license_finder 6.4.0 → 6.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49007dc96f2251e1f02fb489fbef1819bfa1a075bfe27037ad8dc3ead458dcb1
-  data.tar.gz: 618df1ba6cea281f398bd8d9e4123d67bbe8ae30b40998ed3efe6207bf430a6f
+  metadata.gz: b24945564259115c89ce1e2891676e85757074f15e38485ca498f5344b543ebd
+  data.tar.gz: 2ecc05295033dde8a53cb45d76b024e9acd06ba650cb8e83f991be74c0f2ea3f
 SHA512:
-  metadata.gz: 778ff393ca3575be42a792f17b26090a0bb665e4478c0bb1cedc59752c5f52f30ed1697da1080e313208694df1ff198431c9a88408d6196897bea098bc01ff0f
-  data.tar.gz: c94eb0ac3628a8a82165f2b86eff419e6a8337df0e6cf43032ad82482fb00db22caede28cb3f3fa6d2b829465bb40a0c05d09732aa928eee6873eb73f74cae42
+  metadata.gz: 74e0144f9834798f971f024d167ce42afd653e29a2f279ef1b67ace4949ca1bd7ce8375264eb6d14a3bad67d2f4a5d7df5ee5a851cbb5b16df79c4c26555d471
+  data.tar.gz: 9c04d6fb15c1f84d41391dbed3a391f20cafe3511213632d7733c943dbb10d63709ced8ef520308b49421ae21fe2d519c5e38e1efb50fe6d70fb74a041218bf7

data/CHANGELOG.md

@@ -1,6 +1,49 @@
+# [6.7.0] / 2020-07-23
+
+# [6.6.2] / 2020-07-09
+
+### Added
+* support for rebar3 - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
+* Support for Go modules projects outside of the current working directory - [56b3bec6](https://github.com/pivotal/LicenseFinder/commit/56b3bec632b3884ce4cad538742b4a13c55fd7c5)
+
+### Changed
+* Change Go modules to only report imported packages (as with other Go package managers) - [34361fda](https://github.com/pivotal/LicenseFinder/commit/34361fdab2dc3f197f7aec6408175018dee3b453) and [dffae4ab](https://github.com/pivotal/LicenseFinder/commit/dffae4ab95e34115b6a54bf681fc0966a8611f01)
+* Detect Go modules based on `go.mod` (instead of `go.sum`) - [667f6be7](https://github.com/pivotal/LicenseFinder/commit/667f6be716504a53ccc2824daae08af085566546)
+
+### Fixed
+* handle empty case for mix dependencies [#173637843] - [fc34b281](https://github.com/pivotal/LicenseFinder/commit/fc34b2813925a709addde675849e199b05fc4a23) - Jeff Jun
+
+### Removed
+* support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
+* Removed the unnecessary prepare command for Go modules - [284cc5c8](https://github.com/pivotal/LicenseFinder/commit/284cc5c821270a6e56275e32bac836a3e451f46b)
+
+# [6.6.1] / 2020-06-30
+
+### Changed
+* Handle multiple solution files for nuget [#173021333] - [040d9559](https://github.com/pivotal/LicenseFinder/commit/040d9559a4bda07490255cc34c1a7891081bc511) 
+* matches license names from pypi api call with known licenses to avoid returning misformatted licenses [#173421573] - [6b96d746](https://github.com/pivotal/LicenseFinder/commit/6b96d74600034abcacee6ed2b322aa3abfaa0992) - Jeff Jun
+* Update Nuget Package Manager prepare command - [6ac07066](https://github.com/pivotal/LicenseFinder/commit/6ac070668955bc034da1647658440ce5bb0d9bd2) - Jason Smith
+
+# [6.6.0] / 2020-06-22
+
+# [6.5.0] / 2020-06-01
+
+### Added
+* Support legacy nuget projects [#172950097] - [0cccbcf9](https://github.com/pivotal/LicenseFinder/commit/0cccbcf9aa92f4297ef0174242bdb19da1babc65) 
+
+### Changed
+* Upgrade to golang 1.14.3. Update dotnet-sdk to 3.1 - [0969e98f](https://github.com/pivotal/LicenseFinder/commit/0969e98fde4a82f8931601baa4dd96dc01300a14) 
+
 # [6.4.0] / 2020-05-22
 
