spandx 0.8.0 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +11 -2
  3. data/lib/spandx/cli.rb +5 -0
  4. data/lib/spandx/gateways/http.rb +2 -0
  5. data/lib/spandx/rubygems/gateway.rb +1 -0
  6. data/lib/spandx/rubygems/parsers/gemfile_lock.rb +8 -6
  7. data/lib/spandx/version.rb +1 -1
  8. data/lib/spandx.rb +5 -1
  9. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c8d1e5a7326e983e0bfdacf9b2e30b65f91357bec5a0a6f6f1ea617e53b20e69
4
- data.tar.gz: e1c386c30848bda74c9728fdae88898e430b3048005e39a0d6ba64bc8146fddb
3
+ metadata.gz: 79c26ff1c6227ef41ae24c085ccb96310496cbcc1abe22b699923abdbdf65782
4
+ data.tar.gz: 66bdc945e5121bd540c5195f2c440c4b9263cc0eb1318f185e37be714cb6066a
5
5
  SHA512:
6
- metadata.gz: 2e65997919e6ea2e23cabc18b2bdaceebc469553472241a45e87e65e701d9435e594faa188c5f94e5ada7d959de4e51260b2bc68903f8f7bcbc95ec6ecf3d12f
7
- data.tar.gz: a2754d35a2a863634ef67b153bb4d54c72151ab083f9fe608836ee33aa3ff80b76d018bb8438af55f907c67dad6218c55b821a94ec45a6782bf1e5ffb8339cf9
6
+ metadata.gz: 6fd8df3eb4d2bc17ce5b8e2fc61c02a2e825b942cc370e5f05f8a5b3611d223df755b590e7a83ccdd535d6a21b36066c10b90400735acbe4957d97882d378655
7
+ data.tar.gz: 7234556c740534481007edefde42319b091363865a238c0aa8656ce194fc0b1c80c37365eb287482310d1930511344019aadc3548912b2031af314098ad8ea7f
data/CHANGELOG.md CHANGED
@@ -1,4 +1,4 @@
1
- Version 0.8.0
1
+ Version 0.9.0
2
2
 
3
3
  # Changelog
4
4
 
@@ -9,6 +9,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
9
9
 
10
10
  ## [Unreleased]
11
11
 
12
+ ## [0.9.0] - 2020-03-12
13
+ ### Added
14
+ - Add `--airgap` option to disable network traffic during scan.
15
+ - Add `--logfile` option to redirect logger output to a file.
16
+
17
+ ### Fixed
18
+ - Switch to directory of `Gemfile.lock` to bypass error with `Bundler.root`.
19
+
12
20
  ## [0.8.0] - 2020-03-11
13
21
  ### Added
14
22
  - Allow scanning a directory.
@@ -93,7 +101,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
93
101
  ### Added
94
102
  - Provide ruby API to the latest SPDX catalogue.
95
103
 
96
- [Unreleased]: https://github.com/mokhan/spandx/compare/v0.8.0...HEAD
104
+ [Unreleased]: https://github.com/mokhan/spandx/compare/v0.9.0...HEAD
105
+ [0.9.0]: https://github.com/mokhan/spandx/compare/v0.8.0...v0.9.0
97
106
  [0.8.0]: https://github.com/mokhan/spandx/compare/v0.7.0...v0.8.0
98
107
  [0.7.0]: https://github.com/mokhan/spandx/compare/v0.6.0...v0.7.0
99
108
  [0.6.0]: https://github.com/mokhan/spandx/compare/v0.5.0...v0.6.0
data/lib/spandx/cli.rb CHANGED
@@ -21,7 +21,12 @@ module Spandx
21
21
  desc 'scan LOCKFILE', 'Scan a lockfile and list dependencies/licenses'
22
22
  method_option :help, aliases: '-h', type: :boolean, desc: 'Display usage information'
23
23
  method_option :recursive, aliases: '-r', type: :boolean, desc: 'Perform recursive scan', default: false
24
+ method_option :airgap, aliases: '-a', type: :boolean, desc: 'Disable network connections', default: false
25
+ method_option :logfile, aliases: '-l', type: :string, desc: 'Path to a logfile', default: '/dev/null'
24
26
  def scan(lockfile)
27
+ Spandx.airgap = options[:airgap]
28
+ Spandx.logger = Logger.new(options[:logfile])
29
+
25
30
  if options[:help]
26
31
  invoke :help, ['scan']
27
32
  else
data/lib/spandx/gateways/http.rb CHANGED
@@ -10,6 +10,8 @@ module Spandx
10
10
  end
11
11
 
12
12
  def get(uri, default: nil)
13
+ return default if Spandx.airgap?
14
+
13
15
  driver.with_retry do |client|
14
16
  client.get(Addressable::URI.escape(uri))
15
17
  end
data/lib/spandx/rubygems/gateway.rb CHANGED
@@ -22,6 +22,7 @@ module Spandx
22
22
  end
23
23
 
24
24
  def details_on(name, version)
25
+ Spandx.logger.debug("Cache miss: #{name}-#{version}")
25
26
  url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
26
27
  response = http.get(url, default: {})
27
28
  http.ok?(response) ? parse(response.body) : {}
data/lib/spandx/rubygems/parsers/gemfile_lock.rb CHANGED
@@ -12,8 +12,7 @@ module Spandx
12
12
  end
13
13
 
14
14
  def parse(lockfile)
15
- content = IO.read(lockfile)
16
- dependencies_from(content).map do |specification|
15
+ dependencies_from(lockfile).map do |specification|
17
16
  ::Spandx::Core::Dependency.new(
18
17
  name: specification.name,
19
18
  version: specification.version.to_s,
@@ -24,10 +23,13 @@ module Spandx
24
23
 
25
24
  private
26
25
 
27
- def dependencies_from(content)
28
- ::Bundler::LockfileParser
29
- .new(content.sub(STRIP_BUNDLED_WITH, ''))
30
- .specs
26
+ def dependencies_from(filepath)
27
+ content = IO.read(filepath)
28
+ Dir.chdir(File.dirname(filepath)) do
29
+ ::Bundler::LockfileParser
30
+ .new(content.sub(STRIP_BUNDLED_WITH, ''))
31
+ .specs
32
+ end
31
33
  end
32
34
 
33
35
  def licenses_for(specification)
data/lib/spandx/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- VERSION = '0.8.0'
4
+ VERSION = '0.9.0'
5
5
  end
data/lib/spandx.rb CHANGED
@@ -41,12 +41,16 @@ module Spandx
41
41
  class Error < StandardError; end
42
42
 
43
43
  class << self
44
- attr_writer :logger
44
+ attr_writer :airgap, :logger
45
45
 
46
46
  def root
47
47
  Pathname.new(File.dirname(__FILE__)).join('../..')
48
48
  end
49
49
 
50
+ def airgap?
51
+ @airgap
52
+ end
53
+
50
54
  def http
51
55
  @http ||= Spandx::Gateways::Http.new
52
56
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spandx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan