licensee 9.13.0 → 9.15.0

data/lib/licensee/matchers/cabal.rb

@@ -5,7 +5,7 @@ module Licensee
     class Cabal < Licensee::Matchers::Package
       # While we could parse the cabal file, prefer
       # a lenient regex for speed and security. Moar parsing moar problems.
-      LICENSE_REGEX = /^\s*license\s*\:\s*([a-z\-0-9\.]+)\s*$/ix.freeze
+      LICENSE_REGEX = /^\s*license\s*:\s*([a-z\-0-9.]+)\s*$/ix.freeze
       LICENSE_CONVERSIONS = {
         'GPL-2'  => 'GPL-2.0',
         'GPL-3'  => 'GPL-3.0',

data/lib/licensee/matchers/cargo.rb

@@ -4,7 +4,7 @@ module Licensee
   module Matchers
     class Cargo < Licensee::Matchers::Package
       LICENSE_REGEX = %r{
-        ^\s*[\'\"]?license[\'\"]?\s*=\s*[\'\"]([a-z\-0-9\. +()\/]+)[\'\"]\s*
+        ^\s*['"]?license['"]?\s*=\s*['"]([a-z\-0-9. +()/]+)['"]\s*
       }ix.freeze
 
       private

data/lib/licensee/matchers/copyright.rb

@@ -5,16 +5,11 @@ module Licensee
     class Copyright < Licensee::Matchers::Matcher
       attr_reader :file
 
-      # rubocop:disable Metrics/LineLength
       COPYRIGHT_SYMBOLS = Regexp.union([/copyright/i, /\(c\)/i, "\u00A9", "\xC2\xA9"])
-      REGEX = /#{ContentHelper::START_REGEX}(?:portions )?(\s*#{COPYRIGHT_SYMBOLS}.*$)+$/i.freeze
-      # rubocop:enable Metrics/LineLength
-
+      REGEX = /#{ContentHelper::START_REGEX}(?:portions )?([_*\-\s]*#{COPYRIGHT_SYMBOLS}.*$)+$/i.freeze
       def match
-        # Note: must use content, and not content_normalized here
-        if file.content.strip =~ /#{REGEX}+\z/i
-          Licensee::License.find('no-license')
-        end
+        # NOTE: must use content, and not content_normalized here
+        Licensee::License.find('no-license') if /#{REGEX}+\z/io.match?(file.content.strip)
       rescue Encoding::CompatibilityError
         nil
       end

data/lib/licensee/matchers/cran.rb

@@ -26,7 +26,7 @@ module Licensee
       # Otherwise, returns `nil`
       def gpl_version(license_key)
         match = license_key.match GPL_VERSION_REGEX
-        match ? "gpl-#{(match[1] || match[2])}.0" : nil
+        match ? "gpl-#{match[1] || match[2]}.0" : nil
       end
 
       # Normalizes the license field value to an SPDX ID

data/lib/licensee/matchers/dice.rb

@@ -10,7 +10,7 @@ module Licensee
                      nil
                    else
                      matches.first[0]
-        end
+                   end
       end
 
       # Licenses that may be a match for this file.
@@ -26,7 +26,7 @@ module Licensee
             if license.creative_commons? && file.potential_false_positive?
               false
             else
-              license.wordset && license.length_delta(file) <= license.max_delta
+              license.wordset
             end
           end
         end

data/lib/licensee/matchers/dist_zilla.rb

@@ -5,7 +5,7 @@ module Licensee
     class DistZilla < Licensee::Matchers::Package
       attr_reader :file
 
-      LICENSE_REGEX = /^license\s*=\s*([a-z\-0-9\._]+)/i.freeze
+      LICENSE_REGEX = /^license\s*=\s*([a-z\-0-9._]+)/i.freeze
 
       private
 

data/lib/licensee/matchers/gemspec.rb

@@ -5,7 +5,7 @@ module Licensee
     class Gemspec < Licensee::Matchers::Package
       # a value is a string surrounded by any amount of whitespace
       # optionally ended with (non-captured) ".freeze"
-      VALUE_REGEX = /\s*[\'\"]([a-z\-0-9\.]+)[\'\"](?:\.freeze)?\s*/i.freeze
+      VALUE_REGEX = /\s*['"]([a-z\-0-9.]+)['"](?:\.freeze)?\s*/i.freeze
 
