license_finder 7.1.0 → 7.2.0

data/lib/license_finder/license/text.rb

@@ -16,6 +16,8 @@ module LicenseFinder
       NEWLINE_CHARACTER = /\n+/.freeze
       QUOTE_COMMENT_CHARACTER = /^\s*>+/.freeze
       ESCAPED_QUOTES = /\\"/.freeze
+      SPECIAL_CHARACTERS = /§/.freeze
+      SPECIAL_DASHES = /–/.freeze
 
       def self.normalize_punctuation(text)
         text.dup.force_encoding('UTF-8')
@@ -26,6 +28,8 @@ module LicenseFinder
             .gsub(NEWLINE_CHARACTER, ' ')
             .gsub(ESCAPED_QUOTES, '"')
             .gsub(QUOTES, '"')
+            .gsub(SPECIAL_CHARACTERS, '?')
+            .gsub(SPECIAL_DASHES, '-')
             .strip
       rescue ArgumentError => _e
         text

data/lib/license_finder/license.rb

@@ -85,7 +85,7 @@ module LicenseFinder
     attr_reader :short_name, :pretty_name, :other_names, :spdx_id, :matcher
 
     def names
-      ([short_name, pretty_name] + other_names).uniq
+      ([short_name, pretty_name, spdx_id] + other_names).uniq
     end
   end
 

data/lib/license_finder/manual_licenses.rb

@@ -43,7 +43,7 @@ module LicenseFinder
         # Ex: licenses remove foo_gem MIT => Removes MIT at all versions for this gem
         @all_versions[name]&.delete(to_license(lic))
 
-        @specific_versions[name]&.each do |_version, licenses|
+        @specific_versions[name]&.each_value do |licenses|
           licenses.delete(to_license(lic))
         end
       else

data/lib/license_finder/package_manager.rb

@@ -136,7 +136,7 @@ module LicenseFinder
       FileUtils.mkdir_p @log_directory
 
       # replace whitespace with underscores and remove slashes
-      log_file_name = package_management_command&.gsub(/\s/, '_')&.gsub(%r{/}, '')
+      log_file_name = package_management_command&.gsub(/\s/, '_')&.delete('/')
       log_file = File.join(@log_directory, "prepare_#{log_file_name || 'errors'}.log")
 
       File.open(log_file, 'w') do |f|

data/lib/license_finder/package_managers/cargo.rb

@@ -6,7 +6,7 @@ module LicenseFinder
   class Cargo < PackageManager
     def current_packages
       cargo_output.map do |package|
-        path = Dir.glob("#{Dir.home}/.cargo/registry/src/**/#{package['name']}-#{package['version']}").first
+        path = Dir.glob("#{Dir.home}/.cargo/registry/src/*/#{package['name']}-#{package['version']}").first
         CargoPackage.new(package, logger: logger, install_path: path)
       end
     end

data/lib/license_finder/package_managers/conan.rb

@@ -1,27 +1,69 @@
 # frozen_string_literal: true
 
 require 'license_finder/package_utils/conan_info_parser'
+require 'license_finder/package_utils/conan_info_parser_v2'
 
 module LicenseFinder
   class Conan < PackageManager
     def possible_package_paths
-      [project_path.join('conanfile.txt')]
+      [project_path.join('conanfile.txt'), project_path.join('conanfile.py')]
     end
 
-    def current_packages
-      install_command = 'conan install .'
+    def license_file_is_good?(license_file_path)
+      !license_file_path.nil? && File.file?(license_file_path)
+    end
+
+    def license_file(project_path, name)
+      candidates = Dir.glob("#{project_path}/licenses/#{name}/**/LICENSE*")
+      candidates.each do |candidate|
+        return candidate if license_file_is_good?(candidate)
+      end
+      nil
+    end
+
+    def deps_list_conan_v1(project_path)
       info_command = 'conan info .'
-      Dir.chdir(project_path) { Cmd.run(install_command) }
       info_output, _stderr, _status = Dir.chdir(project_path) { Cmd.run(info_command) }
+      return nil if info_output.empty?
 
