license_finder 5.2.3 → 5.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 68271c9c5eaa834d5e5ec4a131a1acde9bb32491fc5acad9ab5f589b3d37d044
4
- data.tar.gz: 804fd3a0522dc182b3bc61359688334319934fac1d52080a05dc134f0e8687d4
3
+ metadata.gz: 4f6aed769d4ad0cd9c9b6351c889ffc2ab66e2410601f2f26df043e09020889f
4
+ data.tar.gz: f82d12773e91b7879a46e9e6876d8056a7d901cd7005257eee3c66c1b45cba7d
5
5
  SHA512:
6
- metadata.gz: a8727090c39a1b98934df468a64de27fcb0083f459a4f5b9627c81c5d1b3afb4711386a15492c6110af1047d5ac755ff24185c9a0f5d8399113dd2df9afffcb9
7
- data.tar.gz: 060fa1fba5020b90e97ad1bcf0f4ed635e55a2885f660627f8a3b32736247e82489dc09e359da79ccbf59550a3dd61700c6f7d21c229355d8afe097e9b8f68c3
6
+ metadata.gz: 5477a62b4d082281a806f023572e1b382927a35cae497c5fb44901b6f5652bf88df2cc8cd1762dc69637ae8b9b806b9baa13cffa1f96286aad9cdf055651dda8
7
+ data.tar.gz: 2208b7c87598ed2daa3aebafb70e239416f9a333e0bf80549674657b87f6cd06d77ad115325044963b4dfb7e59331cf4bdaa498c51529024e47dad2d9ce170ed
data/Dockerfile CHANGED
@@ -116,6 +116,9 @@ RUN apt-get install -y python-dev && \
116
116
  pip install --ignore-installed six --ignore-installed colorama --ignore-installed requests --ignore-installed chardet --ignore-installed urllib3 --upgrade setuptools && \
117
117
  pip install conan
118
118
 
119
+ # install Cargo
120
+ RUN curl -sSf https://static.rust-lang.org/rustup.sh | sh -s -- --disable-sudo
121
+
119
122
  # install license_finder
120
123
  COPY . /LicenseFinder
121
124
  RUN bash -lc "cd /LicenseFinder && bundle install -j4 && rake install"
data/README.md CHANGED
@@ -50,6 +50,7 @@ report.
50
50
  * JavaScript (via `yarn`)
51
51
  * C++/C (via `conan`)
52
52
  * Scala (via `sbt`)
53
+ * Rust (via `cargo`)
53
54
 
54
55
  ## Installation
55
56
 
@@ -174,6 +175,7 @@ languages, as long as that language has a package definition in the project dire
174
175
  * `yarn.lock` file (for `yarn`)
175
176
  * `conanfile.txt` file (for `conan`)
176
177
  * `build.sbt` file (for `sbt`)
178
+ * `Cargo.lock` file (for `cargo`)
177
179
 
178
180
 
179
181
  ### Continuous Integration
@@ -3,7 +3,7 @@ resources:
3
3
  type: git
4
4
  source:
5
5
  uri: git@github.com:pivotal-legacy/LicenseFinder.git
6
- private_key: ((CfOslBotPrivateKey))
6
+ private_key: ((CfOslBot.private_key))
7
7
  branch: master
8
8
 
9
9
  - name: lf-image
@@ -11,8 +11,8 @@ resources:
11
11
  source:
12
12
  repository: licensefinder/license_finder
13
13
  email: ((LicenseFinderDockerEmail))
14
- username: ((LicenseFinderDockerUserName))
15
- password: ((LicenseFinderDockerPassword))
14
+ username: ((LicenseFinderDocker.username))
15
+ password: ((LicenseFinderDocker.password))
16
16
 
