license_finder 6.10.0 → 6.12.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 006762262d406303612afa6cecfe8eef1c2812bc845664c976bf93f047775b38
4
- data.tar.gz: 70d8bf402df648d8d1ad35038e021b30a66511e80a07e120e520e394d656b909
3
+ metadata.gz: c85ec7cd64df538fe5b99e3984a2ef369c8c09d73c7c07ac72ed39b246054dc1
4
+ data.tar.gz: 3c22d0d435a980d2a7853492f7043c7fabc67a2e8a6fede8fc74abdd86b8d4fe
5
5
  SHA512:
6
- metadata.gz: f7bf3097774f1babde5e5326a0568412f4bdfb39bcb02923e89cbc20b0bae316e0c08be77d15a92f4a0d28036c44fdc55f1e7984c607f7a17d4e8f8b42273a96
7
- data.tar.gz: 2a4e56a8bec0ee4a68b6b91814030bb5b32cf40cb4e2b9cb75e3a082adb96ea27f56f6152dadd46a1b03d4f81e63d1ad78c6071d4a20ee0e14809f1a9e82da61
6
+ metadata.gz: f2f62d260d5d8a3f6090f4ceefa4ab1145b301b35cdd2489049936739a2aea3553b30ab112996c04c27c6dd2bcf3fe0f010f6d5b8eedb1e8ea5b22960d4534c2
7
+ data.tar.gz: 58f912ce7df4de805fb8a6b80ff1fb39608254bb9e955618d4b8b96d9b2c5a9f1e65b03701f96057b848338c44a3d1eb444c4e09f19f7d8be19f6f1ccbc7a774
data/.rubocop.yml CHANGED
@@ -27,9 +27,9 @@ BlockLength:
27
27
  ClassLength:
28
28
  Enabled: false
29
29
  CyclomaticComplexity:
30
- Max: 10
30
+ Max: 15
31
31
  PerceivedComplexity:
32
- Max: 10
32
+ Max: 15
33
33
  LineLength:
34
34
  Max: 200
35
35
  MethodLength:
data/CHANGELOG.md CHANGED
@@ -1,3 +1,22 @@
1
+ # [6.12.2] / 2021-04-14
2
+
3
+ ### Changed
4
+ * exit when go mod list command fails - [fcf1f707](https://github.com/pivotal/LicenseFinder/commit/fcf1f7076dee2ff730e3c8b608381aca22de0e92) - Jeff Jun
5
+
6
+ # [6.12.1] / 2021-04-12
7
+
8
+ # [6.12.0] / 2021-03-05
9
+
10
+ ### Added
11
+ * Provide homepage information for GoDep and Go15Vendor package managers - [bae1bda9](https://github.com/pivotal/LicenseFinder/commit/bae1bda9d76cb922405d7efca9c67e2583db70d4) - Jeff Jun
12
+
13
+ # [6.11.0] / 2021-03-04
14
+
15
+ ### Added
16
+ * Add homepage for go_modules package manager - [912394a8](https://github.com/pivotal/LicenseFinder/commit/912394a8a6ab4c31b6918a21da9f37d5b368ed6b)
17
+
18
+ # [6.10.1] / 2021-01-08
19
+
1
20
  # [6.10.0] / 2020-11-27
2
21
 
3
22
  # [6.9.0] / 2020-10-05
@@ -924,3 +943,8 @@ Bugfixes:
924
943
  [6.8.2]: https://github.com/pivotal/LicenseFinder/compare/v6.8.1...v6.8.2
925
944
  [6.9.0]: https://github.com/pivotal/LicenseFinder/compare/v6.8.2...v6.9.0
926
945
  [6.10.0]: https://github.com/pivotal/LicenseFinder/compare/v6.9.0...v6.10.0
946
+ [6.10.1]: https://github.com/pivotal/LicenseFinder/compare/v6.10.0...v6.10.1
947
+ [6.11.0]: https://github.com/pivotal/LicenseFinder/compare/v6.10.1...v6.11.0
948
+ [6.12.0]: https://github.com/pivotal/LicenseFinder/compare/v6.11.0...v6.12.0
949
+ [6.12.1]: https://github.com/pivotal/LicenseFinder/compare/v6.12.0...v6.12.1
950
+ [6.12.2]: https://github.com/pivotal/LicenseFinder/compare/v6.12.1...v6.12.2
data/CONTRIBUTING.md CHANGED
@@ -24,8 +24,8 @@ will use the gem version installed inside the docker image.
24
24
 
