license_scout 1.3.7 → 2.0.2

data/lib/license_scout/dependency.rb

@@ -16,18 +16,90 @@
 #
 
 module LicenseScout
-  Dependency = Struct.new(:name, :version, :license, :license_files, :dep_mgr_name) do
+  class Dependency
 
+    attr_reader :name
+
+    attr_reader :version
+
+    attr_reader :path
+
+    attr_reader :type
+
+    attr_reader :license
+
+    def initialize(name, version, path, type)
+      @name = name
+      @version = version
+      @path = path
+      @type = type
+
+      if path.nil?
+        @license = LicenseScout::License.new
+      elsif path =~ /^http/ || File.directory?(path)
+        @license = LicenseScout::License.new(path)
+      else
+        raise LicenseScout::Exceptions::MissingSourceDirectory.new("Could not find the source for '#{name}' in the following directories:\n\t * #{path}")
+      end
+
+      fallbacks = LicenseScout::Config.fallbacks.send(type.to_sym).select { |f| f["name"] =~ uid_regexp }
+      fallbacks.each do |fallback|
+        license.add_license(fallback["license_id"], "license_scout fallback", fallback["license_file"], force: true)
+      end
+    end
+
+    # @return [String] The UID for this dependency. Example: bundler (1.16.1)
+    def uid
+      "#{name} (#{version})"
+    end
+
+    # @return [Regexp] The regular expression that can be used to identify this dependency
+    def uid_regexp
+      Regexp.new("#{Regexp.escape(name)}(\s+\\(#{Regexp.escape(version)}\\))?")
+    end
+
+    def exceptions
+      @exceptions ||= LicenseScout::Config.exceptions.send(type.to_sym).select { |e| e["name"] =~ uid_regexp }
+    end
+
+    # Capture a license that was specified in metadata
+    #
+    # @param license_id [String] The license as specified in the metadata file
+    # @param source [String] Where we found the license info
+    # @param contents_url [String] Where we can find the contents of the license
+    #
+    # @return [void]
+    def add_license(license_id, source, contents_url = nil)
+      LicenseScout::Log.debug("[#{type}] Adding #{license_id} license for #{name} from #{source}")
+      license.add_license(license_id, source, contents_url, {})
+    end
+
+    # Determine if this dependency has an exception. Will match an exception for both the name and the name+version
+    def has_exception?
+      exceptions.any?
+    end
+
+    def exception_reason
+      if has_exception?
+        exceptions.first.dig("reason")
+      else
+        nil
+      end
+    end
+
+    # Be able to sort dependencies by type, then name, then version
+    def <=>(other)
+      "#{type}#{name}#{version}" <=> "#{other.type}#{other.name}#{other.version}"
+    end
+
+    # @return [Boolean] Whether or not this object is equal to another one. Used for Set uniqueness.
     def eql?(other)
-      other.is_a?(self.class) && other.hash == hash
+      other.kind_of?(self.class) && other.hash == hash
     end
 
-    # hash code for when Dependency is used as a key in a Hash or member of a
-    # Set. The implementation is somewhat naive, but will work fine if you
-    # don't go too crazy mixing different types.
+    # @return [Integer] A hashcode that can be used to idenitfy this object. Used for Set uniqueness.
     def hash
-      [dep_mgr_name, name, version, license].hash
+      [type, name, version].hash
     end
-
   end
 end

data/lib/license_scout/dependency_manager/base.rb

@@ -15,58 +15,90 @@
 # limitations under the License.
 #
 
+require "licensee"
 require "license_scout/dependency"
-require "license_scout/license_file_analyzer"
 
 module LicenseScout
+  # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing
+  # when a dependency manager such as Bundler, Rebar, Berkshelf, etc is managing dependencies for source code
+  # in the given directory.
   module DependencyManager
     class Base
 
-      POSSIBLE_LICENSE_FILES = %w{
-        LICENSE
-        LICENSE.txt
-        LICENSE.TXT
-        LICENSE.md
-        LICENSE.mkd
-        LICENSE.rdoc
-        License
-        License.text
-        License.txt
-        License.md
-        License.rdoc
-        Licence.rdoc
-        Licence.md
-        license
-        LICENCE
-        licence
-        license.md
-        licence.md
-        APACHE.LICENSE
-        MIT-LICENSE
-        MIT-LICENSE.txt
-        LICENSE.MIT
-        LICENSE-MIT
-        LICENSE-MIT.txt
-        LGPL-2.1
-        COPYING.txt
-        COPYING
-        BSD_LICENSE
-        LICENSE.BSD
-        UNLICENSE
-      }.freeze
+      attr_reader :directory
 
