Commit 7b91156
Changed files (16)
.github
licensed
bundler
lib
spandx
cli
core
dotnet
js
parsers
php
parsers
python
parsers
ruby
spec
unit
ruby
parsers
.github/licensed/bundler/oj.dep.yml
@@ -0,0 +1,32 @@
+---
+name: oj
+version: 3.10.6
+type: bundler
+summary: A fast JSON parser and serializer.
+homepage: http://www.ohler.com/oj
+license: mit
+licenses:
+- sources: LICENSE
+ text: |
+ The MIT License (MIT)
+
+ Copyright (c) 2012 Peter Ohler
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+notices: []
lib/spandx/cli/main.rb
@@ -16,6 +16,7 @@ module Spandx
if options[:help]
invoke :help, ['scan']
else
+ Oj.default_options = { mode: :strict }
Spandx.airgap = options[:airgap]
Spandx.logger = Logger.new(options[:logfile])
pull if options[:pull]
lib/spandx/core/report.rb
@@ -41,7 +41,7 @@ module Spandx
end
def to_json(*_args)
- JSON.pretty_generate(to_h)
+ Oj.dump(to_h)
end
def to_csv
lib/spandx/dotnet/nuget_gateway.rb
@@ -69,7 +69,7 @@ module Spandx
def fetch_json(url)
response = http.get(url)
- http.ok?(response) ? JSON.parse(response.body) : {}
+ http.ok?(response) ? Oj.load(response.body) : {}
end
def fetch_xml(url)
lib/spandx/js/parsers/npm.rb
@@ -18,8 +18,8 @@ module Spandx
private
- def each_metadata(file_path)
- package_lock = JSON.parse(IO.read(file_path))
+ def each_metadata(path)
+ package_lock = Oj.load(path.read)
package_lock['dependencies'].each do |name, metadata|
yield metadata.merge('name' => name)
end
lib/spandx/js/yarn_pkg.rb
@@ -27,7 +27,7 @@ module Spandx
response = http.get(uri, escape: false)
if http.ok?(response)
- json = JSON.parse(response.body)
+ json = Oj.load(response.body)
json['versions'] ? json['versions'][dependency.version] : json
else
{}
lib/spandx/php/parsers/composer.rb
@@ -10,7 +10,7 @@ module Spandx
def parse(path)
items = Set.new
- composer_lock = JSON.parse(path.read)
+ composer_lock = Oj.load(path.read)
composer_lock['packages'].concat(composer_lock['packages-dev']).each do |dependency|
items.add(map_from(path, dependency))
end
lib/spandx/php/packagist_gateway.rb
@@ -17,7 +17,7 @@ module Spandx
response = http.get("https://repo.packagist.org/p/#{dependency.name}.json")
return [] unless http.ok?(response)
- json = JSON.parse(response.body)
+ json = Oj.load(response.body)
json['packages'][dependency.name][dependency.version]['license']
end
end
lib/spandx/python/parsers/pipfile_lock.rb
@@ -19,7 +19,7 @@ module Spandx
private
def dependencies_from(lockfile)
- json = JSON.parse(lockfile.read)
+ json = Oj.load(lockfile.read)
each_dependency(json) do |name, version|
yield ::Spandx::Core::Dependency.new(
path: lockfile,
lib/spandx/python/source.rb
@@ -22,7 +22,7 @@ module Spandx
def lookup(name, version, http: Spandx.http)
response = http.get(uri_for(name, version))
if http.ok?(response)
- JSON.parse(response.body)
+ Oj.load(response.body)
else
{}
end
lib/spandx/ruby/gateway.rb
@@ -27,7 +27,7 @@ module Spandx
end
def parse(json)
- JSON.parse(json)
+ Oj.load(json)
end
end
end
lib/spandx.rb
@@ -8,6 +8,7 @@ require 'json'
require 'logger'
require 'net/hippie'
require 'nokogiri'
+require 'oj'
require 'parslet'
require 'pathname'
require 'yaml'
spec/unit/ruby/parsers/gemfile_lock_spec.rb
@@ -59,6 +59,7 @@ RSpec.describe Spandx::Ruby::Parsers::GemfileLock do
build('net-hippie', '0.3.2', path),
build('nokogiri', '1.10.9', path),
build('octokit', '4.18.0', path),
+ build('oj', '3.10.6', path),
build('parallel', '1.19.1', path),
build('parser', '2.7.1.2', path),
build('parslet', '2.0.0', path),
.rubocop.yml
@@ -22,6 +22,9 @@ Layout/EndOfLine:
Layout/FirstArrayElementIndentation:
EnforcedStyle: consistent
+Layout/FirstHashElementIndentation:
+ EnforcedStyle: consistent
+
Layout/MultilineMethodCallIndentation:
Enabled: true
EnforcedStyle: indented
Gemfile.lock
@@ -7,6 +7,7 @@ PATH
nanospinner (~> 1.0.0)
net-hippie (~> 0.3)
nokogiri (~> 1.10)
+ oj (~> 3.10)
parslet (~> 2.0)
terminal-table (~> 1.8)
thor
@@ -58,6 +59,7 @@ GEM
octokit (4.18.0)
faraday (>= 0.9)
sawyer (~> 0.8.0, >= 0.5.3)
+ oj (3.10.6)
parallel (1.19.1)
parser (2.7.1.2)
ast (~> 2.4.0)
spandx.gemspec
@@ -37,6 +37,7 @@ Gem::Specification.new do |spec|
spec.add_dependency 'nanospinner', '~> 1.0.0'
spec.add_dependency 'net-hippie', '~> 0.3'
spec.add_dependency 'nokogiri', '~> 1.10'
+ spec.add_dependency 'oj', '~> 3.10'
spec.add_dependency 'parslet', '~> 2.0'
spec.add_dependency 'terminal-table', '~> 1.8'
spec.add_dependency 'thor'