gitlab-license_finder 6.14.2.1

data/lib/license_finder/package_utils/conan_info_parser.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class ConanInfoParser
+    def parse(info)
+      @lines = info.lines.map(&:chomp)
+      @state = :project_level # state of the state machine
+      @projects = [] # list of projects
+      @current_project = nil # current project being populated in the SM
+      @current_vals = [] # current val list being populate in the SM
+      @current_key = nil # current key to be associated with the current val
+      while (line = @lines.shift)
+        next if line == ''
+
+        case @state
+        when :project_level
+          @current_project = {}
+          @current_project['name'] = line.strip
+          @state = :key_val
+        when :key_val
+          parse_key_val(line)
+        when :val_list
+          parse_val_list(line)
+        end
+      end
+      wrap_up
+    end
+
+    private
+
+    def parse_key_val(line)
+      key, val = key_val(line)
+      if val
+        @current_project[key] = val
+      elsif line.start_with?(' ')
+        @current_key = key
+        @current_vals = []
+        @state = :val_list
+      else
+        change_to_new_project_state line
+      end
+    end
+
+    def parse_val_list(line)
+      if val_list_level(line)
+        @current_vals << line.strip
+      else
+        @current_project[@current_key] = @current_vals
+        if line.start_with?(' ')
+          @state = :key_val
+          @lines.unshift(line)
+        else
+          change_to_new_project_state line
+        end
+      end
+    end
+
+    def wrap_up
+      @current_project[@current_key] = @current_vals if @current_vals.count && @current_key
+      @projects << @current_project
+    end
+
+    def val_list_level(line)
+      line.start_with?('        ')
+    end
+
+    def change_to_new_project_state(line)
+      @state = :project_level
+      @projects << @current_project
+      @lines.unshift(line)
+    end
+
+    def key_val(info)
+      info.split(':', 2).map(&:strip!)
+    end
+  end
+end

data/lib/license_finder/package_utils/gradle_dependency_finder.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class GradleDependencyFinder
+    def initialize(project_path)
+      @project_path = project_path
+    end
+
+    def dependencies
+      Pathname
+        .glob(@project_path.join('**', 'dependency-license.xml'))
+        .map(&:read)
+    end
+  end
+end

data/lib/license_finder/package_utils/license_files.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'license_finder/package_utils/possible_license_file'
+
+module LicenseFinder
+  class LicenseFiles
+    CANDIDATE_FILE_NAMES = %w[License Licence COPYING README].freeze
+    CANDIDATE_PATH_WILDCARD = "*{#{CANDIDATE_FILE_NAMES.join(',')}}*"
+
+    def self.find(install_path, options = {})
+      new(install_path).find(options)
+    end
+
+    def initialize(install_path)
+      @install_path = install_path ? Pathname(install_path) : nil
+    end
+
+    def find(options = {})
+      paths_of_candidate_files
+        .map { |path| PossibleLicenseFile.new(path, options) }
+        .reject { |file| file.license.nil? }
+    end
+
+    private
+
+    attr_reader :install_path
+
+    def paths_of_candidate_files
+      candidate_files_and_dirs
+        .flat_map { |path| path.directory? ? path.children : path }
+        .reject(&:directory?)
+        .uniq
+    end
+
+    def candidate_files_and_dirs
+      return [] if install_path.nil?
+
+      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD), File::FNM_CASEFOLD)
+    end
+  end
+end

data/lib/license_finder/package_utils/licensing.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'license_finder/package_utils/activation'
+
+module LicenseFinder
+  Licensing = Struct.new(:package, :decided_licenses, :licenses_from_spec, :license_files) do
+    # Implements the algorithm for choosing the right set of licenses from
+    # among the various sources of licenses we know about.  In order of
+    # priority, licenses come from decisions, package specs, or package files.
+    def activations
+      if activations_from_decisions.any? then activations_from_decisions
+      elsif activations_from_spec.any?      then activations_from_spec
+      elsif activations_from_files.any?     then activations_from_files
+      else [default_activation]
+      end
+    end
+
+    def activations_from_decisions
+      @activations_from_decisions ||= decided_licenses
+               .map { |license| Activation::FromDecision.new(package, license) }
+    end
+
+    def activations_from_spec
+      @activations_from_spec ||= licenses_from_spec
+               .map { |license| Activation::FromSpec.new(package, license) }
+    end
+
+    def activations_from_files
+      @activations_from_files ||= license_files
+               .group_by(&:license)
+               .map { |license, files| Activation::FromFiles.new(package, license, files) }
+    end
+
+    def default_activation
+      default_license = License.find_by_name nil
+      Activation::None.new(package, default_license)
+    end
+  end
+end

