license_finder 0.9.4 → 0.9.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +0 -7
  3. data/.travis.yml +1 -3
  4. data/CHANGELOG.rdoc +13 -0
  5. data/db/migrate/201307251004_data_fix_manual_licenses.rb +2 -2
  6. data/db/migrate/201307251107_reassociate_license.rb +18 -18
  7. data/db/migrate/201311192002_add_manually_approved_to_dependencies.rb +7 -0
  8. data/db/migrate/201311192003_reassociate_manual_approval.rb +14 -0
  9. data/db/migrate/201311192010_drop_approvals.rb +5 -0
  10. data/features/cli.feature +1 -1
  11. data/features/html_report.feature +1 -1
  12. data/features/{non_bundler_dependencies.feature → manually_managed_dependencies.feature} +6 -6
  13. data/features/step_definitions/html_report_steps.rb +2 -9
  14. data/features/step_definitions/{non_bundler_steps.rb → manually_managed_steps.rb} +0 -0
  15. data/features/step_definitions/shared_steps.rb +4 -8
  16. data/lib/license_finder.rb +21 -17
  17. data/lib/license_finder/bower.rb +3 -34
  18. data/lib/license_finder/bower_package.rb +63 -0
  19. data/lib/license_finder/bundler.rb +73 -0
  20. data/lib/license_finder/bundler_package.rb +33 -0
  21. data/lib/license_finder/cli.rb +33 -35
  22. data/lib/license_finder/dependency_manager.rb +14 -23
  23. data/lib/license_finder/license/apache2.rb +1 -1
  24. data/lib/license_finder/license/lgpl.rb +1 -0
  25. data/lib/license_finder/npm.rb +22 -39
  26. data/lib/license_finder/npm_package.rb +61 -0
  27. data/lib/license_finder/package.rb +14 -80
  28. data/lib/license_finder/package_saver.rb +13 -75
  29. data/lib/license_finder/pip.rb +21 -33
  30. data/lib/license_finder/pip_package.rb +51 -0
  31. data/lib/license_finder/platform.rb +3 -15
  32. data/lib/license_finder/possible_license_file.rb +0 -4
  33. data/lib/license_finder/possible_license_files.rb +4 -0
  34. data/lib/license_finder/tables.rb +2 -2
  35. data/lib/license_finder/tables/bundler_group.rb +3 -0
  36. data/lib/license_finder/tables/dependency.rb +43 -18
  37. data/lib/license_finder/tables/license_alias.rb +4 -0
  38. data/lib/license_finder/yml_to_sql.rb +22 -30
  39. data/license_finder.gemspec +3 -3
  40. data/readme.md +5 -5
  41. data/spec/lib/license_finder/bower_package_spec.rb +56 -0
  42. data/spec/lib/license_finder/bower_spec.rb +3 -24
  43. data/spec/lib/license_finder/bundler_package_spec.rb +62 -0
  44. data/spec/lib/license_finder/{bundle_spec.rb → bundler_spec.rb} +7 -7
  45. data/spec/lib/license_finder/cli_spec.rb +6 -6
  46. data/spec/lib/license_finder/dependency_manager_spec.rb +14 -15
  47. data/spec/lib/license_finder/html_report_spec.rb +2 -3
  48. data/spec/lib/license_finder/markdown_report_spec.rb +4 -4
  49. data/spec/lib/license_finder/npm_package_spec.rb +51 -0
  50. data/spec/lib/license_finder/npm_spec.rb +25 -25
  51. data/spec/lib/license_finder/package_saver_spec.rb +50 -190
  52. data/spec/lib/license_finder/pip_package_spec.rb +74 -0
  53. data/spec/lib/license_finder/pip_spec.rb +33 -55
  54. data/spec/lib/license_finder/tables/dependency_spec.rb +83 -32
  55. data/spec/lib/license_finder/yml_to_sql_spec.rb +5 -12
  56. data/spec/spec_helper.rb +22 -2
  57. metadata +30 -18
  58. data/lib/license_finder/bundle.rb +0 -74
  59. data/lib/license_finder/tables/approval.rb +0 -4
  60. data/spec/lib/license_finder/package_spec.rb +0 -98
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3b65d1f533fe92270a5d6924fb5bb496c39f5bbb
4
- data.tar.gz: 61b8c1a0c33212a69497fa1f95ba3c3825794dd6
3
+ metadata.gz: 914d2f2e411442bf2e8f37f7b17b5dd963f9c4be
4
+ data.tar.gz: 985aa512713ab48aaed47129747e1f7b3b1d10de
5
5
  SHA512:
6
- metadata.gz: 3e3315d6de234859334ea3d7426bf6aec588c1b381ab081839d7a0e59e325c9ad1375229b36c0c4ff9b95062c727accf11d7b9019ced480cd4b4ac6c13a3dd1b
7
- data.tar.gz: c5a56556655e5852ae8156f02838262d4d3f4064f0dc53c652385073779551b404b8cde0199bece774a2c7c1f667309b1feb3c02cf798191beccc2920b2bb9bd
6
+ metadata.gz: c312d903761a6688929d0dc5c2b55d2e282cf2668d6f3d3d107341b9b86f75a206c7b5add0eac1c758117d89a028cd91f7ef5c8013ecce851a0f19e06f5e1eb9
7
+ data.tar.gz: 91f606929437fc775f297b0377a567b18b7f95109bd1a7e000706d5636c523d2381d5922116bfb3e8bdf7b412fe68cd3459b37f31b01aa81c21f66dd975a223e
data/.gitignore CHANGED
@@ -1,13 +1,6 @@
1
1
  pkg/*
2
- *.gem
3
- .bundle
4
2
  Gemfile.lock
5
3
  .rvmrc
6
4
  .idea/*
7
5
  tmp/
8
- dependencies.*
9
- doc/dependencies.*
10
- db/schema.rb
11
- config/
12
6
  .pairs
13
- *.swp
data/.travis.yml CHANGED
@@ -2,15 +2,13 @@ rvm:
2
2
  - 2.1.0
3
3
  - 2.0.0
4
4
  - 1.9.3
5
- - 1.9.2
6
5
  - jruby-19mode
7
- - rbx-19mode
6
+ - jruby-20mode
8
7
  - ruby-head
9
8
  - jruby-head
10
9
 
