Class: Bibliothecary::MultiParsers::CycloneDX::ManifestEntries

Inherits:

Object

• Object
• Bibliothecary::MultiParsers::CycloneDX::ManifestEntries

Defined in:

lib/bibliothecary/multi_parsers/cyclonedx.rb

Constant Summary

PURL_TYPE_MAPPING =

If a purl type (key) exists, it will be used in a manifest for the key’s value. If not, it’s ignored.

github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst

{
  "golang" => :go,
  "maven" => :maven,
  "npm" => :npm,
  "cargo" => :cargo,
  "composer" => :packagist,
  "conda" => :conda,
  "cran" => :cran,
  "gem" => :rubygems,
  "hackage" => :hackage,
  "hex" => :hex,
  "nuget" => :nuget,
  "pypi" => :pypi,
  "swift" => :swift_pm
}

Instance Attribute Summary

• #manifests ⇒ Object readonly

  Returns the value of attribute manifests.

Class Method Summary

• .full_name_for_purl(purl) ⇒ String

  The properly namespaced package name.

Instance Method Summary

• #<<(purl) ⇒ Object
• #[](key) ⇒ Object
• #initialize(parse_queue:) ⇒ ManifestEntries constructor

  A new instance of ManifestEntries.

• #parse!(&block) ⇒ Object

  Iterates over each manifest entry in the parse_queue, and accepts a block which will be called on each component.

Constructor Details

#initialize(parse_queue:) ⇒ ManifestEntries

Returns a new instance of ManifestEntries.

# File 'lib/bibliothecary/multi_parsers/cyclonedx.rb', line 42

def initialize(parse_queue:)
  @manifests = {}

  # Instead of recursing, we'll work through a queue of components
  # to process, letting the different parser add components to the
  # queue however they need to  pull them from the source document.
  @parse_queue = parse_queue.dup
end

Instance Attribute Details

#manifests ⇒ Object (readonly)

Returns the value of attribute manifests.

# File 'lib/bibliothecary/multi_parsers/cyclonedx.rb', line 40

def manifests
  @manifests
end

Class Method Details

.full_name_for_purl(purl) ⇒ String

Returns The properly namespaced package name.

Returns:

• (String) —

  The properly namespaced package name

# File 'lib/bibliothecary/multi_parsers/cyclonedx.rb', line 85

def self.full_name_for_purl(purl)
  parts = [purl.namespace, purl.name].compact

  case purl.type
  when "maven"
    parts.join(':')
  else
    parts.join('/')
  end
end

Instance Method Details

#<<(purl) ⇒ Object

# File 'lib/bibliothecary/multi_parsers/cyclonedx.rb', line 51

def <<(purl)
  mapping = PURL_TYPE_MAPPING[purl.type]
  return unless mapping

  @manifests[mapping] ||= Set.new
  @manifests[mapping] << {
    name: self.class.full_name_for_purl(purl),
    requirement: purl.version,
    type: 'lockfile'
  }
end

#[](key) ⇒ Object

# File 'lib/bibliothecary/multi_parsers/cyclonedx.rb', line 80

def [](key)
  @manifests[key]&.to_a
end

#parse!(&block) ⇒ Object

Iterates over each manifest entry in the parse_queue, and accepts a block which will be called on each component. The block has two jobs: 1) add more sub-components to parse (if they exist), and 2) return the components purl.

# File 'lib/bibliothecary/multi_parsers/cyclonedx.rb', line 66

def parse!(&block)
  while @parse_queue.length > 0
    component = @parse_queue.shift

    purl_text = block.call(component, @parse_queue)

    next unless purl_text

    purl = PackageURL.parse(purl_text)

    self << purl
  end
end