diff options
| author | mo khan <mo.khan@gmail.com> | 2020-04-20 13:17:05 +0000 |
|---|---|---|
| committer | mo khan <mo.khan@gmail.com> | 2020-04-20 13:17:05 +0000 |
| commit | 0d268993b9416e7c9756cfc2298dba35ef913ed5 (patch) | |
| tree | 3ac8be01834cd7f4d5e38c4065c9d60ee8c34318 /lib/license/finder | |
| parent | 222af4bf77171fb4b9fb33e6e42dcd32dbf19d54 (diff) | |
| parent | 0d2701caaa74eeaa62c18b4f9fee157c56208c2b (diff) | |
Merge branch '211688-gradle' into 'master'v3.7.2
Use GRADLE_CLI_OPTS during `gradle downloadLicenses` task.
See merge request gitlab-org/security-products/license-management!121
Diffstat (limited to 'lib/license/finder')
| -rw-r--r-- | lib/license/finder/ext.rb | 2 | ||||
| -rw-r--r-- | lib/license/finder/ext/gradle.rb | 50 | ||||
| -rw-r--r-- | lib/license/finder/ext/package_manager.rb | 14 | ||||
| -rw-r--r-- | lib/license/finder/ext/pip.rb | 14 | ||||
| -rw-r--r-- | lib/license/finder/ext/pipenv.rb | 8 |
5 files changed, 75 insertions, 13 deletions
diff --git a/lib/license/finder/ext.rb b/lib/license/finder/ext.rb index 24afd37..70620be 100644 --- a/lib/license/finder/ext.rb +++ b/lib/license/finder/ext.rb @@ -1,9 +1,11 @@ # frozen_string_literal: true require 'license/finder/ext/go_modules' +require 'license/finder/ext/gradle' require 'license/finder/ext/license' require 'license/finder/ext/maven' require 'license/finder/ext/nuget' +require 'license/finder/ext/package_manager' require 'license/finder/ext/pip' require 'license/finder/ext/pipenv' require 'license/finder/ext/shared_helpers' diff --git a/lib/license/finder/ext/gradle.rb b/lib/license/finder/ext/gradle.rb new file mode 100644 index 0000000..2c3ce01 --- /dev/null +++ b/lib/license/finder/ext/gradle.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +module LicenseFinder + class Gradle + def current_packages + return [] unless download_licenses + + Pathname + .glob(project_path.join('**', 'dependency-license.xml')) + .map(&:read) + .flat_map { |xml_file| parse_from(xml_file) }.uniq + end + + def package_management_command + wrapper? ? './gradlew' : 'gradle' + end + + private + + def download_licenses + _stdout, _stderr, status = Dir.chdir(project_path) do + shell.execute([ + @command, + ENV.fetch('GRADLE_CLI_OPTS', '--exclude-task=test'), + 'downloadLicenses' + ], env: { 'TERM' => 'noop' }) + end + + status.success? + end + + def wrapper? + File.exist?(File.join(project_path, 'gradlew')) + end + + def xml_parsing_options + @xml_parsing_options ||= { 'GroupTags' => { 'dependencies' => 'dependency' } } + end + + def parse_from(xml_file) + XmlSimple + .xml_in(xml_file, xml_parsing_options) + .fetch('dependency', []).map { |hash| map_from(hash) } + end + + def map_from(hash) + GradlePackage.new(hash, include_groups: @include_groups) + end + end +end diff --git a/lib/license/finder/ext/package_manager.rb b/lib/license/finder/ext/package_manager.rb new file mode 100644 index 0000000..ff5466e --- /dev/null +++ b/lib/license/finder/ext/package_manager.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +module LicenseFinder + class PackageManager + def current_packages_with_relations + current_packages + rescue StandardError => e + ::License::Management.logger.error(e) + raise e unless @prepare_no_fail + + [] + end + end +end diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb index 084816c..51e2039 100644 --- a/lib/license/finder/ext/pip.rb +++ b/lib/license/finder/ext/pip.rb @@ -55,19 +55,11 @@ module LicenseFinder Dir.chdir(project_path) { yield } end - def pypi - @pypi ||= Spandx::Python::PyPI.new(sources: [ - Spandx::Python::Source.new({ - 'name' => 'pypi', - 'url' => python.pip_index_url, - 'verify_ssl' => true - }) - ]) - end - def legacy_results + sources = [Spandx::Python::Source.new({ 'name' => 'pypi', 'url' => python.pip_index_url, 'verify_ssl' => true })] + pypi = Spandx::Python::PyPI.new pip_output.map do |name, version, _children, _location| - spec = pypi.definition_for(name, version) + spec = pypi.definition_for(name, version, sources: sources) Package.new( name, version, diff --git a/lib/license/finder/ext/pipenv.rb b/lib/license/finder/ext/pipenv.rb index 056b81d..ebe8cad 100644 --- a/lib/license/finder/ext/pipenv.rb +++ b/lib/license/finder/ext/pipenv.rb @@ -38,11 +38,15 @@ module LicenseFinder end def build_package_for(name, version) - PipPackage.new(name, version, pypi.definition_for(name, version)) + PipPackage.new(name, version, pypi.definition_for(name, version, sources: sources)) + end + + def sources + @sources ||= ::Spandx::Python::Source.sources_from(lockfile_hash) end def pypi - @pypi ||= ::Spandx::Python::PyPI.new(sources: ::Spandx::Python::Source.sources_from(lockfile_hash)) + @pypi ||= ::Spandx::Python::Pypi.new end def lockfile_hash |