license_finder 5.11.1 → 6.0.0

data/lib/license_finder/cli/approvals.rb

@@ -7,6 +7,7 @@ module LicenseFinder
       include MakesDecisions
 
       auditable
+      approvable
       desc 'add DEPENDENCY...', 'Approve one or more dependencies by name'
       def add(*names)
         assert_some names

data/lib/license_finder/cli/dependencies.rb

@@ -8,9 +8,10 @@ module LicenseFinder
 
       method_option :approve, type: :boolean, desc: 'Approve the added dependency'
       method_option :homepage, type: :string, desc: 'Source of the added dependency'
+
       auditable
-      desc 'add DEPENDENCY LICENSE [VERSION] [--homepage=HOMEPAGE] [--approve]', 'Add a dependency that is not managed by a package manager, optionally approving it at the same time'
-      def add(name, license, version = nil)
+      desc 'add DEPENDENCY LICENSE VERSION [--homepage=HOMEPAGE] [--approve]', 'Add a dependency that is not managed by a package manager, optionally approving it at the same time'
+      def add(name, license, version)
         modifying do
           decisions
             .add_package(name, version, txn)

data/lib/license_finder/cli/main.rb

@@ -107,7 +107,7 @@ module LicenseFinder
         finder = LicenseAggregator.new(config, aggregate_paths)
         any_packages = finder.any_packages?
         unapproved = finder.unapproved
-        blacklisted = finder.blacklisted
+        restricted = finder.restricted
 
         # Ensure to start output on a new line even with dot progress indicators.
         say "\n"
@@ -120,12 +120,12 @@ module LicenseFinder
         if unapproved.empty?
           say 'All dependencies are approved for use', :green
         else
-          unless blacklisted.empty?
-            say 'Blacklisted dependencies:', :red
-            say report_of(blacklisted)
+          unless restricted.empty?
+            say 'Restricted dependencies:', :red
+            say report_of(restricted)
           end
 
-          other_unapproved = unapproved - blacklisted
+          other_unapproved = unapproved - restricted
           unless other_unapproved.empty?
             say 'Dependencies that need approval:', :yellow
             say report_of(other_unapproved)
@@ -165,11 +165,11 @@ module LicenseFinder
 
       subcommand 'dependencies', Dependencies, 'Add or remove dependencies that your package managers are not aware of'
       subcommand 'licenses', Licenses, "Set a dependency's licenses, if the licenses found by license_finder are missing or wrong"
-      subcommand 'approvals', Approvals, 'Manually approve dependencies, even if their licenses are not whitelisted'
+      subcommand 'approvals', Approvals, 'Manually approve dependencies, even if their licenses are not permitted'
       subcommand 'ignored_groups', IgnoredGroups, 'Exclude test and development dependencies from action items and reports'
       subcommand 'ignored_dependencies', IgnoredDependencies, 'Exclude individual dependencies from action items and reports'
-      subcommand 'whitelist', Whitelist, 'Automatically approve any dependency that has a whitelisted license'
-      subcommand 'blacklist', Blacklist, 'Forbid approval of any dependency whose licenses are all blacklisted'
+      subcommand 'permitted_licenses', PermittedLicenses, 'Automatically approve any dependency that has a permitted license'
+      subcommand 'restricted_licenses', RestrictedLicenses, 'Forbid approval of any dependency whose licenses are all restricted'
       subcommand 'project_name', ProjectName, 'Set the project name, for display in reports'
 
       private

data/lib/license_finder/cli/makes_decisions.rb

@@ -11,6 +11,9 @@ module LicenseFinder
         def auditable
           method_option :who, desc: 'The person making this decision'
           method_option :why, desc: 'The reason for making this decision'
+        end
+
+        def approvable
           method_option :version, desc: 'The version that will be approved'
         end
       end

