diff options
| author | Can Eldem <celdem@gitlab.com> | 2020-07-22 08:45:02 +0000 |
|---|---|---|
| committer | Can Eldem <celdem@gitlab.com> | 2020-07-22 08:45:02 +0000 |
| commit | ca675527b53c2a8316c962ee1a17bc1ee1c0c156 (patch) | |
| tree | d350d872ebf69f0b07ecf6497011c345205d11f7 | |
| parent | e1bb260b43763a36536b7d3fa4d73108ffb604d4 (diff) | |
| parent | 0e7c92f64a4f910da3266be167fcf28dccb76689 (diff) | |
Merge branch '224187-add-maven-tests' into 'master'v3.19.1
Update maven/gradle offline tests
See merge request gitlab-org/security-products/license-management!195
36 files changed, 338 insertions, 136 deletions
diff --git a/.gitlab/build.yml b/.gitlab/build.yml index 17005c2..84bd5ac 100644 --- a/.gitlab/build.yml +++ b/.gitlab/build.yml @@ -30,5 +30,5 @@ build-mvn-pkg: image: maven:3.3.9-jdk-8 stage: build script: - - cd spec/fixtures/java/example/ && mvn deploy -s settings.xml + - cd spec/fixtures/java/maven/example/ && mvn deploy -s settings.xml allow_failure: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 38d1587..19f155b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # GitLab License management changelog +## v3.19.1 + +- Choose a version of the `org.codehaus.mojo:license-maven-plugin:aggregate-download-licenses` that is compatible with the version of Maven used by the project. (!195) +- Print error messages to the console when a scan fails. (!195) + ## v3.19.0 - Include the latest LTS of the .NET SDK in the Docker image. (!191) diff --git a/Gemfile.lock b/Gemfile.lock index b3cbb88..12f0d02 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,7 +8,7 @@ GIT PATH remote: . specs: - license-management (3.19.0) + license-management (3.19.1) license_finder (~> 6.6.0) GEM @@ -80,7 +80,7 @@ The following table shows which languages and package managers are supported. | .NET | [.NET Core CLI][dotnet_core], [Nuget][nuget] | | C/C++ | [Conan][conan] | | Go | [Go modules][gomod], [Godep][godep], go get | -| Java | [Gradle][gradle], [Maven][maven] | +| Java | [Gradle][gradle], [Maven v3.2.5+)][maven] | | JavaScript | [npm][npm], [yarn][yarn], [Bower][bower] | | PHP | [composer][composer] | | Python | [pip][pip], [pipenv][pipenv] | diff --git a/lib/license/finder/ext/maven.rb b/lib/license/finder/ext/maven.rb index 1a3dea8..6c95b1d 100644 --- a/lib/license/finder/ext/maven.rb +++ b/lib/license/finder/ext/maven.rb @@ -25,7 +25,7 @@ module LicenseFinder [ package_management_command, "-e", - "org.codehaus.mojo:license-maven-plugin:2.0.0:aggregate-download-licenses", + "org.codehaus.mojo:license-maven-plugin:aggregate-download-licenses", "-Dlicense.excludedScopes=#{@ignored_groups.to_a.join(',')}", "-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug", ENV.fetch('MAVEN_CLI_OPTS', '-DskipTests') diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index 408c760..47639df 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -79,14 +79,13 @@ module License end def record(stdout, stderr, status) - logger.debug(stdout) if present?(stdout) - return unless present?(stderr) + severity = status.success? ? Logger::DEBUG : Logger::ERROR + flush(stdout, severity) + flush(stderr, severity) + end - if status.success? - logger.debug(stderr) - else - logger.error(stderr) - end + def flush(message, severity) + logger.add(severity, message) if present?