+Big shout out to @forelabs for introducing many new features and improvements for this release. Thanks again!!
+
 ### Added
+* Introducing new inherited_decisions command - [3453feb](https://github.com/pivotal/LicenseFinder/commit/3453feb659a6c3c6e5aa444e3755ddd5d32f3664) - Sven Dunemann
+* Decision Applier: Merge manual and system packages - [c690532](https://github.com/pivotal/LicenseFinder/commit/c690532ec8addab16bef4edd390f05ceb353435f) - Sven Dunemann
+* Introduce package_url to packages - [18972f7](https://github.com/pivotal/LicenseFinder/commit/18972f7b3a04340e1b7bb560780130b68696b8a2) - Sven Dunemann
+* Add --write-headers option for csv exports - [18e01f8](https://github.com/pivotal/LicenseFinder/commit/18e01f8728a9dc525d7567292cc1e2f390ec854d) - Sven Dunemann
+* Yarn: Add authors & install_path - [08a0f67](https://github.com/pivotal/LicenseFinder/commit/08a0f67837a218231217767561f2282c1b3a890a) - Sven Dunemann
 * install path for nuget dependencies [#172251374] - [ad73c946](https://github.com/pivotal/LicenseFinder/commit/ad73c946113846f8f548adfc73542aebb3763175) - Jeff Jun
 * new Rubocop cops - [c4cc6b8b](https://github.com/pivotal/LicenseFinder/commit/c4cc6b8b13273db17b65cecaf24c9053e4989ea1) - Jeff Jun
 
@@ -8,8 +51,9 @@
 * Separate lines in license text with LF when exported to JSON - [baddb976](https://github.com/pivotal/LicenseFinder/commit/baddb976e7a8683c5cc320eddc8c2712dfb16c15) - Robert Huitl
 
 ### Changed
-* updated Simplifed BSD license made license detection from templates more flexible [#171961625] - [acf57057](https://github.com/pivotal/LicenseFinder/commit/acf570573b4a2414d9c43212dea5d4ecb157319e) - Jeff Jun
-
+* Go15VendorExperiment: Detect go only if vendor includes go files - [0f8e609](https://github.com/pivotal/LicenseFinder/commit/0f8e609f0921937c6187deccd80e4bc4b7d67ee4) - Sven Dunemann
+* Bump PHP version to 7.4 - [cbe45c5](https://github.com/pivotal/LicenseFinder/commit/cbe45c5cdb3ec200ea215086a3b3eb879e83222a) - Yivan
+* Significantly improve the license text matching file to be more dynamic - [acf5705](https://github.com/pivotal/LicenseFinder/commit/acf570573b4a2414d9c43212dea5d4ecb157319e)
 * Update Ruby version to 2.7.1 [#172295831] - [475e2948](https://github.com/pivotal/LicenseFinder/commit/475e2948ec1ad859aee59e77aa9ce2a51e1a5029) 
 
 # [6.3.0] / 2020-05-06
@@ -857,3 +901,8 @@ Bugfixes:
 [6.2.0]: https://github.com/pivotal/LicenseFinder/compare/v6.1.2...v6.2.0
 [6.3.0]: https://github.com/pivotal/LicenseFinder/compare/v6.2.0...v6.3.0
 [6.4.0]: https://github.com/pivotal/LicenseFinder/compare/v6.3.0...v6.4.0
+[6.5.0]: https://github.com/pivotal/LicenseFinder/compare/v6.4.0...v6.5.0
+[6.6.0]: https://github.com/pivotal/LicenseFinder/compare/v6.5.0...v6.6.0
+[6.6.1]: https://github.com/pivotal/LicenseFinder/compare/v6.6.0...v6.6.1
+[6.6.2]: https://github.com/pivotal/LicenseFinder/compare/v6.6.1...v6.6.2
+[6.7.0]: https://github.com/pivotal/LicenseFinder/compare/v6.6.2...v6.7.0

data/Dockerfile

@@ -3,7 +3,7 @@ FROM ubuntu:xenial
 # Versioning
 ENV PIP_INSTALL_VERSION 19.0.2
 ENV PIP3_INSTALL_VERSION 8.1.1
-ENV GO_LANG_VERSION 1.13.3
+ENV GO_LANG_VERSION 1.14.3
 ENV MAVEN_VERSION 3.6.0
 ENV SBT_VERSION 1.3.3
 ENV GRADLE_VERSION 5.6.4
@@ -48,11 +48,13 @@ ENV JAVA_HOME=/opt/jdk-12.0.2
 ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
 
-# install python and rebar
-RUN apt-get install -y python rebar
+# install rebar3
+RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
+    sudo chmod +x rebar3 && \
+    sudo mv rebar3 /usr/local/bin/rebar3
 
-# install and update python-pip
-RUN apt-get install -y python-pip python3-pip && \
+# install and update python and python-pip
+RUN apt-get install -y python python-pip python3-pip && \
     pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION  && \
     pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
 
@@ -141,8 +143,8 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
   echo "deb https://download.mono-project.com/repo/ubuntu stable-xenial main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
   apt-get update &&\
   apt-get install -y mono-complete &&\
-  curl -o /usr/local/bin/nuget.exe https://dist.nuget.org/win-x86-commandline/latest/nuget.exe &&\
-  echo "alias nuget=\"mono /usr/local/bin/nuget.exe\"" >> ~/.bash_aliases
+  curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
+  curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
 
 # install dotnet core
 WORKDIR /tmp
@@ -150,14 +152,14 @@ RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsof
   sudo dpkg -i packages-microsoft-prod.deb &&\
   rm packages-microsoft-prod.deb &&\
   sudo apt-get update &&\
-  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
+  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
 
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
     echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
     apt-get update &&\
     apt-get install -y php7.4-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
-    php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
+    php -r "if (hash_file('sha384', 'composer-setup.php') === 'e5325b19b381bfd88ce90a5ddb7823406b2a38cff6bb704b0acc289a09c8128d4a8ce2bbafcd1fcbdc38666422fe2806') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
     php -r "unlink('composer-setup.php');" &&\
     mv composer.phar /usr/bin/composer

data/README.md

@@ -43,7 +43,7 @@ and give you an actionable exception report.
 
