RubyGems - gitlab-license_finder - Versions diffs - 6.14.2.1 - Mend

gitlab-license_finder 6.14.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

checksums.yaml +7 -0
data/.force-build +0 -0
data/.gitignore +13 -0
data/.rspec +1 -0
data/.rubocop.yml +70 -0
data/CHANGELOG.md +981 -0
data/CONTRIBUTING.md +121 -0
data/Dockerfile +249 -0
data/Gemfile +2 -0
data/LICENSE +22 -0
data/README.md +555 -0
data/Rakefile +77 -0
data/TODO.md +12 -0
data/VERSION +1 -0
data/appveyor.yml +21 -0
data/bin/license_finder +6 -0
data/bin/license_finder_pip.py +43 -0
data/ci/pipelines/pull-request.yml.erb +141 -0
data/ci/pipelines/release.yml.erb +200 -0
data/ci/scripts/containerize-tests.sh +14 -0
data/ci/scripts/pushscript.sh +32 -0
data/ci/scripts/run-rubocop.sh +15 -0
data/ci/scripts/run-tests.sh +24 -0
data/ci/scripts/test.ps1 +81 -0
data/ci/scripts/updateChangelog.sh +84 -0
data/ci/tasks/build-and-push-gem.yml +10 -0
data/ci/tasks/build-windows.yml +6 -0
data/ci/tasks/build.yml +16 -0
data/ci/tasks/rubocop.yml +15 -0
data/ci/tasks/run-tests.yml +10 -0
data/ci/tasks/update-changelog.yml +18 -0
data/dlf +12 -0
data/examples/Gemfile +4 -0
data/examples/custom_erb_template.rb +24 -0
data/examples/extract_license_data.rb +63 -0
data/examples/sample_template.erb +7 -0
data/lib/license_finder/cli/approvals.rb +28 -0
data/lib/license_finder/cli/base.rb +107 -0
data/lib/license_finder/cli/dependencies.rb +44 -0
data/lib/license_finder/cli/ignored_dependencies.rb +32 -0
data/lib/license_finder/cli/ignored_groups.rb +32 -0
data/lib/license_finder/cli/inherited_decisions.rb +50 -0
data/lib/license_finder/cli/licenses.rb +26 -0
data/lib/license_finder/cli/main.rb +221 -0
data/lib/license_finder/cli/makes_decisions.rb +38 -0
data/lib/license_finder/cli/patched_thor.rb +33 -0
data/lib/license_finder/cli/permitted_licenses.rb +32 -0
data/lib/license_finder/cli/project_name.rb +32 -0
data/lib/license_finder/cli/restricted_licenses.rb +32 -0
data/lib/license_finder/cli.rb +20 -0
data/lib/license_finder/configuration.rb +186 -0
data/lib/license_finder/core.rb +118 -0
data/lib/license_finder/decision_applier.rb +70 -0
data/lib/license_finder/decisions.rb +312 -0
data/lib/license_finder/decisions_factory.rb +13 -0
data/lib/license_finder/diff.rb +51 -0
data/lib/license_finder/license/any_matcher.rb +15 -0
data/lib/license_finder/license/definitions.rb +366 -0
data/lib/license_finder/license/header_matcher.rb +17 -0
data/lib/license_finder/license/matcher.rb +24 -0
data/lib/license_finder/license/none_matcher.rb +11 -0
data/lib/license_finder/license/template.rb +19 -0
data/lib/license_finder/license/templates/0BSD.txt +10 -0
data/lib/license_finder/license/templates/Apache1_1.txt +16 -0
data/lib/license_finder/license/templates/Apache2.txt +172 -0
data/lib/license_finder/license/templates/BSD.txt +24 -0
data/lib/license_finder/license/templates/CC01.txt +30 -0
data/lib/license_finder/license/templates/CDDL1.txt +131 -0
data/lib/license_finder/license/templates/EPL1.txt +86 -0
data/lib/license_finder/license/templates/GPLv2.txt +339 -0
data/lib/license_finder/license/templates/GPLv3.txt +674 -0
data/lib/license_finder/license/templates/ISC.txt +2 -0
data/lib/license_finder/license/templates/LGPL.txt +165 -0
