license_scout 2.2.0 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fff0dd83efc21ff06cc8fcc66bd3035387d9a61ad6ac033c50c525612a477acf
-  data.tar.gz: 934a3a5bbf27de7a5c0f6f0f657659e5a16a9e31d1bd6ebaff8d69365ba88299
+  metadata.gz: 0cc1880e883f74c45e68c9495f816f7e757a62f16701de45fa77e89c97ed6637
+  data.tar.gz: 43e3b7c1a111a7fa2f97f5340e3268547aead69d8ff38b8dfd57be47121e4aea
 SHA512:
-  metadata.gz: 24a584c6ebf0e4820082a42948f012f4017c916da060572425081add7b9ade1a44679c8d460a3f68970d2b4cc88fda3d26f64012b38fceec1b38f928a697c10d
-  data.tar.gz: 02e7b5e509e979d51662f985469ae929c96b20d0d85ba48dd89ce59add5afb9c5d8a5794116a3de184b2d7efa6999278bf88338eeb7ea3922f65040adfa8f2bd
+  metadata.gz: 4031e209faef9bb783dcef890f9d72ebe87df83711e7730a39680014ffe14bbb4880b9f0f201ed351890cb0b385b3ebe8eb8dee980cba3a702553e1dd738f435
+  data.tar.gz: 072b2ee320c4f4de3fbeeeca3aab2d4a08476325d441a62b94adcfccbb90ffb241576ab1f5d9f7b6dfb2e9b803057268a993e14dcbab0164dfe5f0f48c404102

data/README.md

@@ -14,6 +14,7 @@ habitat | habitat
 nodejs | npm
 perl | cpan
 ruby | bundler
+rust | cargo
 
 ## Installation
 
@@ -27,6 +28,7 @@ gem install license_scout
 
 * If you wish to scan for `berkshelf` dependencies, you'll need to manually install the Berkshelf gem in the same Ruby as License Scout
 * If you wish to scan for `mix` or `rebar` dependencies, you'll need to install Erlang OTP 18.3 or greater.
+* If you wish to scan for `cargo` dependencies, you'll need to manually install cargo
 
 ### Habitat
 
@@ -179,12 +181,21 @@ license_content | A URL to a file where the raw text of the license can be downl
 
 In addition to including any files Licensee identified as potential license files (but couldn't identify), License Scout will also include the Fallback License you specified in the Dependency Manifest.
 
+### Searching Nested Subdirectories
+
+License Scout's default behavior is to only look for dependency manager files in the root of the `directories` that you configure. This default behavior provides greater control over the dependencies that you want to appear in your report. For example, you may not want to enforce license acceptance on an internal-only tool that is included in a project.
+
+License Scout will also scan subdirectories for all dependency manager files and generate a full report on all dependencies that the project uses. To do this, either specify the `--include-sub-directories` command line flag, or set `include_subdirectories` to true in your configuration file.
+
+A common use case for this functionality is to run `license_scout` from the root of a project and get a full report for that project.
+
+```
+license_scout --include-sub-directories
+```
+
 ## Habitat Channel Configuration
 
