spandx 0.13.2 → 0.13.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e89b8200563a7e8d6499790a3cec3673744cb46be6f3eb4a279cb28c311bc9cd
-  data.tar.gz: 2f33ec62f37e65a69e77872cef146c988f41bf7b9832ddd97cb7454ae2dd0281
+  metadata.gz: 4b36f49bab527c52c6d3f6ddf1d70e022422f70c678bf865231921982460a4b4
+  data.tar.gz: 5d31efbe54079dd42a07c46f9d47bbe508d712ebed5d7294537685112d170079
 SHA512:
-  metadata.gz: dd107af13cc5a9acf8e5f915f01f1be6e687e3322ed3a2bdb499ab03ffed7b287b0424aa1682cd97212fe9206e51ff6a4e4f2773a1ce5d2f434c23a410c8472d
-  data.tar.gz: f984aed0d5db9ff517fffb491f9be9794419795186fbc9b9e9287529ecd286e0876f7f97588bc31b264c10d02049e56d125bea565e3579cc4c8ce7ff1eae3858
+  metadata.gz: abe3e8e231a35f5861b3e85502a7b5c415684ce351756b0d64c77cfcf417bfd099e25587714c9e88b9a3ddb7309154921e0b57b4601bbe9aa74de7f057165773
+  data.tar.gz: 757dd76cebbd921d4034a69e794beffac0c9ff00ec846491b4037bf01a687d06aad5a8d258dccb59dc6cce6d94626dbb6df77eae53ccc8755982482a780bf65f

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-Version 0.13.2
+Version 0.13.3
 
 # Changelog
 
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.13.3] - 2020-05-19
+### Fixed
+- Ignore invalid URLs during scan.
+
 ## [0.13.2] - 2020-05-17
 ### Fixed
 - Detect licenses when provided as an array.
@@ -177,7 +181,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Provide ruby API to the latest SPDX catalogue.
 
-[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.0...HEAD
+[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.3...HEAD
+[0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
+[0.13.2]: https://github.com/spandx/spandx/compare/v0.13.1...v0.13.2
+[0.13.1]: https://github.com/spandx/spandx/compare/v0.13.0...v0.13.1
 [0.13.0]: https://github.com/spandx/spandx/compare/v0.12.3...v0.13.0
 [0.12.3]: https://github.com/spandx/spandx/compare/v0.12.2...v0.12.3
 [0.12.2]: https://github.com/spandx/spandx/compare/v0.12.1...v0.12.2

data/lib/spandx/cli.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
+require 'nanospinner'
 require 'thor'
-require 'tty-progressbar'
+require 'tty-screen'
 
 module Spandx
   module Cli

data/lib/spandx/cli/commands/scan.rb

@@ -4,28 +4,26 @@ module Spandx
   module Cli
     module Commands
       class Scan
-        NULL_BAR = Class.new do
-          def advance(*args); end
-        end.new
-
-        attr_reader :scan_path
+        attr_reader :scan_path, :spinner
 
         def initialize(scan_path, options)
           @scan_path = ::Pathname.new(scan_path)
           @options = options
+          @spinner = options[:show_progress] ? ::Spandx::Core::Spinner.new : ::Spandx::Core::Spinner::NULL
           require(options[:require]) if options[:require]
         end
 
         def execute(output: $stdout)
-          Spandx::Core::ThreadPool.open do |pool|
-            report = ::Spandx::Core::Report.new
-            each_file do |file|
-              each_dependency_from(file, pool) do |dependency|
-                report.add(dependency)
-              end
+          report = ::Spandx::Core::Report.new
+          each_file do |file|
+            spinner.spin(file)
+            each_dependency_from(file) do |dependency|
+              spinner.spin(file)
+              report.add(dependency)
             end
-            output.puts(format(report.to(@options[:format])))
           end
+          spinner.stop
+          output.puts(format(report.to(@options[:format])))
         end
 
         private
@@ -36,16 +34,12 @@ module Spandx
             .each { |file| yield file }
         end
 
