licensed 3.0.1 → 3.2.2

data/lib/licensed/reporters/status_reporter.rb

@@ -3,80 +3,82 @@
 module Licensed
   module Reporters
     class StatusReporter < Reporter
-      # Generate a report for a licensed status command run
-      # Shows the errors found when checking status, as well as
-      # overall number of dependencies checked
+      # Reports any errors encountered at the command level
       #
-      # Returns the result of the yielded method
-      def report_app(app)
-        super do |report|
-          shell.info "Checking cached dependency records for #{app["name"]}"
+      # command - The command being run
+      # report - A report object containing information about the command run
+      def end_report_command(command, report)
+        if report.errors.any?
+          shell.newline
+          report.errors.each { |e| shell.error e }
+        end
+      end
 
-          result = yield report
+      # Reports the start of checking records for an app
+      #
+      # app - An application configuration
+      # report - A report containing information about the app evaluation
+      def begin_report_app(app, report)
+          shell.info "Checking cached dependency records for #{app["name"]}"
+      end
 
-          all_reports = report.all_reports
+      # Reports any errors found when checking status, as well as
+      # overall number of dependencies checked
+      #
+      # app - An application configuration
+      # report - A report containing information about the app evaluation
+      def end_report_app(app, report)
+        all_reports = report.all_reports
 
-          warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
-          if warning_reports.any?
-            shell.newline
-            shell.warn "Warnings:"
-            warning_reports.each do |r|
-              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
+        warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
+        if warning_reports.any?
+          shell.newline
+          shell.warn "Warnings:"
+          warning_reports.each do |r|
+            display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.warn "* #{r.name}"
-              shell.warn "  #{display_metadata}" unless display_metadata.empty?
-              r.warnings.each do |warning|
-                shell.warn "    - #{warning}"
-              end
-              shell.newline
+            shell.warn "* #{r.name}"
+            shell.warn "  #{display_metadata}" unless display_metadata.empty?
+            r.warnings.each do |warning|
+              shell.warn "    - #{warning}"
             end
+            shell.newline
           end
+        end
 
-          errored_reports = all_reports.select { |r| r.errors.any? }.to_a
+        errored_reports = all_reports.select { |r| r.errors.any? }.to_a
 
-          dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
-          error_count = errored_reports.sum { |r| r.errors.size }
+        dependency_count = all_reports.count { |r| r.target.is_a?(Licensed::Dependency) }
+        error_count = errored_reports.sum { |r| r.errors.size }
 
-          if error_count > 0
-            shell.newline
-            shell.error "Errors:"
-            errored_reports.each do |r|
-              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
+        if error_count > 0
+          shell.newline
+          shell.error "Errors:"
+          errored_reports.each do |r|
+            display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.error "* #{r.name}"
-              shell.error "  #{display_metadata}" unless display_metadata.empty?
-              r.errors.each do |error|
-                shell.error "    - #{error}"
-              end
-              shell.newline
+            shell.error "* #{r.name}"
+            shell.error "  #{display_metadata}" unless display_metadata.empty?
+            r.errors.each do |error|
+              shell.error "    - #{error}"
             end
+            shell.newline
           end
-
-          shell.newline
-          shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
-
-          result
         end
+
+        shell.newline
+        shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
       end
 
-      # Reports on a dependency in a status command run.
-      # Shows whether the dependency's status is valid in dot format
+      # Reports whether the dependency's status is valid in dot format
       #
       # dependency - An application dependency
-      #
-      # Returns the result of the yielded method
-      # Note - must be called from inside the `report_run` scope
-      def report_dependency(dependency)
-        super do |report|
-          result = yield report
-
-          if report.errors.empty?
-            shell.confirm(".", false)
-          else
-            shell.error("F", false)
-          end
-
-          result
+      # report - A report containing information about the dependency evaluation
+      def end_report_dependency(dependency, report)
+        if report.errors.empty?
+          shell.confirm(".", false)
+        else
+          shell.error("F", false)
         end
       end
     end

data/lib/licensed/reporters/yaml_reporter.rb

@@ -2,31 +2,29 @@
 module Licensed
   module Reporters
     class YamlReporter < Reporter
-      def report_run(command)
-        super do |report|
-          result = yield report
-
-          report["apps"] = report.reports.map(&:to_h) if report.reports.any?
-          shell.info sanitize(report.to_h).to_yaml
-
-          result
-        end
+      # Report all information from the command run to the shell as a YAML object
+      #
+      # command - The command being run
+      # report - A report object containing information about the command run
+      def end_report_command(command, report)
+        report["apps"] = report.reports.map(&:to_h) if report.reports.any?
+        shell.info sanitize(report.to_h).to_yaml
       end
 
-      def report_app(app)
-        super do |report|
-          result = yield report
-          report["sources"] = report.reports.map(&:to_h) if report.reports.any?
-          result
-        end
+      # Add source report information to the app report hash
+      #
+      # app - An application configuration
+      # report - A report object containing information about the app evaluation
+      def end_report_app(app, report)
+        report["sources"] = report.reports.map(&:to_h) if report.reports.any?
       end
 
