license_finder 2.0.4 → 2.1.0.rc1

data/spec/lib/license_finder/core_spec.rb

@@ -0,0 +1,49 @@
+require "spec_helper"
+
+module LicenseFinder
+  describe Core do
+    let(:options) { {} }
+    let(:license_finder) { described_class.new(options) }
+    let(:logger) { Logger.new(options[:logger]) }
+    let(:configuration) { LicenseFinder::Configuration.new(options, {})}
+    let(:pathname) { Pathname.pwd + Pathname(options[:project_path]) }
+
+    before do
+      allow(Logger).to receive(:new).and_return(logger)
+    end
+
+    describe "#unapproved" do
+      let(:options) {
+        {
+          logger: {},
+          project_path: 'other_directory',
+          gradle_command: 'just_do_it',
+          rebar_command: 'do_it',
+          rebar_deps_dir: 'nowhere/deps'
+        }
+      }
+      let(:package_options) {
+        {
+          logger: logger,
+          project_path: configuration.project_path,
+          ignore_groups: Set.new,
+          gradle_command: configuration.gradle_command,
+          rebar_command: configuration.rebar_command,
+          rebar_deps_dir: configuration.rebar_deps_dir
+        }
+      }
+
+      it "delegates to the decision_applier" do
+        decision_applier =  double(:decision_applier)
+        allow(license_finder).to receive(:decision_applier).and_return(decision_applier)
+        expect(decision_applier).to receive(:unapproved)
+        license_finder.unapproved
+      end
+
+      it "passes through options when fetching current packages" do
+        expect(PackageManager).to receive(:current_packages).with(package_options).and_return([])
+        license_finder.unapproved
+      end
+    end
+  end
+end

data/spec/lib/license_finder/decision_applier_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 module LicenseFinder
   describe DecisionApplier do
-    describe ".acknowledged" do
+    describe "#acknowledged" do
       it "combines manual and system packages" do
         decision_applier = described_class.new(
           decisions: Decisions.new.add_package("manual", nil),
@@ -38,6 +38,29 @@ module LicenseFinder
         expect(decision_applier.acknowledged).to be_empty
       end
 
+      it "does not ignore packages if some of their groups are not ignored" do
+        decisions = Decisions.new
+                      .ignore_group("development")
+        dev_and_prod_dep = Package.new("dev_and_prod_dep", nil, groups: ["development", "production"])
+        decision_applier = described_class.new(
+          decisions: decisions,
+          packages: [dev_and_prod_dep]
+        )
+        expect(decision_applier.acknowledged).to eq [dev_and_prod_dep]
+      end
+
+      it "does not ignore packages if they have no groups" do
+        decisions = Decisions.new
+                      .ignore_group("development")
+        dep_with_no_group = Package.new("dep_with_no_group", nil, groups: [])
+        decision_applier = described_class.new(
+          decisions: decisions,
+          packages: [dep_with_no_group]
+        )
+        expect(decision_applier.acknowledged).to eq [dep_with_no_group]
+      end
+
+
       it "adds manual approvals to packages" do
         decisions = Decisions.new
           .add_package("manual", nil)
@@ -60,6 +83,83 @@ module LicenseFinder
         expect(dep).to be_approved
         expect(dep).to be_whitelisted
       end
+
+      it "forbids approval of packages with only blacklisted license" do
+        decisions = Decisions.new
+          .add_package("manual", nil)
+          .license("manual", "ABC")
+          .whitelist("ABC")
+          .approve("manual")
+          .blacklist("ABC")
+        decision_applier = described_class.new(decisions: decisions, packages: [])
+        dep = decision_applier.acknowledged.last
+        expect(dep).not_to be_approved
+      end
+
+      it "allows approval of packages if not all licenses are blacklisted" do
+        decisions = Decisions.new
+          .add_package("manual", nil)
+          .license("manual", "ABC")
+          .license("manual", "DEF")
+          .whitelist("ABC")
+          .blacklist("DEF")
+        decision_applier = described_class.new(decisions: decisions, packages: [])
+        dep = decision_applier.acknowledged.last
+        expect(dep).to be_approved
+        expect(dep).to be_whitelisted
+
+        decisions = Decisions.new
+          .add_package("manual", nil)
+          .license("manual", "ABC")
+          .license("manual", "DEF")
+          .approve("manual")
+          .blacklist("DEF")
+        decision_applier = described_class.new(decisions: decisions, packages: [])
+        dep = decision_applier.acknowledged.last
+        expect(dep).to be_approved
+        expect(dep).to be_approved_manually
+      end
+    end
+
+    describe '#unapproved' do
+      it 'returns all acknowledged packages that are not approved' do
+        packages = [
+          Package.new('foo', '0.0.1', spec_licenses: ['whitelist']),
+          Package.new('bar', '0.0.1', spec_licenses: ['blacklist'])
+        ]
+        decisions = Decisions.new
+          .add_package('baz', '0.0.1')
+          .whitelist('whitelist')
+          .blacklist('blacklist')
+        decision_applier = described_class.new(decisions: decisions, packages: packages)
+
+        expect(decision_applier.unapproved.map(&:name)).to include('baz')
+        expect(decision_applier.unapproved.map(&:name)).to include('bar')
+        expect(decision_applier.unapproved.map(&:name)).not_to include('foo')
+      end
+    end
+
+    describe '#blacklisted' do
+      it 'returns all packages that have blacklisted licenses' do
+        decision_applier = described_class.new(
+          decisions: Decisions.new.blacklist('GPLv3'),
+          packages: [Package.new('foo', '1.0', spec_licenses: ['GPLv3'])]
+        )
+
+        expect(decision_applier.blacklisted.map(&:name)).to eq(['foo'])
+      end
+
+      it 'does not report ignored packages' do
+        dev_dep = Package.new("dev_dep", nil, spec_licenses: ['GPLv3'], groups: ["development"])
+        decisions = Decisions.new
+          .ignore_group("development")
+          .add_package("manual", nil)
+          .ignore("manual")
+          .blacklist('GPLv3')
+        decision_applier = described_class.new(decisions: decisions, packages: [dev_dep])
+
+        expect(decision_applier.blacklisted).to be_empty
+      end
     end
   end
 end

