license_finder 6.8.0 → 6.10.1

data/lib/license_finder/core.rb

@@ -24,7 +24,7 @@ module LicenseFinder
     # Default +options+:
     # {
     #   project_path: Pathname.pwd
-    #   logger: {},   # can include quiet: true or debug: true
+    #   logger: nil,   # can be :quiet or :debug
     #   decisions_file: "doc/dependency_decisions.yml",
     #   gradle_command: "gradle",
     #   rebar_command: "rebar",
@@ -93,6 +93,7 @@ module LicenseFinder
         project_path: config.project_path,
         log_directory: File.join(config.log_directory, project_name),
         ignored_groups: decisions.ignored_groups,
+        enabled_package_manager_ids: config.enabled_package_manager_ids,
         go_full_version: config.go_full_version,
         gradle_command: config.gradle_command,
         gradle_include_groups: config.gradle_include_groups,
@@ -107,7 +108,9 @@ module LicenseFinder
         mix_deps_dir: config.mix_deps_dir,
         prepare: config.prepare,
         prepare_no_fail: config.prepare_no_fail,
-        sbt_include_groups: config.sbt_include_groups
+        sbt_include_groups: config.sbt_include_groups,
+        conda_bash_setup_script: config.conda_bash_setup_script,
+        composer_check_require_only: config.composer_check_require_only
       }
     end
   end

data/lib/license_finder/decisions.rb

@@ -40,10 +40,15 @@ module LicenseFinder
     end
 
     def permitted?(lic)
-      return lic.sub_licenses.any? { |sub_lic| @permitted.include?(sub_lic) } if lic.is_a?(OrLicense)
-      return lic.sub_licenses.all? { |sub_lic| @permitted.include?(sub_lic) } if lic.is_a?(AndLicense)
-
-      @permitted.include?(lic)
+      if @permitted.include?(lic)
+        true
+      elsif lic.is_a?(OrLicense)
+        lic.sub_licenses.any? { |sub_lic| @permitted.include?(sub_lic) }
+      elsif lic.is_a?(AndLicense)
+        lic.sub_licenses.all? { |sub_lic| @permitted.include?(sub_lic) }
+      else
+        false
+      end
     end
 
     def restricted?(lic)

data/lib/license_finder/license.rb

@@ -19,10 +19,17 @@ module LicenseFinder
 
       def find_by_name(name)
         name ||= 'unknown'
-        return OrLicense.new(name) if name.include?(OrLicense.operator)
-        return AndLicense.new(name) if name.include?(AndLicense.operator)
-
-        all.detect { |l| l.matches_name? l.stripped_name(name) } || Definitions.build_unrecognized(name)
+        license = all.detect { |l| l.matches_name? l.stripped_name(name) }
+
+        if license
+          license
+        elsif name.include?(OrLicense.operator)
+          OrLicense.new(name)
+        elsif name.include?(AndLicense.operator)
+          AndLicense.new(name)
+        else
+          Definitions.build_unrecognized(name)
+        end
       end
 
       def find_by_text(text)

data/lib/license_finder/license/text.rb

@@ -10,8 +10,8 @@ module LicenseFinder
       SPECIAL_DOUBLE_QUOTES = /[“”„«»]/.freeze
       ALPHABET_ORDERED_LIST = /\\\([a-z]\\\)\\\s/.freeze
       ALPHABET_ORDERED_LIST_OPTIONAL = '(\([a-z]\)\s)?'
-      LIST_BULLETS = /(\d{1,2}\\\.|\\\*)\\\s/.freeze
-      LIST_BULLETS_OPTIONAL = '(\d{1,2}.|\*)?\s*'
+      LIST_BULLETS = /(\d{1,2}\\\.|\\\*|\\\-)\\\s/.freeze
+      LIST_BULLETS_OPTIONAL = '(\d{1,2}.|\*|\-)?\s*'
       NEWLINE_CHARACTER = /\n+/.freeze
       QUOTE_COMMENT_CHARACTER = /^\s*\>+/.freeze
       ESCAPED_QUOTES = /\\\"/.freeze

