From 8ec78f9142577f9f6ed73d4dd5ac0a3e5f02a5c6 Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Mon, 13 Jan 2020 15:46:56 -0700
Subject: Use net/hippie to provider exponential backoff + jitter retries

---
 Gemfile.lock | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Gemfile.lock')

diff --git a/Gemfile.lock b/Gemfile.lock
index 4978f8d..0a91a04 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,6 +3,7 @@ PATH
   specs:
     license-management (2.3.1)
       license_finder (~> 5.11)
+      net-hippie (~> 0.2)
 
 GEM
   remote: https://rubygems.org/
@@ -15,6 +16,7 @@ GEM
       toml (= 0.2.0)
       with_env (= 1.1.0)
       xml-simple
+    net-hippie (0.2.7)
     parslet (1.8.2)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
-- 
cgit v1.2.3


From 1cc6c02f2f34252a85d354741db0a80d0f199286 Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Mon, 13 Jan 2020 17:04:13 -0700
Subject: Use net/hippie to follow redirects

---
 Gemfile.lock                             |  2 +-
 lib/license_finder/package_utils/pypi.rb | 12 +++++-------
 2 files changed, 6 insertions(+), 8 deletions(-)

(limited to 'Gemfile.lock')

diff --git a/Gemfile.lock b/Gemfile.lock
index 0a91a04..3c700a8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -16,7 +16,7 @@ GEM
       toml (= 0.2.0)
       with_env (= 1.1.0)
       xml-simple
-    net-hippie (0.2.7)
+    net-hippie (0.3.0)
     parslet (1.8.2)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
diff --git a/lib/license_finder/package_utils/pypi.rb b/lib/license_finder/package_utils/pypi.rb
index 30856bd..cfe3d66 100644
--- a/lib/license_finder/package_utils/pypi.rb
+++ b/lib/license_finder/package_utils/pypi.rb
@@ -6,17 +6,15 @@ module LicenseFinder
   class PyPI
     class << self
       def definition(name, version)
-        response = request("https://pypi.org/pypi/#{name}/#{version}/json")
+        url = "https://pypi.org/pypi/#{name}/#{version}/json"
+        response = Net::Hippie::Client.new.tap do |client|
+          client.follow_redirects = 3
+          client.with_retry { |x| x.get(url) }
+        end
         response.is_a?(Net::HTTPSuccess) ? JSON.parse(response.body).fetch('info', {}) : {}
       rescue *Net::Hippie::CONNECTION_ERRORS
         {}
       end
-
-      def request(url, limit = 10)
-        client = Net::Hippie::Client.new
-        response = client.with_retry { client.get(url) }
-        response.is_a?(Net::HTTPRedirection) && limit.positive? ? request(response['location'], limit - 1) : response
-      end
     end
   end
 end
-- 
cgit v1.2.3


From cfd445abb0e136471a96be27266558e488608923 Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Tue, 14 Jan 2020 09:14:11 -0700
Subject: Update version and CHANGELOG

---
 CHANGELOG.md                      | 4 ++++
 CONTRIBUTING.md                   | 3 ---
 Gemfile.lock                      | 2 +-
 lib/license/management/version.rb | 2 +-
 4 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'Gemfile.lock')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e82432..446baa1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # GitLab License management changelog
 
+## v2.4.0
+
+- Add support for `Pipfile.lock` (!103)
+
 ## v2.3.1
 
 - Run gradle without tests by default. (!102)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d17d469..d8fbbde 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,6 +31,3 @@ open the issue in order to keep track of it and then open the relevant merge
 request that potentially fixes it.
 
 [ee-tracker]: https://gitlab.com/gitlab-org/gitlab-ee/issues
-
-
-
diff --git a/Gemfile.lock b/Gemfile.lock
index 3c700a8..b8c2990 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    license-management (2.3.1)
+    license-management (2.4.0)
       license_finder (~> 5.11)
       net-hippie (~> 0.2)
 
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 995dee4..a5e7b07 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '2.3.1'
+    VERSION = '2.4.0'
   end
 end
-- 
cgit v1.2.3


From 84f457abde3a17dad26973f1f1c7147eaf58d02b Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Tue, 14 Jan 2020 16:50:02 -0700
Subject: Update version constraint

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Gemfile.lock')

diff --git a/Gemfile.lock b/Gemfile.lock
index b8c2990..abe9075 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,7 +3,7 @@ PATH
   specs:
     license-management (2.4.0)
       license_finder (~> 5.11)
-      net-hippie (~> 0.2)
+      net-hippie (~> 0.3)
 
 GEM
   remote: https://rubygems.org/
-- 
cgit v1.2.3


From 3aeed26912b238f6cb9c8b43587b0f3a7bf181f4 Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Wed, 15 Jan 2020 14:19:39 -0700
Subject: Add spec to ensure we can parse a v3 Pipfile.lock

---
 Gemfile.lock                           |  6 ++++
 license-management.gemspec             |  1 +
 spec/fixtures/v2.0_schema.json         | 16 +++++++++++
 spec/integration/python/pipenv_spec.rb | 51 ++++++++++++++++++++++++++++++++--
 spec/spec_helper.rb                    |  2 ++
 spec/support/matchers.rb               | 13 +++++++++
 6 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 spec/fixtures/v2.0_schema.json
 create mode 100644 spec/support/matchers.rb