-      attr_reader :project_dir
-      attr_reader :options
+      # @param directory [String] The fully-qualified path to the directory to be inspected
+      def initialize(directory)
+        @directory = directory
+        @deps = nil
+      end
+
+      # The unique name of this Dependency Manager. In general, the name should follow the `<TYPE>_<NAME` pattern where:
+      #   * <TYPE> is the value of DependencyManager#type
+      #   * <NAME> is the name of the dependency manager.
+      #
+      # @example Go's various package managers
+      #   Name        Reference
+      #   --------    -----------------------------------------------
+      #   go_dep      [`godep`](https://github.com/tools/godep)
+      #   go_godep    [`dep`](https://github.com/golang/dep)
+      #   go_glide    [`glide`](https://github.com/Masterminds/glide)
+      #
+      # @return [String]
+      def name
+        raise LicenseScout::Exceptions::Error.new("All DependencyManagers must have a `#name` method")
+      end
+
+      # The "type" of dependencies this manager manages. This can be the language, tool, etc.
+      #
+      # @return [String]
+      def type
+        raise LicenseScout::Exceptions::Error.new("All DependencyManagers must have a `#type` method")
+      end
+
+      # A human-readable description of the files/folders that indicate this dependency manager is in use.
+      #
+      # @return [String]
+      def signature
+        raise LicenseScout::Exceptions::Error.new("All DependencyManagers must have a `#signature` method")
+      end
+
+      # Whether or not we were able to detect that this dependency manager is currently in use in our directory
+      #
+      # @return [Boolean]
+      def detected?
+        raise LicenseScout::Exceptions::Error.new("All DependencyManagers must have a `#detected?` method")
+      end
 
-      def initialize(project_dir, options)
-        @project_dir = project_dir
-        @options = options
+      # The command to run to install dependency if one or more is missing
+      #
+      # @return [String]
+      def install_command
+        raise LicenseScout::Exceptions::Error.new("All DependencyManagers must have a `#install_command` method")
       end
 
-      def create_dependency(dep_name, version, license, license_files, dep_mgr_name = name)
-        # add name of the dependency manager `name` to the dependency we are
-        # creating.
-        Dependency.new(dep_name, version, license, license_files, dep_mgr_name)
+      # Implementation's of this method in sub-classes are the methods that are responsible for all
+      # the heavy-lifting when it comes to determining the dependencies (and their licenses).
+      # They should return an array of `LicenseScout::Dependency`.
+      #
+      # @return [Array<LicenseScout::Dependency>]
+      def dependencies
+        []
+      end
+
+      private
+
+      # A helper that allows you to quickly create a new Dependency (with the type)
+      #
+      # @param name [String] The name of the dependency
+      # @param version [String] The version of the dependency
+      # @param path [String] The path to the dependency on the local system
+      #
+      # @return [LicenseScout::Dependency]
+      # @api private
+      def new_dependency(name, version, path)
+        LicenseScout::Log.debug("[#{type}] Found #{name} #{version}#{" #{path}" unless path.nil?}")
+        Dependency.new(name, version, path, type)
       end
     end
   end

data/lib/license_scout/dependency_manager/berkshelf.rb

@@ -25,14 +25,16 @@ module LicenseScout
         "chef_berkshelf"
       end
 
-      def berkshelf_available?
-        begin
-          require "berkshelf"
-        rescue LoadError
-          return false
-        end
+      def type
+        "chef_cookbook"
+      end
 
-        true
+      def signature
+        "Berksfile and Berksfile.lock files"
+      end
+
+      def install_command
+        "berks install"
       end
 
       def detected?
@@ -41,13 +43,12 @@ module LicenseScout
 
       def dependencies
         unless berkshelf_available?
-          raise LicenseScout::Exceptions::Error.new "Project at '#{project_dir}' is a Berkshelf project but berkshelf gem is not available in your bundle. Add berkshelf to your bundle in order to collect licenses for this project."
+          raise LicenseScout::Exceptions::Error.new("Project at '#{directory}' is a Berkshelf project but berkshelf gem is not available in your bundle. Add berkshelf to your bundle in order to collect licenses for this project.")
         end
 
