spandx 0.17.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d884c729b0d1cb14391435f68b78a77cfb2a73860b8757d4421bda9ff06276bd
-  data.tar.gz: 2fe44244d7285b7fc5bd9ddf8660b2bd4b435d8908b6c5e67d305181e6356658
+  metadata.gz: d25ff66ba00edb25cf87b9d9af71ed9433bf084a819a80f86676714754359b34
+  data.tar.gz: 59e6783d2cba9287e0a65836aeae6705434fc0c9ccdfb093763d83b23d673207
 SHA512:
-  metadata.gz: a6f25542efd0f506dbe65f5dbd179d562fbb37fd9498cffc1cee2ac8a0bfdfabab614269920aa2799736a198529408300277c2d87c7303f3463bd37e0ff67ee8
-  data.tar.gz: ebe7266727203ec7a84e741e2dfa5fa76db8a9da30dbfbb258618adbda6e7463a04174fd0c706c23c65068857f06584eef2fcdd25e05fe1ad0ebf5dbd9489c06
+  metadata.gz: c75d55cc57a24d00912a98d0a339b22f21e04fb0c84459ce9b769b900cce83f5877557cbe70e2cdff522d1869ba4d89688b9e9d67913719247cc53897216cb01
+  data.tar.gz: 770105bb92091a740afc3d886194712eb54908718af73e2769acfd512afe553d3f00de0e1ada81930b3d5c09a0a6053dfcc3cd8c9f48ecdb76673e1534ad9fff

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-Version 0.17.0
+Version 0.18.0
 
 # Changelog
 
@@ -8,6 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+## [0.18.0] - 2021-05-10
+### Added
+- Add support for parsing `.terraform.lock.hcl` files.
+
 ## [0.17.0] - 2020-12-28
 ### Added
 - Allow indexing gems from index.rubygems.org.
@@ -223,7 +228,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Provide ruby API to the latest SPDX catalogue.
 
-[Unreleased]: https://github.com/spandx/spandx/compare/v0.17.0...HEAD
+[Unreleased]: https://github.com/spandx/spandx/compare/v0.18.0...HEAD
+[0.18.0]: https://github.com/spandx/spandx/compare/v0.17.0...v0.18.0
 [0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
 [0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
 [0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0

data/README.md

@@ -4,7 +4,7 @@
 
 # Spandx ![badge](https://github.com/spandx/spandx/workflows/ci/badge.svg)
 
-A ruby API for interacting with the https://spdx.org software license catalogue.
+A Ruby API for interacting with the https://spdx.org software license catalogue.
 This gem includes a command line interface to scan a software project for the
 software licenses that are associated with each dependency in the project.
 `spandx` leverages an offline cache of software licenses for known dependencies.
@@ -104,7 +104,7 @@ end
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/cibuild` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 

