license_finder 1.1.1-java → 1.2-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (94) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +2 -2
  3. data/CHANGELOG.rdoc +10 -0
  4. data/Gemfile +1 -1
  5. data/README.md +363 -0
  6. data/Rakefile +30 -1
  7. data/TODO.md +28 -0
  8. data/bin/license_finder_pip.py +18 -0
  9. data/db/migrate/201410031451_rename_dependency_license_name.rb +6 -0
  10. data/features/multiple_licenses.feature +9 -0
  11. data/features/step_definitions/cli_steps.rb +9 -9
  12. data/features/step_definitions/cocoapod_steps.rb +1 -1
  13. data/features/step_definitions/configure_bundler_groups_steps.rb +3 -3
  14. data/features/step_definitions/configure_whitelist_steps.rb +4 -4
  15. data/features/step_definitions/gradle_steps.rb +1 -1
  16. data/features/step_definitions/manually_added_steps.rb +3 -3
  17. data/features/step_definitions/manually_approved_steps.rb +5 -5
  18. data/features/step_definitions/manually_assigned_license_steps.rb +4 -4
  19. data/features/step_definitions/maven_steps.rb +1 -1
  20. data/features/step_definitions/multiple_licenses_steps.rb +14 -0
  21. data/features/step_definitions/node_steps.rb +1 -1
  22. data/features/step_definitions/python_steps.rb +1 -1
  23. data/features/step_definitions/report_csv_steps.rb +3 -3
  24. data/features/step_definitions/report_html_steps.rb +5 -5
  25. data/features/step_definitions/shared_steps.rb +23 -6
  26. data/lib/license_finder.rb +3 -0
  27. data/lib/license_finder/cli.rb +13 -34
  28. data/lib/license_finder/configuration.rb +8 -4
  29. data/lib/license_finder/dependency_manager.rb +25 -15
  30. data/lib/license_finder/license.rb +8 -0
  31. data/lib/license_finder/logger.rb +59 -0
  32. data/lib/license_finder/package.rb +37 -30
  33. data/lib/license_finder/package_manager.rb +20 -0
  34. data/lib/license_finder/package_managers/bower.rb +4 -9
  35. data/lib/license_finder/package_managers/bower_package.rb +2 -1
  36. data/lib/license_finder/package_managers/bundler.rb +26 -41
  37. data/lib/license_finder/package_managers/bundler_package.rb +6 -3
  38. data/lib/license_finder/package_managers/cocoa_pods.rb +18 -10
  39. data/lib/license_finder/package_managers/cocoa_pods_package.rb +4 -3
  40. data/lib/license_finder/package_managers/gradle.rb +7 -11
  41. data/lib/license_finder/package_managers/gradle_package.rb +2 -7
  42. data/lib/license_finder/package_managers/maven.rb +5 -9
  43. data/lib/license_finder/package_managers/maven_package.rb +4 -8
  44. data/lib/license_finder/package_managers/npm.rb +6 -10
  45. data/lib/license_finder/package_managers/npm_package.rb +2 -1
  46. data/lib/license_finder/package_managers/pip.rb +11 -24
  47. data/lib/license_finder/package_managers/pip_package.rb +2 -1
  48. data/lib/license_finder/package_saver.rb +2 -2
  49. data/lib/license_finder/platform.rb +4 -0
  50. data/lib/license_finder/possible_license_file.rb +4 -0
  51. data/lib/license_finder/possible_license_files.rb +2 -1
  52. data/lib/license_finder/reports/detailed_text_report.rb +1 -1
  53. data/lib/license_finder/reports/formatted_report.rb +1 -1
  54. data/lib/license_finder/tables/dependency.rb +22 -12
  55. data/lib/license_finder/yml_to_sql.rb +1 -1
  56. data/lib/templates/html_report.erb +4 -4
  57. data/lib/templates/markdown_report.erb +4 -4
  58. data/lib/templates/text_report.erb +1 -1
  59. data/license_finder.gemspec +28 -12