(message) end def collapsible_section(header) diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index 72c1491..5402857 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.19.0' + VERSION = '3.19.1' end end diff --git a/normalized-licenses.yml b/normalized-licenses.yml index 6e13d65..46c7d26 100644 --- a/normalized-licenses.yml +++ b/normalized-licenses.yml @@ -17,6 +17,7 @@ ids: CC0 1.0 Universal: CC0-1.0 CC01: CC0-1.0 CDDL1: CDDL-1.0 + CDDL 1.1: CDDL-1.1 COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: CDDL-1.0 Common Development and Distribution License 1.1: CDDL-1.1 Common Public License Version 1.0: CPL-1.0 diff --git a/spec/fixtures/expected/js/bower/v2.1.json b/spec/fixtures/expected/js/bower/v2.1.json index 78570ca..ab5fe6d 100644 --- a/spec/fixtures/expected/js/bower/v2.1.json +++ b/spec/fixtures/expected/js/bower/v2.1.json @@ -35,7 +35,7 @@ "dependencies": [ { "name": "cli", - "version": "6.14.6", + "version": "6.14.7", "package_manager": "bower", "path": "bower.json", "licenses": [ diff --git a/spec/fixtures/haproxy.cfg b/spec/fixtures/haproxy.cfg index e15da8a..b0ab370 100644 --- a/spec/fixtures/haproxy.cfg +++ b/spec/fixtures/haproxy.cfg @@ -21,22 +21,40 @@ frontend www-https bind *:443 ssl crt wildcard.test.pem acl goproxy-backend ssl_fc_sni goproxy.test + acl maven-backend ssl_fc_sni maven.test + acl npm-backend ssl_fc_sni npm.test acl nuget-backend ssl_fc_sni nuget.test + acl pypi-backend ssl_fc_sni pypi.test acl rubygems-backend ssl_fc_sni rubygems.test http-request replace-header Host .* api.nuget.org if nuget-backend http-request replace-header Host .* proxy.golang.org if goproxy-backend + http-request replace-header Host .* pypi.org if pypi-backend + http-request replace-header Host .* registry.npmjs.org if npm-backend + http-request replace-header Host .* repo1.maven.org if maven-backend http-request replace-header Host .* rubygems.org if rubygems-backend use_backend goproxy-backend if goproxy-backend + use_backend maven-backend if maven-backend + use_backend npm-backend if npm-backend use_backend nuget-backend if nuget-backend + use_backend pypi-backend if pypi-backend use_backend rubygems-backend if rubygems-backend backend goproxy-backend server www1 proxy.golang.org:443 ssl verify none +backend maven-backend + server www1 repo1.maven.org:443 ssl verify none + +backend npm-backend + server www1 registry.npmjs.org:443 ssl verify none + backend nuget-backend server www1 api.nuget.org:443 ssl verify none +backend pypi-backend + server www1 pypi.org:443 ssl verify none + backend rubygems-backend server www1 rubygems.org:443 ssl verify none diff --git a/spec/fixtures/java/build.gradle.kts b/spec/fixtures/java/gradle/build.gradle.kts index 2ca8866..2ca8866 100644 --- a/spec/fixtures/java/build.gradle.kts +++ b/spec/fixtures/java/gradle/build.gradle.kts diff --git a/spec/fixtures/java/11/build.gradle b/spec/fixtures/java/gradle/java-11/build.gradle index fa128ea..fa128ea 100644 --- a/spec/fixtures/java/11/build.gradle +++ b/spec/fixtures/java/gradle/java-11/build.gradle diff --git a/spec/fixtures/java/8/build.gradle b/spec/fixtures/java/gradle/java-8/build.gradle index b7cffcd..b7cffcd 100644 --- a/spec/fixtures/java/8/build.gradle +++ b/spec/fixtures/java/gradle/java-8/build.gradle diff --git a/spec/fixtures/java/gradle/offline-environment/build.gradle b/spec/fixtures/java/gradle/offline-environment/build.gradle index 6e44ce9..cec239c 100644 --- a/spec/fixtures/java/gradle/offline-environment/build.gradle +++ b/spec/fixtures/java/gradle/offline-environment/build.gradle @@ -6,7 +6,7 @@ apply plugin: "java" ext { mavenHost = System.getenv('PRIVATE_MAVEN_HOST') } repositories { - maven { url "https://$mavenHost/artifactory/mvn/" } + maven { url "https://$mavenHost/maven2/" } } dependencies { diff --git a/spec/fixtures/java/gradle/offline-environment/bundle.crt b/spec/fixtures/java/gradle/offline-environment/bundle.crt