spandx 0.16.1 → 0.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -2
- data/lib/spandx.rb +1 -0
- data/lib/spandx/cli/commands/build.rb +2 -1
- data/lib/spandx/cli/main.rb +13 -9
- data/lib/spandx/ruby/gateway.rb +25 -1
- data/lib/spandx/ruby/index.rb +52 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +1 -0
- metadata +18 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d884c729b0d1cb14391435f68b78a77cfb2a73860b8757d4421bda9ff06276bd
|
4
|
+
data.tar.gz: 2fe44244d7285b7fc5bd9ddf8660b2bd4b435d8908b6c5e67d305181e6356658
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a6f25542efd0f506dbe65f5dbd179d562fbb37fd9498cffc1cee2ac8a0bfdfabab614269920aa2799736a198529408300277c2d87c7303f3463bd37e0ff67ee8
|
7
|
+
data.tar.gz: ebe7266727203ec7a84e741e2dfa5fa76db8a9da30dbfbb258618adbda6e7463a04174fd0c706c23c65068857f06584eef2fcdd25e05fe1ad0ebf5dbd9489c06
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.
|
1
|
+
Version 0.17.0
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
|
+
## [0.17.0] - 2020-12-28
|
12
|
+
### Added
|
13
|
+
- Allow indexing gems from index.rubygems.org.
|
11
14
|
|
12
15
|
## [0.16.1] - 2020-11-19
|
13
16
|
### Fixed
|
@@ -220,7 +223,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
220
223
|
### Added
|
221
224
|
- Provide ruby API to the latest SPDX catalogue.
|
222
225
|
|
223
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.
|
226
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.17.0...HEAD
|
227
|
+
[0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
|
224
228
|
[0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
|
225
229
|
[0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
|
226
230
|
[0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
|
data/lib/spandx.rb
CHANGED
@@ -5,10 +5,11 @@ module Spandx
|
|
5
5
|
module Commands
|
6
6
|
class Build
|
7
7
|
INDEXES = {
|
8
|
+
dotnet: Spandx::Dotnet::Index,
|
8
9
|
maven: Spandx::Java::Index,
|
9
10
|
nuget: Spandx::Dotnet::Index,
|
10
|
-
dotnet: Spandx::Dotnet::Index,
|
11
11
|
pypi: Spandx::Python::Index,
|
12
|
+
rubygems: Spandx::Ruby::Index,
|
12
13
|
}.freeze
|
13
14
|
|
14
15
|
def initialize(options)
|
data/lib/spandx/cli/main.rb
CHANGED
@@ -12,15 +12,11 @@ module Spandx
|
|
12
12
|
method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
|
13
13
|
method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
|
14
14
|
def scan(lockfile = Pathname.pwd)
|
15
|
-
if options[:help]
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
Spandx.logger = Logger.new(options[:logfile])
|
21
|
-
pull if options[:pull]
|
22
|
-
Spandx::Cli::Commands::Scan.new(lockfile, options).execute
|
23
|
-
end
|
15
|
+
return invoke :help, ['scan'] if options[:help]
|
16
|
+
|
17
|
+
prepare(options)
|
18
|
+
pull if options[:pull]
|
19
|
+
Spandx::Cli::Commands::Scan.new(lockfile, options).execute
|
24
20
|
end
|
25
21
|
|
26
22
|
desc 'pull', 'Pull the latest offline cache'
|
@@ -52,6 +48,14 @@ module Spandx
|
|
52
48
|
puts "v#{Spandx::VERSION}"
|
53
49
|
end
|
54
50
|
map %w[--version -v] => :version
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def prepare(options)
|
55
|
+
Oj.default_options = { mode: :strict }
|
56
|
+
Spandx.airgap = options[:airgap]
|
57
|
+
Spandx.logger = Logger.new(options[:logfile])
|
58
|
+
end
|
55
59
|
end
|
56
60
|
end
|
57
61
|
end
|
data/lib/spandx/ruby/gateway.rb
CHANGED
@@ -8,8 +8,21 @@ module Spandx
|
|
8
8
|
@http = http
|
9
9
|
end
|
10
10
|
|
11
|
+
def each
|
12
|
+
response = http.get('https://index.rubygems.org/versions')
|
13
|
+
return unless http.ok?(response)
|
14
|
+
|
15
|
+
parse_each_from(StringIO.new(response.body)) do |item|
|
16
|
+
yield item
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
11
20
|
def licenses_for(dependency)
|
12
|
-
|
21
|
+
licenses(dependency.name, dependency.version)
|
22
|
+
end
|
23
|
+
|
24
|
+
def licenses(name, version)
|
25
|
+
details_on(name, version)['licenses'] || []
|
13
26
|
end
|
14
27
|
|
15
28
|
def matches?(dependency)
|
@@ -20,6 +33,17 @@ module Spandx
|
|
20
33
|
|
21
34
|
attr_reader :http
|
22
35
|
|
36
|
+
def parse_each_from(io)
|
37
|
+
_created_at = io.readline
|
38
|
+
_triple_dash = io.readline
|
39
|
+
until io.eof?