11
10
  matrix:
12
11
  allow_failures:
13
- - rvm: rbx-19mode
14
12
  - rvm: ruby-head
15
13
  - rvm: jruby-head
16
14
 
data/CHANGELOG.rdoc CHANGED
@@ -1,3 +1,16 @@
1
+ === 0.9.5 / 2014-01-30
2
+
3
+ * Features
4
+
5
+ * Add more aliases for known licenses
6
+ * Drop support for ruby 1.9.2
7
+ * Large refactoring to simply things, and make it easier to add new package managers
8
+
9
+ * Bugfixes
10
+
11
+ * Make node dependency json parsing more robust
12
+ * Clean up directories created during test runs
13
+
1
14
  === 0.9.4 / 2014-01-05
2
15
 
3
16
  * Features
@@ -1,6 +1,6 @@
1
1
  Sequel.migration do
2
2
  up do
3
- DB << <<EOS
3
+ LicenseFinder::DB << <<-SQL
4
4
  UPDATE dependencies
5
5
  SET license_manual = 1
6
6
  WHERE id
@@ -10,6 +10,6 @@ IN
10
10
  INNER JOIN license_aliases l
11
11
  ON d.license_id = l.id
12
12
  WHERE l.manual = 1)
13
- EOS
13
+ SQL
14
14
  end
15
15
  end
@@ -1,23 +1,23 @@
1
1
  Sequel.migration do
2
2
  up do
3
- DB << <<EOS
4
- UPDATE dependencies
5
- SET license_id =
6
- (SELECT la.id
7
- FROM
8
- license_aliases la,
9
- license_aliases la_orig
10
- WHERE
11
- la.name = la_orig.name AND
12
- la_orig.id = license_id
13
- LIMIT 1)
14
- EOS
3
+ LicenseFinder::DB << <<-SQL
4
+ UPDATE dependencies
5
+ SET license_id =
6
+ (SELECT la.id
7
+ FROM
8
+ license_aliases la,
9
+ license_aliases la_orig
10
+ WHERE
11
+ la.name = la_orig.name AND
12
+ la_orig.id = license_id
13
+ LIMIT 1)
14
+ SQL
15
15
 
