license_finder 5.10.2 → 5.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59d6452a94207f0ff914041b84298a312d6b233a48a11a9e2c943ab335a42f3c
-  data.tar.gz: 9b70ac7230c7463b2078e708e9232fe336905187ce80c02f3a06def4fbe1dc6e
+  metadata.gz: bb820e05deb4a720f7156019cc7e9fb9fceb7a2be5d67e4c9ce456e098962529
+  data.tar.gz: 472d05dd81be8433c61bce7efbb115896db08b53f3faeaed1fe4af62522142c5
 SHA512:
-  metadata.gz: 88d00ba582fe3dd99b161e28b907e7e79f3401e781dbbd1d9fbda032721095003ec5c3b12b211da53bae6654aca688e489ae716b5d5c41c72e82e505edaecc36
-  data.tar.gz: 3a779bc0ae2243a07deb9c32c075ce6af8105f6c59d87a56d7159850b8c740b98238556b950ff52dc46a4ef0bcf5e037bf77f6ddce622914c29bcf323f44c388
+  metadata.gz: f89dfc7f1260cd7df3eb88259a2446ce43c020ab37faed49849cc21c5ddbb9927280b01c06519949b3c892a74c2303e584268dc00a491e864b1fb775cf7728c1
+  data.tar.gz: 06daad53e224d5a5d021d7f877ef3f5ff0c74cb7cfead1f99f4d26e3e8a9aa472f58a1e0d35cfd5b8a21fdc5d645eac476c8e5ca2b05cec9ac0065fee1e14a2b

data/.gitignore

@@ -1,6 +1,6 @@
 .bundle
 .gradle/
-.idea/*
+.idea/
 .pairs
 .rvmrc
 Gemfile.lock

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+# [5.11.0] / 2019-10-24
+
+### Fixed
+* Fix crash in LF for null deps in godep - [aec335e5](https://github.com/pivotal/LicenseFinder/commit/aec335e574b65c1e9927787e88fb95f1296cdd26) 
+
+### Changed
+* Exclude Gradle subprojects from project roots - [4efea4c8](https://github.com/pivotal/LicenseFinder/commit/4efea4c8892f48c24ed6ec46a4be85cb06dc6672) - Jason Smith
+* project_roots will skip maven subprojects - [61b88513](https://github.com/pivotal/LicenseFinder/commit/61b885135bd02cf2b5c6be4bc1fba85020d42f6a) - Peter Tran
+
 # [5.10.2] / 2019-09-03
 
 ### Added
@@ -752,3 +761,4 @@ Bugfixes:
 [5.10.0]: https://github.com/pivotal/LicenseFinder/compare/v5.9.2...v5.10.0
 [5.10.1]: https://github.com/pivotal/LicenseFinder/compare/v5.10.0...v5.10.1
 [5.10.2]: https://github.com/pivotal/LicenseFinder/compare/v5.10.1...v5.10.2
+[5.11.0]: https://github.com/pivotal/LicenseFinder/compare/v5.10.2...v5.11.0

data/Dockerfile

@@ -2,6 +2,7 @@ FROM ubuntu:xenial
 
 # Versioning
 ENV PIP_INSTALL_VERSION 19.0.2
+ENV PIP3_INSTALL_VERSION 8.1.1
 ENV GO_LANG_VERSION 1.11.5
 ENV MAVEN_VERSION 3.6.0
 ENV SBT_VERSION 1.1.1
@@ -54,8 +55,9 @@ RUN java -version
 RUN apt-get install -y python rebar
 
 # install and update python-pip
-RUN apt-get install -y python-pip && \
-    pip install --upgrade pip==$PIP_INSTALL_VERSION
+RUN apt-get install -y python-pip python3-pip && \
+    pip install --upgrade pip==$PIP_INSTALL_VERSION && \
+    pip3 install --upgrade pip==$PIP3_INSTALL_VERSION
 
 # install maven
 RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \
@@ -145,7 +147,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
 RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb &&\
   sudo dpkg -i packages-microsoft-prod.deb &&\
   sudo apt-get update &&\
-  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1
+  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
 
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
     echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\

data/README.md

@@ -30,7 +30,8 @@ report.
 | Project Type | Package Manager | Tested on Version |
 | ------------ | --------------- | -------:|
 | Ruby Gems    | bundler         | 1.16.6  |
-| Python Eggs  | pip             | 19.0.2  |
+| Python 2.7 Eggs  | pip2             | 19.0.2  |
+| Python 3.5 Eggs  | pip3             | 8.1.1  |
 | Node.js      | npm             | 6.4.1   |
 | Bower        | bower           | 1.8.4   |
 | Nuget (without license discovery) | nuget | 4.7.1.5393 |
@@ -202,7 +203,7 @@ if someone adds an unapproved dependency to the project.
 
