RubyGems - gitlab-license_finder - Versions diffs - 6.14.2.1 - Mend

gitlab-license_finder 6.14.2.1

Files changed (180) hide show

checksums.yaml +7 -0
data/.force-build +0 -0
data/.gitignore +13 -0
data/.rspec +1 -0
data/.rubocop.yml +70 -0
data/CHANGELOG.md +981 -0
data/CONTRIBUTING.md +121 -0
data/Dockerfile +249 -0
data/Gemfile +2 -0
data/LICENSE +22 -0
data/README.md +555 -0
data/Rakefile +77 -0
data/TODO.md +12 -0
data/VERSION +1 -0
data/appveyor.yml +21 -0
data/bin/license_finder +6 -0
data/bin/license_finder_pip.py +43 -0
data/ci/pipelines/pull-request.yml.erb +141 -0
data/ci/pipelines/release.yml.erb +200 -0
data/ci/scripts/containerize-tests.sh +14 -0
data/ci/scripts/pushscript.sh +32 -0
data/ci/scripts/run-rubocop.sh +15 -0
data/ci/scripts/run-tests.sh +24 -0
data/ci/scripts/test.ps1 +81 -0
data/ci/scripts/updateChangelog.sh +84 -0
data/ci/tasks/build-and-push-gem.yml +10 -0
data/ci/tasks/build-windows.yml +6 -0
data/ci/tasks/build.yml +16 -0
data/ci/tasks/rubocop.yml +15 -0
data/ci/tasks/run-tests.yml +10 -0
data/ci/tasks/update-changelog.yml +18 -0
data/dlf +12 -0
data/examples/Gemfile +4 -0
data/examples/custom_erb_template.rb +24 -0
data/examples/extract_license_data.rb +63 -0
data/examples/sample_template.erb +7 -0
data/lib/license_finder/cli/approvals.rb +28 -0
data/lib/license_finder/cli/base.rb +107 -0
data/lib/license_finder/cli/dependencies.rb +44 -0
data/lib/license_finder/cli/ignored_dependencies.rb +32 -0
data/lib/license_finder/cli/ignored_groups.rb +32 -0
data/lib/license_finder/cli/inherited_decisions.rb +50 -0
data/lib/license_finder/cli/licenses.rb +26 -0
data/lib/license_finder/cli/main.rb +221 -0
data/lib/license_finder/cli/makes_decisions.rb +38 -0
data/lib/license_finder/cli/patched_thor.rb +33 -0
data/lib/license_finder/cli/permitted_licenses.rb +32 -0
data/lib/license_finder/cli/project_name.rb +32 -0
data/lib/license_finder/cli/restricted_licenses.rb +32 -0
data/lib/license_finder/cli.rb +20 -0
data/lib/license_finder/configuration.rb +186 -0
data/lib/license_finder/core.rb +118 -0
data/lib/license_finder/decision_applier.rb +70 -0
data/lib/license_finder/decisions.rb +312 -0
data/lib/license_finder/decisions_factory.rb +13 -0
data/lib/license_finder/diff.rb +51 -0
data/lib/license_finder/license/any_matcher.rb +15 -0
data/lib/license_finder/license/definitions.rb +366 -0
data/lib/license_finder/license/header_matcher.rb +17 -0
data/lib/license_finder/license/matcher.rb +24 -0
data/lib/license_finder/license/none_matcher.rb +11 -0
data/lib/license_finder/license/template.rb +19 -0
data/lib/license_finder/license/templates/0BSD.txt +10 -0
data/lib/license_finder/license/templates/Apache1_1.txt +16 -0
data/lib/license_finder/license/templates/Apache2.txt +172 -0
data/lib/license_finder/license/templates/BSD.txt +24 -0
data/lib/license_finder/license/templates/CC01.txt +30 -0
data/lib/license_finder/license/templates/CDDL1.txt +131 -0
data/lib/license_finder/license/templates/EPL1.txt +86 -0
data/lib/license_finder/license/templates/GPLv2.txt +339 -0
data/lib/license_finder/license/templates/GPLv3.txt +674 -0
data/lib/license_finder/license/templates/ISC.txt +2 -0
data/lib/license_finder/license/templates/LGPL.txt +165 -0
data/lib/license_finder/license/templates/LGPL2_1.txt +169 -0