       info_parser = ConanInfoParser.new
+      info_parser.parse(info_output)
+    end
+
+    def deps_list_conan_v2(project_path)
+      info_command = 'conan graph info .'
+      info_output, stderr, _status = Dir.chdir(project_path) { Cmd.run(info_command) }
+      if info_output.empty?
+        return if stderr.empty?
+
+        info_output = stderr
+      end
+      info_parser = ConanInfoParserV2.new
+      info_parser.parse(info_output)
+    end
+
+    def deps_list(project_path)
+      deps = deps_list_conan_v1(project_path)
+      deps = deps_list_conan_v2(project_path) if deps.nil? || deps.empty?
+      deps
+    end
+
+    def current_packages
+      install_command = 'conan install .'
+      Dir.chdir(project_path) { Cmd.run(install_command) }
+
+      deps = deps_list(project_path)
+      return [] if deps.nil?
 
-      deps = info_parser.parse(info_output)
       deps.map do |dep|
         name, version = dep['name'].split('/')
-        url = dep['URL']
-        license_file_path = Dir.glob("#{project_path}/licenses/#{name}/**/LICENSE*").first
-        ConanPackage.new(name, version, File.open(license_file_path).read, url) unless name == 'conanfile.txt'
+        license_file_path = license_file(project_path, name)
+
+        next unless license_file_is_good?(license_file_path)
+
+        url = dep['homepage']
+        url = dep['url'] if url.nil?
+        ConanPackage.new(name, version, File.open(license_file_path).read, url)
       end.compact
     end
   end

data/lib/license_finder/package_managers/dep.rb

@@ -1,43 +1,45 @@
 # frozen_string_literal: true
 
-require 'tomlrb'
-
-module LicenseFinder
-  class Dep < PackageManager
-    def possible_package_paths
-      [project_path.join('Gopkg.lock')]
-    end
-
-    def current_packages
-      toml = Tomlrb.load_file(detected_package_path)
-      projects = toml['projects']
-
-      return [] if projects.nil?
-
-      projects.map do |project|
-        GoPackage.from_dependency({
-                                    'ImportPath' => project['name'],
-                                    'InstallPath' => project_path.join('vendor', project['name']),
-                                    'Rev' => project['revision'],
-                                    'Homepage' => repo_name(project['name'])
-                                  }, nil, true)
-      end
-    end
-
-    def repo_name(name)
-      name.split('/')[0..2].join('/')
-    end
-
-    def self.takes_priority_over
-      Go15VendorExperiment
-    end
-
-    def prepare_command
-      'dep ensure -vendor-only'
-    end
-
-    def package_management_command
-      'dep'
-    end
-  end
-end
+# Dep has been deprecated since 2020
+#
+# require 'tomlrb'
+#
+# module LicenseFinder
+#   class Dep < PackageManager
+#     def possible_package_paths
+#       [project_path.join('Gopkg.lock')]
+#     end
+#
+#     def current_packages
+#       toml = Tomlrb.load_file(detected_package_path)
+#       projects = toml['projects']
+#
+#       return [] if projects.nil?
+#
+#       projects.map do |project|
+#         GoPackage.from_dependency({
+#                                     'ImportPath' => project['name'],
+#                                     'InstallPath' => project_path.join('vendor', project['name']),
+#                                     'Rev' => project['revision'],
+#                                     'Homepage' => repo_name(project['name'])
+#                                   }, nil, true)
+#       end
+#     end
+#
+#     def repo_name(name)
+#       name.split('/')[0..2].join('/')
+#     end
+#
+#     def self.takes_priority_over
+#       Go15VendorExperiment
+#     end
+#
+#     def prepare_command
+#       'dep ensure -vendor-only'
+#     end
+#
+#     def package_management_command
+#       'dep'
+#     end
+#   end
+# end

data/lib/license_finder/package_managers/go_dep.rb

@@ -56,7 +56,7 @@ module LicenseFinder
       packages_grouped_by_revision = all_packages.group_by { |package| package['Rev'] }
       result = []
 
