spandx 0.18.1 → 0.18.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -2
- data/lib/spandx.rb +1 -0
- data/lib/spandx/cli/commands/scan.rb +0 -4
- data/lib/spandx/core/dependency.rb +2 -0
- data/lib/spandx/terraform/parsers/lock_file.rb +1 -1
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +2 -1
- metadata +17 -4
- data/lib/spandx/terraform/parsers/hcl.rb +0 -108
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 28d95986ecfe3d8616d52256ecf28003eb4cc6c28e30a6733e9e4e1012cf5375
|
|
4
|
+
data.tar.gz: bd8f7c53dbfa43e13a2f1a4f54c7a2517e70f3e529b1792b18ce6ef9cc208091
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b97733866a711008bebc338ff77e452696d5ae1f7c8b486fb13b08adc20c8fd2483cc288766920525057967889b3e42632abb0f6dd5cf03f273965ae27b0d1c8
|
|
7
|
+
data.tar.gz: fa296185eacf57b16c7f9b54cd9d1b19c8bfa524ce3de6b256b007a1c9d9cf41c51eb7c99e10331265d48b415c94119c1e2097f10764c2d4f420eb91762cf1f9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Version 0.18.
|
|
1
|
+
Version 0.18.2
|
|
2
2
|
|
|
3
3
|
# Changelog
|
|
4
4
|
|
|
@@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
9
9
|
|
|
10
10
|
## [Unreleased]
|
|
11
11
|
|
|
12
|
+
## [0.18.2] - 2021-06-05
|
|
13
|
+
### Fixed
|
|
14
|
+
- fix(dpkg): detect package manager for related dependencies
|
|
15
|
+
- fix(terraform): detect package manager for related dependencies
|
|
16
|
+
|
|
12
17
|
## [0.18.1] - 2021-06-02
|
|
13
18
|
### Fixed
|
|
14
19
|
- Parse `.terraform.lock.hcl` files with multiple providers.
|
|
@@ -232,7 +237,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
232
237
|
### Added
|
|
233
238
|
- Provide ruby API to the latest SPDX catalogue.
|
|
234
239
|
|
|
235
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.18.
|
|
240
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.18.2...HEAD
|
|
241
|
+
[0.18.2]: https://github.com/spandx/spandx/compare/v0.18.1...v0.18.2
|
|
236
242
|
[0.18.1]: https://github.com/spandx/spandx/compare/v0.18.0...v0.18.1
|
|
237
243
|
[0.18.0]: https://github.com/spandx/spandx/compare/v0.17.0...v0.18.0
|
|
238
244
|
[0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
|
data/lib/spandx.rb
CHANGED
|
@@ -14,6 +14,8 @@ module Spandx
|
|
|
14
14
|
Spandx::Python::Parsers::PipfileLock => :pypi,
|
|
15
15
|
Spandx::Ruby::Parsers::GemfileLock => :rubygems,
|
|
16
16
|
Spandx::Os::Parsers::Apk => :apk,
|
|
17
|
+
Spandx::Os::Parsers::Dpkg => :dpkg,
|
|
18
|
+
Spandx::Terraform::Parsers::LockFile => :terraform,
|
|
17
19
|
}.freeze
|
|
18
20
|
attr_reader :path, :name, :version, :licenses, :meta
|
|
19
21
|
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
|
|
|
14
14
|
spec.description = 'Spanx is a ruby API for interacting with the spdx.org software license catalogue. This gem includes a command line interface to scan a software project for the software licenses that are associated with each dependency in the project. Spandx also allows you to hook additional information for each dependency found. For instance, you can add plugin to Spandx to find and report vulnerabilities for the dependencies it found.'
|
|
15
15
|
spec.homepage = 'https://spandx.github.io/'
|
|
16
16
|
spec.license = 'MIT'
|
|
17
|
-
spec.required_ruby_version = Gem::Requirement.new('>= 2.
|
|
17
|
+
spec.required_ruby_version = Gem::Requirement.new('>= 2.6.0')
|
|
18
18
|
|
|
19
19
|
spec.metadata['homepage_uri'] = spec.homepage
|
|
20
20
|
spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
|
|
@@ -34,6 +34,7 @@ Gem::Specification.new do |spec|
|
|
|
34
34
|
|
|
35
35
|
spec.add_dependency 'addressable', '~> 2.7'
|
|
36
36
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
|
37
|
+
spec.add_dependency 'hcl2', '~> 0.1'
|
|
37
38
|
spec.add_dependency 'net-hippie', '~> 1.0'
|
|
38
39
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
|
39
40
|
spec.add_dependency 'oj', '~> 3.10'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spandx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.18.
|
|
4
|
+
version: 0.18.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Can Eldem
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-06-
|
|
12
|
+
date: 2021-06-05 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -45,6 +45,20 @@ dependencies:
|
|
|
45
45
|
- - "<"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: 3.0.0
|
|
48
|
+
- !ruby/object:Gem::Dependency
|
|
49
|
+
name: hcl2
|
|
50
|
+
requirement: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0.1'
|
|
55
|
+
type: :runtime
|
|
56
|
+
prerelease: false
|
|
57
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0.1'
|
|
48
62
|
- !ruby/object:Gem::Dependency
|
|
49
63
|
name: net-hippie
|
|
50
64
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -434,7 +448,6 @@ files:
|
|
|
434
448
|
- lib/spandx/spdx/expression.rb
|
|
435
449
|
- lib/spandx/spdx/gateway.rb
|
|
436
450
|
- lib/spandx/spdx/license.rb
|
|
437
|
-
- lib/spandx/terraform/parsers/hcl.rb
|
|
438
451
|
- lib/spandx/terraform/parsers/lock_file.rb
|
|
439
452
|
- lib/spandx/version.rb
|
|
440
453
|
- spandx.gemspec
|
|
@@ -453,7 +466,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
453
466
|
requirements:
|
|
454
467
|
- - ">="
|
|
455
468
|
- !ruby/object:Gem::Version
|
|
456
|
-
version: 2.
