license_scout 2.5.1 → 2.6.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dd43121262b011195253e1d4337bbc5c9a8e16ce86ffc95a0531eef369b35ec6
4
- data.tar.gz: e047de55037d1fc5135cec96989b30581e58cb3ee7c641529cd3fe8ce1cbd0df
3
+ metadata.gz: f8ff75c46c04b580099b10f59088cde2bbf10e6131e13daf266f8c107faf9629
4
+ data.tar.gz: c96cbd17eb105ba96b663d37f3dbd8e3b589da387c5339a655fb612a9d975a92
5
5
  SHA512:
6
- metadata.gz: c3a30a65a74f1b83b1f23ce9bd98722ad6e603134508b0392527510f35bad3f811553b544960af7029b434ec87a53feada7313ec1105bf348f784e209de03217
7
- data.tar.gz: a53752fd8831112fa724eb8b178be6ef9645db8fa0aff980b04cca14bfc533737b0e87cfadff8cc09b89753ff4e5231fd37619b738326112d0200e9492cb958c
6
+ metadata.gz: 30cd04254f9d26f7b613bd3f22274494ad0c62cbd49131684404b4a1d245c6ff439b0a55182dbe6b05caeb2a5bea22b7cd223c830299b57f6019578bc16cd492
7
+ data.tar.gz: 88ca96ac3db1fb0cd74029a9b7f5724b481d5cbcb0ec7eade95db1a0ae063c093e918d2eabf7c261d39bc99a25b64bb32a64b5bfef83f8b037f6f2e91c0dcfd0
data/bin/license_scout CHANGED
@@ -16,7 +16,7 @@
16
16
  # limitations under the License.
17
17
  #
18
18
 
19
- $:.unshift File.expand_path("../../lib", __FILE__)
19
+ $:.unshift File.expand_path("../lib", __dir__)
20
20
 
21
21
  require "license_scout"
22
22
 
@@ -15,9 +15,9 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "zlib" # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
18
+ require "zlib" unless defined?(Zlib) # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
19
19
 
20
- require "mixlib/cli"
20
+ require "mixlib/cli" unless defined?(Mixlib::CLI)
21
21
  require "license_scout/config"
22
22
  require "license_scout/exporter"
23
23
  require "license_scout/collector"
@@ -85,7 +85,7 @@ module LicenseScout
85
85
 
86
86
  LicenseScout::Config.config_files.each do |config_file|
87
87
  if config_file =~ /^http/
88
- require "open-uri"
88
+ require "open-uri" unless defined?(OpenURI)
89
89
 
90
90
  LicenseScout::Log.info("[cli] Loading config from #{config_file}")
91
91
 
@@ -15,8 +15,8 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "mixlib/config"
19
- require "tmpdir"
18
+ require "mixlib/config" unless defined?(Mixlib::Config)
19
+ require "tmpdir" unless defined?(Dir.mktmpdir)
20
20
 
21
21
  require "license_scout/exceptions"
22
22
  require "license_scout/log"
@@ -20,14 +20,14 @@ require "license_scout/dependency"
20
20
  require "license_scout/exceptions"
21
21
 
22
22
  require "bundler"
23
- require "ffi_yajl"
24
- require "net/http"
25
- require "mixlib/shellout"
26
- require "pathname"
23
+ require "ffi_yajl" unless defined?(FFI_Yajl)
24
+ require "net/http" unless defined?(Net::HTTP)
25
+ require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
26
+ require "pathname" unless defined?(Pathname)
27
27
  require "psych"
28
- require "set"
28
+ require "set" unless defined?(Set)
29
29
  require "toml-rb"
30
- require "yaml"
30
+ require "yaml" unless defined?(YAML)
31
31
 
32
32
  module LicenseScout
33
33
  # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing
@@ -46,28 +46,38 @@ module LicenseScout
46
46
  def dependencies
47
47
  tdeps = Set.new(pkg_deps)
48
48
 
49
- pkg_deps.each do |pkg_dep|
50
- pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
51
- end
52
-
53
- tdeps.sort.map do |tdep|
54
- o, n, v, r = tdep.split("/")
55
- dep_name = "#{o}/#{n}"
56
- dep_version = "#{v}-#{r}"
57
-
58
- dependency = new_dependency(dep_name, dep_version, nil)
59
-
60
- license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
61
- # We hard code the channel to "unstable" because a package could be
62
- # demoted from any given channel except unstable in the future and
63
- # we want the url metadata to be stable in order to give end users
64
- # the ability to self-audit licenses
65
- # tl;dr, we want a permalink not a nowlink
66
- dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
49
+ if pkg_deps.any?
50
+ pkg_deps.each do |pkg_dep|
51
+ unless pkg_info(pkg_dep).nil?
52
+ pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
53
+ end
67
54
  end
68
55
 
69
- dependency
70
- end.compact
56
+ tdeps.delete(nil)
57
+
58
+ tdeps.sort.map do |tdep|
59
+ o, n, v, r = tdep.split("/")
60
+ dep_name = "#{o}/#{n}"
61
+ dep_version = "#{v}-#{r}"
62
+
63
+ dependency = new_dependency(dep_name, dep_version, nil)
64
+
65
+ if pkg_info(tdep).nil?
66
+ LicenseScout::Log.warn("Could not find information for #{tdep} -- skipping")
67
+ else
68
+ license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
69
+ # We hard code the channel to "unstable" because a package could be
70
+ # demoted from any given channel except unstable in the future and
71
+ # we want the url metadata to be stable in order to give end users
72
+ # the ability to self-audit licenses
73
+ # tl;dr, we want a permalink not a nowlink
74
+ dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
75
+ end
76
+ end
77
+
78
+ dependency
79
+ end.compact
80
+ end
71
81
  end
72
82
 