data/lib/license_finder/license/templates/LGPL2_1.txt +169 -0
data/lib/license_finder/license/templates/MIT.txt +9 -0
data/lib/license_finder/license/templates/MPL1_1.txt +469 -0
data/lib/license_finder/license/templates/MPL2.txt +373 -0
data/lib/license_finder/license/templates/NewBSD.txt +21 -0
data/lib/license_finder/license/templates/OFL.txt +91 -0
data/lib/license_finder/license/templates/Python.txt +47 -0
data/lib/license_finder/license/templates/Ruby.txt +52 -0
data/lib/license_finder/license/templates/SimplifiedBSD.txt +19 -0
data/lib/license_finder/license/templates/WTFPL.txt +14 -0
data/lib/license_finder/license/templates/Zlib.txt +17 -0
data/lib/license_finder/license/text.rb +45 -0
data/lib/license_finder/license.rb +117 -0
data/lib/license_finder/license_aggregator.rb +59 -0
data/lib/license_finder/logger.rb +69 -0
data/lib/license_finder/package.rb +202 -0
data/lib/license_finder/package_delta.rb +61 -0
data/lib/license_finder/package_manager.rb +181 -0
data/lib/license_finder/package_managers/bower.rb +37 -0
data/lib/license_finder/package_managers/bundler.rb +110 -0
data/lib/license_finder/package_managers/cargo.rb +38 -0
data/lib/license_finder/package_managers/carthage.rb +68 -0
data/lib/license_finder/package_managers/cocoa_pods.rb +61 -0
data/lib/license_finder/package_managers/composer.rb +63 -0
data/lib/license_finder/package_managers/conan.rb +28 -0
data/lib/license_finder/package_managers/conda.rb +131 -0
data/lib/license_finder/package_managers/dep.rb +43 -0
data/lib/license_finder/package_managers/dotnet.rb +83 -0
data/lib/license_finder/package_managers/erlangmk.rb +50 -0
data/lib/license_finder/package_managers/glide.rb +36 -0
data/lib/license_finder/package_managers/go_15vendorexperiment.rb +87 -0
data/lib/license_finder/package_managers/go_dep.rb +80 -0
data/lib/license_finder/package_managers/go_modules.rb +93 -0
data/lib/license_finder/package_managers/go_workspace.rb +116 -0
data/lib/license_finder/package_managers/govendor.rb +73 -0
data/lib/license_finder/package_managers/gradle.rb +99 -0
data/lib/license_finder/package_managers/gvt.rb +69 -0
data/lib/license_finder/package_managers/maven.rb +65 -0
data/lib/license_finder/package_managers/mix.rb +131 -0
data/lib/license_finder/package_managers/npm.rb +57 -0
data/lib/license_finder/package_managers/nuget.rb +154 -0
data/lib/license_finder/package_managers/pip.rb +70 -0
data/lib/license_finder/package_managers/pipenv.rb +63 -0
data/lib/license_finder/package_managers/rebar.rb +65 -0
data/lib/license_finder/package_managers/sbt.rb +50 -0
data/lib/license_finder/package_managers/spm.rb +93 -0
data/lib/license_finder/package_managers/trash.rb +43 -0
data/lib/license_finder/package_managers/yarn.rb +107 -0
data/lib/license_finder/package_utils/activation.rb +40 -0
data/lib/license_finder/package_utils/conan_info_parser.rb +77 -0
data/lib/license_finder/package_utils/gradle_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/license_files.rb +41 -0
data/lib/license_finder/package_utils/licensing.rb +39 -0
data/lib/license_finder/package_utils/maven_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/notice_files.rb +40 -0
data/lib/license_finder/package_utils/possible_license_file.rb +27 -0
data/lib/license_finder/package_utils/pypi.rb +41 -0