       # an array contains one or more values. all values, or array itself,
       # can be surrounded by any amount of whitespace.  do not capture
@@ -13,15 +13,15 @@ module Licensee
       ARRAY_REGEX = /\s*\[#{VALUE_REGEX}(?:,#{VALUE_REGEX})*\]\s*/i.freeze
 
       DECLARATION_REGEX = /
-        ^\s*[a-z0-9_]+\.([a-z0-9_]+)\s*\=#{VALUE_REGEX}$
+        ^\s*[a-z0-9_]+\.([a-z0-9_]+)\s*=#{VALUE_REGEX}$
       /ix.freeze
 
       LICENSE_REGEX = /
-        ^\s*[a-z0-9_]+\.license\s*\=#{VALUE_REGEX}$
+        ^\s*[a-z0-9_]+\.license\s*=#{VALUE_REGEX}$
       /ix.freeze
 
       LICENSE_ARRAY_REGEX = /
-        ^\s*[a-z0-9_]+\.licenses\s*\=#{ARRAY_REGEX}$
+        ^\s*[a-z0-9_]+\.licenses\s*=#{ARRAY_REGEX}$
       /ix.freeze
 
       private

data/lib/licensee/matchers/npm_bower.rb

@@ -6,14 +6,17 @@ module Licensee
       # While we could parse the package.json or bower.json file, prefer
       # a lenient regex for speed and security. Moar parsing moar problems.
       LICENSE_REGEX = /
-        \s*[\"\']license[\"\']\s*\:\s*[\'\"]([a-z\-0-9\.+ ()]+)[\'\"],?\s*
+        \s*["']license["']\s*:\s*['"]([a-z\-0-9.+ ()]+)['"],?\s*
       /ix.freeze
 
       private
 
       def license_property
         match = @file.content.match LICENSE_REGEX
-        match[1].downcase if match && match[1]
+        return unless match && match[1]
+        return 'no-license' if match[1] == 'UNLICENSED'
+
+        match[1].downcase
       end
     end
   end

data/lib/licensee/matchers/nuget.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Licensee
+  module Matchers
+    class NuGet < Licensee::Matchers::Package
+      # While we could parse the nuspec file, prefer a lenient regex for speed and security.
+      # Moar parsing moar problems.
+      LICENSE_REGEX = %r{
+        <license\s*type\s*=\s*["']expression["']\s*>([a-z\-0-9. +()]+)</license\s*>
+      }ix.freeze
+
+      LICENSE_URL_REGEX = %r{<licenseUrl>\s*(.*)\s*</licenseUrl>}i.freeze
+
+      NUGET_REGEX = %r{https?://licenses.nuget.org/(.*)}i.freeze
+      OPENSOURCE_REGEX = %r{https?://(?:www\.)?opensource.org/licenses/(.*)}i.freeze
+      SPDX_REGEX = %r{https?://(?:www\.)?spdx.org/licenses/(.*?)(?:\.html|\.txt)?$}i.freeze
+      APACHE_REGEX = %r{https?://(?:www\.)?apache.org/licenses/(.*?)(?:\.html|\.txt)?$}i.freeze
+
+      private
+
+      def license_from_first_capture(url, pattern)
+        match = url.match(pattern)
+        match[1].downcase if match && match[1]
+      end
+
+      def license_from_url(url)
+        license_from_first_capture(url, NUGET_REGEX) ||
+          license_from_first_capture(url, OPENSOURCE_REGEX) ||
+          license_from_first_capture(url, SPDX_REGEX) ||
+          license_from_first_capture(url, APACHE_REGEX)&.gsub('license', 'apache')
+      end
+
+      def license_property
+        # Prefer the explicit <license type="expression"> element
+        match = @file.content.match LICENSE_REGEX
+        return match[1].downcase if match && match[1]
+
+        url_match = @file.content.match LICENSE_URL_REGEX
+        license_from_url(url_match[1]) if url_match && url_match[1]
+      end
+    end
+  end
+end

data/lib/licensee/matchers/spdx.rb

@@ -5,7 +5,7 @@ module Licensee
     class Spdx < Licensee::Matchers::Package
       # While we could parse the LICENSE.spdx file, prefer
       # a lenient regex for speed and security. Moar parsing moar problems.
-      LICENSE_REGEX = /PackageLicenseDeclared:\s*([a-z\-0-9\. +()]+)\s*/i.freeze
+      LICENSE_REGEX = /PackageLicenseDeclared:\s*([a-z\-0-9. +()]+)\s*/i.freeze
 
       private
 

data/lib/licensee/project_files/license_file.rb

@@ -10,7 +10,14 @@ module Licensee
       PREFERRED_EXT_REGEX = /\.#{Regexp.union(PREFERRED_EXT)}\z/.freeze
 
