RubyGems - spandx - Versions diffs - 0.8.0 → 0.9.0 - Mend

spandx 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -2
data/lib/spandx/cli.rb +5 -0
data/lib/spandx/gateways/http.rb +2 -0
data/lib/spandx/rubygems/gateway.rb +1 -0
data/lib/spandx/rubygems/parsers/gemfile_lock.rb +8 -6
data/lib/spandx/version.rb +1 -1
data/lib/spandx.rb +5 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8d1e5a7326e983e0bfdacf9b2e30b65f91357bec5a0a6f6f1ea617e53b20e69
-  data.tar.gz: e1c386c30848bda74c9728fdae88898e430b3048005e39a0d6ba64bc8146fddb
+  metadata.gz: 79c26ff1c6227ef41ae24c085ccb96310496cbcc1abe22b699923abdbdf65782
+  data.tar.gz: 66bdc945e5121bd540c5195f2c440c4b9263cc0eb1318f185e37be714cb6066a
 SHA512:
-  metadata.gz: 2e65997919e6ea2e23cabc18b2bdaceebc469553472241a45e87e65e701d9435e594faa188c5f94e5ada7d959de4e51260b2bc68903f8f7bcbc95ec6ecf3d12f
-  data.tar.gz: a2754d35a2a863634ef67b153bb4d54c72151ab083f9fe608836ee33aa3ff80b76d018bb8438af55f907c67dad6218c55b821a94ec45a6782bf1e5ffb8339cf9
+  metadata.gz: 6fd8df3eb4d2bc17ce5b8e2fc61c02a2e825b942cc370e5f05f8a5b3611d223df755b590e7a83ccdd535d6a21b36066c10b90400735acbe4957d97882d378655
+  data.tar.gz: 7234556c740534481007edefde42319b091363865a238c0aa8656ce194fc0b1c80c37365eb287482310d1930511344019aadc3548912b2031af314098ad8ea7f

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,4 @@
-Version 0.8.0
+Version 0.9.0
 # Changelog
@@ -9,6 +9,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.9.0] - 2020-03-12
+### Added
+- Add `--airgap` option to disable network traffic during scan.
+- Add `--logfile` option to redirect logger output to a file.
+### Fixed
+- Switch to directory of `Gemfile.lock` to bypass error with `Bundler.root`.
 ## [0.8.0] - 2020-03-11
 ### Added
 - Allow scanning a directory.
@@ -93,7 +101,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Provide ruby API to the latest SPDX catalogue.
-[Unreleased]: https://github.com/mokhan/spandx/compare/v0.8.0...HEAD
+[Unreleased]: https://github.com/mokhan/spandx/compare/v0.9.0...HEAD
+[0.9.0]: https://github.com/mokhan/spandx/compare/v0.8.0...v0.9.0
 [0.8.0]: https://github.com/mokhan/spandx/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/mokhan/spandx/compare/v0.6.0...v0.7.0
 [0.6.0]: https://github.com/mokhan/spandx/compare/v0.5.0...v0.6.0

data/lib/spandx/cli.rb CHANGED Viewed

@@ -21,7 +21,12 @@ module Spandx
     desc 'scan LOCKFILE', 'Scan a lockfile and list dependencies/licenses'
     method_option :help, aliases: '-h', type: :boolean, desc: 'Display usage information'
     method_option :recursive, aliases: '-r', type: :boolean, desc: 'Perform recursive scan', default: false
+    method_option :airgap, aliases: '-a', type: :boolean, desc: 'Disable network connections', default: false
+    method_option :logfile, aliases: '-l', type: :string, desc: 'Path to a logfile', default: '/dev/null'
     def scan(lockfile)
+      Spandx.airgap = options[:airgap]
+      Spandx.logger = Logger.new(options[:logfile])
       if options[:help]
         invoke :help, ['scan']
       else

data/lib/spandx/gateways/http.rb CHANGED Viewed

@@ -10,6 +10,8 @@ module Spandx
       end
       def get(uri, default: nil)
+        return default if Spandx.airgap?
         driver.with_retry do |client|
           client.get(Addressable::URI.escape(uri))
         end

data/lib/spandx/rubygems/gateway.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module Spandx
       end
       def details_on(name, version)
+        Spandx.logger.debug("Cache miss: #{name}-#{version}")
         url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
         response = http.get(url, default: {})
         http.ok?(response) ? parse(response.body) : {}

data/lib/spandx/rubygems/parsers/gemfile_lock.rb CHANGED Viewed

@@ -12,8 +12,7 @@ module Spandx
         end
         def parse(lockfile)
-          content = IO.read(lockfile)
-          dependencies_from(content).map do |specification|
+          dependencies_from(lockfile).map do |specification|
             ::Spandx::Core::Dependency.new(
               name: specification.name,
               version: specification.version.to_s,
@@ -24,10 +23,13 @@ module Spandx
         private
-        def dependencies_from(content)
-          ::Bundler::LockfileParser
-            .new(content.sub(STRIP_BUNDLED_WITH, ''))
-            .specs
+        def dependencies_from(filepath)
+          content = IO.read(filepath)
+          Dir.chdir(File.dirname(filepath)) do
+            ::Bundler::LockfileParser
+              .new(content.sub(STRIP_BUNDLED_WITH, ''))
+              .specs
+          end
         end
         def licenses_for(specification)

data/lib/spandx/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spandx
-  VERSION = '0.8.0'
+  VERSION = '0.9.0'
 end

data/lib/spandx.rb CHANGED Viewed

@@ -41,12 +41,16 @@ module Spandx
   class Error < StandardError; end
   class << self
-    attr_writer :logger
+    attr_writer :airgap, :logger
     def root
       Pathname.new(File.dirname(__FILE__)).join('../..')
     end
+    def airgap?
+      @airgap
+    end
     def http
       @http ||= Spandx::Gateways::Http.new
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - mo khan