license_scout 2.5.0 → 2.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8f29370aa4433c28361002a6e01527d036ce7b2c432a29f5f0824b0be8e50b7e
4
- data.tar.gz: f54b8c5e6bb9752b0137abb871068b98d7215611c3d9397f812ea4f73a0fb2e5
3
+ metadata.gz: 12546f70b9afac3b276e1cddfec8c3b542a0935f284d32662e5835310b7af58e
4
+ data.tar.gz: 4097ca31ec4632da0b3951c054fb026909551c16824f98eae8636da2f2ca2e36
5
5
  SHA512:
6
- metadata.gz: d4a2d99ab4ddd0541e9fe0899072d187fc2fb87b8c4da4194d113c414f173e010052a947a51f4017ab4ccb3b106d97379994aed61fa75e152b4f612c78061945
7
- data.tar.gz: 8f1b6f27816f43c994ddf0608b88462ead8d8e4f2a3e1d088b4c14621c2ec3ae239ee012cb69822421b2f67bf30cc885b156c6185125ddfccbc86d39f653f0f8
6
+ metadata.gz: 7e69e0a750cbbd2eb17fcbd31246bb04d7582b37ec739eb864f1e007833c849575f5ab2fce2d97f33e89cc4093e0979642cb6a386223c17e63a41140590f26a1
7
+ data.tar.gz: 9db2e984ec8290cf4128dd69051de1d3c4e6140972052cfc084e35d10000d82f69d4a1e0f750067890bcd4590a61f12f61ce10e6e8de8557c5321f70803579c6
data/bin/license_scout CHANGED
@@ -16,7 +16,7 @@
16
16
  # limitations under the License.
17
17
  #
18
18
 
19
- $:.unshift File.expand_path("../../lib", __FILE__)
19
+ $:.unshift File.expand_path("../lib", __dir__)
20
20
 
21
21
  require "license_scout"
22
22
 
@@ -15,9 +15,9 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "zlib" # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
18
+ require "zlib" unless defined?(Zlib) # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
19
19
 
20
- require "mixlib/cli"
20
+ require "mixlib/cli" unless defined?(Mixlib::CLI)
21
21
  require "license_scout/config"
22
22
  require "license_scout/exporter"
23
23
  require "license_scout/collector"
@@ -85,7 +85,7 @@ module LicenseScout
85
85
 
86
86
  LicenseScout::Config.config_files.each do |config_file|
87
87
  if config_file =~ /^http/
88
- require "open-uri"
88
+ require "open-uri" unless defined?(OpenURI)
89
89
 
90
90
  LicenseScout::Log.info("[cli] Loading config from #{config_file}")
91
91
 
@@ -15,8 +15,8 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "mixlib/config"
19
- require "tmpdir"
18
+ require "mixlib/config" unless defined?(Mixlib::Config)
19
+ require "tmpdir" unless defined?(Dir.mktmpdir)
20
20
 
21
21
  require "license_scout/exceptions"
22
22
  require "license_scout/log"
@@ -20,14 +20,14 @@ require "license_scout/dependency"
20
20
  require "license_scout/exceptions"
21
21
 
22
22
  require "bundler"
23
- require "ffi_yajl"
24
- require "net/http"
25
- require "mixlib/shellout"
26
- require "pathname"
23
+ require "ffi_yajl" unless defined?(FFI_Yajl)
24
+ require "net/http" unless defined?(Net::HTTP)
25
+ require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
26
+ require "pathname" unless defined?(Pathname)
27
27
  require "psych"
28
- require "set"
28
+ require "set" unless defined?(Set)
29
29
  require "toml-rb"
30
- require "yaml"
30
+ require "yaml" unless defined?(YAML)
31
31
 
32
32
  module LicenseScout
33
33
  # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing
@@ -57,8 +57,27 @@ module LicenseScout
57
57
  File.join(directory, "go.sum")
58
58
  end
59
59
 
60
+ def vendor_dir
61
+ File.join(directory, "vendor")
62
+ end
63
+
64
+ def modules_txt_file
65
+ File.join(vendor_dir, "modules.txt")
66
+ end
67
+
60
68
  def go_modules
61
- FFI_Yajl::Parser.parse(go_modules_json)
69
+ if vendor_mode
70
+ GoModulesTxtParser.parse(File.read(modules_txt_file), vendor_dir)
71
+ else
72
+ FFI_Yajl::Parser.parse(go_modules_json)
73
+ end
74
+ end
75
+
76
+ def vendor_mode
77
+ if @vendor_mode.nil?
78
+ @vendor_mode = File.directory?(vendor_dir)
79
+ end
80
+ @vendor_mode
62
81
  end
63
82
 