|
40
|
+
name, versions, _digest = io.readline.split(' ')
|
41
|
+
versions.split(',').each do |version|
|
42
|
+
yield({ name: name, version: version })
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
23
47
|
def details_on(name, version)
|
24
48
|
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
25
49
|
response = http.get(url, default: {})
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Ruby
|
5
|
+
class Index
|
6
|
+
include Enumerable
|
7
|
+
|
8
|
+
attr_reader :directory, :name, :rubygems
|
9
|
+
|
10
|
+
def initialize(directory:)
|
11
|
+
@directory = directory
|
12
|
+
@name = 'rubygems'
|
13
|
+
@cache = ::Spandx::Core::Cache.new(@name, root: directory)
|
14
|
+
@rubygems = ::Spandx::Ruby::Gateway.new
|
15
|
+
end
|
16
|
+
|
17
|
+
def update!(*)
|
18
|
+
queue = Queue.new
|
19
|
+
[fetch(queue), save(queue)].each(&:join)
|
20
|
+
cache.rebuild_index
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
attr_reader :cache
|
26
|
+
|
27
|
+
def fetch(queue)
|
28
|
+
Thread.new do
|
29
|
+
rubygems.each do |item|
|
30
|
+
queue.enq(
|
31
|
+
item.merge(
|
32
|
+
licenses: rubygems.licenses(item[:name], item[:version])
|
33
|
+
)
|
34
|
+
)
|
35
|
+
end
|
36
|
+
queue.enq(:stop)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def save(queue)
|
41
|
+
Thread.new do
|
42
|
+
loop do
|
43
|
+
item = queue.deq
|
44
|
+
break if item == :stop
|
45
|
+
|
46
|
+
cache.insert(item[:name], item[:version], item[:licenses])
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
|
|
38
38
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
39
39
|
spec.add_dependency 'oj', '~> 3.10'
|
40
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
41
|
+
spec.add_dependency 'sorted_set', '~> 1.0'
|
41
42
|
spec.add_dependency 'terminal-table', '~> 1.8'
|
42
43
|
spec.add_dependency 'thor'
|
43
44
|
spec.add_dependency 'tty-spinner', '~> 0.9'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.17.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Can Eldem
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-12-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
@@ -101,6 +101,20 @@ dependencies:
|
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
103
|
version: '2.0'
|
104
|
+
- !ruby/object:Gem::Dependency
|
105
|
+
name: sorted_set
|
106
|
+
requirement: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.0'
|
111
|
+
type: :runtime
|
112
|
+
prerelease: false
|
113
|
+
version_requirements: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '1.0'
|
104
118
|
- !ruby/object:Gem::Dependency
|
105
119
|
name: terminal-table
|
106
120
|
requirement: !ruby/object:Gem::Requirement
|
@@ -413,6 +427,7 @@ files:
|
|
413
427
|
- lib/spandx/python/pypi.rb
|
414
428
|
- lib/spandx/python/source.rb
|
415
429
|
- lib/spandx/ruby/gateway.rb
|
430
|
+
- lib/spandx/ruby/index.rb
|
416
431
|
- lib/spandx/ruby/parsers/gemfile_lock.rb
|
417
432
|
- lib/spandx/spdx/catalogue.rb
|
418
433
|
- lib/spandx/spdx/composite_license.rb
|
@@ -443,7 +458,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
443
458
|
- !ruby/object:Gem::Version
|
444
459
|
version: '0'
|
445
460
|
requirements: []
|
446
|
-
rubygems_version: 3.
|
461
|
+
rubygems_version: 3.2.3
|
447
462
|
signing_key:
|
448
463
|
specification_version: 4
|
449
464
|
summary: A ruby interface to the SPDX catalogue.
|