25
25
  ## Useful Tips
26
26
 
27
- To build the docker image simply call `docker build .` or explicitly pass the `Dockerfile`. Prebuilt versions of the
28
- dockerfile can also be found on [Dockerhub](https://hub.docker.com/r/licensefinder/license_finder/tags/).
27
+ To build the docker image simply call `docker build .` or explicitly pass the `Dockerfile`. Prebuilt versions of the
28
+ dockerfile can also be found on [Dockerhub](https://hub.docker.com/r/licensefinder/license_finder/tags/).
29
29
 
30
30
  To launch the docker image and interact with it via bash:
31
31
  ```
@@ -91,6 +91,7 @@ To successfully run the test suite, you will need the following installed:
91
91
  - Conan
92
92
  - NuGet
93
93
  - dotnet
94
+ - Conda (requires python)
94
95
 
95
96
  The [LicenseFinder docker image](https://hub.docker.com/r/licensefinder/license_finder/) already contains these dependencies.
96
97
 
data/Dockerfile CHANGED
@@ -2,7 +2,7 @@ FROM ubuntu:xenial
2
2
 
3
3
  # Versioning
4
4
  ENV PIP_INSTALL_VERSION 19.0.2
5
- ENV PIP3_INSTALL_VERSION 8.1.1
5
+ ENV PIP3_INSTALL_VERSION 20.0.2
6
6
  ENV GO_LANG_VERSION 1.14.3
7
7
  ENV MAVEN_VERSION 3.6.0
8
8
  ENV SBT_VERSION 1.3.3
@@ -25,7 +25,7 @@ RUN apt-get update && apt-get install -y \
25
25
  RUN add-apt-repository ppa:git-core/ppa && apt-get update && apt-get install -y git
26
26
 
27
27
  # nodejs seems to be required for the one of the gems
28
- RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
28
+ RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
29
29
  apt-get -y install nodejs
30
30
 
31
31
  # install yarn
@@ -55,8 +55,8 @@ RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
55
55
 
56
56
  # install and update python and python-pip
57
57
  RUN apt-get install -y python python-pip python3-pip && \
58
- pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION && \
59
- pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
58
+ python3 -m pip install pip==$PIP3_INSTALL_VERSION --upgrade && \
59
+ python -m pip install pip==$PIP_INSTALL_VERSION --upgrade --force
60
60
 
61
61
  # install maven
62
62
  RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \
@@ -167,6 +167,18 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
167
167
  php -r "unlink('composer-setup.php');" &&\
168
168
  mv composer.phar /usr/bin/composer
169
169
 
170
+ # install miniconda
171
+ # See https://docs.conda.io/en/latest/miniconda_hashes.html
172
+ # for latest versions and SHAs.
173
+ WORKDIR /tmp
174
+ RUN \
175
+ conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
176
+ ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
177
+ wget -q https://repo.anaconda.com/miniconda/${conda_installer} &&\
178
+ sha=`openssl sha256 "${conda_installer}" | cut -d' ' -f2` &&\
179
+ ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
180
+ (echo; echo "yes") | sh "${conda_installer}"
181
+
170
182
  # install license_finder
171
183
  COPY . /LicenseFinder
172
184
  RUN bash -lc "cd /LicenseFinder && bundle config set no-cache 'true' && bundle install -j4 && rake install"
data/README.md CHANGED
@@ -54,6 +54,7 @@ and give you an actionable exception report.
54
54
  * Rust (via `cargo`)
55
55
  * Go Modules (via `go mod`)
56
56
  * PHP (via `composer`)
57
+ * Python (via Conda [Conda 4.8.3, Python 3.7, Bash; requires an `environment.yml` or `environment.yaml`])
57
58
 
58
59
  ## Installation
59
60
 
@@ -121,9 +122,9 @@ be useful when you need to track down an unexpected package or
121
122
  license.
122
123
 
123
124
  If you do not want to manually run an individual package manager's prepare
124
- command (ex: `bundle install`, `npm install`, etc) to ensure your project