data/lib/license_finder/license/templates/MIT.txt +9 -0
data/lib/license_finder/license/templates/MPL1_1.txt +469 -0
data/lib/license_finder/license/templates/MPL2.txt +373 -0
data/lib/license_finder/license/templates/NewBSD.txt +21 -0
data/lib/license_finder/license/templates/OFL.txt +91 -0
data/lib/license_finder/license/templates/Python.txt +47 -0
data/lib/license_finder/license/templates/Ruby.txt +52 -0
data/lib/license_finder/license/templates/SimplifiedBSD.txt +19 -0
data/lib/license_finder/license/templates/WTFPL.txt +14 -0
data/lib/license_finder/license/templates/Zlib.txt +17 -0
data/lib/license_finder/license/text.rb +45 -0
data/lib/license_finder/license.rb +117 -0
data/lib/license_finder/license_aggregator.rb +59 -0
data/lib/license_finder/logger.rb +69 -0
data/lib/license_finder/package.rb +202 -0
data/lib/license_finder/package_delta.rb +61 -0
data/lib/license_finder/package_manager.rb +181 -0
data/lib/license_finder/package_managers/bower.rb +37 -0
data/lib/license_finder/package_managers/bundler.rb +110 -0
data/lib/license_finder/package_managers/cargo.rb +38 -0
data/lib/license_finder/package_managers/carthage.rb +68 -0
data/lib/license_finder/package_managers/cocoa_pods.rb +61 -0
data/lib/license_finder/package_managers/composer.rb +63 -0
data/lib/license_finder/package_managers/conan.rb +28 -0
data/lib/license_finder/package_managers/conda.rb +131 -0
data/lib/license_finder/package_managers/dep.rb +43 -0
data/lib/license_finder/package_managers/dotnet.rb +83 -0
data/lib/license_finder/package_managers/erlangmk.rb +50 -0
data/lib/license_finder/package_managers/glide.rb +36 -0
data/lib/license_finder/package_managers/go_15vendorexperiment.rb +87 -0
data/lib/license_finder/package_managers/go_dep.rb +80 -0
data/lib/license_finder/package_managers/go_modules.rb +93 -0
data/lib/license_finder/package_managers/go_workspace.rb +116 -0
data/lib/license_finder/package_managers/govendor.rb +73 -0
data/lib/license_finder/package_managers/gradle.rb +99 -0
data/lib/license_finder/package_managers/gvt.rb +69 -0
data/lib/license_finder/package_managers/maven.rb +65 -0
data/lib/license_finder/package_managers/mix.rb +131 -0
data/lib/license_finder/package_managers/npm.rb +57 -0
data/lib/license_finder/package_managers/nuget.rb +154 -0
data/lib/license_finder/package_managers/pip.rb +70 -0
data/lib/license_finder/package_managers/pipenv.rb +63 -0
data/lib/license_finder/package_managers/rebar.rb +65 -0
data/lib/license_finder/package_managers/sbt.rb +50 -0
data/lib/license_finder/package_managers/spm.rb +93 -0
data/lib/license_finder/package_managers/trash.rb +43 -0
data/lib/license_finder/package_managers/yarn.rb +107 -0
data/lib/license_finder/package_utils/activation.rb +40 -0
data/lib/license_finder/package_utils/conan_info_parser.rb +77 -0
data/lib/license_finder/package_utils/gradle_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/license_files.rb +41 -0
data/lib/license_finder/package_utils/licensing.rb +39 -0
data/lib/license_finder/package_utils/maven_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/notice_files.rb +40 -0
data/lib/license_finder/package_utils/possible_license_file.rb +27 -0
data/lib/license_finder/package_utils/pypi.rb +41 -0
