Fetch bower dependencies from custom repo with custom cert chain

4 files changed, 36 insertions, 7 deletions

diff --git a/config/.default-npm-packages b/config/.default-npm-packages
index 9991b02..8e16e61 100644
--- a/config/.default-npm-packages
+++ b/config/.default-npm-packages
@@ -1,3 +1,4 @@
 bower
+bower-npm-resolver
 npm-install-peers
 yarn
diff --git a/lib/license/finder/ext/bower.rb b/lib/license/finder/ext/bower.rb
index e53e532..ccfa7ee 100644
--- a/lib/license/finder/ext/bower.rb
+++ b/lib/license/finder/ext/bower.rb
@@ -3,13 +3,11 @@
 module LicenseFinder
   class Bower < PackageManager
     def prepare
-      shell.execute([:bower, :install, '--allow-root'])
+      shell.execute([:bower, :install, '--allow-root'], env: default_env)
     end
 
     def current_packages
-      map_all(bower_output).flatten.compact.reject do |package|
-        package.name == 'bower'
-      end
+      map_all(bower_output).flatten.compact
     end
 
     def possible_package_paths
@@ -46,5 +44,11 @@ module LicenseFinder
         install_path: bower_module['canonicalDir']
       )
     end
+
+    def default_env
+      return {} unless shell.custom_certificate_installed?
+
+      { 'NPM_CONFIG_CAFILE' => ENV.fetch('NPM_CONFIG_CAFILE', shell.custom_certificate_path.to_s) }
+    end
   end
 end
diff --git a/spec/fixtures/js/bower/bower.json b/spec/fixtures/js/bower/bower.json
index 4cfbefc..f2760e7 100644
--- a/spec/fixtures/js/bower/bower.json
+++ b/spec/fixtures/js/bower/bower.json
@@ -1,6 +1,6 @@
 {
-  "name": "bower",
-  "license": "MIT",
+  "name": "example-project",
+  "license": "ISC",
   "private": true,
   "ignore": [
     "**/.*",
diff --git a/spec/integration/js/bower_spec.rb b/spec/integration/js/bower_spec.rb
index 1f97645..25a45cb 100644
--- a/spec/integration/js/bower_spec.rb
+++ b/spec/integration/js/bower_spec.rb
@@ -9,9 +9,10 @@ RSpec.describe "bower" do
     end
 
     specify { expect(subject).to match_schema(version: '2.0') }
-    specify { expect(subject.dependency_names).to match_array(['cli', 'ev-emitter', 'fizzy-ui-utils', 'get-size', 'jquery', 'masonry-layout', 'matches-selector', 'outlayer', 'stimulus.umd']) }
+    specify { expect(subject.dependency_names).to match_array(['cli', 'ev-emitter', 'example-project', 'fizzy-ui-utils', 'get-size', 'jquery', 'masonry-layout', 'matches-selector', 'outlayer', 'stimulus.umd']) }
     specify { expect(subject.licenses_for('cli')).to match_array(['Apache-2.0', 'BSD-3-Clause', 'ISC', 'MIT']) }
     specify { expect(subject.licenses_for('ev-emitter')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('example-project')).to match_array(['ISC']) }
     specify { expect(subject.licenses_for('fizzy-ui-utils')).to match_array(['MIT']) }
     specify { expect(subject.licenses_for('get-size')).to match_array(['MIT']) }
     specify { expect(subject.licenses_for('jquery')).to match_array(['MIT']) }
@@ -20,4 +21,27 @@ RSpec.describe "bower" do
     specify { expect(subject.licenses_for('outlayer')).to match_array(['MIT']) }
     specify { expect(subject.licenses_for('stimulus.umd')).to match_array(['unknown']) }
   end
+
+  context "when scanning a bower project with a dependency from a custom registry" do
+    subject { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('js/custom-npm.crt') }) }
+
+    before do
+      runner.add_file(".npmrc", "registry = https://#{private_npm_host}")
+      runner.add_file(".bowerrc") do
+        JSON.pretty_generate({ resolvers: ['bower-npm-resolver'] })
+      end
+      runner.add_file("bower.json") do
+        JSON.pretty_generate({
+          name: "js-bower",
+          license: "ISC",
+          dependencies: { lodash: "npm:lodash#4.17.10" }
+        })
+      end
+    end
+
+    specify { expect(subject).to match_schema(version: '2.0') }
+    specify { expect(subject.dependency_names).to match_array(%w[js-bower lodash]) }
+    specify { expect(subject.licenses_for('js-bower')).to match_array(['ISC']) }
+    specify { expect(subject.licenses_for('lodash')).to match_array(['MIT']) }
+  end
 end