spandx 0.16.1 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -2
- data/lib/spandx.rb +1 -0
- data/lib/spandx/cli/commands/build.rb +2 -1
- data/lib/spandx/cli/main.rb +13 -9
- data/lib/spandx/ruby/gateway.rb +25 -1
- data/lib/spandx/ruby/index.rb +52 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +1 -0
- metadata +18 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d884c729b0d1cb14391435f68b78a77cfb2a73860b8757d4421bda9ff06276bd
|
|
4
|
+
data.tar.gz: 2fe44244d7285b7fc5bd9ddf8660b2bd4b435d8908b6c5e67d305181e6356658
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a6f25542efd0f506dbe65f5dbd179d562fbb37fd9498cffc1cee2ac8a0bfdfabab614269920aa2799736a198529408300277c2d87c7303f3463bd37e0ff67ee8
|
|
7
|
+
data.tar.gz: ebe7266727203ec7a84e741e2dfa5fa76db8a9da30dbfbb258618adbda6e7463a04174fd0c706c23c65068857f06584eef2fcdd25e05fe1ad0ebf5dbd9489c06
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Version 0.
|
|
1
|
+
Version 0.17.0
|
|
2
2
|
|
|
3
3
|
# Changelog
|
|
4
4
|
|
|
@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
9
9
|
|
|
10
10
|
## [Unreleased]
|
|
11
|
+
## [0.17.0] - 2020-12-28
|
|
12
|
+
### Added
|
|
13
|
+
- Allow indexing gems from index.rubygems.org.
|
|
11
14
|
|
|
12
15
|
## [0.16.1] - 2020-11-19
|
|
13
16
|
### Fixed
|
|
@@ -220,7 +223,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
220
223
|
### Added
|
|
221
224
|
- Provide ruby API to the latest SPDX catalogue.
|
|
222
225
|
|
|
223
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.
|
|
226
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.17.0...HEAD
|
|
227
|
+
[0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
|
|
224
228
|
[0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
|
|
225
229
|
[0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
|
|
226
230
|
[0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
|
data/lib/spandx.rb
CHANGED
|
@@ -5,10 +5,11 @@ module Spandx
|
|
|
5
5
|
module Commands
|
|
6
6
|
class Build
|
|
7
7
|
INDEXES = {
|
|
8
|
+
dotnet: Spandx::Dotnet::Index,
|
|
8
9
|
maven: Spandx::Java::Index,
|
|
9
10
|
nuget: Spandx::Dotnet::Index,
|
|
10
|
-
dotnet: Spandx::Dotnet::Index,
|
|
11
11
|
pypi: Spandx::Python::Index,
|
|
12
|
+
rubygems: Spandx::Ruby::Index,
|
|
12
13
|
}.freeze
|
|
13
14
|
|
|
14
15
|
def initialize(options)
|
data/lib/spandx/cli/main.rb
CHANGED
|
@@ -12,15 +12,11 @@ module Spandx
|
|
|
12
12
|
method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
|
|
13
13
|
method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
|
|
14
14
|
def scan(lockfile = Pathname.pwd)
|
|
15
|
-
if options[:help]
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
Spandx.logger = Logger.new(options[:logfile])
|
|
21
|
-
pull if options[:pull]
|
|
22
|
-
Spandx::Cli::Commands::Scan.new(lockfile, options).execute
|
|
23
|
-
end
|
|
15
|
+
return invoke :help, ['scan'] if options[:help]
|
|
16
|
+
|
|
17
|
+
prepare(options)
|
|
18
|
+
pull if options[:pull]
|
|
19
|
+
Spandx::Cli::Commands::Scan.new(lockfile, options).execute
|
|
24
20
|
end
|
|
25
21
|
|
|
26
22
|
desc 'pull', 'Pull the latest offline cache'
|
|
@@ -52,6 +48,14 @@ module Spandx
|
|
|
52
48
|
puts "v#{Spandx::VERSION}"
|
|
53
49
|
end
|
|
54
50
|
map %w[--version -v] => :version
|
|
51
|
+
|
|
52
|
+
private
|
|
53
|
+
|
|
54
|
+
def prepare(options)
|
|
55
|
+
Oj.default_options = { mode: :strict }
|
|
56
|
+
Spandx.airgap = options[:airgap]
|
|
57
|
+
Spandx.logger = Logger.new(options[:logfile])
|
|
58
|
+
end
|
|
55
59
|
end
|
|
56
60
|
end
|
|
57
61
|
end
|
data/lib/spandx/ruby/gateway.rb
CHANGED
|
@@ -8,8 +8,21 @@ module Spandx
|
|
|
8
8
|
@http = http
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
+
def each
|
|
12
|
+
response = http.get('https://index.rubygems.org/versions')
|
|
13
|
+
return unless http.ok?(response)
|
|
14
|
+
|
|
15
|
+
parse_each_from(StringIO.new(response.body)) do |item|
|
|
16
|
+
yield item
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
11
20
|
def licenses_for(dependency)
|
|
12
|
-
|
|
21
|
+
licenses(dependency.name, dependency.version)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def licenses(name, version)
|
|
25
|
+
details_on(name, version)['licenses'] || []
|
|
13
26
|
end
|
|
14
27
|
|
|
15
28
|
def matches?(dependency)
|
|
@@ -20,6 +33,17 @@ module Spandx
|
|
|
20
33
|
|
|
21
34
|
attr_reader :http
|
|
22
35
|
|
|
36
|
+
def parse_each_from(io)
|
|
37
|
+
_created_at = io.readline
|
|
38
|
+
_triple_dash = io.readline
|
|
39
|
+
until io.eof?
