license_finder 3.0.0 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/CONTRIBUTING.md +17 -3
- data/Dockerfile +12 -15
- data/README.md +3 -1
- data/Rakefile +7 -0
- data/ci/pipelines/pipeline.yml.erb +2 -2
- data/features/features/cli/cli_spec.rb +4 -3
- data/features/support/testing_dsl.rb +9 -2
- data/lib/license_finder/cli/base.rb +1 -1
- data/lib/license_finder/cli/main.rb +7 -0
- data/lib/license_finder/configuration.rb +4 -0
- data/lib/license_finder/core.rb +2 -2
- data/lib/license_finder/decision_applier.rb +8 -4
- data/lib/license_finder/package_managers/cocoa_pods.rb +6 -10
- data/lib/license_finder/package_managers/go_vendor.rb +2 -0
- data/lib/license_finder/package_managers/go_workspace.rb +2 -0
- data/lib/license_finder/package_managers/maven.rb +2 -1
- data/lib/license_finder/package_managers/npm.rb +66 -58
- data/lib/license_finder/package_managers/npm_package.rb +0 -14
- data/lib/license_finder/package_managers/nuget.rb +6 -1
- data/lib/license_finder/reports/csv_report.rb +6 -2
- data/lib/license_finder/version.rb +1 -1
- data/license_finder.gemspec +1 -0
- data/spec/fixtures/npm-circular-licenses/npm-list.json +7597 -0
- data/spec/fixtures/npm-circular-licenses/package.json +23 -0
- data/spec/lib/license_finder/cli/main_spec.rb +31 -7
- data/spec/lib/license_finder/core_spec.rb +1 -0
- data/spec/lib/license_finder/decision_applier_spec.rb +8 -0
- data/spec/lib/license_finder/package_managers/go_dep_spec.rb +17 -16
- data/spec/lib/license_finder/package_managers/npm_spec.rb +37 -3
- data/spec/lib/license_finder/package_managers/nuget_spec.rb +12 -1
- metadata +21 -5
- data/spec/lib/license_finder/package_managers/npm_package_spec.rb +0 -56
@@ -0,0 +1,23 @@
|
|
1
|
+
{
|
2
|
+
"name": "license_finder_test",
|
3
|
+
"version": "0.0.1",
|
4
|
+
"description": "",
|
5
|
+
"main": "index.js",
|
6
|
+
"dependencies": {
|
7
|
+
"node-polyglot": "^2.0.0"
|
8
|
+
},
|
9
|
+
"devDependencies": {
|
10
|
+
"enzyme": "^2.8.2"
|
11
|
+
},
|
12
|
+
"scripts": {},
|
13
|
+
"repository": {},
|
14
|
+
"author": "",
|
15
|
+
"license": "MIT",
|
16
|
+
"bugs": {},
|
17
|
+
"private": true,
|
18
|
+
"engines": {
|
19
|
+
"node": "^6.11.0",
|
20
|
+
"yarn": "^0.24.6",
|
21
|
+
"npm": "^5.0.3"
|
22
|
+
}
|
23
|
+
}
|
@@ -12,9 +12,10 @@ module LicenseFinder
|
|
12
12
|
)
|
13
13
|
end
|
14
14
|
let(:configuration) { double(:configuration, valid_project_path?: true) }
|
15
|
-
let(:
|
15
|
+
let(:found_any_packages) { true }
|
16
|
+
let(:license_finder_instance) { double(:license_finder, unapproved: unapproved_dependencies, blacklisted: [], project_name: 'taco stand', config: configuration, any_packages?: found_any_packages) }
|
16
17
|
let(:license) { double(:license, name: "thing") }
|
17
|
-
let(:
|
18
|
+
let(:unapproved_dependencies) { [double(:dependency, name: "a dependency", version: "2.4.1", missing?: false, licenses: [license])] }
|
18
19
|
|
19
20
|
before do
|
20
21
|
allow(Decisions).to receive(:fetch_saved) { decisions }
|
@@ -24,7 +25,7 @@ module LicenseFinder
|
|
24
25
|
describe "default" do
|
25
26
|
it "checks for action items" do
