rescue StandardError => error
|
49
|
+
spinner.error("(#{error.message})")
|
50
|
+
ensure
|
51
|
+
spinner.stop
|
52
|
+
end
|
53
|
+
|
54
|
+
def index_files_in(*dirs)
|
55
|
+
dirs.map { |x| x.glob('**/*.idx') }.flatten.sort
|
56
|
+
end
|
18
57
|
end
|
19
58
|
end
|
20
59
|
end
|
@@ -6,8 +6,8 @@ module Spandx
|
|
6
6
|
class Table < Printer
|
7
7
|
HEADINGS = ['Name', 'Version', 'Licenses', 'Location'].freeze
|
8
8
|
|
9
|
-
def initialize
|
10
|
-
@spinner = TTY::Spinner.new(output:
|
9
|
+
def initialize(output: $stderr)
|
10
|
+
@spinner = TTY::Spinner.new('[:spinner] Scanning...', output: output, clear: true, format: :dots)
|
11
11
|
end
|
12
12
|
|
13
13
|
def match?(format)
|
@@ -15,8 +15,8 @@ module Spandx
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def print_header(_io)
|
18
|
-
@dependencies = SortedSet.new
|
19
18
|
@spinner.auto_spin
|
19
|
+
@dependencies = SortedSet.new
|
20
20
|
end
|
21
21
|
|
22
22
|
def print_line(dependency, _io)
|
@@ -25,6 +25,7 @@ module Spandx
|
|
25
25
|
|
26
26
|
def print_footer(io)
|
27
27
|
@spinner.stop
|
28
|
+
@spinner.reset
|
28
29
|
io.puts(to_table(@dependencies.map(&:to_a)))
|
29
30
|
end
|
30
31
|
|
@@ -13,6 +13,7 @@ module Spandx
|
|
13
13
|
Spandx::Php::Parsers::Composer => :composer,
|
14
14
|
Spandx::Python::Parsers::PipfileLock => :pypi,
|
15
15
|
Spandx::Ruby::Parsers::GemfileLock => :rubygems,
|
16
|
+
Spandx::Os::Parsers::Apk => :apk,
|
16
17
|
}.freeze
|
17
18
|
attr_reader :path, :name, :version, :licenses, :meta
|
18
19
|
|
data/lib/spandx/core/git.rb
CHANGED
@@ -3,10 +3,11 @@
|
|
3
3
|
module Spandx
|
4
4
|
module Core
|
5
5
|
class Git
|
6
|
-
attr_reader :root, :url
|
6
|
+
attr_reader :root, :url, :default_branch
|
7
7
|
|
8
|
-
def initialize(url:)
|
8
|
+
def initialize(url:, default_branch: 'main')
|
9
9
|
@url = url
|
10
|
+
@default_branch = default_branch
|
10
11
|
@root = path_for(url)
|
11
12
|
end
|
12
13
|
|
@@ -31,14 +32,15 @@ module Spandx
|
|
31
32
|
root.join('.git').directory?
|
32
33
|
end
|
33
34
|
|
34
|
-
def clone!
|
35
|
+
def clone!(branch: default_branch)
|
35
36
|
system('rm', '-rf', root.to_s) if root.exist?
|
36
|
-
system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch',
|
37
|
+
system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', branch, url, root.to_s)
|
37
38
|
end
|
38
39
|
|
39
|
-
def pull!
|
40
|
+
def pull!(remote: 'origin', branch: default_branch)
|
40
41
|
Dir.chdir(root) do
|
41
|
-
system('git', '
|
42
|
+
system('git', 'fetch', '--quiet', '--depth=1', '--prune', '--no-tags', remote)
|
43
|
+
system('git', 'checkout', '--quiet', branch)
|
42
44
|
end
|
43
45
|
end
|
44
46
|
end
|
data/lib/spandx/core/http.rb
CHANGED
@@ -36,12 +36,12 @@ module Spandx
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def self.default_driver
|
39
|
-
@default_driver ||= Net::Hippie::Client.new
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
39
|
+
@default_driver ||= Net::Hippie::Client.new(
|
40
|
+
follow_redirects: 3,
|
41
|
+
logger: Spandx.logger,
|
42
|
+
open_timeout: 1,
|
43
|
+
read_timeout: 5
|
44
|
+
)
|
45
45
|
end
|
46
46
|
|
47
47
|
private
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Os
|
5
|
+
module Parsers
|
6
|
+
class Apk < ::Spandx::Core::Parser
|
7
|
+
def match?(path)
|
8
|
+
path.basename.fnmatch?('installed')
|
9
|
+
end
|
10
|
+
|
11
|
+
def parse(lockfile)
|
12
|
+
path = lockfile.to_s
|
13
|
+
|
14
|
+
[].tap do |items|
|
15
|
+
lockfile.open(mode: 'r') do |io|
|
16
|
+
each_package(io) do |data|
|
17
|
+
items.push(map_from(data, path))
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def each_package(io)
|
26
|
+
package = {}
|
27
|
+
|
28
|
+
until io.eof?
|
29
|
+
line = io.readline.chomp
|
30
|
+
if line.empty?