-        dependencies = []
-        cookbook_dependencies = nil
+        cookbook_dependencies = []
 
-        Dir.chdir(project_dir) do
+        Dir.chdir(directory) do
           berksfile = ::Berkshelf::Berksfile.from_file("./Berksfile")
 
           # Berkshelf should not give an error when there are cookbooks in the
@@ -59,56 +60,30 @@ module LicenseScout
           cookbook_dependencies = berksfile.list
         end
 
-        cookbook_dependencies.each do |dep|
-          dependency_name = dep.name
-          dependency_version = dep.cached_cookbook.version
-
-          dependency_license_files = auto_detect_license_files(dep.cached_cookbook.path.to_s)
-
-          # Check license override and license_files override separately since
-          # only one might be set in the overrides.
-          dependency_license = options.overrides.license_for(name, dependency_name, dependency_version) || dep.cached_cookbook.license
-
-          override_license_files = options.overrides.license_files_for(name, dependency_name, dependency_version)
-          cookbook_path = dep.cached_cookbook.path.to_s
+        cookbook_dependencies.map do |dep|
+          new_dependency(dep.name, dep.cached_cookbook.version, dep.cached_cookbook.path.to_s)
+        end.compact
+      end
 
-          if override_license_files.empty?
-            dependency_license_files = auto_detect_license_files(cookbook_path)
-          else
-            dependency_license_files = override_license_files.resolve_locations(cookbook_path)
-          end
+      private
 
-          dependencies << create_dependency(
-            dependency_name,
-            dependency_version,
-            dependency_license,
-            dependency_license_files
-          )
+      def berkshelf_available?
+        begin
+          require "berkshelf"
+        rescue LoadError
+          return false
         end
 
-        dependencies
+        true
       end
 
-      private
-
       def berksfile_path
-        File.join(project_dir, "Berksfile")
+        File.join(directory, "Berksfile")
       end
 
       def lockfile_path
-        File.join(project_dir, "Berksfile.lock")
+        File.join(directory, "Berksfile.lock")
       end
-
-      def auto_detect_license_files(cookbook_path)
-        unless File.exist?(cookbook_path)
-          raise LicenseScout::Exceptions::InaccessibleDependency.new "Autodetected cookbook path '#{cookbook_path}' does not exist"
-        end
-
-        Dir.glob("#{cookbook_path}/*").select do |f|
-          POSSIBLE_LICENSE_FILES.include?(File.basename(f))
-        end
-      end
-
     end
   end
 end

data/lib/license_scout/dependency_manager/bundler/_bundler_script.rb

@@ -30,7 +30,7 @@
 require "bundler/setup"
 
 # We're only using things that are in the stdlib.
-require "json" unless defined?(JSON)
+require "json"
 
 dependencies = []
 

data/lib/license_scout/dependency_manager/bundler.rb

@@ -16,13 +16,11 @@
 #
 
 require "license_scout/dependency_manager/base"
-require "license_scout/net_fetcher"
-require "license_scout/exceptions"
 
 require "bundler"
-require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
-require "ffi_yajl" unless defined?(FFI_Yajl)
-require "pathname" unless defined?(Pathname)
+require "mixlib/shellout"
+require "ffi_yajl"
+require "pathname"
 
 module LicenseScout
   module DependencyManager
@@ -32,6 +30,18 @@ module LicenseScout
         "ruby_bundler"
       end
 
+      def type
+        "ruby"
+      end
+
+      def signature
+        "Gemfile and Gemfile.lock files"
+      end
+
+      def install_command
+        "bundle install"
+      end
+
       def detected?
         # We check the existence of both Gemfile and Gemfile.lock. We need both
         # of them to be able to get a concrete set of dependencies which we can
@@ -42,13 +52,40 @@ module LicenseScout
         File.exist?(gemfile_path) && File.exist?(lockfile_path)
       end
 
