spandx 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -3
- data/lib/spandx/parsers.rb +1 -0
- data/lib/spandx/parsers/csproj.rb +1 -1
- data/lib/spandx/parsers/csproj/package_reference.rb +15 -1
- data/lib/spandx/parsers/csproj/project_file.rb +18 -8
- data/lib/spandx/parsers/maven.rb +85 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14b8433caf34da68102cdf2db650684c9dbccc2e32509a63a44021978a8d1f6e
|
4
|
+
data.tar.gz: c7c342040a9c5a666708096f30228823a815256587ddd99b9b77fcb7f6856259
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9d916195c87c1162ec60ace64a7c36c5b693c51445361cf11242ca9ceb32c9a8b932d1a2bd65026757c56e556cdc677a738bb42f6dd266652c897737ce2da281
|
7
|
+
data.tar.gz: 92df5d8346276b1998f28bfad73ef26fd6e9bf300589997e5d6ad517e7044974b52b659082acae52e496ea51ff77e3f7bd8d4faa5f4d14d39c20c44a8fb529af
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.
|
1
|
+
Version 0.3.0
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -8,8 +8,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
|
+
|
12
|
+
## [0.3.0] - 2020-01-29
|
11
13
|
### Added
|
12
|
-
-
|
14
|
+
- Add `pom.xml` parser
|
15
|
+
|
16
|
+
### Changed
|
17
|
+
- Change minimum ruby from 2.5 to 2.4
|
13
18
|
|
14
19
|
## [0.2.0] - 2020-01-28
|
15
20
|
### Added
|
@@ -52,7 +57,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
52
57
|
### Added
|
53
58
|
- Provide ruby API to the latest SPDX catalogue.
|
54
59
|
|
55
|
-
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.
|
60
|
+
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.3.0...HEAD
|
61
|
+
[0.3.0]: https://github.com/mokhan/spandx/compare/v0.2.0...v0.3.0
|
56
62
|
[0.2.0]: https://github.com/mokhan/spandx/compare/v0.1.7...v0.2.0
|
57
63
|
[0.1.7]: https://github.com/mokhan/spandx/compare/v0.1.6...v0.1.7
|
58
64
|
[0.1.6]: https://github.com/mokhan/spandx/compare/v0.1.5...v0.1.6
|
data/lib/spandx/parsers.rb
CHANGED
@@ -3,7 +3,21 @@
|
|
3
3
|
module Spandx
|
4
4
|
module Parsers
|
5
5
|
class Csproj
|
6
|
-
PackageReference
|
6
|
+
class PackageReference
|
7
|
+
attr_reader :name, :version
|
8
|
+
|
9
|
+
def initialize(name:, version:)
|
10
|
+
@name = name
|
11
|
+
@version = version
|
12
|
+
end
|
13
|
+
|
14
|
+
def to_h
|
15
|
+
{
|
16
|
+
name: name,
|
17
|
+
version: version
|
18
|
+
}
|
19
|
+
end
|
20
|
+
end
|
7
21
|
end
|
8
22
|
end
|
9
23
|
end
|
@@ -9,17 +9,13 @@ module Spandx
|
|
9
9
|
def initialize(path)
|
10
10
|
@path = path
|
11
11
|
@dir = File.dirname(path)
|
12
|
-
@document = Nokogiri::XML(IO.read(path))
|
12
|
+
@document = Nokogiri::XML(IO.read(path)).tap(&:remove_namespaces!)