data/lib/license_finder/package_utils/sbt_dependency_finder.rb +15 -0
data/lib/license_finder/packages/bower_package.rb +42 -0
data/lib/license_finder/packages/bundler_package.rb +33 -0
data/lib/license_finder/packages/cargo_package.rb +28 -0
data/lib/license_finder/packages/carthage_package.rb +18 -0
data/lib/license_finder/packages/cocoa_pods_package.rb +22 -0
data/lib/license_finder/packages/composer_package.rb +13 -0
data/lib/license_finder/packages/conan_package.rb +23 -0
data/lib/license_finder/packages/conda_package.rb +74 -0
data/lib/license_finder/packages/erlangmk_package.rb +114 -0
data/lib/license_finder/packages/go_package.rb +32 -0
data/lib/license_finder/packages/gradle_package.rb +30 -0
data/lib/license_finder/packages/manual_package.rb +27 -0
data/lib/license_finder/packages/maven_package.rb +27 -0
data/lib/license_finder/packages/merged_package.rb +44 -0
data/lib/license_finder/packages/mix_package.rb +13 -0
data/lib/license_finder/packages/npm_package.rb +171 -0
data/lib/license_finder/packages/nuget_package.rb +13 -0
data/lib/license_finder/packages/pip_package.rb +50 -0
data/lib/license_finder/packages/rebar_package.rb +13 -0
data/lib/license_finder/packages/sbt_package.rb +22 -0
data/lib/license_finder/packages/spm_package.rb +18 -0
data/lib/license_finder/packages/yarn_package.rb +13 -0
data/lib/license_finder/platform.rb +15 -0
data/lib/license_finder/project_finder.rb +62 -0
data/lib/license_finder/report.rb +33 -0
data/lib/license_finder/reports/csv_report.rb +99 -0
data/lib/license_finder/reports/diff_report.rb +29 -0
data/lib/license_finder/reports/erb_report.rb +58 -0
data/lib/license_finder/reports/html_report.rb +13 -0
data/lib/license_finder/reports/json_report.rb +30 -0
data/lib/license_finder/reports/junit_report.rb +19 -0
data/lib/license_finder/reports/markdown_report.rb +9 -0
data/lib/license_finder/reports/merged_report.rb +16 -0
data/lib/license_finder/reports/templates/bootstrap.css +9 -0
data/lib/license_finder/reports/templates/html_report.erb +113 -0
data/lib/license_finder/reports/templates/junit_report.erb +41 -0
data/lib/license_finder/reports/templates/markdown_report.erb +49 -0
data/lib/license_finder/reports/templates/xml_report.erb +19 -0
data/lib/license_finder/reports/text_report.rb +12 -0
data/lib/license_finder/reports/xml_report.rb +19 -0
data/lib/license_finder/scanner.rb +83 -0
data/lib/license_finder/shared_helpers/cmd.rb +13 -0
data/lib/license_finder/shared_helpers/common_path.rb +29 -0
data/lib/license_finder/version.rb +6 -0
data/lib/license_finder.rb +14 -0
data/license_finder.gemspec +72 -0
data/release/instructions.md +8 -0
data/swift-all-keys.asc +240 -0
metadata +544 -0

data/lib/license_finder/package_managers/conda.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Conda < PackageManager
+    attr_reader :conda_bash_setup_script
+    def initialize(options = {})
+      @conda_bash_setup_script = options[:conda_bash_setup_script] || Pathname("#{ENV['HOME']}/miniconda3/etc/profile.d/conda.sh")
+      super
+    end
+    # This command is *not* directly executable. See .conda() below.
+    def prepare_command
+      "conda env create -f #{detected_package_path}"
+    end
+    def prepare
+      return if environment_exists?
