gitlab-license_finder 6.14.2.1

data/lib/license_finder/core.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+require 'license_finder/logger'
+require 'license_finder/license'
+
+require 'license_finder/configuration'
+require 'license_finder/package_manager'
+require 'license_finder/decisions'
+require 'license_finder/decisions_factory'
+require 'license_finder/decision_applier'
+require 'license_finder/scanner'
+
+module LicenseFinder
+  # Coordinates setup
+  class Core
+    attr_reader :config
+
+    def self.default_logger
+      Logger.new
+    end
+
+    # Default +options+:
+    # {
+    #   project_path: Pathname.pwd
+    #   logger: nil,   # can be :quiet or :debug
+    #   decisions_file: "doc/dependency_decisions.yml",
+    #   gradle_command: "gradle",
+    #   rebar_command: "rebar",
+    #   rebar_deps_dir: "deps",
+    # }
+    def initialize(configuration)
+      @logger = Logger.new(configuration.logger_mode)
+      @config = configuration
+      @scanner = Scanner.new(options)
+    end
+
+    def modifying
+      yield
+      decisions.save!(config.decisions_file_path)
+    end
+
+    extend Forwardable
+    def_delegators :decision_applier, :acknowledged, :unapproved, :restricted, :any_packages?
+
+    def project_name
+      decisions.project_name || config.project_path.basename.to_s
+    end
+
+    def project_path
+      config.project_path
+    end
+
+    def decisions
+      @decisions ||= DecisionsFactory.decisions(config.decisions_file_path)
+    end
+
+    def prepare_projects
+      clear_logs
+      package_managers = @scanner.active_package_managers
+      package_managers.each do |manager|
+        logger.debug manager.class, 'Running prepare on project'
+        manager.prepare
+        logger.debug manager.class, 'Finished prepare on project', color: :green
+      end
+    end
+
+    private
+
+    attr_reader :logger
+
+    # The core of the system. The saved decisions are applied to the current
+    # packages.
+    def decision_applier
+      # lazy, do not move to `initialize`
+      # Needs to be lazy loaded to prvent multiple decision appliers being created each time
+      @decision_applier ||= DecisionApplier.new(decisions: decisions, packages: current_packages)
+    end
+
+    def current_packages
+      # lazy, do not move to `initialize`
+      @scanner.active_packages
+    end
+
+    def clear_logs
+      FileUtils.rmtree config.log_directory, secure: true if File.directory? config.log_directory
+    end
+
+    def options # rubocop:disable Metrics/AbcSize
+      {
+        logger: logger,
+        project_path: config.project_path,
+        log_directory: File.join(config.log_directory, project_name),
+        ignored_groups: decisions.ignored_groups,
+        enabled_package_manager_ids: config.enabled_package_manager_ids,
+        go_full_version: config.go_full_version,
+        gradle_command: config.gradle_command,
+        gradle_include_groups: config.gradle_include_groups,
+        maven_include_groups: config.maven_include_groups,
+        maven_options: config.maven_options,
+        npm_options: config.npm_options,
+        pip_requirements_path: config.pip_requirements_path,
+        python_version: config.python_version,
+        rebar_command: config.rebar_command,
+        rebar_deps_dir: config.rebar_deps_dir,
+        elixir_command: config.elixir_command,
+        mix_command: config.mix_command,
+        mix_deps_dir: config.mix_deps_dir,
+        prepare: config.prepare,
+        prepare_no_fail: config.prepare_no_fail,
+        sbt_include_groups: config.sbt_include_groups,
+        conda_bash_setup_script: config.conda_bash_setup_script,
+        composer_check_require_only: config.composer_check_require_only
+      }
+    end
+  end
+end