16
- DB << <<CLEANUP
17
- DELETE
18
- FROM license_aliases
19
- WHERE
20
- id NOT IN (SELECT license_id FROM dependencies)
21
- CLEANUP
16
+ LicenseFinder::DB << <<-SQL
17
+ DELETE
18
+ FROM license_aliases
19
+ WHERE
20
+ id NOT IN (SELECT license_id FROM dependencies)
21
+ SQL
22
22
  end
23
23
  end
@@ -0,0 +1,7 @@
1
+ Sequel.migration do
2
+ change do
3
+ alter_table(:dependencies) do
4
+ add_column :manually_approved, TrueClass
5
+ end
6
+ end
7
+ end
@@ -0,0 +1,14 @@
1
+ Sequel.migration do
2
+ up do
3
+ LicenseFinder::DB << <<-EOS
4
+ UPDATE dependencies
5
+ SET manually_approved =
6
+ (SELECT state
7
+ FROM
8
+ approvals
9
+ INNER JOIN
10
+ dependencies
11
+ ON approvals.id = dependencies.approval_id)
12
+ EOS
13
+ end
14
+ end
@@ -0,0 +1,5 @@
1
+ Sequel.migration do
2
+ change do
3
+ drop_table(:approvals)
4
+ end
5
+ end
data/features/cli.feature CHANGED
@@ -16,7 +16,7 @@ Feature: License Finder command line executable
16
16
 
17
17
  Scenario: Auditing an application with whitelisted licenses
18
18
  Given I have an app with license finder that depends on a MIT licensed gem
19
- When I whitelist MIT and 'other' and New BSD and Apache 2.0 licenses
19
+ When I whitelist MIT, New BSD, Apache 2.0, Ruby, and other licenses
20
20
  Then it should exit with status code 0
21
21
  And I should see all dependencies approved for use
22
22
 
@@ -20,5 +20,5 @@ Feature: HTML Report
20
20
 
21
21
  Scenario: Dependency summary
22
22
  And my app depends on MIT and GPL licensed gems
23
- When I whitelist MIT and 'other' and New BSD and Apache 2.0 licenses
23
+ When I whitelist MIT, New BSD, Apache 2.0, Ruby, and other licenses
24
24
  Then I should see only see GPL liceneses as unapproved in the html
@@ -1,19 +1,19 @@
1
- Feature: Tracking non-Bundler Dependencies
2
- So that I can track JS and other dependencies not tracked by Bundler
1
+ Feature: Tracking Unmanaged Dependencies
2
+ So that I can track dependencies not managed by Bundler, NPM, etc.
3
3
  As an application developer using license finder
4
- I want to be able to manually manage non-Bundler dependencies
4
+ I want to be able to manually track unmanaged dependencies
5
5
 
6
- Scenario: Adding a non-Bundler dependency
6
+ Scenario: Adding a manually managed dependency
7
7
  Given I have an app with license finder
8
8
  When I add my JS dependency
9
9
  Then I should see the JS dependency in the console output
10
10
 
11
- Scenario: Auto approving a non-Bundler dependency I add
11
+ Scenario: Auto approving a manually managed dependency I add
12
12
  Given I have an app with license finder
13
13
  When I add my JS dependency with an approval flag
14
14
  Then I should not see the JS dependency in the console output since it is approved
15
15
 
