license_finder 3.0.0 → 3.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 966af7ae1414671e4b0993c96df55ae99b57993f
-  data.tar.gz: '0319c59b0c751aae09e8822c30e6a27aa7a9d473'
+  metadata.gz: 499f2da3bda92418516368e51583453fc1c5225f
+  data.tar.gz: a8b35a1beb522d75a1cb573e68be86fe7bd0f921
 SHA512:
-  metadata.gz: 7fa60bd67436b53b6de9ee386c6301bcc485a8076a5cea9c464a3f7e581ce23820246f0ca4a603875fcda88409632b7bb29973c4c4d8590b8a0bd1c100cf699b
-  data.tar.gz: 5317b4995bbfb33a9d5aaa9364e138eb9723d90aee8bd2cd102380fe078b91d32ee25c565ac4c356d572f9cfcec089c84a46c6a5b7da916c66a78e9b2c919602
+  metadata.gz: f1986e42151dfa364cfe7e10500b5fda295f957ae1fd62f1605067aac46bdfca0c8b596d9ded82b3192ddfecea804a312cb0cf7d6314e6713ea8f03a2ddf6bdd
+  data.tar.gz: fb51163eeb86d7e19fd77de0f26f5930048c8a7a8441a50db4b852f90539ce0402109acb375c87324054ed1be99a51d77a71ca108ba8d019e13fb8f189014f47

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+# Not Yet Released:
+
+Features:
+
+* Add --maven-options to allow options for maven scans (#305, thanks @jgielstra!)
+
+Bugfixes:
+
+* Restore the original GOPATH after modifying it (#287, thanks @sschuberth!)
+* LF doesn't recognize .NET projects using 'packages' directory (#290, #292, thanks @bspeck!)
+* Use glob for finding acknowledgements path for CocoaPods (#177, #288, thanks @aditya87!)
+* Fix some failing tests on Windows (#294, thanks @sschuberth!)
+* Add warning message if no dependencies are recognized (#293, thanks @bspeck!)
+* Switch to YAJL for parsing the json output from npm using a tmp file rather than an in-memory string (#301, #304)
+
 # 3.0.0 / 2016-03-02
 
 Features:

data/CONTRIBUTING.md

@@ -8,6 +8,18 @@
 * Rebase on top of master.
 * Send a pull request.
 
+## Running Tests
+
+You can use the [LicenseFinder docker image](https://hub.docker.com/r/licensefinder/license_finder/) to run the tests.
+
+```
+$ docker run -it licensefinder/license_finder /bin/bash --login
+
+# inside the container...
+
+$ cd /LicenseFinder
+$ rake
+```
 
 ## Adding Package Managers
 
@@ -44,7 +56,8 @@ If you come up with something useful, consider posting it to the Google Group
 
 
 ## Development Dependencies
-To successfully run the test suite, you will need the following installed: 
+
+To successfully run the test suite, you will need the following installed:
 - NPM (requires Node)
 - Bower (requires Node and NPM)
 - Maven (requires Java)
@@ -55,8 +68,9 @@ To successfully run the test suite, you will need the following installed:
 - CocoaPods (requires ruby)
 - Bundler (requires ruby)
 
-If you run `rake check_dependencies`, you'll see exactly which package managers
-you're missing.
+The [LicenseFinder docker image](https://hub.docker.com/r/licensefinder/license_finder/) already contains these dependencies.
+
+If you run `rake check_dependencies`, you'll see exactly which package managers you're missing.
 
 ### Python
 

data/Dockerfile

@@ -1,32 +1,21 @@
 FROM ubuntu:trusty
-RUN apt-get update && apt-get install -y curl git-core
-
-#install rvm
-RUN gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 && \
-    curl -sSL https://get.rvm.io | bash -s stable --ruby
-ENV PATH=/usr/local/rvm/bin:$PATH
-
-# install build-essential wget unzip
-RUN apt-get install -y build-essential wget unzip
+RUN apt-get update && apt-get install -y curl git-core wget unzip
 
 # nodejs seems to be required for the one of the gems
-RUN curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
+RUN curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
     apt-get -y install nodejs
 