-      packages_grouped_by_revision.each do |_sha, packages_in_group|
+      packages_grouped_by_revision.each_value do |packages_in_group|
         all_paths_in_group = packages_in_group.map { |p| p['ImportPath'] }
         common_paths = CommonPathHelper.longest_common_paths(all_paths_in_group)
         package_info = packages_in_group.first

data/lib/license_finder/package_managers/go_workspace.rb

@@ -51,11 +51,12 @@ module LicenseFinder
     def active?
       return false if @strict_matching
 
+      # Dep has been deprecated since 2020
       godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path))
-      dep = LicenseFinder::Dep.new(project_path: Pathname(project_path))
       # go workspace is only active if GoDep wasn't. There are some projects
       # that will use the .envrc and have a Godep folder as well.
-      !!(!godep.active? && !dep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path)))
+      # !!(!godep.active? && !dep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path)))
+      !!(!godep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path)))
     end
 
     private

data/lib/license_finder/package_managers/maven.rb

@@ -13,22 +13,20 @@ module LicenseFinder
     end
 
     def current_packages
+      # Generate a file "target/generated-resources/licenses.xml" that contains a list of
+      # dependencies including their groupId, artifactId, version and license (name, file, url).
+      # The license file downloaded this way, however, is a generic one without author information.
+      # This file also does not contain further information about the package like its name,
+      # description or website URL.
       command = "#{package_management_command} org.codehaus.mojo:license-maven-plugin:download-licenses"
       command += " -Dlicense.excludedScopes=#{@ignored_groups.to_a.join(',')}" if @ignored_groups && !@ignored_groups.empty?
       command += " #{@maven_options}" unless @maven_options.nil?
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
-      dependencies = MavenDependencyFinder.new(project_path).dependencies
-      packages = dependencies.flat_map do |xml|
-        options = {
-          'GroupTags' => { 'licenses' => 'license', 'dependencies' => 'dependency' },
-          'ForceArray' => %w[license dependency]
-        }
-        contents = XmlSimple.xml_in(xml, options)['dependencies']
-        contents.map do |dep|
-          MavenPackage.new(dep, logger: logger, include_groups: @include_groups)
-        end
+      dependencies = MavenDependencyFinder.new(project_path, maven_repository_path).dependencies
+      packages = dependencies.map do |dep|
+        MavenPackage.new(dep, logger: logger, include_groups: @include_groups)
       end
       packages.uniq
     end
@@ -57,5 +55,15 @@ module LicenseFinder
 
       stdout.include?('null object or invalid expression')
     end
+
+    # Look up the path of the Maven repository (e.g. ~/.m2)
+    def maven_repository_path
+      command = "#{package_management_command} help:evaluate -Dexpression=settings.localRepository -q -DforceStdout"
+      command += " #{@maven_options}" unless @maven_options.nil?
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      Pathname(stdout)
+    end
   end
 end

data/lib/license_finder/package_managers/npm.rb

@@ -39,7 +39,7 @@ module LicenseFinder
     private
 
     def npm_json
-      command = "#{package_management_command} list --json --long#{production_flag}"
+      command = "#{package_management_command} list --json --long#{all_flag}#{production_flag}"
       command += " #{@npm_options}" unless @npm_options.nil?
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       # we can try and continue if we got an exit status 1 - unmet peer dependency
@@ -53,5 +53,18 @@ module LicenseFinder
 
