spandx 0.8.0 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -2
- data/lib/spandx/cli.rb +5 -0
- data/lib/spandx/gateways/http.rb +2 -0
- data/lib/spandx/rubygems/gateway.rb +1 -0
- data/lib/spandx/rubygems/parsers/gemfile_lock.rb +8 -6
- data/lib/spandx/version.rb +1 -1
- data/lib/spandx.rb +5 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 79c26ff1c6227ef41ae24c085ccb96310496cbcc1abe22b699923abdbdf65782
|
4
|
+
data.tar.gz: 66bdc945e5121bd540c5195f2c440c4b9263cc0eb1318f185e37be714cb6066a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6fd8df3eb4d2bc17ce5b8e2fc61c02a2e825b942cc370e5f05f8a5b3611d223df755b590e7a83ccdd535d6a21b36066c10b90400735acbe4957d97882d378655
|
7
|
+
data.tar.gz: 7234556c740534481007edefde42319b091363865a238c0aa8656ce194fc0b1c80c37365eb287482310d1930511344019aadc3548912b2031af314098ad8ea7f
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
Version 0.
|
1
|
+
Version 0.9.0
|
2
2
|
|
3
3
|
# Changelog
|
4
4
|
|
@@ -9,6 +9,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
9
9
|
|
10
10
|
## [Unreleased]
|
11
11
|
|
12
|
+
## [0.9.0] - 2020-03-12
|
13
|
+
### Added
|
14
|
+
- Add `--airgap` option to disable network traffic during scan.
|
15
|
+
- Add `--logfile` option to redirect logger output to a file.
|
16
|
+
|
17
|
+
### Fixed
|
18
|
+
- Switch to directory of `Gemfile.lock` to bypass error with `Bundler.root`.
|
19
|
+
|
12
20
|
## [0.8.0] - 2020-03-11
|
13
21
|
### Added
|
14
22
|
- Allow scanning a directory.
|
@@ -93,7 +101,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
93
101
|
### Added
|
94
102
|
- Provide ruby API to the latest SPDX catalogue.
|
95
103
|
|
96
|
-
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.
|
104
|
+
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.9.0...HEAD
|
105
|
+
[0.9.0]: https://github.com/mokhan/spandx/compare/v0.8.0...v0.9.0
|
97
106
|
[0.8.0]: https://github.com/mokhan/spandx/compare/v0.7.0...v0.8.0
|
98
107
|
[0.7.0]: https://github.com/mokhan/spandx/compare/v0.6.0...v0.7.0
|
99
108
|
[0.6.0]: https://github.com/mokhan/spandx/compare/v0.5.0...v0.6.0
|
data/lib/spandx/cli.rb
CHANGED
@@ -21,7 +21,12 @@ module Spandx
|
|
21
21
|
desc 'scan LOCKFILE', 'Scan a lockfile and list dependencies/licenses'
|
22
22
|
method_option :help, aliases: '-h', type: :boolean, desc: 'Display usage information'
|
23
23
|
method_option :recursive, aliases: '-r', type: :boolean, desc: 'Perform recursive scan', default: false
|
24
|
+
method_option :airgap, aliases: '-a', type: :boolean, desc: 'Disable network connections', default: false
|
25
|
+
method_option :logfile, aliases: '-l', type: :string, desc: 'Path to a logfile', default: '/dev/null'
|
24
26
|
def scan(lockfile)
|
27
|
+
Spandx.airgap = options[:airgap]
|
28
|
+
Spandx.logger = Logger.new(options[:logfile])
|
29
|
+
|
25
30
|
if options[:help]
|
26
31
|
invoke :help, ['scan']
|
27
32
|
else
|
data/lib/spandx/gateways/http.rb
CHANGED
@@ -22,6 +22,7 @@ module Spandx
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def details_on(name, version)
|
25
|
+
Spandx.logger.debug("Cache miss: #{name}-#{version}")
|
25
26
|
url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
|
26
27
|
response = http.get(url, default: {})
|
27
28
|
http.ok?(response) ? parse(response.body) : {}
|
@@ -12,8 +12,7 @@ module Spandx
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def parse(lockfile)
|
15
|
-
|
16
|
-
dependencies_from(content).map do |specification|
|
15
|
+
dependencies_from(lockfile).map do |specification|
|
17
16
|
::Spandx::Core::Dependency.new(
|
18
17
|
name: specification.name,
|
19
18
|
version: specification.version.to_s,
|
@@ -24,10 +23,13 @@ module Spandx
|
|
24
23
|
|
25
24
|
private
|
26
25
|
|
27
|
-
def dependencies_from(
|
28
|
-
|
29
|
-
|
30
|
-
|
26
|
+
def dependencies_from(filepath)
|
27
|
+
content = IO.read(filepath)
|
28
|
+
Dir.chdir(File.dirname(filepath)) do
|
29
|
+
::Bundler::LockfileParser
|
30
|
+
.new(content.sub(STRIP_BUNDLED_WITH, ''))
|
31
|
+
.specs
|
32
|
+
end
|
31
33
|
end
|
32
34
|
|
33
35
|
def licenses_for(specification)
|
data/lib/spandx/version.rb
CHANGED
data/lib/spandx.rb
CHANGED
@@ -41,12 +41,16 @@ module Spandx
|
|
41
41
|
class Error < StandardError; end
|
42
42
|
|
43
43
|
class << self
|
44
|
-
attr_writer :logger
|
44
|
+
attr_writer :airgap, :logger
|
45
45
|
|
46
46
|
def root
|
47
47
|
Pathname.new(File.dirname(__FILE__)).join('../..')
|
48
48
|
end
|
49
49
|
|
50
|
+
def airgap?
|
51
|
+
@airgap
|
52
|
+
end
|
53
|
+
|
50
54
|
def http
|
51
55
|
@http ||= Spandx::Gateways::Http.new
|
52
56
|
end
|