license_finder 0.9.4-java → 0.9.5-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +0 -7
- data/.travis.yml +1 -3
- data/CHANGELOG.rdoc +13 -0
- data/db/migrate/201307251004_data_fix_manual_licenses.rb +2 -2
- data/db/migrate/201307251107_reassociate_license.rb +18 -18
- data/db/migrate/201311192002_add_manually_approved_to_dependencies.rb +7 -0
- data/db/migrate/201311192003_reassociate_manual_approval.rb +14 -0
- data/db/migrate/201311192010_drop_approvals.rb +5 -0
- data/features/cli.feature +1 -1
- data/features/html_report.feature +1 -1
- data/features/{non_bundler_dependencies.feature → manually_managed_dependencies.feature} +6 -6
- data/features/step_definitions/html_report_steps.rb +2 -9
- data/features/step_definitions/{non_bundler_steps.rb → manually_managed_steps.rb} +0 -0
- data/features/step_definitions/shared_steps.rb +4 -8
- data/lib/license_finder.rb +21 -17
- data/lib/license_finder/bower.rb +3 -34
- data/lib/license_finder/bower_package.rb +63 -0
- data/lib/license_finder/bundler.rb +73 -0
- data/lib/license_finder/bundler_package.rb +33 -0
- data/lib/license_finder/cli.rb +33 -35
- data/lib/license_finder/dependency_manager.rb +14 -23
- data/lib/license_finder/license/apache2.rb +1 -1
- data/lib/license_finder/license/lgpl.rb +1 -0
- data/lib/license_finder/npm.rb +22 -39
- data/lib/license_finder/npm_package.rb +61 -0
- data/lib/license_finder/package.rb +14 -80
- data/lib/license_finder/package_saver.rb +13 -75
- data/lib/license_finder/pip.rb +21 -33
- data/lib/license_finder/pip_package.rb +51 -0
- data/lib/license_finder/platform.rb +3 -15
- data/lib/license_finder/possible_license_file.rb +0 -4
- data/lib/license_finder/possible_license_files.rb +4 -0
- data/lib/license_finder/tables.rb +2 -2
- data/lib/license_finder/tables/bundler_group.rb +3 -0
- data/lib/license_finder/tables/dependency.rb +43 -18
- data/lib/license_finder/tables/license_alias.rb +4 -0
- data/lib/license_finder/yml_to_sql.rb +22 -30
- data/license_finder.gemspec +3 -3
- data/readme.md +5 -5
- data/spec/lib/license_finder/bower_package_spec.rb +56 -0
- data/spec/lib/license_finder/bower_spec.rb +3 -24
- data/spec/lib/license_finder/bundler_package_spec.rb +62 -0
- data/spec/lib/license_finder/{bundle_spec.rb → bundler_spec.rb} +7 -7
- data/spec/lib/license_finder/cli_spec.rb +6 -6
- data/spec/lib/license_finder/dependency_manager_spec.rb +14 -15
- data/spec/lib/license_finder/html_report_spec.rb +2 -3
- data/spec/lib/license_finder/markdown_report_spec.rb +4 -4
- data/spec/lib/license_finder/npm_package_spec.rb +51 -0
- data/spec/lib/license_finder/npm_spec.rb +25 -25
- data/spec/lib/license_finder/package_saver_spec.rb +50 -190
- data/spec/lib/license_finder/pip_package_spec.rb +74 -0
- data/spec/lib/license_finder/pip_spec.rb +33 -55
- data/spec/lib/license_finder/tables/dependency_spec.rb +83 -32
- data/spec/lib/license_finder/yml_to_sql_spec.rb +5 -12
- data/spec/spec_helper.rb +22 -2
- metadata +30 -18
- data/lib/license_finder/bundle.rb +0 -74
- data/lib/license_finder/tables/approval.rb +0 -4
- data/spec/lib/license_finder/package_spec.rb +0 -98
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2fc021f01e351fbaa511505a7de20f17ee80eb25