data/spec/lib/license_finder/decisions_spec.rb

@@ -158,6 +158,47 @@ module LicenseFinder
       end
     end
 
+    describe ".blacklist" do
+      it "will report the given license as blacklisted" do
+        decisions = subject.blacklist("MIT")
+        expect(decisions).to be_blacklisted(License.find_by_name("MIT"))
+      end
+
+      it "adapts names" do
+        decisions = subject.blacklist("Expat")
+        expect(decisions).to be_blacklisted(License.find_by_name("MIT"))
+      end
+
+      it "adds to list" do
+        decisions = subject.blacklist("MIT")
+        expect(decisions.blacklisted).to eq(Set.new([License.find_by_name("MIT")]))
+      end
+    end
+
+    describe ".unblacklist" do
+      it "will not report the given license as blacklisted" do
+        decisions = subject
+          .blacklist("MIT")
+          .unblacklist("MIT")
+        expect(decisions).not_to be_blacklisted(License.find_by_name("MIT"))
+      end
+
+      it "is cumulative" do
+        decisions = subject
+          .blacklist("MIT")
+          .unblacklist("MIT")
+          .blacklist("MIT")
+        expect(decisions).to be_blacklisted(License.find_by_name("MIT"))
+      end
+
+      it "adapts names" do
+        decisions = subject
+          .blacklist("MIT")
+          .unblacklist("Expat")
+        expect(decisions).not_to be_blacklisted(License.find_by_name("MIT"))
+      end
+    end
+
     describe ".ignore" do
       it "will report ignored dependencies" do
         decisions = subject.ignore("dep")
@@ -296,6 +337,22 @@ module LicenseFinder
         expect(decisions).not_to be_whitelisted(License.find_by_name("MIT"))
       end
 
+      it "can restore blacklists" do
+        decisions = roundtrip(
+          subject.blacklist("MIT")
+        )
+        expect(decisions).to be_blacklisted(License.find_by_name("MIT"))
+      end
+
+      it "can restore un-blacklists" do
+        decisions = roundtrip(
+          subject
+            .blacklist("MIT")
+            .unblacklist("MIT")
+        )
+        expect(decisions).not_to be_blacklisted(License.find_by_name("MIT"))
+      end
+
       it "can restore ignorals" do
         decisions = roundtrip(subject.ignore("dep"))
         expect(decisions).to be_ignored("dep")
@@ -341,6 +398,11 @@ module LicenseFinder
         )
         expect(decisions.project_name).to be_nil
       end
+
+      it "ignores empty or missing persisted decisions" do
+        described_class.restore('')
+        described_class.restore(nil)
+      end
     end
   end
 end