data/lib/license_finder/package_utils/sbt_dependency_finder.rb +15 -0
data/lib/license_finder/packages/bower_package.rb +42 -0
data/lib/license_finder/packages/bundler_package.rb +33 -0
data/lib/license_finder/packages/cargo_package.rb +28 -0
data/lib/license_finder/packages/carthage_package.rb +18 -0
data/lib/license_finder/packages/cocoa_pods_package.rb +22 -0
data/lib/license_finder/packages/composer_package.rb +13 -0
data/lib/license_finder/packages/conan_package.rb +23 -0
data/lib/license_finder/packages/conda_package.rb +74 -0
data/lib/license_finder/packages/erlangmk_package.rb +114 -0
data/lib/license_finder/packages/go_package.rb +32 -0
data/lib/license_finder/packages/gradle_package.rb +30 -0
data/lib/license_finder/packages/manual_package.rb +27 -0
data/lib/license_finder/packages/maven_package.rb +27 -0
data/lib/license_finder/packages/merged_package.rb +44 -0
data/lib/license_finder/packages/mix_package.rb +13 -0
data/lib/license_finder/packages/npm_package.rb +171 -0
data/lib/license_finder/packages/nuget_package.rb +13 -0
data/lib/license_finder/packages/pip_package.rb +50 -0
data/lib/license_finder/packages/rebar_package.rb +13 -0
data/lib/license_finder/packages/sbt_package.rb +22 -0
data/lib/license_finder/packages/spm_package.rb +18 -0
data/lib/license_finder/packages/yarn_package.rb +13 -0
data/lib/license_finder/platform.rb +15 -0
data/lib/license_finder/project_finder.rb +62 -0
data/lib/license_finder/report.rb +33 -0
data/lib/license_finder/reports/csv_report.rb +99 -0
data/lib/license_finder/reports/diff_report.rb +29 -0
data/lib/license_finder/reports/erb_report.rb +58 -0
data/lib/license_finder/reports/html_report.rb +13 -0
data/lib/license_finder/reports/json_report.rb +30 -0
data/lib/license_finder/reports/junit_report.rb +19 -0
data/lib/license_finder/reports/markdown_report.rb +9 -0
data/lib/license_finder/reports/merged_report.rb +16 -0
data/lib/license_finder/reports/templates/bootstrap.css +9 -0
data/lib/license_finder/reports/templates/html_report.erb +113 -0
data/lib/license_finder/reports/templates/junit_report.erb +41 -0
data/lib/license_finder/reports/templates/markdown_report.erb +49 -0
data/lib/license_finder/reports/templates/xml_report.erb +19 -0
data/lib/license_finder/reports/text_report.rb +12 -0
data/lib/license_finder/reports/xml_report.rb +19 -0
data/lib/license_finder/scanner.rb +83 -0
data/lib/license_finder/shared_helpers/cmd.rb +13 -0
data/lib/license_finder/shared_helpers/common_path.rb +29 -0
data/lib/license_finder/version.rb +6 -0
data/lib/license_finder.rb +14 -0
data/license_finder.gemspec +72 -0
data/release/instructions.md +8 -0
data/swift-all-keys.asc +240 -0
metadata +544 -0

data/lib/license_finder/package_managers/conda.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Conda < PackageManager
+    attr_reader :conda_bash_setup_script
+    def initialize(options = {})
+      @conda_bash_setup_script = options[:conda_bash_setup_script] || Pathname("#{ENV['HOME']}/miniconda3/etc/profile.d/conda.sh")
+      super
+    end
+    # This command is *not* directly executable. See .conda() below.
+    def prepare_command
+      "conda env create -f #{detected_package_path}"
+    end
+    def prepare
+      return if environment_exists?
