Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Repeated package and dependency results when scanning extracted rubygem #3072

Open
JonoYang opened this issue Aug 30, 2022 · 0 comments
Open

Repeated package and dependency results when scanning extracted rubygem #3072

JonoYang opened this issue Aug 30, 2022 · 0 comments
Labels
bug package scan

Comments

@JonoYang
Copy link
Member

I extracted a rubygem (https://rubygems.org/downloads/awesome_print-1.8.0.gem) and I scanned it with scancode-toolkit and I got repeated Package and Dependency results. The package awesome_print was reported 20 times, and each dependency for awesome_print was reported 20 times.

In GemfileLockHandler.parse() it appears that we yield the package and dependencies too many times.
@JonoYang JonoYang mentioned this issue Aug 30, 2022
Merged
JonoYang added a commit that referenced this issue Aug 31, 2022
@JonoYang
Return single Package from Gemfile.lock #3072
c78e2fd 
Signed-off-by: Jono Yang <jyang@nexb.com>
JonoYang added a commit that referenced this issue Sep 1, 2022
@JonoYang
Do not return nameless package with deps #3072
672bcc6 
Signed-off-by: Jono Yang <jyang@nexb.com>
JonoYang added a commit that referenced this issue Sep 2, 2022
@JonoYang
Track primary gem in GemfileLock parser #3072
7f8bccc 
Signed-off-by: Jono Yang <jyang@nexb.com>
JonoYang added a commit that referenced this issue Sep 2, 2022
@JonoYang
Update GemfileParser #3072
176cb58 
    * Add new step in GemfileParser.__init__() to determine the Ruby package that this gemfile.lock is for
    * Add new test

Signed-off-by: Jono Yang <jyang@nexb.com>
This was referenced Sep 2, 2022
Closed
Merged
JonoYang added a commit that referenced this issue Sep 3, 2022
@JonoYang
Return single Package from Gemfile.lock #3072
5ccee5f 
Signed-off-by: Jono Yang <jyang@nexb.com>
JonoYang added a commit that referenced this issue Sep 3, 2022
@JonoYang
Do not return nameless package with deps #3072
a43660f 
Signed-off-by: Jono Yang <jyang@nexb.com>
JonoYang added a commit that referenced this issue Sep 3, 2022
@JonoYang
Track primary gem in GemfileLock parser #3072
4c7bb33 
Signed-off-by: Jono Yang <jyang@nexb.com>
JonoYang added a commit that referenced this issue Sep 3, 2022
@JonoYang
Update GemfileParser #3072
023c452 
    * Add new step in GemfileParser.__init__() to determine the Ruby package that this gemfile.lock is for
    * Add new test

Signed-off-by: Jono Yang <jyang@nexb.com>
pombredanne added a commit that referenced this issue Sep 3, 2022
@pombredanne
Merge pull request #3090 from nexB/3072-rubygem-parse-fix
64522a6 
Process Gemfile.lock processing #3072
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug package scan
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JonoYang