Detect gems.rb and gems.locked

author: mo khan <mo.khan@gmail.com> 2020-07-08 11:55:30 -0600
committer: mo khan <mo.khan@gmail.com> 2020-07-08 14:10:08 -0600
commit: b4a36141a7cbbf52b470739a9b0580cf51863a6c (patch)
tree: f78ebd6d0c684982d6e591c8d1b3351ea375dc48
parent: 6e5916dfa78cb7277de3237164b33a80138e582c (diff)
7 files changed, 89 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bfd2648..322b38b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # GitLab License management changelog
 
+## v3.15.0
+
+- Detect `gems.rb` and `gems.locked` in `Bundler` projects. (!186)
+
 ## v3.14.0
 
 - Export `BUNDLE_SSL_CA_CERT` when a `ADDITIONAL_CA_CERT_BUNDLE` is provided. (!177)
diff --git a/Gemfile.lock b/Gemfile.lock
index ee88458..cc7f42d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    license-management (3.14.0)
+    license-management (3.15.0)
       license_finder (~> 6.6.0)
 
 GEM
diff --git a/lib/license/finder/ext/bundler.rb b/lib/license/finder/ext/bundler.rb
index 08ab3ac..ddf30f5 100644
--- a/lib/license/finder/ext/bundler.rb
+++ b/lib/license/finder/ext/bundler.rb
@@ -32,8 +32,33 @@ module LicenseFinder
       end
     end
 
+    def possible_package_paths
+      if ENV['BUNDLE_GEMFILE'] && File.exist?(ENV['BUNDLE_GEMFILE'])
+        [project_path.join(File.basename(ENV['BUNDLE_GEMFILE']))]
+      else
+        [project_path.join('Gemfile'), project_path.join('gems.rb')]
+      end
+    end
+
     private
 
+    def gemfile
+      if ENV['BUNDLE_GEMFILE']
+        custom_gemfile = project_path.join(File.basename(ENV['BUNDLE_GEMFILE']))
+        return custom_gemfile.basename.to_s if custom_gemfile.exist?
+      end
+
+      if project_path.join("gems.rb").exist?
+        "gems.rb"
+      else
+        "Gemfile"
+      end
+    end
+
+    def lockfile
+      gemfile == 'gems.rb' ? 'gems.locked' : "#{gemfile}.lock"
+    end
+
     def default_env
       @default_env ||= {
         'BUNDLE_ALLOW_OFFLINE_INSTALL' => 'true',
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index de5715a..50e69a0 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.14.0'
+    VERSION = '3.15.0'
   end
 end
diff --git a/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked
new file mode 100644
index 0000000..da671a2
--- /dev/null
+++ b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked
@@ -0,0 +1,40 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    mini_portile2 (2.4.0)
+    net-hippie (0.3.2)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oj (3.10.6)
+    parslet (2.0.0)
+    public_suffix (4.0.5)
+    spandx (0.13.5)
+      addressable (~> 2.7)
+      bundler (>= 1.16, < 3.0.0)
+      net-hippie (~> 0.3)
+      nokogiri (~> 1.10)
+      oj (~> 3.10)
+      parslet (~> 2.0)
+      terminal-table (~> 1.8)
+      thor
+      tty-spinner (~> 0.9)
+      zeitwerk (~> 2.3)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (1.0.1)
+    tty-cursor (0.7.1)
+    tty-spinner (0.9.3)
+      tty-cursor (~> 0.7)
+    unicode-display_width (1.7.0)
+    zeitwerk (2.3.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  spandx
+
+BUNDLED WITH
+   2.1.4
diff --git a/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb
new file mode 100644
index 0000000..f7aca87
--- /dev/null
+++ b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb
@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "spandx"
diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb
index 6961067..30cf776 100644
--- a/spec/integration/ruby/bundler_spec.rb
+++ b/spec/integration/ruby/bundler_spec.rb
@@ -127,4 +127,17 @@ RSpec.describe "bundler" do
       expect(subject.licenses_for('net-hippie')).to match_array(['MIT'])
     end
   end
+
+  context "when scanning a projects with a gems.lock" do
+    before do
+      runner.mount(dir: fixture_file('ruby/bundler-v2.1-gems.lock'))
+    end
+
+    specify do
+      expect(subject).to match_schema
+      expect(subject[:licenses]).not_to be_empty
+      expect(subject.dependency_names).to include('spandx')
+      expect(subject.licenses_for('spandx')).to match_array(['MIT'])
+    end
+  end
 end
author	mo khan <mo.khan@gmail.com>	2020-07-08 11:55:30 -0600
committer	mo khan <mo.khan@gmail.com>	2020-07-08 14:10:08 -0600
commit	b4a36141a7cbbf52b470739a9b0580cf51863a6c (patch)
tree	f78ebd6d0c684982d6e591c8d1b3351ea375dc48
parent	6e5916dfa78cb7277de3237164b33a80138e582c (diff)