+      prep_cmd = prepare_command
+      _stdout, stderr, status = Dir.chdir(project_path) { conda(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    def current_packages
+      conda_list.map do |entry|
+        case entry['channel']
+        when 'pypi'
+          # PyPI is much faster than `conda search`, use it when we can.
+          PipPackage.new(entry['name'], entry['version'], PyPI.definition(entry['name'], entry['version']))
+        else
+          CondaPackage.new(conda_search_info(entry))
+        end
+      end.compact
+    end
+    def possible_package_paths
+      [project_path.join('environment.yaml'), project_path.join('environment.yml')]
+    end
+    private
+    def environment_exists?
+      environments.grep(environment_name).any?
+    end
+    def environments
+      command = 'conda env list'
+      stdout, stderr, status = conda command
+      environments = []
+      if status.success?
+        environments = stdout.split("\n").grep_v(/^#/).map { |line| line.split.first }
+      else
+        log_errors_with_cmd command, stderr
+      end
+      environments
+    end
+    def environment_file
+      detected_package_path
+    end
+    def environment_name
+      @environment_name ||= YAML.load_file(environment_file).fetch('name')
+    end
+    def conda(command)
+      Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && #{command}")
+    end
+    def activated_conda(command)
+      Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && conda activate #{environment_name} && #{command}")
+    end
+    # Algorithm is based on
+    # https://bioinformatics.stackexchange.com/a/11226
+    # but completely recoded in Ruby. Like the poster, if the package is
+    # actually managed by conda, we assume that all the potential infos (for
+    # various architectures, versions of python, etc) have the same license.
+    def conda_list
+      command = 'conda list'
+      stdout, stderr, status = activated_conda(command)
+      if status.success?
+        conda_list = []
+        stdout.each_line do |line|
+          next if line =~ /^\s*#/
+          name, version, build, channel = line.split
+          conda_list << {
+            'name' => name,
+            'version' => version,
+            'build' => build,
+            'channel' => channel
+          }
+        end
+        conda_list
+      else
+        log_errors_with_cmd command, stderr
+        []
+      end
+    end
+    def conda_search_info(list_entry)
+      command = 'conda search --info --json '
+      command += "--channel #{list_entry['channel']} " if list_entry['channel'] && !list_entry['channel'].empty?
+      command += "'#{list_entry['name']} #{list_entry['version']}'"
+      # Errors from conda (in --json mode, at least) show up in stdout, not stderr
+      stdout, _stderr, status = activated_conda(command)
+      name = list_entry['name']
+      if status.success?
+        JSON(stdout).fetch(name).first
+      else
+        log_errors_with_cmd command, stdout
+        list_entry
+      end
+    rescue KeyError
+      logger.info('Conda', "Key error trying to find #{name} in\n#{JSON(stdout)}")
+      list_entry
+    end
+  end
+end

data/lib/license_finder/package_managers/dep.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+require 'tomlrb'
+module LicenseFinder
+  class Dep < PackageManager
+    def possible_package_paths
+      [project_path.join('Gopkg.lock')]
+    end
+    def current_packages
+      toml = Tomlrb.load_file(detected_package_path)
+      projects = toml['projects']
+      return [] if projects.nil?
+      projects.map do |project|
+        GoPackage.from_dependency({
+                                    'ImportPath' => project['name'],
+                                    'InstallPath' => project_path.join('vendor', project['name']),
+                                    'Rev' => project['revision'],
+                                    'Homepage' => repo_name(project['name'])
+                                  }, nil, true)
+      end
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def prepare_command
+      'dep ensure -vendor-only'
+    end
+    def package_management_command
+      'dep'
+    end
+  end
+end

data/lib/license_finder/package_managers/dotnet.rb ADDED Viewed

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+require 'pathname'
+require 'json'
+module LicenseFinder
+  class Dotnet < PackageManager
+    class AssetFile
+      def initialize(path)
+        @manifest = JSON.parse(File.read(path))
+      end
+      def dependencies
+        libs = @manifest.fetch('libraries').reject do |_, v|
+          v.fetch('type') == 'project'
+        end
+        libs.keys.map do |name|
+          parts = name.split('/')
+          PackageMetadata.new(parts[0], parts[1], possible_spec_paths(name))
+        end
+      end
+      def possible_spec_paths(package_key)
+        lib = @manifest.fetch('libraries').fetch(package_key)
+        spec_filename = lib.fetch('files').find { |f| f.end_with?('.nuspec') }
+        return [] if spec_filename.nil?
