Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Process Gemfile.lock processing #3072 #3090

Merged
merged 4 commits into from
Sep 3, 2022
Merged

Process Gemfile.lock processing #3072 #3090

merged 4 commits into from
Sep 3, 2022

Conversation

JonoYang
Copy link
Contributor

@JonoYang JonoYang commented Sep 2, 2022

This PR addresses the issue in #3072, where (in a scancode scan) the main gem that the gemfile.lock is for has been reported the same number of times as there are dependencies in the gemfile.lock and that the entire set of dependencies have been repeated the same amount of times.

The changes I've made in this PR was to update the GemfileParser to look for the gem that was created for the contents in the PATH section of the gemfile.lock and save it to a new attribute on GemfileParser named primary_gem.

In GemfileLockHandler.parse(), if we have a primary gem from a gemfile.lock, we use that primary gem info as the base of the package data and we consider all other gems from that lockfile as a dependency of the primary gem. If there is no primary gem, then we collect all the dependencies and return them in a package with no name.

@JonoYang
Return single Package from Gemfile.lock #3072
5ccee5f 
Signed-off-by: Jono Yang <jyang@nexb.com>
@JonoYang
Do not return nameless package with deps #3072
a43660f 
Signed-off-by: Jono Yang <jyang@nexb.com>
@JonoYang
Track primary gem in GemfileLock parser #3072
4c7bb33 
Signed-off-by: Jono Yang <jyang@nexb.com>
@JonoYang
Update GemfileParser #3072
023c452 
    * Add new step in GemfileParser.__init__() to determine the Ruby package that this gemfile.lock is for
    * Add new test

Signed-off-by: Jono Yang <jyang@nexb.com>
@pombredanne pombredanne changed the title 3072 rubygem parse fix Process Gemfile.lock processing #3072 Sep 3, 2022
pombredanne
pombredanne approved these changes Sep 3, 2022
View reviewed changes
Copy link
Contributor

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Thanks... merging!

@pombredanne pombredanne merged commit 64522a6 into develop Sep 3, 2022
@pombredanne pombredanne deleted the 3072-rubygem-parse-fix branch September 3, 2022 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pombredanne pombredanne pombredanne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JonoYang @pombredanne