       @ignored_groups.include?('devDependencies') ? ' --production' : ''
     end
+
+    def all_flag
+      npm_version >= 7 ? ' --all' : ''
+    end
+
+    def npm_version
+      command = "#{package_management_command} -v"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      version = stdout.split('.').map(&:to_i)
+      version[0]
+    end
   end
 end

data/lib/license_finder/package_managers/pip.rb

@@ -4,7 +4,7 @@ require 'json'
 
 module LicenseFinder
   class Pip < PackageManager
-    DEFAULT_VERSION = '2'
+    DEFAULT_VERSION = '3'
 
     def initialize(options = {})
       super

data/lib/license_finder/package_managers/pnpm.rb

@@ -45,7 +45,13 @@ module LicenseFinder
       json_objects.map do |_, value|
         value.each do |pkg|
           name = pkg['name']
-          version = pkg['version']
+
+          if pkg['version']
+            version = pkg['version']
+          elsif pkg['versions']
+            version = pkg['versions'][0]
+          end
+
           license = pkg['license']
           homepage = pkg['vendorUrl']
           author = pkg['vendorName']

data/lib/license_finder/package_managers/yarn.rb

@@ -22,7 +22,7 @@ module LicenseFinder
         cmd += " #{@yarn_options}" unless @yarn_options.nil?
       end
 
-      stdout, stderr, status = Cmd.run(cmd)
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(cmd) }
       raise "Command '#{cmd}' failed to execute: #{stderr}" unless status.success?
 
       json_strings = stdout.encode('ASCII', invalid: :replace, undef: :replace, replace: '?').split("\n")
@@ -80,7 +80,7 @@ module LicenseFinder
 
     def yarn_version
       Dir.chdir(project_path) do
-        version_string, stderr_str, status = Cmd.run('yarn -v')
+        version_string, stderr_str, status = Dir.chdir(project_path) { Cmd.run('yarn -v') }
         raise "Command 'yarn -v' failed to execute: #{stderr_str}" unless status.success?
 
         version = version_string.split('.').map(&:to_i)
@@ -96,8 +96,8 @@ module LicenseFinder
         body = json_object['children']
 
         body.each do |package_name, vendor_info|
-          valid_match = %r{(?<name>[@,\w,\-,/,.]+)@(?<manager>\D*):\D*(?<version>(\d+\.?)+)} =~ package_name.to_s
-          valid_match = %r{(?<name>[@,\w,\-,/,.]+)@virtual:.+#(\D*):\D*(?<version>(\d+\.?)+)} =~ package_name.to_s if manager.eql?('virtual')
+          valid_match = %r{(?<name>@?[\w/.-]+)@(?<manager>\D*):\D*(?<version>(\d+\.?)+)} =~ package_name.to_s
+          valid_match = %r{(?<name>@?[\w/.-]+)@virtual:.+#(\D*):\D*(?<version>(\d+\.?)+)} =~ package_name.to_s if manager.eql?('virtual')
 
           if valid_match
             homepage = vendor_info['children']['vendorUrl']
@@ -112,10 +112,10 @@ module LicenseFinder
             )
             packages << package
           end
-          incompatible_match = /(?<name>[\w,\-]+)@[a-z]*:(?<version>(\.))/ =~ package_name.to_s
 
+          incompatible_match = %r{(?<name>@?[\w/.-]+)@[a-z]*:(?<version>(\.))} =~ package_name.to_s
           if incompatible_match
-            package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
+            package = YarnPackage.new(name, version, spec_licenses: [license])
             incompatible_packages.push(package)
           end
         end
@@ -126,14 +126,14 @@ module LicenseFinder
 
     def get_yarn1_packages(json_objects)
       packages = []
-      incompatible_packages = []
       if json_objects.last['type'] == 'table'
         license_json = json_objects.pop['data']
         packages = packages_from_json(license_json)
       end
 
+      incompatible_packages = []
       json_objects.each do |json_object|
-        match = /(?<name>[\w,\-]+)@(?<version>(\d+\.?)+)/ =~ json_object['data'].to_s
+        match = %r{(?<name>@?[\w/.-]+)@(?<version>(\d+\.?)+)} =~ json_object['data'].to_s
         if match
           package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
           incompatible_packages.push(package)
@@ -168,7 +168,7 @@ module LicenseFinder
     def modules_folder
       return @modules_folder if @modules_folder
 