|
31
|
+
yield package
|
32
|
+
|
33
|
+
package = {}
|
34
|
+
else
|
35
|
+
line.split(':').tap { |(key, value)| package[key] = value }
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def map_from(data, path)
|
41
|
+
::Spandx::Core::Dependency.new(
|
42
|
+
path: path,
|
43
|
+
name: data['P'],
|
44
|
+
version: data['V'],
|
45
|
+
meta: data.merge('license' => [data['L']])
|
46
|
+
)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Os
|
5
|
+
module Parsers
|
6
|
+
class Dpkg < ::Spandx::Core::Parser
|
7
|
+
class LineReader
|
8
|
+
attr_reader :io
|
9
|
+
|
10
|
+
def initialize(io)
|
11
|
+
@io = io
|
12
|
+
end
|
13
|
+
|
14
|
+
def each
|
15
|
+
yield read_package(io, Hash.new(''), nil) until io.eof?
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def read_package(io, package, prev_key)
|
21
|
+
return package if io.eof?
|
22
|
+
|
23
|
+
line = io.readline.chomp
|
24
|
+
return package if line.empty?
|
25
|
+
|
26
|
+
key, value = split(line, prev_key)
|
27
|
+
package[key] += value
|
28
|
+
read_package(io, package, key)
|
29
|
+
end
|
30
|
+
|
31
|
+
def split(line, prev_key)
|
32
|
+
if prev_key && line.start_with?(' ')
|
33
|
+
[prev_key, line]
|
34
|
+
else
|
35
|
+
key, *rest = line.split(':')
|
36
|
+
value = rest&.join(':')&.strip
|
37
|
+
[key, value]
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def match?(path)
|
43
|
+
path.basename.fnmatch?('status')
|
44
|
+
end
|
45
|
+
|
46
|
+
def parse(lockfile)
|
47
|
+
[].tap do |items|
|
48
|
+
lockfile.open(mode: 'r') do |io|
|
49
|
+
LineReader.new(io).each do |data|
|
50
|
+
items.push(map_from(data, lockfile.to_s))
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
private
|
57
|
+
|
58
|
+
def map_from(data, path)
|
59
|
+
::Spandx::Core::Dependency.new(
|
60
|
+
path: path,
|
61
|
+
name: data['Package'],
|
62
|
+
version: data['Version'],
|
63
|
+
meta: data
|
64
|
+
)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
18
18
|
|
19
19
|
spec.metadata['homepage_uri'] = spec.homepage
|
20
20
|
spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
|
21
|
-
spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/
|
21
|
+
spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/main/CHANGELOG.md'
|
22
22
|
|
23
23
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
24
24
|
Dir.glob('exe/*') +
|
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
|
|
34
34
|
|
35
35
|
spec.add_dependency 'addressable', '~> 2.7'
|
36
36
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
37
|
-
spec.add_dependency 'net-hippie', '~> 0
|
37
|
+
spec.add_dependency 'net-hippie', '~> 1.0'
|
38
38
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
39
39
|
spec.add_dependency 'oj', '~> 3.10'
|
40
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.16.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Can Eldem
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-11-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
@@ -51,14 +51,14 @@ dependencies:
|
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '0
|
54
|
+
version: '1.0'
|
55
55
|
type: :runtime
|
56
56
|
prerelease: false
|
57
57
|
version_requirements: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '0
|
61
|
+
version: '1.0'
|
62
62
|
- !ruby/object:Gem::Dependency
|
63
63
|
name: nokogiri
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -404,6 +404,8 @@ files:
|
|
404
404
|
- lib/spandx/js/parsers/yarn.rb
|
405
405
|
- lib/spandx/js/yarn_lock.rb
|
406
406
|
- lib/spandx/js/yarn_pkg.rb
|
407
|
+
- lib/spandx/os/parsers/apk.rb
|
408
|
+
- lib/spandx/os/parsers/dpkg.rb
|
407
409
|
- lib/spandx/php/packagist_gateway.rb
|
408
410
|
- lib/spandx/php/parsers/composer.rb
|
409
411
|
- lib/spandx/python/index.rb
|
@@ -425,7 +427,7 @@ licenses:
|
|
425
427
|
metadata:
|
426
428
|
homepage_uri: https://spandx.github.io/
|
427
429
|
source_code_uri: https://github.com/spandx/spandx
|
428
|
-
changelog_uri: https://github.com/spandx/spandx/blob/
|
430
|
+
changelog_uri: https://github.com/spandx/spandx/blob/main/CHANGELOG.md
|
429
431
|
post_install_message:
|
430
432
|
rdoc_options: []
|
431
433
|
require_paths:
|
@@ -441,7 +443,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
441
443
|
- !ruby/object:Gem::Version
|
442
444
|
version: '0'
|
443
445
|
requirements: []
|
444
|
-
rubygems_version: 3.1.
|
446
|
+
rubygems_version: 3.1.4
|
445
447
|
signing_key:
|
446
448
|
specification_version: 4
|
447
449
|
summary: A ruby interface to the SPDX catalogue.
|