RubyGems - license_scout - Versions diffs - 2.5.0 → 2.6.3 - Mend

license_scout 2.5.0 → 2.6.3

Files changed (13) hide show

checksums.yaml +4 -4
data/bin/license_scout +1 -1
data/lib/license_scout/cli.rb +3 -3
data/lib/license_scout/config.rb +2 -2
data/lib/license_scout/dependency_manager/base.rb +6 -6
data/lib/license_scout/dependency_manager/gomod.rb +42 -1
data/lib/license_scout/dependency_manager/habitat.rb +55 -41
data/lib/license_scout/exporter/csv.rb +1 -1
data/lib/license_scout/license.rb +1 -1
data/lib/license_scout/reporter.rb +1 -1
data/lib/license_scout/spdx.rb +3 -3
data/lib/license_scout/version.rb +1 -1
metadata +11 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f29370aa4433c28361002a6e01527d036ce7b2c432a29f5f0824b0be8e50b7e
-  data.tar.gz: f54b8c5e6bb9752b0137abb871068b98d7215611c3d9397f812ea4f73a0fb2e5
+  metadata.gz: 12546f70b9afac3b276e1cddfec8c3b542a0935f284d32662e5835310b7af58e
+  data.tar.gz: 4097ca31ec4632da0b3951c054fb026909551c16824f98eae8636da2f2ca2e36
 SHA512:
-  metadata.gz: d4a2d99ab4ddd0541e9fe0899072d187fc2fb87b8c4da4194d113c414f173e010052a947a51f4017ab4ccb3b106d97379994aed61fa75e152b4f612c78061945
-  data.tar.gz: 8f1b6f27816f43c994ddf0608b88462ead8d8e4f2a3e1d088b4c14621c2ec3ae239ee012cb69822421b2f67bf30cc885b156c6185125ddfccbc86d39f653f0f8
+  metadata.gz: 7e69e0a750cbbd2eb17fcbd31246bb04d7582b37ec739eb864f1e007833c849575f5ab2fce2d97f33e89cc4093e0979642cb6a386223c17e63a41140590f26a1
+  data.tar.gz: 9db2e984ec8290cf4128dd69051de1d3c4e6140972052cfc084e35d10000d82f69d4a1e0f750067890bcd4590a61f12f61ce10e6e8de8557c5321f70803579c6

data/bin/license_scout CHANGED Viewed

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
-$:.unshift File.expand_path("../../lib", __FILE__)
+$:.unshift File.expand_path("../lib", __dir__)
 require "license_scout"

data/lib/license_scout/cli.rb CHANGED Viewed

@@ -15,9 +15,9 @@
 # limitations under the License.
 #
-require "zlib" # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
+require "zlib" unless defined?(Zlib) # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
-require "mixlib/cli"
+require "mixlib/cli" unless defined?(Mixlib::CLI)
 require "license_scout/config"
 require "license_scout/exporter"
 require "license_scout/collector"
@@ -85,7 +85,7 @@ module LicenseScout
       LicenseScout::Config.config_files.each do |config_file|
         if config_file =~ /^http/
-          require "open-uri"
+          require "open-uri" unless defined?(OpenURI)
           LicenseScout::Log.info("[cli] Loading config from #{config_file}")

data/lib/license_scout/config.rb CHANGED Viewed

@@ -15,8 +15,8 @@
 # limitations under the License.
 #
-require "mixlib/config"
-require "tmpdir"
+require "mixlib/config" unless defined?(Mixlib::Config)
+require "tmpdir" unless defined?(Dir.mktmpdir)
 require "license_scout/exceptions"
 require "license_scout/log"

data/lib/license_scout/dependency_manager/base.rb CHANGED Viewed

@@ -20,14 +20,14 @@ require "license_scout/dependency"
 require "license_scout/exceptions"
 require "bundler"
-require "ffi_yajl"
-require "net/http"
-require "mixlib/shellout"
-require "pathname"
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require "net/http" unless defined?(Net::HTTP)
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
+require "pathname" unless defined?(Pathname)
 require "psych"
-require "set"
+require "set" unless defined?(Set)
 require "toml-rb"
-require "yaml"
+require "yaml" unless defined?(YAML)
 module LicenseScout
   # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing

data/lib/license_scout/dependency_manager/gomod.rb CHANGED Viewed

@@ -57,8 +57,27 @@ module LicenseScout
         File.join(directory, "go.sum")
       end
+      def vendor_dir
+        File.join(directory, "vendor")
+      end
+      def modules_txt_file
+        File.join(vendor_dir, "modules.txt")
+      end
       def go_modules
-        FFI_Yajl::Parser.parse(go_modules_json)
+        if vendor_mode
+          GoModulesTxtParser.parse(File.read(modules_txt_file), vendor_dir)
+        else
+          FFI_Yajl::Parser.parse(go_modules_json)
+        end
+      end
+      def vendor_mode
+        if @vendor_mode.nil?
+          @vendor_mode = File.directory?(vendor_dir)
+        end
+        @vendor_mode
       end
       def go_modules_json
@@ -69,4 +88,26 @@ module LicenseScout
       end
     end
   end
+  module GoModulesTxtParser
+    # The modules.txt file has lines that look like:
+    #
+    #     # gopkg.in/square/go-jose.v2 v2.1.3
+    #
+    # We parse these lines and return something that looks like `go
+    # list -m -json all` output.
+    def self.parse(data, base_path)
+      data.lines.map do |l|
+        if l.start_with?("#")
+          parts = l.split
+          {
+            "Main" => false,
+            "Path" => parts[1],
+            "Version" => parts[2],
+            "Dir" => File.join(base_path, parts[1]),
+          }
+        end
+      end.compact
+    end
+  end
 end