deleted file mode 100644 index 398c90f..0000000 --- a/spec/fixtures/java/gradle/offline-environment/bundle.crt +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIJAI21kFz1PLI3MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD -VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg -V2lkZ2l0cyBQdHkgTHRkMUQwQgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13 -ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5hbDAeFw0yMDA0MTcw -NjE4NTFaFw0yMTA0MTcwNjE4NTFaMIGLMQswCQYDVQQGEwJBVTETMBEGA1UECAwK -U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMUQw -QgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13ZXN0MS1iLmMuZ3JvdXAtc2Vj -dXJlLWE4OWZlNy5pbnRlcm5hbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK7lgNeL7Z6pj/vNLDw0QWuv6VKhY6jqd6Rdd03FJ1kG6pG4iUREhaH6UKjF -IYBFQFHtH+WJV78nU3D5WQayAhKxPJMPeLfVmeBxO+3rFtVCylgkytqJEP4fEkwP -lOyiUWVa6pcRkdijE5Y9pi+7buagZMZoCyQITiVOgqMsTwuxUDmuhDZQx8cmyfiq -zV7STaKVYx4h7P7p5cOhXaMPg7mKbCEIjrRfxcA4BZTlFOt+/8uyqQDfTXarl4gp -buv/zSzZtrFbsyc0MmTY40foKkMuTKHwbaVjoRqiqYzGyEhBuSYdaNQMTHWAGl4e -Ts3dIC8ysmEyWyxsUdBYhkHoi0ECAwEAAaNTMFEwHQYDVR0OBBYEFDC4YeQ2AxrR -3aXK63Y4+KWbdq0tMB8GA1UdIwQYMBaAFDC4YeQ2AxrR3aXK63Y4+KWbdq0tMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAF8D6h0e8ogZQrX+YRDc -FMvz2vYv6Oo2cLG5u5YSX1bJeOQHcCmmAvYBA+Pqjomxw9csRmktcy69hxIbvccn -m7jCF3hasOoCivM5ifSmdXSBqmnmaQUErEhF+g9VIl696dR4H+47ewTmDc+2uzvP -FFEfV/gC7QLIhMlpYJUn2/y4SgPjp08zJqulDDZL++srUqFktfiKyehriQXBn1M8 -JsW9G0at1fufKpFIgQWve0QtE1haBF+g6SGXQ/+guZnw5stUJ7ksFheJu4WsEPIx -vtRkKZ60p/Hpq7tmO5UG5fKK1tuyBSj3vxewBBYtgH23h7/c7KxoeDIOnyNRshoA -7Dg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIUe5OYnWvcwt2MgCpVSUgvFa8E3D0wDQYJKoZIhvcNAQEL -BQAwgbAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMSEwHwYDVQQK -DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxRTBDBgNVBAMMPGdpdGxhYi1haXJn -YXAtdGVzdC51cy13ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5h -bDEiMCAGCSqGSIb3DQEJARYTbGNoYXJsZXNAZ2l0bGFiLmNvbTAeFw0yMDAzMDky -MTU1NDhaFw0yMTAzMDkyMTU1NDhaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECAwK -Q2FsaWZvcm5pYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMUUw -QwYDVQQDDDxnaXRsYWItYWlyZ2FwLXRlc3QudXMtd2VzdDEtYi5jLmdyb3VwLXNl -Y3VyZS1hODlmZTcuaW50ZXJuYWwxIjAgBgkqhkiG9w0BCQEWE2xjaGFybGVzQGdp -dGxhYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDypJmnetUl -HhXOLLFS+/sc8NoDMM3R9zN98x71iSK4Jn6a94vFYpg/8DU2mg7e972VvT1NKEHK -1+BGbgDMtbAiBeca+cWpJdswiWL69yNEozWRq69soUq1zcBu+MFnAdtB0SzK2ohd -R9aJqJmy9aVaEYZFRGktpjLObQZ/qVysCUo8Ts9dfSu50+DqEmVnmDkbgqNl4y7W -7x2PNCG+6m40+PGnHTdTpnah9DARqJhj/ORHfbFz/a+zHMlU+SDw06dqKBjwxEW3 -azjRDgmC4bGXj/Qbt7VUJriFCA0W22v4VqMTMhU0PWOw5MJa/cT82avlaA5bBskj -kN6wJ5WwabsDAgMBAAGjUzBRMB0GA1UdDgQWBBQ0siXTvUqJwrslaeYax0K64mLH -KjAfBgNVHSMEGDAWgBQ0siXTvUqJwrslaeYax0K64mLHKjAPBgNVHRMBAf8EBTAD -AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCNI1pKNMiTcx3msHVOmVHhA44ocJbl6Jws -ztpp7aSduKI/Ib4FvONLSV5kJDhQ2Q9dBQWQiSsqoEIfvU3RWuAeU69fl/ojHOTy -JwXiitWT0QZ1rXGIak+tYAHOyHn42nfiHg0H9D67DZ0uDQdQ7Uqwwe+21eqz/vQ9 -3Edj7C5Oag+Uf1zdAR60+zMm4DZJ0guDfQXhRuYF1GTll5avpxZA0QMhGgysekXe -IPcVVawMK/ChUcbktFylIAu9ohWrJHU5KuDrzhEOyG+0hEFGFnzYfpJSADIHvNNS -Gtpf/YEZclLD7wHrkhbeIThnU/Z9q270dm15wEGO9MLACEob6DZo ------END CERTIFICATE----- diff --git a/spec/fixtures/java/maven.crt b/spec/fixtures/java/maven.crt deleted file mode 100644 index fe9fcf7..0000000 --- a/spec/fixtures/java/maven.