-        def each_dependency_from(file, pool)
-          dependencies = ::Spandx::Core::Parser.for(file).parse(file)
-          with_progress(title_for(file), dependencies.size) do |bar|
-            ::Spandx::Core::Concurrent
-              .map(dependencies, pool: pool) { |dependency| enhance(dependency) }
-              .each do |dependency|
-              bar.advance(1)
-              yield dependency
-            end
-          end
+        def each_dependency_from(file)
+          ::Spandx::Core::Parser
+            .for(file)
+            .parse(file)
+            .map { |x| enhance(x) }
+            .each { |dependency| yield dependency }
         end
 
         def format(output)
@@ -57,14 +51,6 @@ module Spandx
             .all
             .inject(dependency) { |memo, plugin| plugin.enhance(memo) }
         end
-
-        def title_for(file)
-          "#{file} [:bar, :elapsed] :percent"
-        end
-
-        def with_progress(title, total)
-          yield @options[:show_progress] ? TTY::ProgressBar.new(title, total: total) : NULL_BAR
-        end
       end
     end
   end

data/lib/spandx/core/http.rb

@@ -27,7 +27,7 @@ module Spandx
             client.get(escape ? Addressable::URI.escape(uri) : uri)
           end
         end
-      rescue *Net::Hippie::CONNECTION_ERRORS
+      rescue *Net::Hippie::CONNECTION_ERRORS, URI::InvalidURIError
         default
       end
 

data/lib/spandx/core/index_file.rb

@@ -26,6 +26,8 @@ module Spandx
           until min >= max
             mid = mid_for(min, max)
             row = reader.row(mid)
+            return unless row
+
             comparison = yield row
             return row if comparison.zero?
 

data/lib/spandx/core/license_plugin.rb

@@ -26,7 +26,8 @@ module Spandx
 
       def cache_for(dependency, git: Spandx.git)
         git = git[dependency.package_manager.to_sym] || git[:cache]
-        Spandx::Core::Cache.new(dependency.package_manager, root: "#{git.root}/.index")
+        key = key_for(dependency.package_manager)
+        Spandx::Core::Cache.new(key, root: "#{git.root}/.index")
       end
 
       def known?(package_manager)
@@ -49,6 +50,10 @@ module Spandx
         end
         dependency
       end
+
+      def key_for(package_manager)
+        package_manager == :yarn ? :npm : package_manager
+      end
     end
   end
 end

data/lib/spandx/core/spinner.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Core
+    class Spinner
+      NULL = Class.new do
+        def self.spin(*args); end
+
+        def self.stop(*args); end
+      end
+
+      attr_reader :columns, :spinner
+
+      def initialize(columns: TTY::Screen.columns, output: $stderr)
+        @columns = columns
+        @spinner = Nanospinner.new(output)
+        @queue = Queue.new
+        @thread = Thread.new { work }
+      end
+
+      def spin(message)
+        @queue.enq(justify(message))
+        yield if block_given?
+      end
+
+      def stop
+        @queue.clear
+        @queue.enq(:stop)
+        @thread.join
+      end
+
+      private
+
+      def justify(message)
+        message.to_s.ljust(columns - 3)
+      end
+
+      def work
+        last_message = justify('')
+        loop do
+          message = @queue.empty? ? last_message : @queue.deq
+          break if message == :stop
+
+          spinner.spin(message)
+          last_message = message
+          sleep 0.1
+        end
+      end
+    end
+  end
+end

data/lib/spandx/python/source.rb

@@ -28,11 +28,23 @@ module Spandx
         end
       end
 
+      def ==(other)
+        name == other.name &&
+          uri.to_s == other.uri.to_s &&
+          verify_ssl == other.verify_ssl
+      end
+
+      def eql(other)
+        self == other
+      end
+
       class << self
         def sources_from(json)
           meta = json['_meta']
           meta['sources'].map do |hash|
             new(hash)
+          rescue URI::InvalidURIError
+            default
           end
         end
 