17
17
  - name: lf-release
18
18
  type: github-release
@@ -67,7 +67,7 @@ jobs:
67
67
  params:
68
68
  GIT_USERNAME: ((GithubApiUser))
69
69
  GIT_EMAIL: ((GithubApiEmail))
70
- GIT_PRIVATE_KEY: ((CfOslBotPrivateKey))
70
+ GIT_PRIVATE_KEY: ((CfOslBot.private_key))
71
71
  GEM_API_KEY: ((LicenseFinderGemApiKey))
72
72
  file: lf-git/ci/tasks/build-and-push-gem.yml
73
73
  - put: lf-release
@@ -99,7 +99,7 @@ jobs:
99
99
  params:
100
100
  GIT_USERNAME: ((GithubApiUser))
101
101
  GIT_EMAIL: ((GithubApiEmail))
102
- GIT_PRIVATE_KEY: ((CfOslBotPrivateKey))
102
+ GIT_PRIVATE_KEY: ((CfOslBot.private_key))
103
103
  GEM_API_KEY: ((LicenseFinderGemApiKey))
104
104
  file: lf-git/ci/tasks/build-and-push-gem.yml
105
105
  - put: lf-git
@@ -7,9 +7,7 @@ source /opt/resource/common.sh
7
7
  start_docker 3 3
8
8
 
9
9
  pushd LicenseFinder
10
- if [ ! -z "$(git diff master Dockerfile)" ]; then
11
- docker build . -t licensefinder/license_finder
12
- fi
10
+ docker build . -t licensefinder/license_finder
13
11
 
14
12
  docker run -v $PWD:/lf -it licensefinder/license_finder /bin/bash \
15
13
  -exlc "cd /lf && ci/scripts/run-tests.sh $RUBY_VERSION_UNDER_TEST"
@@ -80,6 +80,13 @@ module LicenseFinder
80
80
  type: :array
81
81
  end
82
82
 
83
+ desc 'project_roots', 'List project directories to be scanned'
84
+ shared_options
85
+ def project_roots
86
+ config.strict_matching = true
87
+ aggregate_paths
88
+ end
89
+
83
90
  desc 'action_items', 'List unapproved dependencies (the default action for `license_finder`)'
84
91
  shared_options
85
92
  format_option
@@ -162,7 +169,8 @@ module LicenseFinder
162
169
  check_valid_project_path
163
170
  aggregate_paths = config.aggregate_paths
164
171
  project_path = config.project_path || Pathname.pwd
165
- aggregate_paths = ProjectFinder.new(project_path).find_projects if config.recursive
172
+ aggregate_paths = ProjectFinder.new(project_path, config.strict_matching).find_projects if config.recursive
173
+ say(aggregate_paths || project_path) if config.strict_matching
166
174
  return aggregate_paths unless aggregate_paths.nil? || aggregate_paths.empty?
167
175
  [config.project_path] unless config.project_path.nil?
168
176
  end
@@ -122,6 +122,10 @@ module LicenseFinder
122
122
  get(:sbt_include_groups)
123
123
  end
124
124
 
125
+ attr_writer :strict_matching
126
+
127
+ attr_reader :strict_matching
128
+
125
129
  protected
126
130
 
127
131
  attr_accessor :primary_config
@@ -184,3 +184,4 @@ require 'license_finder/packages/nuget_package'
184
184
  require 'license_finder/packages/conan_package'
185
185
  require 'license_finder/packages/yarn_package'
186
186
  require 'license_finder/packages/sbt_package'
187
+ require 'license_finder/packages/cargo_package'
@@ -144,5 +144,6 @@ require 'license_finder/package_managers/nuget'
144
144
  require 'license_finder/package_managers/dep'
145
145
  require 'license_finder/package_managers/conan'
146
146
  require 'license_finder/package_managers/sbt'
147
+ require 'license_finder/package_managers/cargo'
147
148
 