  60. data/spec/lib/license_finder/cli_spec.rb +193 -185
  61. data/spec/lib/license_finder/configuration_spec.rb +46 -47
  62. data/spec/lib/license_finder/dependency_manager_spec.rb +48 -44
  63. data/spec/lib/license_finder/license/definitions_spec.rb +26 -26
  64. data/spec/lib/license_finder/license_spec.rb +25 -25
  65. data/spec/lib/license_finder/package_managers/bower_package_spec.rb +33 -17
  66. data/spec/lib/license_finder/package_managers/bower_spec.rb +35 -35
  67. data/spec/lib/license_finder/package_managers/bundler_package_spec.rb +20 -15
  68. data/spec/lib/license_finder/package_managers/bundler_spec.rb +12 -19
  69. data/spec/lib/license_finder/package_managers/cocoa_pods_package_spec.rb +8 -5
  70. data/spec/lib/license_finder/package_managers/cocoa_pods_spec.rb +20 -22
  71. data/spec/lib/license_finder/package_managers/gradle_package_spec.rb +8 -5
  72. data/spec/lib/license_finder/package_managers/gradle_spec.rb +20 -20
  73. data/spec/lib/license_finder/package_managers/maven_package_spec.rb +8 -5
  74. data/spec/lib/license_finder/package_managers/maven_spec.rb +18 -18
  75. data/spec/lib/license_finder/package_managers/npm_package_spec.rb +36 -17
  76. data/spec/lib/license_finder/package_managers/npm_spec.rb +17 -17
  77. data/spec/lib/license_finder/package_managers/pip_package_spec.rb +16 -10
  78. data/spec/lib/license_finder/package_managers/pip_spec.rb +21 -18
  79. data/spec/lib/license_finder/package_saver_spec.rb +15 -25
  80. data/spec/lib/license_finder/possible_license_file_spec.rb +5 -4
  81. data/spec/lib/license_finder/possible_license_files_spec.rb +11 -5
  82. data/spec/lib/license_finder/reports/detailed_text_report_spec.rb +3 -3
  83. data/spec/lib/license_finder/reports/html_report_spec.rb +23 -23
  84. data/spec/lib/license_finder/reports/markdown_report_spec.rb +12 -12
  85. data/spec/lib/license_finder/reports/reporter_spec.rb +11 -11
  86. data/spec/lib/license_finder/reports/text_report_spec.rb +3 -3
  87. data/spec/lib/license_finder/tables/dependency_spec.rb +59 -41
  88. data/spec/lib/license_finder/yml_to_sql_spec.rb +21 -21
  89. data/spec/lib/license_finder_spec.rb +1 -1
  90. data/spec/spec_helper.rb +0 -13
  91. data/spec/support/shared_examples_for_package.rb +46 -0
  92. data/spec/support/shared_examples_for_package_manager.rb +15 -0
  93. metadata +19 -100
  94. data/readme.md +0 -259
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5748734ffbeee366e0396f06f2560233e6c121b4
4
- data.tar.gz: 6896b31ebe755429dea0111105ec7ade8c05072e
3
+ metadata.gz: 25133c2e00fd276bf0231e3278dc5d6746d0dbfc
4
+ data.tar.gz: 1a41557a867f098913e932b318dc7328ca57a5d1
5
5
  SHA512:
6
- metadata.gz: c63f791ef6170d0b928a8ff909d3a32850bcf5e3687862160dd92ea5a7f2e59b5e9e90c2ec3dd9c5baa56b7e8969fdda83fc3b4cdd93ecc09e19dbfa1e77e6ed
7
- data.tar.gz: 90825a990cffb6b80bf4e4f4b61c3340fa27966580ccc6a33e91c8e72873d656d39b3dee0a9cd6d6caece82911f18febb6e7368b538873bc5b8eafff5753edd3
6
+ metadata.gz: 68ed62fa7d61804c9f120ba1b0cf44ca74a2876c38ea99f38b493c1bece1887e11327c7ce8e814b4f02953c0c815f5845994a479c09e7d70febd87dab618c6bb
7
+ data.tar.gz: a3ee81f80e84b25152a95425893c242f177d1ab3c36a6a8fdcef4668928ea8c4071449bf22dcecb8fbf2e2cddd64ba8d6cddbcc5aaa643fcb52c03713ddc4893
data/.travis.yml CHANGED
@@ -12,7 +12,7 @@ matrix:
12
12
  - rvm: jruby-head
13
13
 
14
14
  env:
15
- - JAVA_OPTS='-client -XX:+TieredCompilation -XX:TieredStopAtLevel=1' JRUBY_OPTS='-J-Djruby.launch.inproc=true' PATH=$PATH:$HOME/gradle/bin
