Module: Bibliothecary::MultiParsers::Spdx

Includes:
Analyser, Analyser::TryCache
Defined in:
lib/bibliothecary/multi_parsers/spdx.rb

Constant Summary collapse

WELLFORMED_LINE_REGEXP =

e.g. ‘SomeText:’ (allowing for leading whitespace)

/^\s*[a-zA-Z]+:/
PACKAGE_NAME_REGEXP =

e.g. ‘PackageName: (allowing for excessive whitespace)

/^\s*PackageName:\s*(.*)/
PACKAGE_VERSION_REGEXP =

e.g. ‘PackageVersion:’ (allowing for excessive whitespace)

/^\s*PackageVersion:\s*(.*)/
PURL_REGEXP =

e.g. “ExternalRef: PACKAGE-MANAGER purl (allowing for excessive whitespace)

/^\s*ExternalRef:\s*PACKAGE[-|_]MANAGER\s*purl\s*(.*)/
NoEntries = 
Class.new(StandardError)
MalformedFile = 
Class.new(StandardError)

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Analyser::TryCache

#try_cache

Methods included from Analyser

create_analysis, create_error_analysis, included

Class Method Details

.mappingObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 31

def self.mapping
  {
    match_extension(".spdx") => {
      kind: "lockfile",
      parser: :parse_spdx_tag_value,
      ungroupable: true,
    },
    match_extension(".spdx.json") => {
      kind: "lockfile",
      parser: :parse_spdx_json,
      ungroupable: true,
    },
  }
end

Instance Method Details

#add_entry(entries:, platform:, purl_name:, spdx_name:, purl_version:, spdx_version:, source: nil) ⇒ Object 



132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 132

def add_entry(entries:, platform:, purl_name:, spdx_name:, purl_version:, spdx_version:, source: nil)
  package_name = purl_name || spdx_name
  package_version = purl_version || spdx_version

  return unless platform && package_name && package_version

  entries[platform.to_sym] ||= []
  entries[platform.to_sym] << Dependency.new(
    name: package_name,
    requirement: package_version,
    type: "lockfile",
    source: source
  )
end

#parse_spdx_json(file_contents, options: {}) ⇒ Object

Raises:



100
101
102
103
104
105
106
107
108
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 100

def parse_spdx_json(file_contents, options: {})
  entries = try_cache(options, options[:filename]) do
    parse_spdx_json_file_contents(file_contents, options.fetch(:filename, nil))
  end

  raise NoEntries if entries.empty?

  entries[platform_name.to_sym]
end

#parse_spdx_json_file_contents(file_contents, source = nil) ⇒ Object 



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 110

def parse_spdx_json_file_contents(file_contents, source = nil)
  entries = {}
  manifest = JSON.parse(file_contents)

  manifest["packages"]&.each do |package|
    spdx_name = package["name"]
    spdx_version = package["versionInfo"]

    first_purl_string = package["externalRefs"]&.find { |ref| ref["referenceType"] == "purl" }&.dig("referenceLocator")
    purl = first_purl_string && PackageURL.parse(first_purl_string)
    platform = PurlUtil::PURL_TYPE_MAPPING[purl&.type]
    purl_name = PurlUtil.full_name(purl)
    purl_version = purl&.version

    add_entry(entries: entries, platform: platform, purl_name: purl_name,
              spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
              source: source)
  end

  entries
end

#parse_spdx_tag_value(file_contents, options: {}) ⇒ Object

Raises:



46
47
48
49
50
51
52
53
54
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 46

def parse_spdx_tag_value(file_contents, options: {})
  entries = try_cache(options, options[:filename]) do
    parse_spdx_tag_value_file_contents(file_contents, options.fetch(:filename, nil))
  end

  raise NoEntries if entries.empty?

  entries[platform_name.to_sym]
end

#parse_spdx_tag_value_file_contents(file_contents, source = nil) ⇒ Object 



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 56

def parse_spdx_tag_value_file_contents(file_contents, source = nil)
  entries = {}
  spdx_name = spdx_version = platform = purl_name = purl_version = nil

  file_contents.each_line do |line|
    stripped_line = line.strip
    next if skip_tag_value_line?(stripped_line)

    raise MalformedFile unless stripped_line.match?(WELLFORMED_LINE_REGEXP)

    if (match = stripped_line.match(PACKAGE_NAME_REGEXP))
      # Per the spec:
      # > A new package Information section is denoted by the package name (7.1) field.
      add_entry(entries: entries, platform: platform, purl_name: purl_name,
                spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
                source: source)

      # reset for this new package
      spdx_name = spdx_version = platform = purl_name = purl_version = nil

      # capture the new package's name
      spdx_name = match[1]
    elsif (match = stripped_line.match(PACKAGE_VERSION_REGEXP))
      spdx_version = match[1]
    elsif (match = stripped_line.match(PURL_REGEXP))
      purl = PackageURL.parse(match[1])
      platform ||= PurlUtil::PURL_TYPE_MAPPING[purl.type]
      purl_name ||= PurlUtil.full_name(purl)
      purl_version ||= purl.version
    end
  end

  add_entry(entries: entries, platform: platform, purl_name: purl_name,
            spdx_name: spdx_name, purl_version: purl_version, spdx_version: spdx_version,
            source: source)

  entries
end

#skip_tag_value_line?(stripped_line) ⇒ Boolean

Returns:

  • (Boolean) 


95
96
97
98
 
# File 'lib/bibliothecary/multi_parsers/spdx.rb', line 95

def skip_tag_value_line?(stripped_line)
  # Ignore blank lines and comments
  stripped_line.empty? || stripped_line.start_with?("#")
end