 `license_finder` will inform you whenever you have an unapproved dependency.
 If your business decides this is an acceptable risk, the easiest way to approve
-the dependency is by running `license_finder approval add`.
+the dependency is by running `license_finder approvals add`.
 
 For example, let's assume you've added the `awesome_gpl_gem`
 to your Gemfile, which `license_finder` reports is unapproved:
@@ -217,16 +218,22 @@ Your business tells you that in this case, it's acceptable to use this
 gem. You now run:
 
 ```sh
-$ license_finder approval add awesome_gpl_gem
+$ license_finder approvals add awesome_gpl_gem
 ```
 
 If you rerun `license_finder`, you should no longer see
 `awesome_gpl_gem` in the output.
 
+To approve specific version
+
+```sh
+$ license_finder approvals add awesome_gpl_gem --version=1.0.0
+```
+
 To record who approved the dependency and why:
 
 ```sh
-$ license_finder approval add awesome_gpl_gem --who CTO --why "Go ahead"
+$ license_finder approvals add awesome_gpl_gem --who CTO --why "Go ahead"
 ```
 
 ### Whitelisting
@@ -280,6 +287,13 @@ xml-simple, 1.1.1, unknown
 You can customize the format of the output in the same way that you customize
 [output from `report`](#output-from-report).
 
+### Output from `project_roots`
+
+The `license_finder project_roots` command will output the current working directory as a string in an array.
+
+Using the `--recursive` option means the array will include subdirectories that contain a known package manager. With the exception that Gradle and Maven subprojects will not be included.
+
+
 ### Output from `report`
 
 The `license_finder report` command will output human-readable reports that you

data/VERSION

@@ -1 +1 @@
-5.10.2
+5.11.0

data/ci/pipelines/release.yml.erb

@@ -63,6 +63,7 @@ resources:
 
 - name: lf-release
   type: github-release
+  check_every: 24h
   source:
     owner: pivotal
     repository: LicenseFinder

data/lib/license_finder/cli/base.rb

@@ -38,6 +38,7 @@ module LicenseFinder
           :maven_include_groups,
           :maven_options,
           :pip_requirements_path,
+          :python_version,
           :rebar_command,
           :rebar_deps_dir,
           :elixir_command,

data/lib/license_finder/cli/main.rb

@@ -30,6 +30,7 @@ module LicenseFinder
       class_option :maven_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false.'
       class_option :maven_options, desc: 'Maven options to append to command. Defaults to empty.'
       class_option :pip_requirements_path, desc: 'Path to python requirements file. Defaults to requirements.txt.'
+      class_option :python_version, desc: 'Python version to invoke pip with. Valid versions: 2 or 3. Default: 2'
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
       class_option :rebar_deps_dir, desc: "Path to rebar dependencies directory. Only meaningful if used with a Erlang/rebar project. Defaults to 'deps'."
       class_option :elixir_command, desc: "Command to use when parsing package metadata for Mix. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'elixir'."
@@ -90,7 +91,13 @@ module LicenseFinder
       shared_options
       def project_roots
         config.strict_matching = true
-        aggregate_paths
+        project_path = config.project_path.to_s || Pathname.pwd.to_s
+        paths = aggregate_paths
+        filtered_project_roots = Scanner.remove_subprojects(paths)
+
+        filtered_project_roots << project_path if aggregate_paths.include?(project_path) && !filtered_project_roots.include?(project_path)
+
+        say(filtered_project_roots)
       end
 
       desc 'action_items', 'List unapproved dependencies (the default action for `license_finder`)'
@@ -174,15 +181,20 @@ module LicenseFinder
       def aggregate_paths
         check_valid_project_path
         aggregate_paths = config.aggregate_paths
-        project_path = config.project_path || Pathname.pwd
+        project_path = config.project_path.to_s || Pathname.pwd.to_s
         aggregate_paths = ProjectFinder.new(project_path, config.strict_matching).find_projects if config.recursive
-        say(aggregate_paths || project_path) if config.strict_matching
-        return aggregate_paths unless aggregate_paths.nil? || aggregate_paths.empty?
 