+      prep_cmd = prepare_command
+      _stdout, stderr, status = Dir.chdir(project_path) { conda(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    def current_packages
+      conda_list.map do |entry|
+        case entry['channel']
+        when 'pypi'
+          # PyPI is much faster than `conda search`, use it when we can.
+          PipPackage.new(entry['name'], entry['version'], PyPI.definition(entry['name'], entry['version']))
+        else
+          CondaPackage.new(conda_search_info(entry))
+        end
+      end.compact
+    end
+    def possible_package_paths
+      [project_path.join('environment.yaml'), project_path.join('environment.yml')]
+    end
+    private
+    def environment_exists?
+      environments.grep(environment_name).any?
+    end
+    def environments
+      command = 'conda env list'
+      stdout, stderr, status = conda command
+      environments = []
+      if status.success?
+        environments = stdout.split("\n").grep_v(/^#/).map { |line| line.split.first }
+      else
+        log_errors_with_cmd command, stderr
+      end
+      environments
+    end
+    def environment_file
+      detected_package_path
+    end
+    def environment_name
+      @environment_name ||= YAML.load_file(environment_file).fetch('name')
+    end
+    def conda(command)
+      Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && #{command}")
+    end
+    def activated_conda(command)
+      Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && conda activate #{environment_name} && #{command}")
+    end
+    # Algorithm is based on
+    # https://bioinformatics.stackexchange.com/a/11226
+    # but completely recoded in Ruby. Like the poster, if the package is
+    # actually managed by conda, we assume that all the potential infos (for
+    # various architectures, versions of python, etc) have the same license.
+    def conda_list
+      command = 'conda list'
+      stdout, stderr, status = activated_conda(command)
+      if status.success?
+        conda_list = []
+        stdout.each_line do |line|
+          next if line =~ /^\s*#/
+          name, version, build, channel = line.split
+          conda_list << {
+            'name' => name,
+            'version' => version,
+            'build' => build,
+            'channel' => channel
+          }
+        end
+        conda_list
+      else
+        log_errors_with_cmd command, stderr
+        []
+      end
+    end
+    def conda_search_info(list_entry)
+      command = 'conda search --info --json '
+      command += "--channel #{list_entry['channel']} " if list_entry['channel'] && !list_entry['channel'].empty?
+      command += "'#{list_entry['name']} #{list_entry['version']}'"
+      # Errors from conda (in --json mode, at least) show up in stdout, not stderr
+      stdout, _stderr, status = activated_conda(command)
+      name = list_entry['name']
+      if status.success?
+        JSON(stdout).fetch(name).first
+      else
+        log_errors_with_cmd command, stdout
+        list_entry
+      end
+    rescue KeyError
+      logger.info('Conda', "Key error trying to find #{name} in\n#{JSON(stdout)}")
+      list_entry
+    end
+  end
+end

data/lib/license_finder/package_managers/dep.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+require 'tomlrb'
+module LicenseFinder
+  class Dep < PackageManager
+    def possible_package_paths
+      [project_path.join('Gopkg.lock')]
+    end
+    def current_packages
+      toml = Tomlrb.load_file(detected_package_path)
+      projects = toml['projects']
+      return [] if projects.nil?
+      projects.map do |project|
+        GoPackage.from_dependency({
+                                    'ImportPath' => project['name'],
+                                    'InstallPath' => project_path.join('vendor', project['name']),
+                                    'Rev' => project['revision'],
+                                    'Homepage' => repo_name(project['name'])
+                                  }, nil, true)
+      end
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def prepare_command
+      'dep ensure -vendor-only'
+    end
+    def package_management_command
+      'dep'
+    end
+  end
+end

data/lib/license_finder/package_managers/dotnet.rb ADDED Viewed

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+require 'pathname'
+require 'json'
+module LicenseFinder
+  class Dotnet < PackageManager
+    class AssetFile
+      def initialize(path)
+        @manifest = JSON.parse(File.read(path))
+      end
+      def dependencies
+        libs = @manifest.fetch('libraries').reject do |_, v|
+          v.fetch('type') == 'project'
+        end
+        libs.keys.map do |name|
+          parts = name.split('/')
+          PackageMetadata.new(parts[0], parts[1], possible_spec_paths(name))
+        end
+      end
+      def possible_spec_paths(package_key)
+        lib = @manifest.fetch('libraries').fetch(package_key)
+        spec_filename = lib.fetch('files').find { |f| f.end_with?('.nuspec') }
+        return [] if spec_filename.nil?
