license_finder 6.5.0 → 6.12.0

data/lib/license_finder/package_managers/mix.rb

@@ -96,7 +96,7 @@ module LicenseFinder
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       packages_lines(stdout)
-        .reject { |package_lines| package_lines.length == 1 } # in_umbrella: true dependencies
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
         .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
     end
 

data/lib/license_finder/package_managers/npm.rb

@@ -14,7 +14,7 @@ module LicenseFinder
     end
 
     def prepare_command
-      'npm install --no-save'
+      'npm install --no-save --ignore-scripts'
     end
 
     def possible_package_paths

data/lib/license_finder/package_managers/nuget.rb

@@ -89,8 +89,43 @@ module LicenseFinder
       "mono #{nuget_binary}"
     end
 
+    def prepare
+      Dir.chdir(project_path) do
+        cmd = prepare_command
+        stdout, stderr, status = Cmd.run(cmd)
+        return if status.success?
+
+        log_errors stderr
+
+        if stderr.include?('-PackagesDirectory')
+          logger.info cmd, 'trying fallback prepare command', color: :magenta
+
+          cmd = "#{cmd} -PackagesDirectory /#{Dir.home}/.nuget/packages"
+          stdout, stderr, status = Cmd.run(cmd)
+          return if status.success?
+
+          log_errors_with_cmd(cmd, stderr)
+        end
+
+        error_message = "Prepare command '#{cmd}' failed\n#{stderr}"
+        error_message += "\n#{stdout}\n" if !stdout.nil? && !stdout.empty?
+        raise error_message unless @prepare_no_fail
+      end
+    end
+
     def prepare_command
-      "#{package_management_command} restore"
+      cmd = package_management_command
+      sln_files = Dir['*.sln']
+      cmds = []
+      if sln_files.count > 1
+        sln_files.each do |sln|
+          cmds << "#{cmd} restore #{sln}"
+        end
+      else
+        cmds << "#{cmd} restore"
+      end
+
+      cmds.join(' && ')
     end
 
     def installed?(logger = Core.default_logger)

data/lib/license_finder/package_managers/pipenv.rb

@@ -15,7 +15,7 @@ module LicenseFinder
         begin
           packages = {}
           each_dependency(groups: allowed_groups) do |name, data, group|
-            version = canonicalize(data['version'])
+            version = canonicalize(data['version'] || 'unknown')
             package = packages.fetch(key_for(name, version)) do |key|
               packages[key] = build_package_for(name, version)
             end

data/lib/license_finder/package_managers/rebar.rb

@@ -5,23 +5,25 @@ module LicenseFinder
     def initialize(options = {})
       super
       @command = options[:rebar_command] || package_management_command
-      @deps_path = Pathname(options[:rebar_deps_dir] || 'deps')
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
     end
 
     def current_packages
-      rebar_ouput.map do |name, version_type, version_value, homepage|
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
         RebarPackage.new(
           name,
-          "#{version_type}: #{version_value}",
+          version,
           install_path: @deps_path.join(name),
           homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
           logger: logger
         )
       end
     end
 
     def package_management_command
-      'rebar'
+      'rebar3'
     end
 
     def possible_package_paths
@@ -30,15 +32,34 @@ module LicenseFinder
 
     private
 
-    def rebar_ouput
-      command = "#{@command} list-deps"
+    def rebar_deps
+      command = "#{@command} tree"
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       stdout
         .each_line
-        .reject { |line| line.start_with?('=') }
-        .map { |line| line.split(' ') }
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+
+      licenses = nil
+      homepage = nil
+
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+
+      [licenses, homepage]
     end
   end
 end

data/lib/license_finder/package_managers/trash.rb

@@ -30,9 +30,14 @@ module LicenseFinder
         GoPackage.from_dependency({
                                     'ImportPath' => import_path,
                                     'InstallPath' => license_path,
-                                    'Rev' => package_hash.fetch('version')
+                                    'Rev' => package_hash.fetch('version'),
+                                    'Homepage' => repo_name(import_path)
                                   }, nil, true)
       end
     end
+
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
   end
 end

data/lib/license_finder/package_managers/yarn.rb

@@ -56,7 +56,7 @@ module LicenseFinder
     end
 
     def prepare_command
-      'yarn install --ignore-engines'
+      'yarn install --ignore-engines --ignore-scripts'
     end
 