 ### Experimental project types
 
-* Erlang (via `rebar`)
+* Erlang (via `rebar` and `Erlang.mk`)
 * Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
 * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
 * Elixir (via `mix`)
@@ -176,6 +176,7 @@ languages, as long as that language has a package definition in the project dire
 * `Podfile` (for `pod`)
 * `Cartfile` (for `carthage`)
 * `rebar.config` (for `rebar`)
+* `Erlang.mk` or `erlang.mk` file (for `Erlang.mk`)
 * `mix.exs` (for `mix`)
 * `packages/` directory (for `nuget`)
 * `*.csproj` (for `dotnet`)
@@ -183,7 +184,7 @@ languages, as long as that language has a package definition in the project dire
 * `glide.lock` file (for `glide`)
 * `vendor/vendor.json` file (for `govendor`)
 * `Gopkg.lock` file (for `dep`)
-* `go.sum` file (for `go mod`)
+* `go.mod` file (for `go mod`)
 * `vendor.conf` file (for `trash`)
 * `yarn.lock` file (for `yarn`)
 * `conanfile.txt` file (for `conan`)
@@ -327,7 +328,7 @@ you should manually research what the actual license is.  When you
 have established the real license, you can record it with:
 
 ```sh
-$ license_finder dependencies add my_unknown_dependency MIT --homepage="www.unknown-code.org"
+$ license_finder licenses add my_unknown_dependency MIT --homepage="www.unknown-code.org"
 ```
 
 This command would assign the MIT license to the dependency
@@ -379,6 +380,26 @@ items, even if someone attempts to manually approve or permit it.  However,
 if a dependency has even one license that is not restricted, it can still be
 manually approved or permitted.
 
+## Decision inheritance
+
+Add or remove decision files you want to inherit from - see `license_finder inherited_decisions help` for more information.
+
+This allows you to have a centralized decision file for approved/restricted licenses. If you have multiple projects it's way easier to have one single place where you approved or restricted licenses defined.
+
+Add one or more decision files to the inherited decisions
+```bash
+license_finder inherited_decisions add DECISION_FILE
+```
+
+Remove one or more decision files from the inherited decisions
+```bash
+license_finder inherited_decisions remove DECISION_FILE
+```
+
+List all the inherited decision files
+```bash
+license_finder inherited_decisions list
+```
 
 ## Configuration
 
@@ -392,7 +413,7 @@ If you have a gradle project, you can invoke gradle with a custom script by
 passing (for example) `--gradle_command gradlew` to `license_finder` or
 `license_finder report`.
 
-Similarly you can invoke a custom rebar script with `--rebar_command rebar2`.
+Similarly you can invoke a custom rebar script with `--rebar_command rebar`.
 If you store rebar dependencies in a custom directory (by setting `deps_dir` in
 `rebar.config`), set `--rebar_deps_dir`.
 
@@ -467,6 +488,8 @@ licenseConfigurations := Set("compile", "provided")
 
 ## Upgrading
 
+To upgrade to `license_finder` version >= 6.0, you have to replace the terminology `whitelist` with `permit` and  `blacklist` with `restrict` in your `dependency_decisions.yml`. See [Changelog](https://github.com/pivotal/LicenseFinder/blob/master/CHANGELOG.md#600--2020-01-22) for more details.
+
 To upgrade from `license_finder` version 1.2 to 2.0, see
 [`license_finder_upgrade`](https://github.com/mainej/license_finder_upgrade).
 To upgrade to 2.0 from a version lower than 1.2, first upgrade to 1.2, and run

data/Rakefile

@@ -6,15 +6,6 @@ Bundler::GemHelper.install_tasks
 require './lib/license_finder/platform'
 require 'rspec/core/rake_task'
 
-namespace :spec do
-  desc 'Run test tagged \'focus\''
-  RSpec::Core::RakeTask.new(:focus) do |t|
-    t.fail_on_error = true
-    t.pattern = './spec/**/*_spec.rb'
-    t.rspec_opts = %w[--color --tag focus]
-  end
-end
-
 desc 'Run all specs in spec/'
 RSpec::Core::RakeTask.new(:spec) do |t|
   t.fail_on_error = true

data/VERSION

@@ -1 +1 @@
-6.4.0
+6.7.0

data/ci/pipelines/release.yml.erb

@@ -24,7 +24,7 @@ resources:
   source:
     driver: gcs
     bucket: lf-semver-version
-    key: VERSION
+    key: version
     json_key: ((GCPQueuedReportsBucketCredentials))
 
