gitlab-license_finder 6.14.2.1

data/lib/license_finder/package_manager.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: false
+
+module LicenseFinder
+  # Super-class for the different package managers
+  # (Bundler, NPM, Pip, etc.)
+  #
+  # For guidance on adding a new package manager use the shared behavior
+  #
+  #     it_behaves_like "a PackageManager"
+  #
+  # Additional guidelines are:
+  #
+  # - implement #current_packages, to return a list of `Package`s this package manager is tracking
+  # - implement #possible_package_paths, an array of `Pathname`s which are the possible locations which contain a configuration file/folder indicating the package manager is in use.
+  # - implement(Optional) #package_management_command, string for invoking the package manager
+  # - implement(Optional) #prepare_command, string for fetching dependencies for package manager (runs when the --prepare flag is passed to license_finder)
+
+  class PackageManager
+    include LicenseFinder::SharedHelpers
+
+    class << self
+      def takes_priority_over
+        nil
+      end
+
+      def id
+        name.split('::').last.downcase
+      end
+    end
+
+    def installed?(logger = Core.default_logger)
+      if package_management_command.nil?
+        logger.debug self.class, 'no command defined' # TODO: comment me out
+        true
+      elsif command_exists?(package_management_command)
+        logger.debug self.class, 'is installed', color: :green
+        true
+      else
+        logger.info self.class, 'is not installed', color: :red
+        false
+      end
+    end
+
+    # see class description
+    def package_management_command
+      nil
+    end
+
+    # see class description
+    def prepare_command
+      nil
+    end
+
+    def command_exists?(command)
+      _stdout, _stderr, status =
+        if LicenseFinder::Platform.windows?
+          Cmd.run("where #{command}")
+        else
+          Cmd.run("which #{command}")
+        end
+
+      status.success?
+    end
+
+    def initialize(options = {})
+      @prepare_no_fail = options[:prepare_no_fail]
+      @logger = options[:logger] || Core.default_logger
+      @project_path = options[:project_path]
+      @log_directory = options[:log_directory]
+      @ignored_groups = options[:ignored_groups]
+    end
+
+    def active?
+      path = detected_package_path
+      path&.exist?
+    end
+
+    def project_root?
+      active?
+    end
+
+    def detected_package_path
+      possible_package_paths.find(&:exist?)
+    end
+
+    def prepare
+      if prepare_command
+        stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prepare_command) }
+        unless status.success?
+          log_errors stderr
+
+          error_message = "Prepare command '#{prepare_command}' failed\n#{stderr}"
+
+          error_message == error_message.concat("\n#{stdout}\n") if !stdout.nil? && !stdout.empty?
+
+          raise error_message unless @prepare_no_fail
+        end
+      else
+        logger.debug self.class, 'no prepare step provided', color: :red
+      end
+    end
+
+    def current_packages_with_relations
+      begin
+        packages = current_packages
+      rescue StandardError => e
+        raise e unless @prepare_no_fail
+
+        packages = []
+      end
+
+      packages.each do |parent|
+        parent.children.each do |child_name|
+          child = packages.detect { |child_package| child_package.name == child_name }
+          child.parents << parent.name if child
+        end
+      end
+      packages
+    end
+
+    private
+
+    attr_reader :logger, :project_path
+
+    def log_errors(stderr)
+      log_errors_with_cmd(prepare_command, stderr)
+    end
+
+    def log_errors_with_cmd(prep_cmd, stderr)
+      logger.info(prep_cmd, 'did not succeed.', color: :red)
+      logger.info(prep_cmd, stderr, color: :red)
+      log_to_file(prep_cmd, stderr)
+    end
+
+    def log_to_file(prep_cmd, contents)
+      FileUtils.mkdir_p @log_directory
+
+      # replace whitespace with underscores and remove slashes
+      log_file_name = package_management_command&.gsub(/\s/, '_')&.gsub(%r{/}, '')
+      log_file = File.join(@log_directory, "prepare_#{log_file_name || 'errors'}.log")
+
+      File.open(log_file, 'w') do |f|
+        f.write("Prepare command \"#{prep_cmd}\" failed with:\n")
+        f.write("#{contents}\n\n")
+      end
+    end
+  end
+end
+
+require 'license_finder/package_managers/bower'
+require 'license_finder/package_managers/go_workspace'
+require 'license_finder/package_managers/go_15vendorexperiment'
+require 'license_finder/package_managers/go_dep'
+require 'license_finder/package_managers/gvt'
+require 'license_finder/package_managers/glide'
+require 'license_finder/package_managers/govendor'
+require 'license_finder/package_managers/go_modules'
+require 'license_finder/package_managers/trash'
+require 'license_finder/package_managers/bundler'
+require 'license_finder/package_managers/npm'
+require 'license_finder/package_managers/yarn'
+require 'license_finder/package_managers/pip'
+require 'license_finder/package_managers/pipenv'
+require 'license_finder/package_managers/maven'
+require 'license_finder/package_managers/mix'
+require 'license_finder/package_managers/cocoa_pods'
+require 'license_finder/package_managers/carthage'
+require 'license_finder/package_managers/spm'
+require 'license_finder/package_managers/gradle'
+require 'license_finder/package_managers/rebar'
+require 'license_finder/package_managers/erlangmk'
+require 'license_finder/package_managers/nuget'
+require 'license_finder/package_managers/dotnet'
+require 'license_finder/package_managers/dep'
+require 'license_finder/package_managers/conan'
+require 'license_finder/package_managers/sbt'
+require 'license_finder/package_managers/cargo'
+require 'license_finder/package_managers/composer'
+require 'license_finder/package_managers/conda'
+
+require 'license_finder/package'

