spandx 0.14.0 → 0.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7e01f7023f4a164fb867c7d457769d1c9dd2eb2b480cee88c5d4d682c2d6dc4e
-  data.tar.gz: f202f85c254d11041b79e1305d12641eb66ea66cec9afea25a38e9724a5636d6
+  metadata.gz: d884c729b0d1cb14391435f68b78a77cfb2a73860b8757d4421bda9ff06276bd
+  data.tar.gz: 2fe44244d7285b7fc5bd9ddf8660b2bd4b435d8908b6c5e67d305181e6356658
 SHA512:
-  metadata.gz: 926df592dfc76466a7e26bcdfd9fc581957b2c748c9272e30a22180a61f4d6498ebb14e04e8acbbccc813f4aae929ecb8ba82ee54064d642990e5874b05bb0b1
-  data.tar.gz: 5dede807761bf9d4fa91f6a0ea9df1bec9531d0a397fedea5c687b7c12860216e41df47c09fc7e94c8951e7dc0f88c99fc74395913002890b199409b700830f0
+  metadata.gz: a6f25542efd0f506dbe65f5dbd179d562fbb37fd9498cffc1cee2ac8a0bfdfabab614269920aa2799736a198529408300277c2d87c7303f3463bd37e0ff67ee8
+  data.tar.gz: ebe7266727203ec7a84e741e2dfa5fa76db8a9da30dbfbb258618adbda6e7463a04174fd0c706c23c65068857f06584eef2fcdd25e05fe1ad0ebf5dbd9489c06

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-Version 0.14.0
+Version 0.17.0
 
 # Changelog
 
@@ -8,6 +8,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+## [0.17.0] - 2020-12-28
+### Added
+- Allow indexing gems from index.rubygems.org.
+
+## [0.16.1] - 2020-11-19
+### Fixed
+- Start spinner for table printer only
+
+## [0.16.0] - 2020-11-19
+### Changed
+- Pull smaller license cache.
+- Print index files after building them.
+
+## [0.15.1] - 2020-11-18
+### Fixed
+- Rebuild index after pulling latest cache.
+
+## [0.15.0] - 2020-11-18
+### Added
+- Parse `/var/lib/dpkg/status` file.
 
 ## [0.14.0] - 2020-11-14
 ### Added
@@ -203,7 +223,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Provide ruby API to the latest SPDX catalogue.
 
-[Unreleased]: https://github.com/spandx/spandx/compare/v0.14.0...HEAD
+[Unreleased]: https://github.com/spandx/spandx/compare/v0.17.0...HEAD
+[0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
+[0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
+[0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
+[0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
+[0.15.0]: https://github.com/spandx/spandx/compare/v0.14.0...v0.15.0
 [0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
 [0.13.5]: https://github.com/spandx/spandx/compare/v0.13.4...v0.13.5
 [0.13.4]: https://github.com/spandx/spandx/compare/v0.13.3...v0.13.4

data/ext/spandx/spandx.c

@@ -52,4 +52,6 @@ void Init_spandx(void)
   rb_mCore = rb_define_module_under(rb_mSpandx, "Core");
   rb_mCsvParser = rb_define_module_under(rb_mCore, "CsvParser");
   rb_define_module_function(rb_mCsvParser, "parse", parse, 1);
+
+  rb_gc_register_mark_object(rb_mCsvParser);
 }

data/lib/spandx.rb

@@ -11,6 +11,7 @@ require 'nokogiri'
 require 'oj'
 require 'parslet'
 require 'pathname'
+require 'sorted_set'
 require 'yaml'
 require 'zeitwerk'
 require 'spandx/spandx'
@@ -45,7 +46,7 @@ module Spandx
       @git ||= {
         cache: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/cache.git'),
         rubygems: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/rubygems-cache.git'),
-        spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git'),
+        spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git', default_branch: 'master'),
       }
     end
   end

data/lib/spandx/cli/commands/build.rb

@@ -5,10 +5,11 @@ module Spandx
     module Commands
       class Build
         INDEXES = {
+          dotnet: Spandx::Dotnet::Index,
           maven: Spandx::Java::Index,
           nuget: Spandx::Dotnet::Index,
-          dotnet: Spandx::Dotnet::Index,
           pypi: Spandx::Python::Index,
+          rubygems: Spandx::Ruby::Index,
         }.freeze
 
         def initialize(options)

data/lib/spandx/cli/commands/pull.rb

@@ -4,17 +4,56 @@ module Spandx
   module Cli
     module Commands
       class Pull
+        attr_reader :cache_dir, :rubygems_cache_dir
+
         def initialize(options)
           @options = options
+          @cache_dir = Spandx.git[:cache].root.join('.index')
+          @rubygems_cache_dir = Spandx.git[:rubygems].root.join('.index')
         end
 