-      stdout, _stderr, status = Cmd.run('yarn config get modules-folder')
+      stdout, _stderr, status = Dir.chdir(project_path) { Cmd.run('yarn config get modules-folder') }
       @modules_folder = 'node_modules' if !status.success? || stdout.strip == 'undefined'
       @modules_folder ||= stdout.strip
     end

data/lib/license_finder/package_utils/conan_info_parser.rb

@@ -31,9 +31,9 @@ module LicenseFinder
     def parse_key_val(line)
       key, val = key_val(line)
       if val
-        @current_project[key] = val
+        @current_project[key.downcase] = val
       elsif line.start_with?(' ')
-        @current_key = key
+        @current_key = key.downcase
         @current_vals = []
         @state = :val_list
       else

data/lib/license_finder/package_utils/conan_info_parser_v2.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class ConanInfoParserV2
+    def parse(info)
+      @lines = info.lines.map(&:chomp)
+      @state = :project_level # state of the state machine
+      @projects = [] # list of projects
+      @current_project = nil # current project being populated in the SM
+      @current_vals = [] # current val list being populate in the SM
+      @current_key = nil # current key to be associated with the current val
+
+      line = @lines.shift
+      line = @lines.shift while line != '======== Basic graph information ========'
+
+      while (line = @lines.shift)
+        next if line == ''
+
+        case @state
+        when :project_level
+          @current_project = {}
+          name, _id = line.strip.split('#')
+          @current_project['name'] = name
+          @state = :key_val
+        when :key_val
+          parse_key_val(line)
+        when :val_list
+          parse_val_list(line)
+        end
+      end
+      wrap_up
+    end
+
+    private
+
+    def parse_key_val(line)
+      key, val = key_val(line)
+      if val
+        @current_project[key.downcase] = val
+      elsif line.start_with?(' ')
+        @current_key = key.downcase
+        @current_vals = []
+        @state = :val_list
+      else
+        change_to_new_project_state line
+      end
+    end
+
+    def parse_val_list(line)
+      if val_list_level(line)
+        @current_vals << line.strip
+      else
+        @current_project[@current_key] = @current_vals
+        if line.start_with?(' ')
+          @state = :key_val
+          @lines.unshift(line)
+        else
+          change_to_new_project_state line
+        end
+      end
+    end
+
+    def wrap_up
+      @current_project[@current_key] = @current_vals if @current_vals.count && @current_key
+      @projects << @current_project
+    end
+
+    def val_list_level(line)
+      line.start_with?('    ')
+    end
+
+    def change_to_new_project_state(line)
+      @state = :project_level
+      @projects << @current_project
+      @lines.unshift(line)
+    end
+
+    def key_val(info)
+      info.split(':', 2).map(&:strip!)
+    end
+  end
+end

data/lib/license_finder/package_utils/license_files.rb

@@ -27,7 +27,7 @@ module LicenseFinder
 
     def paths_of_candidate_files
       candidate_files_and_dirs
-        .flat_map { |path| path.directory? ? path.children : path }
+        .flat_map { |path| !path.is_a?(Zip::Entry) && path.directory? ? path.children : path }
         .reject(&:directory?)
         .uniq
     end
@@ -35,7 +35,17 @@ module LicenseFinder
     def candidate_files_and_dirs
       return [] if install_path.nil?
 
-      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+      if !install_path.extname.casecmp('.jar').zero?
+        Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+      else
+        candidates_from_zip
+      end
+    end
+
+    def candidates_from_zip
+      Zip::File.open(install_path.to_s) do |zip_file|
+        zip_file.glob(CANDIDATE_PATH_WILDCARD, File::FNM_EXTGLOB)
+      end
     end
   end
 end

data/lib/license_finder/package_utils/licensing.rb

@@ -11,7 +11,8 @@ module LicenseFinder
       if activations_from_decisions.any? then activations_from_decisions
       elsif activations_from_spec.any?      then activations_from_spec
       elsif activations_from_files.any?     then activations_from_files
-      else [default_activation]
+      else
+        [default_activation]
       end
     end
 

