spandx 0.13.5 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -2
- data/lib/spandx/core/dependency.rb +1 -0
- data/lib/spandx/core/http.rb +6 -6
- data/lib/spandx/core/license_plugin.rb +1 -1
- data/lib/spandx/os/parsers/apk.rb +51 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7e01f7023f4a164fb867c7d457769d1c9dd2eb2b480cee88c5d4d682c2d6dc4e
|
4
|
+
data.tar.gz: f202f85c254d11041b79e1305d12641eb66ea66cec9afea25a38e9724a5636d6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 926df592dfc76466a7e26bcdfd9fc581957b2c748c9272e30a22180a61f4d6498ebb14e04e8acbbccc813f4aae929ecb8ba82ee54064d642990e5874b05bb0b1
|
7
|
+
data.tar.gz: 5dede807761bf9d4fa91f6a0ea9df1bec9531d0a397fedea5c687b7c12860216e41df47c09fc7e94c8951e7dc0f88c99fc74395913002890b199409b700830f0
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.
|
1
|
+
Version 0.14.0
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -8,6 +8,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
|
+
|
12
|
+
## [0.14.0] - 2020-11-14
|
13
|
+
### Added
|
14
|
+
- Parse `/lib/apk/db/installed` file.
|
15
|
+
|
11
16
|
## [0.13.5] - 2020-05-26
|
12
17
|
### Fixed
|
13
18
|
- Process PyPI package urls with single digit versions.
|
@@ -198,7 +203,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
198
203
|
### Added
|
199
204
|
- Provide ruby API to the latest SPDX catalogue.
|
200
205
|
|
201
|
-
[Unreleased]: https://github.com/spandx/spandx/compare/v0.
|
206
|
+
[Unreleased]: https://github.com/spandx/spandx/compare/v0.14.0...HEAD
|
207
|
+
[0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
|
202
208
|
[0.13.5]: https://github.com/spandx/spandx/compare/v0.13.4...v0.13.5
|
203
209
|
[0.13.4]: https://github.com/spandx/spandx/compare/v0.13.3...v0.13.4
|
204
210
|
[0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
|
@@ -13,6 +13,7 @@ module Spandx
|
|
13
13
|
Spandx::Php::Parsers::Composer => :composer,
|
14
14
|
Spandx::Python::Parsers::PipfileLock => :pypi,
|
15
15
|
Spandx::Ruby::Parsers::GemfileLock => :rubygems,
|
16
|
+
Spandx::Os::Parsers::Apk => :apk,
|
16
17
|
}.freeze
|
17
18
|
attr_reader :path, :name, :version, :licenses, :meta
|
18
19
|
|
data/lib/spandx/core/http.rb
CHANGED
@@ -36,12 +36,12 @@ module Spandx
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def self.default_driver
|
39
|
-
@default_driver ||= Net::Hippie::Client.new
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
39
|
+
@default_driver ||= Net::Hippie::Client.new(
|
40
|
+
follow_redirects: 3,
|
41
|
+
logger: Spandx.logger,
|
42
|
+
open_timeout: 1,
|
43
|
+
read_timeout: 5
|
44
|
+
)
|
45
45
|
end
|
46
46
|
|
47
47
|
private
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spandx
|
4
|
+
module Os
|
5
|
+
module Parsers
|
6
|
+
class Apk < ::Spandx::Core::Parser
|
7
|
+
def match?(path)
|
8
|
+
path.basename.fnmatch?('installed')
|
9
|
+
end
|
10
|
+
|
11
|
+
def parse(lockfile)
|
12
|
+
path = lockfile.to_s
|
13
|
+
|
14
|
+
[].tap do |items|
|
15
|
+
lockfile.open(mode: 'r') do |io|
|
16
|
+
each_package(io) do |data|
|
17
|
+
items.push(map_from(data, path))
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def each_package(io)
|
26
|
+
package = {}
|
27
|
+
|
28
|
+
until io.eof?
|
29
|
+
line = io.readline.chomp
|
30
|
+
if line.empty?
|
31
|
+
yield package
|
32
|
+
|
33
|
+
package = {}
|
34
|
+
else
|
35
|
+
line.split(':').tap { |(key, value)| package[key] = value }
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
def map_from(data, path)
|
41
|
+
::Spandx::Core::Dependency.new(
|
42
|
+
path: path,
|
43
|
+
name: data['P'],
|
44
|
+
version: data['V'],
|
45
|
+
meta: data.merge('license' => [data['L']])
|
46
|
+
)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
@@ -34,7 +34,7 @@ Gem::Specification.new do |spec|
|
|
34
34
|
|
35
35
|
spec.add_dependency 'addressable', '~> 2.7'
|
36
36
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
37
|
-
spec.add_dependency 'net-hippie', '~> 0
|
37
|
+
spec.add_dependency 'net-hippie', '~> 1.0'
|
38
38
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
39
39
|
spec.add_dependency 'oj', '~> 3.10'
|
40
40
|
spec.add_dependency 'parslet', '~> 2.0'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spandx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.14.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Can Eldem
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-11-15 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|
@@ -51,14 +51,14 @@ dependencies:
|
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '0
|
54
|
+
version: '1.0'
|
55
55
|
type: :runtime
|
56
56
|
prerelease: false
|
57
57
|
version_requirements: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '0
|
61
|
+
version: '1.0'
|
62
62
|
- !ruby/object:Gem::Dependency
|
63
63
|
name: nokogiri
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -404,6 +404,7 @@ files:
|
|
404
404
|
- lib/spandx/js/parsers/yarn.rb
|
405
405
|
- lib/spandx/js/yarn_lock.rb
|
406
406
|
- lib/spandx/js/yarn_pkg.rb
|
407
|
+
- lib/spandx/os/parsers/apk.rb
|
407
408
|
- lib/spandx/php/packagist_gateway.rb
|
408
409
|
- lib/spandx/php/parsers/composer.rb
|
409
410
|
- lib/spandx/python/index.rb
|
@@ -441,7 +442,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
441
442
|
- !ruby/object:Gem::Version
|
442
443
|
version: '0'
|
443
444
|
requirements: []
|
444
|
-
rubygems_version: 3.1.
|
445
|
+
rubygems_version: 3.1.4
|
445
446
|
signing_key:
|
446
447
|
specification_version: 4
|
447
448
|
summary: A ruby interface to the SPDX catalogue.
|