16
- Scenario: Removing a non-Bundler dependency
16
+ Scenario: Removing a manually managed dependency
17
17
  Given I have an app with license finder and a JS dependency
18
18
  When I remove my JS dependency
19
19
  Then I should not see the JS dependency in the console output
@@ -49,16 +49,9 @@ end
49
49
  Then(/^I should see only see GPL liceneses as unapproved in the html$/) do
50
50
  html = File.read(@user.dependencies_html_path)
51
51
  page = Capybara.string(html)
52
- page.should have_content '12 total'
53
- page.should have_content '1 unapproved'
54
52
  page.should have_content '1 GPL'
55
- page.should have_content '1 other'
56
- if @user.jruby?
57
- page.should have_content '9 MIT'
58
- page.should have_content '1 Apache 2.0'
59
- else
60
- page.should have_content '10 MIT'
61
- end
53
+ action_items = page.find('.action-items')
54
+ action_items.should have_content '(GPL)'
62
55
  end
63
56
 
64
57
  def is_html_status?(gem, approval)
@@ -14,8 +14,8 @@ When(/^I run license_finder$/) do
14
14
  @output = @user.execute_command "license_finder --quiet"
15
15
  end
16
16
 
17
- When(/^I whitelist MIT and 'other' and New BSD and Apache 2.0 licenses$/) do
18
- @user.configure_license_finder_whitelist ["MIT","other","New BSD","Apache 2.0"]
17
+ When(/^I whitelist MIT, New BSD, Apache 2.0, Ruby, and other licenses$/) do
18
+ @user.configure_license_finder_whitelist ["MIT","other","New BSD","Apache 2.0","Ruby"]
19
19
  @output = @user.execute_command "license_finder --quiet"
20
20
  end
21
21
 
@@ -139,7 +139,7 @@ module DSL
139
139
  end
140
140
 
141
141
  def execute_command(command)
142
- Bundler.with_clean_env do
142
+ ::Bundler.with_clean_env do
143
143
  @output = `cd #{app_path} && bundle exec #{command}`
144
144
  end
145
145
 
@@ -192,7 +192,7 @@ module DSL
192
192
  end
193
193
 
194
194
  def bundle_app
195
- Bundler.with_clean_env do
195
+ ::Bundler.with_clean_env do
196
196
  `bundle install --gemfile=#{File.join(app_path, "Gemfile")} --path=#{bundle_path}`
197
197
  end
198
198
  end
@@ -210,10 +210,6 @@ module DSL
210
210
  File.open(dependencies_file_path, 'w+') { |f| yield f }
211
211
  end
212
212
 
213
- def jruby?
214
- `ruby -v`.match /^jruby/
215
- end
216
-
217
213
  private
218
214
 
219
215
  def add_to_gemfile(line)
@@ -7,32 +7,36 @@ module LicenseFinder
7
7
 
8
8
  Error = Class.new(StandardError)
9
9
 
10
- autoload :Bundle, 'license_finder/bundle'
11
- autoload :PackageSaver, 'license_finder/package_saver'
12
- autoload :Bower, 'license_finder/bower'
13
10
  autoload :CLI, 'license_finder/cli'
14
- autoload :Configuration, 'license_finder/configuration'
15
11
  autoload :DependencyManager, 'license_finder/dependency_manager'
12
+ autoload :PackageSaver, 'license_finder/package_saver'
16
13
  autoload :License, 'license_finder/license'
17
14
  autoload :LicenseUrl, 'license_finder/license_url'
15
+ autoload :PossibleLicenseFile, 'license_finder/possible_license_file'
16
+ autoload :PossibleLicenseFiles, 'license_finder/possible_license_files'
17
+ autoload :Configuration, 'license_finder/configuration'
18
+ autoload :Platform, 'license_finder/platform'
19
+
20
+ autoload :Bower, 'license_finder/bower'
21
+ autoload :Bundler, 'license_finder/bundler'
18
22
  autoload :NPM, 'license_finder/npm'
19
23
  autoload :Pip, 'license_finder/pip'
20
24
  autoload :Package, 'license_finder/package'
21
- autoload :Platform, 'license_finder/platform'
22
- autoload :PossibleLicenseFile, 'license_finder/possible_license_file'
23
- autoload :PossibleLicenseFiles, 'license_finder/possible_license_files'
24
- autoload :YmlToSql, 'license_finder/yml_to_sql'
25
+ autoload :BowerPackage, 'license_finder/bower_package'
26
+ autoload :BundlerPackage, 'license_finder/bundler_package'
27
+ autoload :PipPackage, 'license_finder/pip_package'
28
+ autoload :NpmPackage, 'license_finder/npm_package'
25
29
 