data/lib/license_finder/cli/permitted_licenses.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module CLI
+    class PermittedLicenses < Base
+      extend Subcommand
+      include MakesDecisions
+
+      desc 'list', 'List all the permitted licenses'
+      def list
+        say 'Permitted Licenses:', :blue
+        say_each(decisions.permitted, &:name)
+      end
+
+      auditable
+      desc 'add LICENSE...', 'Add one or more licenses to the permitted licenses'
+      def add(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.permit(l, txn) } }
+        say "Added #{licenses.join(', ')} to the permitted licenses"
+      end
+
+      auditable
+      desc 'remove LICENSE...', 'Remove one or more licenses from the permitted licenses'
+      def remove(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.unpermit(l, txn) } }
+        say "Removed #{licenses.join(', ')} from the license permitted licenses"
+      end
+    end
+  end
+end

data/lib/license_finder/cli/restricted_licenses.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module CLI
+    class RestrictedLicenses < Base
+      extend Subcommand
+      include MakesDecisions
+
+      desc 'list', 'List all the restricted licenses'
+      def list
+        say 'Restricted Licenses:', :blue
+        say_each(decisions.restricted, &:name)
+      end
+
+      auditable
+      desc 'add LICENSE...', 'Add one or more licenses to the restricted licenses'
+      def add(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.restrict(l, txn) } }
+        say "Added #{licenses.join(', ')} to the restricted licenses"
+      end
+
+      auditable
+      desc 'remove LICENSE...', 'Remove one or more licenses from the restricted licenses'
+      def remove(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.unrestrict(l, txn) } }
+        say "Removed #{licenses.join(', ')} from the restricted licenses"
+      end
+    end
+  end
+end

data/lib/license_finder/core.rb

@@ -42,7 +42,7 @@ module LicenseFinder
     end
 
     extend Forwardable
-    def_delegators :decision_applier, :acknowledged, :unapproved, :blacklisted, :any_packages?
+    def_delegators :decision_applier, :acknowledged, :unapproved, :restricted, :any_packages?
 
     def project_name
       decisions.project_name || config.project_path.basename.to_s

data/lib/license_finder/decision_applier.rb

@@ -14,8 +14,8 @@ module LicenseFinder
       acknowledged.reject(&:approved?)
     end
 
-    def blacklisted
-      acknowledged.select(&:blacklisted?)
+    def restricted
+      acknowledged.select(&:restricted?)
     end
 
     def any_packages?
@@ -53,12 +53,12 @@ module LicenseFinder
     end
 
     def with_approval(package)
-      if package.licenses.all? { |license| decisions.blacklisted?(license) }
-        package.blacklisted!
+      if package.licenses.all? { |license| decisions.restricted?(license) }
+        package.restricted!
       elsif decisions.approved?(package.name, package.version)
         package.approved_manually!(decisions.approval_of(package.name, package.version))
-      elsif package.licenses.any? { |license| decisions.whitelisted?(license) }
-        package.whitelisted!
+      elsif package.licenses.any? { |license| decisions.permitted?(license) }
+        package.permitted!
       end
       package
     end

data/lib/license_finder/decisions.rb

@@ -6,7 +6,7 @@ module LicenseFinder
     # READ
     ######
 
-    attr_reader :packages, :whitelisted, :blacklisted, :ignored, :ignored_groups, :project_name
+    attr_reader :packages, :permitted, :restricted, :ignored, :ignored_groups, :project_name
 
     def licenses_of(name)
       @licenses[name]
@@ -36,12 +36,12 @@ module LicenseFinder
       end
     end
 
-    def whitelisted?(lic)
-      @whitelisted.include?(lic)
+    def permitted?(lic)
+      @permitted.include?(lic)
     end
 
-    def blacklisted?(lic)
-      @blacklisted.include?(lic)
+    def restricted?(lic)
+      @restricted.include?(lic)
     end
 
     def ignored?(name)
@@ -68,8 +68,8 @@ module LicenseFinder
       @licenses = Hash.new { |h, k| h[k] = Set.new }
       @homepages = {}
       @approvals = {}
-      @whitelisted = Set.new
-      @blacklisted = Set.new
+      @permitted = Set.new
+      @restricted = Set.new
       @ignored = Set.new
       @ignored_groups = Set.new
     end
@@ -120,27 +120,27 @@ module LicenseFinder
       self
     end
 