148
149
  require 'license_finder/package'
@@ -0,0 +1,34 @@
1
+ require 'json'
2
+
3
+ module LicenseFinder
4
+ class Cargo < PackageManager
5
+ def current_packages
6
+ cargo_output.map do |package|
7
+ CargoPackage.new(package, logger: logger)
8
+ end
9
+ end
10
+
11
+ def self.package_management_command
12
+ 'cargo'
13
+ end
14
+
15
+ def self.prepare_command
16
+ 'cargo fetch'
17
+ end
18
+
19
+ def possible_package_paths
20
+ [project_path.join('Cargo.lock'), project_path.join('Cargo.toml')]
21
+ end
22
+
23
+ private
24
+
25
+ def cargo_output
26
+ command = "#{Cargo.package_management_command} metadata --format-version=1"
27
+
28
+ stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
29
+ raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
30
+ JSON(stdout)
31
+ .fetch('packages', [])
32
+ end
33
+ end
34
+ end
@@ -1,5 +1,4 @@
1
1
  require 'json'
2
-
3
2
  module LicenseFinder
4
3
  class GoWorkspace < PackageManager
5
4
  Submodule = Struct.new :install_path, :revision
@@ -8,6 +7,7 @@ module LicenseFinder
8
7
  def initialize(options = {})
9
8
  super
10
9
  @full_version = options[:go_full_version]
10
+ @strict_matching = options[:strict_matching]
11
11
  end
12
12
 
13
13
  def self.package_management_command
@@ -38,6 +38,7 @@ module LicenseFinder
38
38
  end
39
39
 
40
40
  def active?
41
+ return false if @strict_matching
41
42
  godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path))
42
43
  # go workspace is only active if GoDep wasn't. There are some projects
43
44
  # that will use the .envrc and have a Godep folder as well.
@@ -1,5 +1,5 @@
1
1
  require 'json'
2
- require 'httparty'
2
+ require 'net/http'
3
3
 
4
4
  module LicenseFinder
5
5
  class Pip < PackageManager
@@ -55,12 +55,11 @@ module LicenseFinder
55
55
  end
56
56
 
57
57
  def pypi_def(name, version)
58
- response = HTTParty.get("https://pypi.python.org/pypi/#{name}/#{version}/json")
59
- if response.code == 200
60
- JSON.parse(response.body).fetch('info', {})
61
- else
62
- {}
63
- end
58
+ uri = URI("https://pypi.org/pypi/#{name}/#{version}/json")
59
+ http = Net::HTTP.new(uri.host, uri.port)
60
+ http.use_ssl = true
61
+ response = http.get(uri.request_uri).response
62
+ response.is_a?(Net::HTTPSuccess) ? JSON.parse(response.body).fetch('info', {}) : {}
64
63
  end
65
64
  end
66
65
  end
@@ -0,0 +1,22 @@
1
+ module LicenseFinder
2
+ class CargoPackage < Package
3
+ def initialize(crate, options = {})
4
+ crate = crate.reject { |_, v| v.nil? || v == '' }
5
+ children = crate.fetch('dependencies', []).map { |p| p['name'] }
6
+ licenses = crate.fetch('license', '').split('/')
7
+ super(
8
+ crate['name'],
9
+ crate['version'],
10
+ options.merge(
11
+ summary: crate.fetch('description', '').strip,
12
+ spec_licenses: licenses.compact,
13
+ children: children
14
+ )
15
+ )
16
+ end
17
+
18
+ def package_manager
19
+ 'Cargo'
20
+ end
21
+ end
22
+ end
@@ -1,7 +1,8 @@
1
1
  module LicenseFinder
2
2
  class ProjectFinder
3
- def initialize(main_project_path)
3
+ def initialize(main_project_path, strict_matching = false)
4
4
  @package_managers = LicenseFinder::Scanner::PACKAGE_MANAGERS
5
+ @strict_matching = strict_matching
5
6
  @main_project_path = main_project_path
6
7
  end
7
8
 