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.13.2'
+  VERSION = '0.13.3'
 end

data/spandx.gemspec

@@ -34,11 +34,12 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'addressable', '~> 2.7'
   spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
+  spec.add_dependency 'nanospinner', '~> 1.0.0'
   spec.add_dependency 'net-hippie', '~> 0.3'
   spec.add_dependency 'nokogiri', '~> 1.10'
   spec.add_dependency 'parslet', '~> 2.0'
   spec.add_dependency 'thor'
-  spec.add_dependency 'tty-progressbar', '~> 0.17'
+  spec.add_dependency 'tty-screen', '~> 0.7'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
   spec.add_development_dependency 'benchmark-ips', '~> 2.8'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.13.2
+  version: 0.13.3
 platform: ruby
 authors:
 - Can Eldem
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-18 00:00:00.000000000 Z
+date: 2020-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -45,6 +45,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: nanospinner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: net-hippie
   requirement: !ruby/object:Gem::Requirement
@@ -102,19 +116,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: tty-progressbar
+  name: tty-screen
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -341,7 +355,6 @@ files:
 - lib/spandx/cli/main.rb
 - lib/spandx/core/cache.rb
 - lib/spandx/core/circuit.rb
-- lib/spandx/core/concurrent.rb
 - lib/spandx/core/content.rb
 - lib/spandx/core/data_file.rb
 - lib/spandx/core/dependency.rb
@@ -351,7 +364,6 @@ files:
 - lib/spandx/core/http.rb
 - lib/spandx/core/index_file.rb
 - lib/spandx/core/license_plugin.rb
-- lib/spandx/core/line_io.rb
 - lib/spandx/core/parser.rb
 - lib/spandx/core/path_traversal.rb
 - lib/spandx/core/plugin.rb
@@ -359,8 +371,8 @@ files:
 - lib/spandx/core/relation.rb
 - lib/spandx/core/report.rb
 - lib/spandx/core/score.rb
+- lib/spandx/core/spinner.rb
 - lib/spandx/core/table.rb
-- lib/spandx/core/thread_pool.rb
 - lib/spandx/dotnet/index.rb
 - lib/spandx/dotnet/nuget_gateway.rb
 - lib/spandx/dotnet/package_reference.rb
@@ -413,7 +425,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.

data/lib/spandx/core/concurrent.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class Concurrent
-      include Enumerable
-
-      def self.map(items, pool:, &block)
-        queue = Queue.new
-
-        items.each do |item|
-          pool.schedule([item, block]) do |marshalled_item, callable|
-            queue.enq(callable.call(marshalled_item))
-          end
-        end
-
-        new(queue, items.size)
-      end
-
-      attr_reader :queue, :size
-
-      def initialize(queue, size)
-        @queue = queue
-        @size = size
-      end
-
-      def each
-        size.times { yield queue.deq }
-      end
-
-      def to_enum
-        Enumerator.new do |yielder|
-          each do |item|
-            yielder.yield item
-          end
-        end
-      end
-    end
-  end
-end

data/lib/spandx/core/line_io.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class LineIo
-      def initialize(absolute_path)
-        file_descriptor = IO.sysopen(absolute_path)
-        @io = IO.new(file_descriptor)
-        @buffer = ''
-      end
-
-      def each(&block)
-        @buffer << @io.sysread(512) until @buffer.include?($INPUT_RECORD_SEPARATOR)
-
-        line, @buffer = @buffer.split($INPUT_RECORD_SEPARATOR, 2)
-        block.call(line)
-        each(&block)
-      rescue EOFError
-        @io.close
-      end
-    end
-  end
-end

data/lib/spandx/core/thread_pool.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class ThreadPool
-      def initialize(size: Etc.nprocessors)
-        @size = size
-        @queue = Queue.new
-        @pool = size.times.map { start_worker_thread }
-      end
-
-      def schedule(*args, &block)
-        @queue.enq([block, args])
-      end
-
-      def done?
-        @queue.empty?
-      end
-
-      def shutdown
-        @size.times do
-          schedule { throw :exit }
-        end
-
-        @pool.map(&:join)
-      end
-
-      def self.open
-        pool = new
-        yield pool
-      ensure
-        pool.shutdown
-      end
-
-      private
-
-      def start_worker_thread
-        Thread.new do
-          catch(:exit) do
-            loop do
-              job, args = @queue.deq
-              job.call(*args)
-            end
-          end
-        end
-      end
-    end
-  end
-end