license_finder 5.2.3 → 5.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68271c9c5eaa834d5e5ec4a131a1acde9bb32491fc5acad9ab5f589b3d37d044
-  data.tar.gz: 804fd3a0522dc182b3bc61359688334319934fac1d52080a05dc134f0e8687d4
+  metadata.gz: 4f6aed769d4ad0cd9c9b6351c889ffc2ab66e2410601f2f26df043e09020889f
+  data.tar.gz: f82d12773e91b7879a46e9e6876d8056a7d901cd7005257eee3c66c1b45cba7d
 SHA512:
-  metadata.gz: a8727090c39a1b98934df468a64de27fcb0083f459a4f5b9627c81c5d1b3afb4711386a15492c6110af1047d5ac755ff24185c9a0f5d8399113dd2df9afffcb9
-  data.tar.gz: 060fa1fba5020b90e97ad1bcf0f4ed635e55a2885f660627f8a3b32736247e82489dc09e359da79ccbf59550a3dd61700c6f7d21c229355d8afe097e9b8f68c3
+  metadata.gz: 5477a62b4d082281a806f023572e1b382927a35cae497c5fb44901b6f5652bf88df2cc8cd1762dc69637ae8b9b806b9baa13cffa1f96286aad9cdf055651dda8
+  data.tar.gz: 2208b7c87598ed2daa3aebafb70e239416f9a333e0bf80549674657b87f6cd06d77ad115325044963b4dfb7e59331cf4bdaa498c51529024e47dad2d9ce170ed

data/Dockerfile

@@ -116,6 +116,9 @@ RUN apt-get install -y python-dev && \
 	pip install --ignore-installed six --ignore-installed colorama --ignore-installed requests --ignore-installed chardet --ignore-installed urllib3 --upgrade setuptools && \
 	pip install conan
 
+# install Cargo
+RUN curl -sSf https://static.rust-lang.org/rustup.sh | sh -s -- --disable-sudo
+
 # install license_finder
 COPY . /LicenseFinder
 RUN bash -lc "cd /LicenseFinder && bundle install -j4 && rake install"

data/README.md

@@ -50,6 +50,7 @@ report.
 * JavaScript (via `yarn`)
 * C++/C (via `conan`)
 * Scala (via `sbt`)
+* Rust (via `cargo`)
 
 ## Installation
 
@@ -174,6 +175,7 @@ languages, as long as that language has a package definition in the project dire
 * `yarn.lock` file (for `yarn`)
 * `conanfile.txt` file (for `conan`)
 * `build.sbt` file (for `sbt`)
+* `Cargo.lock` file (for `cargo`)
 
 
 ### Continuous Integration

data/ci/pipelines/release.yml

@@ -3,7 +3,7 @@ resources:
   type: git
   source:
     uri: git@github.com:pivotal-legacy/LicenseFinder.git
-    private_key: ((CfOslBotPrivateKey))
+    private_key: ((CfOslBot.private_key))
     branch: master
 
 - name: lf-image
@@ -11,8 +11,8 @@ resources:
   source:
     repository: licensefinder/license_finder
     email: ((LicenseFinderDockerEmail))
-    username: ((LicenseFinderDockerUserName))
-    password: ((LicenseFinderDockerPassword))
+    username: ((LicenseFinderDocker.username))
+    password: ((LicenseFinderDocker.password))
 
 - name: lf-release
   type: github-release
@@ -67,7 +67,7 @@ jobs:
     params:
       GIT_USERNAME: ((GithubApiUser))
       GIT_EMAIL: ((GithubApiEmail))
-      GIT_PRIVATE_KEY: ((CfOslBotPrivateKey))
+      GIT_PRIVATE_KEY: ((CfOslBot.private_key))
       GEM_API_KEY: ((LicenseFinderGemApiKey))
     file: lf-git/ci/tasks/build-and-push-gem.yml
   - put: lf-release
@@ -99,7 +99,7 @@ jobs:
     params:
       GIT_USERNAME: ((GithubApiUser))
       GIT_EMAIL: ((GithubApiEmail))
-      GIT_PRIVATE_KEY: ((CfOslBotPrivateKey))
+      GIT_PRIVATE_KEY: ((CfOslBot.private_key))
       GEM_API_KEY: ((LicenseFinderGemApiKey))
     file: lf-git/ci/tasks/build-and-push-gem.yml
   - put: lf-git

