spandx 0.13.2 → 0.13.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -2
- data/lib/spandx/cli.rb +2 -1
- data/lib/spandx/cli/commands/scan.rb +16 -30
- data/lib/spandx/core/http.rb +1 -1
- data/lib/spandx/core/index_file.rb +2 -0
- data/lib/spandx/core/license_plugin.rb +6 -1
- data/lib/spandx/core/spinner.rb +51 -0
- data/lib/spandx/python/source.rb +12 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +2 -1
- metadata +21 -9
- data/lib/spandx/core/concurrent.rb +0 -40
- data/lib/spandx/core/line_io.rb +0 -23
- data/lib/spandx/core/thread_pool.rb +0 -49
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4b36f49bab527c52c6d3f6ddf1d70e022422f70c678bf865231921982460a4b4
|
4
|
+
data.tar.gz: 5d31efbe54079dd42a07c46f9d47bbe508d712ebed5d7294537685112d170079
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: abe3e8e231a35f5861b3e85502a7b5c415684ce351756b0d64c77cfcf417bfd099e25587714c9e88b9a3ddb7309154921e0b57b4601bbe9aa74de7f057165773
|
7
|
+
data.tar.gz: 757dd76cebbd921d4034a69e794beffac0c9ff00ec846491b4037bf01a687d06aad5a8d258dccb59dc6cce6d94626dbb6df77eae53ccc8755982482a780bf65f
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.13.
|
1
|
+
Version 0.13.3
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
11
|
|
12
|
+
## [0.13.3] - 2020-05-19
|
13
|
+
### Fixed
|
14
|
+
- Ignore invalid URLs during scan.
|
15
|
+
|
12
16
|
## [0.13.2] - 2020-05-17
|
13
17
|
### Fixed
|
14
18
|
- Detect licenses when provided as an array.
|
@@ -177,7 +181,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
177
181
|
### Added
|
178
182
|
- Provide ruby API to the latest SPDX catalogue.
|
179
183
|
|
180
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.
|
184
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.3...HEAD
|
185
|
+
[0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
|
186
|
+
[0.13.2]: https://github.com/spandx/spandx/compare/v0.13.1...v0.13.2
|
187
|
+
[0.13.1]: https://github.com/spandx/spandx/compare/v0.13.0...v0.13.1
|
181
188
|
[0.13.0]: https://github.com/spandx/spandx/compare/v0.12.3...v0.13.0
|
182
189
|
[0.12.3]: https://github.com/spandx/spandx/compare/v0.12.2...v0.12.3
|
183
190
|
[0.12.2]: https://github.com/spandx/spandx/compare/v0.12.1...v0.12.2
|
data/lib/spandx/cli.rb
CHANGED
@@ -4,28 +4,26 @@ module Spandx
|
|
4
4
|
module Cli
|
5
5
|
module Commands
|
6
6
|
class Scan
|
7
|
-
|
8
|
-
def advance(*args); end
|
9
|
-
end.new
|
10
|
-
|
11
|
-
attr_reader :scan_path
|
7
|
+
attr_reader :scan_path, :spinner
|
12
8
|
|
13
9
|
def initialize(scan_path, options)
|
14
10
|
@scan_path = ::Pathname.new(scan_path)
|
15
11
|
@options = options
|
12
|
+
@spinner = options[:show_progress] ? ::Spandx::Core::Spinner.new : ::Spandx::Core::Spinner::NULL
|
16
13
|