|
26
27
|
decisions.add_package("a dependency", nil)
|
27
|
-
expect_any_instance_of(LicenseFinder::Core).to receive(:unapproved).and_return(
|
28
|
+
expect_any_instance_of(LicenseFinder::Core).to receive(:unapproved).and_return(unapproved_dependencies)
|
28
29
|
silence_stdout do
|
29
30
|
expect { described_class.start(["--quiet"]) }.to raise_error(SystemExit)
|
30
31
|
end
|
@@ -183,6 +184,21 @@ module LicenseFinder
|
|
183
184
|
subject.action_items
|
184
185
|
end
|
185
186
|
|
187
|
+
context "with a directory that doesn't have any detected packages" do
|
188
|
+
let(:found_any_packages) { false }
|
189
|
+
|
190
|
+
before do
|
191
|
+
allow(LicenseFinder::Core).to receive(:new).and_return(license_finder_instance)
|
192
|
+
end
|
193
|
+
|
194
|
+
it "reports that no dependencies were recognized" do
|
195
|
+
result = capture_stdout do
|
196
|
+
expect { action_items }.to raise_error(SystemExit)
|
197
|
+
end
|
198
|
+
expect(result).to match /no dependencies recognized/i
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
186
202
|
context "with unapproved dependencies" do
|
187
203
|
let(:packages) { [Package.new('one dependency')] }
|
188
204
|
|
@@ -207,11 +223,19 @@ module LicenseFinder
|
|
207
223
|
end
|
208
224
|
end
|
209
225
|
|
210
|
-
|
211
|
-
|
212
|
-
|
226
|
+
context "with no unapproved dependencies" do
|
227
|
+
let(:unapproved_dependencies) {[]}
|
228
|
+
|
229
|
+
before do
|
230
|
+
allow(LicenseFinder::Core).to receive(:new).and_return(license_finder_instance)
|
231
|
+
end
|
232
|
+
|
233
|
+
it "reports that all dependencies are approved" do
|
234
|
+
result = capture_stdout do
|
235
|
+
expect { action_items }.not_to raise_error
|
236
|
+
end
|
237
|
+
expect(result).to match /approved/i
|
213
238
|
end
|
214
|
-
expect(result).to match /approved/i
|
215
239
|
end
|
216
240
|
end
|
217
241
|
end
|
@@ -2,6 +2,14 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
module LicenseFinder
|
4
4
|
describe DecisionApplier do
|
5
|
+
it "reports nothing found" do
|
6
|
+
decision_applier = described_class.new(
|
7
|
+
decisions: Decisions.new,
|
8
|
+
packages: []
|
9
|
+
)
|
10
|
+
expect(decision_applier.any_packages?).to be false
|
11
|
+
end
|
12
|
+
|
5
13
|
describe "#acknowledged" do
|
6
14
|
it "combines manual and system packages" do
|
7
15
|
decision_applier = described_class.new(
|
@@ -73,21 +73,21 @@ module LicenseFinder
|
|
73
73
|
context 'when there are duplicate dependencies' do
|
74
74
|
let(:content) do
|
75
75
|
'{
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
76
|
+
"ImportPath": "github.com/foo/bar",
|
77
|
+
"GoVersion": "go1.3",
|
78
|
+
"Deps": [
|
79
|
+
{
|
80
|
+
"ImportPath": "github.com/foo/baz/sub1",
|
81
|
+
"Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
|
82
|
+
},
|
83
|
+
{
|
84
|
+
"ImportPath": "github.com/foo/baz/sub2",
|
85
|
+
"Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
|
86
|
+
},
|
87
|
+
{
|
88
|
+
"ImportPath": "github.com/foo/baz/sub3",
|
89
|
+
"Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
|
90
|
+
}
|
91
91
|
]
|
92
92
|
}'
|
93
93
|
end
|