data/ci/scripts/containerize-tests.sh

@@ -7,9 +7,7 @@ source /opt/resource/common.sh
 start_docker 3 3
 
 pushd LicenseFinder
-  if [ ! -z "$(git diff master Dockerfile)" ]; then
-    docker build . -t licensefinder/license_finder
-  fi
+  docker build . -t licensefinder/license_finder
 
   docker run -v $PWD:/lf -it licensefinder/license_finder /bin/bash \
     -exlc "cd /lf && ci/scripts/run-tests.sh $RUBY_VERSION_UNDER_TEST"

data/lib/license_finder/cli/main.rb

@@ -80,6 +80,13 @@ module LicenseFinder
                       type: :array
       end
 
+      desc 'project_roots', 'List project directories to be scanned'
+      shared_options
+      def project_roots
+        config.strict_matching = true
+        aggregate_paths
+      end
+
       desc 'action_items', 'List unapproved dependencies (the default action for `license_finder`)'
       shared_options
       format_option
@@ -162,7 +169,8 @@ module LicenseFinder
         check_valid_project_path
         aggregate_paths = config.aggregate_paths
         project_path = config.project_path || Pathname.pwd
-        aggregate_paths = ProjectFinder.new(project_path).find_projects if config.recursive
+        aggregate_paths = ProjectFinder.new(project_path, config.strict_matching).find_projects if config.recursive
+        say(aggregate_paths || project_path) if config.strict_matching
         return aggregate_paths unless aggregate_paths.nil? || aggregate_paths.empty?
         [config.project_path] unless config.project_path.nil?
       end

data/lib/license_finder/configuration.rb

@@ -122,6 +122,10 @@ module LicenseFinder
       get(:sbt_include_groups)
     end
 
+    attr_writer :strict_matching
+
+    attr_reader :strict_matching
+
     protected
 
     attr_accessor :primary_config

data/lib/license_finder/package.rb

@@ -184,3 +184,4 @@ require 'license_finder/packages/nuget_package'
 require 'license_finder/packages/conan_package'
 require 'license_finder/packages/yarn_package'
 require 'license_finder/packages/sbt_package'
+require 'license_finder/packages/cargo_package'

data/lib/license_finder/package_manager.rb

@@ -144,5 +144,6 @@ require 'license_finder/package_managers/nuget'
 require 'license_finder/package_managers/dep'
 require 'license_finder/package_managers/conan'
 require 'license_finder/package_managers/sbt'
+require 'license_finder/package_managers/cargo'
 
 require 'license_finder/package'

data/lib/license_finder/package_managers/cargo.rb

@@ -0,0 +1,34 @@
+require 'json'
+
+module LicenseFinder
+  class Cargo < PackageManager
+    def current_packages
+      cargo_output.map do |package|
+        CargoPackage.new(package, logger: logger)
+      end
+    end
+
+    def self.package_management_command
+      'cargo'
+    end
+
+    def self.prepare_command
+      'cargo fetch'
+    end
+
+    def possible_package_paths
+      [project_path.join('Cargo.lock'), project_path.join('Cargo.toml')]
+    end
+
+    private
+
+    def cargo_output
+      command = "#{Cargo.package_management_command} metadata --format-version=1"
+
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      JSON(stdout)
+        .fetch('packages', [])
+    end
+  end
+end

data/lib/license_finder/package_managers/go_workspace.rb

@@ -1,5 +1,4 @@
 require 'json'
-
 module LicenseFinder
   class GoWorkspace < PackageManager
     Submodule = Struct.new :install_path, :revision
@@ -8,6 +7,7 @@ module LicenseFinder
     def initialize(options = {})
       super
       @full_version = options[:go_full_version]
+      @strict_matching = options[:strict_matching]
     end
 
     def self.package_management_command
@@ -38,6 +38,7 @@ module LicenseFinder
     end
 
     def active?
+      return false if @strict_matching
       godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path))
       # go workspace is only active if GoDep wasn't. There are some projects
       # that will use the .envrc and have a Godep folder as well.

