gitlab-license_finder 6.14.2.1

data/lib/license_finder/packages/go_package.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'license_finder/package'
+
+module LicenseFinder
+  class GoPackage < Package
+    def package_manager
+      'Go'
+    end
+
+    def package_url
+      "https://pkg.go.dev/#{CGI.escape(name)}@#{CGI.escape(version)}"
+    end
+
+    class << self
+      def from_dependency(hash, prefix, full_version)
+        name = hash['ImportPath']
+        install_path = hash['InstallPath']
+        install_path ||= install_path(prefix.join(name))
+        version = full_version ? hash['Rev'].gsub('+incompatible', '') : hash['Rev'][0..6]
+        homepage = hash['Homepage']
+        new(name, version, install_path: install_path, package_manager: 'Go', homepage: homepage)
+      end
+
+      private
+
+      def install_path(path)
+        Pathname(path).cleanpath.to_s
+      end
+    end
+  end
+end

data/lib/license_finder/packages/gradle_package.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class GradlePackage < Package
+    def initialize(spec, options = {})
+      name = spec['name']
+      if name.scan(':').size >= 1
+        group, name, version = name.split(':')
+      else
+        version = 'unknown'
+      end
+
+      name = options[:include_groups] ? "#{group}:#{name}" : name
+
+      licenses = Array(spec['license'])
+                 .map { |l| l['name'] }
+                 .reject { |reject_name| reject_name == 'No license found' }
+
+      super(name, version, options.merge(spec_licenses: licenses))
+    end
+
+    def package_manager
+      'Gradle'
+    end
+
+    def package_url
+      "https://plugins.gradle.org/plugin/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/manual_package.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class ManualPackage < Package
+    def ==(other)
+      eql? other
+    end
+
+    def eql?(other)
+      name == other.name
+    end
+
+    def hash
+      name.hash
+    end
+
+    private
+
+    def licenses_from_spec
+      Set.new
+    end
+
+    def licenses_from_files
+      Set.new
+    end
+  end
+end

data/lib/license_finder/packages/maven_package.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class MavenPackage < Package
+    def initialize(spec, options = {})
+      name = spec['artifactId']
+      name = "#{spec['groupId']}:#{name}" if options[:include_groups]
+
+      super(
+        name,
+        spec['version'],
+        options.merge(
+          spec_licenses: Array(spec['licenses']).map { |l| l['name'] },
+          groups: Array(spec['groupId'])
+        )
+      )
+    end
+
+    def package_manager
+      'Maven'
+    end
+
+    def package_url
+      "https://search.maven.org/artifact/#{CGI.escape(groups.first)}/#{CGI.escape(name.split(':').last)}/#{CGI.escape(version)}/jar"
+    end
+  end
+end

data/lib/license_finder/packages/merged_package.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class MergedPackage < Package
+    extend Forwardable
+    attr_reader :dependency
+
+    def initialize(package, aggregate_paths)
+      @dependency = package
+      @aggregate_paths = aggregate_paths.map { |p| Pathname(p) }
+      super(package.name, package.version)
+    end
+
+    def_delegators :@dependency, :name, :version, :authors, :summary, :description, :homepage, :package_url, :children, :parents,
+                   :groups, :permitted, :restricted, :manual_approval, :install_path, :licenses, :approved_manually?,
+                   :approved_manually!, :approved?, :permitted!, :permitted?, :restricted!, :restricted?, :hash,
+                   :activations, :missing, :license_names_from_spec, :decided_licenses, :licensing, :decide_on_license,
+                   :license_files, :package_manager, :missing?, :log_activation, :notice_files
+
+    def aggregate_paths
+      @aggregate_paths.map { |p| p.expand_path.to_s }
+    end
+
+    def <=>(other)
+      dependency <=> other.dependency
+    end
+
+    def eql?(other)
+      if other.instance_of? MergedPackage
+        other.dependency.eql?(dependency)
+      else
+        dependency.eql?(other)
+      end
+    end
+
+    def ==(other)
+      dependency.eql?(other.dependency) && aggregate_paths.eql?(other.aggregate_paths)
+    end
+
+    def method_missing(_method_name)
+      nil
+    end
+  end
+end

data/lib/license_finder/packages/mix_package.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class MixPackage < Package
+    def package_manager
+      'Mix'
+    end
+
+    def package_url
+      "https://hex.pm/packages/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/npm_package.rb