data/lib/spandx/terraform/parsers/hcl.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Terraform
+    module Parsers
+      class Hcl < Parslet::Parser
+        rule(:alpha) { match['a-zA-Z'] }
+        rule(:assign) { str('=') }
+        rule(:comma) { str(',') }
+        rule(:comment) { (str('#') | str('//')) >> ((str("\n") >> str("\r").maybe).absent? >> any).repeat >> eol }
+        rule(:crlf) { match('[\r\n]') }
+        rule(:digit) { match('\d') }
+        rule(:dot) { str('.') }
+        rule(:eol) { whitespace? >> crlf.repeat }
+        rule(:greater_than_or_equal_to) { str('>=') }
+        rule(:hyphen) { str('-') }
+        rule(:lbracket) { str('[') }
+        rule(:lcurly) { str('{') }
+        rule(:major) { number }
+        rule(:major_minor) { (number >> dot >> number) }
+        rule(:major_minor_patch) { number >> dot >> number >> dot >> number }
+        rule(:multiline_comment) { str('/*') >> (str('*/').absent? >> any).repeat >> str('*/') }
+        rule(:number) { digit.repeat }
+        rule(:pre_release) { hyphen >> (alpha | digit).repeat }
+        rule(:pre_release?) { pre_release.maybe }
+        rule(:quote) { str('"') }
+        rule(:rbracket) { str(']') }
+        rule(:rcurly) { str('}') }
+        rule(:space) { match('\s') }
+        rule(:tilda_wacka) { str('~>') }
+        rule(:version) { number >> dot >> number >> dot >> number >> pre_release? }
+        rule(:whitespace) { (multiline_comment | comment | space).repeat }
+        rule(:whitespace?) { whitespace.maybe }
+
+        rule(:pessimistic_version_constraint) do
+          tilda_wacka >> whitespace >> (
+            major_minor_patch |
+            major_minor |
+            major
+          )
+        end
+
+        rule(:greater_than_or_equal_to_version) do
+          greater_than_or_equal_to >> whitespace >> (
+            major_minor_patch |
+            major_minor |
+            major
+          )
+        end
+
+        rule(:version_constraint) do
+          pessimistic_version_constraint | greater_than_or_equal_to_version
+        end
+
+        rule :version_assignment do
+          str('version') >> whitespace >> assign >> whitespace >> quote >> version.as(:version) >> quote
+        end
+
+        rule :constraint_assignment do
+          str('constraints') >> whitespace >> assign >> whitespace >> quote >> version_constraint.as(:constraints) >> quote
+        end
+
+        rule :string do
+          quote >> match('[0-9A-Za-z.~> :=/]').repeat.as(:value) >> quote
+        end
+
+        rule :array_item do
+          whitespace >> string >> comma >> eol
+        end
+
+        rule :array do
+          lbracket >> eol >> array_item.repeat >> rbracket
+        end
+
+        rule :argument do
+          alpha.repeat.as(:name) >> whitespace >> assign >> whitespace >> (array.as(:values) | string)
+        end
+
+        rule :arguments do
+          (argument >> eol).repeat
+        end
+
+        rule :identifier do
+          whitespace >> quote >> ((alpha | match('[./]')).repeat).as(:name) >> quote >> whitespace
+        end
+
+        rule :block_body do
+          arguments.as(:arguments)
+        end
+
+        rule :block do
+          whitespace? >> (alpha.repeat).as(:type) >> identifier >> whitespace >> lcurly >> eol >> block_body >> rcurly >> eol
+        end
+
+        rule :blocks do
+          block.repeat.as(:blocks)
+        end
+
+        root(:blocks)
+      end
+    end
+  end
+end

data/lib/spandx/terraform/parsers/lock_file.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Terraform
+    module Parsers
+      class LockFile < ::Spandx::Core::Parser
+        def initialize
+          @parser = Spandx::Terraform::Parsers::Hcl.new
+        end
+
+        def match?(pathname)
+          basename = pathname.basename
+          basename.fnmatch?('.terraform.lock.hcl')
+        end
+
+        def parse(path)
+          tree = @parser.parse(path.read)
+          tree[:blocks].map do |block|
+            version_arg = version_arg_from(block)
+            ::Spandx::Core::Dependency.new(
+              name: block[:name].to_s,
+              version: version_arg[:value]&.to_s,
+              path: path
+            )
+          end
+        end
+
+        private
+
+        def version_arg_from(block)
+          block[:arguments].find do |x|
+            x[:name] == 'version'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.17.0'
+  VERSION = '0.18.0'
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.18.0
 platform: ruby
 authors:
 - Can Eldem
 - mo khan
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-12-29 00:00:00.000000000 Z
+date: 2021-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -434,6 +434,8 @@ files:
 - lib/spandx/spdx/expression.rb
 - lib/spandx/spdx/gateway.rb
 - lib/spandx/spdx/license.rb
+- lib/spandx/terraform/parsers/hcl.rb
+- lib/spandx/terraform/parsers/lock_file.rb
 - lib/spandx/version.rb
 - spandx.gemspec
 homepage: https://spandx.github.io/
@@ -443,7 +445,7 @@ metadata:
   homepage_uri: https://spandx.github.io/
   source_code_uri: https://github.com/spandx/spandx
   changelog_uri: https://github.com/spandx/spandx/blob/main/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -459,7 +461,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.2.3
-signing_key: 
+signing_key:
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.
 test_files: []