data/lib/license_finder/package.rb

@@ -198,3 +198,4 @@ require 'license_finder/packages/yarn_package'
 require 'license_finder/packages/sbt_package'
 require 'license_finder/packages/cargo_package'
 require 'license_finder/packages/composer_package'
+require 'license_finder/packages/conda_package'

data/lib/license_finder/package_manager.rb

@@ -22,6 +22,10 @@ module LicenseFinder
       def takes_priority_over
         nil
       end
+
+      def id
+        name.split('::').last.downcase
+      end
     end
 
     def installed?(logger = Core.default_logger)
@@ -123,12 +127,12 @@ module LicenseFinder
     end
 
     def log_errors_with_cmd(prep_cmd, stderr)
-      logger.info prep_cmd, 'did not succeed.', color: :red
-      logger.info prep_cmd, stderr, color: :red
-      log_to_file stderr
+      logger.info(prep_cmd, 'did not succeed.', color: :red)
+      logger.info(prep_cmd, stderr, color: :red)
+      log_to_file(prep_cmd, stderr)
     end
 
-    def log_to_file(contents)
+    def log_to_file(prep_cmd, contents)
       FileUtils.mkdir_p @log_directory
 
       # replace whitespace with underscores and remove slashes
@@ -136,7 +140,7 @@ module LicenseFinder
       log_file = File.join(@log_directory, "prepare_#{log_file_name || 'errors'}.log")
 
       File.open(log_file, 'w') do |f|
-        f.write("Prepare command \"#{prepare_command}\" failed with:\n")
+        f.write("Prepare command \"#{prep_cmd}\" failed with:\n")
         f.write("#{contents}\n\n")
       end
     end
@@ -171,5 +175,6 @@ require 'license_finder/package_managers/conan'
 require 'license_finder/package_managers/sbt'
 require 'license_finder/package_managers/cargo'
 require 'license_finder/package_managers/composer'
+require 'license_finder/package_managers/conda'
 
 require 'license_finder/package'

data/lib/license_finder/package_managers/composer.rb

@@ -4,7 +4,10 @@ require 'json'
 
 module LicenseFinder
   class Composer < PackageManager
-    SHELL_COMMAND = 'composer licenses --format=json'
+    def initialize(options = {})
+      super
+      @check_require_only = !!options[:composer_check_require_only]
+    end
 
     def possible_package_paths
       [project_path.join('composer.lock'), project_path.join('composer.json')]
@@ -33,7 +36,7 @@ module LicenseFinder
     end
 
     def prepare_command
-      'composer install --no-plugins --ignore-platform-reqs --no-interaction'
+      'composer install --no-plugins --no-scripts --ignore-platform-reqs --no-interaction'
     end
 
     def package_path
@@ -50,8 +53,9 @@ module LicenseFinder
     end
 
     def composer_json
-      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(Composer::SHELL_COMMAND) }
-      raise "Command '#{Composer::SHELL_COMMAND}' failed to execute: #{stderr}" unless status.success?
+      command = "composer licenses --format=json#{@check_require_only ? ' --no-dev' : ''}"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       JSON(stdout)
     end