-    def whitelist(lic, txn = {})
-      @decisions << [:whitelist, lic, txn]
-      @whitelisted << License.find_by_name(lic)
+    def permit(lic, txn = {})
+      @decisions << [:permit, lic, txn]
+      @permitted << License.find_by_name(lic)
       self
     end
 
-    def unwhitelist(lic, txn = {})
-      @decisions << [:unwhitelist, lic, txn]
-      @whitelisted.delete(License.find_by_name(lic))
+    def unpermit(lic, txn = {})
+      @decisions << [:unpermit, lic, txn]
+      @permitted.delete(License.find_by_name(lic))
       self
     end
 
-    def blacklist(lic, txn = {})
-      @decisions << [:blacklist, lic, txn]
-      @blacklisted << License.find_by_name(lic)
+    def restrict(lic, txn = {})
+      @decisions << [:restrict, lic, txn]
+      @restricted << License.find_by_name(lic)
       self
     end
 
-    def unblacklist(lic, txn = {})
-      @decisions << [:unblacklist, lic, txn]
-      @blacklisted.delete(License.find_by_name(lic))
+    def unrestrict(lic, txn = {})
+      @decisions << [:unrestrict, lic, txn]
+      @restricted.delete(License.find_by_name(lic))
       self
     end
 

data/lib/license_finder/license_aggregator.rb

@@ -22,8 +22,8 @@ module LicenseFinder
       aggregate_packages.reject(&:approved?)
     end
 
-    def blacklisted
-      aggregate_packages.select(&:blacklisted?)
+    def restricted
+      aggregate_packages.select(&:restricted?)
     end
 
     private

data/lib/license_finder/package.rb

@@ -48,8 +48,8 @@ module LicenseFinder
       @groups = options[:groups] || []
 
       ## APPROVAL
-      @whitelisted = false
-      @blacklisted = false
+      @permitted = false
+      @restricted = false
       @manual_approval = nil
 
       ## LICENSING
@@ -78,26 +78,26 @@ module LicenseFinder
     end
 
     def approved?
-      # Question: is `!blacklisted?` redundant?
-      # DecisionApplier does not call `whitelisted!` or `approved_manually!`
-      # if a Package has been blacklisted.
-      (approved_manually? || whitelisted?) && !blacklisted?
+      # Question: is `!restricted?` redundant?
+      # DecisionApplier does not call `permitted!` or `approved_manually!`
+      # if a Package has been restricted.
+      (approved_manually? || permitted?) && !restricted?
     end
 
-    def whitelisted!
-      @whitelisted = true
+    def permitted!
+      @permitted = true
     end
 
-    def whitelisted?
-      @whitelisted
+    def permitted?
+      @permitted
     end
 
-    def blacklisted!
-      @blacklisted = true
+    def restricted!
+      @restricted = true
     end
 
-    def blacklisted?
-      @blacklisted
+    def restricted?
+      @restricted
     end
 
     attr_reader :manual_approval
@@ -125,7 +125,7 @@ module LicenseFinder
     attr_reader :install_path # checked in tests, otherwise private
 
     def licenses
-      @licenses ||= activations.map(&:license).to_set
+      @licenses ||= activations.map(&:license).sort_by(&:name).to_set
     end
 
     def activations

data/lib/license_finder/package_manager.rb

@@ -152,6 +152,7 @@ require 'license_finder/package_managers/bundler'
 require 'license_finder/package_managers/npm'
 require 'license_finder/package_managers/yarn'
 require 'license_finder/package_managers/pip'
+require 'license_finder/package_managers/pipenv'
 require 'license_finder/package_managers/maven'
 require 'license_finder/package_managers/mix'
 require 'license_finder/package_managers/cocoa_pods'