data/lib/license_scout/dependency_manager/habitat.rb CHANGED Viewed

@@ -46,28 +46,38 @@ module LicenseScout
       def dependencies
         tdeps = Set.new(pkg_deps)
-        pkg_deps.each do |pkg_dep|
-          pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
-        end
-        tdeps.sort.map do |tdep|
-          o, n, v, r = tdep.split("/")
-          dep_name = "#{o}/#{n}"
-          dep_version = "#{v}-#{r}"
-          dependency = new_dependency(dep_name, dep_version, nil)
-          license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
-            # We hard code the channel to "unstable" because a package could be
-            # demoted from any given channel except unstable in the future and
-            # we want the url metadata to be stable in order to give end users
-            # the ability to self-audit licenses
-            # tl;dr, we want a permalink not a nowlink
-            dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+        if pkg_deps.any?
+          pkg_deps.each do |pkg_dep|
+            unless pkg_info(pkg_dep).nil?
+              pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
+            end
           end
-          dependency
-        end.compact
+          tdeps.delete(nil)
+          tdeps.sort.map do |tdep|
+            o, n, v, r = tdep.split("/")
+            dep_name = "#{o}/#{n}"
+            dep_version = "#{v}-#{r}"
+            dependency = new_dependency(dep_name, dep_version, nil)
+            if pkg_info(tdep).nil?
+              LicenseScout::Log.warn("Could not find information for #{tdep} -- skipping")
+            else
+              license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
+                # We hard code the channel to "unstable" because a package could be
+                # demoted from any given channel except unstable in the future and
+                # we want the url metadata to be stable in order to give end users
+                # the ability to self-audit licenses
+                # tl;dr, we want a permalink not a nowlink
+                dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+              end
+            end
+            dependency
+          end.compact
+        end
       end
       private
@@ -86,7 +96,9 @@ module LicenseScout
           pkg_deps = c.stdout.split("\s")
           # Fetch the fully-qualified pkg_ident for each pkg
-          pkg_deps.map { |dep| to_ident(pkg_info(dep)["ident"]) }
+          pkg_deps.map do |dep|
+            to_ident(pkg_info(dep)["ident"]) unless pkg_info(dep).nil?
+          end
         end
       end
@@ -100,29 +112,31 @@ module LicenseScout
       end
       def pkg_info_with_channel_fallbacks(pkg_ident)
-        pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
-        pkg_channel = channel_for_origin(pkg_origin)
-        # Channel selection here is similar to the logic that
-        # Habitat uses. First, search in the user-provided channel,
-        # then search in stable, then use unstable IF it is a fully
-        # qualified package
-        info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
-        return info if info
-        if pkg_channel != DEFAULT_CHANNEL
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
-          info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+        unless pkg_ident.nil?
+          pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
+          pkg_channel = channel_for_origin(pkg_origin)
+          # Channel selection here is similar to the logic that
+          # Habitat uses. First, search in the user-provided channel,
+          # then search in stable, then use unstable IF it is a fully
+          # qualified package
+          info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
           return info if info
-        end
-        if !pkg_version.nil? && !pkg_release.nil?
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
-          info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
-          return info if info
-        end
+          if pkg_channel != DEFAULT_CHANNEL
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
+            info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
-        raise LicenseScout::Exceptions::HabitatPackageNotFound.new("Could not find Habitat package #{pkg_ident}")
+          if !pkg_version.nil? && !pkg_release.nil?
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
+            info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
+          LicenseScout::Log.warn("Could not find information for #{pkg_ident} -- skipping")
+        end
       end
       def get_pkg_info(origin, channel, name, version, release)

data/lib/license_scout/exporter/csv.rb CHANGED Viewed

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
-require "csv"
+require "csv" unless defined?(CSV)
 module LicenseScout
   class Exporter

data/lib/license_scout/license.rb CHANGED Viewed

@@ -106,7 +106,7 @@ module LicenseScout
         begin
           LicenseScout::Log.debug("[license] Pulling license content for #{license_id} from #{new_url}")
-          open(new_url).read
+          URI.open(new_url).read
         rescue RuntimeError => e
           if e.message =~ /redirection forbidden/
             m = /redirection forbidden:\s+(.+)\s+->\s+(.+)/.match(e.message)

data/lib/license_scout/reporter.rb CHANGED Viewed

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "terminal-table"
 require "license_scout/exceptions"

data/lib/license_scout/spdx.rb CHANGED Viewed

@@ -17,7 +17,7 @@
 # This library was inspired by (and pulls some logic from) librariesio/spdx
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "fuzzy_match"
 module LicenseScout
@@ -45,12 +45,12 @@ module LicenseScout
       # @return [Hash] The SPDX license data in Hash form
       def licenses
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/licenses.json", __FILE__)))["licenses"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/licenses.json", __dir__)))["licenses"]
       end
       # @return [Hash] The SPDX license data in Hash form
       def exceptions
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/exceptions.json", __FILE__)))["exceptions"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/exceptions.json", __dir__)))["exceptions"]
       end
       def known_ids

data/lib/license_scout/version.rb CHANGED Viewed

@@ -16,5 +16,5 @@
 #
 module LicenseScout
-  VERSION = "2.5.0".freeze
+  VERSION = "2.6.3".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: license_scout
 version: !ruby/object:Gem::Version
-  version: 2.5.0
+  version: 2.6.3
 platform: ruby
 authors:
 - Tom Duffield
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-06 00:00:00.000000000 Z
+date: 2021-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi-yajl
@@ -28,16 +28,22 @@ dependencies:
   name: mixlib-shellout
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: toml-rb
   requirement: !ruby/object:Gem::Requirement
@@ -199,7 +205,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Discovers license files of a project's dependencies.