(limited to 'Gemfile.lock')

diff --git a/Gemfile.lock b/Gemfile.lock
index abe9075..60f69d1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -8,7 +8,11 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     diff-lcs (1.3)
+    json-schema (2.8.1)
+      addressable (>= 2.4)
     license_finder (5.11.1)
       bundler
       rubyzip (>= 1, < 3)
@@ -18,6 +22,7 @@ GEM
       xml-simple
     net-hippie (0.3.0)
     parslet (1.8.2)
+    public_suffix (4.0.3)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -42,6 +47,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  json-schema (~> 2.8)
   license-management!
   rspec (~> 3.9)
 
diff --git a/license-management.gemspec b/license-management.gemspec
index 492fd2d..60ab5e1 100644
--- a/license-management.gemspec
+++ b/license-management.gemspec
@@ -29,5 +29,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'license_finder', '~> 5.11'
   spec.add_dependency 'net-hippie', '~> 0.3'
+  spec.add_development_dependency 'json-schema', '~> 2.8'
   spec.add_development_dependency 'rspec', '~> 3.9'
 end
diff --git a/spec/fixtures/v2.0_schema.json b/spec/fixtures/v2.0_schema.json
new file mode 100644
index 0000000..bd304ce
--- /dev/null
+++ b/spec/fixtures/v2.0_schema.json
@@ -0,0 +1,16 @@
+{
+  "$id": "https://gitlab.com/gitlab-org/security-products/license-management/blob/master/spec/fixtures/v2.0_schema.json",
+  "type": "object",
+  "required": [
+    "version",
+    "licenses",
+    "dependencies"
+  ],
+  "properties": {
+    "version": { "type": "string" },
+    "licenses": { "type": "array" },
+    "dependencies": { "type": "array" }
+  },
+  "additionalProperties": false
+}
+
diff --git a/spec/integration/python/pipenv_spec.rb b/spec/integration/python/pipenv_spec.rb
index 15e48dc..6039b25 100644
--- a/spec/integration/python/pipenv_spec.rb
+++ b/spec/integration/python/pipenv_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 RSpec.describe "pipenv" do
-  context "when a project depends on a Pipfile.lock" do
+  context "when a project depends on a version 6 Pipfile.lock" do
     let(:pipfile_lock_content) do
       JSON.pretty_generate({
         "_meta": {
@@ -23,8 +23,55 @@ RSpec.describe "pipenv" do
       report = runner.scan
 
       expect(report).not_to be_empty
-      expect(report[:version]).to start_with('2')
+      expect(report[:version]).not_to be_empty
+      expect(report[:licenses]).not_to be_empty
       expect(report[:dependencies].map { |x| x[:name] }).to include("six")
     end
   end
+
+  context "when a project depends on a version 3.2.1 Pipfile.lock" do
+    let(:pipfile_lock_content) do
+      JSON.pretty_generate({
+        "default": {
+          "crayons": { "version": "==0.1.2", "hash": "" },
+          "requirements-parser": { "version": "==0.1.0", "hash": "" },
+          "pexpect": { "version": "==4.2.1", "hash": "" },
+          "delegator.py": { "version": "==0.0.8", "hash": "" },
+          "backports.shutil_get_terminal_size": { "version": "==1.0.0", "hash": "" },
+          "ptyprocess": { "version": "==0.5.1", "hash": "" },
+          "parse": { "version": "==1.6.6", "hash": "" },
+          "toml": { "version": "==0.9.2", "hash": "" },
+          "colorama": { "version": "==0.3.7", "hash": "" },
+          "requests": { "version": "==2.13.0", "hash": "" },
+          "click": { "version": "==6.7", "hash": "" }
+        },
+        "develop": {
+          "packaging": { "version": "==16.8", "hash": "" },
+          "pytest": { "version": "==3.0.6", "hash": "" },
+          "setuptools": { "version": "==34.0.2", "hash": "" },
+          "pyparsing": { "version": "==2.1.10", "hash": "" },
+          "py": { "version": "==1.4.32", "hash": "" },
+          "six": { "version": "==1.10.0", "hash": "" },
+          "appdirs": { "version": "==1.4.0", "hash": "" }
+        },
+        "_meta": {
+          "sources": [ { "url": "https://pypi.python.org/simple", "verify_ssl": true } ],
+          "requires": {},
+          "Pipfile-sha256": "24f12b631b7c40b8c5eff934a1aef263ed04f5eaffb4acf4706442f3d23cba36"
+        }
+      })
+    end
+
+    it 'produces a valid report' do
+      runner.add_file('Pipfile.lock', pipfile_lock_content)
+
+      report = runner.scan
+
+      expect(report).to match_schema(version: '2.0')
+      expect(report).not_to be_empty
+      expect(report[:version]).not_to be_empty
+      expect(report[:licenses]).not_to be_empty
+      expect(report[:dependencies].count).to eql(18)
+    end
+  end
 end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 115822b..1889335 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,7 +1,9 @@
 require 'license/management'
 require 'json'
 require 'securerandom'
+require 'json-schema'
 require 'support/integration_test_helper'
+require 'support/matchers'
 
 RSpec.configure do |config|
   config.include IntegrationTestHelper, type: :integration
diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb
new file mode 100644
index 0000000..bb54d19
--- /dev/null
+++ b/spec/support/matchers.rb
@@ -0,0 +1,13 @@
+RSpec::Matchers.define :match_schema do |version: nil, **options|
+  match do |actual|
+    path = License::Management.root.join("spec/fixtures/v#{version}_schema.json")
+    schema = JSON.parse(IO.read(path))
+    @errors = JSON::Validator.fully_validate(schema, actual, options)
+    @errors.empty?
+  end
+
+  failure_message do |response|
+    "didn't match the schema for version #{version}" \
+    " The validation errors were:\n#{@errors.join("\n")}"
+  end
+end
-- 
cgit v1.2.3