 # install bower
 RUN npm install -g bower && \
     echo '{ "allow_root": true }' > /root/.bowerrc
 
-# install bundler
-RUN bash -lc "rvm install 2.3.3 && rvm use 2.3.3 && gem install bundler"
-
 #install java 8
 #http://askubuntu.com/questions/521145/how-to-install-oracle-java-on-ubuntu-14-04
 RUN cd /tmp && \
-    wget --quiet --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u66-b17/jdk-8u66-linux-x64.tar.gz -O jdk-8.tgz && \
+    wget --quiet --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.tar.gz -O jdk-8.tgz && \
     tar xf /tmp/jdk-8.tgz && \
     mkdir -p /usr/lib/jvm && \
-    mv jdk1.8.0_66 /usr/lib/jvm/oracle_jdk8 && \
+    mv jdk1.8.0_131 /usr/lib/jvm/oracle_jdk8 && \
     rm /tmp/jdk-8.tgz
 
 ENV J2SDKDIR=/usr/lib/jvm/oracle_jdk8
@@ -76,6 +65,14 @@ ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 ENV LC_ALL=en_US.UTF-8
 
+#install rvm
+RUN gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 && \
+    curl -sSL https://raw.githubusercontent.com/wayneeseguin/rvm/stable/binscripts/rvm-installer | sudo bash -s stable --ruby=2.4.1
+ENV PATH=/usr/local/rvm/bin:$PATH
+
+# install bundler
+RUN bash -lc "rvm install 2.4.1 --default && gem install bundler"
+
 # install license_finder
 RUN bash -lc "git clone https://github.com/pivotal/LicenseFinder /LicenseFinder && cd /LicenseFinder && bundle install -j4 && rake install"
 

data/README.md

@@ -6,7 +6,7 @@ Build status
 * Ruby 2.1.5 [![Ruby 2.1.5 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.1.5/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.2.0 [![Ruby 2.2.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.2.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.3.0 [![Ruby 2.3.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.3.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.4.0 [![Ruby 2.4.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.4.1 [![Ruby 2.4.1 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.1/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
 * JRuby 9.0.4.0 [![JRuby 9.0.4.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.0.4.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
 
 
@@ -17,6 +17,8 @@ report.
 
 * code: https://github.com/pivotal/LicenseFinder
 * ci: https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder
+* docker: [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
+  * the docker image contains all the package managers needed to run `license_finder`
 * support:
   * license-finder@googlegroups.com
   * https://groups.google.com/forum/#!forum/license-finder

data/Rakefile

@@ -13,6 +13,13 @@ task :spec do
   end
 end
 
+desc "Only run cocoapods specs"
+RSpec::Core::RakeTask.new("spec:cocoapods") do |t|
+  t.fail_on_error = true
+  t.pattern = "./spec/lib/license_finder/package_managers/cocoa_pods_*spec.rb"
+  t.rspec_opts = %w[--color]
+end
+
 desc "Run all specs in features/"
 task :features do
   RSpec::Core::RakeTask.new(:features) do |t|

data/ci/pipelines/pipeline.yml.erb

@@ -35,7 +35,7 @@ resources:
 <% end %>
 
 jobs:
-<% ['2.4.0', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
+<% ['2.4.1', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
 - name: ruby-<%= ruby_version %>
   public: true
   plan:
@@ -55,7 +55,7 @@ jobs:
 <% end %>
 <% end %>
 
-<% ['2.4.0', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
+<% ['2.4.1', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
 - name: PR-ruby-<%= ruby_version %>
   public: true
   plan:

data/features/features/cli/cli_spec.rb

@@ -36,14 +36,15 @@ describe "License Finder command line executable" do
 
     developer.run_license_finder
     expect(developer).to be_receiving_exit_code(0)
-    expect(developer).to be_seeing 'All dependencies are approved for use'
+    expect(developer).to be_seeing 'No dependencies recognized!'
   end
 
   specify "displays an error if project_path does not exist" do
     developer.create_empty_project
 
-    developer.execute_command('license_finder report --project-path=/path/that/does/not/exist')
-    expect(developer).to be_seeing("Project path '/path/that/does/not/exist' does not exist!")
+    path = '/path/that/does/not/exist'
+    developer.execute_command("license_finder report --project-path=#{path}")
+    expect(developer).to be_seeing("Project path '#{File.absolute_path(path)}' does not exist!")
     expect(developer).to be_receiving_exit_code(1)
   end
 end

data/features/support/testing_dsl.rb

@@ -181,7 +181,10 @@ module LicenseFinder
       end
 
       def install
-        shell_out("GOPATH=#{project_dir}/gopath godep restore")
+        orig_gopath = ENV['GOPATH']
+        ENV['GOPATH'] = "#{project_dir}/gopath"
+        shell_out("godep restore")
+        ENV['GOPATH'] = orig_gopath
       end
 