@@ -101,11 +101,12 @@ module LicenseFinder
|
|
101
101
|
|
102
102
|
context 'when dependencies are not vendored' do
|
103
103
|
before do
|
104
|
+
@orig_gopath = ENV['GOPATH']
|
104
105
|
ENV['GOPATH'] = '/fake/go/path'
|
105
106
|
end
|
106
107
|
|
107
108
|
after do
|
108
|
-
ENV['GOPATH'] =
|
109
|
+
ENV['GOPATH'] = @orig_gopath
|
109
110
|
end
|
110
111
|
|
111
112
|
it 'should return an array of packages' do
|
@@ -86,9 +86,14 @@ module LicenseFinder
|
|
86
86
|
include FakeFS::SpecHelpers
|
87
87
|
before do
|
88
88
|
NPM.instance_variable_set(:@modules, nil)
|
89
|
+
FileUtils.mkdir_p(Dir.tmpdir)
|
89
90
|
FileUtils.mkdir_p(root)
|
90
91
|
File.write(File.join(root, "package.json"), package_json)
|
91
|
-
allow(npm).to receive(:capture)
|
92
|
+
allow(npm).to receive(:capture) do |command|
|
93
|
+
filename = command.scan(/> (.*)$/).last.first
|
94
|
+
File.write(filename, dependency_json)
|
95
|
+
['', true]
|
96
|
+
end
|
92
97
|
end
|
93
98
|
|
94
99
|
it 'fetches data from npm' do
|
@@ -117,7 +122,11 @@ module LicenseFinder
|
|
117
122
|
JSON
|
118
123
|
|
119
124
|
allow(Dir).to receive(:chdir).with(Pathname('/fake-node-project')) { |&block| block.call }
|
120
|
-
allow(npm).to receive(:capture)
|
125
|
+
allow(npm).to receive(:capture) do |command|
|
126
|
+
filename = command.scan(/> (.*)$/).last.first
|
127
|
+
File.write(filename, json)
|
128
|
+
['', true]
|
129
|
+
end
|
121
130
|
|
122
131
|
current_packages = npm.current_packages
|
123
132
|
expect(current_packages.map(&:name)).to eq([])
|
@@ -129,10 +138,35 @@ module LicenseFinder
|
|
129
138
|
end
|
130
139
|
|
131
140
|
it "does not fail when command fails but produces output" do
|
132
|
-
allow(npm).to receive(:capture)
|
141
|
+
allow(npm).to receive(:capture) do |command|
|
142
|
+
filename = command.scan(/> (.*)$/).last.first
|
143
|
+
File.write(filename, '{"foo":"bar"}')
|
144
|
+
['', false]
|
145
|
+
end
|
133
146
|
silence_stderr { npm.current_packages }
|
134
147
|
end
|
135
148
|
|
149
|
+
context "npm circular license edge case - GH#307" do
|
150
|
+
let(:package_json) do
|
151
|
+
FakeFS.without do
|
152
|
+
File.read fixture_path "npm-circular-licenses/package.json"
|
153
|
+
end
|
154
|
+
end
|
155
|
+
let(:dependency_json) do
|
156
|
+
FakeFS.without do
|
157
|
+
File.read fixture_path "npm-circular-licenses/npm-list.json"
|
158
|
+
end
|
159
|
+
end
|
160
|
+
|
161
|
+
describe ".current_packages" do
|
162
|
+
it "correctly navigates the dependencies tree and pulls out valid information" do
|
163
|
+
FakeFS::FileSystem.clone(File.expand_path('../../../../../lib/license_finder/license/templates', __FILE__))
|
164
|
+
expect(npm.current_packages.find {|p| p.name == "has"}.licenses.map(&:name)).to eq ["MIT"]
|
165
|
+
expect(npm.current_packages.find {|p| p.name == "function-bind"}.licenses.map(&:name)).to eq ["MIT"]
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
136
170
|
context "npm recursive dependency edge case - GH#211" do
|
137
171
|
let(:package_json) do
|
138
172
|
FakeFS.without do
|
@@ -54,11 +54,22 @@ module LicenseFinder
|
|
54
54
|