73
83
  private
@@ -86,7 +96,9 @@ module LicenseScout
86
96
  pkg_deps = c.stdout.split("\s")
87
97
 
88
98
  # Fetch the fully-qualified pkg_ident for each pkg
89
- pkg_deps.map { |dep| to_ident(pkg_info(dep)["ident"]) }
99
+ pkg_deps.map do |dep|
100
+ to_ident(pkg_info(dep)["ident"]) unless pkg_info(dep).nil?
101
+ end
90
102
  end
91
103
  end
92
104
 
@@ -100,29 +112,31 @@ module LicenseScout
100
112
  end
101
113
 
102
114
  def pkg_info_with_channel_fallbacks(pkg_ident)
103
- pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
104
- pkg_channel = channel_for_origin(pkg_origin)
105
-
106
- # Channel selection here is similar to the logic that
107
- # Habitat uses. First, search in the user-provided channel,
108
- # then search in stable, then use unstable IF it is a fully
109
- # qualified package
110
- info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
111
- return info if info
112
-
113
- if pkg_channel != DEFAULT_CHANNEL
114
- LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
115
- info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
115
+ unless pkg_ident.nil?
116
+ pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
117
+ pkg_channel = channel_for_origin(pkg_origin)
118
+
119
+ # Channel selection here is similar to the logic that
120
+ # Habitat uses. First, search in the user-provided channel,
121
+ # then search in stable, then use unstable IF it is a fully
122
+ # qualified package
123
+ info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
116
124
  return info if info
117
- end
118
125
 
119
- if !pkg_version.nil? && !pkg_release.nil?
120
- LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
121
- info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
122
- return info if info
123
- end
126
+ if pkg_channel != DEFAULT_CHANNEL
127
+ LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
128
+ info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
129
+ return info if info
130
+ end
124
131
 
125
- raise LicenseScout::Exceptions::HabitatPackageNotFound.new("Could not find Habitat package #{pkg_ident}")
132
+ if !pkg_version.nil? && !pkg_release.nil?
133
+ LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
134
+ info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
135
+ return info if info
136
+ end
137
+
138
+ LicenseScout::Log.warn("Could not find information for #{pkg_ident} -- skipping")
139
+ end
126
140
  end
127
141
 
128
142
  def get_pkg_info(origin, channel, name, version, release)
@@ -15,7 +15,7 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "csv"
18
+ require "csv" unless defined?(CSV)
19
19
 
20
20
  module LicenseScout
21
21
  class Exporter
@@ -106,7 +106,7 @@ module LicenseScout
106
106
 
107
107
  begin
108
108
  LicenseScout::Log.debug("[license] Pulling license content for #{license_id} from #{new_url}")
109
- open(new_url).read
109
+ URI.open(new_url).read
110
110
  rescue RuntimeError => e
111
111
  if e.message =~ /redirection forbidden/
112
112
  m = /redirection forbidden:\s+(.+)\s+->\s+(.+)/.match(e.message)
@@ -15,7 +15,7 @@
15
15
  # limitations under the License.
16
16
  #
17
17
 
18
- require "ffi_yajl"
18
+ require "ffi_yajl" unless defined?(FFI_Yajl)
19
19
  require "terminal-table"
20
20
 
21
21
  require "license_scout/exceptions"
@@ -17,7 +17,7 @@
17
17
 
18
18
  # This library was inspired by (and pulls some logic from) librariesio/spdx
19
19
 
20
- require "ffi_yajl"
20
+ require "ffi_yajl" unless defined?(FFI_Yajl)
21
21
  require "fuzzy_match"
22
22
 
23
23
  module LicenseScout
@@ -45,12 +45,12 @@ module LicenseScout
45
45
 
46
46
  # @return [Hash] The SPDX license data in Hash form
47
47
  def licenses
48
- @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/licenses.json", __FILE__)))["licenses"]
48
+ @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/licenses.json", __dir__)))["licenses"]
49
49
  end
50
50
 
51
51
  # @return [Hash] The SPDX license data in Hash form
52
52
  def exceptions
53
- @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/exceptions.json", __FILE__)))["exceptions"]
53
+ @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/exceptions.json", __dir__)))["exceptions"]
54
54
  end
55
55
 
56
56
  def known_ids
@@ -16,5 +16,5 @@
16
16
  #
17
17
 
18
18
  module LicenseScout
19
- VERSION = "2.5.1".freeze
19
+ VERSION = "2.6.2".freeze
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: license_scout
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.1
4
+ version: 2.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Duffield
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-08 00:00:00.000000000 Z
11
+ date: 2021-07-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi-yajl
@@ -199,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
199
199
  - !ruby/object:Gem::Version
200
200
  version: '0'
201
201
  requirements: []
202
- rubygems_version: 3.0.3
202
+ rubygems_version: 3.1.4
203
203
  signing_key:
204
204
  specification_version: 4
205
205
  summary: Discovers license files of a project's dependencies.