-        [config.project_path] unless config.project_path.nil?
+        if aggregate_paths.nil? || aggregate_paths.empty?
+          [project_path]
+        else
+          aggregate_paths
+        end
       end
 
       def save_report(content, file_name)
+        dir = File.dirname(file_name)
+        FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
+
         File.open(file_name, 'w') do |f|
           f.write(content)
         end

data/lib/license_finder/configuration.rb

@@ -93,6 +93,10 @@ module LicenseFinder
       get(:pip_requirements_path)
     end
 
+    def python_version
+      get(:python_version)
+    end
+
     def rebar_command
       get(:rebar_command)
     end

data/lib/license_finder/core.rb

@@ -99,6 +99,7 @@ module LicenseFinder
         maven_include_groups: config.maven_include_groups,
         maven_options: config.maven_options,
         pip_requirements_path: config.pip_requirements_path,
+        python_version: config.python_version,
         rebar_command: config.rebar_command,
         rebar_deps_dir: config.rebar_deps_dir,
         elixir_command: config.elixir_command,

data/lib/license_finder/license/definitions.rb

@@ -11,6 +11,7 @@ module LicenseFinder
           apache2,
           bsd,
           cc01,
+          cddl1,
           eclipse1,
           gplv2,
           gplv3,
@@ -87,6 +88,19 @@ module LicenseFinder
         )
       end
 
+      def cddl1
+        License.new(
+          short_name: 'CDDL1',
+          pretty_name: 'Common Development and Distribution License 1.0',
+          other_names: [
+            'CDDL-1.0',
+            'Common Development and Distribution License (CDDL) v1.0',
+            'COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0'
+          ],
+          url: 'https://spdx.org/licenses/CDDL-1.0.html'
+        )
+      end
+
       def eclipse1
         License.new(
           short_name: 'EPL1',
@@ -204,6 +218,7 @@ module LicenseFinder
           other_names: [
             'Modified BSD',
             'BSD3',
+            'BSD 3',
             'BSD-3',
             '3-clause BSD',
             'BSD-3-Clause',
@@ -211,7 +226,8 @@ module LicenseFinder
             'The 3-Clause BSD License',
             'BSD 3-clause New License',
             'New BSD License',
-            'BSD New license'
+            'BSD New license',
+            'BSD Licence 3'
           ],
           url: 'http://opensource.org/licenses/BSD-3-Clause',
           matcher: matcher
@@ -222,7 +238,11 @@ module LicenseFinder
         License.new(
           short_name: 'Python',
           pretty_name: 'Python Software Foundation License',
-          other_names: ['PSF'],
+          other_names: [
+            'PSF',
+            'PSFL',
+            'PSF License'
+          ],
           url: 'http://hg.python.org/cpython/raw-file/89ce323357db/LICENSE'
         )
       end