data/lib/license_finder/package_utils/maven_dependency_finder.rb

@@ -2,14 +2,56 @@
 
 module LicenseFinder
   class MavenDependencyFinder
-    def initialize(project_path)
+    def initialize(project_path, m2_path)
       @project_path = project_path
+      @m2_path = m2_path
     end
 
     def dependencies
+      options = {
+        'GroupTags' => { 'licenses' => 'license', 'dependencies' => 'dependency' },
+        'ForceArray' => %w[license dependency]
+      }
+
       Pathname
         .glob(@project_path.join('**', 'target', 'generated-resources', 'licenses.xml'))
         .map(&:read)
+        .flat_map { |xml| XmlSimple.xml_in(xml, options)['dependencies'] }
+        .reject(&:empty?)
+        .each { |dep| add_info_from_m2(dep) }
+    end
+
+    # Add the name of the JAR file to allow later retrieval of license and notice files,
+    # and add the name, description and URL from the POM XML file.
+    def add_info_from_m2(dep)
+      m2_artifact_dir = @m2_path
+        .join(dep['groupId'].tr('.', '/'))
+        .join(dep['artifactId'])
+        .join(dep['version'])
+      artifact_basename = "#{dep['artifactId']}-#{dep['version']}"
+
+      # Basic support for Maven classifiers. So far, only "jakarta" is supported. Unfortunately,
+      # we do not have access to the "classifier" field here (licenses.xml does not have it).
+      jar_file = m2_artifact_dir.join("#{artifact_basename}.jar")
+      jar_file = m2_artifact_dir.join("#{artifact_basename}-jakarta.jar") unless File.exist?(jar_file)
+
+      dep.store('jarFile', jar_file)
+
+      add_info_from_pom(m2_artifact_dir.join("#{artifact_basename}.pom"), dep)
+    end
+
+    # Extract name, description and URL from pom.xml
+    def add_info_from_pom(pom_file, dep)
+      pom = XmlSimple.xml_in(pom_file.read, { 'ForceArray' => false })
+
+      name = pom['name']
+      dep.store('summary', name) unless name.nil?
+
+      description = pom['description']
+      dep.store('description', description) unless description.nil?
+
+      url = pom['url']
+      dep.store('homepage', url) unless url.nil?
     end
   end
 end

data/lib/license_finder/package_utils/notice_files.rb

@@ -5,7 +5,8 @@ require 'license_finder/package_utils/possible_license_file'
 module LicenseFinder
   class NoticeFiles
     CANDIDATE_FILE_NAMES = %w[NOTICE Notice].freeze
-    CANDIDATE_PATH_WILDCARD = "*{#{CANDIDATE_FILE_NAMES.join(',')}}*"
+    CANDIDATE_PATH_WILDCARD_STRICT = "{#{CANDIDATE_FILE_NAMES.join(',')}}*"
+    CANDIDATE_PATH_WILDCARD = "*#{CANDIDATE_PATH_WILDCARD_STRICT}"
 
     def self.find(install_path, options = {})
       new(install_path).find(options)
@@ -26,7 +27,7 @@ module LicenseFinder
 
     def paths_of_candidate_files
       candidate_files_and_dirs
-        .flat_map { |path| path.directory? ? path.children : path }
+        .flat_map { |path| !path.is_a?(Zip::Entry) && path.directory? ? path.children : path }
         .reject(&:directory?)
         .uniq
     end
@@ -34,7 +35,17 @@ module LicenseFinder
     def candidate_files_and_dirs
       return [] if install_path.nil?
 
-      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+      if !install_path.extname.casecmp('.jar').zero?
+        Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+      else
+        candidates_from_zip
+      end
+    end
+
+    def candidates_from_zip
+      Zip::File.open(install_path.to_s) do |zip_file|
+        zip_file.glob("*/#{CANDIDATE_PATH_WILDCARD_STRICT}", File::FNM_EXTGLOB)
+      end
     end
   end
 end