64
83
  def go_modules_json
@@ -69,4 +88,26 @@ module LicenseScout
69
88
  end
70
89
  end
71
90
  end
91
+
92
+ module GoModulesTxtParser
93
+ # The modules.txt file has lines that look like:
94
+ #
95
+ # # gopkg.in/square/go-jose.v2 v2.1.3
96
+ #
97
+ # We parse these lines and return something that looks like `go
98
+ # list -m -json all` output.
99
+ def self.parse(data, base_path)
100
+ data.lines.map do |l|
101
+ if l.start_with?("#")
102
+ parts = l.split
103
+ {
104
+ "Main" => false,
105
+ "Path" => parts[1],
106
+ "Version" => parts[2],
107
+ "Dir" => File.join(base_path, parts[1]),
108
+ }
109
+ end
110
+ end.compact
111
+ end
112
+ end
72
113
  end
@@ -46,28 +46,38 @@ module LicenseScout
46
46
  def dependencies
47
47
  tdeps = Set.new(pkg_deps)
48
48
 
49
- pkg_deps.each do |pkg_dep|
50
- pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
51
- end
52
-
53
- tdeps.sort.map do |tdep|
54
- o, n, v, r = tdep.split("/")
55
- dep_name = "#{o}/#{n}"
56
- dep_version = "#{v}-#{r}"
57
-
58
- dependency = new_dependency(dep_name, dep_version, nil)
59
-
60
- license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
61
- # We hard code the channel to "unstable" because a package could be
62
- # demoted from any given channel except unstable in the future and
63
- # we want the url metadata to be stable in order to give end users
64
- # the ability to self-audit licenses
65
- # tl;dr, we want a permalink not a nowlink
66
- dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
49
+ if pkg_deps.any?
50
+ pkg_deps.each do |pkg_dep|
51
+ unless pkg_info(pkg_dep).nil?
52
+ pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
53
+ end
67
54
  end
68
55
 
69
- dependency
70
- end.compact
56
+ tdeps.delete(nil)
57
+
58
+ tdeps.sort.map do |tdep|
59
+ o, n, v, r = tdep.split("/")
60
+ dep_name = "#{o}/#{n}"
61
+ dep_version = "#{v}-#{r}"
62
+
63
+ dependency = new_dependency(dep_name, dep_version, nil)
64
+
65
+ if pkg_info(tdep).nil?
66
+ LicenseScout::Log.warn("Could not find information for #{tdep} -- skipping")
67
+ else
68
+ license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
69
+ # We hard code the channel to "unstable" because a package could be
70
+ # demoted from any given channel except unstable in the future and
71
+ # we want the url metadata to be stable in order to give end users
72
+ # the ability to self-audit licenses
73
+ # tl;dr, we want a permalink not a nowlink
74
+ dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
75
+ end
76
+ end
77
+
78
+ dependency
79
+ end.compact
80
+ end
71
81
  end
72
82
 
73
83
  private
@@ -86,7 +96,9 @@ module LicenseScout
86
96
  pkg_deps = c.stdout.split("\s")
87
97
 
88
98
  # Fetch the fully-qualified pkg_ident for each pkg
89
- pkg_deps.map { |dep| to_ident(pkg_info(dep)["ident"]) }
99
+ pkg_deps.map do |dep|
100
+ to_ident(pkg_info(dep)["ident"]) unless pkg_info(dep).nil?
101
+ end
90
102
  end
91
103
  end
92
104
 
@@ -100,29 +112,31 @@ module LicenseScout
100
112
  end
101
113
 
102
114
  def pkg_info_with_channel_fallbacks(pkg_ident)
103
- pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
104
- pkg_channel = channel_for_origin(pkg_origin)
105
-
106
- # Channel selection here is similar to the logic that
107
- # Habitat uses. First, search in the user-provided channel,
108
- # then search in stable, then use unstable IF it is a fully
109
- # qualified package
110
- info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
111
- return info if info
112
-
113
- if pkg_channel != DEFAULT_CHANNEL
114
- LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
115
- info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
115
+ unless pkg_ident.nil?
116
+ pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
117
+ pkg_channel = channel_for_origin(pkg_origin)
118
+
119
+ # Channel selection here is similar to the logic that
120
+ # Habitat uses. First, search in the user-provided channel,
121
+ # then search in stable, then use unstable IF it is a fully
122
+ # qualified package
123
+ info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
116
124
  return info if info
117
- end
118
125
 