 - name: dockerhub-edge
@@ -123,21 +123,31 @@ jobs:
 
 - name: bump-major
   plan:
-    - put: semver-version
+    - get: semver-version
       tags: ["private-worker"]
       params: {bump: major}
+    - put: semver-version
+      tags: ["private-worker"]
+      params: {file: semver-version/version}
+
 
 - name: bump-minor
   plan:
-    - put: semver-version
+    - get: semver-version
       tags: ["private-worker"]
       params: {bump: minor}
+    - put: semver-version
+      tags: ["private-worker"]
+      params: {file: semver-version/version}
 
 - name: bump-patch
   plan:
-    - put: semver-version
+    - get: semver-version
       tags: ["private-worker"]
       params: {bump: patch}
+    - put: semver-version
+      tags: ["private-worker"]
+      params: {file: semver-version/version}
 
 - name: release
   disable_manual_trigger: true

data/lib/license_finder/cli/inherited_decisions.rb

@@ -20,6 +20,15 @@ module LicenseFinder
         say "Added #{decision_files.join(', ')} to the inherited decisions"
       end
 
+      auditable
+      desc 'add_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
+      def add_with_auth(*params)
+        url, auth_type, token_or_env = params
+        auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
+        modifying { decisions.add_decision [:inherit_from, auth_info] }
+        say "Added #{url} to the inherited decisions"
+      end
+
       auditable
       desc 'remove DECISION_FILE...', 'Remove one or more decision files from the inherited decisions'
       def remove(*decision_files)
@@ -27,6 +36,15 @@ module LicenseFinder
         modifying { decision_files.each { |filepath| decisions.remove_inheritance(filepath) } }
         say "Removed #{decision_files.join(', ')} from the inherited decisions"
       end
+
+      auditable
+      desc 'remove_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
+      def remove_with_auth(*params)
+        url, auth_type, token_or_env = params
+        auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
+        modifying { decisions.remove_inheritance(auth_info) }
+        say "Removed #{url} from the inherited decisions"
+      end
     end
   end
 end

data/lib/license_finder/configuration.rb

@@ -35,7 +35,7 @@ module LicenseFinder
     end
 
     def rebar_deps_dir
-      path = get(:rebar_deps_dir) || 'deps'
+      path = get(:rebar_deps_dir) || '_build/default/lib'
       project_path.join(path).expand_path
     end
 

data/lib/license_finder/decisions.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'open-uri'
+require 'license_finder/license'
 
 module LicenseFinder
   class Decisions
@@ -39,6 +40,9 @@ module LicenseFinder
     end
 
     def permitted?(lic)
+      return lic.sub_licenses.any? { |sub_lic| @permitted.include?(sub_lic) } if lic.is_a?(OrLicense)
+      return lic.sub_licenses.all? { |sub_lic| @permitted.include?(sub_lic) } if lic.is_a?(AndLicense)
+
       @permitted.include?(lic)
     end
 
@@ -183,19 +187,37 @@ module LicenseFinder
       self
     end
 
-    def inherit_from(filepath)
+    def inherit_from(filepath_info)
       decisions =
-        if filepath =~ %r{^https?://}
-          open_uri(filepath).read
+        if filepath_info.is_a?(Hash)
+          resolve_inheritance(filepath_info)
+        elsif filepath_info =~ %r{^https?://}
+          open_uri(filepath_info).read
         else
-          Pathname(filepath).read
+          Pathname(filepath_info).read
         end
 
-      add_decision [:inherit_from, filepath]
-      @inherited_decisions << filepath
+      add_decision [:inherit_from, filepath_info]
+      @inherited_decisions << filepath_info
       restore_inheritance(decisions)
     end
 
+    def resolve_inheritance(filepath_info)
+      if (gem_name = filepath_info['gem'])
+        Pathname(gem_config_path(gem_name, filepath_info['path'])).read
+      else
+        open_uri(filepath_info['url'], filepath_info['authorization']).read
+      end
+    end
+
+    def gem_config_path(gem_name, relative_config_path)
+      spec = Gem::Specification.find_by_name(gem_name)
+      File.join(spec.gem_dir, relative_config_path)
+    rescue Gem::LoadError => e
+      raise Gem::LoadError,
+            "Unable to find gem #{gem_name}; is the gem installed? #{e}"
+    end
+
     def remove_inheritance(filepath)
       @decisions -= [[:inherit_from, filepath]]
       @inherited_decisions.delete(filepath)
@@ -213,17 +235,31 @@ module LicenseFinder
       self
     end
 