|
|
40
|
+
name, versions, _digest = io.readline.split(' ')
|
|
41
|
+
versions.split(',').each do |version|
|
|
42
|
+
yield({ name: name, version: version })
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
23
47
|
def details_on(name, version)
|
|
24
48
|
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
|
25
49
|
response = http.get(url, default: {})
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spandx
|
|
4
|
+
module Ruby
|
|
5
|
+
class Index
|
|
6
|
+
include Enumerable
|
|
7
|
+
|
|
8
|
+
attr_reader :directory, :name, :rubygems
|
|
9
|
+
|
|
10
|
+
def initialize(directory:)
|
|
11
|
+
@directory = directory
|
|
12
|
+
@name = 'rubygems'
|
|
13
|
+
@cache = ::Spandx::Core::Cache.new(@name, root: directory)
|
|
14
|
+
@rubygems = ::Spandx::Ruby::Gateway.new
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def update!(*)
|
|
18
|
+
queue = Queue.new
|
|
19
|
+
[fetch(queue), save(queue)].each(&:join)
|
|
20
|
+
cache.rebuild_index
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
attr_reader :cache
|
|
26
|
+
|
|
27
|
+
def fetch(queue)
|
|
28
|
+
Thread.new do
|
|
29
|
+
rubygems.each do |item|
|
|
30
|
+
queue.enq(
|
|
31
|
+
item.merge(
|
|
32
|
+
licenses: rubygems.licenses(item[:name], item[:version])
|
|
33
|
+
)
|
|
34
|
+
)
|
|
35
|
+
end
|
|
36
|
+
queue.enq(:stop)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def save(queue)
|
|
41
|
+
Thread.new do
|
|
42
|
+
loop do
|
|
43
|
+
item = queue.deq
|
|
44
|
+
break if item == :stop
|
|
45
|
+
|
|
46
|
+
cache.insert(item[:name], item[:version], item[:licenses])
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
|
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
|
|
|
38
38
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
|
39
39
|
spec.add_dependency 'oj', '~> 3.10'
|
|
40
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
|
41
|
+
spec.add_dependency 'sorted_set', '~> 1.0'
|
|
41
42
|
spec.add_dependency 'terminal-table', '~> 1.8'
|
|
42
43
|
spec.add_dependency 'thor'
|
|
43
44
|
spec.add_dependency 'tty-spinner', '~> 0.9'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spandx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.17.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Can Eldem
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-
|
|
12
|
+
date: 2020-12-29 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -101,6 +101,20 @@ dependencies:
|
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
103
|
version: '2.0'
|
|
104
|
+
- !ruby/object:Gem::Dependency
|
|
105
|
+
name: sorted_set
|
|
106
|
+
requirement: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '1.0'
|
|
111
|
+
type: :runtime
|
|
112
|
+
prerelease: false
|
|
113
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '1.0'
|
|
104
118
|
- !ruby/object:Gem::Dependency
|
|
105
119
|
name: terminal-table
|
|
106
120
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -413,6 +427,7 @@ files:
|
|
|
413
427
|
- lib/spandx/python/pypi.rb
|
|
414
428
|
- lib/spandx/python/source.rb
|
|
415
429
|
- lib/spandx/ruby/gateway.rb
|
|
430
|
+
- lib/spandx/ruby/index.rb
|
|
416
431
|
- lib/spandx/ruby/parsers/gemfile_lock.rb
|
|
417
432
|
- lib/spandx/spdx/catalogue.rb
|
|
418
433
|
- lib/spandx/spdx/composite_license.rb
|
|
@@ -443,7 +458,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
443
458
|
- !ruby/object:Gem::Version
|
|
444
459
|
version: '0'
|
|
445
460
|
requirements: []
|
|
446
|
-
rubygems_version: 3.
|
|
461
|
+
rubygems_version: 3.2.3
|
|
447
462
|
signing_key:
|
|
448
463
|
specification_version: 4
|
|
449
464
|
summary: A ruby interface to the SPDX catalogue.
|