26
- autoload :Approval, 'license_finder/tables/approval'
27
- autoload :BundlerGroup, 'license_finder/tables/bundler_group'
28
- autoload :Dependency, 'license_finder/tables/dependency'
29
- autoload :LicenseAlias, 'license_finder/tables/license_alias'
30
+ autoload :BundlerGroup, 'license_finder/tables/bundler_group'
31
+ autoload :Dependency, 'license_finder/tables/dependency'
32
+ autoload :LicenseAlias, 'license_finder/tables/license_alias'
33
+ autoload :YmlToSql, 'license_finder/yml_to_sql'
30
34
 
31
- autoload :DependencyReport, 'license_finder/reports/dependency_report'
32
- autoload :HtmlReport, 'license_finder/reports/html_report'
33
- autoload :MarkdownReport, 'license_finder/reports/markdown_report'
34
- autoload :Reporter, 'license_finder/reports/reporter'
35
- autoload :TextReport, 'license_finder/reports/text_report'
35
+ autoload :DependencyReport, 'license_finder/reports/dependency_report'
36
+ autoload :HtmlReport, 'license_finder/reports/html_report'
37
+ autoload :MarkdownReport, 'license_finder/reports/markdown_report'
38
+ autoload :Reporter, 'license_finder/reports/reporter'
39
+ autoload :TextReport, 'license_finder/reports/text_report'
36
40
  autoload :DetailedTextReport, 'license_finder/reports/detailed_text_report'
37
41
 
38
42
  def self.config
@@ -1,32 +1,19 @@
1
1
  require 'json'
2
- require 'license_finder/package'
3
2
 
4
3
  module LicenseFinder
5
4
  class Bower
6
5
 
7
6
  def self.current_packages
8
- return @packages if @packages
9
-
10
7
  output = `bower list --json`
11
8
 
12
9
  json = JSON(output)
13
10
 
14
- @packages = json.fetch("dependencies",[]).map do |package|
15
- package = package[1]
16
- pkg_meta = package.fetch("pkgMeta", Hash.new)
17
-
18
- Package.new(OpenStruct.new(
19
- :name => pkg_meta.fetch("name", nil),
20
- :version => pkg_meta.fetch("version", nil),
21
- :full_gem_path => package.fetch("canonicalDir", nil),
22
- :license => self.harvest_license(pkg_meta),
23
- :summary => pkg_meta.fetch("description", nil),
24
- :description => pkg_meta.fetch("readme", nil)
25
- ))
11
+ json.fetch("dependencies",[]).map do |package|
12
+ BowerPackage.new(package[1])
26
13
  end
27
14
  end
28
15
 
29
- def self.has_package_file?
16
+ def self.active?
30
17
  File.exists?(package_path)
31
18
  end
32
19
 
