Switch to Oj

author: mo khan <mo.khan@gmail.com> 2020-05-31 13:17:22 -0600
committer: mo khan <mo.khan@gmail.com> 2020-05-31 13:17:22 -0600
commit: 7b9115687459fff8b8b06a19097b09f7c56ad356 (patch)
tree: 0e07ab906ed2b8d4f1306aa67209e21b36e35b2b
parent: cba885096abdb3523306851ea1f44dae0738064a (diff)
16 files changed, 51 insertions, 10 deletions
diff --git a/.github/licensed/bundler/oj.dep.yml b/.github/licensed/bundler/oj.dep.yml
new file mode 100644
index 0000000..622bb0d
--- /dev/null
+++ b/.github/licensed/bundler/oj.dep.yml
@@ -0,0 +1,32 @@
+---
+name: oj
+version: 3.10.6
+type: bundler
+summary: A fast JSON parser and serializer.
+homepage: http://www.ohler.com/oj
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    The MIT License (MIT)
+
+    Copyright (c) 2012 Peter Ohler
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.
+notices: []
diff --git a/.rubocop.yml b/.rubocop.yml
index b8ea25c..54503f6 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -22,6 +22,9 @@ Layout/EndOfLine:
 Layout/FirstArrayElementIndentation:
   EnforcedStyle: consistent
 
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
 Layout/MultilineMethodCallIndentation:
   Enabled: true
   EnforcedStyle: indented
diff --git a/Gemfile.lock b/Gemfile.lock
index 139dfba..c178a92 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -7,6 +7,7 @@ PATH
       nanospinner (~> 1.0.0)
       net-hippie (~> 0.3)
       nokogiri (~> 1.10)
+      oj (~> 3.10)
       parslet (~> 2.0)
       terminal-table (~> 1.8)
       thor
@@ -58,6 +59,7 @@ GEM
     octokit (4.18.0)
       faraday (>= 0.9)
       sawyer (~> 0.8.0, >= 0.5.3)
+    oj (3.10.6)
     parallel (1.19.1)
     parser (2.7.1.2)
       ast (~> 2.4.0)
diff --git a/lib/spandx.rb b/lib/spandx.rb
index b7a5bfa..d43ba77 100644
--- a/lib/spandx.rb
+++ b/lib/spandx.rb
@@ -8,6 +8,7 @@ require 'json'
 require 'logger'
 require 'net/hippie'
 require 'nokogiri'
+require 'oj'
 require 'parslet'
 require 'pathname'
 require 'yaml'
diff --git a/lib/spandx/cli/main.rb b/lib/spandx/cli/main.rb
index f22dd34..7476ab8 100644
--- a/lib/spandx/cli/main.rb
+++ b/lib/spandx/cli/main.rb
@@ -16,6 +16,7 @@ module Spandx
         if options[:help]
           invoke :help, ['scan']
         else
+          Oj.default_options = { mode: :strict }
           Spandx.airgap = options[:airgap]
           Spandx.logger = Logger.new(options[:logfile])
           pull if options[:pull]
diff --git a/lib/spandx/core/report.rb b/lib/spandx/core/report.rb
index dc57f6e..1554be9 100644
--- a/lib/spandx/core/report.rb
+++ b/lib/spandx/core/report.rb
@@ -41,7 +41,7 @@ module Spandx
       end
 
       def to_json(*_args)
-        JSON.pretty_generate(to_h)
+        Oj.dump(to_h)
       end
 
       def to_csv
diff --git a/lib/spandx/dotnet/nuget_gateway.rb b/lib/spandx/dotnet/nuget_gateway.rb
index 6776553..089d2bb 100644
--- a/lib/spandx/dotnet/nuget_gateway.rb
+++ b/lib/spandx/dotnet/nuget_gateway.rb
@@ -69,7 +69,7 @@ module Spandx
 
       def fetch_json(url)
         response = http.get(url)
-        http.ok?(response) ? JSON.parse(response.body) : {}
+        http.ok?(response) ? Oj.load(response.body) : {}
       end
 
       def fetch_xml(url)
diff --git a/lib/spandx/js/parsers/npm.rb b/lib/spandx/js/parsers/npm.rb
index b92e1a2..2402454 100644
--- a/lib/spandx/js/parsers/npm.rb
+++ b/lib/spandx/js/parsers/npm.rb
@@ -18,8 +18,8 @@ module Spandx
 
         private
 
-        def each_metadata(file_path)
-          package_lock = JSON.parse(IO.read(file_path))
+        def each_metadata(path)
+          package_lock = Oj.load(path.read)
           package_lock['dependencies'].each do |name, metadata|
             yield metadata.merge('name' => name)
           end
diff --git a/lib/spandx/js/yarn_pkg.rb b/lib/spandx/js/yarn_pkg.rb
index 19a8dd3..bb479b4 100644
--- a/lib/spandx/js/yarn_pkg.rb
+++ b/lib/spandx/js/yarn_pkg.rb
@@ -27,7 +27,7 @@ module Spandx
         response = http.get(uri, escape: false)
 