data/lib/license_finder/decision_applier.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class DecisionApplier
+    def initialize(options)
+      @decisions = options.fetch(:decisions)
+      @all_packages = options.fetch(:packages).to_set + @decisions.packages.to_set
+      @acknowledged = apply_decisions
+    end
+
+    attr_reader :acknowledged
+
+    def unapproved
+      acknowledged.reject(&:approved?)
+    end
+
+    def restricted
+      acknowledged.select(&:restricted?)
+    end
+
+    def any_packages?
+      all_packages.any?
+    end
+
+    private
+
+    attr_reader :decisions, :all_packages
+
+    def apply_decisions
+      all_packages
+        .reject { |package| ignored?(package) }
+        .map do |package|
+          with_homepage(
+            with_approval(
+              with_decided_licenses(package)
+            )
+          )
+        end
+    end
+
+    def ignored?(package)
+      decisions.ignored?(package.name) ||
+        (package.groups.any? && package.groups.all? { |group| decisions.ignored_group?(group) })
+    end
+
+    def with_decided_licenses(package)
+      decisions.licenses_of(package.name).each do |license|
+        package.decide_on_license license
+      end
+      package
+    end
+
+    def with_homepage(package)
+      homepage = decisions.homepage_of(package.name)
+      package.homepage = homepage if homepage
+      package
+    end
+
+    def with_approval(package)
+      if package.licenses.all? { |license| decisions.restricted?(license) }
+        package.restricted!
+      elsif decisions.approved?(package.name, package.version)
+        package.approved_manually!(decisions.approval_of(package.name, package.version))
+      elsif package.licenses.any? { |license| decisions.permitted?(license) }
+        package.permitted!
+      end
+      package
+    end
+  end
+end