       def shell_out(command)
@@ -348,7 +351,11 @@ module LicenseFinder
       end
 
       def install_fixture(fixture_name)
-        join(fixture_name).make_symlink Paths.fixtures.join(fixture_name)
+        if Platform.windows?
+          FileUtils.cp(Paths.fixtures.join(fixture_name), join(fixture_name))
+        else
+          join(fixture_name).make_symlink Paths.fixtures.join(fixture_name)
+        end
       end
 
       def make

data/lib/license_finder/cli/base.rb

@@ -32,6 +32,7 @@ module LicenseFinder
           :gradle_command,
           :gradle_include_groups,
           :maven_include_groups,
+          :maven_options,
           :rebar_command,
           :rebar_deps_dir,
           :save
@@ -70,4 +71,3 @@ module LicenseFinder
     end
   end
 end
-

data/lib/license_finder/cli/main.rb

@@ -24,6 +24,7 @@ module LicenseFinder
       class_option :gradle_include_groups, desc: "Whether dependency name should include group id. Only meaningful if used with a Java/gradle project. Defaults to false."
       class_option :gradle_command, desc: "Command to use when fetching gradle packages. Only meaningful if used with a Java/gradle project. Defaults to 'gradlew' / 'gradlew.bat' if the wrapper is present, otherwise to 'gradle'."
       class_option :maven_include_groups, desc: "Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false."
+      class_option :maven_options, desc: "Maven options to append to command. Defaults to empty."
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
       class_option :rebar_deps_dir, desc: "Path to rebar dependencies directory. Only meaningful if used with a Erlang/rebar project. Defaults to 'deps'."
       class_option :subprojects, type: :array, desc: "Generate a single report for multiple sub-projects. Ex: --subprojects='path/to/project1', 'path/to/project2'"
@@ -34,12 +35,18 @@ module LicenseFinder
       desc "action_items", "List unapproved dependencies (the default action for `license_finder`)"
 
       def action_items
+        any_packages = license_finder.any_packages?
         unapproved = license_finder.unapproved
         blacklisted = license_finder.blacklisted
 
         # Ensure to start output on a new line even with dot progress indicators.
         say "\n"
 
+        unless any_packages
+          say "No dependencies recognized!", :red
+          exit 0
+        end
+
         if unapproved.empty?
           say "All dependencies are approved for use", :green
         else

data/lib/license_finder/configuration.rb

@@ -37,6 +37,10 @@ module LicenseFinder
       get(:maven_include_groups)
     end
 
+    def maven_options
+      get(:maven_options)
+    end
+
     def rebar_command
       get(:rebar_command)
     end

data/lib/license_finder/core.rb

@@ -37,7 +37,7 @@ module LicenseFinder
     end
 
     extend Forwardable
-    def_delegators :decision_applier, :acknowledged, :unapproved, :blacklisted
+    def_delegators :decision_applier, :acknowledged, :unapproved, :blacklisted, :any_packages?
 
     def project_name
       decisions.project_name || config.project_path.basename.to_s
@@ -68,10 +68,10 @@ module LicenseFinder
         gradle_command: config.gradle_command,
         gradle_include_groups: config.gradle_include_groups,
         maven_include_groups: config.maven_include_groups,
+        maven_options: config.maven_options,
         rebar_command: config.rebar_command,
         rebar_deps_dir: config.rebar_deps_dir,
       )
     end
   end
 end
-

data/lib/license_finder/decision_applier.rb

@@ -2,7 +2,8 @@ module LicenseFinder
   class DecisionApplier
     def initialize(options)
       @decisions = options.fetch(:decisions)
-      @acknowledged = apply_decisions(options.fetch(:packages))
+      @all_packages = decisions.packages + options.fetch(:packages)
+      @acknowledged = apply_decisions
     end
 
     attr_reader :acknowledged
@@ -15,12 +16,15 @@ module LicenseFinder
       acknowledged.select(&:blacklisted?)
     end
 