data/lib/license_finder/package_utils/maven_dependency_finder.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class MavenDependencyFinder
+    def initialize(project_path)
+      @project_path = project_path
+    end
+
+    def dependencies
+      Pathname
+        .glob(@project_path.join('**', 'target', 'generated-resources', 'licenses.xml'))
+        .map(&:read)
+    end
+  end
+end

data/lib/license_finder/package_utils/notice_files.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'license_finder/package_utils/possible_license_file'
+
+module LicenseFinder
+  class NoticeFiles
+    CANDIDATE_FILE_NAMES = %w[NOTICE Notice].freeze
+    CANDIDATE_PATH_WILDCARD = "*{#{CANDIDATE_FILE_NAMES.join(',')}}*"
+
+    def self.find(install_path, options = {})
+      new(install_path).find(options)
+    end
+
+    def initialize(install_path)
+      @install_path = install_path ? Pathname(install_path) : nil
+    end
+
+    def find(options = {})
+      paths_of_candidate_files
+        .map { |path| PossibleLicenseFile.new(path, options) } # Not really possible license files, but that class has all we need.
+    end
+
+    private
+
+    attr_reader :install_path
+
+    def paths_of_candidate_files
+      candidate_files_and_dirs
+        .flat_map { |path| path.directory? ? path.children : path }
+        .reject(&:directory?)
+        .uniq
+    end
+
+    def candidate_files_and_dirs
+      return [] if install_path.nil?
+
+      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+    end
+  end
+end

data/lib/license_finder/package_utils/possible_license_file.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class PossibleLicenseFile
+    def initialize(path, options = {})
+      @path = Pathname(path)
+      @logger = options[:logger]
+    end
+
+    def path
+      @path.to_s
+    end
+
+    def license
+      License.find_by_text(text)
+    end
+
+    def text
+      if @path.exist?
+        @text ||= (@path.respond_to?(:binread) ? @path.binread : @path.read)
+      else
+        @logger.info('ERROR', "#{@path} does not exists", color: :red)
+        ''
+      end
+    end
+  end
+end

data/lib/license_finder/package_utils/pypi.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'openssl'
+
+module LicenseFinder
+  class PyPI
+    CONNECTION_ERRORS = [
+      EOFError,
+      Errno::ECONNREFUSED,
+      Errno::ECONNRESET,
+      Errno::ECONNRESET,
+      Errno::EHOSTUNREACH,
+      Errno::EINVAL,
+      Net::OpenTimeout,
+      Net::ProtocolError,
+      Net::ReadTimeout,
+      OpenSSL::OpenSSLError,
+      OpenSSL::SSL::SSLError,
+      SocketError,
+      Timeout::Error
+    ].freeze
+
+    class << self
+      def definition(name, version)
+        response = request("https://pypi.org/pypi/#{name}/#{version}/json")
+        response.is_a?(Net::HTTPSuccess) ? JSON.parse(response.body).fetch('info', {}) : {}
+      rescue *CONNECTION_ERRORS
+        {}
+      end
+
+      def request(location, limit = 10)
+        uri = URI(location)
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        response = http.get(uri.request_uri).response
+        response.is_a?(Net::HTTPRedirection) && limit.positive? ? request(response['location'], limit - 1) : response
+      end
+    end
+  end
+end

data/lib/license_finder/package_utils/sbt_dependency_finder.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class SbtDependencyFinder
+    def initialize(project_path)
+      @project_path = project_path
+    end
+
+    def dependencies
+      Pathname
+        .glob(@project_path.join('**', 'target', 'license-reports', '*.csv'))
+        .map(&:read)
+    end
+  end
+end

