Is it necessary to check for plus sign in the name?

allancanare commented 2 years ago

I get the following error when creating a bom file and one of the libraries has a plus sign in the name, example pod 'NSDate+TimeAgo'

E, [2022-05-09T13:47:34.678733 #54428] ERROR -- : Root name shouldn't contain plus signs
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/lib/cyclonedx/cocoapods/pod.rb:38:in `initialize'
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/lib/cyclonedx/cocoapods/cli_runner.rb:179:in `new'
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/lib/cyclonedx/cocoapods/cli_runner.rb:179:in `block in parse_pods'
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/lib/cyclonedx/cocoapods/cli_runner.rb:178:in `map'
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/lib/cyclonedx/cocoapods/cli_runner.rb:178:in `parse_pods'
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/lib/cyclonedx/cocoapods/cli_runner.rb:45:in `run'
/Users/allan/.rvm/gems/ruby-2.6.5/gems/cyclonedx-cocoapods-0.1.1/exe/cyclonedx-cocoapods:23:in `<top (required)>'
/Users/allan/.rvm/gems/ruby-2.6.5/bin/cyclonedx-cocoapods:25:in `load'
/Users/allan/.rvm/gems/ruby-2.6.5/bin/cyclonedx-cocoapods:25:in `<main>'
/Users/allan/.rvm/gems/ruby-2.6.5/bin/ruby_executable_hooks:24:in `eval'
/Users/allan/.rvm/gems/ruby-2.6.5/bin/ruby_executable_hooks:24:in `<main>'

Is this check necessary? Related code is at pod.rb line 38

macblazer commented 2 years ago

According to the CocoaPods source, the root name of a pod should not contain a plus sign. This fact is why cyclonedx-cocoapods does the same naming checks.

We could add a comment in our source that links to the CocoaPods source so it is more obvious why those naming checks are being done.

macblazer commented 2 years ago

Although my previous statement about the CocoaPods create name validation is correct, doing some searching on the CocoaPods spec repository shows that there are quite a number of established pods (534 as of this writing) that use the "+" sign in the name. We should probably remove that check in our code because it is not actually enforced by the CocoaPods ecosystem.

The other naming rules are:

That no pod should start with a ".", and I found zero pods that started with a period.
That no pod should have a space in the name. I found one deprecated pod that had a space in the name. I think it's probably OK to leave our check for a space in there; hopefully nobody is using that deprecated pod.

Search for starting with a period:

$ pod search --simple --no-pager --regex ^\\..+
[!] Unable to find a pod with name matching `^\..+'

Search for whitespace in the name:

$ pod search --simple --no-pager --regex .\*\\s.\*

-> ID.me WebVerify (2.0.0) [DEPRECATED]

Search for "+" in the name (note that this search took 8 minutes on a MacBook Pro with M1 Max):

$ pod search --simple --no-pager --no-ansi --regex .\*\\+.\* | fgrep -c -e "-> "
534

CycloneDX / cyclonedx-cocoapods

Is it necessary to check for plus sign in the name? #31