|
4
|
+
data.tar.gz: 890c908fb9b6178515cd2aa64c6f65974f65ea3c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0c2a997be219162ec593663a6e5fb926f2c95200c93930cc2b56b9017f9a2457fedef3c872426666d0eec6b8085e728aa087d61f170bfe84b9d8fa17feed4c3f
|
7
|
+
data.tar.gz: 1ab32e4d30df726be733700f01a4ba5b735430f6961c4bef9891f6b8c9e41fec0b9fc3c5fa34e726188882e87efaad5d4610637345f9533c9c28c1e431226ca2
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
=== 0.9.5 / 2014-01-30
|
2
|
+
|
3
|
+
* Features
|
4
|
+
|
5
|
+
* Add more aliases for known licenses
|
6
|
+
* Drop support for ruby 1.9.2
|
7
|
+
* Large refactoring to simply things, and make it easier to add new package managers
|
8
|
+
|
9
|
+
* Bugfixes
|
10
|
+
|
11
|
+
* Make node dependency json parsing more robust
|
12
|
+
* Clean up directories created during test runs
|
13
|
+
|
1
14
|
=== 0.9.4 / 2014-01-05
|
2
15
|
|
3
16
|
* Features
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Sequel.migration do
|
2
2
|
up do
|
3
|
-
|
3
|
+
LicenseFinder::DB << <<-SQL
|
4
4
|
UPDATE dependencies
|
5
5
|
SET license_manual = 1
|
6
6
|
WHERE id
|
@@ -10,6 +10,6 @@ IN
|
|
10
10
|
INNER JOIN license_aliases l
|
11
11
|
ON d.license_id = l.id
|
12
12
|
WHERE l.manual = 1)
|
13
|
-
|
13
|
+
SQL
|
14
14
|
end
|
15
15
|
end
|
@@ -1,23 +1,23 @@
|
|
1
1
|
Sequel.migration do
|
2
2
|
up do
|
3
|
-
|
4
|
-
UPDATE dependencies
|
5
|
-
SET license_id =
|
6
|
-
(SELECT la.id
|
7
|
-
FROM
|
8
|
-
|
9
|
-
|
10
|
-
WHERE
|
11
|
-
|
12
|
-
|
13
|
-
LIMIT 1)
|
14
|
-
|
3
|
+
LicenseFinder::DB << <<-SQL
|
4
|
+
UPDATE dependencies
|
5
|
+
SET license_id =
|
6
|
+
(SELECT la.id
|
7
|
+
FROM
|
8
|
+
license_aliases la,
|
9
|
+
license_aliases la_orig
|
10
|
+
WHERE
|
11
|
+
la.name = la_orig.name AND
|
12
|
+
la_orig.id = license_id
|
13
|
+
LIMIT 1)
|
14
|
+
SQL
|
15
15
|
|
16
|
-
|
17
|
-
DELETE
|
18
|
-
FROM license_aliases
|
19
|
-
WHERE
|
20
|
-
id NOT IN (SELECT license_id FROM dependencies)
|
21
|
-
|
16
|
+
LicenseFinder::DB << <<-SQL
|
17
|
+
DELETE
|
18
|
+
FROM license_aliases
|
19
|
+
WHERE
|
20
|
+
id NOT IN (SELECT license_id FROM dependencies)
|
21
|
+
SQL
|
22
22
|
end
|
23
23
|
end
|
data/features/cli.feature
CHANGED
@@ -16,7 +16,7 @@ Feature: License Finder command line executable
|
|
16
16
|
|
17
17
|
Scenario: Auditing an application with whitelisted licenses
|
18
18
|
Given I have an app with license finder that depends on a MIT licensed gem
|
19
|
-
When I whitelist MIT
|
19
|
+
When I whitelist MIT, New BSD, Apache 2.0, Ruby, and other licenses
|
20
20
|
Then it should exit with status code 0
|
21
21
|
And I should see all dependencies approved for use
|
22
22
|
|
@@ -20,5 +20,5 @@ Feature: HTML Report
|
|
20
20
|
|
21
21
|
Scenario: Dependency summary
|
22
22
|
And my app depends on MIT and GPL licensed gems
|
23
|
-
When I whitelist MIT
|
23
|
+
When I whitelist MIT, New BSD, Apache 2.0, Ruby, and other licenses
|
24
24
|
Then I should see only see GPL liceneses as unapproved in the html
|
@@ -1,19 +1,19 @@
|
|
1
|
-
Feature: Tracking
|
2
|
-
So that I can track
|
1
|
+
Feature: Tracking Unmanaged Dependencies
|
2
|
+
So that I can track dependencies not managed by Bundler, NPM, etc.