15
+ - PATH=$PATH:$HOME/gradle/bin
16
16
 
17
17
  notifications:
18
18
  email:
@@ -25,7 +25,7 @@ notifications:
25
25
  before_install:
26
26
  - cd /tmp
27
27
  - wget http://services.gradle.org/distributions/gradle-1.11-all.zip
28
- - unzip gradle*
28
+ - unzip -q gradle*
29
29
  - rm gradle*.zip
30
30
  - mv gradle* ~/gradle
31
31
  - cd -
data/CHANGELOG.rdoc CHANGED
@@ -1,3 +1,13 @@
1
+ === 1.2 / 2014-11-10
2
+
3
+ * Features
4
+
5
+ * Adding support for CocoaPods >= 0.34. (#118)
6
+ * For dependencies with multiple licenses, the name of each license is
7
+ listed, and if any are whitelisted, the dependency is whitelisted
8
+ * Added `--debug` option when scanning, to provide details on
9
+ packages, dependencies and where each license was discovered.
10
+
1
11
  === 1.1.1 / 2014-07-29
2
12
 
3
13
  * Bugfixes
data/Gemfile CHANGED
@@ -1,3 +1,3 @@
1
- source "http://rubygems.org"
1
+ source "https://rubygems.org"
2
2
 
3
3
  gemspec
data/README.md ADDED
@@ -0,0 +1,363 @@
1
+ # License Finder
2
+
3
+ [![Build Status](https://secure.travis-ci.org/pivotal/LicenseFinder.png)](http://travis-ci.org/pivotal/LicenseFinder)
4
+ [![Code Climate](https://codeclimate.com/github/pivotal/LicenseFinder.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
5
+
6
+ LicenseFinder works with your package managers to find dependencies,
7
+ detect the licenses of the packages in them, compare those licenses
8
+ against a user-defined whitelist, and give you an actionable exception
9
+ report.
10
+
11
+ * code: https://github.com/pivotal/LicenseFinder
12
+ * support:
13
+ * license-finder@googlegroups.com
14
+ * https://groups.google.com/forum/#!forum/license-finder
15
+ * backlog: https://www.pivotaltracker.com/s/projects/234851
16
+
17
+ ### Supported project types
18
+
19
+ * Ruby Gems (via `bundler`)
20
+ * Python Eggs (via `pip`)
21
+ * Node.js (via `npm`)
22
+ * Bower
23
+
24
+ ### Experimental project types
25
+
26
+ * Java (via `maven`)
27
+ * Java (via `gradle`)
28
+ * Objective-C (+ CocoaPods)
29
+
30
+
31
+ ## Installation
32
+
33
+ The easiest way to use `license_finder` is to install it as a command
34
+ line tool, like brew, awk, gem or bundler:
35
+
36
+ ```sh
37
+ $ gem install license_finder
38
+ ```
39
+
40
+ Though it's less preferable, if you are using bundler in a Ruby
41
+ project, you can add `license_finder` to your Gemfile:
42
+
43
+ ```ruby
44
+ gem 'license_finder', :group => :development
45
+ ```
46
+
47
+ This approach helps you remember to install `license_finder`, but can
48
+ pull in unwanted dependencies, including `bundler`. To mitigate this
49
+ problem, see ignored_groups in [Configuration](#configuration).
50
+
51
+
52
+ ## Usage
53
+
54
+ `license_finder` will generate reports of action items; i.e.,
55
+ dependencies that do not fall within your license "whitelist".
56
+
57
+ ```sh
58
+ $ license_finder
59
+ ```
60
+
61
+ Or, if you installed with bundler:
62
+
63
+ ```sh
64
+ $ bundle exec license_finder
65
+ ```
66
+
67
+ If you don't wish to see progressive output "dots", use the `--quiet`
68
+ option.
69
+
70
+ If you'd like to see debugging output, use the `--debug`
71
+ option. `license_finder` will then output info about packages, their
72
+ dependencies, and where and how each license was discovered. This can
73
+ be useful when you need to track down an unexpected package or
74
+ license.
