license_finder 6.6.1 → 6.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee81cbd6066d49c1b93db3632b2d67f23e4fb902acb36c0de7c325d5de34646f
-  data.tar.gz: a419dca63dc18e5cc1729ae19121df28017454ecaade8988ed50461c796d5a17
+  metadata.gz: 48bb96da32ab1ac5f0ee5f3a61e35a546c7666794348b6055fafbdcd2afb9067
+  data.tar.gz: c712efcd6787e0747ea1d2975ef719f74ee5e27eb2664dc0f0d1d0f681f62fe2
 SHA512:
-  metadata.gz: f4d1ddc619a4216629b35e902a17c59f04ea65de6cce867c9cbfcddfb95281d23879bb595b202d867e388dd5f6f6d5ac68f7fa813a111c27b122aaa353ca6d1a
-  data.tar.gz: 5ec2d9e6f798b53870cf6e7196be92d0a596d58d459de70b585f68f8d8e618d8a98a6b91ded3991ed42f4f9a1793496fc9d7db34966900570201eac77ddc1e6e
+  metadata.gz: 204084155100a9da1d8511db5173bfd138f1247c2fd0ed6a5c967a4da7c01b4a3db7352b8e55d98dd82cc68b4460d48daee400531e8a34605ca54046f66065a6
+  data.tar.gz: 0db4e9e0660b01393a9f142c6f320a526e366cd1e4831097170f954a2496cf2fbb9cbb1fcff9d8f188ca7e5bfccec34ae8c1ab8cfd7c4b3c5815a33b924b61d1

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+# [6.6.2] / 2020-07-09
+
+### Added
+* support for rebar3 [Removed] support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
+
+### Fixed
+* handle empty case for mix dependencies [#173637843] - [fc34b281](https://github.com/pivotal/LicenseFinder/commit/fc34b2813925a709addde675849e199b05fc4a23) - Jeff Jun
+
+### Removed
+[Added] support for rebar3 * support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
+
 # [6.6.1] / 2020-06-30
 
 ### Changed
@@ -885,3 +896,4 @@ Bugfixes:
 [6.5.0]: https://github.com/pivotal/LicenseFinder/compare/v6.4.0...v6.5.0
 [6.6.0]: https://github.com/pivotal/LicenseFinder/compare/v6.5.0...v6.6.0
 [6.6.1]: https://github.com/pivotal/LicenseFinder/compare/v6.6.0...v6.6.1
+[6.6.2]: https://github.com/pivotal/LicenseFinder/compare/v6.6.1...v6.6.2

data/Dockerfile

@@ -48,11 +48,13 @@ ENV JAVA_HOME=/opt/jdk-12.0.2
 ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
 
-# install python and rebar
-RUN apt-get install -y python rebar
+# install rebar3
+RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
+    sudo chmod +x rebar3 && \
+    sudo mv rebar3 /usr/local/bin/rebar3
 
-# install and update python-pip
-RUN apt-get install -y python-pip python3-pip && \
+# install and update python and python-pip
+RUN apt-get install -y python python-pip python3-pip && \
     pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION  && \
     pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
 
@@ -157,7 +159,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
     apt-get update &&\
     apt-get install -y php7.4-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
-    php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
+    php -r "if (hash_file('sha384', 'composer-setup.php') === 'e5325b19b381bfd88ce90a5ddb7823406b2a38cff6bb704b0acc289a09c8128d4a8ce2bbafcd1fcbdc38666422fe2806') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
     php -r "unlink('composer-setup.php');" &&\
     mv composer.phar /usr/bin/composer

data/README.md

@@ -43,7 +43,7 @@ and give you an actionable exception report.
 
 ### Experimental project types
 
-* Erlang (via `rebar`)
+* Erlang (via `rebar3`)
 * Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
 * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
 * Elixir (via `mix`)
@@ -175,7 +175,7 @@ languages, as long as that language has a package definition in the project dire
 * `bower.json` (for `bower`)
 * `Podfile` (for `pod`)
 * `Cartfile` (for `carthage`)
-* `rebar.config` (for `rebar`)
+* `rebar.config` (for `rebar3`)
 * `mix.exs` (for `mix`)
 * `packages/` directory (for `nuget`)
 * `*.csproj` (for `dotnet`)
@@ -183,7 +183,7 @@ languages, as long as that language has a package definition in the project dire
 * `glide.lock` file (for `glide`)
 * `vendor/vendor.json` file (for `govendor`)
 * `Gopkg.lock` file (for `dep`)
-* `go.sum` file (for `go mod`)
+* `go.mod` file (for `go mod`)
 * `vendor.conf` file (for `trash`)
 * `yarn.lock` file (for `yarn`)
 * `conanfile.txt` file (for `conan`)
@@ -412,7 +412,7 @@ If you have a gradle project, you can invoke gradle with a custom script by
 passing (for example) `--gradle_command gradlew` to `license_finder` or
 `license_finder report`.
 