-    def open_uri(uri)
+    def open_uri(uri, auth = nil)
+      header = {}
+      auth_header = resolve_authorization(auth)
+      header['Authorization'] = auth_header if auth_header
+
       # ruby < 2.5.0 URI.open is private
       if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5.0')
         # rubocop:disable Security/Open
-        open(uri)
+        open(uri, header)
         # rubocop:enable Security/Open
       else
-        URI.open(uri)
+        URI.open(uri, header)
       end
     end
 
+    def resolve_authorization(auth)
+      return unless auth
+
+      token_env = auth.match(/\$(\S.*)/)
+      return auth unless token_env
+
+      token = ENV[token_env[1]]
+      auth.sub(token_env[0], token)
+    end
+
     #########
     # PERSIST
     #########

data/lib/license_finder/license.rb

@@ -19,6 +19,9 @@ module LicenseFinder
 
       def find_by_name(name)
         name ||= 'unknown'
+        return OrLicense.new(name) if name.include?(OrLicense.operator)
+        return AndLicense.new(name) if name.include?(AndLicense.operator)
+
         all.detect { |l| l.matches_name? l.stripped_name(name) } || Definitions.build_unrecognized(name)
       end
 
@@ -61,6 +64,10 @@ module LicenseFinder
       name.hash
     end
 
+    def unrecognized_matcher?
+      matcher.is_a?(NoneMatcher)
+    end
+
     private
 
     attr_reader :short_name, :pretty_name, :other_names
@@ -70,4 +77,34 @@ module LicenseFinder
       ([short_name, pretty_name] + other_names).uniq
     end
   end
+  class AndLicense < License
+    def self.operator
+      ' AND '
+    end
+
+    def initialize(name, operator = AndLicense.operator)
+      @short_name = name
+      @pretty_name = name
+      @url = nil
+      @matcher = NoneMatcher.new
+      # removes heading and trailing parentesis and splits
+      name = name[1..-2] if name.start_with?('(')
+      names = name.split(operator)
+      @sub_licenses = names.map do |sub_name|
+        License.find_by_name(sub_name)
+      end
+    end
+
+    attr_reader :sub_licenses
+  end
+
+  class OrLicense < AndLicense
+    def self.operator
+      ' OR '
+    end
+
+    def initialize(name)
+      super(name, OrLicense.operator)
+    end
+  end
 end

data/lib/license_finder/license/definitions.rb

@@ -25,7 +25,8 @@ module LicenseFinder
           python,
           ruby,
           simplifiedbsd,
-          wtfpl
+          wtfpl,
+          zerobsd
         ]
       end
 
@@ -302,6 +303,27 @@ module LicenseFinder
           url: 'http://www.wtfpl.net/'
         )
       end
+
+      def zerobsd
+        matcher = AnyMatcher.new(
+          Matcher.from_template(Template.named('0BSD'))
+        )
+
+        License.new(
+          short_name: '0BSD',
+          pretty_name: 'BSD Zero Clause License',
+          other_names: [
+            '0-Clause BSD',
+            'Zero-Clause BSD',
+            'BSD-0-Clause',
+            'BSD-Zero-Clause',
+            'BSD 0-Clause',
+            'BSD Zero-Clause'
+          ],
+          url: 'https://opensource.org/licenses/0BSD',
+          matcher: matcher
+        )
+      end
     end
   end
 end

data/lib/license_finder/license/templates/0BSD.txt

@@ -0,0 +1,10 @@
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.

data/lib/license_finder/logger.rb

@@ -36,6 +36,8 @@ module LicenseFinder
         "\e[31m#{string}\e[0m"
       when :green
         "\e[32m#{string}\e[0m"
+      when :magenta
+        "\e[35m#{string}\e[0m"
       else
         string
       end

data/lib/license_finder/package.rb

@@ -189,6 +189,7 @@ require 'license_finder/packages/gradle_package'
 require 'license_finder/packages/cocoa_pods_package'
 require 'license_finder/packages/carthage_package'
 require 'license_finder/packages/rebar_package'
+require 'license_finder/packages/erlangmk_package'
 require 'license_finder/packages/mix_package'
 require 'license_finder/packages/merged_package'
 require 'license_finder/packages/nuget_package'

data/lib/license_finder/package_manager.rb

@@ -119,8 +119,12 @@ module LicenseFinder
     attr_reader :logger, :project_path
 
     def log_errors(stderr)
-      logger.info prepare_command, 'did not succeed.', color: :red
-      logger.info prepare_command, stderr, color: :red
+      log_errors_with_cmd(prepare_command, stderr)
+    end
+
+    def log_errors_with_cmd(prep_cmd, stderr)
+      logger.info prep_cmd, 'did not succeed.', color: :red
+      logger.info prep_cmd, stderr, color: :red
       log_to_file stderr
     end
 