125
+ command (ex: `bundle install`, `npm install`, etc) to ensure your project
125
126
  is fully prepared to be scanned, use the `--prepare` or `-p` option which will run
126
- each active package manager's prepare command for you. If you would like to continue
127
+ each active package manager's prepare command for you. If you would like to continue
127
128
  running `license_finder` even if there is an issue with a prepare step, use the
128
129
  `--prepare-no-fail` option which prepares but carries on despite any potential failures.
129
130
 
@@ -156,7 +157,7 @@ You can better understand the way this script works by looking at its source, bu
156
157
  reference it will mount your current directory at the path `/scan` and run any commands
157
158
  passed to it from that directory.
158
159
 
159
- Note that the docker image will run the gem which is installed within it.
160
+ Note that the docker image will run the gem which is installed within it.
160
161
  So the docker image tagged `4.0.2` will run *License Finder Version 4.0.2*
161
162
 
162
163
  See the [contributing guide](https://github.com/pivotal/LicenseFinder/blob/master/CONTRIBUTING.md) for information on development.
@@ -310,7 +311,7 @@ be approved. The project name at the top of the report can be set with
310
311
  `license_finder project_name add`.
311
312
 
312
313
  ### Note:
313
- When using the yarn package manager, when a node_module's package.json doesn't
314
+ When using the yarn package manager, when a node_module's package.json doesn't
314
315
  explicitly declare a license, yarn indicates that it has inferred the license based
315
316
  on some keywords in other files by appending an asterisk to the license name. If you
316
317
  see a * at the end of the license name, this is intended.
@@ -423,11 +424,11 @@ set `--mix_deps_dir` to fetch Mix dependencies from a custom directory.
423
424
  ### Narrow down Package Manager
424
425
 
425
426
  By default, license_finder will check for all supported package managers,
426
- but you can narrow it down to use only those you pass to `--enabled-package-manager`.
427
+ but you can narrow it down to use only those you pass to `--enabled-package-managers`.
427
428
  For example,
428
429
 
429
430
  ```
430
- $ license_finder --enabled-package-manager bundler npm
431
+ $ license_finder --enabled-package-managers bundler npm
431
432
  ```
432
433
 
433
434
  ### Saving Configuration
@@ -475,9 +476,9 @@ downloadLicenses {
475
476
  ### Conan Projects
476
477
 
477
478
  `license_finder` supports Conan. You need to have the following lines in your conanfile.txt for `license_finder` to retrieve dependencies' licenses.
478
- Ensure that `conan install` does not generate an error.
479
+ Ensure that `conan install` does not generate an error.
479
480
 
480
- ```
481
+ ```
481
482
  [imports]
482
483
  ., license* -> ./licenses @ folder=True, ignore_case=True
483
484
  ```
@@ -531,9 +532,9 @@ And save a `LICENSE` file which contains your license text in your repo.
531
532
 
532
533
  * Bundler
533
534
  * When using `--project-path`, Bundler cannot find the Gemfile.
534
-
535
+
535
536
  * Yarn
536
- * A module that is incompatible with the platform on which
537
+ * A module that is incompatible with the platform on which
537
538
  license_finder is run will always be reported to have a license type
538
539
  of "unknown". ([#456](https://github.com/pivotal/LicenseFinder/issues/456))
539
540
 
data/Rakefile CHANGED
@@ -54,7 +54,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
54
54
  puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
55
55
  end
56
56
 