data/lib/license_finder/license/templates/CDDL1.txt

@@ -0,0 +1,131 @@
+COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
+
+1. Definitions.
+
+1.1. "Contributor" means each individual or entity that creates or contributes to the creation of Modifications.
+
+1.2. "Contributor Version" means the combination of the Original Software, prior Modifications used by a Contributor (if any), and the Modifications made by that particular Contributor.
+
+1.3. "Covered Software" means (a) the Original Software, or (b) Modifications, or (c) the combination of files containing Original Software with files containing Modifications, in each case including portions thereof.
+
+1.4. "Executable" means the Covered Software in any form other than Source Code.
+
+1.5. "Initial Developer" means the individual or entity that first makes Original Software available under this License.
+
+1.6. "Larger Work" means a work which combines Covered Software or portions thereof with code not governed by the terms of this License.
+
+1.7. "License" means this document.
+
+1.8. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein.
+
+1.9. "Modifications" means the Source Code and Executable form of any of the following:
+
+A. Any file that results from an addition to, deletion from or modification of the contents of a file containing Original Software or previous Modifications;
+
+B. Any new file that contains any part of the Original Software or previous Modification; or
+
+C. Any new file that is contributed or otherwise made available under the terms of this License.
+
+1.10. "Original Software" means the Source Code and Executable form of computer software code that is originally released under this License.
+
+1.11. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor.
+
+1.12. "Source Code" means (a) the common form of computer software code in which modifications are made and (b) associated documentation included in or with such code.
+
+1.13. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.
+
+2. License Grants.
+
+2.1. The Initial Developer Grant.
+
+Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, the Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer, to use, reproduce, modify, display, perform, sublicense and distribute the Original Software (or portions thereof), with or without Modifications, and/or as part of a Larger Work; and
+
+(b) under Patent Claims infringed by the making, using or selling of Original Software, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Software (or portions thereof).
+
+(c) The licenses granted in Sections 2.1(a) and (b) are effective on the date Initial Developer first distributes or otherwise makes the Original Software available to a third party under the terms of this License.
+
+(d) Notwithstanding Section 2.1(b) above, no patent license is granted: (1) for code that You delete from the Original Software, or (2) for infringements caused by: (i) the modification of the Original Software, or (ii) the combination of the Original Software with other software or devices.
+
+2.2. Contributor Grant.
+
+Conditioned upon Your compliance with Section 3.1 below and
+subject to third party intellectual property claims, each
+Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark) Licensable by Contributor to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof), either on an unmodified basis, with other Modifications, as Covered Software and/or as part of a Larger Work; and
+
+(b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: (1) Modifications made by that Contributor (or portions thereof); and (2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination).
+
+(c) The licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first distributes or otherwise makes the Modifications available to a third party.
+(d) Notwithstanding Section 2.2(b) above, no patent license is granted: (1) for any code that Contributor has deleted from the Contributor Version; (2) for infringements caused by: (i) third party modifications of Contributor Version, or (ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or (3) under Patent Claims infringed by Covered Software in the absence of Modifications made by that Contributor.
+
+3. Distribution Obligations.
+
+3.1. Availability of Source Code.
+
+Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License. You must include a copy of this License with every copy of the Source Code form of the Covered Software You distribute or otherwise make available. You must inform recipients of any such Covered Software in Executable form as to how they can obtain such Covered Software in Source Code form in a reasonable manner on or through a medium customarily used for software exchange.
+
+3.2. Modifications.
+
+The Modifications that You create or to which You contribute are governed by the terms of this License. You represent that You believe Your Modifications are Your original creation(s) and/or You have sufficient rights to grant the rights conveyed by this License.
+
+3.3. Required Notices.
+
+You must include a notice in each of Your Modifications that identifies You as the Contributor of the Modification. You may not remove or alter any copyright, patent or trademark notices contained within the Covered Software, or any notices of licensing or any descriptive text giving attribution to any Contributor or the Initial Developer.
+
+3.4. Application of Additional Terms.
+
+You may not offer or impose any terms on any Covered Software in Source Code form that alters or restricts the applicable version of this License or the recipients' rights hereunder. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, you may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear that any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer.
+
+3.5. Distribution of Executable Versions.
+
+You may distribute the Executable form of the Covered Software under the terms of this License or under the terms of a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable form does not attempt to limit or alter the recipient's rights in the Source Code form from the rights set forth in this License. If You distribute the Covered Software in Executable form under a different license, You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer.
+
+3.6. Larger Works.
+
+You may create a Larger Work by combining Covered Software with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Software.
+
+4. Versions of the License.
+
+4.1. New Versions.
+
+Sun Microsystems, Inc. is the initial license steward and may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Except as provided in Section 4.3, no one other than the license steward has the right to modify this License.
+
+4.2. Effect of New Versions.
+
+You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. If the Initial Developer includes a notice in the Original Software prohibiting it from being distributed or otherwise made available under any subsequent version of the License, You must distribute and make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. Otherwise, You may also choose to use, distribute or otherwise make the Covered Software available under the terms of any subsequent version of the License published by the license steward.
+
+4.3. Modified Versions.
+
+When You are an Initial Developer and You want to create a new license for Your Original Software, You may create and use a modified version of this License if You: (a) rename the license and remove any references to the name of the license steward (except to note that the license differs from this License); and (b) otherwise make it clear that the license contains terms which differ from this License.
+
+5. DISCLAIMER OF WARRANTY.
+
+COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
+
+6. TERMINATION.
+
+6.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive.
+
+6.2. If You assert a patent infringement claim (excluding declaratory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You assert such claim is referred to as "Participant") alleging that the Participant Software (meaning the Contributor Version where the Participant is a Contributor or the Original Software where the Participant is the Initial Developer) directly or indirectly infringes any patent, then any and all rights granted directly or indirectly to You by such Participant, the Initial Developer (if the Initial Developer is not the Participant) and all Contributors under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively and automatically at the expiration of such 60 day notice period, unless if within such 60 day period You withdraw Your claim with respect to the Participant Software against such Participant either unilaterally or pursuant to a written agreement with Participant.
+
+6.3. In the event of termination under Sections 6.1 or 6.2 above, all end user licenses that have been validly granted by You or any distributor hereunder prior to termination (excluding licenses granted to You by any distributor) shall survive termination.
+
+7. LIMITATION OF LIABILITY.
+
+UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
+
+8. U.S. GOVERNMENT END USERS.
+
+The Covered Software is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" (as that term is defined at 48 C.F.R. 252.227-7014(a)(1)) and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Software with only those rights set forth herein. This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFAR, or other clause or provision that addresses Government rights in computer software under this License.
+
+9. MISCELLANEOUS.
+
+This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by the law of the jurisdiction specified in a notice contained within the Original Software (except to the extent applicable law, if any, provides otherwise), excluding such jurisdiction's conflict-of-law provisions. Any litigation relating to this License shall be subject to the jurisdiction of the courts located in the jurisdiction and venue specified in a notice contained within the Original Software, with the losing party responsible for costs, including, without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. You agree that You alone are responsible for compliance with the United States export administration regulations (and the export control laws and regulation of any other countries) when You use, distribute or otherwise make available any Covered Software.
+
+10. RESPONSIBILITY FOR CLAIMS.
+
+As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability.

