Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates in order to be compatible with versions of Ruby < 2.3.0 #10

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Updates in order to be compatible with versions of Ruby < 2.3.0 #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
11c444d
Remove ostruct as explicit dependency as it is part of the Ruby stdlib
chris-sansone-angi Jul 31, 2019
909e85f
Updates in order to be compatible with versions of Ruby < 2.3.0
chris-sansone-angi Jul 31, 2019
e8e5c96
Add some retry logic to gem fetching
chris-sansone-angi Aug 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cyclonedx-ruby.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ Gem::Specification.new do |spec|
spec.license = "Apache-2.0"
spec.executables << "cyclonedx-ruby"
spec.add_dependency('json', '~> 2.2')
spec.add_dependency('nokogiri', '~> 1.8')
spec.add_dependency('ostruct', '~> 0.1')
spec.add_dependency('rexml', '~> 3.2')
spec.add_dependency('bundler', '~> 1.17')
spec.add_dependency('rest-client', '~> 2.0')
spec.add_development_dependency 'rake', '~> 12'
spec.add_development_dependency 'rspec', '~> 3.7'
Expand Down
2 changes: 1 addition & 1 deletion lib/bom_builder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
require "fileutils"
require "json"
require "logger"
require "nokogiri"
require "optparse"
require "ostruct"
require "rest_client"
require "rexml/document"
require 'securerandom'
require_relative "bom_helpers"

Expand Down
96 changes: 59 additions & 37 deletions lib/bom_helpers.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,48 +7,70 @@ def random_urn_uuid()
end

def build_bom(gems)
builder = Nokogiri::XML::Builder.new(:encoding => "UTF-8") do |xml|
attributes = {"xmlns" => "http://cyclonedx.org/schema/bom/1.1", "version" => "1", "serialNumber" => random_urn_uuid}
xml.bom(attributes) do
xml.components {
gems.each do |gem|
xml.component("type" => "library") {
xml.name gem["name"]
xml.version gem["version"]
xml.description gem["description"]
xml.hashes{
xml.hash_ gem["hash"], :alg => "SHA-256"
}
if gem["license_id"]
xml.licenses {
xml.license{
xml.id gem["license_id"]
}
}
elsif gem["license_name"]
xml.licenses {
xml.license{
xml.name gem["license_name"]
}
}
end
xml.purl gem["purl"]
}
end
}

xml_doc = REXML::Document.new('<?xml version="1.0" encoding="UTF-8"?>')
bom_xml_element = xml_doc.add_element "bom", {"xmlns" => "http://cyclonedx.org/schema/bom/1.0", "version"=>"1", "serialNumber" => random_urn_uuid}
components_xml_element = bom_xml_element.add_element "components"

gems.each do |gem|
component_xml_element = components_xml_element.add_element "component", {"type" => "library"}

name_xml_element = component_xml_element.add_element "name"
name_xml_element.text = gem["name"]

version_xml_element = component_xml_element.add_element "version"
version_xml_element.text = gem["version"]

description_xml_element = component_xml_element.add_element "description"
description_xml_element.text = gem["description"]

hashes_xml_element = component_xml_element.add_element "hashes"
hash_xml_element = hashes_xml_element.add_element "hash", {"alg" => "SHA-256"}
hash_xml_element.text = gem["hash"]

if gem["license_id"] || gem["license_name"]
licenses_xml_element = component_xml_element.add_element "licenses"

license_xml_element = licenses_xml_element.add_element "license"

if gem["license_id"]
license_id_xml_element = license_xml_element.add_element "id"
license_id_xml_element.text = gem["license_id"]
elsif gem["license_name"]
license_name_xml_element = license_xml_element.add_element "id"
license_name_xml_element.text = gem["license_name"]
end
end
end
builder.to_xml
end

purl_xml_element = component_xml_element.add_element "purl"
purl_xml_element.text = gem["purl"]
end

output=""
xml_doc.write(output=output)
output
end

def get_gem(name, version)
url = "https://rubygems.org/api/v1/versions/#{name}.json"
max_retries = 3
retry_count = 0
delay = 1

begin
response = RestClient.get(url)
body = JSON.parse(response.body)
body.select {|item| item["number"] == version.to_s}.first
rescue
@logger.warn("#{name} couldn't be fetched")
return nil
gem_details = body.select {|item| item["number"] == version.to_s}.first
return gem_details if gem_details
rescue => e
if max_retries > retry_count
@logger.warn("gem #{name} could NOT be fetched. Error was: #{e.message}. Retrying #{max_retries - retry_count} more time(s)...")
sleep delay + retry_count
retry_count += 1
retry
else
@logger.warn("gem #{name} could NOT be fetched. Error was: #{e.message}. Gave up after retrying #{max_retries} times!")
return nil
end
end
end
end