@@ -0,0 +1,171 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class NpmPackage < Package
+    attr_accessor :identifier, :dependencies, :groups, :json
+
+    class << self
+      def packages_from_json(npm_json, package_path)
+        @packages = flattened_dependencies(npm_json)
+        package_json = PackageJson.new(package_path)
+        populate_groups(package_json)
+        @packages.reject! do |_identifier, package|
+          package.name.empty? &&
+            package.version.empty? &&
+            package.licenses.length == 1 &&
+            package.licenses.first.name == 'unknown'
+        end
+        @packages.values
+      end
+
+      private
+
+      def flattened_dependencies(npm_json, existing_packages = {})
+        identifier = Identifier.from_hash npm_json
+        if existing_packages[identifier].nil?
+          existing_packages[identifier] = NpmPackage.new(npm_json) if identifier
+          npm_json.fetch('dependencies', {}).values.map do |d|
+            flattened_dependencies(d, existing_packages)
+          end
+        else
+          duplicate_package = NpmPackage.new(npm_json)
+          unless existing_packages[identifier].dependencies.include?(duplicate_package.dependencies)
+            existing_packages[identifier].dependencies |= duplicate_package.dependencies
+            npm_json.fetch('dependencies', {}).values.map do |d|
+              flattened_dependencies(d, existing_packages)
+            end
+          end
+        end
+        existing_packages
+      end
+
+      def populate_groups(package_json)
+        package_json.groups.each do |group|
+          group.package_names.each do |package_name|
+            @packages.each_key do |identifier|
+              next unless identifier.name == package_name
+
+              dependency = @packages[identifier]
+              dependency.groups |= [group.name]
+              populate_child_groups(dependency, @packages)
+            end
+          end
+        end
+      end
+
+      def populate_child_groups(dependency, packages, populated_ids = [])
+        dependency.dependencies.each do |id|
+          next if populated_ids.include? id
+
+          populated_ids.push id
+          packages[id].groups |= dependency.groups
+          populate_child_groups(packages[id], packages, populated_ids)
+        end
+      end
+    end
+
+    def initialize(npm_json)
+      @json = npm_json
+      @identifier = Identifier.from_hash(npm_json)
+      @dependencies = deps_from_json
+      super(@identifier.name,
+            @identifier.version,
+            description: npm_json['description'],
+            homepage: npm_json['homepage'],
+            spec_licenses: Package.license_names_from_standard_spec(npm_json),
+            install_path: npm_json['path'],
+            children: @dependencies.map(&:name))
+    end
+
+    def ==(other)
+      other.is_a?(NpmPackage) && @identifier == other.identifier
+    end
+
+    def to_s
+      @identifier.to_s
+    end
+
+    def package_manager
+      'Npm'
+    end
+
+    def package_url
+      "https://www.npmjs.com/package/#{CGI.escape(name)}/v/#{CGI.escape(version)}"
+    end
+
+    private
+
+    def deps_from_json
+      @json.fetch('dependencies', {}).values.map { |dep| Identifier.from_hash(dep) }.compact
+    end
+
+    class Identifier
+      attr_accessor :name, :version
+
+      def initialize(name, version)
+        @name = name
+        @version = version
+      end
+
+      def self.from_hash(hash)
+        name = hash['name']
+        version = hash['version']
+        return nil if name.nil? || version.nil?
+
+        Identifier.new(name, version)
+      end
+
+      def ==(other)
+        other.is_a?(Identifier) && @name == other.name && @version == other.version
+      end
+
+      def eql?(other)
+        self == other
+      end
+
+      def hash
+        [@name, @version].hash
+      end
+
+      def <=>(other)
+        sort_name = @name <=> other.name
+        sort_name.zero? ? @version <=> other.version : sort_name
+      end
+
+      def to_s
+        "#{@name} - #{@version}"
+      end
+    end
+
+    class Group
+      attr_accessor :name, :package_names
+
+      def initialize(name, hash)
+        @name = name
+        @package_names = hash.keys
+      end
+
+      def include?(identifier)
+        @package_names.include? identifier.name
+      end
+
+      def to_s
+        @name
+      end
+    end
+
+    class PackageJson
+      attr_reader :groups
+      DEPENDENCY_GROUPS = %w[dependencies devDependencies].freeze
+
+      def initialize(path)
+        json = JSON.parse(File.read(path), max_nesting: false)
+        @groups = DEPENDENCY_GROUPS.map { |name| Group.new(name, json.fetch(name, {})) }
+      end
+
+      def groups_for(identifier)
+        @groups.select { |g| g.include? identifier }.map(&:name)
+      end
+    end
+  end
+end