FileUtils.touch 'app/vendor/package.nupkg'
|
55
55
|
end
|
56
56
|
|
57
|
-
it "returns vendored
|
57
|
+
it "returns vendored directory" do
|
58
58
|
nuget = Nuget.new project_path: Pathname.new("app")
|
59
59
|
expect(nuget.package_path).to eq Pathname('/app/vendor')
|
60
60
|
end
|
61
61
|
end
|
62
|
+
|
63
|
+
context 'when vendor and .nuget are not present but a packages directory exists' do
|
64
|
+
before do
|
65
|
+
FileUtils.mkdir_p 'app/packages'
|
66
|
+
end
|
67
|
+
|
68
|
+
it "returns the packages directory" do
|
69
|
+
nuget = Nuget.new project_path: Pathname.new("app")
|
70
|
+
expect(nuget.package_path).to eq Pathname('app/packages')
|
71
|
+
end
|
72
|
+
end
|
62
73
|
end
|
63
74
|
|
64
75
|
describe "#current_packages" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: license_finder
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jacob Maine
|
@@ -20,7 +20,7 @@ authors:
|
|
20
20
|
autorequire:
|
21
21
|
bindir: bin
|
22
22
|
cert_chain: []
|
23
|
-
date: 2017-
|
23
|
+
date: 2017-07-12 00:00:00.000000000 Z
|
24
24
|
dependencies:
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: bundler
|
@@ -92,6 +92,20 @@ dependencies:
|
|
92
92
|
- - ">="
|
93
93
|
- !ruby/object:Gem::Version
|
94
94
|
version: '0'
|
95
|
+
- !ruby/object:Gem::Dependency
|
96
|
+
name: yajl-ruby
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - ">="
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
type: :runtime
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
requirements:
|
106
|
+
- - ">="
|
107
|
+
- !ruby/object:Gem::Version
|
108
|
+
version: '0'
|
95
109
|
- !ruby/object:Gem::Dependency
|
96
110
|
name: with_env
|
97
111
|
requirement: !ruby/object:Gem::Requirement
|
@@ -463,6 +477,8 @@ files:
|
|
463
477
|
- spec/fixtures/license_names/Mit-License
|
464
478
|
- spec/fixtures/license_names/README.rdoc
|
465
479
|
- spec/fixtures/nested_gem/vendor/LICENSE
|
480
|
+
- spec/fixtures/npm-circular-licenses/npm-list.json
|
481
|
+
- spec/fixtures/npm-circular-licenses/package.json
|
466
482
|
- spec/fixtures/npm-recursive-dependencies/npm-list.json
|
467
483
|
- spec/fixtures/npm-recursive-dependencies/package.json
|
468
484
|
- spec/fixtures/utf8_gem/README
|
@@ -500,7 +516,6 @@ files:
|
|
500
516
|
- spec/lib/license_finder/package_managers/maven_package_spec.rb
|
501
517
|
- spec/lib/license_finder/package_managers/maven_spec.rb
|
502
518
|
- spec/lib/license_finder/package_managers/merged_package_spec.rb
|
503
|
-
- spec/lib/license_finder/package_managers/npm_package_spec.rb
|
504
519
|
- spec/lib/license_finder/package_managers/npm_spec.rb
|
505
520
|
- spec/lib/license_finder/package_managers/nuget_package_spec.rb
|
506
521
|
- spec/lib/license_finder/package_managers/nuget_spec.rb
|
@@ -544,7 +559,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
544
559
|
version: '0'
|
545
560
|
requirements: []
|
546
561
|
rubyforge_project:
|
547
|
-
rubygems_version: 2.
|
562
|
+
rubygems_version: 2.6.11
|
548
563
|
signing_key:
|
549
564
|
specification_version: 4
|
550
565
|
summary: Audit the OSS licenses of your application's dependencies.
