spandx 0.16.1 → 0.17.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba0b42d3a015296733d9666c1d4b3b4bf89a86622941dd608eca9eef258f4e7a
4
- data.tar.gz: 2dc3760f3e265a751a1b5affabfb13abeceb77d9c5980203fabea0758cc64347
3
+ metadata.gz: d884c729b0d1cb14391435f68b78a77cfb2a73860b8757d4421bda9ff06276bd
4
+ data.tar.gz: 2fe44244d7285b7fc5bd9ddf8660b2bd4b435d8908b6c5e67d305181e6356658
5
5
  SHA512:
6
- metadata.gz: 3e41d8d13f883bf9def9c684ff633c6d78077a25e999be320d5841e885cd3a45df39486a12fbee0eef8f632e32236dd294a1303901a401214b66c0dc387fd531
7
- data.tar.gz: 451efa448a0c702593e694e25ef0d62dbe49683b33d304951284642176340a94fd3e355978782ebac0d32a5cf224a962f2c80b3afbb489e1ce0b1204191cc9e4
6
+ metadata.gz: a6f25542efd0f506dbe65f5dbd179d562fbb37fd9498cffc1cee2ac8a0bfdfabab614269920aa2799736a198529408300277c2d87c7303f3463bd37e0ff67ee8
7
+ data.tar.gz: ebe7266727203ec7a84e741e2dfa5fa76db8a9da30dbfbb258618adbda6e7463a04174fd0c706c23c65068857f06584eef2fcdd25e05fe1ad0ebf5dbd9489c06
@@ -1,4 +1,4 @@
1
- Version 0.16.1
1
+ Version 0.17.0
2
2
 
3
3
  # Changelog
4
4
 
@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
8
8
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
9
9
 
10
10
  ## [Unreleased]
11
+ ## [0.17.0] - 2020-12-28
12
+ ### Added
13
+ - Allow indexing gems from index.rubygems.org.
11
14
 
12
15
  ## [0.16.1] - 2020-11-19
13
16
  ### Fixed
@@ -220,7 +223,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
220
223
  ### Added
221
224
  - Provide ruby API to the latest SPDX catalogue.
222
225
 
223
- [Unreleased]: https://github.com/spandx/spandx/compare/v0.16.1...HEAD
226
+ [Unreleased]: https://github.com/spandx/spandx/compare/v0.17.0...HEAD
227
+ [0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
224
228
  [0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
225
229
  [0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
226
230
  [0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
@@ -11,6 +11,7 @@ require 'nokogiri'
11
11
  require 'oj'
12
12
  require 'parslet'
13
13
  require 'pathname'
14
+ require 'sorted_set'
14
15
  require 'yaml'
15
16
  require 'zeitwerk'
16
17
  require 'spandx/spandx'
@@ -5,10 +5,11 @@ module Spandx
5
5
  module Commands
6
6
  class Build
7
7
  INDEXES = {
8
+ dotnet: Spandx::Dotnet::Index,
8
9
  maven: Spandx::Java::Index,
9
10
  nuget: Spandx::Dotnet::Index,
10
- dotnet: Spandx::Dotnet::Index,
11
11
  pypi: Spandx::Python::Index,
12
+ rubygems: Spandx::Ruby::Index,
12
13
  }.freeze
13
14
 
14
15
  def initialize(options)
@@ -12,15 +12,11 @@ module Spandx
12
12
  method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
13
13
  method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
14
14
  def scan(lockfile = Pathname.pwd)
15
- if options[:help]
16
- invoke :help, ['scan']
17
- else
18
- Oj.default_options = { mode: :strict }
19
- Spandx.airgap = options[:airgap]
20
- Spandx.logger = Logger.new(options[:logfile])
21
- pull if options[:pull]
22
- Spandx::Cli::Commands::Scan.new(lockfile, options).execute
23
- end
15
+ return invoke :help, ['scan'] if options[:help]
16
+
17
+ prepare(options)
18
+ pull if options[:pull]
19
+ Spandx::Cli::Commands::Scan.new(lockfile, options).execute
24
20
  end
25
21
 
26
22
  desc 'pull', 'Pull the latest offline cache'
@@ -52,6 +48,14 @@ module Spandx
52
48
  puts "v#{Spandx::VERSION}"
53
49
  end
54
50
  map %w[--version -v] => :version
51
+
52
+ private
53
+
54
+ def prepare(options)
55
+ Oj.default_options = { mode: :strict }
56
+ Spandx.airgap = options[:airgap]
57
+ Spandx.logger = Logger.new(options[:logfile])
58
+ end
55
59
  end
56
60
  end
57
61
  end
@@ -8,8 +8,21 @@ module Spandx
8
8
  @http = http
9
9
  end
10
10
 