57
- ruby_versions = %w[2.7.1 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
57
+ ruby_versions = %w[2.7.1 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.14.0]
58
58
 
59
59
  params = []
60
60
  params << "ruby_versions=#{ruby_versions.join(',')}"
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.10.0
1
+ 6.12.2
@@ -156,7 +156,7 @@ jobs:
156
156
  plan:
157
157
  - get: lf-git
158
158
  tags: ["private-worker"]
159
- passed: [<%= "#{ruby_versions.map{ |version| "ruby-#{version}"}.join(', ')}, rubocop" %>]
159
+ passed: [<%= "#{ruby_versions.map{ |version| "ruby-#{version}" unless version == "jruby-9.2.14.0" }.compact.join(', ') }, rubocop" %>]
160
160
  - get: semver-version
161
161
  tags: ["private-worker"]
162
162
  trigger: true
@@ -58,7 +58,9 @@ module LicenseFinder
58
58
  :columns,
59
59
  :aggregate_paths,
60
60
  :recursive,
61
- :sbt_include_groups
61
+ :sbt_include_groups,
62
+ :conda_bash_setup_script,
63
+ :composer_check_require_only
62
64
  ).merge(
63
65
  logger: logger_mode
64
66
  )
@@ -38,6 +38,9 @@ module LicenseFinder
38
38
  class_option :mix_command, desc: "Command to use when fetching packages through Mix. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'mix'."
39
39
  class_option :mix_deps_dir, desc: "Path to Mix dependencies directory. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'deps'."
40
40
  class_option :sbt_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Scala/sbt project. Defaults to false.'
41
+ class_option :conda_bash_setup_script, desc: "Path to conda.sh script. Only meaningful if used with a Conda project. Defaults to '~/miniconda3/etc/profile.d/conda.sh'."
42
+ class_option :composer_check_require_only,
43
+ desc: "Whether to only check for licenses from dependencies on the 'require' section. Only meaningful if used with a Composer project. Defaults to false."
41
44
 
42
45
  # Method options which are shared between report and action_item
43
46
  def self.format_option
@@ -97,6 +97,10 @@ module LicenseFinder
97
97
  get(:pip_requirements_path)
98
98
  end
99
99
 
100
+ def conda_bash_setup_script
101
+ get(:conda_bash_setup_script)
102
+ end
103
+
100
104
  def python_version
101
105
  get(:python_version)
102
106
  end
@@ -141,6 +145,10 @@ module LicenseFinder
141
145
  get(:sbt_include_groups)
142
146
  end
143
147
 
148
+ def composer_check_require_only
149
+ get(:composer_check_require_only)
150
+ end
151
+
144
152
  attr_writer :strict_matching
145
153
 
146
154
  attr_reader :strict_matching
@@ -108,7 +108,9 @@ module LicenseFinder
108
108
  mix_deps_dir: config.mix_deps_dir,
109
109
  prepare: config.prepare,
110
110
  prepare_no_fail: config.prepare_no_fail,
111
- sbt_include_groups: config.sbt_include_groups
111
+ sbt_include_groups: config.sbt_include_groups,
112
+ conda_bash_setup_script: config.conda_bash_setup_script,
113
+ composer_check_require_only: config.composer_check_require_only
112
114
  }
113
115
  end
114
116
  end
@@ -281,6 +281,13 @@ module LicenseFinder
281
281
  return result unless persisted
282
282
 
283
283
  actions = YAML.load(persisted)
284
+
285
+ list_of_actions = (actions || []).map(&:first)
286
+
287
+ if (list_of_actions & %i[whitelist blacklist]).any?
288
+ raise 'The decisions file seems to have whitelist/blacklist keys which are deprecated. Please replace them with permit/restrict respectively and try again! More info - https://github.com/pivotal/LicenseFinder/commit/a40b22fda11b3a0efbb3c0a021381534bc998dd9'
289
+ end
290
+
284
291
  (actions || []).each do |action, *args|
285
292
  result.send(action, *args)
286
293
  end
@@ -38,7 +38,7 @@ module LicenseFinder
38
38
 