+        @manifest.fetch('packageFolders').keys.map do |root|
+          Pathname(root).join(lib.fetch('path'), spec_filename).to_s
+        end
+      end
+    end
+    class PackageMetadata
+      attr_reader :name, :version, :possible_spec_paths
+      def initialize(name, version, possible_spec_paths)
+        @name = name
+        @version = version
+        @possible_spec_paths = possible_spec_paths
+      end
+      def read_license_urls
+        possible_spec_paths.flat_map do |path|
+          Nuget.nuspec_license_urls(File.read(path)) if File.exist? path
+        end.compact
+      end
+      def ==(other)
+        other.name == name && other.version == version && other.possible_spec_paths == possible_spec_paths
+      end
+    end
+    def possible_package_paths
+      paths = Dir[project_path.join('*.csproj')]
+      paths.map { |p| Pathname(p) }
+    end
+    def current_packages
+      package_metadatas = asset_files
+                          .flat_map { |path| AssetFile.new(path).dependencies }
+                          .uniq { |d| [d.name, d.version] }
+      package_metadatas.map do |d|
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{d.name.downcase}/#{d.version}").first
+        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls, install_path: path)
+      end
+    end
+    def asset_files
+      Dir[project_path.join('**/project.assets.json')]
+    end
+    def package_management_command
+      'dotnet'
+    end
+    def prepare_command
+      "#{package_management_command} restore"
+    end
+  end
+end

data/lib/license_finder/package_managers/erlangmk.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Erlangmk < PackageManager
+    def package_management_command
+      'make'
+    end
+    def package_management_command_with_path
+      "#{package_management_command} --directory=#{project_path} --no-print-directory"
+    end
+    # The IS_DEP=1 is added because not all erlang.mk-based projects are
+    # updated to a version that is compatible with LicenseFinder
+    def prepare_command
+      "#{package_management_command_with_path} IS_DEP=1 fetch-deps"
+    end
+    def possible_package_paths
+      [
+        project_path.join('Erlang.mk'),
+        project_path.join('erlang.mk')
+      ]
+    end
+    def current_packages
+      deps.map do |dep|
+        ErlangmkPackage.new(dep)
+      end
+    end
+    private
+    def deps
+      command = "#{package_management_command_with_path} QUERY='name fetch_method repo version absolute_path' query-deps"
+      stdout, stderr, status = Cmd.run(command)
+      if status.success?
+        dep_re = Regexp.new('^\s*DEP')
+        line_re = Regexp.new('^[_a-z0-9]+:')
+        stdout.each_line.map(&:strip).select { |line| !(line.start_with?('make') || line =~ dep_re) && line =~ line_re }
+      elsif stderr.include? "No rule to make target 'query-deps'"
+        # The stderr check happens because not all erlang.mk-based projects are
+        # updated to a version that is compatible with LicenseFinder
+        []
+      else
+        raise "Command '#{command}' failed to execute: #{stderr}"
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/glide.rb ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Glide < PackageManager
+    def possible_package_paths
+      [project_path.join('glide.lock')]
+    end
+    def current_packages
+      detected_path = detected_package_path
+      YAML.load_file(detected_path).fetch('imports').map do |package_hash|
+        import_path = package_hash.fetch('name')
+        license_path = project_path.join('vendor', import_path)
+        GoPackage.from_dependency({
+                                    'ImportPath' => import_path,
+                                    'InstallPath' => license_path,
+                                    'Rev' => package_hash.fetch('version')
+                                  }, nil, true)
+      end
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def package_management_command
+      'glide'
+    end
+    def prepare_command
+      'glide install'
+    end
+  end
+end

data/lib/license_finder/package_managers/go_15vendorexperiment.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Go15VendorExperiment < PackageManager
+    def initialize(options = {})
+      super
+      @full_version = options[:go_full_version]
+    end
+    def active?