require(options[:require]) if options[:require]
|
17
14
|
end
|
18
15
|
|
19
16
|
def execute(output: $stdout)
|
20
|
-
Spandx::Core::
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
17
|
+
report = ::Spandx::Core::Report.new
|
18
|
+
each_file do |file|
|
19
|
+
spinner.spin(file)
|
20
|
+
each_dependency_from(file) do |dependency|
|
21
|
+
spinner.spin(file)
|
22
|
+
report.add(dependency)
|
26
23
|
end
|
27
|
-
output.puts(format(report.to(@options[:format])))
|
28
24
|
end
|
25
|
+
spinner.stop
|
26
|
+
output.puts(format(report.to(@options[:format])))
|
29
27
|
end
|
30
28
|
|
31
29
|
private
|
@@ -36,16 +34,12 @@ module Spandx
|
|
36
34
|
.each { |file| yield file }
|
37
35
|
end
|
38
36
|
|
39
|
-
def each_dependency_from(file
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
bar.advance(1)
|
46
|
-
yield dependency
|
47
|
-
end
|
48
|
-
end
|
37
|
+
def each_dependency_from(file)
|
38
|
+
::Spandx::Core::Parser
|
39
|
+
.for(file)
|
40
|
+
.parse(file)
|
41
|
+
.map { |x| enhance(x) }
|
42
|
+
.each { |dependency| yield dependency }
|
49
43
|
end
|
50
44
|
|
51
45
|
def format(output)
|
@@ -57,14 +51,6 @@ module Spandx
|
|
57
51
|
.all
|
58
52
|
.inject(dependency) { |memo, plugin| plugin.enhance(memo) }
|
59
53
|
end
|
60
|
-
|
61
|
-
def title_for(file)
|
62
|
-
"#{file} [:bar, :elapsed] :percent"
|
63
|
-
end
|
64
|
-
|
65
|
-
def with_progress(title, total)
|
66
|
-
yield @options[:show_progress] ? TTY::ProgressBar.new(title, total: total) : NULL_BAR
|
67
|
-
end
|
68
54
|
end
|
69
55
|
end
|
70
56
|
end
|
data/lib/spandx/core/http.rb
CHANGED
@@ -26,7 +26,8 @@ module Spandx
|
|
26
26
|
|
27
27
|
def cache_for(dependency, git: Spandx.git)
|
28
28
|
git = git[dependency.package_manager.to_sym] || git[:cache]
|
29
|
-
|
29
|
+
key = key_for(dependency.package_manager)
|
30
|
+
Spandx::Core::Cache.new(key, root: "#{git.root}/.index")
|
30
31
|
end
|
31
32
|
|
32
33
|
def known?(package_manager)
|
@@ -49,6 +50,10 @@ module Spandx
|
|
49
50
|
end
|
50
51
|
dependency
|
51
52
|
end
|
53
|
+
|
54
|
+
def key_for(package_manager)
|
55
|
+
package_manager == :yarn ? :npm : package_manager
|
56
|
+
end
|
52
57
|
end
|
53
58
|
end
|
54
59
|
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Core
|
5
|
+
class Spinner
|
6
|
+
NULL = Class.new do
|
7
|
+
def self.spin(*args); end
|
8
|
+
|
9
|
+
def self.stop(*args); end
|
10
|
+
end
|
11
|
+
|
12
|
+
attr_reader :columns, :spinner
|
13
|
+
|
14
|
+
def initialize(columns: TTY::Screen.columns, output: $stderr)
|
15
|
+
@columns = columns
|
16
|
+
@spinner = Nanospinner.new(output)
|
17
|
+
@queue = Queue.new
|
18
|
+
@thread = Thread.new { work }
|
19
|
+
end
|
20
|
+
|
21
|
+
def spin(message)
|
22
|
+
@queue.enq(justify(message))
|
23
|
+
yield if block_given?