data/lib/license_finder/package_manager.rb

@@ -40,11 +40,11 @@ module LicenseFinder
       def package_management_command
         nil
       end
+    end
 
-      # see class description
-      def prepare_command
-        nil
-      end
+    # see class description
+    def prepare_command
+      nil
     end
 
     def self.command_exists?(command)
@@ -71,17 +71,21 @@ module LicenseFinder
       path&.exist?
     end
 
+    def project_root?
+      active?
+    end
+
     def detected_package_path
       possible_package_paths.find(&:exist?)
     end
 
     def prepare
-      if self.class.prepare_command
-        stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(self.class.prepare_command) }
+      if prepare_command
+        stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prepare_command) }
         unless status.success?
           log_errors stderr
 
-          error_message = "Prepare command '#{self.class.prepare_command}' failed\n#{stderr}"
+          error_message = "Prepare command '#{prepare_command}' failed\n#{stderr}"
 
           error_message == error_message.concat("\n#{stdout}\n") if !stdout.nil? && !stdout.empty?
 
@@ -115,8 +119,8 @@ module LicenseFinder
     attr_reader :logger, :project_path
 
     def log_errors(stderr)
-      logger.info self.class.prepare_command, 'did not succeed.', color: :red
-      logger.info self.class.prepare_command, stderr, color: :red
+      logger.info prepare_command, 'did not succeed.', color: :red
+      logger.info prepare_command, stderr, color: :red
       log_to_file stderr
     end
 
@@ -128,7 +132,7 @@ module LicenseFinder
       log_file = File.join(@log_directory, "prepare_#{log_file_name || 'errors'}.log")
 