+      super && go_files_exist?
+    end
+    def go_files_exist?
+      !Dir[project_path.join('**/*.go')].empty? && !Dir[project_path.join('vendor/**/*.go')].empty?
+    end
+    def possible_package_paths
+      [project_path.join('vendor')]
+    end
+    def project_sha(path)
+      Dir.chdir(path) do
+        stdout, _stderr, status = Cmd.run('git rev-list --max-count 1 HEAD')
+        raise 'git rev-list failed' unless status.success?
+        stdout.strip
+      end
+    end
+    def current_packages
+      deps = go_list
+      vendored_deps = deps.select { |dep| detected_package_path.join(dep).exist? }
+      vendored_deps.map do |dep|
+        GoPackage.from_dependency({
+                                    'ImportPath' => dep,
+                                    'InstallPath' => detected_package_path.join(dep),
+                                    'Rev' => 'vendored-' + project_sha(detected_package_path.join(dep)),
+                                    'Homepage' => repo_name(dep)
+                                  }, nil, true)
+      end
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+    def package_management_command
+      'go'
+    end
+    def go_list
+      Dir.chdir(project_path) do
+        # avoid checking canonical import path. some projects uses
+        # non-canonical import path and rely on the fact that the deps are
+        # checked in. Canonical paths are only checked by `go get'. We
+        # discovered that `go list' will print a warning and unfortunately exit
+        # with status code 1. Setting GOPATH to nil removes those warnings.
+        orig_gopath = ENV['GOPATH']
+        ENV['GOPATH'] = nil
+        val, _stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...')
+        ENV['GOPATH'] = orig_gopath
+        return [] unless status.success?
+        # Select non-standard packages. `go list std` returns the list of standard
+        # dependencies. We then filter those dependencies out of the full list of
+        # dependencies.
+        deps = val.split("\n")
+        Cmd.run('go list std').first.split("\n").each do |std|
+          deps.delete_if do |dep|
+            dep =~ %r{(\/|^)#{std}(\/|$)}
+          end
+        end
+        deps.map do |d|
+          dep_parts = d.split('/')
+          if dep_parts.length > 2
+            dep_parts[0..2].join('/')
+          else
+            d
+          end
+        end
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/go_dep.rb ADDED Viewed

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class GoDep < PackageManager
+    OLD_GODEP_VENDOR_PATH = 'Godeps/_workspace/src'
+    GODEP_VENDOR_PATH = 'vendor'
+    def initialize(options = {})
+      super
+      @full_version = options[:go_full_version]
+    end
+    def current_packages
+      packages_from_json(detected_package_path.read)
+      # godep includes subpackages as a seperate dependency, we can de-dup that
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def possible_package_paths
+      [project_path.join('Godeps/Godeps.json')]
+    end
+    def package_management_command
+      'godep'
+    end
+    private
+    def install_prefix
+      @install_prefix ||= if project_path.join(OLD_GODEP_VENDOR_PATH).directory?
+                            project_path.join(OLD_GODEP_VENDOR_PATH)
+                          elsif project_path.join(GODEP_VENDOR_PATH).directory?
