license_finder 5.9.2 → 5.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5aa62297dbdcb901e43f363712a622598ccafc440e3ed5bf56b977dfd988575e
-  data.tar.gz: cdb7ac96c2760bd7332e3fddc2605efd0224fa4a60e23a0b437ee4779b3d8c08
+  metadata.gz: 7f523ba2c6fa31d014881ee139ea643859d311aa86c5e1c478a42c37534d08da
+  data.tar.gz: 04264f68a64b7260576135ee6069aeb0c36d5220e0bde8744a398901083fb4ef
 SHA512:
-  metadata.gz: 53aae03975e9a80552a6bffb95d9a1238c7bd5ade88d2b8ef3e1af5b5208524ca2faa7282e369d677b388c18da55194010ecec89d9fae5f68bbcf4fb7eb265a7
-  data.tar.gz: 6d34d2eb2fb02cc3997b8d68f8d9a5ada20ba55f84510d4477657d7b60c72a678d54a6e6ddec0c4ca5a696fe37edcc115795e350719c35ac02625bd722068f16
+  metadata.gz: b95faa766907dc8c749770916ddd7daa5d59560de2abdf23ed6203ca363a62a7a4563f345e28abb4ef04ad8de311356f076a987220c48a2f300a439eabe5b531
+  data.tar.gz: f9a05a6f98983222ecfed1c916a1084f8c6f4a6645a81d2725a8c98c6b1c805d9f422e137a1d3b39145666058da9f23568dfebee7a74467e1c249925380530ed

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# [5.10.0] / 2019-08-26
+
+### Changed
+* Dotnet projects only detected if csproj is at root level - [b9f810d](https://github.com/pivotal/LicenseFinder/commit/b9f810d96f92f458fcfe4855307fdddfb7f1082b) 
+* sha for composer-setup.php - [64b782a](https://github.com/pivotal/LicenseFinder/commit/64b782a137a287980a317fcb48f595b6e93f85d0) - Debbie Chen
+
 # [5.9.2] / 2019-07-02
 
 ### Changed
@@ -733,3 +739,4 @@ Bugfixes:
 [5.9.0]: https://github.com/pivotal/LicenseFinder/compare/v5.8.0...v5.9.0
 [5.9.1]: https://github.com/pivotal/LicenseFinder/compare/v5.9.0...v5.9.1
 [5.9.2]: https://github.com/pivotal/LicenseFinder/compare/v5.9.1...v5.9.2
+[5.10.0]: https://github.com/pivotal/LicenseFinder/compare/v5.9.2...v5.10.0

data/Dockerfile

@@ -150,7 +150,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
     apt-get update &&\
     apt-get install -y php7.1-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
-    php -r "if (hash_file('sha384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
+    php -r "if (hash_file('sha384', 'composer-setup.php') === 'a5c698ffe4b8e849a443b120cd5ba38043260d5c4023dbf93e1558871f1f07f58274fc6f4c93bcfd858c6bd0775cd8d1') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
     php -r "unlink('composer-setup.php');" &&\
     mv composer.phar /usr/bin/composer

data/VERSION

@@ -1 +1 @@
-5.9.2
+5.10.0

data/ci/pipelines/pull-request.yml.erb

@@ -9,7 +9,7 @@ resource_types:
 
 <% if setup_slack %>
 - name: slack-notification
-  type: docker-image
+  type: registry-image
   source:
     repository: cfcommunity/slack-notification-resource
     tag: latest

data/ci/pipelines/release.yml.erb

@@ -4,7 +4,7 @@
 resource_types:
 <% if setup_slack %>
 - name: slack-notification
-  type: docker-image
+  type: registry-image
   source:
     repository: cfcommunity/slack-notification-resource
     tag: latest

data/ci/tasks/rubocop.yml

@@ -1,7 +1,7 @@
 platform: linux
 
 image_resource:
-  type: docker-image
+  type: registry-image
   source:
     repository: ruby
     tag: 2.6.3

data/ci/tasks/update-changelog.yml

@@ -1,6 +1,6 @@
 ---
 image_resource:
-  type: docker-image
+  type: registry-image
   source:
     repository: brenix/alpine-bash-git-ssh
     tag: latest

data/lib/license_finder/cli/base.rb

@@ -40,6 +40,7 @@ module LicenseFinder
           :pip_requirements_path,
           :rebar_command,
           :rebar_deps_dir,
+          :elixir_command,
           :mix_command,
           :mix_deps_dir,
           :save,

data/lib/license_finder/cli/main.rb

@@ -32,6 +32,7 @@ module LicenseFinder
       class_option :pip_requirements_path, desc: 'Path to python requirements file. Defaults to requirements.txt.'
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
       class_option :rebar_deps_dir, desc: "Path to rebar dependencies directory. Only meaningful if used with a Erlang/rebar project. Defaults to 'deps'."
+      class_option :elixir_command, desc: "Command to use when parsing package metadata for Mix. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'elixir'."
       class_option :mix_command, desc: "Command to use when fetching packages through Mix. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'mix'."
       class_option :mix_deps_dir, desc: "Path to Mix dependencies directory. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'deps'."
       class_option :sbt_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Scala/sbt project. Defaults to false.'

data/lib/license_finder/configuration.rb

@@ -22,6 +22,10 @@ module LicenseFinder
       true
     end
 
+    def elixir_command
+      get(:elixir_command) || 'elixir'
+    end
+
     def mix_command
       get(:mix_command) || 'mix'
     end

data/lib/license_finder/core.rb

@@ -87,7 +87,7 @@ module LicenseFinder
       FileUtils.rmtree config.log_directory, secure: true if File.directory? config.log_directory
     end
 