39
39
  ## DESCRIPTION
40
40
  @name = name
41
- @version = version
41
+ @version = version || ''
42
42
  @authors = options[:authors] || ''
43
43
  @summary = options[:summary] || ''
44
44
  @description = options[:description] || ''
@@ -198,3 +198,4 @@ require 'license_finder/packages/yarn_package'
198
198
  require 'license_finder/packages/sbt_package'
199
199
  require 'license_finder/packages/cargo_package'
200
200
  require 'license_finder/packages/composer_package'
201
+ require 'license_finder/packages/conda_package'
@@ -129,10 +129,10 @@ module LicenseFinder
129
129
  def log_errors_with_cmd(prep_cmd, stderr)
130
130
  logger.info(prep_cmd, 'did not succeed.', color: :red)
131
131
  logger.info(prep_cmd, stderr, color: :red)
132
- log_to_file stderr
132
+ log_to_file(prep_cmd, stderr)
133
133
  end
134
134
 
135
- def log_to_file(contents)
135
+ def log_to_file(prep_cmd, contents)
136
136
  FileUtils.mkdir_p @log_directory
137
137
 
138
138
  # replace whitespace with underscores and remove slashes
@@ -140,7 +140,7 @@ module LicenseFinder
140
140
  log_file = File.join(@log_directory, "prepare_#{log_file_name || 'errors'}.log")
141
141
 
142
142
  File.open(log_file, 'w') do |f|
143
- f.write("Prepare command \"#{prepare_command}\" failed with:\n")
143
+ f.write("Prepare command \"#{prep_cmd}\" failed with:\n")
144
144
  f.write("#{contents}\n\n")
145
145
  end
146
146
  end
@@ -175,5 +175,6 @@ require 'license_finder/package_managers/conan'
175
175
  require 'license_finder/package_managers/sbt'
176
176
  require 'license_finder/package_managers/cargo'
177
177
  require 'license_finder/package_managers/composer'
178
+ require 'license_finder/package_managers/conda'
178
179
 
179
180
  require 'license_finder/package'
@@ -4,7 +4,10 @@ require 'json'
4
4
 
5
5
  module LicenseFinder
6
6
  class Composer < PackageManager
7
- SHELL_COMMAND = 'composer licenses --format=json'
7
+ def initialize(options = {})
8
+ super
9
+ @check_require_only = !!options[:composer_check_require_only]
10
+ end
8
11
 
9
12
  def possible_package_paths
10
13
  [project_path.join('composer.lock'), project_path.join('composer.json')]
@@ -50,8 +53,9 @@ module LicenseFinder
50
53
  end
51
54
 
52
55
  def composer_json
53
- stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(Composer::SHELL_COMMAND) }
54
- raise "Command '#{Composer::SHELL_COMMAND}' failed to execute: #{stderr}" unless status.success?
56
+ command = "composer licenses --format=json#{@check_require_only ? ' --no-dev' : ''}"
57
+ stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
58
+ raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
55
59
 