data/lib/license_finder/package_managers/pip.rb

@@ -1,5 +1,5 @@
 require 'json'
-require 'httparty'
+require 'net/http'
 
 module LicenseFinder
   class Pip < PackageManager
@@ -55,12 +55,11 @@ module LicenseFinder
     end
 
     def pypi_def(name, version)
-      response = HTTParty.get("https://pypi.python.org/pypi/#{name}/#{version}/json")
-      if response.code == 200
-        JSON.parse(response.body).fetch('info', {})
-      else
-        {}
-      end
+      uri = URI("https://pypi.org/pypi/#{name}/#{version}/json")
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      response = http.get(uri.request_uri).response
+      response.is_a?(Net::HTTPSuccess) ? JSON.parse(response.body).fetch('info', {}) : {}
     end
   end
 end

data/lib/license_finder/packages/cargo_package.rb

@@ -0,0 +1,22 @@
+module LicenseFinder
+  class CargoPackage < Package
+    def initialize(crate, options = {})
+      crate = crate.reject { |_, v| v.nil? || v == '' }
+      children = crate.fetch('dependencies', []).map { |p| p['name'] }
+      licenses = crate.fetch('license', '').split('/')
+      super(
+        crate['name'],
+        crate['version'],
+        options.merge(
+          summary: crate.fetch('description', '').strip,
+          spec_licenses: licenses.compact,
+          children: children
+        )
+      )
+    end
+
+    def package_manager
+      'Cargo'
+    end
+  end
+end

data/lib/license_finder/project_finder.rb

@@ -1,7 +1,8 @@
 module LicenseFinder
   class ProjectFinder
-    def initialize(main_project_path)
+    def initialize(main_project_path, strict_matching = false)
       @package_managers = LicenseFinder::Scanner::PACKAGE_MANAGERS
+      @strict_matching = strict_matching
       @main_project_path = main_project_path
     end
 
@@ -41,7 +42,7 @@ module LicenseFinder
 
     def active_project?(project_path)
       active_project = @package_managers.map do |pm|
-        pm.new(project_path: project_path).active?
+        pm.new(project_path: project_path, strict_matching: @strict_matching).active?
       end
       active_project.include?(true)
     end

data/lib/license_finder/scanner.rb

@@ -1,7 +1,7 @@
 module LicenseFinder
   class Scanner
     PACKAGE_MANAGERS = [GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Dep, Bundler, NPM, Pip,
-                        Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt].freeze
+                        Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Nuget, Carthage, Mix, Conan, Sbt, Cargo].freeze
 
     def initialize(config = { project_path: Pathname.new('') })
       @config = config

data/lib/license_finder/version.rb

@@ -1,3 +1,3 @@
 module LicenseFinder
-  VERSION = '5.2.3'.freeze
+  VERSION = '5.3.0'.freeze
 end

data/license_finder.gemspec

@@ -46,7 +46,6 @@ Gem::Specification.new do |s|
   s.license = 'MIT'
 
   s.add_dependency 'bundler'
-  s.add_dependency 'httparty'
   s.add_dependency 'rubyzip'
   s.add_dependency 'thor'
   s.add_dependency 'toml', '0.2.0'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 5.2.3
+  version: 5.3.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-14 00:00:00.000000000 Z
+date: 2018-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -43,20 +43,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: httparty
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -373,6 +359,7 @@ files:
 - lib/license_finder/package_manager.rb
 - lib/license_finder/package_managers/bower.rb
 - lib/license_finder/package_managers/bundler.rb
+- lib/license_finder/package_managers/cargo.rb
 - lib/license_finder/package_managers/carthage.rb
 - lib/license_finder/package_managers/cocoa_pods.rb
 - lib/license_finder/package_managers/conan.rb
@@ -402,6 +389,7 @@ files:
 - lib/license_finder/package_utils/sbt_dependency_finder.rb
 - lib/license_finder/packages/bower_package.rb
 - lib/license_finder/packages/bundler_package.rb
+- lib/license_finder/packages/cargo_package.rb
 - lib/license_finder/packages/carthage_package.rb
 - lib/license_finder/packages/cocoa_pods_package.rb
 - lib/license_finder/packages/conan_package.rb
@@ -456,7 +444,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.