+        @manifest.fetch('packageFolders').keys.map do |root|
+          Pathname(root).join(lib.fetch('path'), spec_filename).to_s
+        end
+      end
+    end
+    class PackageMetadata
+      attr_reader :name, :version, :possible_spec_paths
+      def initialize(name, version, possible_spec_paths)
+        @name = name
+        @version = version
+        @possible_spec_paths = possible_spec_paths
+      end
+      def read_license_urls
+        possible_spec_paths.flat_map do |path|
+          Nuget.nuspec_license_urls(File.read(path)) if File.exist? path
+        end.compact
+      end
+      def ==(other)
+        other.name == name && other.version == version && other.possible_spec_paths == possible_spec_paths
+      end
+    end
+    def possible_package_paths
+      paths = Dir[project_path.join('*.csproj')]
+      paths.map { |p| Pathname(p) }
+    end
+    def current_packages
+      package_metadatas = asset_files
+                          .flat_map { |path| AssetFile.new(path).dependencies }
+                          .uniq { |d| [d.name, d.version] }
+      package_metadatas.map do |d|
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{d.name.downcase}/#{d.version}").first
+        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls, install_path: path)
+      end
+    end
+    def asset_files
+      Dir[project_path.join('**/project.assets.json')]
+    end
+    def package_management_command
+      'dotnet'
+    end
+    def prepare_command
+      "#{package_management_command} restore"
+    end
+  end
+end

data/lib/license_finder/package_managers/erlangmk.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Erlangmk < PackageManager
+    def package_management_command
+      'make'
+    end
+    def package_management_command_with_path
+      "#{package_management_command} --directory=#{project_path} --no-print-directory"
+    end
+    # The IS_DEP=1 is added because not all erlang.mk-based projects are
+    # updated to a version that is compatible with LicenseFinder
+    def prepare_command
+      "#{package_management_command_with_path} IS_DEP=1 fetch-deps"
+    end
+    def possible_package_paths
+      [
+        project_path.join('Erlang.mk'),
+        project_path.join('erlang.mk')
+      ]
+    end
+    def current_packages
+      deps.map do |dep|
+        ErlangmkPackage.new(dep)
+      end
+    end
+    private
+    def deps
+      command = "#{package_management_command_with_path} QUERY='name fetch_method repo version absolute_path' query-deps"
+      stdout, stderr, status = Cmd.run(command)
+      if status.success?
+        dep_re = Regexp.new('^\s*DEP')
+        line_re = Regexp.new('^[_a-z0-9]+:')
+        stdout.each_line.map(&:strip).select { |line| !(line.start_with?('make') || line =~ dep_re) && line =~ line_re }
+      elsif stderr.include? "No rule to make target 'query-deps'"
+        # The stderr check happens because not all erlang.mk-based projects are
+        # updated to a version that is compatible with LicenseFinder
+        []
+      else
+        raise "Command '#{command}' failed to execute: #{stderr}"
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/glide.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Glide < PackageManager
+    def possible_package_paths
+      [project_path.join('glide.lock')]
+    end
+    def current_packages
+      detected_path = detected_package_path
+      YAML.load_file(detected_path).fetch('imports').map do |package_hash|
+        import_path = package_hash.fetch('name')
+        license_path = project_path.join('vendor', import_path)
+        GoPackage.from_dependency({
+                                    'ImportPath' => import_path,
+                                    'InstallPath' => license_path,
+                                    'Rev' => package_hash.fetch('version')
+                                  }, nil, true)
+      end
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def package_management_command
+      'glide'
+    end
+    def prepare_command
+      'glide install'
+    end
+  end
+end

data/lib/license_finder/package_managers/go_15vendorexperiment.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Go15VendorExperiment < PackageManager
+    def initialize(options = {})
+      super
+      @full_version = options[:go_full_version]
+    end
+    def active?