data/lib/license_finder/packages/nuget_package.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class NugetPackage < Package
+    def package_manager
+      'Nuget'
+    end
+
+    def package_url
+      "https://www.nuget.org/packages/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/pip_package.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'set'
+
+module LicenseFinder
+  class PipPackage < Package
+    LICENSE_FORMAT = /^License.*::\s*(.*)$/.freeze
+    INVALID_LICENSES = ['', 'UNKNOWN'].to_set
+
+    def self.license_names_from_spec(spec)
+      license_names = spec['license'].to_s.strip.split(' or ')
+      has_unrecognized_license = false
+
+      license_names.each do |license_name|
+        license = License.find_by_name(license_name.strip)
+
+        has_unrecognized_license ||= license.unrecognized_matcher?
+      end
+
+      return license_names if !license_names.empty? && !has_unrecognized_license
+
+      spec
+        .fetch('classifiers', [])
+        .select { |c| c =~ LICENSE_FORMAT }
+        .map { |c| c.gsub(LICENSE_FORMAT, '\1') }
+    end
+
+    def initialize(name, version, spec, options = {})
+      super(
+        name,
+        version,
+        options.merge(
+          authors: spec['author'],
+          summary: spec['summary'],
+          description: spec['description'],
+          homepage: spec['home_page'],
+          spec_licenses: self.class.license_names_from_spec(spec)
+        )
+      )
+    end
+
+    def package_manager
+      'Pip'
+    end
+
+    def package_url
+      "https://pypi.org/project/#{CGI.escape(name)}/#{CGI.escape(version)}/"
+    end
+  end
+end

data/lib/license_finder/packages/rebar_package.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class RebarPackage < Package
+    def package_manager
+      'Rebar'
+    end
+
+    def package_url
+      "https://hex.pm/packages/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
+  end
+end

data/lib/license_finder/packages/sbt_package.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class SbtPackage < Package
+    def initialize(spec, options = {})
+      name = spec['artifactId']
+      name = "#{spec['groupId']}:#{name}" if options[:include_groups]
+
+      super(
+        name,
+        spec['version'],
+        options.merge(
+          spec_licenses: Array(spec['licenses']).map { |l| l['name'] }
+        )
+      )
+    end
+
+    def package_manager
+      'Sbt'
+    end
+  end
+end

data/lib/license_finder/packages/spm_package.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class SpmPackage < Package
+    def initialize(name, version, license_text, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'Spm'
+    end
+  end
+end

data/lib/license_finder/packages/yarn_package.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class YarnPackage < Package
+    def package_manager
+      'Yarn'
+    end
+
+    def package_url
+      "https://yarn.pm/#{CGI.escape(name)}"
+    end
+  end
+end

data/lib/license_finder/platform.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module Platform
+    def self.darwin?
+      RUBY_PLATFORM =~ /darwin/
+    end
+
+    def self.windows?
+      # SO: What is the correct way to detect if ruby is running on Windows?,
+      # cf. https://stackoverflow.com/a/21468976/2592915
+      Gem.win_platform? || RUBY_PLATFORM =~ /mswin|cygwin|mingw/
+    end
+  end
+end

data/lib/license_finder/project_finder.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class ProjectFinder
+    def initialize(main_project_path, strict_matching = false)
+      @package_managers = LicenseFinder::Scanner::PACKAGE_MANAGERS
+      @strict_matching = strict_matching
+      @main_project_path = main_project_path
+    end
+
+    def find_projects
+      project_paths = []
+      all_paths = find_all_paths
+      until all_paths.empty?
+        project_paths << collect_project_path(all_paths)
+        all_paths.shift
+      end
+      project_paths.compact
+    end
+
+    def collect_project_path(all_paths)
+      potential_project_path = all_paths.first
+      is_active_project = active_project?(potential_project_path)
+      return unless is_active_project
+
+      potential_project_path.to_s
+    end
+
+    private
+
+    def find_all_paths
+      Dir.glob("#{@main_project_path}/**/").map { |path| full_path(path) }
+    end
+
+    def remove_nested(pathname, paths)
+      return if project_root?(pathname)
+
+      paths.reject! { |path| nested_path?(path, pathname) }
+    end
+
+    def project_root?(pathname)
+      full_path(@main_project_path).to_s == pathname.to_s
+    end
+
+    def active_project?(project_path)
+      active_project = @package_managers.map do |pm_class|
+        pm = pm_class.new(project_path: project_path, strict_matching: @strict_matching)
+        pm.active?
+      end
+
+      active_project.include?(true)
+    end
+
+    def full_path(rel_path)
+      Pathname.new(rel_path).expand_path
+    end
+
+    def nested_path?(path, pathname)
+      path.to_s.start_with?(pathname.to_s) && path.to_s != pathname.to_s
+    end
+  end
+end

