Merge branch 'dotnet-framework' into 'master'v2.4.1

Add example scan of project with a nuget `packages.config` file See merge request gitlab-org/security-products/license-management!105
author: Can Eldem <celdem@gitlab.com> 2020-01-23 14:01:20 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-01-23 14:01:20 +0000
commit: 9365cb33e578b08ca271fc8cb00ea0798b9e9f7a (patch)
tree: 6630fabb655c0b81a7a339e75f36ebcb156a8364
parent: 9d0efd773673d47e24fc1e5afa7ed0b514849463 (diff)
parent: 640be3d5b2f446434c229c3aa8cad0649a6ab779 (diff)
7 files changed, 129 insertions, 4 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 446baa1..ad8a4c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # GitLab License management changelog
 
+## v2.4.1
+
+- Include a default NuGet configuration file (!105)
+
 ## v2.4.0
 
 - Add support for `Pipfile.lock` (!103)
diff --git a/Dockerfile b/Dockerfile
index f8c0f42..9df21c9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,6 +32,7 @@ RUN add-apt-repository ppa:ondrej/php -y && apt-get update -y && \
     asdf reshim && \
     rm -rf /var/lib/apt/lists/*
 
+COPY config/NuGet /root/.config/NuGet
 COPY test /test
 COPY run.sh /
 COPY . /opt/license-management/
diff --git a/Gemfile.lock b/Gemfile.lock
index 60f69d1..bddd908 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    license-management (2.4.0)
+    license-management (2.4.1)
       license_finder (~> 5.11)
       net-hippie (~> 0.3)
 
@@ -20,7 +20,7 @@ GEM
       toml (= 0.2.0)
       with_env (= 1.1.0)
       xml-simple
-    net-hippie (0.3.0)
+    net-hippie (0.3.1)
     parslet (1.8.2)
     public_suffix (4.0.3)
     rspec (3.9.0)
diff --git a/config/NuGet/NuGet.Config b/config/NuGet/NuGet.Config
new file mode 100644
index 0000000..5aacae8
--- /dev/null
+++ b/config/NuGet/NuGet.Config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <config>
+    <add key="repositoryPath" value="/root/.packages" />
+  </config>
+  <packageSources>
+    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
+  </packageSources>
+  <packageRestore>
+    <add key="enabled" value="true" />
+    <add key="automatic" value="true" />
+  </packageRestore>
+</configuration>
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index a5e7b07..b1dcf4f 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '2.4.0'
+    VERSION = '2.4.1'
   end
 end
diff --git a/spec/integration/dotnet/nuget_spec.rb b/spec/integration/dotnet/nuget_spec.rb
new file mode 100644
index 0000000..1d0ecfc
--- /dev/null
+++ b/spec/integration/dotnet/nuget_spec.rb
@@ -0,0 +1,106 @@
+require 'spec_helper'
+
+RSpec.describe ".NET Framework" do
+  context "when a project has a nuget packages.config file in the root" do
+    let(:packages_config) do
+      <<-XML
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.0" targetFramework="net46" />
+  <package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net46" developmentDependency="true" />
+  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net46" />
+  <package id="Microsoft.Web.Xdt" version="2.1.1" targetFramework="net46" />
+  <package id="Newtonsoft.Json" version="8.0.3" allowedVersions="[8,10)" targetFramework="net46" />
+  <package id="NuGet.Core" version="2.11.1" targetFramework="net46" />
+  <package id="NuGet.Server" version="2.11.2" targetFramework="net46" />
+  <package id="RouteMagic" version="1.3" targetFramework="net46" />
+  <package id="WebActivatorEx" version="2.1.0" targetFramework="net46" />
+  <package id="jive" version="0.1.0" />
+</packages>
+      XML
+    end
+
+    it 'produces a valid report' do
+      runner.add_file('packages.config', packages_config)
+      report = runner.scan
+
+      expect(report).not_to be_empty
+      expect(report).to match_schema(version: '2.0')
+      expect(report[:licenses].count).not_to be_zero
+      expect(report[:dependencies].map { |x| x[:name] }).to match_array([
+        "Microsoft.CodeDom.Providers.DotNetCompilerPlatform",
+        "Microsoft.Net.Compilers",
+        "Microsoft.Web.Infrastructure",
+        "Microsoft.Web.Xdt",
+        "Newtonsoft.Json",
+        "NuGet.Core",
+        "NuGet.Server",
+        "RouteMagic",
+        "WebActivatorEx",
+        "jive",
+      ])
+    end
+  end
+
+  context "when a project has multiple nuget packages.config in different sub directories" do
+    let(:console_packages) do
+      <<-XML
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="jive" version="0.1.0" />
+</packages>
+      XML
+    end
+
+    let(:winforms_packages) do
+      <<-XML
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="MvcMailer" version="4.5.0" />
+</packages>
+      XML
+    end
+
+    it 'produces a report including dependencies from each sub directory' do
+      runner.add_file('console/packages.config', console_packages)
+      runner.add_file('winforms/packages.config', winforms_packages)
+      report = runner.scan(env: { 'LICENSE_FINDER_CLI_OPTS' => '--recursive' })
+
+      expect(report).not_to be_empty
+      expect(report).to match_schema(version: '2.0')
+      # expect(report[:licenses].map { |x| x[:id] }.uniq).to match_array(['MIT'])
+      expect(report[:dependencies].map { |x| x[:name] }).to match_array([
+        "jive",
+        "MvcMailer",
+      ])
+    end
+  end
+
+  context "when a project has a dependency that has it's own dependencies" do
+    let(:packages) do
+      <<-XML
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="NHibernate" version="5.2.6" />
+</packages>
+      XML
+    end
+
+    pending 'produces a report that includes the dependencies of each dependency' do
+      runner.add_file('packages.config', packages)
+      report = runner.scan
+
+      expect(report).not_to be_empty
+      expect(report).to match_schema(version: '2.0')
+      expect(report[:licenses].count).not_to be_zero
+      expect(report[:licenses].map { |x| x[:id] }.uniq).to match_array(['LGPL-2.1', 'Apache-2.0', 'BSD-3-Clause'])
+      expect(report[:dependencies].map { |x| x[:name] }).to match_array([
+        'Iesi.Collections',
+        'Remotion.Linq',
+        'Remotion.Linq.EagerFetching',
+        "Antlr3.Runtime",
+        "NHibernate",
+      ])
+    end
+  end
+end
diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb
index 5ef00a1..e05ef43 100644
--- a/spec/support/integration_test_helper.rb
+++ b/spec/support/integration_test_helper.rb
@@ -8,7 +8,8 @@ module IntegrationTestHelper
     end
 
     def add_file(name, content = nil)
-      full_path = "#{project_path}/#{name}"
+      full_path = Pathname.new("#{project_path}/#{name}")
+      FileUtils.mkdir_p(full_path.dirname)
       IO.write(full_path, block_given? ? yield : content)
     end
author	Can Eldem <celdem@gitlab.com>	2020-01-23 14:01:20 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-01-23 14:01:20 +0000
commit	9365cb33e578b08ca271fc8cb00ea0798b9e9f7a (patch)
tree	6630fabb655c0b81a7a339e75f36ebcb156a8364
parent	9d0efd773673d47e24fc1e5afa7ed0b514849463 (diff)
parent	640be3d5b2f446434c229c3aa8cad0649a6ab779 (diff)