spandx 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -3
- data/lib/spandx/parsers.rb +1 -0
- data/lib/spandx/parsers/csproj.rb +1 -1
- data/lib/spandx/parsers/csproj/package_reference.rb +15 -1
- data/lib/spandx/parsers/csproj/project_file.rb +18 -8
- data/lib/spandx/parsers/maven.rb +85 -0
- data/lib/spandx/version.rb +1 -1
- data/spandx.gemspec +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 14b8433caf34da68102cdf2db650684c9dbccc2e32509a63a44021978a8d1f6e
|
|
4
|
+
data.tar.gz: c7c342040a9c5a666708096f30228823a815256587ddd99b9b77fcb7f6856259
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d916195c87c1162ec60ace64a7c36c5b693c51445361cf11242ca9ceb32c9a8b932d1a2bd65026757c56e556cdc677a738bb42f6dd266652c897737ce2da281
|
|
7
|
+
data.tar.gz: 92df5d8346276b1998f28bfad73ef26fd6e9bf300589997e5d6ad517e7044974b52b659082acae52e496ea51ff77e3f7bd8d4faa5f4d14d39c20c44a8fb529af
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Version 0.
|
|
1
|
+
Version 0.3.0
|
|
2
2
|
|
|
3
3
|
# Changelog
|
|
4
4
|
|
|
@@ -8,8 +8,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
9
9
|
|
|
10
10
|
## [Unreleased]
|
|
11
|
+
|
|
12
|
+
## [0.3.0] - 2020-01-29
|
|
11
13
|
### Added
|
|
12
|
-
-
|
|
14
|
+
- Add `pom.xml` parser
|
|
15
|
+
|
|
16
|
+
### Changed
|
|
17
|
+
- Change minimum ruby from 2.5 to 2.4
|
|
13
18
|
|
|
14
19
|
## [0.2.0] - 2020-01-28
|
|
15
20
|
### Added
|
|
@@ -52,7 +57,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
52
57
|
### Added
|
|
53
58
|
- Provide ruby API to the latest SPDX catalogue.
|
|
54
59
|
|
|
55
|
-
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.
|
|
60
|
+
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.3.0...HEAD
|
|
61
|
+
[0.3.0]: https://github.com/mokhan/spandx/compare/v0.2.0...v0.3.0
|
|
56
62
|
[0.2.0]: https://github.com/mokhan/spandx/compare/v0.1.7...v0.2.0
|
|
57
63
|
[0.1.7]: https://github.com/mokhan/spandx/compare/v0.1.6...v0.1.7
|
|
58
64
|
[0.1.6]: https://github.com/mokhan/spandx/compare/v0.1.5...v0.1.6
|
data/lib/spandx/parsers.rb
CHANGED
|
@@ -3,7 +3,21 @@
|
|
|
3
3
|
module Spandx
|
|
4
4
|
module Parsers
|
|
5
5
|
class Csproj
|
|
6
|
-
PackageReference
|
|
6
|
+
class PackageReference
|
|
7
|
+
attr_reader :name, :version
|
|
8
|
+
|
|
9
|
+
def initialize(name:, version:)
|
|
10
|
+
@name = name
|
|
11
|
+
@version = version
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def to_h
|
|
15
|
+
{
|
|
16
|
+
name: name,
|
|
17
|
+
version: version
|
|
18
|
+
}
|
|
19
|
+
end
|
|
20
|
+
end
|
|
7
21
|
end
|
|
8
22
|
end
|
|
9
23
|
end
|
|
@@ -9,17 +9,13 @@ module Spandx
|
|
|
9
9
|
def initialize(path)
|
|
10
10
|
@path = path
|
|
11
11
|
@dir = File.dirname(path)
|
|
12
|
-
@document = Nokogiri::XML(IO.read(path))
|
|
12
|
+
@document = Nokogiri::XML(IO.read(path)).tap(&:remove_namespaces!)
