lib/spandx/parsers/gemfile_lock.rb in spandx-0.1.3 vs lib/spandx/parsers/gemfile_lock.rb in spandx-0.1.4
- old
+ new
@@ -1,34 +1,43 @@
# frozen_string_literal: true
module Spandx
module Parsers
class GemfileLock < Base
+ STRIP_BUNDLED_WITH = /^BUNDLED WITH$(\r?\n) (?<major>\d+)\.\d+\.\d+/m.freeze
+
def self.matches?(filename)
- filename.match?(/Gemfile.*\.lock/)
+ filename.match?(/Gemfile.*\.lock/) ||
+ filename.match?(/gems.*\.lock/)
end
def parse(lockfile)
- report = Report.new
- dependencies_from(lockfile) do |dependency|
- spec = dependency.to_spec
- report.add(
- name: dependency.name,
- version: spec.version.to_s,
- licenses: [catalogue[spec.license]]
+ content = IO.read(lockfile)
+ dependencies_from(content).map do |specification|
+ Dependency.new(
+ name: specification.name,
+ version: specification.version.to_s,
+ licenses: licenses_for(specification)
)
end
- report
end
private
- def dependencies_from(lockfile)
+ def dependencies_from(content)
::Bundler::LockfileParser
- .new(IO.read(lockfile))
- .dependencies.each do |_key, dependency|
- yield dependency
- end
+ .new(content.sub(STRIP_BUNDLED_WITH, ''))
+ .specs
+ end
+
+ def licenses_for(specification)
+ rubygems
+ .licenses_for(specification.name, specification.version.to_s)
+ .map { |x| catalogue[x] }
+ end
+
+ def rubygems
+ @rubygems ||= Gateways::Rubygems.new
end
end
end
end