75
+
76
+ Run `license_finder help` to see other available commands, and
77
+ `license_finder help [COMMAND]` for detailed help on a specific
78
+ command.
79
+
80
+
81
+ ### Activation
82
+
83
+ `license_finder` will find and include packages for all supported
84
+ languages, as long as that language has a package definition in the project directory:
85
+
86
+ * `Gemfile` (for `bundler`)
87
+ * `requirements.txt` (for `pip`)
88
+ * `package.json` (for `npm`)
89
+ * `pom.xml` (for `maven`)
90
+ * `build.gradle` (for `gradle`)
91
+ * `bower.json` (for `bower`)
92
+ * `Podfile` (for CocoaPods)
93
+
94
+
95
+ ### Continuous Integration
96
+
97
+ `license_finder` will also return a non-zero exit status if there are
98
+ unapproved dependencies. This can be useful for inclusion in a CI
99
+ environment to alert you if someone adds an unapproved dependency to
100
+ the project.
101
+
102
+
103
+ ## Output and Artifacts
104
+
105
+ ### STDOUT
106
+
107
+ On a Rails project, you could expect `license_finder` to output
108
+ something like the following (assuming you whitelisted the MIT license
109
+ -- see [Configuration](#configuration)):
110
+
111
+ ```
112
+ Dependencies that need approval:
113
+
114
+ highline, 1.6.14, ruby
115
+ json, 1.7.5, ruby
116
+ mime-types, 1.19, ruby
117
+ rails, 3.2.8, other
118
+ rdoc, 3.12, other
119
+ rubyzip, 0.9.9, ruby
120
+ xml-simple, 1.1.1, other
121
+ ```
122
+
123
+ ### Files and Reports
124
+
125
+ The executable task will also write out a `dependencies.db`,
126
+ `dependencies.csv`, and `dependencies.html` file (in the `doc/`
127
+ directory by default -- see [Configuration](#configuration)).
128
+
129
+ The latter two files are human-readable reports that you could send to
130
+ your non-technical business partners, lawyers, etc.
131
+
132
+ The HTML report generated by `license_finder` shows a summary of the
133
+ project's dependencies and dependencies which need to be approved. The
134
+ project name at the top of the report can be set in
135
+ `config/license_finder.yml`.
136
+
137
+
138
+ ## Manual Intervention
139
+
140
+ ### Setting Licenses
141
+
142
+ When `license_finder` reports that a dependency's license is 'other',
143
+ you should manually research what the actual license is. When you
144
+ have established the real license, you can record it with:
145
+
146
+ ```sh
147
+ $ license_finder license MIT my_unknown_dependency
148
+ ```
149
+
150
+ This command would assign the MIT license to the dependency
151
+ `my_unknown_dependency`.
152
+
153
+
154
+ ### Approving Dependencies
155
+
156
+ Whenever you have a dependency that falls outside of your whitelist,
157
+ `license_finder` will tell you. If your business decides that this is
158
+ an acceptable risk, you can manually approve the dependency by using
159
+ the `license_finder approve` command.
160
+
161
+ For example, let's assume you've only whitelisted the "MIT" license in
162
+ your `config/license_finder.yml`. You then add the `awesome_gpl_gem`
163
+ to your Gemfile, which we'll assume is licensed with the `GPL`
164
+ license. You then run `license_finder` and see the gem listed in the
165
+ output:
166
+
167
+ ```sh
168
+ awesome_gpl_gem, 1.0.0, GPL
169
+ ```
170
+
171
+ Your business tells you that in this case, it's acceptable to use this
172
+ gem. You now run:
173
+
174
+ ```sh
175
+ $ license_finder approve awesome_gpl_gem
176
+ ```
177
+
178
+ If you rerun `license_finder`, you should no longer see
179
+ `awesome_gpl_gem` in the output.
180
+
181
+ To record who approved the dependency and why:
182
+
183
+ ```sh
184
+ $ license_finder approve awesome_gpl_gem --approver CTO --message "Go ahead"
185
+ ```
186
+
187
+
188
+ ### Adding Hidden Dependencies
189
+
190
+ `license_finder` can track dependencies that your package managers
191
+ don't know about (JS libraries that don't appear in your
192
+ Gemfile/requirements.txt/package.json, etc.)