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIJAI21kFz1PLI3MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD -VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg -V2lkZ2l0cyBQdHkgTHRkMUQwQgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13 -ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5hbDAeFw0yMDA0MTcw -NjE4NTFaFw0yMTA0MTcwNjE4NTFaMIGLMQswCQYDVQQGEwJBVTETMBEGA1UECAwK -U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMUQw -QgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13ZXN0MS1iLmMuZ3JvdXAtc2Vj -dXJlLWE4OWZlNy5pbnRlcm5hbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK7lgNeL7Z6pj/vNLDw0QWuv6VKhY6jqd6Rdd03FJ1kG6pG4iUREhaH6UKjF -IYBFQFHtH+WJV78nU3D5WQayAhKxPJMPeLfVmeBxO+3rFtVCylgkytqJEP4fEkwP -lOyiUWVa6pcRkdijE5Y9pi+7buagZMZoCyQITiVOgqMsTwuxUDmuhDZQx8cmyfiq -zV7STaKVYx4h7P7p5cOhXaMPg7mKbCEIjrRfxcA4BZTlFOt+/8uyqQDfTXarl4gp -buv/zSzZtrFbsyc0MmTY40foKkMuTKHwbaVjoRqiqYzGyEhBuSYdaNQMTHWAGl4e -Ts3dIC8ysmEyWyxsUdBYhkHoi0ECAwEAAaNTMFEwHQYDVR0OBBYEFDC4YeQ2AxrR -3aXK63Y4+KWbdq0tMB8GA1UdIwQYMBaAFDC4YeQ2AxrR3aXK63Y4+KWbdq0tMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAF8D6h0e8ogZQrX+YRDc -FMvz2vYv6Oo2cLG5u5YSX1bJeOQHcCmmAvYBA+Pqjomxw9csRmktcy69hxIbvccn -m7jCF3hasOoCivM5ifSmdXSBqmnmaQUErEhF+g9VIl696dR4H+47ewTmDc+2uzvP -FFEfV/gC7QLIhMlpYJUn2/y4SgPjp08zJqulDDZL++srUqFktfiKyehriQXBn1M8 -JsW9G0at1fufKpFIgQWve0QtE1haBF+g6SGXQ/+guZnw5stUJ7ksFheJu4WsEPIx -vtRkKZ60p/Hpq7tmO5UG5fKK1tuyBSj3vxewBBYtgH23h7/c7KxoeDIOnyNRshoA -7Dg= ------END CERTIFICATE----- diff --git a/spec/fixtures/java/example/pom.xml b/spec/fixtures/java/maven/example/pom.xml index b59f809..b59f809 100644 --- a/spec/fixtures/java/example/pom.xml +++ b/spec/fixtures/java/maven/example/pom.xml diff --git a/spec/fixtures/java/example/settings.xml b/spec/fixtures/java/maven/example/settings.xml index e84b931..e84b931 100644 --- a/spec/fixtures/java/example/settings.xml +++ b/spec/fixtures/java/maven/example/settings.xml diff --git a/spec/fixtures/java/pom-public-gitlab-repository.xml b/spec/fixtures/java/maven/external-gitlab-repo/pom.xml index 11abf7f..07bc1a7 100644 --- a/spec/fixtures/java/pom-public-gitlab-repository.xml +++ b/spec/fixtures/java/maven/external-gitlab-repo/pom.xml @@ -13,9 +13,9 @@ <version>1.0</version> </dependency> <dependency> - <groupId>javax.xml.bind</groupId> - <artifactId>jaxb-api</artifactId> - <version>2.3.0</version> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.0</version> </dependency> </dependencies> </project> diff --git a/spec/fixtures/java/custom-maven-settings.xml b/spec/fixtures/java/maven/external-gitlab-repo/settings.xml index b7dbb1c..b7dbb1c 100644 --- a/spec/fixtures/java/custom-maven-settings.xml +++ b/spec/fixtures/java/maven/external-gitlab-repo/settings.xml diff --git a/spec/fixtures/java/maven/gitlab-repo/pom.xml b/spec/fixtures/java/maven/gitlab-repo/pom.xml new file mode 100644 index 0000000..07bc1a7 --- /dev/null +++ b/spec/fixtures/java/maven/gitlab-repo/pom.xml @@ -0,0 +1,21 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>com.gitlab.secure</groupId> + <artifactId>license-scanning</artifactId> + <packaging>jar</packaging> + <version>1.0-SNAPSHOT</version> + <name>example</name> + <url>http://maven.apache.org</url> + <dependencies> + <dependency> + <groupId>com.gitlab.secure</groupId> + <artifactId>example</artifactId> + <version>1.0</version> + </dependency> + <dependency> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.0</version> + </dependency> + </dependencies> +</project> diff --git a/spec/fixtures/java/maven-multimodule/api/pom.xml b/spec/fixtures/java/maven/multimodule/api/pom.xml index c621c1a..c621c1a 100644 --- a/spec/fixtures/java/maven-multimodule/api/pom.xml +++ b/spec/fixtures/java/maven/multimodule/api/pom.xml diff --git