Merge pull request #1689 from khasinski/dependency-parsing-ruby

Add Gemfile.lock parsing for dependency parser

Author: schneems

lib/dependency_parser/ruby/parse.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+require 'bundler'
+require 'json'
+
+module DependencyParser
+  module Ruby
+    class Parse
+      attr_reader :errors
+
+      def initialize(content)
+        @content = content
+        @errors = []
+        @direct = []
+      end
+
+      def call
+        validate_lockfile!(content)
+        return if error?
+
+        @direct = Bundler::LockfileParser.new(content).specs.map do |spec|
+          fetch_spec(name: spec.name, version: spec.version)
+        end.compact
+      end
+
+      def direct
+        { repos: @direct, language: "ruby" }
+      end
+
+      def success?
+        errors.empty?
+      end
+
+      def error?
+        errors.any?
+      end
+
+      private
+
+      attr_reader :content
+
+      def validate_lockfile!(content)
+        @errors << 'No specs found' unless Bundler::LockfileParser.new(content).specs.any?
+      end
+
+      def fetch_spec(name:, version: nil)
+        full_spec = fetcher.fetch_spec([name, version])
+        { name: full_spec.name, url: extract_url(full_spec), description: full_spec.description }
+      rescue
+        @errors << "Invalid spec #{name}"
+        nil
+      end
+
+      def extract_url(full_spec)
+        url = full_spec.metadata["source_code_uri"] || full_spec.homepage
+        url if url.include? "https://github.com/"
+      end
+
+      def fetcher
+        @fetcher ||= Bundler::Fetcher.new(Bundler::Source::Rubygems::Remote.new('https://rubygems.org'))
+      end
+    end
+  end
+end

test/dependency_parsers/ruby_parser_test.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+require_relative '../../lib/dependency_parser/ruby/parse'
+
+class RubyParserTest < ActiveSupport::TestCase
+  test "returns nothing on invalid Gemfile.lock" do
+    parser = DependencyParser::Ruby::Parse.new("invalid")
+    parser.call
+    refute parser.success?
+    assert_equal({ repos: [], language: "ruby" }, parser.direct)
+  end
+
+  test "returns the list of gems for a small Gemfle" do
+    gemfile_lock = <<~LOCKFILE
+      GEM
+        remote: https://rubygems.org/
+        specs:
+          solid_use_case (2.2.0)
+            actionpack (= 6.1.4.1)
+            activesupport (= 6.1.4.1)
+            nio4r (~> 2.0)
+            websocket-driver (>= 0.6.1)
+
+      PLATFORMS
+        ruby
+
+      DEPENDENCIES
+        actioncable
+
+      RUBY VERSION
+         ruby 3.0.4p208
+
+      BUNDLED WITH
+         2.3.21
+
+      LOCKFILE
+
+    parser = DependencyParser::Ruby::Parse.new(gemfile_lock)
+    VCR.use_cassette("dependency_parser/rubygems") do
+      parser.call
+    end
+
+    gem_data = {
+      repos:
+        [{
+          name: "solid_use_case",
+          url: "https://github.com/mindeavor/solid_use_case",
+          description: "Create use cases the way they were meant to be. Easily verify inputs at each step and seamlessly fail with custom error data and convenient pattern matching."
+        }],
+      language: "ruby"
+    }
+
+    assert parser.success?
+    assert_equal gem_data, parser.direct
+  end
+end