|
@@ -632,6 +647,8 @@ test_files:
|
|
632
647
|
- spec/fixtures/license_names/Mit-License
|
633
648
|
- spec/fixtures/license_names/README.rdoc
|
634
649
|
- spec/fixtures/nested_gem/vendor/LICENSE
|
650
|
+
- spec/fixtures/npm-circular-licenses/npm-list.json
|
651
|
+
- spec/fixtures/npm-circular-licenses/package.json
|
635
652
|
- spec/fixtures/npm-recursive-dependencies/npm-list.json
|
636
653
|
- spec/fixtures/npm-recursive-dependencies/package.json
|
637
654
|
- spec/fixtures/utf8_gem/README
|
@@ -669,7 +686,6 @@ test_files:
|
|
669
686
|
- spec/lib/license_finder/package_managers/maven_package_spec.rb
|
670
687
|
- spec/lib/license_finder/package_managers/maven_spec.rb
|
671
688
|
- spec/lib/license_finder/package_managers/merged_package_spec.rb
|
672
|
-
- spec/lib/license_finder/package_managers/npm_package_spec.rb
|
673
689
|
- spec/lib/license_finder/package_managers/npm_spec.rb
|
674
690
|
- spec/lib/license_finder/package_managers/nuget_package_spec.rb
|
675
691
|
- spec/lib/license_finder/package_managers/nuget_spec.rb
|
@@ -1,56 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
module LicenseFinder
|
4
|
-
describe NpmPackage do
|
5
|
-
subject do
|
6
|
-
described_class.new(
|
7
|
-
"name" => "jasmine-node",
|
8
|
-
"version" => "1.3.1",
|
9
|
-
"description" => "a description",
|
10
|
-
"readme" => "a readme",
|
11
|
-
"path" => "some/node/package/path",
|
12
|
-
"homepage" => "a homepage",
|
13
|
-
"dependencies" => {
|
14
|
-
"coffee-script" => {
|
15
|
-
"name" => "coffee-script",
|
16
|
-
}
|
17
|
-
}
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
its(:name) { should == "jasmine-node" }
|
22
|
-
its(:version) { should == "1.3.1" }
|
23
|
-
its(:summary) { should eq "" }
|
24
|
-
its(:description) { should == "a description" }
|
25
|
-
its(:homepage) { should == "a homepage" }
|
26
|
-
its(:groups) { should == [] } # TODO: put devDependencies in 'dev' group?
|
27
|
-
its(:children) { should == ["coffee-script"] }
|
28
|
-
its(:install_path) { should eq "some/node/package/path" }
|
29
|
-
its(:package_manager) { should eq 'Npm' }
|
30
|
-
|
31
|
-
describe '#license_names_from_spec' do
|
32
|
-
let(:node_module1) { {"license" => "MIT"} }
|
33
|
-
let(:node_module2) { {"licenses" => [{"type" => "BSD"}]} }
|
34
|
-
let(:node_module3) { {"license" => {"type" => "PSF"}} }
|
35
|
-
let(:node_module4) { {"licenses" => ["MIT"]} }
|
36
|
-
let(:misdeclared_node_module) { {"licenses" => {"type" => "MIT"}} }
|
37
|
-
|
38
|
-
it 'finds the license for both license structures' do
|
39
|
-
package = NpmPackage.new(node_module1)
|
40
|
-
expect(package.license_names_from_spec).to eq ["MIT"]
|
41
|
-
|
42
|
-
package = NpmPackage.new(node_module2)
|
43
|
-
expect(package.license_names_from_spec).to eq ["BSD"]
|
44
|
-
|
45
|
-
package = NpmPackage.new(node_module3)
|
46
|
-
expect(package.license_names_from_spec).to eq ["PSF"]
|
47
|
-
|
48
|
-
package = NpmPackage.new(node_module4)
|
49
|
-
expect(package.license_names_from_spec).to eq ["MIT"]
|
50
|
-
|
51
|
-
package = NpmPackage.new(misdeclared_node_module)
|
52
|
-
expect(package.license_names_from_spec).to eq ["MIT"]
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|