@@ -35,23 +22,5 @@ module LicenseFinder
35
22
  def self.package_path
36
23
  Pathname.new('bower.json').expand_path
37
24
  end
38
-
39
- def self.harvest_license(package)
40
- license = package.fetch("licenses", []).first
41
-
42
- if license.is_a? Hash
43
- license = license.fetch("type", nil)
44
- end
45
-
46
- if license.nil?
47
- license = package.fetch("license", nil)
48
-
49
- if license.is_a? Hash
50
- license = license.fetch("type", nil)
51
- end
52
- end
53
-
54
- license
55
- end
56
25
  end
57
26
  end
@@ -0,0 +1,63 @@
1
+ module LicenseFinder
2
+ class BowerPackage < Package
3
+ def initialize(bower_module)
4
+ @bower_module = bower_module
5
+ @module_metadata = bower_module.fetch("pkgMeta", Hash.new)
6
+ end
7
+
8
+ def name
9
+ module_metadata.fetch("name", nil)
10
+ end
11
+
12
+ def version
13
+ module_metadata.fetch("version", nil)
14
+ end
15
+
16
+ def summary
17
+ module_metadata.fetch("description", nil)
18
+ end
19
+
20
+ def description
21
+ module_metadata.fetch("readme", nil)
22
+ end
23
+
24
+ def children
25
+ [] # no way to determine child deps from bower (maybe?)
26
+ end
27
+
28
+ def groups
29
+ [] # no concept of dev/test groups in bower (maybe?)
30
+ end
31
+
32
+ def homepage
33
+ nil # no way to extract homepage from bower (maybe?)
34
+ end
35
+
36
+ private
37
+
38
+ attr_reader :bower_module
39
+ attr_reader :module_metadata
40
+
41
+ def install_path
42
+ bower_module.fetch("canonicalDir", nil)
43
+ end
44
+
45
+ def license_from_spec
46
+ license = module_metadata.fetch("licenses", []).first
47
+
48
+ if license.is_a? Hash
49
+ license = license.fetch("type", nil)
50
+ end
51
+
52
+ if license.nil?
53
+ license = module_metadata.fetch("license", nil)
54
+
55
+ if license.is_a? Hash
56
+ license = license.fetch("type", nil)
57
+ end
58
+ end
59
+
60
+ license
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,73 @@
1
+ require "bundler"
2
+
3
+ module LicenseFinder
4
+ class Bundler
5
+ attr_writer :ignore_groups
6
+
7
+ class << self
8
+ def current_packages(config = LicenseFinder.config, bundler_definition=nil)
9
+ new(config, bundler_definition).packages
10
+ end
11
+
12
+ def active?
13
+ File.exists?(gemfile_path)
14
+ end
15
+
16
+ def gemfile_path
17
+ Pathname.new("Gemfile").expand_path
18
+ end
19
+ end
20
+
21
+ def initialize(config, bundler_definition=nil)
22
+ @definition = bundler_definition || ::Bundler::Definition.build(self.class.gemfile_path, lockfile_path, nil)
23
+ @config = config
24
+ end
25
+
26
+ def packages
27
+ return @packages if @packages
28
+
29
+ top_level_gems = Set.new
30
+
31
+ @packages ||= definition.specs_for(included_groups).map do |gem_def|
32
+ bundler_def = bundler_defs.detect { |bundler_def| bundler_def.name == gem_def.name }
33
+
34
+ top_level_gems << format_name(gem_def)
35
+
36
+ BundlerPackage.new(gem_def, bundler_def)
37
+ end
38
+
39
+ @packages.each do |gem|
40
+ gem.children = children_for(gem, top_level_gems)
41
+ end
42
+
43
+ @packages
44
+ end
45
+
46
+ private
47
+ attr_reader :definition
48
+
49
+ def ignore_groups
50
+ @ignore_groups ||= @config.ignore_groups
51
+ end
52
+
53
+ def bundler_defs
54
+ @bundler_defs ||= definition.dependencies
55
+ end
56
+
57
+ def included_groups
58
+ definition.groups - ignore_groups.map(&:to_sym)
59
+ end
60
+
61
+ def lockfile_path
62
+ self.class.gemfile_path.dirname.join('Gemfile.lock')
63
+ end
64
+
65
+ def children_for(gem, top_level_gems)
66
+ gem.gem_def.dependencies.map(&:name).select { |name| top_level_gems.include? name }
67
+ end
68
+
69
+ def format_name(gem)
70
+ gem.name.split(" ")[0]
71
+ end
72
+ end
73
+ end