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def package_references
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
PackageReference
|
|
19
|
-
name: attribute_for('Include', node),
|
|
20
|
-
version: attribute_for('Version', node)
|
|
21
|
-
)
|
|
22
|
-
end
|
|
16
|
+
project_references.flat_map(&:package_references) +
|
|
17
|
+
references('GlobalPackageReference') +
|
|
18
|
+
references('PackageReference')
|
|
23
19
|
end
|
|
24
20
|
|
|
25
21
|
private
|
|
@@ -32,6 +28,20 @@ module Spandx
|
|
|
32
28
|
end
|
|
33
29
|
end
|
|
34
30
|
|
|
31
|
+
def references(key)
|
|
32
|
+
document.search("//#{key}").map do |node|
|
|
33
|
+
PackageReference.new(
|
|
34
|
+
name: name_from(node),
|
|
35
|
+
version: attribute_for('Version', node)
|
|
36
|
+
)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def name_from(node)
|
|
41
|
+
attribute_for('Include', node) ||
|
|
42
|
+
attribute_for('Update', node)
|
|
43
|
+
end
|
|
44
|
+
|
|
35
45
|
def attribute_for(key, node)
|
|
36
46
|
node.attribute(key)&.value&.strip ||
|
|
37
47
|
node.at_xpath("./#{key}")&.content&.strip
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spandx
|
|
4
|
+
module Parsers
|
|
5
|
+
class Maven < Base
|
|
6
|
+
class Metadata
|
|
7
|
+
attr_reader :artifact_id, :group_id, :version
|
|
8
|
+
|
|
9
|
+
def initialize(artifact_id:, group_id:, version:)
|
|
10
|
+
@artifact_id = artifact_id
|
|
11
|
+
@group_id = group_id.tr('.', '/')
|
|
12
|
+
@version = version
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def licenses
|
|
16
|
+
pom.to_xml(indent: 2)
|
|
17
|
+
pom.search('//licenses/license').map do |node|
|
|
18
|
+
{
|
|
19
|
+
name: node.at_xpath('./name').text,
|
|
20
|
+
url: node.at_xpath('./url').text
|
|
21
|
+
}
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
def pom
|
|
28
|
+
@pom ||= fetch
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def spec_url
|
|
32
|
+
[
|
|
33
|
+
'https://repo.maven.apache.org/maven2',
|
|
34
|
+
group_id,
|
|
35
|
+
artifact_id,
|
|
36
|
+
version,
|
|
37
|
+
"#{artifact_id}-#{version}.pom"
|
|
38
|
+
].join('/')
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def fetch
|
|
42
|
+
response = Spandx.http.get(spec_url)
|
|
43
|
+
return unless Spandx.http.ok?(response)
|
|
44
|
+
|
|
45
|
+
Nokogiri.XML(response.body).tap(&:remove_namespaces!)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def self.matches?(filename)
|
|
50
|
+
File.basename(filename) == 'pom.xml'
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def parse(filename)
|
|
54
|
+
document = Nokogiri.XML(IO.read(filename)).tap(&:remove_namespaces!)
|
|
55
|
+
document.search('//project/dependencies/dependency').map do |node|
|
|
56
|
+
metadata = metadata_for(node)
|
|
57
|
+
Dependency.new(
|
|
58
|
+
name: metadata.artifact_id,
|
|
59
|
+
version: metadata.version,
|
|
60
|
+
licenses: metadata.licenses.map { |x| search_catalogue_for(x) }.compact
|
|
61
|
+
)
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
private
|
|
66
|
+
|
|
67
|
+
def metadata_for(node)
|
|
68
|
+
Metadata.new(
|
|
69
|
+
artifact_id: node.at_xpath('./artifactId').text,
|
|
70
|
+
group_id: node.at_xpath('./groupId').text,
|
|
71
|
+
version: node.at_xpath('./version').text
|
|
72
|
+
)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def search_catalogue_for(license_hash)
|
|
76
|
+
name = Content.new(license_hash[:name])
|
|
77
|
+
|
|
78
|
+
catalogue.find do |license|
|
|
79
|
+
score = name.similarity_score(Content.new(license.name))
|
|
80
|
+
score > 85
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
data/lib/spandx/version.rb
CHANGED
data/spandx.gemspec
CHANGED
|
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
30
30
|
spec.require_paths = ['lib']
|
|
31
31
|
|
|
32
|
-
spec.required_ruby_version = '>= 2.
|
|
32
|
+
spec.required_ruby_version = '>= 2.4.0'
|
|
33
33
|
spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
|
|
34
34
|
spec.add_dependency 'net-hippie', '~> 0.3'
|
|
35
35
|
spec.add_dependency 'nokogiri', '~> 1.10'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spandx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mo khan
|
|
@@ -231,6 +231,7 @@ files:
|
|
|
231
231
|
- lib/spandx/parsers/csproj/package_reference.rb
|
|
232
232
|
- lib/spandx/parsers/csproj/project_file.rb
|
|
233
233
|
- lib/spandx/parsers/gemfile_lock.rb
|
|
234
|
+
- lib/spandx/parsers/maven.rb
|
|
234
235
|
- lib/spandx/parsers/packages_config.rb
|
|
235
236
|
- lib/spandx/parsers/pipfile_lock.rb
|
|
236
237
|
- lib/spandx/parsers/sln.rb
|
|
@@ -252,7 +253,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
252
253
|
requirements:
|
|
253
254
|
- - ">="
|
|
254
255
|
- !ruby/object:Gem::Version
|
|
255
|
-
version: 2.
|
|
256
|
+
version: 2.4.0
|
|
256
257
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
257
258
|
requirements:
|
|
258
259
|
- - ">="
|