-By default License Scout searches for Habitat package in the `stable`
-channel. If your build process publishes packages to another channel
-by default, you can use the `channel_for_origin` habitat configuration
-option:
+By default License Scout searches for Habitat package in the `stable` channel. If your build process publishes packages to another channel by default, you can use the `channel_for_origin` habitat configuration option:
 
 ```yaml
 habitat:
@@ -216,6 +227,7 @@ Format | Description
 Value | Description | Default
 --- | --- | ---
 directories | The fully-qualified local paths to the directories you wish to scan | _The current working directory._ |
+include_subdirectories | Whether or not to include all nested sub-directories of `directories` in the search. | `false` |
 name | The name you want to give to the scan result. | _The basename of the first directory to be scanned._ |
 output_directory | The path to the directory where the output JSON file should be saved. | _The current working directory._ |
 log_level | What log information should be included in STDOUT | `info` |

data/lib/license_scout/cli.rb

@@ -42,6 +42,11 @@ module LicenseScout
       description: "Comma-separated list of directories to scan",
       proc: Proc.new { |d| d.split(",") }
 
+    option :include_subdirectories,
+      long: "--include-sub-directories",
+      description: "Include all sub-directories of 'directories' in the analysis",
+      boolean: true
+
     option :format,
       long: "--format FORMAT",
       description: "When exporting a Dependency Manifest, export to this format",
@@ -52,7 +57,7 @@ module LicenseScout
       short: "-l LEVEL",
       long: "--log-level LEVEL",
       description: "Set the log level",
-      in: [:debug, :info, :warn, :error, :fatal],
+      in: %i{debug info warn error fatal},
       default: :info,
       proc: Proc.new { |l| l.to_sym }
 

data/lib/license_scout/collector.rb

@@ -57,7 +57,7 @@ module LicenseScout
     end
 
     def dependency_managers
-      @dependency_managers ||= LicenseScout::Config.directories.map do |dir|
+      @dependency_managers ||= LicenseScout::Config.all_directories.map do |dir|
         LicenseScout::DependencyManager.implementations.map do |implementation|
           dep_mgr = implementation.new(File.expand_path(dir))
           if dep_mgr.detected?

data/lib/license_scout/config.rb

@@ -28,6 +28,7 @@ module LicenseScout
 
     # Inputs
     default :directories, [File.expand_path(Dir.pwd)]
+    default :include_subdirectories, false
     default :name, File.basename(directories.first)
     default :config_files, [File.join(File.expand_path(Dir.pwd), ".license_scout.yml")]
 
@@ -49,6 +50,7 @@ module LicenseScout
       default :nodejs, []
       default :perl, []
       default :ruby, []
+      default :rust, []
     end
 
     config_context :fallbacks do
@@ -60,6 +62,7 @@ module LicenseScout
       default :nodejs, []
       default :perl, []
       default :ruby, []
+      default :rust, []
     end
 
     config_context :habitat do
@@ -79,6 +82,23 @@ module LicenseScout
 
     class << self
 
+      def all_directories
+        if include_subdirectories
+          new_directories = []
+
+          directories.each do |old_directory|
+            new_directories << old_directory
+            Dir.chdir(old_directory) do
+              new_directories << Dir.glob("**/*").select { |f| File.directory?(f) }.map { |d| File.join(old_directory, d) }
+            end
+          end
+
+          new_directories.flatten.compact
+        else
+          directories
+        end
+      end
+
       def validate!
         if !allowed_licenses.empty? && !flagged_licenses.empty?
           raise LicenseScout::Exceptions::ConfigError.new("You may specify a list of licenses to allow or flag. You may not specify both.")

data/lib/license_scout/dependency.rb

@@ -94,7 +94,7 @@ module LicenseScout
 
     # @return [Boolean] Whether or not this object is equal to another one. Used for Set uniqueness.
     def eql?(other)
-      other.kind_of?(self.class) && other.hash == hash
+      other.is_a?(self.class) && other.hash == hash
     end
 
     # @return [Integer] A hashcode that can be used to idenitfy this object. Used for Set uniqueness.

data/lib/license_scout/dependency_manager.rb

@@ -19,6 +19,7 @@ require "license_scout/dependency_manager/base"
 
 require "license_scout/dependency_manager/berkshelf"
 require "license_scout/dependency_manager/bundler"
+require "license_scout/dependency_manager/cargo"
 require "license_scout/dependency_manager/cpanm"
 require "license_scout/dependency_manager/dep"
 require "license_scout/dependency_manager/glide"
@@ -34,6 +35,7 @@ module LicenseScout
       [
         Berkshelf,
         Bundler,
+        Cargo,
         Cpanm,
         Dep,
         Glide,

data/lib/license_scout/dependency_manager/cargo.rb

@@ -0,0 +1,95 @@
+#
+# Copyright:: Copyright 2016, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "license_scout/dependency_manager/base"