+      super && go_files_exist?
+    end
+    def go_files_exist?
+      !Dir[project_path.join('**/*.go')].empty? && !Dir[project_path.join('vendor/**/*.go')].empty?
+    end
+    def possible_package_paths
+      [project_path.join('vendor')]
+    end
+    def project_sha(path)
+      Dir.chdir(path) do
+        stdout, _stderr, status = Cmd.run('git rev-list --max-count 1 HEAD')
+        raise 'git rev-list failed' unless status.success?
+        stdout.strip
+      end
+    end
+    def current_packages
+      deps = go_list
+      vendored_deps = deps.select { |dep| detected_package_path.join(dep).exist? }
+      vendored_deps.map do |dep|
+        GoPackage.from_dependency({
+                                    'ImportPath' => dep,
+                                    'InstallPath' => detected_package_path.join(dep),
+                                    'Rev' => 'vendored-' + project_sha(detected_package_path.join(dep)),
+                                    'Homepage' => repo_name(dep)
+                                  }, nil, true)
+      end
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+    def package_management_command
+      'go'
+    end
+    def go_list
+      Dir.chdir(project_path) do
+        # avoid checking canonical import path. some projects uses
+        # non-canonical import path and rely on the fact that the deps are
+        # checked in. Canonical paths are only checked by `go get'. We
+        # discovered that `go list' will print a warning and unfortunately exit
+        # with status code 1. Setting GOPATH to nil removes those warnings.
+        orig_gopath = ENV['GOPATH']
+        ENV['GOPATH'] = nil
+        val, _stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...')
+        ENV['GOPATH'] = orig_gopath
+        return [] unless status.success?
+        # Select non-standard packages. `go list std` returns the list of standard
+        # dependencies. We then filter those dependencies out of the full list of
+        # dependencies.
+        deps = val.split("\n")
+        Cmd.run('go list std').first.split("\n").each do |std|
+          deps.delete_if do |dep|
+            dep =~ %r{(\/|^)#{std}(\/|$)}
+          end
+        end
+        deps.map do |d|
+          dep_parts = d.split('/')
+          if dep_parts.length > 2
+            dep_parts[0..2].join('/')
+          else
+            d
+          end
+        end
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/go_dep.rb ADDED Viewed

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class GoDep < PackageManager
+    OLD_GODEP_VENDOR_PATH = 'Godeps/_workspace/src'
+    GODEP_VENDOR_PATH = 'vendor'
+    def initialize(options = {})
+      super
+      @full_version = options[:go_full_version]
+    end
+    def current_packages
+      packages_from_json(detected_package_path.read)
+      # godep includes subpackages as a seperate dependency, we can de-dup that
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def possible_package_paths
+      [project_path.join('Godeps/Godeps.json')]
+    end
+    def package_management_command
+      'godep'
+    end
+    private
+    def install_prefix
+      @install_prefix ||= if project_path.join(OLD_GODEP_VENDOR_PATH).directory?
+                            project_path.join(OLD_GODEP_VENDOR_PATH)
+                          elsif project_path.join(GODEP_VENDOR_PATH).directory?