56
60
  JSON(stdout)
57
61
  end
@@ -0,0 +1,131 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+
5
+ module LicenseFinder
6
+ class Conda < PackageManager
7
+ attr_reader :conda_bash_setup_script
8
+
9
+ def initialize(options = {})
10
+ @conda_bash_setup_script = options[:conda_bash_setup_script] || Pathname("#{ENV['HOME']}/miniconda3/etc/profile.d/conda.sh")
11
+ super
12
+ end
13
+
14
+ # This command is *not* directly executable. See .conda() below.
15
+ def prepare_command
16
+ "conda env create -f #{detected_package_path}"
17
+ end
18
+
19
+ def prepare
20
+ return if environment_exists?
21
+
22
+ prep_cmd = prepare_command
23
+ _stdout, stderr, status = Dir.chdir(project_path) { conda(prep_cmd) }
24
+ return if status.success?
25
+
26
+ log_errors stderr
27
+ raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
28
+ end
29
+
30
+ def current_packages
31
+ conda_list.map do |entry|
32
+ case entry['channel']
33
+ when 'pypi'
34
+ # PyPI is much faster than `conda search`, use it when we can.
35
+ PipPackage.new(entry['name'], entry['version'], PyPI.definition(entry['name'], entry['version']))
36
+ else
37
+ CondaPackage.new(conda_search_info(entry))
38
+ end
39
+ end.compact
40
+ end
41
+
42
+ def possible_package_paths
43
+ [project_path.join('environment.yaml'), project_path.join('environment.yml')]
44
+ end
45
+
46
+ private
47
+
48
+ def environment_exists?
49
+ environments.grep(environment_name).any?
50
+ end
51
+
52
+ def environments
53
+ command = 'conda env list'
54
+ stdout, stderr, status = conda command
55
+
56
+ environments = []
57
+ if status.success?
58
+ environments = stdout.split("\n").grep_v(/^#/).map { |line| line.split.first }
59
+ else
60
+ log_errors_with_cmd command, stderr
61
+ end
62
+ environments
63
+ end
64
+
65
+ def environment_file
66
+ detected_package_path
67
+ end
68
+
69
+ def environment_name
70
+ @environment_name ||= YAML.load_file(environment_file).fetch('name')
71
+ end
72
+
73
+ def conda(command)
74
+ Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && #{command}")
75
+ end
76
+
77
+ def activated_conda(command)
78
+ Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && conda activate #{environment_name} && #{command}")
79
+ end
80
+
81
+ # Algorithm is based on
82
+ # https://bioinformatics.stackexchange.com/a/11226
83
+ # but completely recoded in Ruby. Like the poster, if the package is
84
+ # actually managed by conda, we assume that all the potential infos (for
85
+ # various architectures, versions of python, etc) have the same license.
86
+ def conda_list
87
+ command = 'conda list'
88
+ stdout, stderr, status = activated_conda(command)
89
+
90
+ if status.success?
91
+ conda_list = []
92
+ stdout.each_line do |line|
93
+ next if line =~ /^\s*#/
94
+
95
+ name, version, build, channel = line.split
96
+ conda_list << {
97
+ 'name' => name,
98
+ 'version' => version,
99
+ 'build' => build,
100
+ 'channel' => channel
101
+ }
102
+ end
103
+ conda_list
104
+ else
105
+ log_errors_with_cmd command, stderr
106
+ []
107
+ end
108
+ end
109
+
110
+ def conda_search_info(list_entry)
111
+ command = 'conda search --info --json '
112
+ command += "--channel #{list_entry['channel']} " if list_entry['channel'] && !list_entry['channel'].empty?
113
+ command += "'#{list_entry['name']} #{list_entry['version']}'"
114
+
115
+ # Errors from conda (in --json mode, at least) show up in stdout, not stderr
116
+ stdout, _stderr, status = activated_conda(command)
117
+
118
+ name = list_entry['name']
119
+
120
+ if status.success?
121
+ JSON(stdout).fetch(name).first
122
+ else
123
+ log_errors_with_cmd command, stdout
124
+ list_entry
125
+ end
126
+ rescue KeyError
127
+ logger.info('Conda', "Key error trying to find #{name} in\n#{JSON(stdout)}")
128
+ list_entry
129
+ end
130
+ end
131
+ end
@@ -18,11 +18,16 @@ module LicenseFinder
18
18
  GoPackage.from_dependency({
19
19
  'ImportPath' => project['name'],
20
20
  'InstallPath' => project_path.join('vendor', project['name']),
21
- 'Rev' => project['revision']
21
+ 'Rev' => project['revision'],
22
+ 'Homepage' => repo_name(project['name'])
22
23
  }, nil, true)
23
24
  end
24
25
  end
25
26
 