data/lib/license_finder/package_managers/bower.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Bower < PackageManager
+    def current_packages
+      bower_output.map do |package|
+        BowerPackage.new(package, logger: logger)
+      end
+    end
+
+    def package_management_command
+      'bower'
+    end
+
+    def prepare_command
+      'bower install'
+    end
+
+    def possible_package_paths
+      [project_path.join('bower.json')]
+    end
+
+    private
+
+    def bower_output
+      command = "#{package_management_command} list --json -l action --allow-root"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      JSON(stdout)
+        .fetch('dependencies', {})
+        .values
+    end
+  end
+end

data/lib/license_finder/package_managers/bundler.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require 'bundler'
+require 'securerandom'
+
+module LicenseFinder
+  class Bundler < PackageManager
+    def initialize(options = {})
+      super
+      @ignored_groups = options[:ignored_groups]
+      @definition = options[:definition] # dependency injection for tests
+    end
+
+    def current_packages
+      logger.debug self.class, "including groups #{included_groups.inspect}"
+      details.map do |gem_detail, bundle_detail|
+        BundlerPackage.new(gem_detail, bundle_detail, logger: logger).tap do |package|
+          log_package_dependencies package
+        end
+      end
+    end
+
+    def package_management_command
+      'bundle'
+    end
+
+    def prepare_command
+      ignored_groups_argument = !ignored_groups.empty? ? "--without #{ignored_groups.to_a.join(' ')}" : ''
+
+      gem_path = "lf-bundler-gems-#{SecureRandom.uuid}"
+      logger.info self.class, "Running bundle install for #{Dir.pwd} with path #{gem_path}", color: :blue
+
+      "bundle install #{ignored_groups_argument} --path #{gem_path}".strip
+    end
+
+    def possible_package_paths
+      [project_path.join(gemfile)]
+    end
+
+    private
+
+    attr_reader :ignored_groups
+
+    def definition
+      ENV['BUNDLE_GEMFILE'] = "#{project_path}/#{gemfile}"
+
+      @definition ||= ::Bundler::Definition.build(detected_package_path, lockfile_path, nil)
+    end
+
+    def details
+      gem_details.map do |gem_detail|
+        bundle_detail = bundler_details.detect { |bundler_detail| bundler_detail.name == gem_detail.name }
+        [gem_detail, bundle_detail]
+      end
+    end
+
+    def gem_details
+      return @gem_details if @gem_details
+
+      # clear gem paths before running specs_for
+      Gem.clear_paths
+      if bundler_config_path_found
+        ::Bundler.reset!
+        ::Bundler.configure
+      end
+      @gem_details = definition.specs_for(included_groups)
+    end
+
+    def bundler_details
+      @bundler_details ||= definition.dependencies
+    end
+
+    def included_groups
+      definition.groups - ignored_groups.map(&:to_sym)
+    end
+
+    def lockfile_path
+      project_path.join(lockfile)
+    end
+
+    def bundler_config_path_found
+      config_file = project_path.join('.bundle/config')
+
+      return false unless File.exist?(config_file)
+
+      content = File.readlines(config_file)
+      content.grep(/BUNDLE_PATH/).count.positive?
+    end
+
+    def log_package_dependencies(package)
+      dependencies = package.children
+      if dependencies.empty?
+        logger.debug self.class, format("package '%s' has no dependencies", package.name)
+      else
+        logger.debug self.class, format("package '%s' has dependencies:", package.name)
+        dependencies.each do |dep|
+          logger.debug self.class, format('- %s', dep)
+        end
+      end
+    end
+
+    def gemfile
+      File.basename(ENV['BUNDLE_GEMFILE'] || 'Gemfile')
+    end
+
+    def lockfile
+      "#{gemfile}.lock"
+    end
+  end
+end