11
+ def each
12
+ response = http.get('https://index.rubygems.org/versions')
13
+ return unless http.ok?(response)
14
+
15
+ parse_each_from(StringIO.new(response.body)) do |item|
16
+ yield item
17
+ end
18
+ end
19
+
11
20
  def licenses_for(dependency)
12
- details_on(dependency.name, dependency.version)['licenses'] || []
21
+ licenses(dependency.name, dependency.version)
22
+ end
23
+
24
+ def licenses(name, version)
25
+ details_on(name, version)['licenses'] || []
13
26
  end
14
27
 
15
28
  def matches?(dependency)
@@ -20,6 +33,17 @@ module Spandx
20
33
 
21
34
  attr_reader :http
22
35
 
36
+ def parse_each_from(io)
37
+ _created_at = io.readline
38
+ _triple_dash = io.readline
39
+ until io.eof?
40
+ name, versions, _digest = io.readline.split(' ')
41
+ versions.split(',').each do |version|
42
+ yield({ name: name, version: version })
43
+ end
44
+ end
45
+ end
46
+
23
47
  def details_on(name, version)
24
48
  url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
25
49
  response = http.get(url, default: {})
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Spandx
4
+ module Ruby
5
+ class Index
6
+ include Enumerable
7
+
8
+ attr_reader :directory, :name, :rubygems
9
+
10
+ def initialize(directory:)
11
+ @directory = directory
12
+ @name = 'rubygems'
13
+ @cache = ::Spandx::Core::Cache.new(@name, root: directory)
14
+ @rubygems = ::Spandx::Ruby::Gateway.new
15
+ end
16
+
17
+ def update!(*)
18
+ queue = Queue.new
19
+ [fetch(queue), save(queue)].each(&:join)
20
+ cache.rebuild_index
21
+ end
22
+
23
+ private
24
+
25
+ attr_reader :cache
26
+
27
+ def fetch(queue)
28
+ Thread.new do
29
+ rubygems.each do |item|
30
+ queue.enq(
31
+ item.merge(
32
+ licenses: rubygems.licenses(item[:name], item[:version])
33
+ )
34
+ )
35
+ end
36
+ queue.enq(:stop)
37
+ end
38
+ end
39
+
40
+ def save(queue)
41
+ Thread.new do
42
+ loop do
43
+ item = queue.deq
44
+ break if item == :stop
45
+
46
+ cache.insert(item[:name], item[:version], item[:licenses])
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
52
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- VERSION = '0.16.1'
4
+ VERSION = '0.17.0'
5
5
  end
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
38
38
  spec.add_dependency 'nokogiri', '~> 1.10'
39
39
  spec.add_dependency 'oj', '~> 3.10'
40
40
  spec.add_dependency 'parslet', '~> 2.0'
41
+ spec.add_dependency 'sorted_set', '~> 1.0'
41
42
  spec.add_dependency 'terminal-table', '~> 1.8'
42
43
  spec.add_dependency 'thor'
43
44
  spec.add_dependency 'tty-spinner', '~> 0.9'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spandx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.1
4
+ version: 0.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Can Eldem
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-11-19 00:00:00.000000000 Z
12
+ date: 2020-12-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: addressable
@@ -101,6 +101,20 @@ dependencies:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '2.0'
104
+ - !ruby/object:Gem::Dependency
105
+ name: sorted_set
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.0'
111
+ type: :runtime
112
+ prerelease: false
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.0'
104
118
  - !ruby/object:Gem::Dependency
105
119
  name: terminal-table
106
120
  requirement: !ruby/object:Gem::Requirement
@@ -413,6 +427,7 @@ files:
413
427
  - lib/spandx/python/pypi.rb
414
428
  - lib/spandx/python/source.rb
415
429
  - lib/spandx/ruby/gateway.rb
430
+ - lib/spandx/ruby/index.rb
416
431
  - lib/spandx/ruby/parsers/gemfile_lock.rb
417
432
  - lib/spandx/spdx/catalogue.rb
418
433
  - lib/spandx/spdx/composite_license.rb
@@ -443,7 +458,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
443
458
  - !ruby/object:Gem::Version
444
459
  version: '0'
445
460
  requirements: []
446
- rubygems_version: 3.1.4
461
+ rubygems_version: 3.2.3
447
462
  signing_key:
448
463
  specification_version: 4
449
464
  summary: A ruby interface to the SPDX catalogue.