193
+
194
+ ```sh
195
+ $ license_finder dependencies add MIT my_js_dep 0.1.2
196
+ ```
197
+
198
+ To automatically approve an unmanaged dependency when you add it, use:
199
+
200
+ ```sh
201
+ $ license_finder dependencies add MIT my_js_dep 0.1.2 --approve
202
+ ```
203
+
204
+ To record who approved the dependency when you add it, use:
205
+
206
+ ```sh
207
+ $ license_finder dependencies add MIT my_js_dep 0.1.2 --approve --approver CTO --message "Go ahead"
208
+ ```
209
+
210
+ The version is optional. Run `license_finder dependencies help` for
211
+ additional documentation about managing these dependencies.
212
+
213
+ `license_finder` cannot automatically detect when one of these
214
+ dependencies has been removed from your project, so you can use:
215
+
216
+ ```sh
217
+ $ license_finder dependencies remove my_js_dep
218
+ ```
219
+
220
+
221
+ ## Configuration
222
+
223
+ The first time you run `license_finder` it will create a default
224
+ configuration file `./config/license_finder.yml`, which will look
225
+ something like this:
226
+
227
+ ```yaml
228
+ ---
229
+ whitelist:
230
+ #- MIT
231
+ #- Apache 2.0
232
+ ignore_groups:
233
+ #- test
234
+ #- development
235
+ ignore_dependencies:
236
+ #- bundler
237
+ dependencies_file_dir: './doc/'
238
+ project_name: My Project Name
239
+ gradle_command: # only meaningful if used with a Java/gradle project. Defaults to "gradle".
240
+ ```
241
+
242
+ By modifying this file, you can configure `license_finder`'s behavior:
243
+
244
+ * Automatically approve licenses in the `whitelist`
245
+ * Exclude test or development dependencies by setting `ignore_groups`.
246
+ (Currently this only works for Bundler.)
247
+ * Exclude specific dependencies by setting `ignore_dependencies`.
248
+ (Think carefully before adding dependencies to this list. A likely
249
+ item to exclude is bundler itself, to avoid noisy changes to the doc
250
+ files when different people run `license_finder` with different
251
+ versions of bundler.)
252
+ * Store the license database and text files in another directory by
253
+ changing `dependencies_file_dir`.
254
+ * Set the HTML report title wih `project_name`, which defaults to the
255
+ name of the working directory.
256
+ * See below for explanation of "gradle_command".
257
+
258
+ You can also configure `license_finder` through the command line. See
259
+ `license_finder whitelist help`, `license_finder ignored_bundler_groups help`
260
+ and `license_finder project_name help` for more details.
261
+
262
+
263
+ ### Gradle Projects
264
+
265
+ You need to install the license gradle plugin:
266
+ [https://github.com/hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin)
267
+
268
+ LicenseFinder assumes that gradle is in your shell's command path and
269
+ can be invoked by just calling `gradle`.
270
+
271
+ If you must invoke gradle some other way (e.g., with a custom
272
+ `gradlew` script), set the `gradle_command` option in your project's
273
+ `license_finder.yml`:
274
+
275
+ ```yaml
276
+ # ... other configuration ...
277
+ gradle_command: ./gradlew
278
+ ```
279
+
280
+ By default, `license_finder` will report on gradle's "runtime"
281
+ dependencies. If you want to generate a report for some other
282
+ dependency configuration (e.g. Android projects will sometimes specify
283
+ their meaningful dependencies in the "compile" group), you can specify
284
+ it in your project's `build.gradle`:
285
+
286
+ ```
287
+ // Must come *after* the 'apply plugin: license' line
288
+
289
+ downloadLicenses {
290
+ dependencyConfiguration "compile"
291
+ }
292
+ ```
293
+
294
+
295
+ ## Upgrade for pre-0.8.0 users
296
+
297
+ If you wish to cleanup your root directory you can run:
298
+
299
+ ```sh
300
+ $ license_finder move
301
+ ```
302
+
303
+ This will move your `dependencies.*` files to the doc/ directory and update the config.