|
|
469
|
+
version: 2.6.0
|
|
457
470
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
458
471
|
requirements:
|
|
459
472
|
- - ">="
|
|
@@ -1,108 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Spandx
|
|
4
|
-
module Terraform
|
|
5
|
-
module Parsers
|
|
6
|
-
class Hcl < Parslet::Parser
|
|
7
|
-
rule(:alpha) { match['a-zA-Z'] }
|
|
8
|
-
rule(:assign) { str('=') }
|
|
9
|
-
rule(:colon) { str(':') }
|
|
10
|
-
rule(:comma) { str(',') }
|
|
11
|
-
rule(:comment) { (str('#') | str('//')) >> ((str("\n") >> str("\r").maybe).absent? >> any).repeat >> eol }
|
|
12
|
-
rule(:crlf) { match('[\r\n]') }
|
|
13
|
-
rule(:digit) { match('\d') }
|
|
14
|
-
rule(:dot) { str('.') }
|
|
15
|
-
rule(:eol) { whitespace? >> crlf.repeat }
|
|
16
|
-
rule(:greater_than_or_equal_to) { str('>=') }
|
|
17
|
-
rule(:hyphen) { str('-') }
|
|
18
|
-
rule(:lbracket) { str('[') }
|
|
19
|
-
rule(:lcurly) { str('{') }
|
|
20
|
-
rule(:major) { number }
|
|
21
|
-
rule(:major_minor) { (number >> dot >> number) }
|
|
22
|
-
rule(:major_minor_patch) { number >> dot >> number >> dot >> number }
|
|
23
|
-
rule(:multiline_comment) { str('/*') >> (str('*/').absent? >> any).repeat >> str('*/') }
|
|
24
|
-
rule(:number) { digit.repeat }
|
|
25
|
-
rule(:plus) { str('+') }
|
|
26
|
-
rule(:pre_release) { hyphen >> (alpha | digit).repeat }
|
|
27
|
-
rule(:pre_release?) { pre_release.maybe }
|
|
28
|
-
rule(:quote) { str('"') }
|
|
29
|
-
rule(:rbracket) { str(']') }
|
|
30
|
-
rule(:rcurly) { str('}') }
|
|
31
|
-
rule(:slash) { str('/') }
|
|
32
|
-
rule(:space) { match('\s') }
|
|
33
|
-
rule(:tilda_wacka) { str('~>') }
|
|
34
|
-
rule(:version) { number >> dot >> number >> dot >> number >> pre_release? }
|
|
35
|
-
rule(:whitespace) { (multiline_comment | comment | space).repeat }
|
|
36
|
-
rule(:whitespace?) { whitespace.maybe }
|
|
37
|
-
|
|
38
|
-
rule(:pessimistic_version_constraint) do
|
|
39
|
-
tilda_wacka >> whitespace >> (
|
|
40
|
-
major_minor_patch |
|
|
41
|
-
major_minor |
|
|
42
|
-
major
|
|
43
|
-
)
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
rule(:greater_than_or_equal_to_version) do
|
|
47
|
-
greater_than_or_equal_to >> whitespace >> (
|
|
48
|
-
major_minor_patch |
|
|
49
|
-
major_minor |
|
|
50
|
-
major
|
|
51
|
-
)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
rule(:version_constraint) do
|
|
55
|
-
pessimistic_version_constraint | greater_than_or_equal_to_version
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
rule :version_assignment do
|
|
59
|
-
str('version') >> whitespace >> assign >> whitespace >> quote >> version.as(:version) >> quote
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
rule :constraint_assignment do
|
|
63
|
-
str('constraints') >> whitespace >> assign >> whitespace >> quote >> version_constraint.as(:constraints) >> quote
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
rule :string do
|
|
67
|
-
quote >> (
|
|
68
|
-
digit | dot | alpha | str('~> ') | slash | colon | assign | plus
|
|
69
|
-
).repeat(1).as(:value) >> quote
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
rule :array_item do
|
|
73
|
-
whitespace? >> string >> comma.maybe >> eol
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
rule :array do
|
|
77
|
-
lbracket >> eol >> array_item.repeat >> whitespace >> rbracket
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
rule :argument_value do
|
|
81
|
-
(array.as(:values) | string) >> eol
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
rule :argument do
|
|
85
|
-
whitespace >> alpha.repeat(1).as(:name) >> whitespace >> assign >> whitespace >> argument_value
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
rule :block_body do
|
|
89
|
-
lcurly >> crlf >> argument.repeat.as(:arguments) >> rcurly
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
rule :identifier do
|
|
93
|
-
whitespace >> quote >> (alpha | dot | slash).repeat(1).as(:name) >> quote >> whitespace
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
rule :block do
|
|
97
|
-
alpha.repeat(1).as(:type) >> identifier >> block_body
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
rule :blocks do
|
|
101
|
-
whitespace? >> (block >> eol.maybe).repeat(1).as(:blocks)
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
root(:blocks)
|
|
105
|
-
end
|
|
106
|
-
end
|
|
107
|
-
end
|
|
108
|
-
end
|