+                            project_path.join(GODEP_VENDOR_PATH)
+                          else
+                            download_dependencies
+                            Pathname(ENV['GOPATH'] ? ENV['GOPATH'] + '/src' : ENV['HOME'] + '/go/src')
+                          end
+    end
+    def download_dependencies
+      command = "#{package_management_command} restore"
+      _, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" if !status.success? && status.exitstatus != 1
+    end
+    def packages_from_json(json_string)
+      all_packages = JSON.parse(json_string)['Deps']
+      return [] unless all_packages
+      packages_grouped_by_revision = all_packages.group_by { |package| package['Rev'] }
+      result = []
+      packages_grouped_by_revision.each do |_sha, packages_in_group|
+        all_paths_in_group = packages_in_group.map { |p| p['ImportPath'] }
+        common_paths = CommonPathHelper.longest_common_paths(all_paths_in_group)
+        package_info = packages_in_group.first
+        common_paths.each do |common_path|
+          dependency_info_hash = {
+            'Homepage' => common_path,
+            'ImportPath' => common_path,
+            'InstallPath' => package_info['InstallPath'],
+            'Rev' => package_info['Rev']
+          }
+          result << GoPackage.from_dependency(dependency_info_hash,
+                                              install_prefix,
+                                              @full_version)
+        end
+      end
+      result
+    end
+  end
+end

data/lib/license_finder/package_managers/go_modules.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+require 'license_finder/packages/go_package'
+module LicenseFinder
+  class GoModules < PackageManager
+    PACKAGES_FILE = 'go.mod'
+    class << self
+      def takes_priority_over
+        Go15VendorExperiment
+      end
+    end
+    def active?
+      mod_files?
+    end
+    def current_packages
+      packages = packages_info.map do |package|
+        name, version, install_path = package.split(',')
+        read_package(install_path, name, version) if install_path.to_s != ''
+      end.compact
+      packages.reject do |package|
+        Pathname(package.install_path).cleanpath == Pathname(project_path).cleanpath
+      end
+    end
+    private
+    def packages_info
+      Dir.chdir(project_path) do
+        # Explanations:
+        # * Only list dependencies (packages not listed in the project directory)
+        #   (.DepOnly)
+        # * Ignore packages that have nil modules
+        #   (.Module)
+        # * Ignore standard library packages
+        #   (not .Standard)
+        # * Replacement modules are respected
+        #   (or .Module.Replace .Module)
+        # * Module cache directory or (vendored) package directory
+        #   (or $mod.Dir .Dir)
+        format_str = \
+          '{{ if and (.DepOnly) (.Module) (not .Standard) }}'\
+            '{{ $mod := (or .Module.Replace .Module) }}'\
+            '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
+          '{{ end }}'
+        # The module list flag (`-m`) is intentionally not used here. If the module
+        # dependency tree were followed, transitive dependencies that are never imported
+        # may be included.
+        #
+        # Instead, the owning module is listed for each imported package. This better
+        # matches the implementation of other Go package managers.
+        #
+        # TODO: Figure out a way to make the vendor directory work (i.e. remove the
+        # -mod=readonly flag). Each of the imported packages gets listed separatly,
+        # confusing the issue as to which package is the root of the module.
+        go_list_cmd = "GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./..."
+        info_output, stderr, status = Cmd.run(go_list_cmd)
+        log_errors_with_cmd(go_list_cmd, "Getting the dependencies from go list failed \n\t#{stderr}") unless status.success?
+        raise "Command '#{go_list_cmd}' failed to execute" unless status.success?
+        # Since many packages may belong to a single module, #uniq is used to deduplicate
+        info_output.split("\n").uniq
+      end
+    end
+    def mod_files?
+      mod_file_paths.any?
+    end
+    def mod_file_paths
+      Dir[project_path.join(PACKAGES_FILE)]
+    end
+    def read_package(install_path, name, version)
+      info = {
+        'ImportPath' => name,
+        'InstallPath' => install_path,
+        'Rev' => version,
+        'Homepage' => repo_name(name)
+      }
+      GoPackage.from_dependency(info, nil, true)
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+  end
+end