       File.open(log_file, 'w') do |f|
-        f.write("Prepare command \"#{self.class.prepare_command}\" failed with:\n")
+        f.write("Prepare command \"#{prepare_command}\" failed with:\n")
         f.write("#{contents}\n\n")
       end
     end

data/lib/license_finder/package_managers/bower.rb

@@ -14,7 +14,7 @@ module LicenseFinder
       'bower'
     end
 
-    def self.prepare_command
+    def prepare_command
       'bower install'
     end
 

data/lib/license_finder/package_managers/bundler.rb

@@ -23,7 +23,7 @@ module LicenseFinder
       'bundle'
     end
 
-    def self.prepare_command
+    def prepare_command
       'bundle install'
     end
 

data/lib/license_finder/package_managers/cargo.rb

@@ -14,7 +14,7 @@ module LicenseFinder
       'cargo'
     end
 
-    def self.prepare_command
+    def prepare_command
       'cargo fetch'
     end
 

data/lib/license_finder/package_managers/composer.rb

@@ -17,7 +17,7 @@ module LicenseFinder
     end
 
     def prepare
-      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(Composer.prepare_command) }
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prepare_command) }
       return if status.success?
 
       log_errors stderr
@@ -28,7 +28,7 @@ module LicenseFinder
       'composer'
     end
 
-    def self.prepare_command
+    def prepare_command
       'composer install'
     end
 

data/lib/license_finder/package_managers/dep.rb

@@ -27,7 +27,7 @@ module LicenseFinder
       Go15VendorExperiment
     end
 
-    def self.prepare_command
+    def prepare_command
       'dep ensure -vendor-only'
     end
 

data/lib/license_finder/package_managers/dotnet.rb

@@ -75,8 +75,8 @@ module LicenseFinder
       'dotnet'
     end
 
-    def self.prepare_command
-      "#{package_management_command} restore"
+    def prepare_command
+      "#{Dotnet.package_management_command} restore"
     end
   end
 end

data/lib/license_finder/package_managers/glide.rb

@@ -34,7 +34,7 @@ module LicenseFinder
       'glide'
     end
 
-    def self.prepare_command
+    def prepare_command
       'glide install'
     end
   end

data/lib/license_finder/package_managers/go_dep.rb

@@ -43,9 +43,12 @@ module LicenseFinder
 
     def packages_from_json(json_string)
       all_packages = JSON.parse(json_string)['Deps']
-      packages_grouped_by_revision = all_packages.group_by { |package| package['Rev'] }
 
+      return [] unless all_packages
+
+      packages_grouped_by_revision = all_packages.group_by { |package| package['Rev'] }
       result = []
+
       packages_grouped_by_revision.each do |_sha, packages_in_group|
         all_paths_in_group = packages_in_group.map { |p| p['ImportPath'] }
         common_paths = CommonPathHelper.longest_common_paths(all_paths_in_group)
@@ -64,7 +67,6 @@ module LicenseFinder
                                               @full_version)
         end
       end
-
       result
     end
   end

data/lib/license_finder/package_managers/go_modules.rb

@@ -10,10 +10,10 @@ module LicenseFinder
       def takes_priority_over
         Go15VendorExperiment
       end
+    end
 
-      def prepare_command
-        'GO111MODULE=on go mod tidy && GO111MODULE=on go mod vendor'
-      end
+    def prepare_command
+      'GO111MODULE=on go mod tidy && GO111MODULE=on go mod vendor'
     end
 
     def active?

data/lib/license_finder/package_managers/go_workspace.rb

@@ -24,9 +24,9 @@ module LicenseFinder
       git_modules.map do |submodule|
         # We are filtering the non-standard packages because the word "net"
         # seems to be common that can give false positive when filtering the git submodules
-        import_path = go_list_packages.select do |gp|
+        import_path = go_list_packages.find do |gp|
           submodule.install_path =~ /#{repo_name(gp)}$/
-        end.first
+        end
         next unless import_path
 
         dependency_info = {
@@ -68,7 +68,7 @@ module LicenseFinder
 
     def envrc_path
       p = Pathname.new project_path
-      4.times.reduce([p]) { |memo, _| memo << memo.last.parent }.map { |path| path.join('.envrc') }.select(&:exist?).first
+      4.times.reduce([p]) { |memo, _| memo << memo.last.parent }.map { |path| path.join('.envrc') }.find(&:exist?)
     end
 
     def go_list

data/lib/license_finder/package_managers/govendor.rb

@@ -29,7 +29,7 @@ module LicenseFinder
       'govendor'
     end
 
-    def self.prepare_command
+    def prepare_command
       'govendor sync'
     end
 

data/lib/license_finder/package_managers/gradle.rb

@@ -42,8 +42,21 @@ module LicenseFinder
       File.exist?(File.join(project_path, wrapper)) ? wrapper : gradle
     end
 