-        def execute(output: $stdout)
-          Spandx.git.each_value do |db|
-            output.puts "Updating #{db.url}..."
-            db.update!
+        def execute(output: $stderr)
+          sync(output)
+          build(output, ::Spandx::Core::Dependency::PACKAGE_MANAGERS.values.uniq)
+          index_files_in(cache_dir, rubygems_cache_dir).each do |item|
+            output.puts item.to_s.gsub(Dir.home, '~')
           end
           output.puts 'OK'
         end
+
+        private
+
+        def sync(output)
+          Spandx.git.each_value do |db|
+            with_spinner("Updating #{db.url}...", output: output) do
+              db.update!
+            end
+          end
+        end
+
+        def build(output, sources)
+          with_spinner('Building index...', output: output) do
+            sources.each do |source|
+              Spandx::Core::Cache.new(source, root: cache_dir).rebuild_index
+            end
+            Spandx::Core::Cache.new(:rubygems, root: rubygems_cache_dir).rebuild_index
+          end
+        end
+
+        def with_spinner(message, output:)
+          spinner = TTY::Spinner.new("[:spinner] #{message}", output: output)
+          spinner.auto_spin
+          yield
+          spinner.success('(done)')
+        rescue StandardError => error
+          spinner.error("(#{error.message})")
+        ensure
+          spinner.stop
+        end
+
+        def index_files_in(*dirs)
+          dirs.map { |x| x.glob('**/*.idx') }.flatten.sort
+        end
       end
     end
   end

data/lib/spandx/cli/main.rb

@@ -12,15 +12,11 @@ module Spandx
       method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
       method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
       def scan(lockfile = Pathname.pwd)
-        if options[:help]
-          invoke :help, ['scan']
-        else
-          Oj.default_options = { mode: :strict }
-          Spandx.airgap = options[:airgap]
-          Spandx.logger = Logger.new(options[:logfile])
-          pull if options[:pull]
-          Spandx::Cli::Commands::Scan.new(lockfile, options).execute
-        end
+        return invoke :help, ['scan'] if options[:help]
+
+        prepare(options)
+        pull if options[:pull]
+        Spandx::Cli::Commands::Scan.new(lockfile, options).execute
       end
 
       desc 'pull', 'Pull the latest offline cache'
@@ -52,6 +48,14 @@ module Spandx
         puts "v#{Spandx::VERSION}"
       end
       map %w[--version -v] => :version
+
+      private
+
+      def prepare(options)
+        Oj.default_options = { mode: :strict }
+        Spandx.airgap = options[:airgap]
+        Spandx.logger = Logger.new(options[:logfile])
+      end
     end
   end
 end

data/lib/spandx/cli/printers/table.rb

@@ -6,8 +6,8 @@ module Spandx
       class Table < Printer
         HEADINGS = ['Name', 'Version', 'Licenses', 'Location'].freeze
 
-        def initialize
-          @spinner = TTY::Spinner.new(output: $stderr)
+        def initialize(output: $stderr)
+          @spinner = TTY::Spinner.new('[:spinner] Scanning...', output: output, clear: true, format: :dots)
         end
 
         def match?(format)
@@ -15,8 +15,8 @@ module Spandx
         end
 
         def print_header(_io)
-          @dependencies = SortedSet.new
           @spinner.auto_spin
+          @dependencies = SortedSet.new
         end
 
         def print_line(dependency, _io)
@@ -25,6 +25,7 @@ module Spandx
 
         def print_footer(io)
           @spinner.stop
+          @spinner.reset
           io.puts(to_table(@dependencies.map(&:to_a)))
         end
 

data/lib/spandx/core/data_file.rb

@@ -56,6 +56,10 @@ module Spandx
         @index ||= IndexFile.new(self)
       end
 
+      def to_s
+        absolute_path.to_s
+      end
+
       private
 
       def to_csv(array)

data/lib/spandx/core/git.rb

@@ -3,10 +3,11 @@
 module Spandx
   module Core
     class Git
-      attr_reader :root, :url
+      attr_reader :root, :url, :default_branch
 
-      def initialize(url:)
+      def initialize(url:, default_branch: 'main')
         @url = url
+        @default_branch = default_branch
         @root = path_for(url)
       end
 
@@ -31,14 +32,15 @@ module Spandx
         root.join('.git').directory?
       end
 
-      def clone!
+      def clone!(branch: default_branch)
         system('rm', '-rf', root.to_s) if root.exist?
-        system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', 'master', url, root.to_s)
+        system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', branch, url, root.to_s)
       end
 
-      def pull!
+      def pull!(remote: 'origin', branch: default_branch)
         Dir.chdir(root) do
-          system('git', 'pull', '--no-rebase', '--quiet', 'origin', 'master')
+          system('git', 'fetch', '--quiet', '--depth=1', '--prune', '--no-tags', remote)
+          system('git', 'checkout', '--quiet', branch)
         end
       end
     end