27
+ def repo_name(name)
28
+ name.split('/')[0..2].join('/')
29
+ end
30
+
26
31
  def self.takes_priority_over
27
32
  Go15VendorExperiment
28
33
  end
@@ -37,11 +37,16 @@ module LicenseFinder
37
37
  GoPackage.from_dependency({
38
38
  'ImportPath' => dep,
39
39
  'InstallPath' => detected_package_path.join(dep),
40
- 'Rev' => 'vendored-' + project_sha(detected_package_path.join(dep))
40
+ 'Rev' => 'vendored-' + project_sha(detected_package_path.join(dep)),
41
+ 'Homepage' => repo_name(dep)
41
42
  }, nil, true)
42
43
  end
43
44
  end
44
45
 
46
+ def repo_name(name)
47
+ name.split('/')[0..2].join('/')
48
+ end
49
+
45
50
  def package_management_command
46
51
  'go'
47
52
  end
@@ -58,6 +58,7 @@ module LicenseFinder
58
58
  go_list_cmd = "GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./..."
59
59
  info_output, stderr, status = Cmd.run(go_list_cmd)
60
60
  log_errors_with_cmd(go_list_cmd, "Getting the dependencies from go list failed \n\t#{stderr}") unless status.success?
61
+ raise "Command '#{go_list_cmd}' failed to execute" unless status.success?
61
62
 
62
63
  # Since many packages may belong to a single module, #uniq is used to deduplicate
63
64
  info_output.split("\n").uniq
@@ -76,10 +77,15 @@ module LicenseFinder
76
77
  info = {
77
78
  'ImportPath' => name,
78
79
  'InstallPath' => install_path,
79
- 'Rev' => version
80
+ 'Rev' => version,
81
+ 'Homepage' => repo_name(name)
80
82
  }
81
83
 
82
84
  GoPackage.from_dependency(info, nil, true)
83
85
  end
86
+
87
+ def repo_name(name)
88
+ name.split('/')[0..2].join('/')
89
+ end
84
90
  end
85
91
  end
@@ -30,9 +30,14 @@ module LicenseFinder
30
30
  GoPackage.from_dependency({
31
31
  'ImportPath' => import_path,
32
32
  'InstallPath' => license_path,
33
- 'Rev' => package_hash.fetch('version')
33
+ 'Rev' => package_hash.fetch('version'),
34
+ 'Homepage' => repo_name(import_path)
34
35
  }, nil, true)
35
36
  end
36
37
  end
38
+
39
+ def repo_name(name)
40
+ name.split('/')[0..2].join('/')
41
+ end
37
42
  end
38
43
  end
@@ -0,0 +1,74 @@
1
+ # frozen_string_literal: true
2
+
3
+ module LicenseFinder
4
+ class CondaPackage < Package
5
+ attr_accessor :identifier, :json
6
+
7
+ def initialize(conda_json)
8
+ @json = conda_json
9
+ @identifier = Identifier.from_hash(conda_json)
10
+ super(@identifier.name,
11
+ @identifier.version,
12
+ spec_licenses: Package.license_names_from_standard_spec(conda_json),
13
+ children: children)
14
+ end
15
+
16
+ def ==(other)
17
+ other.is_a?(CondaPackage) && @identifier == other.identifier
18
+ end
19
+
20
+ def to_s
21
+ @identifier.to_s
22
+ end
23
+
24
+ def package_manager
25
+ 'Conda'
26
+ end
27
+
28
+ def package_url
29
+ @json['url']
30
+ end
31
+
32
+ def children
33
+ @json.fetch('depends', []).map { |constraint| constraint.split.first }
34
+ end
35
+
36
+ class Identifier
37
+ attr_accessor :name, :version
38
+
39
+ def initialize(name, version)
40
+ @name = name
41
+ @version = version
42
+ end
43
+
44
+ def self.from_hash(hash)
45
+ name = hash['name']
46
+ version = hash['version']
47
+ return nil if name.nil? || version.nil?
48
+
49
+ Identifier.new(name, version)
50
+ end
51
+
52
+ def ==(other)
53
+ other.is_a?(Identifier) && @name == other.name && @version == other.version
54
+ end
55
+
56
+ def eql?(other)
57
+ self == other
58
+ end
59
+
60
+ def hash
61
+ [@name, @version].hash
62
+ end
63
+
64
+ def <=>(other)
65
+ sort_name = @name <=> other.name
66
+ sort_name.zero? ? @version <=> other.version : sort_name
67
+ end
68
+
69
+ def to_s
70
+ "#{@name} - #{@version}"
71
+ end
72
+ end
73
+ end
74
+ end
@@ -4,7 +4,8 @@ module LicenseFinder
4
4
  class Scanner
5
5
  PACKAGE_MANAGERS = [
6
6
  GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
7
- Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv
7
+ Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv,
8
+ Conda
8
9
  ].freeze
9
10
 