+    def any_packages?
+      all_packages.any?
+    end
+
     private
 
-    attr_reader :decisions
+    attr_reader :decisions, :all_packages
 
-    def apply_decisions(system_packages)
-      all_packages = decisions.packages + system_packages
+    def apply_decisions
       all_packages
         .map { |package| with_decided_licenses(package) }
         .map { |package| with_approval(package) }

data/lib/license_finder/package_managers/cocoa_pods.rb

@@ -40,19 +40,15 @@ module LicenseFinder
     end
 
     def acknowledgements_path
-      filename = 'Pods-acknowledgements.plist'
-      directories = [
-        'Pods',                          # cocoapods < 0.34
-        'Pods/Target Support Files/Pods' # cocoapods >= 0.34
-      ]
-
-      directories
-        .map { |dir| project_path.join(dir, filename) }
-        .find(&:exist?)
+      search_paths = [ "Pods/Pods-acknowledgements.plist",
+                       "Pods/Target Support Files/Pods/Pods-acknowledgements.plist",
+                       "Pods/Target Support Files/Pods-*/Pods-*-acknowledgements.plist" ]
+
+      Dir[*search_paths.map {|path| File.join(project_path, path) }].first
     end
 
     def read_plist pathname
-      JSON.parse(`plutil -convert json -o - '#{pathname.expand_path}'`)
+      JSON.parse(`plutil -convert json -o - '#{pathname}'`)
     end
   end
 end

data/lib/license_finder/package_managers/go_vendor.rb

@@ -55,8 +55,10 @@ module LicenseFinder
         # checked in. Canonical paths are only checked by `go get'. We
         # discovered that `go list' will print a warning and unfortunately exit
         # with status code 1. Setting GOPATH to nil removes those warnings.
+        orig_gopath = ENV['GOPATH']
         ENV['GOPATH'] = nil
         val = capture('go list -f "{{join .Deps \"\n\"}}" ./...')
+        ENV['GOPATH'] = orig_gopath
         return [] unless val.last
         # Select non-standard packages. `go list std` returns the list of standard
         # dependencies. We then filter those dependencies out of the full list of

data/lib/license_finder/package_managers/go_workspace.rb

@@ -70,8 +70,10 @@ module LicenseFinder
         # checked in. Canonical paths are only checked by `go get'. We
         # discovered that `go list' will print a warning and unfortunately exit
         # with status code 1. Setting GOPATH to nil removes those warnings.
+        orig_gopath = ENV['GOPATH']
         ENV['GOPATH'] = nil
         val = capture('go list -f "{{join .Deps \"\n\"}}" ./...')
+        ENV['GOPATH'] = orig_gopath
         raise 'go list failed' unless val.last
         # Select non-standard packages. `go list std` returns the list of standard
         # dependencies. We then filter those dependencies out of the full list of

data/lib/license_finder/package_managers/maven.rb

@@ -7,12 +7,13 @@ module LicenseFinder
       super
       @ignored_groups = options[:ignored_groups]
       @include_groups = options[:maven_include_groups]
+      @maven_options = options[:maven_options]
     end
 
     def current_packages
       command = "#{package_management_command} org.codehaus.mojo:license-maven-plugin:download-licenses"
       command += " -Dlicense.excludedScopes=#{@ignored_groups.to_a.join(',')}" if @ignored_groups and !@ignored_groups.empty?
-
+      command += " #{@maven_options}" if !@maven_options.nil?
       output, success = Dir.chdir(project_path) { capture(command) }
       raise "Command '#{command}' failed to execute: #{output}" unless success
 

data/lib/license_finder/package_managers/npm.rb

@@ -1,88 +1,96 @@
-require 'json'
+require 'yajl'
+require 'tempfile'
 
 module LicenseFinder
   class NPM < PackageManager
     DEPENDENCY_GROUPS = ["dependencies", "devDependencies"]
 
     def current_packages
-      packages = {}
-      direct_dependencies.each do |dep|
-        group_name = dep[:group]
-        walk_dependency_tree(dep[:name]) do |dependency|
-          package_id = dependency["name"]
-          if packages[package_id] && packages[package_id].version.nil? && dependency["version"]
-            old_package = packages[package_id]
-            packages[package_id] = NpmPackage.new(dependency, logger: logger, groups: old_package.groups)
-          else
-            packages[package_id] ||= NpmPackage.new(dependency, logger: logger)
-          end
-          packages[package_id].groups << group_name unless packages[package_id].groups.include?(group_name)
+      top_level_deps = npm_json['dependencies']&.values || []
+      package_json = JSON.parse(File.read(package_path), :max_nesting => false)
+      top_level_deps.each do |dep|
+        dep['groups'] = DEPENDENCY_GROUPS.select do |group|
+          package_json[group]&.keys&.include? dep['name']
         end
       end
-      packages.values
-    end
-
-    def self.package_management_command
-      "npm"
+      dependency_matches = flatten(top_level_deps)
+      dependency_matches = dependency_matches.group_by {|dep| [dep['name'], dep['version']]}
+      dependency_matches.map {|id, dep_matches| construct_npm_package(dep_matches, id)}
     end
 