|
24
|
+
end
|
25
|
+
|
26
|
+
def stop
|
27
|
+
@queue.clear
|
28
|
+
@queue.enq(:stop)
|
29
|
+
@thread.join
|
30
|
+
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
def justify(message)
|
35
|
+
message.to_s.ljust(columns - 3)
|
36
|
+
end
|
37
|
+
|
38
|
+
def work
|
39
|
+
last_message = justify('')
|
40
|
+
loop do
|
41
|
+
message = @queue.empty? ? last_message : @queue.deq
|
42
|
+
break if message == :stop
|
43
|
+
|
44
|
+
spinner.spin(message)
|
45
|
+
last_message = message
|
46
|
+
sleep 0.1
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
data/lib/spandx/python/source.rb
CHANGED
@@ -28,11 +28,23 @@ module Spandx
|
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
|
+
def ==(other)
|
32
|
+
name == other.name &&
|
33
|
+
uri.to_s == other.uri.to_s &&
|
34
|
+
verify_ssl == other.verify_ssl
|
35
|
+
end
|
36
|
+
|
37
|
+
def eql(other)
|
38
|
+
self == other
|
39
|
+
end
|
40
|
+
|
31
41
|
class << self
|
32
42
|
def sources_from(json)
|
33
43
|
meta = json['_meta']
|
34
44
|
meta['sources'].map do |hash|
|
35
45
|
new(hash)
|
46
|
+
rescue URI::InvalidURIError
|
47
|
+
default
|
36
48
|
end
|
37
49
|
end
|
38
50
|
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -34,11 +34,12 @@ Gem::Specification.new do |spec|
|
|
34
34
|
|
35
35
|
spec.add_dependency 'addressable', '~> 2.7'
|
36
36
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
37
|
+
spec.add_dependency 'nanospinner', '~> 1.0.0'
|
37
38
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
38
39
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
39
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
40
41
|
spec.add_dependency 'thor'
|
41
|
-
spec.add_dependency 'tty-
|
42
|
+
spec.add_dependency 'tty-screen', '~> 0.7'
|
42
43
|
spec.add_dependency 'zeitwerk', '~> 2.3'
|
43
44
|
|
44
45
|
spec.add_development_dependency 'benchmark-ips', '~> 2.8'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.13.
|
4
|
+
version: 0.13.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Can Eldem
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-05-
|
12
|
+
date: 2020-05-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
@@ -45,6 +45,20 @@ dependencies:
|
|
45
45
|
- - "<"
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: 3.0.0
|
48
|
+
- !ruby/object:Gem::Dependency
|
49
|
+
name: nanospinner
|
50
|
+
requirement: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 1.0.0
|
55
|
+
type: :runtime
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 1.0.0
|
48
62
|
- !ruby/object:Gem::Dependency
|
49
63
|
name: net-hippie
|
50
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -102,19 +116,19 @@ dependencies:
|
|
102
116
|
- !ruby/object:Gem::Version
|
103
117
|
version: '0'
|
104
118
|
- !ruby/object:Gem::Dependency
|
105
|
-
name: tty-
|
119
|
+
name: tty-screen
|
106
120
|
requirement: !ruby/object:Gem::Requirement
|
107
121
|
requirements:
|
108
122
|
- - "~>"
|
109
123
|
- !ruby/object:Gem::Version
|
110
|
-
version: '0.
|
124
|
+
version: '0.7'
|
111
125
|
type: :runtime
|
112
126
|
prerelease: false
|
113
127
|
version_requirements: !ruby/object:Gem::Requirement
|
114
128
|
requirements:
|
115
129
|
- - "~>"
|
116
130
|
- !ruby/object:Gem::Version
|
117
|
-
version: '0.
|
131
|
+
version: '0.7'
|
118
132
|
- !ruby/object:Gem::Dependency
|
119
133
|
name: zeitwerk
|
120
134
|
requirement: !ruby/object:Gem::Requirement
|
@@ -341,7 +355,6 @@ files:
|
|
341
355
|
- lib/spandx/cli/main.rb
|
342
356
|
- lib/spandx/core/cache.rb
|
343
357
|
- lib/spandx/core/circuit.rb
|
344
|
-
- lib/spandx/core/concurrent.rb
|
345
358
|
- lib/spandx/core/content.rb
|
346
359
|
- lib/spandx/core/data_file.rb
|
347
360
|
- lib/spandx/core/dependency.rb
|
@@ -351,7 +364,6 @@ files:
|
|
351
364
|
- lib/spandx/core/http.rb
|
352
365
|
- lib/spandx/core/index_file.rb
|
353
366
|
- lib/spandx/core/license_plugin.rb
|
354
|
-
- lib/spandx/core/line_io.rb
|
355
367
|
- lib/spandx/core/parser.rb
|
356
368
|
- lib/spandx/core/path_traversal.rb
|
357
369
|
- lib/spandx/core/plugin.rb
|
@@ -359,8 +371,8 @@ files:
|
|
359
371
|
- lib/spandx/core/relation.rb
|
360
372
|
- lib/spandx/core/report.rb
|
361
373
|
- lib/spandx/core/score.rb
|
374
|
+
- lib/spandx/core/spinner.rb
|
362
375
|
- lib/spandx/core/table.rb
|
363
|
-
- lib/spandx/core/thread_pool.rb
|
364
376
|
- lib/spandx/dotnet/index.rb
|
365
377
|
- lib/spandx/dotnet/nuget_gateway.rb
|
366
378
|
- lib/spandx/dotnet/package_reference.rb
|
@@ -413,7 +425,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
413
425
|
- !ruby/object:Gem::Version
|
414
426
|
version: '0'
|
415
427
|
requirements: []
|
416
|
-
rubygems_version: 3.1.