-      def report_source(source)
-        super do |report|
-          result = yield report
-          report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
-          result
-        end
+      # Add dependency report information to the source report hash
+      #
+      # source - A dependency source enumerator
+      # report - A report object containing information about the source evaluation
+      def end_report_source(source, report)
+        report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
       end
 
       def sanitize(object)

data/lib/licensed/sources/bundler/definition.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Licensed
+  module Bundler
+    module DefinitionExtensions
+      attr_accessor :force_exclude_groups
+
+      # Override specs to avoid logic that would raise Gem::NotFound
+      # which is handled in this ./missing_specification.rb, and to not add
+      # bundler as a dependency if it's not a user-requested gem.
+      #
+      # Newer versions of Bundler have changed the implementation of specs_for
+      # as well which no longer calls this function.  Overriding this function
+      # gives a stable access point for licensed
+      def specs
+        @specs ||= begin
+          specs = resolve.materialize(requested_dependencies)
+
+          all_dependencies = requested_dependencies.concat(specs.flat_map(&:dependencies))
+          if all_dependencies.any? { |d| d.name == "bundler" } && !specs["bundler"].any?
+            bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", ::Bundler::VERSION)).last
+            specs["bundler"] = bundler
+          end
+
+          specs
+        end
+      end
+
+      # Override requested_groups to also exclude any groups that are
+      # in the "bundler.without" section of the licensed configuration file.
+      def requested_groups
+        super - Array(force_exclude_groups)
+      end
+    end
+  end
+end

data/lib/licensed/sources/bundler/missing_specification.rb

@@ -48,7 +48,7 @@ module Bundler
       spec = orig_materialize
       return spec if spec
 
-      Licensed::Bundler:: MissingSpecification.new(name: name, version: version, platform: platform, source: source)
+      Licensed::Bundler::MissingSpecification.new(name: name, version: version, platform: platform, source: source)
     end
   end
 end

data/lib/licensed/sources/bundler.rb

@@ -3,6 +3,7 @@ require "delegate"
 begin
   require "bundler"
   require "licensed/sources/bundler/missing_specification"
+  require "licensed/sources/bundler/definition"
 rescue LoadError
 end
 
@@ -29,7 +30,7 @@ module Licensed
         # `loaded_from` if available.
         def spec_file
           return @spec_file if defined?(@spec_file)
-          return @spec_file = nil unless loaded_from && File.exist?(loaded_from)
+          return @spec_file = nil unless loaded_from && File.file?(loaded_from)
           @spec_file = begin
             file = { name: File.basename(loaded_from), dir: File.dirname(loaded_from) }
             Licensee::ProjectFiles::PackageManagerFile.new(File.read(loaded_from), file)
@@ -37,7 +38,6 @@ module Licensed
         end
       end
 
-      GEMFILES = { "Gemfile" => "Gemfile.lock", "gems.rb" => "gems.locked" }
       DEFAULT_WITHOUT_GROUPS = %i{development test}
       RUBY_PACKER_ERROR = "The bundler source cannot be used from the executable built with ruby-packer.  Please install licensed using `gem install` or using bundler."
 
@@ -45,15 +45,20 @@ module Licensed
         # running a ruby-packer-built licensed exe when ruby isn't available
         # could lead to errors if the host ruby doesn't exist
         return false if ruby_packer? && !Licensed::Shell.tool_available?("ruby")
-        defined?(::Bundler) && lockfile_path && lockfile_path.exist?
+
+        # if Bundler isn't loaded, this enumerator won't work!
+        return false unless defined?(::Bundler)
+
+        with_application_environment { ::Bundler.default_lockfile&.exist? }
+      rescue ::Bundler::GemfileNotFound
+        false
       end
 
       def enumerate_dependencies
         raise Licensed::Sources::Source::Error.new(RUBY_PACKER_ERROR) if ruby_packer?
 
-        with_local_configuration do
-          specs.map do |spec|
-            next if spec.name == "bundler" && !include_bundler?
+        with_application_environment do
+          definition.specs.map do |spec|
             next if spec.name == config["name"]
 
             error = spec.error if spec.respond_to?(:error)
@@ -73,41 +78,13 @@ module Licensed
         end
       end
 