     private
 
-    def direct_dependencies
-      package_json = JSON.parse(File.read(package_path), :max_nesting => false)
-      DEPENDENCY_GROUPS.map do |group|
-        package_json.fetch(group, {}).keys.map do |dependency|
-          {
-            group: group,
-            name: dependency
-          }
-        end
-      end.flatten
+    def self.package_management_command
+      "npm"
     end
 
-    def walk_dependency_tree(dependency, &block)
-      @json ||= npm_json
-      deps = @json.fetch("dependencies", {}).reject { |_,d| d.is_a?(String) }
-      current_dep = deps[dependency]
-      block.call(current_dep) if current_dep
-      recursive_dependencies(current_dep) do |d|
-        block.call(d)
-      end
+    def package_path
+      project_path.join('package.json')
     end
 
     def npm_json
-      command = "#{NPM::package_management_command} list --json --long"
-      output, success = Dir.chdir(project_path) { capture(command) }
+      tempfile = Tempfile.new
+      begin
+        command = "#{NPM::package_management_command} list --json --long > #{tempfile.path}"
+        output, success = Dir.chdir(project_path) { capture(command) }
 
-      if success
-        json = JSON(output, :max_nesting => false)
-      else
-        json = begin
-                 JSON(output, :max_nesting => false)
-               rescue JSON::ParserError
-                 nil
-               end
-        if json
-          $stderr.puts "Command '#{command}' returned an error but parsing succeeded."
+        if success
+          json = Yajl::Parser.parse(File.open(tempfile.path))
         else
-          raise "Command '#{command}' failed to execute: #{output}"
+          json = begin
+            Yajl::Parser.parse(File.open(tempfile.path))
+          rescue Yajl::ParseError
+            nil
+          end
+          if json
+            $stderr.puts "Command '#{command}' returned an error but parsing succeeded."
+          else
+            raise "Command '#{command}' failed to execute: #{output}"
+          end
         end
+      ensure
+        tempfile.close
+        tempfile.unlink
       end
-
       json
     end
 
-    def package_path
-      project_path.join('package.json')
+    def flatten(list)
+      list.inject [] {|acc, dep| acc + [dep] + flatten(dep['dependencies']&.values&.map {|inner_dep| inner_dep['groups'] = dep['groups']; inner_dep} || [])}
     end
 
-    def recursive_dependencies(node_module, &block)
-      return unless node_module # node_module can be empty hash if it is included elsewhere
-      block.call(node_module)
-      node_module.fetch('dependencies', {}).each do |dep_key, data|
-        data['name'] ||= dep_key
-        recursive_dependencies(data, &block)
+    def licenses(dep_matches)
+      licenses_lists = dep_matches.map do |match|
+        match['licenses']
       end
+
+      licenses_lists.reject! {|licenses| licenses.nil? || licenses == '[Circular]'}
+      licenses_lists = licenses_lists.uniq
+      case licenses_lists.count
+        when 0
+          dep_matches.map {|dep_match| dep_match['license']}.reject(&:nil?).uniq
+        when 1
+          licenses_lists.first.map {|license| license['type']}
+        else
+          raise "Varying lists of licenses provided for #{dep_matches.first['name']} (#{dep_matches.first['version']})"
+      end
+    end
+
+    def construct_npm_package(dep_matches, id)
+      name, version = id
+      dependencies = value_from_matches(dep_matches, 'dependencies')&.values&.map {|d| d['name']} || []
+      NpmPackage.new(name, version,
+                     homepage: value_from_matches(dep_matches, 'homepage'),
+                     description: value_from_matches(dep_matches, 'description'),
+                     spec_licenses: licenses(dep_matches),
+                     install_path: value_from_matches(dep_matches, 'path'),
+                     dependencies: dependencies,
+                     groups: dep_matches.map {|match| match['groups']}.flatten.uniq,
+                     logger: logger)
+    end
+
+    def value_from_matches(dep_matches, key)
+      dep_matches.map {|m| m[key]}.reject(&:nil?).uniq&.first
     end
   end
 end