a/spec/fixtures/java/maven-multimodule/model/pom.xml b/spec/fixtures/java/maven/multimodule/model/pom.xml index 91b366b..91b366b 100644 --- a/spec/fixtures/java/maven-multimodule/model/pom.xml +++ b/spec/fixtures/java/maven/multimodule/model/pom.xml diff --git a/spec/fixtures/java/maven-multimodule/pom.xml b/spec/fixtures/java/maven/multimodule/pom.xml index e84ad4a..e84ad4a 100644 --- a/spec/fixtures/java/maven-multimodule/pom.xml +++ b/spec/fixtures/java/maven/multimodule/pom.xml diff --git a/spec/fixtures/java/maven-multimodule/web/pom.xml b/spec/fixtures/java/maven/multimodule/web/pom.xml index 548e9fb..548e9fb 100644 --- a/spec/fixtures/java/maven-multimodule/web/pom.xml +++ b/spec/fixtures/java/maven/multimodule/web/pom.xml diff --git a/spec/fixtures/java/pom-single.xml.erb b/spec/fixtures/java/maven/pom-single.xml.erb index 897b3a6..897b3a6 100644 --- a/spec/fixtures/java/pom-single.xml.erb +++ b/spec/fixtures/java/maven/pom-single.xml.erb diff --git a/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar Binary files differnew file mode 100644 index 0000000..9cc84ea --- /dev/null +++ b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar diff --git a/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb new file mode 100644 index 0000000..5ab4ccc --- /dev/null +++ b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb @@ -0,0 +1 @@ +distributionUrl=<% distribution_url %> diff --git a/spec/fixtures/java/maven/simple/mvnw b/spec/fixtures/java/maven/simple/mvnw new file mode 100755 index 0000000..5d8e6c3 --- /dev/null +++ b/spec/fixtures/java/maven/simple/mvnw @@ -0,0 +1,165 @@ +#!/bin/sh + +if [ -z "$MAVEN_SKIP_RC" ] ; then + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi +fi + +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + export JAVA_HOME="`/usr/libexec/java_home`" + else + export JAVA_HOME="/Library/Java/Home" + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +if [ -z "$M2_HOME" ] ; then + PRG="$0" + + while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG="`dirname "$PRG"`/$link" + fi + done + saveddir=`pwd` + M2_HOME=`dirname "$PRG"`/.. + M2_HOME=`cd "$M2_HOME" && pwd` + cd "$saveddir" +fi + +if $cygwin ; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --unix "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +if $mingw ; then + [ -n "$M2_HOME" ] && + M2_HOME="`(cd "$M2_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD="`which java`" + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi + +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi + +CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher + +find_maven_basedir() { + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi + + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + done + echo "${basedir}" +} + +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} +echo $MAVEN_PROJECTBASEDIR +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" + +if $cygwin; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --path --windows "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +fi + +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +exec "$JAVACMD" \ + $MAVEN_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/spec/fixtures/java/maven/simple/pom.xml b/spec/fixtures/java/maven/simple/pom.xml new file mode 100644 index 0000000..d4becd3 --- /dev/null +++ b/spec/fixtures/java/maven/simple/pom.