data/lib/license_finder/decisions.rb

@@ -0,0 +1,312 @@
+# frozen_string_literal: true
+
+require 'open-uri'
+require 'license_finder/license'
+
+module LicenseFinder
+  class Decisions
+    ######
+    # READ
+    ######
+
+    attr_reader :packages, :permitted, :restricted, :ignored, :ignored_groups, :project_name, :inherited_decisions
+
+    def licenses_of(name)
+      @licenses[name]
+    end
+
+    def homepage_of(name)
+      @homepages[name]
+    end
+
+    def approval_of(name, version = nil)
+      if !@approvals.key?(name)
+        nil
+      elsif !version.nil?
+        @approvals[name] if @approvals[name][:safe_versions].empty? || @approvals[name][:safe_versions].include?(version)
+      elsif @approvals[name][:safe_versions].empty?
+        @approvals[name]
+      end
+    end
+
+    def approved?(name, version = nil)
+      if !@approvals.key?(name)
+        nil
+      elsif !version.nil?
+        @approvals.key?(name) && @approvals[name][:safe_versions].empty? || @approvals[name][:safe_versions].include?(version)
+      else
+        @approvals.key?(name)
+      end
+    end
+
+    def permitted?(lic)
+      if @permitted.include?(lic)
+        true
+      elsif lic.is_a?(OrLicense)
+        lic.sub_licenses.any? { |sub_lic| @permitted.include?(sub_lic) }
+      elsif lic.is_a?(AndLicense)
+        lic.sub_licenses.all? { |sub_lic| @permitted.include?(sub_lic) }
+      else
+        false
+      end
+    end
+
+    def restricted?(lic)
+      @restricted.include?(lic)
+    end
+
+    def ignored?(name)
+      @ignored.include?(name)
+    end
+
+    def ignored_group?(name)
+      @ignored_groups.include?(name)
+    end
+
+    #######
+    # WRITE
+    #######
+
+    TXN = Struct.new(:who, :why, :safe_when, :safe_versions) do
+      def self.from_hash(txn, versions)
+        new(txn[:who], txn[:why], txn[:when], versions || [])
+      end
+    end
+
+    def initialize
+      @decisions = []
+      @packages = Set.new
+      @licenses = Hash.new { |h, k| h[k] = Set.new }
+      @homepages = {}
+      @approvals = {}
+      @permitted = Set.new
+      @restricted = Set.new
+      @ignored = Set.new
+      @ignored_groups = Set.new
+      @inherited_decisions = Set.new
+    end
+
+    def add_package(name, version, txn = {})
+      add_decision [:add_package, name, version, txn]
+      @packages << ManualPackage.new(name, version)
+      self
+    end
+
+    def remove_package(name, txn = {})
+      add_decision [:remove_package, name, txn]
+      @packages.delete(ManualPackage.new(name))
+      self
+    end
+
+    def license(name, lic, txn = {})
+      add_decision [:license, name, lic, txn]
+      @licenses[name] << License.find_by_name(lic)
+      self
+    end
+
+    def unlicense(name, lic, txn = {})
+      add_decision [:unlicense, name, lic, txn]
+      @licenses[name].delete(License.find_by_name(lic))
+      self
+    end
+
+    def homepage(name, homepage, txn = {})
+      add_decision [:homepage, name, homepage, txn]
+      @homepages[name] = homepage
+      self
+    end
+
+    def approve(name, txn = {})
+      add_decision [:approve, name, txn]
+
+      versions = []
+      versions = @approvals[name][:safe_versions] if @approvals.key?(name)
+      @approvals[name] = TXN.from_hash(txn, versions)
+      @approvals[name][:safe_versions].concat(txn[:versions]) unless txn[:versions].nil?
+      self
+    end
+
+    def unapprove(name, txn = {})
+      add_decision [:unapprove, name, txn]
+      @approvals.delete(name)
+      self
+    end
+
+    def permit(lic, txn = {})
+      add_decision [:permit, lic, txn]
+      @permitted << License.find_by_name(lic)
+      self
+    end
+
+    def unpermit(lic, txn = {})
+      add_decision [:unpermit, lic, txn]
+      @permitted.delete(License.find_by_name(lic))
+      self
+    end
+
+    def restrict(lic, txn = {})
+      add_decision [:restrict, lic, txn]
+      @restricted << License.find_by_name(lic)
+      self
+    end
+
+    def unrestrict(lic, txn = {})
+      add_decision [:unrestrict, lic, txn]
+      @restricted.delete(License.find_by_name(lic))
+      self
+    end
+
+    def ignore(name, txn = {})
+      add_decision [:ignore, name, txn]
+      @ignored << name
+      self
+    end
+
+    def heed(name, txn = {})
+      add_decision [:heed, name, txn]
+      @ignored.delete(name)
+      self
+    end
+
+    def ignore_group(name, txn = {})
+      add_decision [:ignore_group, name, txn]
+      @ignored_groups << name
+      self
+    end
+
+    def heed_group(name, txn = {})
+      add_decision [:heed_group, name, txn]
+      @ignored_groups.delete(name)
+      self
+    end
+
+    def name_project(name, txn = {})
+      add_decision [:name_project, name, txn]
+      @project_name = name
+      self
+    end
+
+    def unname_project(txn = {})
+      add_decision [:unname_project, txn]
+      @project_name = nil
+      self
+    end
+
+    def inherit_from(filepath_info)
+      decisions =
+        if filepath_info.is_a?(Hash)
+          resolve_inheritance(filepath_info)
+        elsif filepath_info =~ %r{^https?://}
+          open_uri(filepath_info).read
+        else
+          Pathname(filepath_info).read
+        end
+
+      add_decision [:inherit_from, filepath_info]
+      @inherited_decisions << filepath_info
+      restore_inheritance(decisions)
+    end
+
+    def resolve_inheritance(filepath_info)
+      if (gem_name = filepath_info['gem'])
+        Pathname(gem_config_path(gem_name, filepath_info['path'])).read
+      else
+        open_uri(filepath_info['url'], filepath_info['authorization']).read
+      end
+    end
+
+    def gem_config_path(gem_name, relative_config_path)
+      spec = Gem::Specification.find_by_name(gem_name)
+      File.join(spec.gem_dir, relative_config_path)
+    rescue Gem::LoadError => e
+      raise Gem::LoadError,
+            "Unable to find gem #{gem_name}; is the gem installed? #{e}"
+    end
+
+    def remove_inheritance(filepath)
+      @decisions -= [[:inherit_from, filepath]]
+      @inherited_decisions.delete(filepath)
+      self
+    end
+
+    def add_decision(decision)
+      @decisions << decision unless @inherited
+    end
+
+    def restore_inheritance(decisions)
+      @inherited = true
+      self.class.restore(decisions, self)
+      @inherited = false
+      self
+    end
+
+    def open_uri(uri, auth = nil)
+      header = {}
+      auth_header = resolve_authorization(auth)
+      header['Authorization'] = auth_header if auth_header
+
+      # ruby < 2.5.0 URI.open is private
+      if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5.0')
+        # rubocop:disable Security/Open
+        open(uri, header)
+        # rubocop:enable Security/Open
+      else
+        URI.open(uri, header)
+      end
+    end
+
+    def resolve_authorization(auth)
+      return unless auth
+
+      token_env = auth.match(/\$(\S.*)/)
+      return auth unless token_env
+
+      token = ENV[token_env[1]]
+      auth.sub(token_env[0], token)
+    end
+
+    #########
+    # PERSIST
+    #########
+
+    def self.fetch_saved(file)
+      restore(read!(file))
+    end
+
+    def save!(file)
+      write!(persist, file)
+    end
+
+    def self.restore(persisted, result = new)
+      return result unless persisted
+
+      actions = YAML.load(persisted)
+
+      list_of_actions = (actions || []).map(&:first)
+
+      if (list_of_actions & %i[whitelist blacklist]).any?
+        raise 'The decisions file seems to have whitelist/blacklist keys which are deprecated. Please replace them with permit/restrict respectively and try again! More info - https://github.com/pivotal/LicenseFinder/commit/a40b22fda11b3a0efbb3c0a021381534bc998dd9'
+      end
+
+      (actions || []).each do |action, *args|
+        result.send(action, *args)
+      end
+      result
+    end
+
+    def persist
+      YAML.dump(@decisions)
+    end
+
+    def self.read!(file)
+      file.read if file.exist?
+    end
+
+    def write!(value, file)
+      file.dirname.mkpath
+      file.open('w+') do |f|
+        f.print value
+      end
+    end
+  end
+end