data/lib/spandx/os/parsers/dpkg.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Os
+    module Parsers
+      class Dpkg < ::Spandx::Core::Parser
+        class LineReader
+          attr_reader :io
+
+          def initialize(io)
+            @io = io
+          end
+
+          def each
+            yield read_package(io, Hash.new(''), nil) until io.eof?
+          end
+
+          private
+
+          def read_package(io, package, prev_key)
+            return package if io.eof?
+
+            line = io.readline.chomp
+            return package if line.empty?
+
+            key, value = split(line, prev_key)
+            package[key] += value
+            read_package(io, package, key)
+          end
+
+          def split(line, prev_key)
+            if prev_key && line.start_with?(' ')
+              [prev_key, line]
+            else
+              key, *rest = line.split(':')
+              value = rest&.join(':')&.strip
+              [key, value]
+            end
+          end
+        end
+
+        def match?(path)
+          path.basename.fnmatch?('status')
+        end
+
+        def parse(lockfile)
+          [].tap do |items|
+            lockfile.open(mode: 'r') do |io|
+              LineReader.new(io).each do |data|
+                items.push(map_from(data, lockfile.to_s))
+              end
+            end
+          end
+        end
+
+        private
+
+        def map_from(data, path)
+          ::Spandx::Core::Dependency.new(
+            path: path,
+            name: data['Package'],
+            version: data['Version'],
+            meta: data
+          )
+        end
+      end
+    end
+  end
+end

data/lib/spandx/ruby/gateway.rb

@@ -8,8 +8,21 @@ module Spandx
         @http = http
       end
 
+      def each
+        response = http.get('https://index.rubygems.org/versions')
+        return unless http.ok?(response)
+
+        parse_each_from(StringIO.new(response.body)) do |item|
+          yield item
+        end
+      end
+
       def licenses_for(dependency)
-        details_on(dependency.name, dependency.version)['licenses'] || []
+        licenses(dependency.name, dependency.version)
+      end
+
+      def licenses(name, version)
+        details_on(name, version)['licenses'] || []
       end
 
       def matches?(dependency)
@@ -20,6 +33,17 @@ module Spandx
 
       attr_reader :http
 
+      def parse_each_from(io)
+        _created_at = io.readline
+        _triple_dash = io.readline
+        until io.eof?
+          name, versions, _digest = io.readline.split(' ')
+          versions.split(',').each do |version|
+            yield({ name: name, version: version })
+          end
+        end
+      end
+
       def details_on(name, version)
         url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
         response = http.get(url, default: {})

data/lib/spandx/ruby/index.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Ruby
+    class Index
+      include Enumerable
+
+      attr_reader :directory, :name, :rubygems
+
+      def initialize(directory:)
+        @directory = directory
+        @name = 'rubygems'
+        @cache = ::Spandx::Core::Cache.new(@name, root: directory)
+        @rubygems = ::Spandx::Ruby::Gateway.new
+      end
+
+      def update!(*)
+        queue = Queue.new
+        [fetch(queue), save(queue)].each(&:join)
+        cache.rebuild_index
+      end
+
+      private
+
+      attr_reader :cache
+
+      def fetch(queue)
+        Thread.new do
+          rubygems.each do |item|
+            queue.enq(
+              item.merge(
+                licenses: rubygems.licenses(item[:name], item[:version])
+              )
+            )
+          end
+          queue.enq(:stop)
+        end
+      end
+
+      def save(queue)
+        Thread.new do
+          loop do
+            item = queue.deq
+            break if item == :stop
+
+            cache.insert(item[:name], item[:version], item[:licenses])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.14.0'
+  VERSION = '0.17.0'
 end

data/spandx.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
 
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
-  spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/master/CHANGELOG.md'
+  spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/main/CHANGELOG.md'
 
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     Dir.glob('exe/*') +
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'nokogiri', '~> 1.10'
   spec.add_dependency 'oj', '~> 3.10'
   spec.add_dependency 'parslet', '~> 2.0'
+  spec.add_dependency 'sorted_set', '~> 1.0'
   spec.add_dependency 'terminal-table', '~> 1.8'
   spec.add_dependency 'thor'
   spec.add_dependency 'tty-spinner', '~> 0.9'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.17.0
 platform: ruby
 authors:
 - Can Eldem
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-15 00:00:00.000000000 Z
+date: 2020-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -101,6 +101,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: sorted_set
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: terminal-table
   requirement: !ruby/object:Gem::Requirement
@@ -405,6 +419,7 @@ files:
 - lib/spandx/js/yarn_lock.rb
 - lib/spandx/js/yarn_pkg.rb
 - lib/spandx/os/parsers/apk.rb
+- lib/spandx/os/parsers/dpkg.rb
 - lib/spandx/php/packagist_gateway.rb
 - lib/spandx/php/parsers/composer.rb
 - lib/spandx/python/index.rb
@@ -412,6 +427,7 @@ files:
 - lib/spandx/python/pypi.rb
 - lib/spandx/python/source.rb
 - lib/spandx/ruby/gateway.rb
+- lib/spandx/ruby/index.rb
 - lib/spandx/ruby/parsers/gemfile_lock.rb
 - lib/spandx/spdx/catalogue.rb
 - lib/spandx/spdx/composite_license.rb
@@ -426,7 +442,7 @@ licenses:
 metadata:
   homepage_uri: https://spandx.github.io/
   source_code_uri: https://github.com/spandx/spandx
-  changelog_uri: https://github.com/spandx/spandx/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/spandx/spandx/blob/main/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -442,7 +458,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.