+    def project_root?
+      active? && root_module?
+    end
+
     private
 
+    def root_module?
+      command = "#{package_management_command} properties | grep 'parent: '"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      root_project_name = stdout.gsub(/\s|parent:|\n/, '')
+      root_project_name == 'null'
+    end
+
     def detected_package_path
       alternate_build_file = build_file_from_settings(project_path)
       return alternate_build_file if alternate_build_file

data/lib/license_finder/package_managers/gvt.rb

@@ -13,7 +13,7 @@ module LicenseFinder
       'gvt'
     end
 
-    def self.prepare_command
+    def prepare_command
       'gvt restore'
     end
 

data/lib/license_finder/package_managers/maven.rb

@@ -47,5 +47,19 @@ module LicenseFinder
     def possible_package_paths
       [project_path.join('pom.xml')]
     end
+
+    def project_root?
+      active? && root_module?
+    end
+
+    private
+
+    def root_module?
+      command = "#{package_management_command} help:evaluate -Dexpression=project.parent -q -DforceStdout"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      stdout.include?('null object or invalid expression')
+    end
   end
 end

data/lib/license_finder/package_managers/mix.rb

@@ -34,7 +34,7 @@ module LicenseFinder
       'mix.lock'
     end
 
-    def self.prepare_command
+    def prepare_command
       'mix deps.get'
     end
 

data/lib/license_finder/package_managers/npm.rb

@@ -13,7 +13,7 @@ module LicenseFinder
       'npm'
     end
 
-    def self.prepare_command
+    def prepare_command
       'npm install --no-save'
     end
 
@@ -22,7 +22,7 @@ module LicenseFinder
     end
 
     def prepare
-      prep_cmd = "#{NPM.prepare_command}#{production_flag}"
+      prep_cmd = "#{prepare_command}#{production_flag}"
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
 
       return if status.success?

data/lib/license_finder/package_managers/nuget.rb

@@ -77,8 +77,8 @@ module LicenseFinder
       'mono /usr/local/bin/nuget.exe'
     end
 
-    def self.prepare_command
-      "#{package_management_command} restore"
+    def prepare_command
+      "#{Nuget.package_management_command} restore"
     end
 
     def self.installed?(logger = Core.default_logger)

data/lib/license_finder/package_managers/pip.rb

@@ -8,6 +8,8 @@ module LicenseFinder
     def initialize(options = {})
       super
       @requirements_path = options[:pip_requirements_path] || Pathname('requirements.txt')
+      @python_version = options[:python_version] || '2'
+      raise "Invalid python version \'#{@python_version}\'. Valid versions are '2' or '3'." unless %w[2 3].include?(@python_version)
     end
 
     def current_packages
@@ -23,16 +25,20 @@ module LicenseFinder
       end
     end
 
+    # Used to detect if installed, but this is a static method and the options aren't passed
+    # so we don't know which python version was specified. Will fail later if the expected version
+    # isn't installed. The Dockerfile now installs both versions so using the image is safe.
+    # TODO: Refactor PackageManager.installed?() to pass in the options?
     def self.package_management_command
-      'pip'
+      'pip2'
     end
 
-    def self.prepare_command
-      'pip install'
+    def prepare_command
+      "pip#{@python_version} install"
     end
 
     def prepare
-      prep_cmd = "#{Pip.prepare_command} -r #{@requirements_path}"
+      prep_cmd = "#{prepare_command} -r #{@requirements_path}"
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
 
@@ -51,7 +57,7 @@ module LicenseFinder
     private
 
     def pip_output
-      output = `#{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} #{detected_package_path}`
+      output = `python#{@python_version} #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} #{detected_package_path}`
       JSON(output).map do |package|
         package.values_at('name', 'version', 'dependencies', 'location')
       end

data/lib/license_finder/package_managers/trash.rb

@@ -7,15 +7,15 @@ module LicenseFinder
         'trash'
       end
 
-      def prepare_command
-        'trash'
-      end
-
       def takes_priority_over
         Go15VendorExperiment
       end
     end
 
