license_finder 5.4.1 → 5.5.0

data/lib/license_finder/package_managers/conan.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'license_finder/package_utils/conan_info_parser'
 
 module LicenseFinder

data/lib/license_finder/package_managers/dep.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'toml'
 
 module LicenseFinder

data/lib/license_finder/package_managers/glide.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   class Glide < PackageManager
     def possible_package_paths

data/lib/license_finder/package_managers/go_15vendorexperiment.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'json'
 
 module LicenseFinder
@@ -23,6 +25,7 @@ module LicenseFinder
       Dir.chdir(path) do
         stdout, _stderr, status = Cmd.run('git rev-list --max-count 1 HEAD')
         raise 'git rev-list failed' unless status.success?
+
         stdout.strip
       end
     end
@@ -55,6 +58,7 @@ module LicenseFinder
         val, _stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...')
         ENV['GOPATH'] = orig_gopath
         return [] unless status.success?
+
         # Select non-standard packages. `go list std` returns the list of standard
         # dependencies. We then filter those dependencies out of the full list of
         # dependencies.

data/lib/license_finder/package_managers/go_dep.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'json'
 
 module LicenseFinder
@@ -8,20 +10,8 @@ module LicenseFinder
     end
 
     def current_packages
-      json = JSON.parse(detected_package_path.read)
+      packages_from_json(detected_package_path.read)
       # godep includes subpackages as a seperate dependency, we can de-dup that
-
-      dependencies_info = json['Deps'].map do |dep_json|
-        {
-          'Homepage' => homepage(dep_json),
-          'ImportPath' => import_path(dep_json),
-          'InstallPath' => dep_json['InstallPath'],
-          'Rev' => dep_json['Rev']
-        }
-      end
-      dependencies_info.uniq.map do |info|
-        GoPackage.from_dependency(info, install_prefix, @full_version)
-      end
     end
 
     def self.takes_priority_over
@@ -51,15 +41,31 @@ module LicenseFinder
       project_path.join('Godeps/_workspace')
     end
 
-    def homepage(dependency_json)
-      import_path dependency_json
-    end
+    def packages_from_json(json_string)
+      all_packages = JSON.parse(json_string)['Deps']
+      packages_grouped_by_revision = all_packages.group_by { |package| package['Rev'] }
+
+      result = []
+      packages_grouped_by_revision.each do |_sha, packages_in_group|
+        all_paths_in_group = packages_in_group.map { |p| p['ImportPath'] }
+        common_paths = CommonPathHelper.longest_common_paths(all_paths_in_group)
+        package_info = packages_in_group.first
 
-    def import_path(dependency_json)
-      import_path = dependency_json['ImportPath']
-      return import_path unless import_path.include?('github.com')
+        common_paths.each do |common_path|
+          dependency_info_hash = {
+            'Homepage' => common_path,
+            'ImportPath' => common_path,
+            'InstallPath' => package_info['InstallPath'],
+            'Rev' => package_info['Rev']
+          }
+
+          result << GoPackage.from_dependency(dependency_info_hash,
+                                              install_prefix,
+                                              @full_version)
+        end
+      end
 
-      import_path.split('/')[0..2].join('/')
+      result
     end
   end
 end

data/lib/license_finder/package_managers/go_modules.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'license_finder/packages/go_package'
+
+module LicenseFinder
+  class GoModules < PackageManager
+    PACKAGES_FILE = 'go.sum'
+
+    class << self
+      def takes_priority_over
+        Go15VendorExperiment
+      end
+
+      def prepare_command
+        'go mod vendor'
+      end
+    end
+
+    def active?
+      sum_files?
+    end
+
+    def current_packages
+      sum_file_paths.uniq.map do |file_path|
+        read_sum(file_path)
+      end.flatten
+    end
+
+    private
+
+    def sum_files?
+      sum_file_paths.any?
+    end
+
+    def sum_file_paths
+      Dir[project_path.join(PACKAGES_FILE)]
+    end
+
+    def read_sum(file_path)
+      contents = File.read(file_path)
+      contents.each_line.map do |line|
+        line.include?('go.mod') ? nil : read_package(file_path, line)
+      end.compact
+    end
+
+    def read_package(file_path, line)
+      parts = line.split(' ')
+      install_path = File.dirname(file_path)
+
+      name = parts[0]
+      version = parts[1]
+
+      info = {
+        'ImportPath' => name,
+        'InstallPath' => install_path,
+        'Rev' => version
+      }
+
+      GoPackage.from_dependency(info, nil, true)
+    end
+  end
+end