data/lib/license_finder/package_managers/conda.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Conda < PackageManager
+    attr_reader :conda_bash_setup_script
+
+    def initialize(options = {})
+      @conda_bash_setup_script = options[:conda_bash_setup_script] || Pathname("#{ENV['HOME']}/miniconda3/etc/profile.d/conda.sh")
+      super
+    end
+
+    # This command is *not* directly executable. See .conda() below.
+    def prepare_command
+      "conda env create -f #{detected_package_path}"
+    end
+
+    def prepare
+      return if environment_exists?
+
+      prep_cmd = prepare_command
+      _stdout, stderr, status = Dir.chdir(project_path) { conda(prep_cmd) }
+      return if status.success?
+
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+
+    def current_packages
+      conda_list.map do |entry|
+        case entry['channel']
+        when 'pypi'
+          # PyPI is much faster than `conda search`, use it when we can.
+          PipPackage.new(entry['name'], entry['version'], PyPI.definition(entry['name'], entry['version']))
+        else
+          CondaPackage.new(conda_search_info(entry))
+        end
+      end.compact
+    end
+
+    def possible_package_paths
+      [project_path.join('environment.yaml'), project_path.join('environment.yml')]
+    end
+
+    private
+
+    def environment_exists?
+      environments.grep(environment_name).any?
+    end
+
+    def environments
+      command = 'conda env list'
+      stdout, stderr, status = conda command
+
+      environments = []
+      if status.success?
+        environments = stdout.split("\n").grep_v(/^#/).map { |line| line.split.first }
+      else
+        log_errors_with_cmd command, stderr
+      end
+      environments
+    end
+
+    def environment_file
+      detected_package_path
+    end
+
+    def environment_name
+      @environment_name ||= YAML.load_file(environment_file).fetch('name')
+    end
+
+    def conda(command)
+      Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && #{command}")
+    end
+
+    def activated_conda(command)
+      Open3.capture3('bash', '-c', "source #{conda_bash_setup_script} && conda activate #{environment_name} && #{command}")
+    end
+
+    # Algorithm is based on
+    # https://bioinformatics.stackexchange.com/a/11226
+    # but completely recoded in Ruby. Like the poster, if the package is
+    # actually managed by conda, we assume that all the potential infos (for
+    # various architectures, versions of python, etc) have the same license.
+    def conda_list
+      command = 'conda list'
+      stdout, stderr, status = activated_conda(command)
+
+      if status.success?
+        conda_list = []
+        stdout.each_line do |line|
+          next if line =~ /^\s*#/
+
+          name, version, build, channel = line.split
+          conda_list << {
+            'name' => name,
+            'version' => version,
+            'build' => build,
+            'channel' => channel
+          }
+        end
+        conda_list
+      else
+        log_errors_with_cmd command, stderr
+        []
+      end
+    end
+
+    def conda_search_info(list_entry)
+      command = 'conda search --info --json '
+      command += "--channel #{list_entry['channel']} " if list_entry['channel'] && !list_entry['channel'].empty?
+      command += "'#{list_entry['name']} #{list_entry['version']}'"
+
+      # Errors from conda (in --json mode, at least) show up in stdout, not stderr
+      stdout, _stderr, status = activated_conda(command)
+
+      name = list_entry['name']
+
+      if status.success?
+        JSON(stdout).fetch(name).first
+      else
+        log_errors_with_cmd command, stdout
+        list_entry
+      end
+    rescue KeyError
+      logger.info('Conda', "Key error trying to find #{name} in\n#{JSON(stdout)}")
+      list_entry
+    end
+  end
+end

data/lib/license_finder/package_managers/erlangmk.rb

@@ -10,8 +10,10 @@ module LicenseFinder
       "#{package_management_command} --directory=#{project_path} --no-print-directory"
     end
 
+    # The IS_DEP=1 is added because not all erlang.mk-based projects are
+    # updated to a version that is compatible with LicenseFinder
     def prepare_command
-      "#{package_management_command_with_path} fetch-deps"
+      "#{package_management_command_with_path} IS_DEP=1 fetch-deps"
     end
 
     def possible_package_paths
@@ -32,12 +34,17 @@ module LicenseFinder
     def deps
       command = "#{package_management_command_with_path} QUERY='name fetch_method repo version absolute_path' query-deps"
       stdout, stderr, status = Cmd.run(command)
-      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
-
-      dep_re = Regexp.new('^\s*DEP')
-      line_re = Regexp.new('^[_a-z0-9]+:')
-
-      stdout.each_line.map(&:strip).select { |line| !(line.start_with?('make') || line =~ dep_re) && line =~ line_re }
+      if status.success?
+        dep_re = Regexp.new('^\s*DEP')
+        line_re = Regexp.new('^[_a-z0-9]+:')
+        stdout.each_line.map(&:strip).select { |line| !(line.start_with?('make') || line =~ dep_re) && line =~ line_re }
+      elsif stderr.include? "No rule to make target 'query-deps'"
+        # The stderr check happens because not all erlang.mk-based projects are
+        # updated to a version that is compatible with LicenseFinder
+        []
+      else
+        raise "Command '#{command}' failed to execute: #{stderr}"
+      end
     end
   end
 end

data/lib/license_finder/package_managers/go_dep.rb

@@ -4,6 +4,9 @@ require 'json'
 