data/lib/license_finder/decisions_factory.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class DecisionsFactory
+    @decisions = {}
+    class << self
+      def decisions(decisions_file_path)
+        @decisions[decisions_file_path] = Decisions.fetch_saved(decisions_file_path) if @decisions[decisions_file_path].nil?
+        @decisions[decisions_file_path]
+      end
+    end
+  end
+end

data/lib/license_finder/diff.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Diff
+    class << self
+      def compare(file1, file2)
+        p1 = Set.new(build_packages(file1))
+        p2 = Set.new(build_packages(file2))
+
+        added = p2.difference(p1).to_a
+        removed = p1.difference(p2).to_a
+        unchanged = p1.intersection(p2).to_a
+
+        [].tap do |packages|
+          unchanged.each do |package|
+            package_previous = find_package(p1, package)
+            package_current = find_package(p2, package)
+
+            if package_current.licenses == package_previous.licenses
+              packages << PackageDelta.unchanged(package_current, package_previous)
+            else
+              packages << PackageDelta.removed(package_previous)
+              packages << PackageDelta.added(package_current)
+            end
+          end
+
+          added.each    { |package| packages << PackageDelta.added(package) }
+          removed.each  { |package| packages << PackageDelta.removed(package) }
+        end
+      end
+
+      private
+
+      def build_packages(content)
+        CSV.parse(content).map do |row|
+          row.map!(&:strip)
+          package = Package.new(row[0], row[1], spec_licenses: [row[2]])
+          if row.count == 4
+            MergedPackage.new(package, row[3].split(','))
+          else
+            package
+          end
+        end
+      end
+
+      def find_package(set, package)
+        set.find { |p| p.eql? package }
+      end
+    end
+  end
+end

data/lib/license_finder/license/any_matcher.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class License
+    class AnyMatcher
+      def initialize(*matchers)
+        @matchers = matchers
+      end
+
+      def matches_text?(text)
+        @matchers.any? { |m| m.matches_text? text }
+      end
+    end
+  end
+end