data/lib/license_finder/packages/bower_package.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require 'open-uri'
+
+module LicenseFinder
+  class BowerPackage < Package
+    def initialize(bower_module, options = {})
+      spec = bower_module.fetch('pkgMeta', {})
+
+      if spec.empty?
+        endpoint = bower_module.fetch('endpoint', {})
+        name = endpoint['name']
+        version = endpoint['target']
+      else
+        name = spec['name']
+        version = spec['version']
+      end
+
+      super(
+        name,
+        version,
+        options.merge(
+          summary: spec['description'],
+          description: spec['readme'],
+          homepage: spec['homepage'],
+          spec_licenses: Package.license_names_from_standard_spec(spec),
+          install_path: bower_module['canonicalDir'],
+          missing: bower_module['missing']
+        )
+      )
+    end
+
+    def package_manager
+      'Bower'
+    end
+
+    def package_url
+      meta = JSON.parse(open("https://registry.bower.io/packages/#{CGI.escape(name)}").read)
+      meta['url']
+    end
+  end
+end

data/lib/license_finder/packages/bundler_package.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class BundlerPackage < Package
+    def initialize(spec, bundler_def, options = {})
+      children = spec.dependencies.map(&:name)
+      groups = Array(bundler_def && bundler_def.groups).map(&:to_s)
+
+      super(
+        spec.name,
+        spec.version.to_s,
+        options.merge(
+          authors: Array(spec.authors).join(', '),
+          summary: spec.summary,
+          description: spec.description,
+          homepage: spec.homepage,
+          children: children,
+          groups: groups,
+          spec_licenses: spec.licenses,
+          install_path: spec.full_gem_path
+        )
+      )
+    end
+
+    def package_manager
+      'Bundler'
+    end
+
+    def package_url
+      "https://rubygems.org/gems/#{CGI.escape(name)}/versions/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/cargo_package.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class CargoPackage < Package
+    def initialize(crate, options = {})
+      crate = crate.reject { |_, v| v.nil? || v == '' }
+      children = crate.fetch('dependencies', []).map { |p| p['name'] }
+      licenses = crate.fetch('license', '').split('/')
+      super(
+        crate['name'],
+        crate['version'],
+        options.merge(
+          summary: crate.fetch('description', '').strip,
+          spec_licenses: licenses.compact,
+          children: children
+        )
+      )
+    end
+
+    def package_manager
+      'Cargo'
+    end
+
+    def package_url
+      "https://crates.io/crates/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/carthage_package.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class CarthagePackage < Package
+    def initialize(name, version, license_text, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'Carthage'
+    end
+  end
+end

data/lib/license_finder/packages/cocoa_pods_package.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class CocoaPodsPackage < Package
+    def initialize(name, version, license_text, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'CocoaPods'
+    end
+
+    def package_url
+      "https://cocoapods.org/pods/#{CGI.escape(name)}"
+    end
+  end
+end

data/lib/license_finder/packages/composer_package.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class ComposerPackage < Package
+    def package_manager
+      'Composer'
+    end
+
+    def package_url
+      "https://packagist.org/packages/#{CGI.escape(name)}##{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/conan_package.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class ConanPackage < Package
+    def initialize(name, version, license_text, url, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+      @homepage = url
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'Conan'
+    end
+
+    def package_url
+      "https://conan.io/center/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/conda_package.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class CondaPackage < Package
+    attr_accessor :identifier, :json
+
+    def initialize(conda_json)
+      @json = conda_json
+      @identifier = Identifier.from_hash(conda_json)
+      super(@identifier.name,
+            @identifier.version,
+            spec_licenses: Package.license_names_from_standard_spec(conda_json),
+            children: children)
+    end
+
+    def ==(other)
+      other.is_a?(CondaPackage) && @identifier == other.identifier
+    end
+
+    def to_s
+      @identifier.to_s
+    end
+
+    def package_manager
+      'Conda'
+    end
+
+    def package_url
+      @json['url']
+    end
+
+    def children
+      @json.fetch('depends', []).map { |constraint| constraint.split.first }
+    end
+
+    class Identifier
+      attr_accessor :name, :version
+
+      def initialize(name, version)
+        @name = name
+        @version = version
+      end
+
+      def self.from_hash(hash)
+        name = hash['name']
+        version = hash['version']
+        return nil if name.nil? || version.nil?
+
+        Identifier.new(name, version)
+      end
+
+      def ==(other)
+        other.is_a?(Identifier) && @name == other.name && @version == other.version
+      end
+
+      def eql?(other)
+        self == other
+      end
+
+      def hash
+        [@name, @version].hash
+      end
+
+      def <=>(other)
+        sort_name = @name <=> other.name
+        sort_name.zero? ? @version <=> other.version : sort_name
+      end
+
+      def to_s
+        "#{@name} - #{@version}"
+      end
+    end
+  end
+end