+      def dependencies
+        dependency_data.map do |gem_data|
+          dep_name = gem_data["name"]
+          dep_version = gem_data["version"]
+
+          dep_path = if dep_name == "bundler"
+                       # Bundler is weird. It inserts itself as a dependency, but is a
+                       # special case, so rubygems cannot correctly report the license.
+                       # Additionally, rubygems reports the gem path as a path inside
+                       # bundler's lib/ dir, so we have to munge it.
+                       "https://github.com/bundler/bundler"
+                     elsif dep_name == "json"
+                       # json is different weird. When project is using the json that is prepackaged with
+                       # Ruby, its included not as a full fledged gem but an *.rb file at:
+                       # /opt/opscode/embedded/lib/ruby/2.2.0/json.rb
+                       # Because of this its license is reported as nil and its license files can not be
+                       # found. That is why we need to provide them manually here.
+                       "https://github.com/flori/json"
+                     else
+                       gem_data["path"]
+                     end
+
+          new_dependency(dep_name, dep_version, dep_path)
+        end.compact
+      end
+
+      private
+
       def dependency_data
         bundler_script = File.join(File.dirname(__FILE__), "bundler/_bundler_script.rb")
 
-        Dir.chdir(project_dir) do
+        Dir.chdir(directory) do
           json_dep_data = with_clean_env do
-            ruby_bin_path = options.ruby_bin || "ruby"
-            s = Mixlib::ShellOut.new("#{ruby_bin_path} #{bundler_script}", environment: options.environment)
+            s = Mixlib::ShellOut.new("#{LicenseScout::Config.ruby_bin} #{bundler_script}", environment: LicenseScout::Config.environment)
             s.run_command
             s.error!
             s.stdout
@@ -57,55 +94,6 @@ module LicenseScout
         end
       end
 
-      def dependencies
-        dependencies = []
-        dependency_data.each do |gem_data|
-          dependency_name = gem_data["name"]
-          dependency_version = gem_data["version"]
-          dependency_license = nil
-          dependency_license_files = []
-
-          if dependency_name == "bundler"
-            # Bundler is weird. It inserts itself as a dependency, but is a
-            # special case, so rubygems cannot correctly report the license.
-            # Additionally, rubygems reports the gem path as a path inside
-            # bundler's lib/ dir, so we have to munge it.
-            dependency_license = "MIT"
-            dependency_license_files = [File.join(File.dirname(__FILE__), "bundler/LICENSE.md")]
-          elsif dependency_name == "json"
-            # json is different weird. When project is using the json that is prepackaged with
-            # Ruby, its included not as a full fledged gem but an *.rb file at:
-            # /opt/opscode/embedded/lib/ruby/2.2.0/json.rb
-            # Because of this its license is reported as nil and its license files can not be
-            # found. That is why we need to provide them manually here.
-            dependency_license = "Ruby"
-            dependency_license_files = [File.join(File.dirname(__FILE__), "json/README.md")]
-          else
-            # Check license override and license_files override separately since
-            # only one might be set in the overrides.
-            dependency_license = options.overrides.license_for(name, dependency_name, dependency_version) || gem_data["license"]
-
-            override_license_files = options.overrides.license_files_for(name, dependency_name, dependency_version)
-            if override_license_files.empty?
-              dependency_license_files = auto_detect_license_files(gem_data["path"])
-            else
-              dependency_license_files = override_license_files.resolve_locations(gem_data["path"])
-            end
-          end
-
-          dependencies << create_dependency(
-            dependency_name,
-            dependency_version,
-            dependency_license,
-            dependency_license_files
-          )
-        end
-
-        dependencies
-      end
-
-      private
-
       #
       # Execute the given command, removing any Ruby-specific environment
       # variables. This is an "enhanced" version of +Bundler.with_clean_env+,
@@ -142,22 +130,12 @@ module LicenseScout
         ENV.replace(original.to_hash)
       end
 
-      def auto_detect_license_files(gem_path)
-        unless File.exist?(gem_path)
-          raise LicenseScout::Exceptions::InaccessibleDependency.new "Autodetected gem path '#{gem_path}' does not exist"
-        end
-
-        Dir.glob("#{gem_path}/*").select do |f|
-          POSSIBLE_LICENSE_FILES.include?(File.basename(f))
-        end
-      end
-
       def gemfile_path
-        File.join(project_dir, "Gemfile")
+        File.join(directory, "Gemfile")
       end
 
       def lockfile_path
-        File.join(project_dir, "Gemfile.lock")
+        File.join(directory, "Gemfile.lock")
       end
 
     end