@@ -41,7 +42,7 @@ module LicenseFinder
41
42
 
42
43
  def active_project?(project_path)
43
44
  active_project = @package_managers.map do |pm|
44
- pm.new(project_path: project_path).active?
45
+ pm.new(project_path: project_path, strict_matching: @strict_matching).active?
45
46
  end
46
47
  active_project.include?(true)
47
48
  end
@@ -1,7 +1,7 @@
1
1
  module LicenseFinder
2
2
  class Scanner
3
3
  PACKAGE_MANAGERS = [GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Dep, Bundler, NPM, Pip,
4
- Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt].freeze
4
+ Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt, Cargo].freeze
5
5
 
6
6
  def initialize(config = { project_path: Pathname.new('') })
7
7
  @config = config
@@ -1,3 +1,3 @@
1
1
  module LicenseFinder
2
- VERSION = '5.2.3'.freeze
2
+ VERSION = '5.3.0'.freeze
3
3
  end
@@ -46,7 +46,6 @@ Gem::Specification.new do |s|
46
46
  s.license = 'MIT'
47
47
 
48
48
  s.add_dependency 'bundler'
49
- s.add_dependency 'httparty'
50
49
  s.add_dependency 'rubyzip'
51
50
  s.add_dependency 'thor'
52
51
  s.add_dependency 'toml', '0.2.0'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_finder
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.2.3
4
+ version: 5.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Collins
@@ -27,7 +27,7 @@ authors:
27
27
  autorequire:
28
28
  bindir: bin
29
29
  cert_chain: []
30
- date: 2018-05-14 00:00:00.000000000 Z
30
+ date: 2018-06-05 00:00:00.000000000 Z
31
31
  dependencies:
32
32
  - !ruby/object:Gem::Dependency
33
33
  name: bundler
@@ -43,20 +43,6 @@ dependencies:
43
43
  - - ">="
44
44
  - !ruby/object:Gem::Version
45
45
  version: '0'
46
- - !ruby/object:Gem::Dependency
47
- name: httparty
48
- requirement: !ruby/object:Gem::Requirement
49
- requirements:
50
- - - ">="
51
- - !ruby/object:Gem::Version
52
- version: '0'
53
- type: :runtime
54
- prerelease: false
55
- version_requirements: !ruby/object:Gem::Requirement
56
- requirements:
57
- - - ">="
58
- - !ruby/object:Gem::Version
59
- version: '0'
60
46
  - !ruby/object:Gem::Dependency
61
47
  name: rubyzip
62
48
  requirement: !ruby/object:Gem::Requirement
@@ -373,6 +359,7 @@ files:
373
359
  - lib/license_finder/package_manager.rb
374
360
  - lib/license_finder/package_managers/bower.rb
375
361
  - lib/license_finder/package_managers/bundler.rb
362
+ - lib/license_finder/package_managers/cargo.rb
376
363
  - lib/license_finder/package_managers/carthage.rb
377
364
  - lib/license_finder/package_managers/cocoa_pods.rb
378
365
  - lib/license_finder/package_managers/conan.rb
@@ -402,6 +389,7 @@ files:
402
389
  - lib/license_finder/package_utils/sbt_dependency_finder.rb
403
390
  - lib/license_finder/packages/bower_package.rb
404
391
  - lib/license_finder/packages/bundler_package.rb
392
+ - lib/license_finder/packages/cargo_package.rb
405
393
  - lib/license_finder/packages/carthage_package.rb
406
394
  - lib/license_finder/packages/cocoa_pods_package.rb
407
395
  - lib/license_finder/packages/conan_package.rb
@@ -456,7 +444,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
456
444
  version: '0'
457
445
  requirements: []
458
446
  rubyforge_project:
459
- rubygems_version: 2.7.6
447
+ rubygems_version: 2.7.7
460
448
  signing_key:
461
449
  specification_version: 4
462
450
  summary: Audit the OSS licenses of your application's dependencies.