data/spec/lib/license_finder/diff_spec.rb

@@ -0,0 +1,106 @@
+require 'spec_helper'
+
+module LicenseFinder
+  describe Diff do
+    subject { Diff }
+
+    let(:diff) { subject.compare(file1_content, file2_content) }
+
+    def find_package(name)
+      diff.find { |d| d.name == name }
+    end
+
+    describe '#compare' do
+      context 'when a dependency is added' do
+        let(:file1_content) { "nokogiri,1.6.6.2,MIT" }
+        let(:file2_content) { "nokogiri,1.6.6.2,MIT\nrspec,3.2.0,MIT" }
+
+        it 'should create and set packages with added diff state' do
+          rspec = find_package('rspec')
+          expect(rspec.status).to eq :added
+        end
+      end
+
+      context 'when a dependency is removed' do
+        let(:file1_content) { "nokogiri,1.6.6.2,MIT\nrspec,3.2.0,MIT" }
+        let(:file2_content) { "nokogiri,1.6.6.2,MIT" }
+
+        it 'should create and set packages with removed diff state' do
+          rspec = find_package('rspec')
+          expect(rspec.status).to eq :removed
+        end
+      end
+
+      context 'when a dependency is unchanged' do
+        let(:file1_content) { "nokogiri,1.6.6.2,MIT" }
+        let(:file2_content) { "nokogiri,1.6.6.2,MIT" }
+
+        it 'should create and set packages with unchanged diff state' do
+          nokogiri = find_package('nokogiri')
+          expect(nokogiri.status).to eq :unchanged
+        end
+      end
+
+      context 'when there are all types of changes' do
+        let(:file1_content) { "rspec,3.2.0,MIT\nnokogiri,1.6.6.2,MIT\nfakefs,0.6.7,MIT" }
+        let(:file2_content) { "nokogiri,1.6.6.2,MIT\nminitest,5.7.0,MIT\nfakefs,0.6.7,BSD" }
+
+        it 'should create and set packages diff states' do
+          expect(find_package('minitest').status).to eq :added
+          expect(find_package('rspec').status).to eq :removed
+          expect(find_package('nokogiri').status).to eq :unchanged
+        end
+      end
+
+      context 'when the version changes' do
+        let(:file1_content) { "rspec,3.2.0,MIT" }
+        let(:file2_content) { "rspec,3.3.0,MIT" }
+
+        it 'should set the state to unchanged and record the version change' do
+          rspec = find_package('rspec')
+
+          expect(rspec.status).to eq(:unchanged)
+          expect(rspec.current_version).to eq('3.3.0')
+          expect(rspec.previous_version).to eq('3.2.0')
+        end
+      end
+
+      context 'when the license changes' do
+        let(:file1_content) { "rspec,3.2.0,MIT" }
+        let(:file2_content) { "rspec,3.3.0,GPLv2" }
+
+        it 'should set the state to unchanged and record the version change' do
+          rspec_old = diff.find {|p| p.previous_version == '3.2.0'}
+          rspec_new = diff.find {|p| p.current_version == '3.3.0'}
+
+          expect(rspec_old.status).to eq(:removed)
+          expect(rspec_old.current_version).to eq(nil)
+          expect(rspec_old.previous_version).to eq('3.2.0')
+
+          expect(rspec_new.status).to eq(:added)
+          expect(rspec_new.current_version).to eq('3.3.0')
+          expect(rspec_new.previous_version).to eq(nil)
+        end
+      end
+
+      context 'when the files are merged reports' do
+        let(:file1_content) { "rspec,3.2.0,MIT,\"/path/to/project1,/path/to/project2\"" }
+        let(:file2_content) { "rspec,3.2.0,MIT,\"/path/to/project1,/path/to/project2\"\nrails,4.2.0,MIT,/path/to/project1" }
+
+        it 'should show the diff of the reports' do
+          rspec = find_package('rspec')
+          expect(rspec.status).to eq(:unchanged)
+          expect(rspec.current_version).to eq('3.2.0')
+          expect(rspec.previous_version).to eq('3.2.0')
+          expect(rspec.subproject_paths).to match_array(['/path/to/project1', '/path/to/project2'])
+
+          rails = find_package('rails')
+          expect(rails.status).to eq(:added)
+          expect(rails.current_version).to eq('4.2.0')
+          expect(rails.previous_version).to eq(nil)
+          expect(rails.subproject_paths).to match_array(['/path/to/project1'])
+        end
+      end
+    end
+  end
+end