|
428
|
+
rubygems_version: 3.1.3
|
417
429
|
signing_key:
|
418
430
|
specification_version: 4
|
419
431
|
summary: A ruby interface to the SPDX catalogue.
|
@@ -1,40 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Core
|
5
|
-
class Concurrent
|
6
|
-
include Enumerable
|
7
|
-
|
8
|
-
def self.map(items, pool:, &block)
|
9
|
-
queue = Queue.new
|
10
|
-
|
11
|
-
items.each do |item|
|
12
|
-
pool.schedule([item, block]) do |marshalled_item, callable|
|
13
|
-
queue.enq(callable.call(marshalled_item))
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
new(queue, items.size)
|
18
|
-
end
|
19
|
-
|
20
|
-
attr_reader :queue, :size
|
21
|
-
|
22
|
-
def initialize(queue, size)
|
23
|
-
@queue = queue
|
24
|
-
@size = size
|
25
|
-
end
|
26
|
-
|
27
|
-
def each
|
28
|
-
size.times { yield queue.deq }
|
29
|
-
end
|
30
|
-
|
31
|
-
def to_enum
|
32
|
-
Enumerator.new do |yielder|
|
33
|
-
each do |item|
|
34
|
-
yielder.yield item
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
data/lib/spandx/core/line_io.rb
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Core
|
5
|
-
class LineIo
|
6
|
-
def initialize(absolute_path)
|
7
|
-
file_descriptor = IO.sysopen(absolute_path)
|
8
|
-
@io = IO.new(file_descriptor)
|
9
|
-
@buffer = ''
|
10
|
-
end
|
11
|
-
|
12
|
-
def each(&block)
|
13
|
-
@buffer << @io.sysread(512) until @buffer.include?($INPUT_RECORD_SEPARATOR)
|
14
|
-
|
15
|
-
line, @buffer = @buffer.split($INPUT_RECORD_SEPARATOR, 2)
|
16
|
-
block.call(line)
|
17
|
-
each(&block)
|
18
|
-
rescue EOFError
|
19
|
-
@io.close
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,49 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Spandx
|
4
|
-
module Core
|
5
|
-
class ThreadPool
|
6
|
-
def initialize(size: Etc.nprocessors)
|
7
|
-
@size = size
|
8
|
-
@queue = Queue.new
|
9
|
-
@pool = size.times.map { start_worker_thread }
|
10
|
-
end
|
11
|
-
|
12
|
-
def schedule(*args, &block)
|
13
|
-
@queue.enq([block, args])
|
14
|
-
end
|
15
|
-
|
16
|
-
def done?
|
17
|
-
@queue.empty?
|
18
|
-
end
|
19
|
-
|
20
|
-
def shutdown
|
21
|
-
@size.times do
|
22
|
-
schedule { throw :exit }
|
23
|
-
end
|
24
|
-
|
25
|
-
@pool.map(&:join)
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.open
|
29
|
-
pool = new
|
30
|
-
yield pool
|
31
|
-
ensure
|
32
|
-
pool.shutdown
|
33
|
-
end
|
34
|
-
|
35
|
-
private
|
36
|
-
|
37
|
-
def start_worker_thread
|
38
|
-
Thread.new do
|
39
|
-
catch(:exit) do
|
40
|
-
loop do
|
41
|
-
job, args = @queue.deq
|
42
|
-
job.call(*args)
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|