304
+
305
+
306
+ ## Requirements
307
+
308
+ `license_finder` requires ruby >= 1.9, or jruby.
309
+
310
+
311
+ ## A Plea to Package Authors and Maintainers
312
+
313
+ Please add a license to your package specs! Most packaging systems
314
+ allow for the specification of one or more licenses.
315
+
316
+ For example, Ruby Gems may have a license specified by name:
317
+
318
+ ```ruby
319
+ Gem::Specification.new do |s|
320
+ s.name = "my_great_gem"
321
+ s.license = "MIT"
322
+ end
323
+ ```
324
+
325
+ And add a `LICENSE` file to your package that contains your license text.
326
+
327
+
328
+ ## Support
329
+
330
+ * Send an email to the list: [license-finder@googlegroups.com](license-finder@googlegroups.com)
331
+ * View the project backlog at Pivotal Tracker: [https://www.pivotaltracker.com/s/projects/234851](https://www.pivotaltracker.com/s/projects/234851)
332
+
333
+
334
+ ## Contributing
335
+
336
+ * Fork the project from https://github.com/pivotal/LicenseFinder
337
+ * Create a feature branch.
338
+ * Make your feature addition or bug fix. Please make sure there is appropriate test coverage.
339
+ * Rebase on top of master.
340
+ * Send a pull request.
341
+
342
+ To successfully run the test suite, you will need node.js, python, pip
343
+ and gradle installed. If you run `rake check_dependencies`, you'll see
344
+ exactly what you're missing.
345
+
346
+ You'll need a gradle version >= 1.8.
347
+
348
+ For the python dependency tests you will want to have virtualenv
349
+ installed, to allow pip to work without sudo. For more details, see
350
+ this [post on virtualenv][].
351
+
352
+ [post on virtualenv]: http://hackercodex.com/guide/python-development-environment-on-mac-osx/#virtualenv
353
+
354
+ If you're running the test suite with jruby, you're probably going to
355
+ want to set up some environment variables:
356
+
357
+ ```
358
+ JAVA_OPTS='-client -XX:+TieredCompilation -XX:TieredStopAtLevel=1' JRUBY_OPTS='-J-Djruby.launch.inproc=true'
359
+ ```
360
+
361
+ ## License
362
+
363
+ LicenseFinder is released under the MIT License. http://www.opensource.org/licenses/mit-license
data/Rakefile CHANGED
@@ -1,6 +1,7 @@
1
1
  require 'bundler'
2
2
  Bundler::GemHelper.install_tasks
3
3
 
4
+ require './lib/license_finder/platform'
4
5
  require 'rspec/core/rake_task'
5
6
  require 'cucumber'
6
7
  require 'cucumber/rake/task'
@@ -14,8 +15,36 @@ end
14
15
 
15
16
  desc "Run all cukes in features/"
16
17
  Cucumber::Rake::Task.new(:features) do |t|
17
- tags = RUBY_PLATFORM =~ /darwin/ ? "" : "--tags ~@ios"
18
+ tags = LicenseFinder::Platform.darwin? ? "" : "--tags ~@ios"
18
19
  t.cucumber_opts = "features --format pretty #{tags}"
19
20
  end
20
21
 
22
+ desc "Check for non-Ruby development dependencies."
23
+ task :check_dependencies do
24
+ require "open3"
25
+
26
+ dependencies = {
27
+ "mvn" => "Maven",
28
+ "npm" => "node.js",
29
+ "pip" => "Python",
30
+ "gradle" => "Gradle"
31
+ }
32
+ dependencies["pod"] = "Cocoapods" if LicenseFinder::Platform.darwin?
33
+ satisfied = true
34
+ dependencies.each do |dependency, description|
35
+ printf "checking dev dependency for #{description} ... "
36
+ `which #{dependency}` ; status = $?
37
+ if status.success?
38
+ puts "OK"
39
+ else
40
+ puts "missing `#{dependency}`"
41
+ satisfied = false
42
+ end
43
+ end
44
+ exit 1 unless satisfied
45
+ end
46
+
47
+ task :spec => :check_dependencies
48
+ task :features => :check_dependencies
49
+
21
50
  task :default => [:spec, :features]