10
11
  class << self
@@ -55,7 +55,7 @@ Gem::Specification.new do |s|
55
55
  s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM =~ /darwin/
56
56
  s.add_development_dependency 'fakefs', '~> 1.2.0'
57
57
  s.add_development_dependency 'mime-types', '3.3.1'
58
- s.add_development_dependency 'pry', '~> 0.13.0'
58
+ s.add_development_dependency 'pry', '~> 0.14.0'
59
59
  s.add_development_dependency 'rake', '~> 13.0.1'
60
60
  s.add_development_dependency 'rspec', '~> 3'
61
61
  s.add_development_dependency 'rspec-its', '~> 1.3.0'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_finder
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.10.0
4
+ version: 6.12.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Collins
@@ -27,7 +27,7 @@ authors:
27
27
  autorequire:
28
28
  bindir: bin
29
29
  cert_chain: []
30
- date: 2020-11-27 00:00:00.000000000 Z
30
+ date: 2021-04-14 00:00:00.000000000 Z
31
31
  dependencies:
32
32
  - !ruby/object:Gem::Dependency
33
33
  name: bundler
@@ -187,14 +187,14 @@ dependencies:
187
187
  requirements:
188
188
  - - "~>"
189
189
  - !ruby/object:Gem::Version
190
- version: 0.13.0
190
+ version: 0.14.0
191
191
  type: :development
192
192
  prerelease: false
193
193
  version_requirements: !ruby/object:Gem::Requirement
194
194
  requirements:
195
195
  - - "~>"
196
196
  - !ruby/object:Gem::Version
197
- version: 0.13.0
197
+ version: 0.14.0
198
198
  - !ruby/object:Gem::Dependency
199
199
  name: rake
200
200
  requirement: !ruby/object:Gem::Requirement
@@ -437,6 +437,7 @@ files:
437
437
  - lib/license_finder/package_managers/cocoa_pods.rb
438
438
  - lib/license_finder/package_managers/composer.rb
439
439
  - lib/license_finder/package_managers/conan.rb
440
+ - lib/license_finder/package_managers/conda.rb
440
441
  - lib/license_finder/package_managers/dep.rb
441
442
  - lib/license_finder/package_managers/dotnet.rb
442
443
  - lib/license_finder/package_managers/erlangmk.rb
@@ -475,6 +476,7 @@ files:
475
476
  - lib/license_finder/packages/cocoa_pods_package.rb
476
477
  - lib/license_finder/packages/composer_package.rb
477
478
  - lib/license_finder/packages/conan_package.rb
479
+ - lib/license_finder/packages/conda_package.rb
478
480
  - lib/license_finder/packages/erlangmk_package.rb
479
481
  - lib/license_finder/packages/go_package.rb
480
482
  - lib/license_finder/packages/gradle_package.rb
@@ -531,7 +533,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
531
533
  - !ruby/object:Gem::Version
532
534
  version: '0'
533
535
  requirements: []
534
- rubygems_version: 3.1.4
536
+ rubygems_version: 3.2.16
535
537
  signing_key:
536
538
  specification_version: 4
537
539
  summary: Audit the OSS licenses of your application's dependencies.