@@ -159,6 +163,7 @@ require 'license_finder/package_managers/cocoa_pods'
 require 'license_finder/package_managers/carthage'
 require 'license_finder/package_managers/gradle'
 require 'license_finder/package_managers/rebar'
+require 'license_finder/package_managers/erlangmk'
 require 'license_finder/package_managers/nuget'
 require 'license_finder/package_managers/dotnet'
 require 'license_finder/package_managers/dep'

data/lib/license_finder/package_managers/bundler.rb

@@ -27,7 +27,7 @@ module LicenseFinder
     def prepare_command
       ignored_groups_argument = !ignored_groups.empty? ? "--without #{ignored_groups.to_a.join(' ')}" : ''
 
-      gem_path = SecureRandom.uuid
+      gem_path = "lf-bundler-gems-#{SecureRandom.uuid}"
       logger.info self.class, "Running bundle install for #{Dir.pwd} with path #{gem_path}", color: :blue
 
       "bundle install #{ignored_groups_argument} --path #{gem_path}".strip

data/lib/license_finder/package_managers/dotnet.rb

@@ -63,7 +63,8 @@ module LicenseFinder
                           .uniq { |d| [d.name, d.version] }
 
       package_metadatas.map do |d|
-        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls)
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{d.name.downcase}/#{d.version}").first
+        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls, install_path: path)
       end
     end
 

data/lib/license_finder/package_managers/erlangmk.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Erlangmk < PackageManager
+    def package_management_command
+      'make'
+    end
+
+    def package_management_command_with_path
+      "#{package_management_command} --directory=#{project_path} --no-print-directory"
+    end
+
+    def prepare_command
+      "#{package_management_command_with_path} fetch-deps"
+    end
+
+    def possible_package_paths
+      [
+        project_path.join('Erlang.mk'),
+        project_path.join('erlang.mk')
+      ]
+    end
+
+    def current_packages
+      deps.map do |dep|
+        ErlangmkPackage.new(dep)
+      end
+    end
+
+    private
+
+    def deps
+      command = "#{package_management_command_with_path} QUERY='name fetch_method repo version absolute_path' query-deps"
+      stdout, stderr, status = Cmd.run(command)
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      stdout.each_line.map(&:strip).reject { |line| line.start_with?('make') }
+    end
+  end
+end

data/lib/license_finder/package_managers/go_modules.rb

@@ -4,7 +4,7 @@ require 'license_finder/packages/go_package'
 
 module LicenseFinder
   class GoModules < PackageManager
-    PACKAGES_FILE = 'go.sum'
+    PACKAGES_FILE = 'go.mod'
 
     class << self
       def takes_priority_over
@@ -12,12 +12,8 @@ module LicenseFinder
       end
     end
 
-    def prepare_command
-      'GO111MODULE=on go mod tidy && GO111MODULE=on go mod vendor'
-    end
-
     def active?
-      sum_files?
+      mod_files?
     end
 
     def current_packages
@@ -33,17 +29,44 @@ module LicenseFinder
     private
 
     def packages_info
-      info_output, stderr, _status = Cmd.run("GO111MODULE=on go list -m -mod=vendor -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -m -f '{{.Path}},{{.Version}},{{.Dir}}' all") if stderr =~ Regexp.compile("can't compute 'all' using the vendor directory")
+      Dir.chdir(project_path) do
+        # Explanations:
+        # * Only list dependencies (packages not listed in the project directory)
+        #   (.DepOnly)
+        # * Ignore standard library packages
+        #   (not .Standard)
+        # * Replacement modules are respected
+        #   (or .Module.Replace .Module)
+        # * Module cache directory or (vendored) package directory
+        #   (or $mod.Dir .Dir)
+        format_str = \
+          '{{ if and (.DepOnly) (not .Standard) }}'\
+            '{{ $mod := (or .Module.Replace .Module) }}'\
+            '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
+          '{{ end }}'
 
-      info_output.split("\n")
+        # The module list flag (`-m`) is intentionally not used here. If the module
+        # dependency tree were followed, transitive dependencies that are never imported
+        # may be included.
+        #
+        # Instead, the owning module is listed for each imported package. This better
+        # matches the implementation of other Go package managers.
+        #
+        # TODO: Figure out a way to make the vendor directory work (i.e. remove the
+        # -mod=readonly flag). Each of the imported packages gets listed separatly,
+        # confusing the issue as to which package is the root of the module.
+        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./...")
+
+        # Since many packages may belong to a single module, #uniq is used to deduplicate
+        info_output.split("\n").uniq
+      end
     end
 
-    def sum_files?
-      sum_file_paths.any?
+    def mod_files?
+      mod_file_paths.any?
     end
 
-    def sum_file_paths
+    def mod_file_paths
       Dir[project_path.join(PACKAGES_FILE)]
     end
 

data/lib/license_finder/package_managers/mix.rb

@@ -96,7 +96,7 @@ module LicenseFinder
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       packages_lines(stdout)
-        .reject { |package_lines| package_lines.length == 1 } # in_umbrella: true dependencies
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
         .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
     end
 

data/lib/license_finder/package_managers/nuget.rb

@@ -73,14 +73,59 @@ module LicenseFinder
       assemblies.flat_map(&:dependencies)
     end
 
+    def nuget_binary
+      legacy_vcproj = Dir['**/*.vcproj'].any?
+
+      if legacy_vcproj
+        '/usr/local/bin/nugetv3.5.0.exe'
+      else
+        '/usr/local/bin/nuget.exe'
+      end
+    end
+
     def package_management_command
       return 'nuget' if LicenseFinder::Platform.windows?
 