data/lib/license_finder/package_managers/bundler.rb

@@ -24,7 +24,9 @@ module LicenseFinder
     end
 
     def prepare_command
-      'bundle install'
+      ignored_groups_argument = !ignored_groups.empty? ? "--without #{ignored_groups.to_a.join(' ')}" : ''
+
+      "bundle install #{ignored_groups_argument}".strip
     end
 
     def possible_package_paths

data/lib/license_finder/package_managers/composer.rb

@@ -29,7 +29,7 @@ module LicenseFinder
     end
 
     def prepare_command
-      'composer install'
+      'composer install --no-plugins --ignore-platform-reqs --no-interaction'
     end
 
     def package_path

data/lib/license_finder/package_managers/pip.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'json'
-require 'net/http'
 
 module LicenseFinder
   class Pip < PackageManager
@@ -17,7 +16,7 @@ module LicenseFinder
         PipPackage.new(
           name,
           version,
-          pypi_def(name, version),
+          PyPI.definition(name, version),
           logger: logger,
           children: children,
           install_path: Pathname(location).join(name)
@@ -57,24 +56,17 @@ module LicenseFinder
     private
 
     def pip_output
-      output = `python#{@python_version} #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} #{detected_package_path}`
-      JSON(output).map do |package|
-        package.values_at('name', 'version', 'dependencies', 'location')
-      end
-    end
-
-    def pypi_def(name, version)
-      response = pypi_request("https://pypi.org/pypi/#{name}/#{version}/json")
-      response.is_a?(Net::HTTPSuccess) ? JSON.parse(response.body).fetch('info', {}) : {}
-    end
+      command = "python#{@python_version == '2' ? '' : '3'} #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} #{detected_package_path}"
+      stdout, stderr, status = Cmd.run(command)
 
-    def pypi_request(location, limit = 10)
-      uri = URI(location)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = true
-      response = http.get(uri.request_uri).response
-
-      response.is_a?(Net::HTTPRedirection) && limit.positive? ? pypi_request(response['location'], limit - 1) : response
+      if status.success?
+        JSON(stdout).map do |package|
+          package.values_at('name', 'version', 'dependencies', 'location')
+        end
+      else
+        log_errors "LicenseFinder command '#{command}' failed:\n\t#{stderr}"
+        []
+      end
     end
   end
 end

data/lib/license_finder/package_managers/pipenv.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'license_finder/package_utils/pypi'
+
+module LicenseFinder
+  class Pipenv < PackageManager
+    def initialize(options = {})
+      super
+      @lockfile = Pathname('Pipfile.lock')
+    end
+
+    def current_packages
+      @current_packages ||=
+        begin
+          packages = {}
+          each_dependency(groups: allowed_groups) do |name, data, group|
+            version = canonicalize(data['version'])
+            package = packages.fetch(key_for(name, version)) do |key|
+              packages[key] = build_package_for(name, version)
+            end
+            package.groups << group
+          end
+          packages.values
+        end
+    end
+
+    def possible_package_paths
+      project_path ? [project_path.join(@lockfile)] : [@lockfile]
+    end
+
+    private
+
+    def each_dependency(groups: [])
+      dependencies = JSON.parse(IO.read(detected_package_path))
+      groups.each do |group|
+        dependencies[group].each do |name, data|
+          yield name, data, group
+        end
+      end
+    end
+
+    def canonicalize(version)
+      version.sub(/^==/, '')
+    end
+
+    def build_package_for(name, version)
+      PipPackage.new(name, version, PyPI.definition(name, version))
+    end
+
+    def key_for(name, version)
+      "#{name}-#{version}"
+    end
+
+    def allowed_groups
+      %w[default develop] - ignored_groups.to_a
+    end
+
+    def ignored_groups
+      @ignored_groups || []
+    end
+  end
+end