|
3
3
|
As an application developer using license finder
|
4
|
-
I want to be able to manually
|
4
|
+
I want to be able to manually track unmanaged dependencies
|
5
5
|
|
6
|
-
Scenario: Adding a
|
6
|
+
Scenario: Adding a manually managed dependency
|
7
7
|
Given I have an app with license finder
|
8
8
|
When I add my JS dependency
|
9
9
|
Then I should see the JS dependency in the console output
|
10
10
|
|
11
|
-
Scenario: Auto approving a
|
11
|
+
Scenario: Auto approving a manually managed dependency I add
|
12
12
|
Given I have an app with license finder
|
13
13
|
When I add my JS dependency with an approval flag
|
14
14
|
Then I should not see the JS dependency in the console output since it is approved
|
15
15
|
|
16
|
-
Scenario: Removing a
|
16
|
+
Scenario: Removing a manually managed dependency
|
17
17
|
Given I have an app with license finder and a JS dependency
|
18
18
|
When I remove my JS dependency
|
19
19
|
Then I should not see the JS dependency in the console output
|
@@ -49,16 +49,9 @@ end
|
|
49
49
|
Then(/^I should see only see GPL liceneses as unapproved in the html$/) do
|
50
50
|
html = File.read(@user.dependencies_html_path)
|
51
51
|
page = Capybara.string(html)
|
52
|
-
page.should have_content '12 total'
|
53
|
-
page.should have_content '1 unapproved'
|
54
52
|
page.should have_content '1 GPL'
|
55
|
-
page.
|
56
|
-
|
57
|
-
page.should have_content '9 MIT'
|
58
|
-
page.should have_content '1 Apache 2.0'
|
59
|
-
else
|
60
|
-
page.should have_content '10 MIT'
|
61
|
-
end
|
53
|
+
action_items = page.find('.action-items')
|
54
|
+
action_items.should have_content '(GPL)'
|
62
55
|
end
|
63
56
|
|
64
57
|
def is_html_status?(gem, approval)
|
File without changes
|
@@ -14,8 +14,8 @@ When(/^I run license_finder$/) do
|
|
14
14
|
@output = @user.execute_command "license_finder --quiet"
|
15
15
|
end
|
16
16
|
|
17
|
-
When(/^I whitelist MIT
|
18
|
-
@user.configure_license_finder_whitelist ["MIT","other","New BSD","Apache 2.0"]
|
17
|
+
When(/^I whitelist MIT, New BSD, Apache 2.0, Ruby, and other licenses$/) do
|
18
|
+
@user.configure_license_finder_whitelist ["MIT","other","New BSD","Apache 2.0","Ruby"]
|
19
19
|
@output = @user.execute_command "license_finder --quiet"
|
20
20
|
end
|
21
21
|
|
@@ -139,7 +139,7 @@ module DSL
|
|
139
139
|
end
|
140
140
|
|
141
141
|
def execute_command(command)
|
142
|
-
Bundler.with_clean_env do
|
142
|
+
::Bundler.with_clean_env do
|
143
143
|
@output = `cd #{app_path} && bundle exec #{command}`
|
144
144
|
end
|
145
145
|
|
@@ -192,7 +192,7 @@ module DSL
|
|
192
192
|
end
|
193
193
|
|
194
194
|
def bundle_app
|
195
|
-
Bundler.with_clean_env do
|
195
|
+
::Bundler.with_clean_env do
|
196
196
|
`bundle install --gemfile=#{File.join(app_path, "Gemfile")} --path=#{bundle_path}`
|
197
197
|
end
|
198
198
|
end
|
@@ -210,10 +210,6 @@ module DSL
|
|
210
210
|
File.open(dependencies_file_path, 'w+') { |f| yield f }
|
211
211
|
end
|
212
212
|
|
213
|
-
def jruby?
|
214
|
-
`ruby -v`.match /^jruby/
|
215
|
-
end
|
216
|
-
|
217
213
|
private
|
218
214
|
|
219
215
|
def add_to_gemfile(line)
|
data/lib/license_finder.rb
CHANGED
@@ -7,32 +7,36 @@ module LicenseFinder
|
|
7
7
|
|
8
8
|
Error = Class.new(StandardError)
|
9
9
|
|
10
|
-
autoload :Bundle, 'license_finder/bundle'
|
11
|
-
autoload :PackageSaver, 'license_finder/package_saver'
|
12
|
-
autoload :Bower, 'license_finder/bower'
|
13
10
|
autoload :CLI, 'license_finder/cli'
|
14
|
-
autoload :Configuration, 'license_finder/configuration'
|
15
11
|