+                            project_path.join(GODEP_VENDOR_PATH)
+                          else
+                            download_dependencies
+                            Pathname(ENV['GOPATH'] ? ENV['GOPATH'] + '/src' : ENV['HOME'] + '/go/src')
+                          end
+    end
+    def download_dependencies
+      command = "#{package_management_command} restore"
+      _, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" if !status.success? && status.exitstatus != 1
+    end
+    def packages_from_json(json_string)
+      all_packages = JSON.parse(json_string)['Deps']
+      return [] unless all_packages
+      packages_grouped_by_revision = all_packages.group_by { |package| package['Rev'] }
+      result = []
+      packages_grouped_by_revision.each do |_sha, packages_in_group|
+        all_paths_in_group = packages_in_group.map { |p| p['ImportPath'] }
+        common_paths = CommonPathHelper.longest_common_paths(all_paths_in_group)
+        package_info = packages_in_group.first
+        common_paths.each do |common_path|
+          dependency_info_hash = {
+            'Homepage' => common_path,
+            'ImportPath' => common_path,
+            'InstallPath' => package_info['InstallPath'],
+            'Rev' => package_info['Rev']
+          }
+          result << GoPackage.from_dependency(dependency_info_hash,
+                                              install_prefix,
+                                              @full_version)
+        end
+      end
+      result
+    end
+  end
+end

data/lib/license_finder/package_managers/go_modules.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+require 'license_finder/packages/go_package'
+module LicenseFinder
+  class GoModules < PackageManager
+    PACKAGES_FILE = 'go.mod'
+    class << self
+      def takes_priority_over
+        Go15VendorExperiment
+      end
+    end
+    def active?
+      mod_files?
+    end
+    def current_packages
+      packages = packages_info.map do |package|
+        name, version, install_path = package.split(',')
+        read_package(install_path, name, version) if install_path.to_s != ''
+      end.compact
+      packages.reject do |package|
+        Pathname(package.install_path).cleanpath == Pathname(project_path).cleanpath
+      end
+    end
+    private
+    def packages_info
+      Dir.chdir(project_path) do
+        # Explanations:
+        # * Only list dependencies (packages not listed in the project directory)
+        #   (.DepOnly)
+        # * Ignore packages that have nil modules
+        #   (.Module)
+        # * Ignore standard library packages
+        #   (not .Standard)
+        # * Replacement modules are respected
+        #   (or .Module.Replace .Module)
+        # * Module cache directory or (vendored) package directory
+        #   (or $mod.Dir .Dir)
+        format_str = \
+          '{{ if and (.DepOnly) (.Module) (not .Standard) }}'\
+            '{{ $mod := (or .Module.Replace .Module) }}'\
+            '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
+          '{{ end }}'
+        # The module list flag (`-m`) is intentionally not used here. If the module
+        # dependency tree were followed, transitive dependencies that are never imported
+        # may be included.
+        #
+        # Instead, the owning module is listed for each imported package. This better
+        # matches the implementation of other Go package managers.
+        #
+        # TODO: Figure out a way to make the vendor directory work (i.e. remove the
+        # -mod=readonly flag). Each of the imported packages gets listed separatly,
+        # confusing the issue as to which package is the root of the module.
+        go_list_cmd = "GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./..."
+        info_output, stderr, status = Cmd.run(go_list_cmd)
+        log_errors_with_cmd(go_list_cmd, "Getting the dependencies from go list failed \n\t#{stderr}") unless status.success?
+        raise "Command '#{go_list_cmd}' failed to execute" unless status.success?
+        # Since many packages may belong to a single module, #uniq is used to deduplicate
+        info_output.split("\n").uniq
+      end
+    end
+    def mod_files?
+      mod_file_paths.any?
+    end
+    def mod_file_paths
+      Dir[project_path.join(PACKAGES_FILE)]
+    end
+    def read_package(install_path, name, version)
+      info = {
+        'ImportPath' => name,
+        'InstallPath' => install_path,
+        'Rev' => version,
+        'Homepage' => repo_name(name)
+      }
+      GoPackage.from_dependency(info, nil, true)
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+  end
+end