       # Regex to match any extension except .spdx or .header
-      OTHER_EXT_REGEX = %r{\.(?!spdx|header|gemspec)[^./]+\z}i.freeze
+      LICENSE_EXT_REGEX = %r{\.(?!spdx|header)[^./]+\z}i.freeze
+
+      # Regex to match any extension except a few unlikely as license
+      # texts with complex filenames
+      OTHER_EXT_REGEX = %r{\.(?!xml|go|gemspec)[^./]+\z}i.freeze
+
+      # Regex to match any extension
+      ANY_EXT_REGEX = %r{\.[^./]+\z}i.freeze
 
       # Regex to match, LICENSE, LICENCE, unlicense, etc.
       LICENSE_REGEX = /(un)?licen[sc]e/i.freeze
@@ -26,22 +33,22 @@ module Licensee
 
       # Hash of Regex => score with which to score potential license files
       FILENAME_REGEXES = {
-        /\A#{LICENSE_REGEX}\z/                       => 1.00,  # LICENSE
-        /\A#{LICENSE_REGEX}#{PREFERRED_EXT_REGEX}\z/ => 0.95,  # LICENSE.md
-        /\A#{COPYING_REGEX}\z/                       => 0.90,  # COPYING
-        /\A#{COPYING_REGEX}#{PREFERRED_EXT_REGEX}\z/ => 0.85,  # COPYING.md
-        /\A#{LICENSE_REGEX}#{OTHER_EXT_REGEX}\z/     => 0.80,  # LICENSE.textile
-        /\A#{COPYING_REGEX}#{OTHER_EXT_REGEX}\z/     => 0.75,  # COPYING.textile
-        /\A#{LICENSE_REGEX}[-_]/                     => 0.70,  # LICENSE-MIT
-        /\A#{COPYING_REGEX}[-_]/                     => 0.65,  # COPYING-MIT
-        /[-_]#{LICENSE_REGEX}/                       => 0.60,  # MIT-LICENSE-MIT
-        /[-_]#{COPYING_REGEX}/                       => 0.55,  # MIT-COPYING
-        /\A#{OFL_REGEX}#{PREFERRED_EXT_REGEX}/       => 0.50,  # OFL.md
-        /\A#{OFL_REGEX}#{OTHER_EXT_REGEX}/           => 0.45,  # OFL.textile
-        /\A#{OFL_REGEX}\z/                           => 0.40,  # OFL
-        /\A#{PATENTS_REGEX}\z/                       => 0.35,  # PATENTS
-        /\A#{PATENTS_REGEX}#{OTHER_EXT_REGEX}\z/     => 0.30,  # PATENTS.txt
-        //                                           => 0.00   # Catch all
+        /\A#{LICENSE_REGEX}\z/                                => 1.00,  # LICENSE
+        /\A#{LICENSE_REGEX}#{PREFERRED_EXT_REGEX}\z/          => 0.95,  # LICENSE.md
+        /\A#{COPYING_REGEX}\z/                                => 0.90,  # COPYING
+        /\A#{COPYING_REGEX}#{PREFERRED_EXT_REGEX}\z/          => 0.85,  # COPYING.md
+        /\A#{LICENSE_REGEX}#{LICENSE_EXT_REGEX}\z/            => 0.80,  # LICENSE.textile
+        /\A#{COPYING_REGEX}#{ANY_EXT_REGEX}\z/                => 0.75,  # COPYING.textile
+        /\A#{LICENSE_REGEX}[-_][^.]*#{OTHER_EXT_REGEX}?\z/    => 0.70,  # LICENSE-MIT
+        /\A#{COPYING_REGEX}[-_][^.]*#{OTHER_EXT_REGEX}?\z/    => 0.65,  # COPYING-MIT
+        /\A\w+[-_]#{LICENSE_REGEX}[^.]*#{OTHER_EXT_REGEX}?\z/ => 0.60,  # MIT-LICENSE-MIT
+        /\A\w+[-_]#{COPYING_REGEX}[^.]*#{OTHER_EXT_REGEX}?\z/ => 0.55,  # MIT-COPYING
+        /\A#{OFL_REGEX}#{PREFERRED_EXT_REGEX}/                => 0.50,  # OFL.md
+        /\A#{OFL_REGEX}#{OTHER_EXT_REGEX}/                    => 0.45,  # OFL.textile
+        /\A#{OFL_REGEX}\z/                                    => 0.40,  # OFL
+        /\A#{PATENTS_REGEX}\z/                                => 0.35,  # PATENTS
+        /\A#{PATENTS_REGEX}#{OTHER_EXT_REGEX}\z/              => 0.30,  # PATENTS.txt
+        //                                                    => 0.00   # Catch all
       }.freeze
 