autoload :DependencyManager, 'license_finder/dependency_manager'
|
12
|
+
autoload :PackageSaver, 'license_finder/package_saver'
|
16
13
|
autoload :License, 'license_finder/license'
|
17
14
|
autoload :LicenseUrl, 'license_finder/license_url'
|
15
|
+
autoload :PossibleLicenseFile, 'license_finder/possible_license_file'
|
16
|
+
autoload :PossibleLicenseFiles, 'license_finder/possible_license_files'
|
17
|
+
autoload :Configuration, 'license_finder/configuration'
|
18
|
+
autoload :Platform, 'license_finder/platform'
|
19
|
+
|
20
|
+
autoload :Bower, 'license_finder/bower'
|
21
|
+
autoload :Bundler, 'license_finder/bundler'
|
18
22
|
autoload :NPM, 'license_finder/npm'
|
19
23
|
autoload :Pip, 'license_finder/pip'
|
20
24
|
autoload :Package, 'license_finder/package'
|
21
|
-
autoload :
|
22
|
-
autoload :
|
23
|
-
autoload :
|
24
|
-
autoload :
|
25
|
+
autoload :BowerPackage, 'license_finder/bower_package'
|
26
|
+
autoload :BundlerPackage, 'license_finder/bundler_package'
|
27
|
+
autoload :PipPackage, 'license_finder/pip_package'
|
28
|
+
autoload :NpmPackage, 'license_finder/npm_package'
|
25
29
|
|
26
|
-
autoload :
|
27
|
-
autoload :
|
28
|
-
autoload :
|
29
|
-
autoload :
|
30
|
+
autoload :BundlerGroup, 'license_finder/tables/bundler_group'
|
31
|
+
autoload :Dependency, 'license_finder/tables/dependency'
|
32
|
+
autoload :LicenseAlias, 'license_finder/tables/license_alias'
|
33
|
+
autoload :YmlToSql, 'license_finder/yml_to_sql'
|
30
34
|
|
31
|
-
autoload :DependencyReport,
|
32
|
-
autoload :HtmlReport,
|
33
|
-
autoload :MarkdownReport,
|
34
|
-
autoload :Reporter,
|
35
|
-
autoload :TextReport,
|
35
|
+
autoload :DependencyReport, 'license_finder/reports/dependency_report'
|
36
|
+
autoload :HtmlReport, 'license_finder/reports/html_report'
|
37
|
+
autoload :MarkdownReport, 'license_finder/reports/markdown_report'
|
38
|
+
autoload :Reporter, 'license_finder/reports/reporter'
|
39
|
+
autoload :TextReport, 'license_finder/reports/text_report'
|
36
40
|
autoload :DetailedTextReport, 'license_finder/reports/detailed_text_report'
|
37
41
|
|
38
42
|
def self.config
|
data/lib/license_finder/bower.rb
CHANGED
@@ -1,32 +1,19 @@
|
|
1
1
|
require 'json'
|
2
|
-
require 'license_finder/package'
|
3
2
|
|
4
3
|
module LicenseFinder
|
5
4
|
class Bower
|
6
5
|
|
7
6
|
def self.current_packages
|
8
|
-
return @packages if @packages
|
9
|
-
|
10
7
|
output = `bower list --json`
|
11
8
|
|
12
9
|
json = JSON(output)
|
13
10
|
|
14
|
-
|
15
|
-
package
|
16
|
-
pkg_meta = package.fetch("pkgMeta", Hash.new)
|
17
|
-
|
18
|
-
Package.new(OpenStruct.new(
|
19
|
-
:name => pkg_meta.fetch("name", nil),
|
20
|
-
:version => pkg_meta.fetch("version", nil),
|
21
|
-
:full_gem_path => package.fetch("canonicalDir", nil),
|
22
|
-
:license => self.harvest_license(pkg_meta),
|
23
|
-
:summary => pkg_meta.fetch("description", nil),
|
24
|
-
:description => pkg_meta.fetch("readme", nil)
|
25
|
-
))
|
11
|
+
json.fetch("dependencies",[]).map do |package|
|
12
|
+
BowerPackage.new(package[1])
|
26
13
|
end
|
27
14
|
end
|
28
15
|
|
29
|
-
def self.
|
16
|
+
def self.active?
|
30
17
|
File.exists?(package_path)
|
31
18
|
end
|
32
19
|
|
@@ -35,23 +22,5 @@ module LicenseFinder
|
|
35
22
|
def self.package_path
|
36
23
|
Pathname.new('bower.json').expand_path
|
37
24
|
end
|
38
|
-
|
39
|
-
def self.harvest_license(package)
|
40
|
-
license = package.fetch("licenses", []).first
|
41
|
-
|
42
|
-
if license.is_a? Hash
|
43
|
-
license = license.fetch("type", nil)
|
44
|
-
end
|
45
|
-
|
46
|
-
if license.nil?
