license_finder 6.5.0 → 6.8.0

data/lib/license_finder/logger.rb

@@ -36,6 +36,8 @@ module LicenseFinder
         "\e[31m#{string}\e[0m"
       when :green
         "\e[32m#{string}\e[0m"
+      when :magenta
+        "\e[35m#{string}\e[0m"
       else
         string
       end

data/lib/license_finder/package.rb

@@ -189,6 +189,7 @@ require 'license_finder/packages/gradle_package'
 require 'license_finder/packages/cocoa_pods_package'
 require 'license_finder/packages/carthage_package'
 require 'license_finder/packages/rebar_package'
+require 'license_finder/packages/erlangmk_package'
 require 'license_finder/packages/mix_package'
 require 'license_finder/packages/merged_package'
 require 'license_finder/packages/nuget_package'

data/lib/license_finder/package_manager.rb

@@ -119,8 +119,12 @@ module LicenseFinder
     attr_reader :logger, :project_path
 
     def log_errors(stderr)
-      logger.info prepare_command, 'did not succeed.', color: :red
-      logger.info prepare_command, stderr, color: :red
+      log_errors_with_cmd(prepare_command, stderr)
+    end
+
+    def log_errors_with_cmd(prep_cmd, stderr)
+      logger.info prep_cmd, 'did not succeed.', color: :red
+      logger.info prep_cmd, stderr, color: :red
       log_to_file stderr
     end
 
@@ -159,6 +163,7 @@ require 'license_finder/package_managers/cocoa_pods'
 require 'license_finder/package_managers/carthage'
 require 'license_finder/package_managers/gradle'
 require 'license_finder/package_managers/rebar'
+require 'license_finder/package_managers/erlangmk'
 require 'license_finder/package_managers/nuget'
 require 'license_finder/package_managers/dotnet'
 require 'license_finder/package_managers/dep'

data/lib/license_finder/package_managers/dotnet.rb

@@ -63,7 +63,8 @@ module LicenseFinder
                           .uniq { |d| [d.name, d.version] }
 
       package_metadatas.map do |d|
-        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls)
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{d.name.downcase}/#{d.version}").first
+        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls, install_path: path)
       end
     end
 

data/lib/license_finder/package_managers/erlangmk.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Erlangmk < PackageManager
+    def package_management_command
+      'make'
+    end
+
+    def package_management_command_with_path
+      "#{package_management_command} --directory=#{project_path} --no-print-directory"
+    end
+
+    def prepare_command
+      "#{package_management_command_with_path} fetch-deps"
+    end
+
+    def possible_package_paths
+      [
+        project_path.join('Erlang.mk'),
+        project_path.join('erlang.mk')
+      ]
+    end
+
+    def current_packages
+      deps.map do |dep|
+        ErlangmkPackage.new(dep)
+      end
+    end
+
+    private
+
+    def deps
+      command = "#{package_management_command_with_path} QUERY='name fetch_method repo version absolute_path' query-deps"
+      stdout, stderr, status = Cmd.run(command)
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      dep_re = Regexp.new('^\s*DEP')
+      line_re = Regexp.new('^[_a-z0-9]+:')
+
+      stdout.each_line.map(&:strip).select { |line| !(line.start_with?('make') || line =~ dep_re) && line =~ line_re }
+    end
+  end
+end

data/lib/license_finder/package_managers/go_modules.rb

@@ -4,7 +4,7 @@ require 'license_finder/packages/go_package'
 
 module LicenseFinder
   class GoModules < PackageManager
-    PACKAGES_FILE = 'go.sum'
+    PACKAGES_FILE = 'go.mod'
 
     class << self
       def takes_priority_over
@@ -12,12 +12,8 @@ module LicenseFinder
       end
     end
 
-    def prepare_command
-      'GO111MODULE=on go mod tidy && GO111MODULE=on go mod vendor'
-    end
-
     def active?
-      sum_files?
+      mod_files?
     end
 
     def current_packages
@@ -33,19 +29,44 @@ module LicenseFinder
     private
 
     def packages_info
-      info_output, stderr, _status = Cmd.run("GO111MODULE=on go list -m -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      if stderr =~ Regexp.compile("can't compute 'all' using the vendor directory")
-        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -m -mod=mod -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      end
+      Dir.chdir(project_path) do
+        # Explanations:
+        # * Only list dependencies (packages not listed in the project directory)
+        #   (.DepOnly)
+        # * Ignore standard library packages
+        #   (not .Standard)
+        # * Replacement modules are respected
+        #   (or .Module.Replace .Module)
+        # * Module cache directory or (vendored) package directory
+        #   (or $mod.Dir .Dir)
+        format_str = \
+          '{{ if and (.DepOnly) (not .Standard) }}'\
+            '{{ $mod := (or .Module.Replace .Module) }}'\
+            '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
+          '{{ end }}'
 