       # CC-NC and CC-ND are not open source licenses and should not be
@@ -56,11 +63,11 @@ module Licensee
 
       def attribution
         @attribution ||= begin
-          return unless copyright? || license.content =~ /\[fullname\]/
-
-          matches = Matchers::Copyright::REGEX
-                    .match(content_without_title_and_version)
-          matches[0] if matches
+          if copyright? || license.content&.include?('[fullname]')
+            matches = Matchers::Copyright::REGEX
+                      .match(content_without_title_and_version)
+            matches[0] if matches
+          end
         end
       end
 

data/lib/licensee/project_files/package_manager_file.rb

@@ -7,7 +7,8 @@ module Licensee
       MATCHERS_EXTENSIONS = {
         '.gemspec' => [Matchers::Gemspec],
         '.json'    => [Matchers::NpmBower],
-        '.cabal'   => [Matchers::Cabal]
+        '.cabal'   => [Matchers::Cabal],
+        '.nuspec'  => [Matchers::NuGet]
       }.freeze
 
       # Hash of Filename => [possible matchers]
@@ -33,7 +34,7 @@ module Licensee
       end
 
       def self.name_score(filename)
-        return 1.0 if ['.gemspec', '.cabal'].include?(File.extname(filename))
+        return 1.0 if ['.gemspec', '.cabal', '.nuspec'].include?(File.extname(filename))
 
         FILENAMES_SCORES[filename] || 0.0
       end

data/lib/licensee/project_files/project_file.rb

@@ -37,9 +37,8 @@ module Licensee
       def initialize(content, metadata = {})
         @content = content.dup
         @content.force_encoding(ENCODING)
-        unless @content.valid_encoding?
-          @content.encode!(ENCODING, ENCODING_OPTIONS)
-        end
+        @content.encode!(ENCODING, **ENCODING_OPTIONS) unless @content.valid_encoding?
+        @content.encode!(ENCODING, universal_newline: true)
 
         metadata = { name: metadata } if metadata.is_a? String
         @data = metadata || {}
@@ -92,7 +91,7 @@ module Licensee
         return false unless is_a?(LicenseFile)
         return false unless matcher.is_a?(Matchers::Copyright)
 
-        filename =~ /\Acopyright(?:#{LicenseFile::OTHER_EXT_REGEX})?\z/i
+        filename =~ /\Acopyright(?:#{LicenseFile::OTHER_EXT_REGEX})?\z/io
       end
 
       def content_hash

data/lib/licensee/project_files/readme_file.rb

@@ -35,7 +35,7 @@ module Licensee
 
       def self.name_score(filename)
         SCORES.each do |pattern, score|
-          return score if pattern =~ filename
+          return score if pattern&.match?(filename)
         end
         0.0
       end

data/lib/licensee/projects/fs_project.rb

@@ -20,9 +20,7 @@ module Licensee
         end
 
         @root = File.expand_path(args.delete(:search_root) || @dir)
-        unless valid_search_root?
-          raise 'Search root must be the project path directory or its ancestor'
-        end
+        raise 'Search root must be the project path directory or its ancestor' unless valid_search_root?
 
         super(**args)
       end
@@ -44,13 +42,18 @@ module Licensee
         end
       end
 
-      # Retrieve a file's content from disk
+      # Retrieve a file's content from disk, enforcing encoding
       #
       # file - the file hash, with the :name key as the file's relative path
       #
       # Returns the file contents as a string
       def load_file(file)
-        File.read dir_path.join(file[:dir], file[:name])
+        content = File.read dir_path.join(file[:dir], file[:name])
+        content.force_encoding(ProjectFiles::ProjectFile::ENCODING)
+
+        return content if content.valid_encoding?
+
+        content.encode(ProjectFiles::ProjectFile::ENCODING, **ProjectFiles::ProjectFile::ENCODING_OPTIONS)
       end
 