-      'mono /usr/local/bin/nuget.exe'
+      "mono #{nuget_binary}"
+    end
+
+    def prepare
+      Dir.chdir(project_path) do
+        cmd = prepare_command
+        stdout, stderr, status = Cmd.run(cmd)
+        return if status.success?
+
+        log_errors stderr
+
+        if stderr.include?('-PackagesDirectory')
+          logger.info cmd, 'trying fallback prepare command', color: :magenta
+
+          cmd = "#{cmd} -PackagesDirectory /#{Dir.home}/.nuget/packages"
+          stdout, stderr, status = Cmd.run(cmd)
+          return if status.success?
+
+          log_errors_with_cmd(cmd, stderr)
+        end
+
+        error_message = "Prepare command '#{cmd}' failed\n#{stderr}"
+        error_message += "\n#{stdout}\n" if !stdout.nil? && !stdout.empty?
+        raise error_message unless @prepare_no_fail
+      end
     end
 
     def prepare_command
-      "#{package_management_command} restore"
+      cmd = package_management_command
+      sln_files = Dir['*.sln']
+      cmds = []
+      if sln_files.count > 1
+        sln_files.each do |sln|
+          cmds << "#{cmd} restore #{sln}"
+        end
+      else
+        cmds << "#{cmd} restore"
+      end
+
+      cmds.join(' && ')
     end
 
     def installed?(logger = Core.default_logger)
@@ -96,7 +141,7 @@ module LicenseFinder
     def nuget_check
       return 'where nuget' if LicenseFinder::Platform.windows?
 
-      'which mono && ls /usr/local/bin/nuget.exe'
+      "which mono && ls #{nuget_binary}"
     end
 
     def self.nuspec_license_urls(specfile_content)

data/lib/license_finder/package_managers/pipenv.rb

@@ -15,7 +15,7 @@ module LicenseFinder
         begin
           packages = {}
           each_dependency(groups: allowed_groups) do |name, data, group|
-            version = canonicalize(data['version'])
+            version = canonicalize(data['version'] || 'unknown')
             package = packages.fetch(key_for(name, version)) do |key|
               packages[key] = build_package_for(name, version)
             end

data/lib/license_finder/package_managers/rebar.rb

@@ -5,23 +5,25 @@ module LicenseFinder
     def initialize(options = {})
       super
       @command = options[:rebar_command] || package_management_command
-      @deps_path = Pathname(options[:rebar_deps_dir] || 'deps')
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
     end
 
     def current_packages
-      rebar_ouput.map do |name, version_type, version_value, homepage|
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
         RebarPackage.new(
           name,
-          "#{version_type}: #{version_value}",
+          version,
           install_path: @deps_path.join(name),
           homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
           logger: logger
         )
       end
     end
 
     def package_management_command
-      'rebar'
+      'rebar3'
     end
 
     def possible_package_paths
@@ -30,15 +32,34 @@ module LicenseFinder
 
     private
 
-    def rebar_ouput
-      command = "#{@command} list-deps"
+    def rebar_deps
+      command = "#{@command} tree"
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       stdout
         .each_line
-        .reject { |line| line.start_with?('=') }
-        .map { |line| line.split(' ') }
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+
+      licenses = nil
+      homepage = nil
+
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+
+      [licenses, homepage]
     end
   end
 end

data/lib/license_finder/package_utils/license_files.rb

@@ -4,7 +4,7 @@ require 'license_finder/package_utils/possible_license_file'
 
 module LicenseFinder
   class LicenseFiles
-    CANDIDATE_FILE_NAMES = %w[LICENSE License LICENCE Licence COPYING README Readme ReadMe].freeze
+    CANDIDATE_FILE_NAMES = %w[License Licence COPYING README].freeze
     CANDIDATE_PATH_WILDCARD = "*{#{CANDIDATE_FILE_NAMES.join(',')}}*"
 
     def self.find(install_path, options = {})
@@ -35,7 +35,7 @@ module LicenseFinder
     def candidate_files_and_dirs
       return [] if install_path.nil?
 
