provenant-cli 0.0.8

Provenant is a high-performance Rust scanner for licenses, packages, and source provenance.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

#[cfg(test)]
mod tests {
    use std::fs;
    use std::path::Path;

    use super::super::scan_test_utils::{
        assert_dependency_present, assert_file_links_to_package, scan_and_assemble,
    };
    use crate::models::{DatasourceId, PackageType};

    #[test]
    fn test_ruby_extracted_scan_assembles_metadata_and_gemspec() {
        let (files, result) =
            scan_and_assemble(Path::new("testdata/assembly-golden/ruby-extracted-basic"));

        let package = result
            .packages
            .iter()
            .find(|package| package.name.as_deref() == Some("example-gem"))
            .expect("ruby extracted gem should be assembled");

        assert_eq!(package.package_type, Some(PackageType::Gem));
        assert_eq!(package.version.as_deref(), Some("1.2.3"));
        assert_eq!(package.purl.as_deref(), Some("pkg:gem/example-gem@1.2.3"));
        assert_dependency_present(&result.dependencies, "pkg:gem/rails", "metadata.gz-extract");
        assert_dependency_present(&result.dependencies, "pkg:gem/rubocop", "example.gemspec");
        assert_file_links_to_package(
            &files,
            "/metadata.gz-extract",
            &package.package_uid,
            DatasourceId::GemArchiveExtracted,
        );
        assert_file_links_to_package(
            &files,
            "/example.gemspec",
            &package.package_uid,
            DatasourceId::Gemspec,
        );
    }

    #[test]
    fn test_ruby_manifest_lock_scan_assembles_gemspec_and_lockfile() {
        let temp_dir = tempfile::TempDir::new().expect("create temp dir");
        fs::copy(
            "testdata/ruby/basic.gemspec",
            temp_dir.path().join("example.gemspec"),
        )
        .expect("copy gemspec fixture");
        fs::copy(
            "testdata/ruby/Gemfile.lock",
            temp_dir.path().join("Gemfile.lock"),
        )
        .expect("copy Gemfile.lock fixture");

        let (files, result) = scan_and_assemble(temp_dir.path());

        let package = result
            .packages
            .iter()
            .find(|package| package.name.as_deref() == Some("example-gem"))
            .expect("ruby manifest package should be assembled");

        assert_eq!(package.package_type, Some(PackageType::Gem));
        assert_eq!(package.version.as_deref(), Some("1.2.3"));
        assert_eq!(package.purl.as_deref(), Some("pkg:gem/example-gem@1.2.3"));
        assert_dependency_present(&result.dependencies, "pkg:gem/rails", "example.gemspec");
        assert_dependency_present(&result.dependencies, "pkg:gem/rspec@3.12.0", "Gemfile.lock");
        assert_file_links_to_package(
            &files,
            "/example.gemspec",
            &package.package_uid,
            DatasourceId::Gemspec,
        );
        assert_file_links_to_package(
            &files,
            "/Gemfile.lock",
            &package.package_uid,
            DatasourceId::GemfileLock,
        );
    }
}