data/spec/lib/license_finder/license_aggregator_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+module LicenseFinder
+  describe LicenseAggregator do
+    describe '#dependencies' do
+      let(:hammer) { Package.new('hammer', '1.0.0') }
+      let(:helmet) { Package.new('helmet', '3.0.0') }
+      let(:license_finder_1) { double(:license_finder, acknowledged: [hammer]) }
+      let(:license_finder_2) { double(:license_finder, acknowledged: [helmet]) }
+
+      before do
+        allow(Core).to receive(:new).and_return(license_finder_1, license_finder_2)
+      end
+
+      it 'returns an array of MergedPackage objects' do
+        aggregator = LicenseAggregator.new({}, ['path/to/subproject-1', 'path/to/subproject-2'])
+        results = aggregator.dependencies
+        expect(results.first).to be_a(MergedPackage)
+        expect(results.map(&:name)).to match_array ['hammer', 'helmet']
+      end
+
+      context 'when there are duplicates' do
+        let(:license_finder_2) { double(:license_finder, acknowledged: [helmet, hammer])}
+
+        it 'aggregates duplicate packages by package name' do
+          aggregator = LicenseAggregator.new({}, ['path/to/subproject-1', 'path/to/subproject-2'])
+          results = aggregator.dependencies
+
+          expect(results.count).to eq(2)
+
+          expect(results[1].name).to eq('helmet')
+          expect(results[1].subproject_paths[0]).to end_with('path/to/subproject-2')
+
+          expect(results[0].name).to eq('hammer')
+          expect(results[0].subproject_paths[0]).to end_with('path/to/subproject-1')
+          expect(results[0].subproject_paths[1]).to end_with('path/to/subproject-2')
+        end
+      end
+
+      context 'when there are duplicate packages with different versions' do
+        let(:hammer_new) { Package.new('hammer', '2.0.0') }
+        let(:license_finder_2) { double(:license_finder, acknowledged: [helmet, hammer_new])}
+
+        it 'does not aggregate packages with different versions' do
+          aggregator = LicenseAggregator.new({}, ['path/to/subproject-1', 'path/to/subproject-2'])
+          results = aggregator.dependencies
+
+          expect(results.count).to eq(3)
+          expect(results.map(&:name)).to match_array ['hammer', 'helmet', 'hammer']
+          expect(find_package(results, 'hammer', '1.0.0').subproject_paths[0]).to end_with('path/to/subproject-1')
+          expect(find_package(results, 'hammer', '2.0.0').subproject_paths[0]).to end_with('path/to/subproject-2')
+          expect(find_package(results, 'helmet', '3.0.0').subproject_paths[0]).to end_with('path/to/subproject-2')
+        end
+      end
+
+      def find_package(packages, name, version)
+        packages.find { |dep| dep.name == name && dep.version == version }
+      end
+    end
+  end
+end

data/spec/lib/license_finder/package_delta_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+module LicenseFinder
+  describe PackageDelta do
+    describe '#<=>' do
+      let(:foo) { Package.new('foo') }
+      let(:bar) { Package.new('bar') }
+
+      it 'sorts by status (added, removed, unchanged)' do
+        p1 = PackageDelta.added(foo)
+        p2 = PackageDelta.removed(bar)
+        p3 = PackageDelta.unchanged(foo, bar)
+
+        expect([p3, p2, p1].sort).to eq([p1, p2, p3])
+      end
+    end
+  end
+end

data/spec/lib/license_finder/package_managers/bower_spec.rb

@@ -2,8 +2,9 @@ require 'spec_helper'
 
 module LicenseFinder
   describe Bower do
-    let(:bower) { Bower.new }
-    it_behaves_like "a PackageManager"
+    subject { Bower.new(project_path: Pathname('/fake/path')) }
+
+    it_behaves_like 'a PackageManager'
 
     describe '.current_packages' do
       it 'lists all the current packages' do
@@ -25,11 +26,12 @@ module LicenseFinder
             }
           }
         JSON
-        allow(bower).to receive("`").with(/bower/).and_return(json)
 
-        expect(bower.current_packages.map { |p| [p.name, p.install_path] }).to eq [
-          ["dependency-library", "/path/to/thing"],
-          ["another-dependency", "/path/to/thing2"]
+        allow(Dir).to receive(:chdir).with(Pathname('/fake/path')) { |&block| block.call }
+        allow(subject).to receive(:capture).with('bower list --json -l action').and_return([json, true])
+
+        expect(subject.current_packages.map { |p| [p.name, p.install_path] }).to eq [
+          %w(dependency-library /path/to/thing), %w(another-dependency /path/to/thing2)
         ]
       end
     end