+
+module LicenseScout
+  module DependencyManager
+    class Cargo < Base
+      def name
+        "rust_cargo"
+      end
+
+      def type
+        "rust"
+      end
+
+      def signature
+        "Cargo and Cargo.lock files"
+      end
+
+      def install_command
+        "cargo build"
+      end
+
+      def detected?
+        File.exist?(cargo_file_path) && File.exist?(cargo_lockfile_path)
+      end
+
+      def dependencies
+        dependency_data.map do |crate_data|
+          dep_name = crate_data["name"]
+          dep_version = crate_data["version"]
+          dep_license = crate_data["license"]
+
+          dependency = new_dependency(dep_name, dep_version, nil)
+          dependency.add_license(dep_license, "https://crates.io/crates/#{dep_name}/#{dep_version}")
+
+          dependency
+        end.compact
+      end
+
+      private
+
+      def dependency_data
+        Dir.chdir(directory) do
+          install_cargo_license_crate
+
+          s = Mixlib::ShellOut.new("cargo license -d -j")
+          s.run_command
+          s.error!
+
+          json_dep_data = s.stdout
+          FFI_Yajl::Parser.parse(json_dep_data)
+        end
+      end
+
+      def install_cargo_license_crate
+        # Attempt to install cargo-license
+        s = Mixlib::ShellOut.new("cargo install cargo-license")
+        s.run_command
+
+        # If cargo-license is already installed, it will return an error
+        # but we can ignore it
+        # Any other error, however, should halt the process and be returned
+        # to the user
+        if s.stderr != "" && s.stderr !~ /binary `cargo-license` already exists/
+          s.error!
+        end
+      end
+
+      def cargo_file_path
+        File.join(directory, "Cargo.toml")
+      end
+
+      def cargo_lockfile_path
+        File.join(directory, "Cargo.lock")
+      end
+
+    end
+  end
+end

data/lib/license_scout/dependency_manager/dep.rb

@@ -63,7 +63,7 @@ module LicenseScout
       end
 
       def gopath(pkg)
-        "#{ENV['GOPATH']}/src/#{pkg}"
+        "#{ENV["GOPATH"]}/src/#{pkg}"
       end
 
       def vendor_dir(pkg = nil)

data/lib/license_scout/dependency_manager/glide.rb

@@ -60,7 +60,7 @@ module LicenseScout
       end
 
       def gopath(pkg)
-        "#{ENV['GOPATH']}/src/#{pkg}"
+        "#{ENV["GOPATH"]}/src/#{pkg}"
       end
     end
   end

data/lib/license_scout/dependency_manager/godep.rb

@@ -64,7 +64,7 @@ module LicenseScout
       end
 
       def gopath(pkg)
-        "#{ENV['GOPATH']}/src/#{pkg}"
+        "#{ENV["GOPATH"]}/src/#{pkg}"
       end
     end
   end

data/lib/license_scout/exporter/csv.rb

@@ -65,7 +65,7 @@ module LicenseScout
                 (exception_reason.nil? ? "" : exception_reason),
                 id,
                 source,
-                content
+                content,
               ]
             end
           end

data/lib/license_scout/license.rb

@@ -126,7 +126,7 @@ module LicenseScout
 
     def raw_github_url(url)
       case url
-      when /github.com\/(.+)\/blob\/(.+)/
+      when %r{github.com/(.+)/blob/(.+)}
         "https://raw.githubusercontent.com/#{$1}/#{$2}"
       else
         url

data/lib/license_scout/spdx.rb

@@ -32,6 +32,7 @@ module LicenseScout
       def find(license_id, force = false)
         return license_id if force
         return nil if license_id.nil? || %w{ NOASSERTION NONE }.include?(license_id)
+
         lookup(license_id) || find_by_special_case(license_id) || closest(license_id) || license_id
       end
 
@@ -71,6 +72,7 @@ module LicenseScout
       def find_by_special_case(license_id)
         gpl = gpl_match(license_id)
         return gpl unless gpl.nil?
+
         lookup(special_cases[license_id.downcase])
       end
 
@@ -81,6 +83,7 @@ module LicenseScout
       def gpl_match(license_id)
         match = license_id.match(/^(l|a)?gpl-?\s?_?v?(1|2|3)\.?(\d)?(\+)?$/i)
         return unless match
+
         lookup("#{match[1]}GPL-#{match[2]}.#{match[3] || 0}#{match[4]}".upcase)
       end
 

data/lib/license_scout/version.rb

@@ -16,5 +16,5 @@
 #
 
 module LicenseScout
-  VERSION = "2.2.0".freeze
+  VERSION = "2.4.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: license_scout
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.4.0
 platform: ruby
 authors:
 - Tom Duffield
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-14 00:00:00.000000000 Z
+date: 2019-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi-yajl
@@ -162,6 +162,7 @@ files:
 - lib/license_scout/dependency_manager/base.rb
 - lib/license_scout/dependency_manager/berkshelf.rb
 - lib/license_scout/dependency_manager/bundler.rb
+- lib/license_scout/dependency_manager/cargo.rb
 - lib/license_scout/dependency_manager/cpanm.rb
 - lib/license_scout/dependency_manager/dep.rb
 - lib/license_scout/dependency_manager/glide.rb
@@ -197,7 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Discovers license files of a project's dependencies.