         if http.ok?(response)
-          json = JSON.parse(response.body)
+          json = Oj.load(response.body)
           json['versions'] ? json['versions'][dependency.version] : json
         else
           {}
diff --git a/lib/spandx/php/packagist_gateway.rb b/lib/spandx/php/packagist_gateway.rb
index 88ec6d3..8580072 100644
--- a/lib/spandx/php/packagist_gateway.rb
+++ b/lib/spandx/php/packagist_gateway.rb
@@ -17,7 +17,7 @@ module Spandx
         response = http.get("https://repo.packagist.org/p/#{dependency.name}.json")
         return [] unless http.ok?(response)
 
-        json = JSON.parse(response.body)
+        json = Oj.load(response.body)
         json['packages'][dependency.name][dependency.version]['license']
       end
     end
diff --git a/lib/spandx/php/parsers/composer.rb b/lib/spandx/php/parsers/composer.rb
index 61c29a8..e1bb240 100644
--- a/lib/spandx/php/parsers/composer.rb
+++ b/lib/spandx/php/parsers/composer.rb
@@ -10,7 +10,7 @@ module Spandx
 
         def parse(path)
           items = Set.new
-          composer_lock = JSON.parse(path.read)
+          composer_lock = Oj.load(path.read)
           composer_lock['packages'].concat(composer_lock['packages-dev']).each do |dependency|
             items.add(map_from(path, dependency))
           end
diff --git a/lib/spandx/python/parsers/pipfile_lock.rb b/lib/spandx/python/parsers/pipfile_lock.rb
index 08b8644..e3ea58d 100644
--- a/lib/spandx/python/parsers/pipfile_lock.rb
+++ b/lib/spandx/python/parsers/pipfile_lock.rb
@@ -19,7 +19,7 @@ module Spandx
         private
 
         def dependencies_from(lockfile)
-          json = JSON.parse(lockfile.read)
+          json = Oj.load(lockfile.read)
           each_dependency(json) do |name, version|
             yield ::Spandx::Core::Dependency.new(
               path: lockfile,
diff --git a/lib/spandx/python/source.rb b/lib/spandx/python/source.rb
index af0cbbb..2379c16 100644
--- a/lib/spandx/python/source.rb
+++ b/lib/spandx/python/source.rb
@@ -22,7 +22,7 @@ module Spandx
       def lookup(name, version, http: Spandx.http)
         response = http.get(uri_for(name, version))
         if http.ok?(response)
-          JSON.parse(response.body)
+          Oj.load(response.body)
         else
           {}
         end
diff --git a/lib/spandx/ruby/gateway.rb b/lib/spandx/ruby/gateway.rb
index 54e8107..208eb9e 100644
--- a/lib/spandx/ruby/gateway.rb
+++ b/lib/spandx/ruby/gateway.rb
@@ -27,7 +27,7 @@ module Spandx
       end
 
       def parse(json)
-        JSON.parse(json)
+        Oj.load(json)
       end
     end
   end
diff --git a/spandx.gemspec b/spandx.gemspec
index 3f36023..465b74c 100644
--- a/spandx.gemspec
+++ b/spandx.gemspec
@@ -37,6 +37,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'nanospinner', '~> 1.0.0'
   spec.add_dependency 'net-hippie', '~> 0.3'
   spec.add_dependency 'nokogiri', '~> 1.10'
+  spec.add_dependency 'oj', '~> 3.10'
   spec.add_dependency 'parslet', '~> 2.0'
   spec.add_dependency 'terminal-table', '~> 1.8'
   spec.add_dependency 'thor'
diff --git a/spec/unit/ruby/parsers/gemfile_lock_spec.rb b/spec/unit/ruby/parsers/gemfile_lock_spec.rb
index 3d3f442..305e238 100644
--- a/spec/unit/ruby/parsers/gemfile_lock_spec.rb
+++ b/spec/unit/ruby/parsers/gemfile_lock_spec.rb
@@ -59,6 +59,7 @@ RSpec.describe Spandx::Ruby::Parsers::GemfileLock do
           build('net-hippie', '0.3.2', path),
           build('nokogiri', '1.10.9', path),
           build('octokit', '4.18.0', path),
+          build('oj', '3.10.6', path),
           build('parallel', '1.19.1', path),
           build('parser', '2.7.1.2', path),
           build('parslet', '2.0.0', path),
author	mo khan <mo.khan@gmail.com>	2020-05-31 13:17:22 -0600
committer	mo khan <mo.khan@gmail.com>	2020-05-31 13:17:22 -0600
commit	7b9115687459fff8b8b06a19097b09f7c56ad356 (patch)
tree	0e07ab906ed2b8d4f1306aa67209e21b36e35b2b
parent	cba885096abdb3523306851ea1f44dae0738064a (diff)