-Similarly you can invoke a custom rebar script with `--rebar_command rebar2`.
+Similarly you can invoke a custom rebar script with `--rebar_command rebar`.
 If you store rebar dependencies in a custom directory (by setting `deps_dir` in
 `rebar.config`), set `--rebar_deps_dir`.
 

data/VERSION

@@ -1 +1 @@
-6.6.1
+6.6.2

data/lib/license_finder/configuration.rb

@@ -35,7 +35,7 @@ module LicenseFinder
     end
 
     def rebar_deps_dir
-      path = get(:rebar_deps_dir) || 'deps'
+      path = get(:rebar_deps_dir) || '_build/default/lib'
       project_path.join(path).expand_path
     end
 

data/lib/license_finder/decisions.rb

@@ -190,7 +190,7 @@ module LicenseFinder
     def inherit_from(filepath_info)
       decisions =
         if filepath_info.is_a?(Hash)
-          open_uri(filepath_info['url'], filepath_info['authorization']).read
+          resolve_inheritance(filepath_info)
         elsif filepath_info =~ %r{^https?://}
           open_uri(filepath_info).read
         else
@@ -202,6 +202,22 @@ module LicenseFinder
       restore_inheritance(decisions)
     end
 
+    def resolve_inheritance(filepath_info)
+      if (gem_name = filepath_info['gem'])
+        Pathname(gem_config_path(gem_name, filepath_info['path'])).read
+      else
+        open_uri(filepath_info['url'], filepath_info['authorization']).read
+      end
+    end
+
+    def gem_config_path(gem_name, relative_config_path)
+      spec = Gem::Specification.find_by_name(gem_name)
+      File.join(spec.gem_dir, relative_config_path)
+    rescue Gem::LoadError => e
+      raise Gem::LoadError,
+            "Unable to find gem #{gem_name}; is the gem installed? #{e}"
+    end
+
     def remove_inheritance(filepath)
       @decisions -= [[:inherit_from, filepath]]
       @inherited_decisions.delete(filepath)

data/lib/license_finder/license.rb

@@ -88,7 +88,8 @@ module LicenseFinder
       @url = nil
       @matcher = NoneMatcher.new
       # removes heading and trailing parentesis and splits
-      names = name[1..-2].split(operator)
+      name = name[1..-2] if name.start_with?('(')
+      names = name.split(operator)
       @sub_licenses = names.map do |sub_name|
         License.find_by_name(sub_name)
       end

data/lib/license_finder/package_managers/go_modules.rb

@@ -4,7 +4,7 @@ require 'license_finder/packages/go_package'
 
 module LicenseFinder
   class GoModules < PackageManager
-    PACKAGES_FILE = 'go.sum'
+    PACKAGES_FILE = 'go.mod'
 
     class << self
       def takes_priority_over
@@ -12,12 +12,8 @@ module LicenseFinder
       end
     end
 
-    def prepare_command
-      'GO111MODULE=on go mod tidy && GO111MODULE=on go mod vendor'
-    end
-
     def active?
-      sum_files?
+      mod_files?
     end
 
     def current_packages
@@ -33,19 +29,44 @@ module LicenseFinder
     private
 
     def packages_info
-      info_output, stderr, _status = Cmd.run("GO111MODULE=on go list -m -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      if stderr =~ Regexp.compile("can't compute 'all' using the vendor directory")
-        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -m -mod=mod -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      end
+      Dir.chdir(project_path) do
+        # Explanations:
+        # * Only list dependencies (packages not listed in the project directory)
+        #   (.DepOnly)
+        # * Ignore standard library packages
+        #   (not .Standard)
+        # * Replacement modules are respected
+        #   (or .Module.Replace .Module)
+        # * Module cache directory or (vendored) package directory
+        #   (or $mod.Dir .Dir)
+        format_str = \
+          '{{ if and (.DepOnly) (not .Standard) }}'\
+            '{{ $mod := (or .Module.Replace .Module) }}'\
+            '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
+          '{{ end }}'
 
-      info_output.split("\n")
+        # The module list flag (`-m`) is intentionally not used here. If the module
+        # dependency tree were followed, transitive dependencies that are never imported
+        # may be included.
+        #
+        # Instead, the owning module is listed for each imported package. This better
+        # matches the implementation of other Go package managers.
+        #
+        # TODO: Figure out a way to make the vendor directory work (i.e. remove the
+        # -mod=readonly flag). Each of the imported packages gets listed separatly,
+        # confusing the issue as to which package is the root of the module.
+        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./...")
+
+        # Since many packages may belong to a single module, #uniq is used to deduplicate
+        info_output.split("\n").uniq
+      end
     end
 
-    def sum_files?
-      sum_file_paths.any?
+    def mod_files?
+      mod_file_paths.any?
     end
 
-    def sum_file_paths
+    def mod_file_paths
       Dir[project_path.join(PACKAGES_FILE)]
     end
 

data/lib/license_finder/package_managers/mix.rb

@@ -96,7 +96,7 @@ module LicenseFinder
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       packages_lines(stdout)
-        .reject { |package_lines| package_lines.length == 1 } # in_umbrella: true dependencies
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
         .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
     end
 

data/lib/license_finder/package_managers/rebar.rb

@@ -5,23 +5,25 @@ module LicenseFinder
     def initialize(options = {})
       super
       @command = options[:rebar_command] || package_management_command
-      @deps_path = Pathname(options[:rebar_deps_dir] || 'deps')
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
     end
 
     def current_packages
-      rebar_ouput.map do |name, version_type, version_value, homepage|
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
         RebarPackage.new(
           name,
-          "#{version_type}: #{version_value}",
+          version,
           install_path: @deps_path.join(name),
           homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
           logger: logger
         )
       end
     end
 
     def package_management_command
-      'rebar'
+      'rebar3'
     end
 
     def possible_package_paths
@@ -30,15 +32,34 @@ module LicenseFinder
 
     private
 
-    def rebar_ouput
-      command = "#{@command} list-deps"
+    def rebar_deps
+      command = "#{@command} tree"
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       stdout
         .each_line
-        .reject { |line| line.start_with?('=') }
-        .map { |line| line.split(' ') }
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+
+      licenses = nil
+      homepage = nil
+
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+
+      [licenses, homepage]
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.6.1
+  version: 6.6.2
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-30 00:00:00.000000000 Z
+date: 2020-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler