From b813cbcb833e39eed8136c1404aeb6f6ed0f97a0 Mon Sep 17 00:00:00 2001 From: Jason Vanderhoof Date: Thu, 19 Jan 2023 08:17:07 -0800 Subject: [PATCH 1/2] Adds missing dependency This commit includes the activesupport library to allow the latest version of the gem to run. --- cyclonedx-ruby.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/cyclonedx-ruby.gemspec b/cyclonedx-ruby.gemspec index 50bc271..8b19b10 100644 --- a/cyclonedx-ruby.gemspec +++ b/cyclonedx-ruby.gemspec @@ -16,6 +16,7 @@ Gem::Specification.new do |spec| spec.add_dependency('nokogiri', '~> 1.8') spec.add_dependency('ostruct', '~> 0.1') spec.add_dependency('rest-client', '~> 2.0') + spec.add_dependency('activesupport') spec.add_development_dependency 'rake', '~> 12' spec.add_development_dependency 'rspec', '~> 3.7' end From 24fd5fc931ddf36b468e6441a3fa0d5cb64b1854 Mon Sep 17 00:00:00 2001 From: Jason Vanderhoof Date: Thu, 19 Jan 2023 08:21:20 -0800 Subject: [PATCH 2/2] Adds support for gathering license text This commit adds support for optionally retrieving the licenses text from the downloaded gems. --- lib/bom_builder.rb | 17 +++++++++++++++++ lib/bom_component.rb | 31 +++++++++++++++++-------------- lib/bom_helpers.rb | 16 ++++++++++++++++ 3 files changed, 50 insertions(+), 14 deletions(-) diff --git a/lib/bom_builder.rb b/lib/bom_builder.rb index 388614e..ccf5aad 100644 --- a/lib/bom_builder.rb +++ b/lib/bom_builder.rb @@ -22,6 +22,7 @@ # # frozen_string_literal: true require 'bundler' +require 'bundler/cli' require 'fileutils' require 'json' require 'logger' @@ -90,6 +91,9 @@ def self.setup(path) opts.on('-f', '--format bom_output_format', '(Optional) Output format for bom. Currently support xml (default) and json.') do |bom_output_format| @options[:bom_output_format] = bom_output_format end + opts.on('-l', '--include-license-text', '(Optional) Include full license text') do |l| + @options[:include_licenses] = l + end opts.on_tail('-h', '--help', 'Show help message') do puts opts exit @@ -170,6 +174,19 @@ def self.specs_list else object.license_name = gem['licenses'].first end + + if @options[:include_licenses] + if spec = Bundler::CLI::Common.select_spec(dependency.name, :regex_match) + gem_path = spec.full_gem_path + potential_license_files.each do |potential_license_file| + potential_license_full_path = "#{gem_path}/#{potential_license_file}" + if File.exist?(potential_license_full_path) + object.license_text = File.read(potential_license_full_path) + break + end + end + end + end end object.author = gem['authors'] diff --git a/lib/bom_component.rb b/lib/bom_component.rb index c2af8fe..f27c212 100644 --- a/lib/bom_component.rb +++ b/lib/bom_component.rb @@ -25,21 +25,24 @@ def hash_val ] } - if @gem['license_id'] - component_hash[:"licenses"] = [ - "license": { - "id": @gem['license_id'] - } - ] - elsif @gem['license_name'] - component_hash[:"licenses"] = [ - "license": { - "name": @gem['license_name'] - } - ] + if @gem['license_text'] || @gem['license_name'] + license_section = { + license: {} + } + + if @gem['license_id'] + license_section[:license][:id] = @gem['license_id'] + elsif @gem['license_name'] + license_section[:license][:name] = @gem['license_name'] + end + + if @gem['license_text'] + license_section[:license][:text] = { content: @gem['license_text'] } + end + + component_hash[:licenses] = [license_section] end [component_hash] - end -end \ No newline at end of file +end diff --git a/lib/bom_helpers.rb b/lib/bom_helpers.rb index 01c0392..af36367 100644 --- a/lib/bom_helpers.rb +++ b/lib/bom_helpers.rb @@ -104,3 +104,19 @@ def get_gem(name, version) nil end end + +def potential_license_files + %w[ + COPYING + LICENSE + license.md + Licence.md + LICENSE.md + LICENSE.txt + License.rdoc + LICENSE.rdoc + MIT-LICENSE + MIT-LICENSE.txt + ] +end +