|
47
|
-
license = package.fetch("license", nil)
|
48
|
-
|
49
|
-
if license.is_a? Hash
|
50
|
-
license = license.fetch("type", nil)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
license
|
55
|
-
end
|
56
25
|
end
|
57
26
|
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
module LicenseFinder
|
2
|
+
class BowerPackage < Package
|
3
|
+
def initialize(bower_module)
|
4
|
+
@bower_module = bower_module
|
5
|
+
@module_metadata = bower_module.fetch("pkgMeta", Hash.new)
|
6
|
+
end
|
7
|
+
|
8
|
+
def name
|
9
|
+
module_metadata.fetch("name", nil)
|
10
|
+
end
|
11
|
+
|
12
|
+
def version
|
13
|
+
module_metadata.fetch("version", nil)
|
14
|
+
end
|
15
|
+
|
16
|
+
def summary
|
17
|
+
module_metadata.fetch("description", nil)
|
18
|
+
end
|
19
|
+
|
20
|
+
def description
|
21
|
+
module_metadata.fetch("readme", nil)
|
22
|
+
end
|
23
|
+
|
24
|
+
def children
|
25
|
+
[] # no way to determine child deps from bower (maybe?)
|
26
|
+
end
|
27
|
+
|
28
|
+
def groups
|
29
|
+
[] # no concept of dev/test groups in bower (maybe?)
|
30
|
+
end
|
31
|
+
|
32
|
+
def homepage
|
33
|
+
nil # no way to extract homepage from bower (maybe?)
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
|
38
|
+
attr_reader :bower_module
|
39
|
+
attr_reader :module_metadata
|
40
|
+
|
41
|
+
def install_path
|
42
|
+
bower_module.fetch("canonicalDir", nil)
|
43
|
+
end
|
44
|
+
|
45
|
+
def license_from_spec
|
46
|
+
license = module_metadata.fetch("licenses", []).first
|
47
|
+
|
48
|
+
if license.is_a? Hash
|
49
|
+
license = license.fetch("type", nil)
|
50
|
+
end
|
51
|
+
|
52
|
+
if license.nil?
|
53
|
+
license = module_metadata.fetch("license", nil)
|
54
|
+
|
55
|
+
if license.is_a? Hash
|
56
|
+
license = license.fetch("type", nil)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
license
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
require "bundler"
|
2
|
+
|
3
|
+
module LicenseFinder
|
4
|
+
class Bundler
|
5
|
+
attr_writer :ignore_groups
|
6
|
+
|
7
|
+
class << self
|
8
|
+
def current_packages(config = LicenseFinder.config, bundler_definition=nil)
|
9
|
+
new(config, bundler_definition).packages
|
10
|
+
end
|
11
|
+
|
12
|
+
def active?
|
13
|
+
File.exists?(gemfile_path)
|
14
|
+
end
|
15
|
+
|
16
|
+
def gemfile_path
|
17
|
+
Pathname.new("Gemfile").expand_path
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def initialize(config, bundler_definition=nil)
|
22
|
+
@definition = bundler_definition || ::Bundler::Definition.build(self.class.gemfile_path, lockfile_path, nil)
|
23
|
+
@config = config
|
24
|
+
end
|
25
|
+
|
26
|
+
def packages
|
27
|
+
return @packages if @packages
|
28
|
+
|
29
|
+
top_level_gems = Set.new
|
30
|
+
|
31
|
+
@packages ||= definition.specs_for(included_groups).map do |gem_def|
|
32
|
+
bundler_def = bundler_defs.detect { |bundler_def| bundler_def.name == gem_def.name }
|
33
|
+
|
34
|
+
top_level_gems << format_name(gem_def)
|
35
|
+
|
36
|
+
BundlerPackage.new(gem_def, bundler_def)
|
37
|
+
end
|
38
|
+
|
39
|
+
@packages.each do |gem|
|
40
|
+
gem.children = children_for(gem, top_level_gems)
|
41
|
+
end
|
42
|
+
|
43
|
+
@packages
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
attr_reader :definition
|
48
|
+
|
49
|
+
def ignore_groups
|
50
|
+
@ignore_groups ||= @config.ignore_groups
|
51
|
+
end
|
52
|
+
|
53
|
+
def bundler_defs
|
54
|
+
@bundler_defs ||= definition.dependencies
|
55
|
+
end
|
56
|
+
|
57
|
+
def included_groups
|
58
|
+
definition.groups - ignore_groups.map(&:to_sym)
|
59
|
+
end
|
60
|
+
|
61
|
+
def lockfile_path
|
62
|
+
self.class.gemfile_path.dirname.join('Gemfile.lock')
|
63
|
+
end
|
64
|
+
|
65
|
+
def children_for(gem, top_level_gems)
|
66
|
+
gem.gem_def.dependencies.map(&:name).select { |name| top_level_gems.include? name }
|
67
|
+
end
|
68
|
+
|
69
|
+
def format_name(gem)
|
70
|
+
gem.name.split(" ")[0]
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|