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>com.gitlab.security_products.tests</groupId> + <artifactId>java-maven-multi-modules</artifactId> + <version>1.0-SNAPSHOT</version> + <packaging>pom</packaging> + <name>simple</name> + <dependencies> + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-all</artifactId> + <version>4.1.0.Final</version> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>3.8.1</version> + <scope>test</scope> + </dependency> + </dependencies> +</project> diff --git a/spec/fixtures/java/maven/simple/settings.xml b/spec/fixtures/java/maven/simple/settings.xml new file mode 100644 index 0000000..ed45b79 --- /dev/null +++ b/spec/fixtures/java/maven/simple/settings.xml @@ -0,0 +1,3 @@ +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> + <localRepository>${env.PWD}/.m2/repository</localRepository> +</settings> diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb index 0e71038..c2137b3 100644 --- a/spec/integration/java/gradle_spec.rb +++ b/spec/integration/java/gradle_spec.rb @@ -49,16 +49,20 @@ plugins { end end - context 'when scanning a project that needs to connect to multiple TLS endpoints with different custom certificate chains', environment: 'offline' do + context 'when scanning a project that needs to connect to multiple TLS endpoints with different custom certificate chains' do subject do runner.scan(env: { - 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('java/gradle/offline-environment/bundle.crt'), + 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read, 'PRIVATE_MAVEN_HOST' => private_maven_host }) end + let(:private_maven_host) { 'maven.test' } + before do - runner.mount(dir: fixture_file('java/gradle/offline-environment/')) + add_host('maven.test', '127.0.0.1') + start_proxy_server + runner.mount(dir: fixture_file('java/gradle/offline-environment')) end specify { expect(subject).to match_schema } @@ -96,22 +100,22 @@ plugins { end context "when scanning a gradle project with a custom option to generate a profiler report" do - let(:report) { runner.scan(env: { 'GRADLE_CLI_OPTS' => '--profile' }) } + subject { runner.scan(env: { 'GRADLE_CLI_OPTS' => '--profile' }) } before do - runner.add_file('build.gradle', fixture_file_content("java/11/build.gradle")) + runner.mount(dir: fixture_file("java/gradle/java-11")) end - specify { expect(report).to match_schema } - specify { expect { report }.to change { Dir.glob("#{runner.project_path}/build/reports/profile/profile-*.html").count }.from(0).to(1) } - specify { expect(report.dependency_names).to match_array(['postgresql']) } - specify { expect(report.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) } + specify { expect(subject).to match_schema } + specify { expect { subject }.to change { Dir.glob("#{runner.project_path}/build/reports/profile/profile-*.html").count }.from(0).to(1) } + specify { expect(subject.dependency_names).to match_array(['postgresql']) } + specify { expect(subject.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) } end context 'when using Java 8 with version 1.* of gradle' do before do + runner.mount(dir: fixture_file("java/gradle/java-8")) runner.add_file('.tool-versions', "gradle 1.9") - runner.add_file('build.gradle', fixture_file_content("java/8/build.gradle")) end it 'returns an empty report because the plugin we use does not work in this version of the gradle API' do @@ -129,7 +133,7 @@ plugins { before do runner.add_file('.tool-versions', "gradle #{gradle_version}") - runner.add_file('build.gradle.kts', fixture_file_content("java/build.gradle.kts")) + runner.add_file('build.gradle.kts', fixture_file_content("java/gradle/build.gradle.kts")) runner.add_file('settings.gradle.kts', 'rootProject.name = "example"') end @@ -149,7 +153,7 @@ plugins { before do runner.add_file('.tool-versions', "gradle #{gradle_version}") - runner.add_file('build.gradle', fixture_file_content("java/#{item[:java]}/build.gradle")) + runner.add_file('build.gradle', fixture_file_content("java/gradle/java-#{item[:java]}/build.gradle")) runner.add_file('settings.gradle', 'rootProject.name = "example"') end diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb index 49ee82c..aa2d1ff 100644 --- a/spec/integration/java/maven_spec.rb +++ b/spec/integration/java/maven_spec.rb @@ -4,32 +4,38 @@ RSpec.describe "maven" do include_examples "each report version", "java", "maven" include_examples "each report version", "java", "maven-multimodules" - describe "When the maven dependencies come from a custom public maven repository" do - it 'is able to detect some of the licenses' do - runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) - - report = runner.scan(env: { - 'CI_PROJECT_ID' => '6130122' - }) + context "when the maven dependencies come from the same projects public maven repository" do + subject { runner.scan(env: { 'CI_PROJECT_ID' => '6130122' }) } - expect(report).to match_schema - expect(report.dependency_names).to match_array(%w[example jaxb-api]) - expect(report.licenses_for('example')).to match_array(['MIT']) - expect(report.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'cddl 1.1']) + before do + runner.mount(dir: fixture_file('java/maven/gitlab-repo')) end - it 'downloads packages from by using a custom `settings.xml`' do - runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) - runner.add_file('my_settings.xml', fixture_file_content('java/custom-maven-settings.xml')) + it 'is able to detect some of the licenses' do + expect(subject).to match_schema + expect(subject.dependency_names).to match_array(%w[example jaxb-api]) + expect(subject.licenses_for('example')).to match_array(['MIT']) + expect(subject.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'CDDL-1.1']) + end + end - report = runner.scan(env: { + context "when packages are sourced from an external package registry" do + subject do + runner.scan(env: { 'CI_PROJECT_ID' => 'invalid', - 'MAVEN_CLI_OPTS' => "--settings my_settings.xml" + 'MAVEN_CLI_OPTS' => "--settings settings.xml" }) + end - expect(report).to match_schema - expect(report[:dependencies]).to match_array([{ name: 'example', url: '', description: '', paths: ['.'], licenses: ['MIT'] }, - { description: '', licenses: ['GPL-2.0-only', 'cddl 1.1'], name: 'jaxb-api', paths: ['.'], url: '' }]) + before do + runner.mount(dir: fixture_file('java/maven/external-gitlab-repo')) + end + + it 'downloads packages from by using a custom `settings.xml`' do + expect(subject).to match_schema + expect(subject.dependency_names).to match_array(%w[example jaxb-api]) + expect(subject.licenses_for('example')).to match_array(['MIT']) + expect(subject.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'CDDL-1.1']) end end @@ -53,7 +59,7 @@ RSpec.describe "maven" do describe "When scanning a project with multiple modules" do before do - runner.mount(dir: fixture_file('java/maven-multimodule')) + runner.mount(dir: fixture_file('java/maven/multimodule')) end it 'detects dependences from each module' do @@ -82,18 +88,21 @@ RSpec.describe "maven" do end end - context "when connecting to a custom package registry with a self signed certificate", environment: 'offline' do - let(:bundle) { fixture_file_content('java/maven.crt') } - let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, 'LOG_LEVEL' => 'debug' }) } + context "when connecting to a custom package registry with a self signed certificate" do + let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read }) } + let(:private_maven_host) { 'maven.test' } before do + add_host('maven.test', '127.0.0.1') + start_proxy_server + runner.add_file('pom.xml') do - fixture_file_content('java/pom-single.xml.erb', { + fixture_file_content('java/maven/pom-single.xml.erb', { group_id: 'com.fasterxml.jackson.core', artifact_id: 'jackson-core', version: '2.10.0', repository_id: 'custom', - repository_url: "https://#{private_maven_host}/artifactory/mvn-cache" + repository_url: "https://#{private_maven_host}/maven2" }) end end @@ -144,4 +153,34 @@ RSpec.describe "maven" do expect(output_file.read).to include('openjdk version "1.8.0_252"') end end + + [ + { java: '8', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] }, + { java: '11', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] } + ].each do |item| + item[:maven].each do |maven_version| + context "when using Java v#{item[:java]} with maven v#{maven_version}" do + let(:report) { runner.scan(env: env) } + let(:env) do + { + 'LM_JAVA_VERSION' => item[:java], + 'MAVEN_CLI_OPTS' => "--settings settings.xml" + } + end + + before do + runner.mount(dir: fixture_file('java/maven/simple')) + runner.add_file('.mvn/wrapper/maven-wrapper.properties') do + "distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/#{maven_version}/apache-maven-#{maven_version}-bin.zip" + end + end + + specify do + expect(report).to match_schema + expect(report.dependency_names).to match_array(['netty-all']) + expect(report.licenses_for('netty-all')).to match_array(['Apache-2.0']) + end + end + end + end end diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb index 244f363..e482d6d 100644 --- a/spec/support/integration_test_helper.rb +++ b/spec/support/integration_test_helper.rb @@ -11,12 +11,6 @@ module IntegrationTestHelper end end - def private_maven_host - @private_maven_host ||= ENV.fetch('PRIVATE_MAVEN_HOST').tap do |host| - add_host(host, ENV.fetch('PRIVATE_MAVEN_IP')) - end - end - def runner(*args) @runner ||= ProjectHelper.new(*args) end diff --git a/spec/support/proxy_helper.rb b/spec/support/proxy_helper.rb index a07ee84..93805c6 100644 --- a/spec/support/proxy_helper.rb +++ b/spec/support/proxy_helper.rb @@ -5,9 +5,11 @@ module ProxyHelper def generate_self_signed_certificate_for(host) Dir.chdir License::Management.root.join('tmp') do - system("rm -f #{host}.*") - system("/usr/bin/openssl req -x509 -newkey rsa:4096 -keyout #{host}.key -out #{host}.crt -days 999 -nodes -subj '/C=/ST=/L=/O=/OU=/CN=*.test' -addext 'subjectAltName=DNS:nuget.test,DNS:rubygems.test,DNS:goproxy.test'") - system("cat #{host}.* > #{host}.pem") + system([ + "rm -f #{host}.*", + "/usr/bin/openssl req -x509 -newkey rsa:4096 -keyout #{host}.key -out #{host}.crt -days 999 -nodes -subj '/C=/ST=/L=/O=/OU=/CN=*.test' -addext 'subjectAltName=DNS:nuget.test,DNS:rubygems.test,DNS:goproxy.test,DNS:maven.test,DNS:pypi.test,DNS:npm.test'", + "cat #{host}.* > #{host}.pem" + ].join("&&")) end end diff --git a/spec/unit/license/management/repository_spec.rb b/spec/unit/license/management/repository_spec.rb index 5fa37e9..a391d09 100644 --- a/spec/unit/license/management/repository_spec.rb +++ b/spec/unit/license/management/repository_spec.rb @@ -35,6 +35,7 @@ RSpec.describe License::Management::Repository do ['Apache License v2.0', 'Apache-2.0'], ['COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0', 'CDDL-1.0'], ['Common Development and Distribution License 1.1', 'CDDL-1.1'], + ['CDDL 1.1', 'CDDL-1.1'], ['Apache Software License - Version 2.0', 'Apache-2.0'], ['ASF 2.0', 'Apache-2.0'], ['Eclipse Public License - v 1.0', 'EPL-1.0'], |