RubyGems - license_scout - Versions diffs - 2.5.1 → 2.6.7 - Mend

license_scout 2.5.1 → 2.6.7

Files changed (13) hide show

checksums.yaml +4 -4
data/bin/license_scout +1 -1
data/lib/license_scout/cli.rb +3 -3
data/lib/license_scout/collector.rb +1 -1
data/lib/license_scout/config.rb +2 -1
data/lib/license_scout/dependency_manager/base.rb +6 -6
data/lib/license_scout/dependency_manager/habitat.rb +55 -41
data/lib/license_scout/exporter/csv.rb +1 -1
data/lib/license_scout/license.rb +1 -1
data/lib/license_scout/reporter.rb +1 -1
data/lib/license_scout/spdx.rb +3 -3
data/lib/license_scout/version.rb +1 -1
metadata +19 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd43121262b011195253e1d4337bbc5c9a8e16ce86ffc95a0531eef369b35ec6
-  data.tar.gz: e047de55037d1fc5135cec96989b30581e58cb3ee7c641529cd3fe8ce1cbd0df
+  metadata.gz: e4e08ba012a7d50d0031bce489b2862560541ec4ffcf00a643fd5575a47d0d27
+  data.tar.gz: 43fdcfc23877f95d3950256cf9b73837a9c1657c4d1bb8f3a4b96d8bbfc25f2a
 SHA512:
-  metadata.gz: c3a30a65a74f1b83b1f23ce9bd98722ad6e603134508b0392527510f35bad3f811553b544960af7029b434ec87a53feada7313ec1105bf348f784e209de03217
-  data.tar.gz: a53752fd8831112fa724eb8b178be6ef9645db8fa0aff980b04cca14bfc533737b0e87cfadff8cc09b89753ff4e5231fd37619b738326112d0200e9492cb958c
+  metadata.gz: 4678cf04268ea4ece2ac89265a1a28b13ddf58ee5b69d882e55b0e12fb7696c14204b726d4a1e4bfd65363ae122ad55be62319d2529eaeb0751707407e5e0214
+  data.tar.gz: a6f0214ee457b455a011e743e2c00324239ccf46e9036492854058a0c34db18ee16f7a9bbf880715551ecb2b208081538edc64935b4ce81cdc28ecc72eae3f65

data/bin/license_scout CHANGED Viewed

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
-$:.unshift File.expand_path("../../lib", __FILE__)
+$:.unshift File.expand_path("../lib", __dir__)
 require "license_scout"

data/lib/license_scout/cli.rb CHANGED Viewed

@@ -15,9 +15,9 @@
 # limitations under the License.
 #
-require "zlib" # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
+require "zlib" unless defined?(Zlib) # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
-require "mixlib/cli"
+require "mixlib/cli" unless defined?(Mixlib::CLI)
 require "license_scout/config"
 require "license_scout/exporter"
 require "license_scout/collector"
@@ -85,7 +85,7 @@ module LicenseScout
       LicenseScout::Config.config_files.each do |config_file|
         if config_file =~ /^http/
-          require "open-uri"
+          require "open-uri" unless defined?(OpenURI)
           LicenseScout::Log.info("[cli] Loading config from #{config_file}")

data/lib/license_scout/collector.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module LicenseScout
       @dependency_managers ||= LicenseScout::Config.all_directories.map do |dir|
         LicenseScout::DependencyManager.implementations.map do |implementation|
           dep_mgr = implementation.new(File.expand_path(dir))
-          if dep_mgr.detected?
+          if dep_mgr.detected? && !(LicenseScout::Config.exclude_collectors.include? dep_mgr.name)
             LicenseScout::Log.info("[collector] Found #{dep_mgr.signature} in #{dir}")
             dep_mgr
           else

data/lib/license_scout/config.rb CHANGED Viewed

@@ -16,7 +16,7 @@
 #
 require "mixlib/config"
-require "tmpdir"
+require "tmpdir" unless defined?(Dir.mktmpdir)
 require "license_scout/exceptions"
 require "license_scout/log"
@@ -31,6 +31,7 @@ module LicenseScout
     default :include_subdirectories, false
     default :name, File.basename(directories.first)
     default :config_files, [File.join(File.expand_path(Dir.pwd), ".license_scout.yml")]
+    default :exclude_collectors, []
     # Output
     default :log_level, :info

data/lib/license_scout/dependency_manager/base.rb CHANGED Viewed

@@ -20,14 +20,14 @@ require "license_scout/dependency"
 require "license_scout/exceptions"
 require "bundler"
-require "ffi_yajl"
-require "net/http"
-require "mixlib/shellout"
-require "pathname"
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require "net/http" unless defined?(Net::HTTP)
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
+require "pathname" unless defined?(Pathname)
 require "psych"
-require "set"
+require "set" unless defined?(Set)
 require "toml-rb"
-require "yaml"
+require "yaml" unless defined?(YAML)
 module LicenseScout
   # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing

data/lib/license_scout/dependency_manager/habitat.rb CHANGED Viewed

@@ -46,28 +46,38 @@ module LicenseScout
       def dependencies
         tdeps = Set.new(pkg_deps)
-        pkg_deps.each do |pkg_dep|
-          pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
-        end
-        tdeps.sort.map do |tdep|
-          o, n, v, r = tdep.split("/")
-          dep_name = "#{o}/#{n}"
-          dep_version = "#{v}-#{r}"
-          dependency = new_dependency(dep_name, dep_version, nil)
-          license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
-            # We hard code the channel to "unstable" because a package could be
-            # demoted from any given channel except unstable in the future and
-            # we want the url metadata to be stable in order to give end users
-            # the ability to self-audit licenses
-            # tl;dr, we want a permalink not a nowlink
-            dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+        if pkg_deps.any?
+          pkg_deps.each do |pkg_dep|
+            unless pkg_info(pkg_dep).nil?
+              pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
+            end
           end
-          dependency
-        end.compact
+          tdeps.delete(nil)
+          tdeps.sort.map do |tdep|
+            o, n, v, r = tdep.split("/")
+            dep_name = "#{o}/#{n}"
+            dep_version = "#{v}-#{r}"
+            dependency = new_dependency(dep_name, dep_version, nil)
+            if pkg_info(tdep).nil?
+              LicenseScout::Log.warn("Could not find information for #{tdep} -- skipping")
+            else
+              license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
+                # We hard code the channel to "unstable" because a package could be
+                # demoted from any given channel except unstable in the future and
+                # we want the url metadata to be stable in order to give end users
+                # the ability to self-audit licenses
+                # tl;dr, we want a permalink not a nowlink
+                dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+              end
+            end
+            dependency
+          end.compact
+        end
       end
       private
@@ -86,7 +96,9 @@ module LicenseScout
           pkg_deps = c.stdout.split("\s")
           # Fetch the fully-qualified pkg_ident for each pkg
-          pkg_deps.map { |dep| to_ident(pkg_info(dep)["ident"]) }
+          pkg_deps.map do |dep|
+            to_ident(pkg_info(dep)["ident"]) unless pkg_info(dep).nil?
+          end
         end
       end
@@ -100,29 +112,31 @@ module LicenseScout
       end
       def pkg_info_with_channel_fallbacks(pkg_ident)
-        pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
-        pkg_channel = channel_for_origin(pkg_origin)
-        # Channel selection here is similar to the logic that
-        # Habitat uses. First, search in the user-provided channel,
-        # then search in stable, then use unstable IF it is a fully
-        # qualified package
-        info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
-        return info if info
-        if pkg_channel != DEFAULT_CHANNEL
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
-          info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+        unless pkg_ident.nil?
+          pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
+          pkg_channel = channel_for_origin(pkg_origin)
+          # Channel selection here is similar to the logic that
+          # Habitat uses. First, search in the user-provided channel,
+          # then search in stable, then use unstable IF it is a fully
+          # qualified package
+          info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
           return info if info
-        end
-        if !pkg_version.nil? && !pkg_release.nil?
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
-          info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
-          return info if info
-        end
+          if pkg_channel != DEFAULT_CHANNEL
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
+            info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
-        raise LicenseScout::Exceptions::HabitatPackageNotFound.new("Could not find Habitat package #{pkg_ident}")
+          if !pkg_version.nil? && !pkg_release.nil?
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
+            info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
+          LicenseScout::Log.warn("Could not find information for #{pkg_ident} -- skipping")
+        end
       end
       def get_pkg_info(origin, channel, name, version, release)

data/lib/license_scout/exporter/csv.rb CHANGED Viewed

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
-require "csv"
+require "csv" unless defined?(CSV)
 module LicenseScout
   class Exporter

data/lib/license_scout/license.rb CHANGED Viewed

@@ -106,7 +106,7 @@ module LicenseScout
         begin
           LicenseScout::Log.debug("[license] Pulling license content for #{license_id} from #{new_url}")
-          open(new_url).read
+          URI.open(new_url).read
         rescue RuntimeError => e
           if e.message =~ /redirection forbidden/
             m = /redirection forbidden:\s+(.+)\s+->\s+(.+)/.match(e.message)

data/lib/license_scout/reporter.rb CHANGED Viewed

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "terminal-table"
 require "license_scout/exceptions"

data/lib/license_scout/spdx.rb CHANGED Viewed

@@ -17,7 +17,7 @@
 # This library was inspired by (and pulls some logic from) librariesio/spdx
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "fuzzy_match"
 module LicenseScout
@@ -45,12 +45,12 @@ module LicenseScout
       # @return [Hash] The SPDX license data in Hash form
       def licenses
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/licenses.json", __FILE__)))["licenses"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/licenses.json", __dir__)))["licenses"]
       end
       # @return [Hash] The SPDX license data in Hash form
       def exceptions
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/exceptions.json", __FILE__)))["exceptions"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/exceptions.json", __dir__)))["exceptions"]
       end
       def known_ids

data/lib/license_scout/version.rb CHANGED Viewed

@@ -16,5 +16,5 @@
 #
 module LicenseScout
-  VERSION = "2.5.1".freeze
+  VERSION = "2.6.7".freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: license_scout
 version: !ruby/object:Gem::Version
-  version: 2.5.1
+  version: 2.6.7
 platform: ruby
 authors:
 - Tom Duffield
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-08 00:00:00.000000000 Z
+date: 2022-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi-yajl
@@ -28,16 +28,22 @@ dependencies:
   name: mixlib-shellout
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: toml-rb
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +78,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '3.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: mixlib-cli
   requirement: !ruby/object:Gem::Requirement
@@ -199,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Discovers license files of a project's dependencies.