data/lib/license_finder/package_managers/go_workspace.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'json'
 module LicenseFinder
   class GoWorkspace < PackageManager
@@ -23,6 +25,7 @@ module LicenseFinder
           submodule.install_path =~ /#{repo_name(gp)}$/
         end.first
         next unless import_path
+
         dependency_info = {
           'ImportPath' => repo_name(import_path),
           'Homepage' => repo_name(import_path),
@@ -43,6 +46,7 @@ module LicenseFinder
 
     def active?
       return false if @strict_matching
+
       godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path))
       # go workspace is only active if GoDep wasn't. There are some projects
       # that will use the .envrc and have a Godep folder as well.
@@ -76,6 +80,7 @@ module LicenseFinder
         val, _stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...')
         ENV['GOPATH'] = orig_gopath
         raise 'go list failed' unless status.success?
+
         # Select non-standard packages. `go list std` returns the list of standard
         # dependencies. We then filter those dependencies out of the full list of
         # dependencies.
@@ -93,6 +98,7 @@ module LicenseFinder
       Dir.chdir(detected_package_path) do |_d|
         result, _stderr, status = Cmd.run('git submodule status')
         raise 'git submodule status failed' unless status.success?
+
         result.lines.map do |l|
           columns = l.split.map(&:strip)
           Submodule.new File.join(detected_package_path, columns[1]), columns[0]

data/lib/license_finder/package_managers/govendor.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'license_finder/shared_helpers/common_path'
 require 'json'
 
@@ -38,24 +40,34 @@ module LicenseFinder
       packages = data['package']
 
       packages_by_sha = {}
+      packages_with_no_sha = []
 
       packages.each do |package|
         package_path = package['path']
         package_revision = package['revision']
-        if packages_by_sha[package_revision].nil?
+
+        if !package_is_versioned?(package)
+          packages_with_no_sha << { sha: '', path: package_path }
+        elsif packages_by_sha[package_revision].nil?
           packages_by_sha[package_revision] = [package_path]
         else
           packages_by_sha[package_revision] << package_path
         end
       end
 
-      result = []
+      result = packages_with_no_sha
       packages_by_sha.each do |sha, paths|
-        common_paths = CommonPathHelper.shortest_common_paths(paths)
+        common_paths = CommonPathHelper.longest_common_paths(paths)
         common_paths.each { |cp| result << { sha: sha, path: cp } }
       end
 
       result
     end
+
+    def package_is_versioned?(package)
+      package_revision = package['revision']
+
+      !package_revision.nil? && !package_revision.empty?
+    end
   end
 end

data/lib/license_finder/package_managers/gradle.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'xmlsimple'
 require 'with_env'
 require 'license_finder/package_utils/gradle_dependency_finder'

data/lib/license_finder/package_managers/gvt.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'license_finder/shared_helpers/common_path'
 module LicenseFinder
   class Gvt < PackageManager
@@ -22,6 +24,7 @@ module LicenseFinder
       split_package_path = detected_package_path.to_s.split('/')
       vendor_dir_depth = split_package_path.index('vendor')
       return [] if vendor_dir_depth.nil?
+
       vendor_dir_parent_depth = vendor_dir_depth - 1
 
       is_project_root_parent_of_vendor_dir = project_root_depth == vendor_dir_parent_depth
@@ -37,6 +40,7 @@ module LicenseFinder
 
       stdout, _stderr, status = Cmd.run(shell_command)
       return [] unless status.success?
+
       packages_from_output(stdout, path)
     end
 
@@ -62,7 +66,7 @@ module LicenseFinder
 
       result = []
       packages_by_sha.each do |sha, info|
-        paths = CommonPathHelper.shortest_common_paths(info['paths'])
+        paths = CommonPathHelper.longest_common_paths(info['paths'])
 
         paths.each { |p| result << [sha, p, info['repo']] }
       end

data/lib/license_finder/package_managers/maven.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'xmlsimple'
 require 'license_finder/package_utils/maven_dependency_finder'
 

data/lib/license_finder/package_managers/mix.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   class Mix < PackageManager
     def initialize(options = {})

data/lib/license_finder/package_managers/npm.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'json'
 require 'tempfile'
 