|
13
13
|
end
|
14
14
|
|
15
15
|
def package_references
|
16
|
-
|
17
|
-
|
18
|
-
PackageReference
|
19
|
-
name: attribute_for('Include', node),
|
20
|
-
version: attribute_for('Version', node)
|
21
|
-
)
|
22
|
-
end
|
16
|
+
project_references.flat_map(&:package_references) +
|
17
|
+
references('GlobalPackageReference') +
|
18
|
+
references('PackageReference')
|
23
19
|
end
|
24
20
|
|
25
21
|
private
|
@@ -32,6 +28,20 @@ module Spandx
|
|
32
28
|
end
|
33
29
|
end
|
34
30
|
|
31
|
+
def references(key)
|
32
|
+
document.search("//#{key}").map do |node|
|
33
|
+
PackageReference.new(
|
34
|
+
name: name_from(node),
|
35
|
+
version: attribute_for('Version', node)
|
36
|
+
)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def name_from(node)
|
41
|
+
attribute_for('Include', node) ||
|
42
|
+
attribute_for('Update', node)
|
43
|
+
end
|
44
|
+
|
35
45
|
def attribute_for(key, node)
|
36
46
|
node.attribute(key)&.value&.strip ||
|
37
47
|
node.at_xpath("./#{key}")&.content&.strip
|
@@ -0,0 +1,85 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Parsers
|
5
|
+
class Maven < Base
|
6
|
+
class Metadata
|
7
|
+
attr_reader :artifact_id, :group_id, :version
|
8
|
+
|
9
|
+
def initialize(artifact_id:, group_id:, version:)
|
10
|
+
@artifact_id = artifact_id
|
11
|
+
@group_id = group_id.tr('.', '/')
|
12
|
+
@version = version
|
13
|
+
end
|
14
|
+
|
15
|
+
def licenses
|
16
|
+
pom.to_xml(indent: 2)
|
17
|
+
pom.search('//licenses/license').map do |node|
|
18
|
+
{
|
19
|
+
name: node.at_xpath('./name').text,
|
20
|
+
url: node.at_xpath('./url').text
|
21
|
+
}
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def pom
|
28
|
+
@pom ||= fetch
|
29
|
+
end
|
30
|
+
|
31
|
+
def spec_url
|
32
|
+
[
|
33
|
+
'https://repo.maven.apache.org/maven2',
|
34
|
+
group_id,
|
35
|
+
artifact_id,
|
36
|
+
version,
|
37
|
+
"#{artifact_id}-#{version}.pom"
|
38
|
+
].join('/')
|
39
|
+
end
|
40
|
+
|
41
|
+
def fetch
|
42
|
+
response = Spandx.http.get(spec_url)
|
43
|
+
return unless Spandx.http.ok?(response)
|
44
|
+
|
45
|
+
Nokogiri.XML(response.body).tap(&:remove_namespaces!)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.matches?(filename)
|
50
|
+
File.basename(filename) == 'pom.xml'
|
51
|
+
end
|
52
|
+
|
53
|
+
def parse(filename)
|
54
|
+
document = Nokogiri.XML(IO.read(filename)).tap(&:remove_namespaces!)
|
55
|
+
document.search('//project/dependencies/dependency').map do |node|
|
56
|
+
metadata = metadata_for(node)
|
57
|
+
Dependency.new(
|
58
|
+
name: metadata.artifact_id,
|
59
|
+
version: metadata.version,
|
60
|
+
licenses: metadata.licenses.map { |x| search_catalogue_for(x) }.compact
|
61
|
+
)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
private
|
66
|
+
|
67
|
+
def metadata_for(node)
|
68
|
+
Metadata.new(
|
69
|
+
artifact_id: node.at_xpath('./artifactId').text,
|
70
|
+
group_id: node.at_xpath('./groupId').text,
|
71
|
+
version: node.at_xpath('./version').text
|
72
|
+
)
|
73
|
+
end
|
74
|
+
|
75
|
+
def search_catalogue_for(license_hash)
|
76
|
+
name = Content.new(license_hash[:name])
|
77
|
+
|
78
|
+
catalogue.find do |license|
|
79
|
+
score = name.similarity_score(Content.new(license.name))
|
80
|
+
score > 85
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
|
|
29
29
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
30
30
|
spec.require_paths = ['lib']
|
31
31
|
|
32
|
-
spec.required_ruby_version = '>= 2.
|
32
|
+
spec.required_ruby_version = '>= 2.4.0'
|
33
33
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
34
34
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
35
35
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
@@ -231,6 +231,7 @@ files:
|
|
231
231
|
- lib/spandx/parsers/csproj/package_reference.rb
|
232
232
|
- lib/spandx/parsers/csproj/project_file.rb
|
233
233
|
- lib/spandx/parsers/gemfile_lock.rb
|
234
|
+
- lib/spandx/parsers/maven.rb
|
234
235
|
- lib/spandx/parsers/packages_config.rb
|
235
236
|
- lib/spandx/parsers/pipfile_lock.rb
|
236
237
|
- lib/spandx/parsers/sln.rb
|
@@ -252,7 +253,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
252
253
|
requirements:
|
253
254
|
- - ">="
|
254
255
|
- !ruby/object:Gem::Version
|
255
|
-
version: 2.
|
256
|
+
version: 2.4.0
|
256
257
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
257
258
|
requirements:
|
258
259
|
- - ">="
|