     private

data/lib/license_finder/packages/conda_package.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class CondaPackage < Package
+    attr_accessor :identifier, :json
+
+    def initialize(conda_json)
+      @json = conda_json
+      @identifier = Identifier.from_hash(conda_json)
+      super(@identifier.name,
+            @identifier.version,
+            spec_licenses: Package.license_names_from_standard_spec(conda_json),
+            children: children)
+    end
+
+    def ==(other)
+      other.is_a?(CondaPackage) && @identifier == other.identifier
+    end
+
+    def to_s
+      @identifier.to_s
+    end
+
+    def package_manager
+      'Conda'
+    end
+
+    def package_url
+      @json['url']
+    end
+
+    def children
+      @json.fetch('depends', []).map { |constraint| constraint.split.first }
+    end
+
+    class Identifier
+      attr_accessor :name, :version
+
+      def initialize(name, version)
+        @name = name
+        @version = version
+      end
+
+      def self.from_hash(hash)
+        name = hash['name']
+        version = hash['version']
+        return nil if name.nil? || version.nil?
+
+        Identifier.new(name, version)
+      end
+
+      def ==(other)
+        other.is_a?(Identifier) && @name == other.name && @version == other.version
+      end
+
+      def eql?(other)
+        self == other
+      end
+
+      def hash
+        [@name, @version].hash
+      end
+
+      def <=>(other)
+        sort_name = @name <=> other.name
+        sort_name.zero? ? @version <=> other.version : sort_name
+      end
+
+      def to_s
+        "#{@name} - #{@version}"
+      end
+    end
+  end
+end

data/lib/license_finder/packages/erlangmk_package.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+
+class InvalidErlangmkPackageError < ArgumentError
+end
+
+module LicenseFinder
+  class ErlangmkPackage < Package
+    attr_reader :dep_parent,
+                :dep_name,
+                :dep_fetch_method,
+                :dep_repo_unformatted,
+                :dep_version_unformatted,
+                :dep_absolute_path
+
+    def initialize(dep_string_from_query_deps)
+      @dep_parent,
+      @dep_name,
+      @dep_fetch_method,
+      @dep_repo_unformatted,
+      @dep_version_unformatted,
+      @dep_absolute_path = dep_string_from_query_deps.split
+
+      raise_invalid(dep_string_from_query_deps) unless all_parts_valid?
+
+      super(
+        dep_name,
+        dep_version,
+        homepage: dep_repo,
+        install_path: dep_absolute_path
+      )
+    end
+
+    def package_manager
+      'Erlangmk'
+    end
+
+    def dep_version
+      @dep_version ||= begin
+        dep_version_unformatted.sub(version_prefix_re, '')
+      end
+    end
+
+    def dep_repo
+      @dep_repo ||= dep_repo_unformatted
+                    .chomp('.git')
+                    .sub('git@github.com:', 'https://github.com/')
+    end
+
+    def raise_invalid(dep_string)
+      invalid_dep_message = "'#{dep_string}' does not look like a valid Erlank.mk dependency"
+      valid_dep_example = "A valid dependency example: 'lager: goldrush git https://github.com/DeadZen/goldrush.git 0.1.9 /absolute/path/to/dep'"
+      raise(InvalidErlangmkPackageError, "#{invalid_dep_message}. #{valid_dep_example}")
+    end
+
+    def all_parts_valid?
+      dep_part_valid?(dep_parent) &&
+        dep_part_valid?(dep_name) &&
+        set?(dep_fetch_method) &&
+        dep_repo_valid? &&
+        dep_version_valid? &&
+        set?(dep_absolute_path)
+    end
+
+    private
+
+    def dep_part_valid?(dep_part)
+      set?(dep_part) &&
+        word?(dep_part)
+    end
+
+    def set?(dep_part)
+      !dep_part.nil? &&
+        !dep_part.empty?
+    end
+
+    def word?(dep_part)
+      dep = dep_part.chomp(':')
+      dep =~ word_re
+    end
+
+    def dep_repo_valid?
+      set?(dep_repo_unformatted) &&
+        URI.parse(dep_repo)
+    end
+
+    def dep_version_valid?
+      return false unless set?(dep_version_unformatted)
+
+      if dep_version =~ version_re
+        Gem::Version.correct?(dep_version)
+      else
+        dep_version =~ word_dot_re
+      end
+    end
+
+    def version_re
+      @version_re ||= Regexp.new('\d+\.\d+\.\d+')
+    end
+
+    def version_prefix_re
+      @version_prefix_re ||= Regexp.new('^v')
+    end
+
+    def word_re
+      @word_re ||= Regexp.new('^\w+$')
+    end
+
+    def word_dot_re
+      @word_dot_re ||= Regexp.new('^[.\w]+$')
+    end
+  end
+end