-      # Returns an array of Gem::Specifications for all gem dependencies
-      def specs
-        @specs ||= definition.specs_for(groups)
-      end
-
-      # Returns whether to include bundler as a listed dependency of the project
-      def include_bundler?
-        @include_bundler ||= begin
-          # include if bundler is listed as a direct dependency that should be included
-          requested_dependencies = definition.dependencies.select { |d| (d.groups & groups).any? && d.should_include? }
-          return true if requested_dependencies.any? { |d| d.name == "bundler" }
-          # include if bundler is an indirect dependency
-          return true if specs.flat_map(&:dependencies).any? { |d| d.name == "bundler" }
-          false
-        end
-      end
-
-      # Build the bundler definition
       def definition
-        @definition ||= ::Bundler::Definition.build(gemfile_path, lockfile_path, nil)
-      end
-
-      # Returns the bundle definition groups, removing "without" groups,
-      # and including "with" groups
-      def groups
-        @groups ||= definition.groups - bundler_setting_array(:without) + bundler_setting_array(:with) - exclude_groups
-      end
-
-      # Returns a bundler setting as an array.
-      # Depending on the version of bundler, array values are either returned as
-      # a raw string ("a:b:c") or as an array ([:a, :b, :c])
-      def bundler_setting_array(key)
-        setting = ::Bundler.settings[key]
-        setting = setting.split(":").map(&:to_sym) if setting.is_a?(String)
-        Array(setting)
+        @definition ||= begin
+          definition = ::Bundler::Definition.build(::Bundler.default_gemfile, ::Bundler.default_lockfile, nil)
+          definition.extend Licensed::Bundler::DefinitionExtensions
+          definition.force_exclude_groups = exclude_groups
+          definition
+        end
       end
 
       # Returns any groups to exclude specified from both licensed configuration
@@ -121,41 +98,33 @@ module Licensed
         end
       end
 
-      # Returns the path to the Bundler Gemfile
-      def gemfile_path
-        @gemfile_path ||= GEMFILES.keys
-                                  .map { |g| config.pwd.join g }
-                                  .find { |f| f.exist? }
-      end
-
-      # Returns the path to the Bundler Gemfile.lock
-      def lockfile_path
-        return unless gemfile_path
-        @lockfile_path ||= gemfile_path.dirname.join(GEMFILES[gemfile_path.basename.to_s])
-      end
-
-      private
-
       # helper to clear all bundler environment around a yielded block
-      def with_local_configuration
-        # force bundler to use the local gem file
-        original_bundle_gemfile, ENV["BUNDLE_GEMFILE"] = ENV["BUNDLE_GEMFILE"], gemfile_path.to_s
+      def with_application_environment
+        backup = nil
+
+        ::Bundler.ui.silence do
+          if ::Bundler.root != config.source_path
+            backup = ENV.to_hash
+            ENV.replace(::Bundler.original_env)
 
-        # silence any bundler warnings while running licensed
-        bundler_ui, ::Bundler.ui = ::Bundler.ui, ::Bundler::UI::Silent.new
+            # reset bundler to load from the current app's source path
+            ::Bundler.reset!
+          end
 
-        # reset all bundler configuration
-        ::Bundler.reset!
-        # and re-configure with settings for current directory
-        ::Bundler.configure
+          # ensure the bundler environment is loaded before enumeration
+          ::Bundler.load
 
-        yield
+          yield
+        end
       ensure
-        ENV["BUNDLE_GEMFILE"] = original_bundle_gemfile
-        ::Bundler.ui = bundler_ui
+        if backup
+          # restore bundler configuration
+          ENV.replace(backup)
+          ::Bundler.reset!
+        end
 
-        # restore bundler configuration
-        ::Bundler.configure
+        # reload the bundler environment after enumeration
+        ::Bundler.load
       end
 
       # Returns whether the current licensed execution is running ruby-packer

data/lib/licensed/sources/dep.rb

@@ -40,10 +40,10 @@ module Licensed
         end
       end
 
-      # Returns the godoc.org page for a package.
+      # Returns the pkg.go.dev page for a package.
       def homepage(import_path)
         return unless import_path
-        "https://godoc.org/#{import_path}"
+        "https://pkg.go.dev/#{import_path}"
       end
 
       # Returns whether the package is part of the go std list.  Replaces

data/lib/licensed/sources/go.rb

@@ -98,7 +98,7 @@ module Licensed
       # Returns whether the package is local to the current project
       def local_package?(package)
         return false unless package && package["Dir"]
-        return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"])
+        return false unless File.fnmatch?("#{config.root}*", package["Dir"], File::FNM_CASEFOLD)
         vendored_path_parts(package).nil?
       end
 
@@ -132,10 +132,10 @@ module Licensed
         end
       end
 
-      # Returns the godoc.org page for a package.
+      # Returns the pkg.go.dev page for a package.
       def homepage(import_path)
         return unless import_path
-        "https://godoc.org/#{import_path}"
+        "https://pkg.go.dev/#{import_path}"
       end
 
       # Returns the root directory to search for a package license

data/lib/licensed/sources/gradle.rb

@@ -125,10 +125,10 @@ module Licensed
       def self.add_gradle_license_report_plugins_block(gradle_build_file)
 
         if gradle_build_file.include? "plugins"
-          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.6'")
+          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
         else
 
-          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.6' }" + gradle_build_file
+          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
         end
       end
 

data/lib/licensed/sources/helpers/content_versioning.rb

@@ -61,11 +61,12 @@ module Licensed
 
         paths = paths.compact.select { |path| File.file?(path) }
         return if paths.empty?
-
+        # rubocop:disable GitHub/InsecureHashAlgorithm
         paths.sort
              .reduce(Digest::XXHash64.new, :file)
              .digest
              .to_s(16) # convert to hex
+        # rubocop:enable GitHub/InsecureHashAlgorithm
       end
     end
   end