-    def options
+    def options # rubocop:disable Metrics/AbcSize
       {
         logger: logger,
         project_path: config.project_path,
@@ -101,6 +101,7 @@ module LicenseFinder
         pip_requirements_path: config.pip_requirements_path,
         rebar_command: config.rebar_command,
         rebar_deps_dir: config.rebar_deps_dir,
+        elixir_command: config.elixir_command,
         mix_command: config.mix_command,
         mix_deps_dir: config.mix_deps_dir,
         prepare: config.prepare,

data/lib/license_finder/package_manager.rb

@@ -60,7 +60,7 @@ module LicenseFinder
 
     def initialize(options = {})
       @prepare_no_fail = options[:prepare_no_fail]
-      @logger       = options[:logger] || Core.default_logger
+      @logger = options[:logger] || Core.default_logger
       @project_path = options[:project_path]
       @log_directory = options[:log_directory]
       @ignored_groups = options[:ignored_groups]

data/lib/license_finder/package_managers/bundler.rb

@@ -55,7 +55,7 @@ module LicenseFinder
 
       # clear gem paths before running specs_for
       Gem.clear_paths
-      if File.exist?(bundler_config_path)
+      if bundler_config_path_found
         ::Bundler.reset!
         ::Bundler.configure
       end
@@ -74,8 +74,13 @@ module LicenseFinder
       project_path.join(lockfile)
     end
 
-    def bundler_config_path
-      project_path.join('.bundle')
+    def bundler_config_path_found
+      config_file = project_path.join('.bundle/config')
+
+      return false unless File.exist?(config_file)
+
+      content = File.readlines(config_file)
+      content.grep(/BUNDLE_PATH/).count.positive?
     end
 
     def log_package_dependencies(package)

data/lib/license_finder/package_managers/dotnet.rb

@@ -53,7 +53,7 @@ module LicenseFinder
     end
 
     def possible_package_paths
-      paths = Dir[project_path.join('**/*.csproj')]
+      paths = Dir[project_path.join('*.csproj')]
       paths.map { |p| Pathname(p) }
     end
 

data/lib/license_finder/package_managers/mix.rb

@@ -5,7 +5,9 @@ module LicenseFinder
     def initialize(options = {})
       super
       @command = options[:mix_command] || Mix.package_management_command
+      @elixir_command = options[:elixir_command] || 'elixir'
       @deps_path = Pathname(options[:mix_deps_dir] || 'deps')
+      @licenses_by_package = load_all_licenses
     end
 
     def current_packages
@@ -20,23 +22,18 @@ module LicenseFinder
       end
     end
 
-    # Adapted from licenser: https://github.com/unnawut/licensir/blob/71f96f8734adc73c0651050bd9f0e20ff52c61a8/lib/licensir/scanner.ex#L61
     def licenses(name)
-      config_path = @deps_path.join(name).join('hex_metadata.config')
-      # rubocop:disable Metrics/LineLength
-      args = "\\\"#{config_path}\\\" |> :file.consult() |> case do {:ok, metadata} -> metadata; {:error, _} -> [] end |> List.keyfind(\\\"licenses\\\", 0) |> case do {_, licenses} -> licenses; _ -> [] end |> Enum.join(\\\"\\t\\\") |> IO.puts()"
-      # rubocop:enable Metrics/LineLength
-      command = "#{@command} run --no-start --no-compile -e \"#{args}\""
-      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
-      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
-
-      stdout.strip.split("\t")
+      @licenses_by_package.fetch(name, ['license is not in deps'])
     end
 
     def self.package_management_command
       'mix'
     end
 
+    def self.package_lock_file
+      'mix.lock'
+    end
+
     def self.prepare_command
       'mix deps.get'
     end
@@ -47,6 +44,35 @@ module LicenseFinder
 
     private
 
+    def load_all_licenses
+      elixir_code = <<-ELIXIR
+      deps_path = "#{@deps_path}"
+
+      case File.ls(deps_path) do
+        {:ok, dirs} ->
+          Enum.reduce(dirs, [], fn name, acc ->
+            with hexmetadata_file <- Path.join([deps_path, name, "hex_metadata.config"]),
+                {:ok, metadata} <- :file.consult(hexmetadata_file),
+                {"licenses", licenses} <- List.keyfind(metadata, "licenses", 0) do
+              [[name, licenses] | acc]
+            else
+              _ -> acc
+            end
+          end)
+        {:error, _} ->
+          []
+      end
+      |> IO.inspect(limit: :infinity)
+      ELIXIR
+      command = "#{@elixir_command} -e '#{elixir_code}'"
+      return {} unless File.directory?(project_path)
+
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+
+      Hash[JSON.parse(stdout)]
+    end
+
     def end_of_package_lines?(line)
       line == 'ok'
     end

data/lib/license_finder/package_managers/yarn.rb

@@ -56,7 +56,7 @@ module LicenseFinder
     end
 
     def self.prepare_command
-      'yarn install'
+      'yarn install --ignore-engines'
     end
 
     private

data/license_finder.gemspec

@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec', '~> 3'
   s.add_development_dependency 'rspec-its'
-  s.add_development_dependency 'rubocop', '~> 0.72.0'
+  s.add_development_dependency 'rubocop', '~> 0.74.0'
   s.add_development_dependency 'rubocop-performance', '~> 1.4.0'
   s.add_development_dependency 'webmock', '~> 3.5'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 5.9.2
+  version: 5.10.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-02 00:00:00.000000000 Z
+date: 2019-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -231,14 +231,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.72.0
+        version: 0.74.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.72.0
+        version: 0.74.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -483,7 +483,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.