data/lib/license_finder/packages/pip_package.rb

@@ -8,9 +8,16 @@ module LicenseFinder
     INVALID_LICENSES = ['', 'UNKNOWN'].to_set
 
     def self.license_names_from_spec(spec)
-      license = spec['license'].to_s.strip
+      license_names = spec['license'].to_s.strip.split(' or ')
+      has_unrecognized_license = false
 
-      return [license] unless INVALID_LICENSES.include?(license)
+      license_names.each do |license_name|
+        license = License.find_by_name(license_name.strip)
+
+        has_unrecognized_license ||= license.unrecognized_matcher?
+      end
+
+      return license_names if !license_names.empty? && !has_unrecognized_license
 
       spec
         .fetch('classifiers', [])

data/lib/license_finder/report.rb

@@ -30,3 +30,4 @@ require 'license_finder/reports/html_report'
 require 'license_finder/reports/markdown_report'
 require 'license_finder/reports/xml_report'
 require 'license_finder/reports/json_report'
+require 'license_finder/reports/junit_report'

data/lib/license_finder/reports/junit_report.rb

@@ -0,0 +1,19 @@
+require 'license_finder/reports/erb_report'
+
+module LicenseFinder
+  class JunitReport < ErbReport
+    ROOT_PATH = Pathname.new(__FILE__).dirname
+    TEMPLATE_PATH = ROOT_PATH.join('templates')
+
+    def to_s(filename = TEMPLATE_PATH.join("#{template_name}.erb"))
+      template = ERB.new(filename.read, nil, '-')
+      template.result(binding)
+    end
+
+    private
+
+    def template_name
+      'junit_report'
+    end
+  end
+end

data/lib/license_finder/reports/templates/junit_report.erb

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<testsuites failures="<%= unapproved_dependencies.size %>" name="<%= project_name %>" tests="<%= dependencies.size %>">
+<% sorted_dependencies.each_with_index do |dependency, i| -%>
+  <testsuite failures="<%= dependency.approved? ? "0" : "1" -%>" id="<%= i %>" name="<%= dependency.name %>" package="Gemfile.lock" skipped="0" tests="1" timestamp="<%= Time.now.strftime("%Y-%m-%dT%H:%M:%S:%6N") %>">
+    <testcase classname="<%= license_names(dependency) %>" name="<%= dependency.name %>"<%= dependency.approved? ? " /" : "" %>>
+    <%- unless dependency.approved? -%>
+      <failure message="Unapproved license in '<%= dependency.name %>' <%= dependency.version %>">
+Name: <%= dependency.name %>
+Version: <%= dependency.version %>
+Licence:
+<%- if dependency.licenses.any? -%>
+<%- dependency.licenses.each do |license| -%>- <%=license.name %>: <%=license.url %><% end %>
+<%- end -%>
+URL: <%= dependency.package_url %>
+Homepage: <%= dependency.homepage %>
+Summary: <%= REXML::Text.new(dependency.summary, false, nil, false) %>
+Description: <%= REXML::Text.new(dependency.description, false, nil, false) %>
+<% if dependency.parents.any? %>
+Dependencies:
+<% dependency.parents.to_a.each do |dep| -%>
+- <%= dep %>
+<% end -%>
+<% end -%>
+<%- if dependency.children.any? -%>
+Requirements:
+<%- dependency.children.each do |req| -%>
+- <%= req %>
+<% end -%>
+<% end -%>
+      </failure>
+      <system-out>
+stdout
+      </system-out>
+      <system-err>
+stderr
+      </system-err>
+    </testcase>
+  <%- end -%>
+  </testsuite>
+<% end -%>
+</testsuites>