 module LicenseFinder
   class GoDep < PackageManager
+    OLD_GODEP_VENDOR_PATH = 'Godeps/_workspace/src'
+    GODEP_VENDOR_PATH = 'vendor'
+
     def initialize(options = {})
       super
       @full_version = options[:go_full_version]
@@ -29,16 +32,20 @@ module LicenseFinder
     private
 
     def install_prefix
-      go_path = if workspace_dir.directory?
-                  workspace_dir
-                else
-                  Pathname(ENV['GOPATH'] || ENV['HOME'] + '/go')
-                end
-      go_path.join('src')
+      @install_prefix ||= if project_path.join(OLD_GODEP_VENDOR_PATH).directory?
+                            project_path.join(OLD_GODEP_VENDOR_PATH)
+                          elsif project_path.join(GODEP_VENDOR_PATH).directory?
+                            project_path.join(GODEP_VENDOR_PATH)
+                          else
+                            download_dependencies
+                            Pathname(ENV['GOPATH'] ? ENV['GOPATH'] + '/src' : ENV['HOME'] + '/go/src')
+                          end
     end
 
-    def workspace_dir
-      project_path.join('Godeps/_workspace')
+    def download_dependencies
+      command = "#{package_management_command} restore"
+      _, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" if !status.success? && status.exitstatus != 1
     end
 
     def packages_from_json(json_string)

data/lib/license_finder/package_managers/go_modules.rb

@@ -55,7 +55,9 @@ module LicenseFinder
         # TODO: Figure out a way to make the vendor directory work (i.e. remove the
         # -mod=readonly flag). Each of the imported packages gets listed separatly,
         # confusing the issue as to which package is the root of the module.
-        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./...")
+        go_list_cmd = "GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./..."
+        info_output, stderr, status = Cmd.run(go_list_cmd)
+        log_errors_with_cmd(go_list_cmd, "Getting the dependencies from go list failed \n\t#{stderr}") unless status.success?
 
         # Since many packages may belong to a single module, #uniq is used to deduplicate
         info_output.split("\n").uniq

data/lib/license_finder/package_managers/npm.rb

@@ -14,7 +14,7 @@ module LicenseFinder
     end
 
     def prepare_command
-      'npm install --no-save'
+      'npm install --no-save --ignore-scripts'
     end
 
     def possible_package_paths

data/lib/license_finder/package_managers/yarn.rb

@@ -56,7 +56,7 @@ module LicenseFinder
     end
 
     def prepare_command
-      'yarn install --ignore-engines'
+      'yarn install --ignore-engines --ignore-scripts'
     end
 
     private

data/lib/license_finder/packages/conda_package.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class CondaPackage < Package
+    attr_accessor :identifier, :json
+
+    def initialize(conda_json)
+      @json = conda_json
+      @identifier = Identifier.from_hash(conda_json)
+      super(@identifier.name,
+            @identifier.version,
+            spec_licenses: Package.license_names_from_standard_spec(conda_json),
+            children: children)
+    end
+
+    def ==(other)
+      other.is_a?(CondaPackage) && @identifier == other.identifier
+    end
+
+    def to_s
+      @identifier.to_s
+    end
+
+    def package_manager
+      'Conda'
+    end
+
+    def package_url
+      @json['url']
+    end
+
+    def children
+      @json.fetch('depends', []).map { |constraint| constraint.split.first }
+    end
+
+    class Identifier
+      attr_accessor :name, :version
+
+      def initialize(name, version)
+        @name = name
+        @version = version
+      end
+
+      def self.from_hash(hash)
+        name = hash['name']
+        version = hash['version']
+        return nil if name.nil? || version.nil?
+
+        Identifier.new(name, version)
+      end
+
+      def ==(other)
+        other.is_a?(Identifier) && @name == other.name && @version == other.version
+      end
+
+      def eql?(other)
+        self == other
+      end
+
+      def hash
+        [@name, @version].hash
+      end
+
+      def <=>(other)
+        sort_name = @name <=> other.name
+        sort_name.zero? ? @version <=> other.version : sort_name
+      end
+
+      def to_s
+        "#{@name} - #{@version}"
+      end
+    end
+  end
+end