       # Returns true if @dir is @root or it's descendant

data/lib/licensee/projects/git_project.rb

@@ -28,9 +28,11 @@ module Licensee
 
       def repository
         @repository ||= begin
-          return @raw_repo if @raw_repo.is_a? Rugged::Repository
-
-          Rugged::Repository.new(@raw_repo)
+          if @raw_repo.is_a? Rugged::Repository
+            @raw_repo
+          else
+            Rugged::Repository.new(@raw_repo)
+          end
         end
       rescue Rugged::OSError, Rugged::RepositoryError
         raise InvalidRepository
@@ -47,7 +49,7 @@ module Licensee
                       repository.lookup(revision)
                     else
                       repository.last_commit
-        end
+                    end
       end
 
       MAX_LICENSE_SIZE = 64 * 1024

data/lib/licensee/projects/github_project.rb

@@ -15,7 +15,7 @@ module Licensee
       # If there's any trailing data (e.g. `.git`) this pattern will ignore it:
       # we're going to use the API rather than clone the repo.
       GITHUB_REPO_PATTERN =
-        %r{https://github.com/([^\/]+\/([^\/]+(?=\.git)|[^\/]+)).*}.freeze
+        %r{https://github.com/([^/]+/([^/]+(?=\.git)|[^/]+)).*}.freeze
 
       class RepoNotFound < StandardError; end
 

data/lib/licensee/projects/project.rb

@@ -28,7 +28,7 @@ module Licensee
                      licenses_without_copyright.first
                    elsif licenses_without_copyright.count > 1
                      Licensee::License.find('other')
-        end
+                   end
       end
 
       # Returns an array of detected Licenses
@@ -55,16 +55,17 @@ module Licensee
 
       def license_files
         @license_files ||= begin
-          return [] if files.empty? || files.nil?
-
-          files = find_files do |n|
-            Licensee::ProjectFiles::LicenseFile.name_score(n)
+          if files.empty? || files.nil?
+            []
+          else
+            files = find_files do |n|
+              Licensee::ProjectFiles::LicenseFile.name_score(n)
+            end
+            files = files.map do |file|
+              Licensee::ProjectFiles::LicenseFile.new(load_file(file), file)
+            end
+            prioritize_lgpl(files)
           end
-          files = files.map do |file|
-            Licensee::ProjectFiles::LicenseFile.new(load_file(file), file)
-          end
-
-          prioritize_lgpl(files)
         end
       end
 

data/lib/licensee/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Licensee
-  VERSION = '9.13.0'
+  VERSION = '9.15.0'
 end

data/licensee.gemspec

@@ -21,26 +21,25 @@ Gem::Specification.new do |gem|
   gem.executables << 'licensee'
 
   gem.add_dependency('dotenv', '~> 2.0')
-  gem.add_dependency('octokit', '~> 4.8')
+  gem.add_dependency('octokit', '~> 4.20')
   gem.add_dependency('reverse_markdown', '~> 1.0')
-  gem.add_dependency('rugged', '~> 0.24')
-  gem.add_dependency('thor', '~> 0.19')
+  gem.add_dependency('rugged', '>= 0.24', '<2.0')
+  gem.add_dependency('thor', '>= 0.19', '< 2.0')
 
+  gem.add_development_dependency('gem-release', '~> 2.0')
   gem.add_development_dependency('mustache', '>= 0.9', '< 2.0')
   gem.add_development_dependency('pry', '~> 0.9')
-  gem.add_development_dependency('rake', '~> 10.3')
   gem.add_development_dependency('rspec', '~> 3.5')
-  gem.add_development_dependency('rubocop', '~> 0.76')
+  gem.add_development_dependency('rubocop', '~> 1.0')
   gem.add_development_dependency('rubocop-performance', '~> 1.5')
-  gem.add_development_dependency('rubocop-rspec', '~> 1.36')
+  gem.add_development_dependency('rubocop-rspec', '~> 2.0')
   gem.add_development_dependency('simplecov', '~> 0.16')
   gem.add_development_dependency('webmock', '~> 3.1')
 
-  gem.required_ruby_version = '> 2.3'
+  gem.required_ruby_version = '>= 2.5'
 
   # ensure the gem is built out of versioned files
   gem.files = Dir[
-    'Rakefile',
     '{bin,lib,man,test,vendor,spec}/**/*',
     'README*', 'LICENSE*'
   ] & `git ls-files -z`.split("\0")