data/lib/license_finder/report.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Report
+    def self.of(dependencies, options)
+      new(dependencies, options).to_s
+    end
+
+    def initialize(dependencies, options)
+      @dependencies = dependencies
+      @project_name = options[:project_name]
+    end
+
+    private
+
+    attr_reader :dependencies, :project_name
+
+    def sorted_dependencies
+      dependencies.sort
+    end
+  end
+end
+
+require 'license_finder/reports/erb_report'
+require 'license_finder/reports/csv_report'
+require 'license_finder/reports/text_report'
+require 'license_finder/reports/diff_report'
+require 'license_finder/reports/merged_report'
+require 'license_finder/reports/html_report'
+require 'license_finder/reports/markdown_report'
+require 'license_finder/reports/xml_report'
+require 'license_finder/reports/json_report'
+require 'license_finder/reports/junit_report'

data/lib/license_finder/reports/csv_report.rb

@@ -0,0 +1,99 @@
+require 'csv'
+
+module LicenseFinder
+  class CsvReport < Report
+    COMMA_SEP = ','.freeze
+    NEWLINE_SEP = '\@NL'.freeze
+    AVAILABLE_COLUMNS = %w[name version authors licenses license_links approved summary description homepage install_path package_manager groups texts notice].freeze
+    MISSING_DEPENDENCY_TEXT = 'This package is not installed. Please install to determine licenses.'.freeze
+
+    def initialize(dependencies, options)
+      super
+      options[:columns] ||= %w[name version licenses]
+      @columns = Array(options[:columns]) & self.class::AVAILABLE_COLUMNS
+      @write_headers = options[:write_headers] || false
+    end
+
+    def to_s
+      CSV.generate(col_sep: self.class::COMMA_SEP, headers: @columns, write_headers: @write_headers) do |csv|
+        sorted_dependencies.each do |s|
+          csv << format_dependency(s)
+        end
+      end
+    end
+
+    private
+
+    def format_dependency(dep)
+      @columns.map do |column|
+        send("format_#{column}", dep)
+      end
+    end
+
+    def format_texts(dep)
+      dep.license_files.map { |file| file.text.split(/[\n\r]+/).join(self.class::NEWLINE_SEP) }
+          .join(self.class::NEWLINE_SEP).force_encoding("ISO-8859-1").encode("UTF-8")
+    end
+
+    def format_notice(dep)
+      dep.notice_files.map { |file| file.text.split(/[\n\r]+/).join(self.class::NEWLINE_SEP) }
+          .join(self.class::NEWLINE_SEP).force_encoding("ISO-8859-1").encode("UTF-8")
+    end
+
+    def format_name(dep)
+      dep.name
+    end
+
+    def format_version(dep)
+      dep.version
+    end
+
+    def format_authors(dep)
+      dep.authors.to_s.strip
+    end
+
+    def format_homepage(dep)
+      dep.homepage
+    end
+
+    def format_licenses(dep)
+      if dep.missing?
+        MISSING_DEPENDENCY_TEXT
+      else
+        dep.licenses.map(&:name).join(self.class::COMMA_SEP)
+      end
+    end
+
+    def format_license_links(dep)
+      dep.licenses.map(&:url).join(self.class::COMMA_SEP)
+    end
+
+    def format_approved(dep)
+      dep.approved? ? 'Approved' : 'Not approved'
+    end
+
+    def format_summary(dep)
+      dep.summary.to_s.strip
+    end
+
+    def format_description(dep)
+      dep.description.to_s.strip
+    end
+
+    def format_install_path(dep)
+      dep.install_path
+    end
+
+    def format_package_manager(dep)
+      dep.package_manager
+    end
+
+    def format_groups(dep)
+      if dep.groups.nil?
+        ''
+      else
+        dep.groups.join(self.class::COMMA_SEP)
+      end
+    end
+  end
+end