data/lib/license_finder/package_managers/cargo.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Cargo < PackageManager
+    def current_packages
+      cargo_output.map do |package|
+        path = Dir.glob("#{Dir.home}/.cargo/registry/src/**/#{package['name']}-#{package['version']}").first
+        CargoPackage.new(package, logger: logger, install_path: path)
+      end
+    end
+
+    def package_management_command
+      'cargo'
+    end
+
+    def prepare_command
+      'cargo fetch'
+    end
+
+    def possible_package_paths
+      [project_path.join('Cargo.lock'), project_path.join('Cargo.toml')]
+    end
+
+    private
+
+    def cargo_output
+      command = "#{package_management_command} metadata --format-version=1"
+
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      JSON(stdout)
+        .fetch('packages', [])
+    end
+  end
+end

data/lib/license_finder/package_managers/carthage.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Carthage < PackageManager
+    class CarthageError < RuntimeError; end
+
+    def current_packages
+      cartfile.each_line.map do |line|
+        name, version = name_version_from_line line
+
+        CarthagePackage.new(
+          name,
+          version,
+          license_text(name),
+          logger: logger,
+          install_path: project_checkout(name)
+        )
+      end
+    end
+
+    def package_management_command
+      LicenseFinder::Platform.darwin? ? 'carthage' : nil
+    end
+
+    def possible_package_paths
+      [public_dependency_path]
+    end
+
+    private
+
+    def cartfile
+      if File.exist?(resolved_path)
+        @cartfile ||= IO.read(resolved_path)
+      else
+        raise CarthageError, 'No Cartfile.resolved found.
+          Please install your dependencies first.'
+      end
+    end
+
+    def public_dependency_path
+      project_path.join('Cartfile')
+    end
+
+    def resolved_path
+      project_path.join('Cartfile.resolved')
+    end
+
+    def project_checkout(name)
+      project_path.join('Carthage', 'Checkouts', name)
+    end
+
+    def license_text(name)
+      license_path = license_pattern(name).find { |f| File.exist?(f) }
+      license_path.nil? ? nil : IO.read(license_path)
+    end
+
+    def license_pattern(name)
+      checkout_path = project_checkout(name)
+      Dir.glob(checkout_path.join('LICENSE*'), File::FNM_CASEFOLD)
+    end
+
+    def name_version_from_line(cartfile_line)
+      cartfile_line.split(' ')[1, 2].map { |f| f.split('/').last.delete('"').gsub('.git', '') }
+    end
+  end
+end

