Class: CycloneDX::CocoaPods::Pod

Inherits:

Object

• Object
• CycloneDX::CocoaPods::Pod

Defined in:

lib/cyclonedx/cocoapods/pod.rb,
lib/cyclonedx/cocoapods/license.rb,
lib/cyclonedx/cocoapods/bom_builder.rb,
lib/cyclonedx/cocoapods/pod_attributes.rb

Defined Under Namespace

Classes: License

Constant Summary

CHECKSUM_ALGORITHM =

'SHA-1'

HOMEPAGE_REFERENCE_TYPE =

'website'

Instance Attribute Summary

• #author ⇒ Object readonly

  xs:normalizedString.

• #checksum ⇒ Object readonly

  cyclonedx.org/docs/1.6/xml/#type_hashValue (We only use SHA-1 hashes - length == 40).

• #description ⇒ Object readonly

  xs:normalizedString.

• #homepage ⇒ Object readonly

  xs:anyURI - cyclonedx.org/docs/1.6/xml/#type_externalReference.

• #license ⇒ Object readonly

  cyclonedx.org/docs/1.6/xml/#type_licenseType We don’t currently support several licenses or license expressions spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/.

• #name ⇒ Object readonly

  xs:normalizedString.

• #source ⇒ Object readonly

  Anything responding to :source_qualifier.

• #version ⇒ Object readonly

  xs:normalizedString.

Instance Method Summary

• #add_to_bom(xml, manifest_path, trim_strings_length = 0) ⇒ Object
• #complete_information_from_source ⇒ Object
• #generate_json_evidence(manifest_path) ⇒ Object
• #generate_json_external_references ⇒ Object
• #initialize(name:, version:, source: nil, checksum: nil) ⇒ Pod constructor

  A new instance of Pod.

• #populate(attributes) ⇒ Object
• #purl ⇒ Object
• #purl_subpath ⇒ Object
• #root_name ⇒ Object
• #source_qualifier ⇒ Object
• #to_json_component(manifest_path, trim_strings_length = 0) ⇒ Object
• #to_s ⇒ Object
• #xml_add_author(xml, trim_strings_length) ⇒ Object
• #xml_add_evidence(xml, manifest_path) ⇒ Object

  Add evidence of the purl identity.

• #xml_add_homepage(xml) ⇒ Object

Constructor Details

#initialize(name:, version:, source: nil, checksum: nil) ⇒ Pod

Returns a new instance of Pod.

Raises:

• (ArgumentError)

# File 'lib/cyclonedx/cocoapods/pod.rb', line 46

def initialize(name:, version:, source: nil, checksum: nil)
  raise ArgumentError, 'Name must be non-empty' if name.nil? || name.to_s.empty?
  raise ArgumentError, "Name shouldn't contain spaces" if name.to_s.include?(' ')
  raise ArgumentError, "Name shouldn't start with a dot" if name.to_s.start_with?('.')

  # `pod create` also enforces no plus sign, but more than 500 public pods have a plus in the root name.
  # https://github.com/CocoaPods/CocoaPods/blob/9461b346aeb8cba6df71fd4e71661688138ec21b/lib/cocoapods/command/lib/create.rb#L35

  Gem::Version.new(version) # To check that the version string is well formed
  raise ArgumentError, 'Invalid pod source' unless source.nil? || source.respond_to?(:source_qualifier)
  raise ArgumentError, "#{checksum} is not valid SHA-1 hash" unless checksum.nil? || checksum =~ /[a-fA-F0-9]{40}/

  @name = name.to_s
  @version = version
  @source = source
  @checksum = checksum
end

Instance Attribute Details

#author ⇒ Object (readonly)

xs:normalizedString

# File 'lib/cyclonedx/cocoapods/pod.rb', line 39

def author
  @author
end

#checksum ⇒ Object (readonly)

cyclonedx.org/docs/1.6/xml/#type_hashValue (We only use SHA-1 hashes - length == 40)

# File 'lib/cyclonedx/cocoapods/pod.rb', line 37

def checksum
  @checksum
end

#description ⇒ Object (readonly)

xs:normalizedString

# File 'lib/cyclonedx/cocoapods/pod.rb', line 41

def description
  @description
end

#homepage ⇒ Object (readonly)

xs:anyURI - cyclonedx.org/docs/1.6/xml/#type_externalReference

# File 'lib/cyclonedx/cocoapods/pod.rb', line 35

def homepage
  @homepage
end

#license ⇒ Object (readonly)

cyclonedx.org/docs/1.6/xml/#type_licenseType We don’t currently support several licenses or license expressions spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/

# File 'lib/cyclonedx/cocoapods/pod.rb', line 44

def license
  @license
end

#name ⇒ Object (readonly)

xs:normalizedString

# File 'lib/cyclonedx/cocoapods/pod.rb', line 29

def name
  @name
end

#source ⇒ Object (readonly)