119
- if !pkg_version.nil? && !pkg_release.nil?
120
- LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
121
- info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
122
- return info if info
123
- end
126
+ if pkg_channel != DEFAULT_CHANNEL
127
+ LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
128
+ info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
129
+ return info if info
130
+ end
124
131
 
125
- raise LicenseScout::Exceptions::HabitatPackageNotFound.new("Could not find Habitat package #{pkg_ident}")
132
+ if !pkg_version.nil? && !pkg_release.nil?
133
+ LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
134
+ info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
135
+ return info if info
136
+ end
137
+
138
+ LicenseScout::Log.warn("Could not find information for #{pkg_ident} -- skipping")
139
+ end
126
140
  end
127
141
 
128
142
  def get_pkg_info(origin, channel, name, version, release)
@@ -15,7 +15,7 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "csv"
18
+ require "csv" unless defined?(CSV)
19
19
 
20
20
  module LicenseScout
21
21
  class Exporter
@@ -106,7 +106,7 @@ module LicenseScout
106
106
 
107
107
  begin
108
108
  LicenseScout::Log.debug("[license] Pulling license content for #{license_id} from #{new_url}")
109
- open(new_url).read
109
+ URI.open(new_url).read
110
110
  rescue RuntimeError => e
111
111
  if e.message =~ /redirection forbidden/
112
112
  m = /redirection forbidden:\s+(.+)\s+->\s+(.+)/.match(e.message)
@@ -15,7 +15,7 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "ffi_yajl"
18
+ require "ffi_yajl" unless defined?(FFI_Yajl)
19
19
  require "terminal-table"
20
20
 
21
21
  require "license_scout/exceptions"
@@ -17,7 +17,7 @@
17
17
 
18
18
  # This library was inspired by (and pulls some logic from) librariesio/spdx
19
19
 
20
- require "ffi_yajl"
20
+ require "ffi_yajl" unless defined?(FFI_Yajl)
21
21
  require "fuzzy_match"
22
22
 
23
23
  module LicenseScout
@@ -45,12 +45,12 @@ module LicenseScout
45
45
 
46
46
  # @return [Hash] The SPDX license data in Hash form
47
47
  def licenses
48
- @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/licenses.json", __FILE__)))["licenses"]
48
+ @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/licenses.json", __dir__)))["licenses"]
49
49
  end
50
50
 
51
51
  # @return [Hash] The SPDX license data in Hash form
52
52
  def exceptions
53
- @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/exceptions.json", __FILE__)))["exceptions"]
53
+ @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/exceptions.json", __dir__)))["exceptions"]
54
54
  end
55
55
 
56
56
  def known_ids
@@ -16,5 +16,5 @@
16
16
  #
17
17
 
18
18
  module LicenseScout
19
- VERSION = "2.5.0".freeze
19
+ VERSION = "2.6.3".freeze
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_scout
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.0
4
+ version: 2.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Duffield
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-06 00:00:00.000000000 Z
11
+ date: 2021-07-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi-yajl
@@ -28,16 +28,22 @@ dependencies:
28
28
  name: mixlib-shellout
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: '2.2'
34
+ - - "<"
35
+ - !ruby/object:Gem::Version
36
+ version: '4.0'
34
37
  type: :runtime
35
38
  prerelease: false
36
39
  version_requirements: !ruby/object:Gem::Requirement
37
40
  requirements:
38
- - - "~>"
41
+ - - ">="
39
42
  - !ruby/object:Gem::Version
40
43
  version: '2.2'
44
+ - - "<"
45
+ - !ruby/object:Gem::Version
46
+ version: '4.0'
41
47
  - !ruby/object:Gem::Dependency
42
48
  name: toml-rb
43
49
  requirement: !ruby/object:Gem::Requirement
@@ -199,7 +205,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
199
205
  - !ruby/object:Gem::Version
200
206
  version: '0'
201
207
  requirements: []
202
- rubygems_version: 3.0.3
208
+ rubygems_version: 3.1.4
203
209
  signing_key:
204
210
  specification_version: 4
205
211
  summary: Discovers license files of a project's dependencies.