-      info_output.split("\n")
+        # The module list flag (`-m`) is intentionally not used here. If the module
+        # dependency tree were followed, transitive dependencies that are never imported
+        # may be included.
+        #
+        # Instead, the owning module is listed for each imported package. This better
+        # matches the implementation of other Go package managers.
+        #
+        # TODO: Figure out a way to make the vendor directory work (i.e. remove the
+        # -mod=readonly flag). Each of the imported packages gets listed separatly,
+        # confusing the issue as to which package is the root of the module.
+        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./...")
+
+        # Since many packages may belong to a single module, #uniq is used to deduplicate
+        info_output.split("\n").uniq
+      end
     end
 
-    def sum_files?
-      sum_file_paths.any?
+    def mod_files?
+      mod_file_paths.any?
     end
 
-    def sum_file_paths
+    def mod_file_paths
       Dir[project_path.join(PACKAGES_FILE)]
     end
 

data/lib/license_finder/package_managers/mix.rb

@@ -96,7 +96,7 @@ module LicenseFinder
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       packages_lines(stdout)
-        .reject { |package_lines| package_lines.length == 1 } # in_umbrella: true dependencies
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
         .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
     end
 

data/lib/license_finder/package_managers/nuget.rb

@@ -89,8 +89,43 @@ module LicenseFinder
       "mono #{nuget_binary}"
     end
 
+    def prepare
+      Dir.chdir(project_path) do
+        cmd = prepare_command
+        stdout, stderr, status = Cmd.run(cmd)
+        return if status.success?
+
+        log_errors stderr
+
+        if stderr.include?('-PackagesDirectory')
+          logger.info cmd, 'trying fallback prepare command', color: :magenta
+
+          cmd = "#{cmd} -PackagesDirectory /#{Dir.home}/.nuget/packages"
+          stdout, stderr, status = Cmd.run(cmd)
+          return if status.success?
+
+          log_errors_with_cmd(cmd, stderr)
+        end
+
+        error_message = "Prepare command '#{cmd}' failed\n#{stderr}"
+        error_message += "\n#{stdout}\n" if !stdout.nil? && !stdout.empty?
+        raise error_message unless @prepare_no_fail
+      end
+    end
+
     def prepare_command
-      "#{package_management_command} restore"
+      cmd = package_management_command
+      sln_files = Dir['*.sln']
+      cmds = []
+      if sln_files.count > 1
+        sln_files.each do |sln|
+          cmds << "#{cmd} restore #{sln}"
+        end
+      else
+        cmds << "#{cmd} restore"
+      end
+
+      cmds.join(' && ')
     end
 
     def installed?(logger = Core.default_logger)

data/lib/license_finder/package_managers/pipenv.rb

@@ -15,7 +15,7 @@ module LicenseFinder
         begin
           packages = {}
           each_dependency(groups: allowed_groups) do |name, data, group|
-            version = canonicalize(data['version'])
+            version = canonicalize(data['version'] || 'unknown')
             package = packages.fetch(key_for(name, version)) do |key|
               packages[key] = build_package_for(name, version)
             end

data/lib/license_finder/package_managers/rebar.rb

@@ -5,23 +5,25 @@ module LicenseFinder
     def initialize(options = {})
       super
       @command = options[:rebar_command] || package_management_command
-      @deps_path = Pathname(options[:rebar_deps_dir] || 'deps')
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
     end
 
     def current_packages
-      rebar_ouput.map do |name, version_type, version_value, homepage|
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
         RebarPackage.new(
           name,
-          "#{version_type}: #{version_value}",
+          version,
           install_path: @deps_path.join(name),
           homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
           logger: logger
         )
       end
     end
 
     def package_management_command
-      'rebar'
+      'rebar3'
     end
 
     def possible_package_paths
@@ -30,15 +32,34 @@ module LicenseFinder
 
     private
 
-    def rebar_ouput
-      command = "#{@command} list-deps"
+    def rebar_deps
+      command = "#{@command} tree"
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       stdout
         .each_line
-        .reject { |line| line.start_with?('=') }
-        .map { |line| line.split(' ') }
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+
+      licenses = nil
+      homepage = nil
+
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+
+      [licenses, homepage]
     end
   end
 end