+    def prepare_command
+      'trash'
+    end
+
     def possible_package_paths
       [project_path.join('vendor.conf')]
     end

data/lib/license_finder/package_managers/yarn.rb

@@ -39,7 +39,7 @@ module LicenseFinder
     end
 
     def prepare
-      prep_cmd = "#{Yarn.prepare_command}#{production_flag}"
+      prep_cmd = "#{prepare_command}#{production_flag}"
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
 
@@ -55,7 +55,7 @@ module LicenseFinder
       'yarn'
     end
 
-    def self.prepare_command
+    def prepare_command
       'yarn install --ignore-engines'
     end
 

data/lib/license_finder/project_finder.rb

@@ -43,9 +43,11 @@ module LicenseFinder
     end
 
     def active_project?(project_path)
-      active_project = @package_managers.map do |pm|
-        pm.new(project_path: project_path, strict_matching: @strict_matching).active?
+      active_project = @package_managers.map do |pm_class|
+        pm = pm_class.new(project_path: project_path, strict_matching: @strict_matching)
+        pm.active?
       end
+
       active_project.include?(true)
     end
 

data/lib/license_finder/scanner.rb

@@ -5,6 +5,23 @@ module LicenseFinder
     PACKAGE_MANAGERS = [GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
                         Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer].freeze
 
+    class << self
+      def remove_subprojects(paths)
+        paths.reject { |path| subproject?(Pathname(path)) }
+      end
+
+      private
+
+      def subproject?(path)
+        subproject = true
+        PACKAGE_MANAGERS.each do |package_manager_class|
+          package_manager = package_manager_class.new(project_path: path)
+          subproject &&= !package_manager.project_root?
+        end
+        subproject
+      end
+    end
+
     def initialize(config = { project_path: Pathname.new('') })
       @config = config
       @project_path = @config[:project_path]

data/license_finder.gemspec

@@ -44,23 +44,23 @@ Gem::Specification.new do |s|
   s.license = 'MIT'
 
   s.add_dependency 'bundler'
-  s.add_dependency 'rubyzip'
+  s.add_dependency 'rubyzip', '>=1', '<3'
   s.add_dependency 'thor'
   s.add_dependency 'toml', '0.2.0'
   s.add_dependency 'with_env', '1.1.0'
   s.add_dependency 'xml-simple'
 
-  s.add_development_dependency 'addressable', '2.6.0'
+  s.add_development_dependency 'addressable', '2.7.0'
   s.add_development_dependency 'capybara', '~> 3.15.0'
   s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM =~ /darwin/
   s.add_development_dependency 'fakefs', '~> 0.20.0'
-  s.add_development_dependency 'mime-types', '3.2.2'
+  s.add_development_dependency 'mime-types', '3.3'
   s.add_development_dependency 'pry'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec', '~> 3'
   s.add_development_dependency 'rspec-its'
-  s.add_development_dependency 'rubocop', '~> 0.74.0'
-  s.add_development_dependency 'rubocop-performance', '~> 1.4.0'
+  s.add_development_dependency 'rubocop', '~> 0.75.0'
+  s.add_development_dependency 'rubocop-performance', '~> 1.5.0'
   s.add_development_dependency 'webmock', '~> 3.5'
 
   s.add_development_dependency 'rack', '> 1.6'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 5.10.2
+  version: 5.11.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-09-03 00:00:00.000000000 Z
+date: 2019-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -49,14 +49,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -119,14 +125,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.0
+        version: 2.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.0
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -161,14 +167,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.2
+        version: '3.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.2
+        version: '3.3'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -231,28 +237,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.74.0
+        version: 0.75.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.74.0
+        version: 0.75.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: 1.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -370,6 +376,7 @@ files:
 - lib/license_finder/license/templates/Apache2.txt
 - lib/license_finder/license/templates/BSD.txt
 - lib/license_finder/license/templates/CC01.txt
+- lib/license_finder/license/templates/CDDL1.txt
 - lib/license_finder/license/templates/EPL1.txt
 - lib/license_finder/license/templates/GPLv2.txt
 - lib/license_finder/license/templates/GPLv3.txt