data/lib/license_finder/packages/erlangmk_package.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+
+class InvalidErlangmkPackageError < ArgumentError
+end
+
+module LicenseFinder
+  class ErlangmkPackage < Package
+    attr_reader :dep_parent,
+                :dep_name,
+                :dep_fetch_method,
+                :dep_repo_unformatted,
+                :dep_version_unformatted,
+                :dep_absolute_path
+
+    def initialize(dep_string_from_query_deps)
+      @dep_parent,
+      @dep_name,
+      @dep_fetch_method,
+      @dep_repo_unformatted,
+      @dep_version_unformatted,
+      @dep_absolute_path = dep_string_from_query_deps.split
+
+      raise_invalid(dep_string_from_query_deps) unless all_parts_valid?
+
+      super(
+        dep_name,
+        dep_version,
+        homepage: dep_repo,
+        install_path: dep_absolute_path
+      )
+    end
+
+    def package_manager
+      'Erlangmk'
+    end
+
+    def dep_version
+      @dep_version ||= begin
+        dep_version_unformatted.sub(version_prefix_re, '')
+      end
+    end
+
+    def dep_repo
+      @dep_repo ||= dep_repo_unformatted
+                    .chomp('.git')
+                    .sub('git@github.com:', 'https://github.com/')
+    end
+
+    def raise_invalid(dep_string)
+      invalid_dep_message = "'#{dep_string}' does not look like a valid Erlank.mk dependency"
+      valid_dep_example = "A valid dependency example: 'lager: goldrush git https://github.com/DeadZen/goldrush.git 0.1.9 /absolute/path/to/dep'"
+      raise(InvalidErlangmkPackageError, "#{invalid_dep_message}. #{valid_dep_example}")
+    end
+
+    def all_parts_valid?
+      dep_part_valid?(dep_parent) &&
+        dep_part_valid?(dep_name) &&
+        set?(dep_fetch_method) &&
+        dep_repo_valid? &&
+        dep_version_valid? &&
+        set?(dep_absolute_path)
+    end
+
+    private
+
+    def dep_part_valid?(dep_part)
+      set?(dep_part) &&
+        word?(dep_part)
+    end
+
+    def set?(dep_part)
+      !dep_part.nil? &&
+        !dep_part.empty?
+    end
+
+    def word?(dep_part)
+      dep = dep_part.chomp(':')
+      dep =~ word_re
+    end
+
+    def dep_repo_valid?
+      set?(dep_repo_unformatted) &&
+        URI.parse(dep_repo)
+    end
+
+    def dep_version_valid?
+      return false unless set?(dep_version_unformatted)
+
+      if dep_version =~ version_re
+        Gem::Version.correct?(dep_version)
+      else
+        dep_version =~ word_dot_re
+      end
+    end
+
+    def version_re
+      @version_re ||= Regexp.new('\d+\.\d+\.\d+')
+    end
+
+    def version_prefix_re
+      @version_prefix_re ||= Regexp.new('^v')
+    end
+
+    def word_re
+      @word_re ||= Regexp.new('^\w+$')
+    end
+
+    def word_dot_re
+      @word_dot_re ||= Regexp.new('^[.\w]+$')
+    end
+  end
+end