Anything responding to :source_qualifier

# File 'lib/cyclonedx/cocoapods/pod.rb', line 33

def source
  @source
end

#version ⇒ Object (readonly)

xs:normalizedString

# File 'lib/cyclonedx/cocoapods/pod.rb', line 31

def version
  @version
end

Instance Method Details

#add_to_bom(xml, manifest_path, trim_strings_length = 0) ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 125

def add_to_bom(xml, manifest_path, trim_strings_length = 0)
  xml.component(type: 'library', 'bom-ref': purl) do
    xml_add_author(xml, trim_strings_length)
    xml.name_ name
    xml.version version.to_s
    # Use `dump` to escape non-printing characters, then remove the starting/trailing double-quotes from `dump`.
    xml.description { xml.cdata description.dump[1..-2] } unless description.nil?
    unless checksum.nil?
      xml.hashes do
        xml.hash_(checksum, alg: CHECKSUM_ALGORITHM)
      end
    end
    unless license.nil?
      xml.licenses do
        license.add_to_bom(xml)
      end
    end
    if trim_strings_length.zero?
      xml.purl purl
    else
      xml.purl purl.slice(0, trim_strings_length)
    end
    xml_add_homepage(xml)

    xml_add_evidence(xml, manifest_path)
  end
end

#complete_information_from_source ⇒ Object

# File 'lib/cyclonedx/cocoapods/pod_attributes.rb', line 84

def complete_information_from_source
  populate(source.attributes_for(pod: self))
end

#generate_json_evidence(manifest_path) ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 176

def generate_json_evidence(manifest_path)
  {
    identity: {
      field: 'purl',
      confidence: 0.6,
      methods: [
        {
          technique: 'manifest-analysis',
          confidence: 0.6,
          value: manifest_path
        }
      ]
    }
  }
end

#generate_json_external_references ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 170

def generate_json_external_references
  refs = []
  refs << { type: HOMEPAGE_REFERENCE_TYPE, url: homepage } if homepage
  refs.empty? ? nil : refs
end

#populate(attributes) ⇒ Object

# File 'lib/cyclonedx/cocoapods/pod.rb', line 68

def populate(attributes)
  attributes.transform_keys!(&:to_sym)
  populate_author(attributes)
  populate_description(attributes)
  populate_license(attributes)
  populate_homepage(attributes)
  self
end

#purl ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 78

def purl
  purl_name = CGI.escape(name.split('/').first)
  src_qualifier = source_qualifier
  subpath = purl_subpath
  "pkg:cocoapods/#{purl_name}@#{CGI.escape(version.to_s)}#{src_qualifier}#{subpath}"
end

#purl_subpath ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 70

def purl_subpath
  return '' unless name.split('/').length > 1

  "##{name.split('/').drop(1).map do |component|
        CGI.escape(component)
      end.join('/')}"
end

#root_name ⇒ Object

# File 'lib/cyclonedx/cocoapods/pod.rb', line 64

def root_name
  @name.split('/').first
end

#source_qualifier ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 62

def source_qualifier
  return '' if source.nil? || source.source_qualifier.empty?

  "?#{source.source_qualifier.map do |key, value|
        "#{key}=#{CGI.escape(value)}"
      end.join('&')}"
end

#to_json_component(manifest_path, trim_strings_length = 0) ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 153

def to_json_component(manifest_path, trim_strings_length = 0)
  {
    type: 'library',
    'bom-ref': purl,
    author: trim(author, trim_strings_length),
    publisher: trim(author, trim_strings_length),
    name: name,
    version: version.to_s,
    description: description,
    hashes: generate_json_hashes,
    licenses: generate_json_licenses,
    purl: purl,
    externalReferences: generate_json_external_references,
    evidence: generate_json_evidence(manifest_path)
  }.compact
end

#to_s ⇒ Object

# File 'lib/cyclonedx/cocoapods/pod.rb', line 77

def to_s
  "Pod<#{name}, #{version}>"
end

#xml_add_author(xml, trim_strings_length) ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 85

def xml_add_author(xml, trim_strings_length)
  return if author.nil?

  if trim_strings_length.zero?
    xml.author author
    xml.publisher author
  else
    xml.author author.slice(0, trim_strings_length)
    xml.publisher author.slice(0, trim_strings_length)
  end
end

#xml_add_evidence(xml, manifest_path) ⇒ Object

Add evidence of the purl identity. See github.com/CycloneDX/guides/blob/main/SBOM/en/0x60-Evidence.md for more info

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 109

def xml_add_evidence(xml, manifest_path)
  xml.evidence do
    xml.identity do
      xml.field 'purl'
      xml.confidence '0.6'
      xml.methods_ do
        xml.method_ do
          xml.technique 'manifest-analysis'
          xml.confidence '0.6'
          xml.value manifest_path
        end
      end
    end
  end
end

#xml_add_homepage(xml) ⇒ Object

# File 'lib/cyclonedx/cocoapods/bom_builder.rb', line 97

def xml_add_homepage(xml)
  return if homepage.nil?

  xml.externalReferences do
    xml.reference(type: HOMEPAGE_REFERENCE_TYPE) do
      xml.url homepage
    end
  end
end