data/lib/license_finder/package_managers/cocoa_pods.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class CocoaPods < PackageManager
+    def current_packages
+      podfile = YAML.load_file(lockfile_path)
+
+      podfile['PODS'].map do |pod|
+        pod = pod.keys.first if pod.is_a?(Hash)
+
+        name, version = pod.scan(/(.*)\s\((.*)\)/).flatten
+
+        CocoaPodsPackage.new(
+          name,
+          version,
+          license_texts[name],
+          logger: logger
+        )
+      end
+    end
+
+    def package_management_command
+      LicenseFinder::Platform.darwin? ? 'pod' : nil
+    end
+
+    def possible_package_paths
+      [project_path.join('Podfile')]
+    end
+
+    private
+
+    def lockfile_path
+      project_path.join('Podfile.lock')
+    end
+
+    def license_texts
+      # package name => license text
+      @license_texts ||= read_plist(acknowledgements_path)['PreferenceSpecifiers']
+                         .each_with_object({}) { |hash, memo| memo[hash['Title']] = hash['FooterText'] }
+    end
+
+    def acknowledgements_path
+      search_paths = ['Pods/Pods-acknowledgements.plist',
+                      'Pods/Target Support Files/Pods/Pods-acknowledgements.plist',
+                      'Pods/Target Support Files/Pods-*/Pods-*-acknowledgements.plist']
+
+      result = Dir[*search_paths.map { |path| File.join(project_path, path) }].first
+      raise "Found a Podfile but no Pods directory in #{project_path}. Try running pod install before running license_finder." if result.nil?
+
+      result
+    end
+
+    def read_plist(pathname)
+      transformed_pathname = pathname.gsub!(%r{[^0-9A-Za-z. \-'/]}, '')
+      transformed_pathname = pathname if transformed_pathname.nil?
+      JSON.parse(`plutil -convert json -o - '#{transformed_pathname}'`)
+    end
+  end
+end

data/lib/license_finder/package_managers/composer.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Composer < PackageManager
+    def initialize(options = {})
+      super
+      @check_require_only = !!options[:composer_check_require_only]
+    end
+
+    def possible_package_paths
+      [project_path.join('composer.lock'), project_path.join('composer.json')]
+    end
+
+    def current_packages
+      dependency_list.map do |name, dependency|
+        path_command = "composer show #{name} -P"
+        stdout, _stderr, status = Dir.chdir(project_path) { Cmd.run(path_command) }
+
+        path = status.success? ? stdout.split(' ').last : ''
+        ComposerPackage.new(name, dependency['version'], spec_licenses: dependency['license'], install_path: path)
+      end
+    end
+
+    def prepare
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prepare_command) }
+      return if status.success?
+
+      log_errors stderr
+      raise "Prepare command '#{Composer.prepare_command}' failed" unless @prepare_no_fail
+    end
+
+    def package_management_command
+      'composer'
+    end
+
+    def prepare_command
+      'composer install --no-plugins --no-scripts --ignore-platform-reqs --no-interaction'
+    end
+
+    def package_path
+      project_path.join('composer.json')
+    end
+
+    def lockfile_path
+      project_path.join('composer.lock')
+    end
+
+    def dependency_list
+      json ||= composer_json
+      json.fetch('dependencies', {}).reject { |_, d| d.is_a?(String) }
+    end
+
+    def composer_json
+      command = "composer licenses --format=json#{@check_require_only ? ' --no-dev' : ''}"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      JSON(stdout)
+    end
+  end
+end

data/lib/license_finder/package_managers/conan.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'license_finder/package_utils/conan_info_parser'
+
+module LicenseFinder
+  class Conan < PackageManager
+    def possible_package_paths
+      [project_path.join('conanfile.txt')]
+    end
+
+    def current_packages
+      install_command = 'conan install .'
+      info_command = 'conan info .'
+      Dir.chdir(project_path) { Cmd.run(install_command) }
+      info_output, _stderr, _status = Dir.chdir(project_path) { Cmd.run(info_command) }
+
+      info_parser = ConanInfoParser.new
+
+      deps = info_parser.parse(info_output)
+      deps.map do |dep|
+        name, version = dep['name'].split('@').first.split('/')
+        url = dep['URL']
+        license_file_path = Dir.glob("#{project_path}/licenses/#{name}/**/LICENSE*").first
+        ConanPackage.new(name, version, File.open(license_file_path).read, url) unless name == 'PROJECT'
+      end.compact
+    end
+  end
+end