-      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD), File::FNM_CASEFOLD)
     end
   end
 end

data/lib/license_finder/packages/erlangmk_package.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+
+class InvalidErlangmkPackageError < ArgumentError
+end
+
+module LicenseFinder
+  class ErlangmkPackage < Package
+    attr_reader :dep_parent,
+                :dep_name,
+                :dep_fetch_method,
+                :dep_repo_unformatted,
+                :dep_version_unformatted,
+                :dep_absolute_path
+
+    def initialize(dep_string_from_query_deps)
+      @dep_parent,
+      @dep_name,
+      @dep_fetch_method,
+      @dep_repo_unformatted,
+      @dep_version_unformatted,
+      @dep_absolute_path = dep_string_from_query_deps.split
+
+      raise_invalid(dep_string_from_query_deps) unless all_parts_valid?
+
+      super(
+        dep_name,
+        dep_version,
+        homepage: dep_repo,
+        install_path: dep_absolute_path
+      )
+    end
+
+    def package_manager
+      'Erlangmk'
+    end
+
+    def dep_version
+      @dep_version ||= begin
+        version_prefix_re = Regexp.new('^v')
+        dep_version_unformatted.sub(version_prefix_re, '')
+      end
+    end
+
+    def dep_repo
+      @dep_repo ||= dep_repo_unformatted
+                    .chomp('.git')
+                    .sub('git@github.com:', 'https://github.com/')
+    end
+
+    def raise_invalid(dep_string)
+      invalid_dep_message = "'#{dep_string}' does not look like a valid Erlank.mk dependency"
+      valid_dep_example = "A valid dependency example: 'lager: goldrush git https://github.com/DeadZen/goldrush.git 0.1.9 /absolute/path/to/dep'"
+      raise(InvalidErlangmkPackageError, "#{invalid_dep_message}. #{valid_dep_example}")
+    end
+
+    def all_parts_valid?
+      dep_part_valid?(dep_parent) &&
+        dep_part_valid?(dep_name) &&
+        set?(dep_fetch_method) &&
+        dep_repo_valid? &&
+        dep_version_valid? &&
+        set?(dep_absolute_path)
+    end
+
+    private
+
+    def dep_part_valid?(dep_part)
+      set?(dep_part) &&
+        word?(dep_part)
+    end
+
+    def set?(dep_part)
+      !dep_part.nil? &&
+        !dep_part.empty?
+    end
+
+    def word?(dep_part)
+      dep = dep_part.chomp(':')
+      dep =~ word_re
+    end
+
+    def word_re
+      @word_re ||= Regexp.new('^\w+$')
+    end
+
+    def dep_repo_valid?
+      set?(dep_repo_unformatted) &&
+        URI.parse(dep_repo)
+    end
+
+    def dep_version_valid?
+      return false unless set?(dep_version_unformatted)
+
+      if dep_version =~ version_re
+        Gem::Version.correct?(dep_version)
+      else
+        dep_version =~ word_re
+      end
+    end
+
+    def version_re
+      @version_re ||= Regexp.new('\d+\.\d+\.\d+')
+    end
+  end
+end

data/lib/license_finder/packages/pip_package.rb

@@ -8,9 +8,16 @@ module LicenseFinder
     INVALID_LICENSES = ['', 'UNKNOWN'].to_set
 
     def self.license_names_from_spec(spec)
-      license = spec['license'].to_s.strip
+      license_names = spec['license'].to_s.strip.split(' or ')
+      has_unrecognized_license = false
 
-      return [license] unless INVALID_LICENSES.include?(license)
+      license_names.each do |license_name|
+        license = License.find_by_name(license_name.strip)
+
+        has_unrecognized_license ||= license.unrecognized_matcher?
+      end
+
+      return license_names if !license_names.empty? && !has_unrecognized_license
 
       spec
         .fetch('classifiers', [])

data/lib/license_finder/scanner.rb

@@ -4,7 +4,7 @@ module LicenseFinder
   class Scanner
     PACKAGE_MANAGERS = [
       GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
-      Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv
+      Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv
     ].freeze
 
     class << self

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.4.0
+  version: 6.7.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-22 00:00:00.000000000 Z
+date: 2020-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -379,6 +379,7 @@ files:
 - lib/license_finder/license/matcher.rb
 - lib/license_finder/license/none_matcher.rb
 - lib/license_finder/license/template.rb
+- lib/license_finder/license/templates/0BSD.txt
 - lib/license_finder/license/templates/Apache1_1.txt
 - lib/license_finder/license/templates/Apache2.txt
 - lib/license_finder/license/templates/BSD.txt
@@ -413,6 +414,7 @@ files:
 - lib/license_finder/package_managers/conan.rb
 - lib/license_finder/package_managers/dep.rb
 - lib/license_finder/package_managers/dotnet.rb
+- lib/license_finder/package_managers/erlangmk.rb
 - lib/license_finder/package_managers/glide.rb
 - lib/license_finder/package_managers/go_15vendorexperiment.rb
 - lib/license_finder/package_managers/go_dep.rb
@@ -448,6 +450,7 @@ files:
 - lib/license_finder/packages/cocoa_pods_package.rb
 - lib/license_finder/packages/composer_package.rb
 - lib/license_finder/packages/conan_package.rb
+- lib/license_finder/packages/erlangmk_package.rb
 - lib/license_finder/packages/go_package.rb
 - lib/license_finder/packages/gradle_package.rb
 - lib/license_finder/packages/manual_package.rb
@@ -501,7 +504,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.