@@ -23,6 +25,7 @@ module LicenseFinder
       prep_cmd = "#{NPM.prepare_command}#{production_flag}"
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
+
       log_errors stderr
       raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
     end
@@ -39,6 +42,7 @@ module LicenseFinder
 
     def production_flag
       return '' if @ignored_groups.nil?
+
       @ignored_groups.include?('devDependencies') ? ' --production' : ''
     end
   end

data/lib/license_finder/package_managers/nuget.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rexml/document'
 require 'zip'
 
@@ -57,6 +59,7 @@ module LicenseFinder
     def license_urls(dep)
       files = Dir["**/#{dep.name}.#{dep.version}.nupkg"]
       return nil if files.empty?
+
       file = files.first
       Zip::File.open file do |zipfile|
         content = zipfile.read(dep.name + '.nuspec')
@@ -71,6 +74,7 @@ module LicenseFinder
 
     def self.package_management_command
       return 'nuget' if LicenseFinder::Platform.windows?
+
       'mono /usr/local/bin/nuget.exe'
     end
 
@@ -90,6 +94,7 @@ module LicenseFinder
 
     def self.nuget_check
       return 'where nuget' if LicenseFinder::Platform.windows?
+
       'which mono && ls /usr/local/bin/nuget.exe'
     end
   end

data/lib/license_finder/package_managers/pip.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'json'
 require 'net/http'
 
@@ -33,6 +35,7 @@ module LicenseFinder
       prep_cmd = "#{Pip.prepare_command} -r #{@requirements_path}"
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
+
       log_errors stderr
       raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
     end
@@ -65,7 +68,7 @@ module LicenseFinder
       http.use_ssl = true
       response = http.get(uri.request_uri).response
 
-      response.is_a?(Net::HTTPRedirection) && limit > 0 ? pypi_request(response['location'], limit - 1) : response
+      response.is_a?(Net::HTTPRedirection) && limit.positive? ? pypi_request(response['location'], limit - 1) : response
     end
   end
 end

data/lib/license_finder/package_managers/rebar.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   class Rebar < PackageManager
     def initialize(options = {})

data/lib/license_finder/package_managers/sbt.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'csv'
 require 'license_finder/package_utils/sbt_dependency_finder'
 

data/lib/license_finder/package_managers/yarn.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   class Yarn < PackageManager
-    SHELL_COMMAND = 'yarn licenses list --no-progress --json'.freeze
+    SHELL_COMMAND = 'yarn licenses list --no-progress --json'
 
     def possible_package_paths
       [project_path.join('yarn.lock')]
@@ -40,6 +42,7 @@ module LicenseFinder
       prep_cmd = "#{Yarn.prepare_command}#{production_flag}"
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
+
       log_errors stderr
       raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
     end
@@ -70,7 +73,7 @@ module LicenseFinder
 
       valid_packages.map do |package_hash|
         YarnPackage.new(package_hash['Name'], package_hash['Version'], spec_licenses: [package_hash['License']],
-                        homepage: package_hash['VendorUrl'])
+                                                                       homepage: package_hash['VendorUrl'])
       end
     end
 
@@ -83,6 +86,7 @@ module LicenseFinder
 
     def production_flag
       return '' if @ignored_groups.nil?
+
       @ignored_groups.include?('devDependencies') ? ' --production' : ''
     end
   end

data/lib/license_finder/package_utils/activation.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   module Activation
     # An Activation reports that a license has been activated for a package, and

data/lib/license_finder/package_utils/conan_info_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   class ConanInfoParser
     def parse(info)
@@ -9,6 +11,7 @@ module LicenseFinder
       @current_key = nil # current key to be associated with the current val
       while (line = @lines.shift)
         next if line == ''
+
         case @state
         when :project_level
           @current_project = {}

data/lib/license_finder/package_utils/gradle_dependency_finder.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module LicenseFinder
   class GradleDependencyFinder
     def initialize(project_path)