data/lib/license_finder/packages/erlangmk_package.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+
+class InvalidErlangmkPackageError < ArgumentError
+end
+
+module LicenseFinder
+  class ErlangmkPackage < Package
+    attr_reader :dep_parent,
+                :dep_name,
+                :dep_fetch_method,
+                :dep_repo_unformatted,
+                :dep_version_unformatted,
+                :dep_absolute_path
+
+    def initialize(dep_string_from_query_deps)
+      @dep_parent,
+      @dep_name,
+      @dep_fetch_method,
+      @dep_repo_unformatted,
+      @dep_version_unformatted,
+      @dep_absolute_path = dep_string_from_query_deps.split
+
+      raise_invalid(dep_string_from_query_deps) unless all_parts_valid?
+
+      super(
+        dep_name,
+        dep_version,
+        homepage: dep_repo,
+        install_path: dep_absolute_path
+      )
+    end
+
+    def package_manager
+      'Erlangmk'
+    end
+
+    def dep_version
+      @dep_version ||= begin
+        version_prefix_re = Regexp.new('^v')
+        dep_version_unformatted.sub(version_prefix_re, '')
+      end
+    end
+
+    def dep_repo
+      @dep_repo ||= dep_repo_unformatted
+                    .chomp('.git')
+                    .sub('git@github.com:', 'https://github.com/')
+    end
+
+    def raise_invalid(dep_string)
+      invalid_dep_message = "'#{dep_string}' does not look like a valid Erlank.mk dependency"
+      valid_dep_example = "A valid dependency example: 'lager: goldrush git https://github.com/DeadZen/goldrush.git 0.1.9 /absolute/path/to/dep'"
+      raise(InvalidErlangmkPackageError, "#{invalid_dep_message}. #{valid_dep_example}")
+    end
+
+    def all_parts_valid?
+      dep_part_valid?(dep_parent) &&
+        dep_part_valid?(dep_name) &&
+        set?(dep_fetch_method) &&
+        dep_repo_valid? &&
+        dep_version_valid? &&
+        set?(dep_absolute_path)
+    end
+
+    private
+
+    def dep_part_valid?(dep_part)
+      set?(dep_part) &&
+        word?(dep_part)
+    end
+
+    def set?(dep_part)
+      !dep_part.nil? &&
+        !dep_part.empty?
+    end
+
+    def word?(dep_part)
+      dep = dep_part.chomp(':')
+      dep =~ word_re
+    end
+
+    def word_re
+      @word_re ||= Regexp.new('^\w+$')
+    end
+
+    def dep_repo_valid?
+      set?(dep_repo_unformatted) &&
+        URI.parse(dep_repo)
+    end
+
+    def dep_version_valid?
+      return false unless set?(dep_version_unformatted)
+
+      if dep_version =~ version_re
+        Gem::Version.correct?(dep_version)
+      else
+        dep_version =~ word_re
+      end
+    end
+
+    def version_re
+      @version_re ||= Regexp.new('\d+\.\d+\.\d+')
+    end
+  end
+end

data/lib/license_finder/packages/pip_package.rb

@@ -8,9 +8,16 @@ module LicenseFinder
     INVALID_LICENSES = ['', 'UNKNOWN'].to_set
 
     def self.license_names_from_spec(spec)
-      license = spec['license'].to_s.strip
+      license_names = spec['license'].to_s.strip.split(' or ')
+      has_unrecognized_license = false
 
-      return [license] unless INVALID_LICENSES.include?(license)
+      license_names.each do |license_name|
+        license = License.find_by_name(license_name.strip)
+
+        has_unrecognized_license ||= license.unrecognized_matcher?
+      end
+
+      return license_names if !license_names.empty? && !has_unrecognized_license
 
       spec
         .fetch('classifiers', [])

data/lib/license_finder/scanner.rb

@@ -4,7 +4,7 @@ module LicenseFinder
   class Scanner
     PACKAGE_MANAGERS = [
       GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
-      Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv
+      Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv
     ].freeze
 
     class << self

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.5.0
+  version: 6.8.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-01 00:00:00.000000000 Z
+date: 2020-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -379,6 +379,7 @@ files:
 - lib/license_finder/license/matcher.rb
 - lib/license_finder/license/none_matcher.rb
 - lib/license_finder/license/template.rb
+- lib/license_finder/license/templates/0BSD.txt
 - lib/license_finder/license/templates/Apache1_1.txt
 - lib/license_finder/license/templates/Apache2.txt
 - lib/license_finder/license/templates/BSD.txt
@@ -391,6 +392,7 @@ files:
 - lib/license_finder/license/templates/LGPL.txt
 - lib/license_finder/license/templates/LGPL2_1.txt
 - lib/license_finder/license/templates/MIT.txt
+- lib/license_finder/license/templates/MPL1_1.txt
 - lib/license_finder/license/templates/MPL2.txt
 - lib/license_finder/license/templates/NewBSD.txt
 - lib/license_finder/license/templates/OFL.txt
@@ -413,6 +415,7 @@ files:
 - lib/license_finder/package_managers/conan.rb
 - lib/license_finder/package_managers/dep.rb
 - lib/license_finder/package_managers/dotnet.rb
+- lib/license_finder/package_managers/erlangmk.rb
 - lib/license_finder/package_managers/glide.rb
 - lib/license_finder/package_managers/go_15vendorexperiment.rb
 - lib/license_finder/package_managers/go_dep.rb
@@ -448,6 +451,7 @@ files:
 - lib/license_finder/packages/cocoa_pods_package.rb
 - lib/license_finder/packages/composer_package.rb
 - lib/license_finder/packages/conan_package.rb
+- lib/license_finder/packages/erlangmk_package.rb
 - lib/license_finder/packages/go_package.rb
 - lib/license_finder/packages/gradle_package.rb
 - lib/license_finder/packages/manual_package.rb
@@ -501,7 +505,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.