Merge branch '211688-gradle' into 'master'v3.7.2

Use GRADLE_CLI_OPTS during `gradle downloadLicenses` task.

See merge request gitlab-org/security-products/license-management!121

8 files changed, 82 insertions, 15 deletions

diff --git a/lib/license/finder/ext.rb b/lib/license/finder/ext.rb
index 24afd37..70620be 100644
--- a/lib/license/finder/ext.rb
+++ b/lib/license/finder/ext.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 require 'license/finder/ext/go_modules'
+require 'license/finder/ext/gradle'
 require 'license/finder/ext/license'
 require 'license/finder/ext/maven'
 require 'license/finder/ext/nuget'
+require 'license/finder/ext/package_manager'
 require 'license/finder/ext/pip'
 require 'license/finder/ext/pipenv'
 require 'license/finder/ext/shared_helpers'
diff --git a/lib/license/finder/ext/gradle.rb b/lib/license/finder/ext/gradle.rb
new file mode 100644
index 0000000..2c3ce01
--- /dev/null
+++ b/lib/license/finder/ext/gradle.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Gradle
+    def current_packages
+      return [] unless download_licenses
+
+      Pathname
+        .glob(project_path.join('**', 'dependency-license.xml'))
+        .map(&:read)
+        .flat_map { |xml_file| parse_from(xml_file) }.uniq
+    end
+
+    def package_management_command
+      wrapper? ? './gradlew' : 'gradle'
+    end
+
+    private
+
+    def download_licenses
+      _stdout, _stderr, status = Dir.chdir(project_path) do
+        shell.execute([
+          @command,
+          ENV.fetch('GRADLE_CLI_OPTS', '--exclude-task=test'),
+          'downloadLicenses'
+        ], env: { 'TERM' => 'noop' })
+      end
+
+      status.success?
+    end
+
+    def wrapper?
+      File.exist?(File.join(project_path, 'gradlew'))
+    end
+
+    def xml_parsing_options
+      @xml_parsing_options ||= { 'GroupTags' => { 'dependencies' => 'dependency' } }
+    end
+
+    def parse_from(xml_file)
+      XmlSimple
+        .xml_in(xml_file, xml_parsing_options)
+        .fetch('dependency', []).map { |hash| map_from(hash) }
+    end
+
+    def map_from(hash)
+      GradlePackage.new(hash, include_groups: @include_groups)
+    end
+  end
+end
diff --git a/lib/license/finder/ext/package_manager.rb b/lib/license/finder/ext/package_manager.rb
new file mode 100644
index 0000000..ff5466e
--- /dev/null
+++ b/lib/license/finder/ext/package_manager.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class PackageManager
+    def current_packages_with_relations
+      current_packages
+    rescue StandardError => e
+      ::License::Management.logger.error(e)
+      raise e unless @prepare_no_fail
+
+      []
+    end
+  end
+end
diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb
index 084816c..51e2039 100644
--- a/lib/license/finder/ext/pip.rb
+++ b/lib/license/finder/ext/pip.rb
@@ -55,19 +55,11 @@ module LicenseFinder
       Dir.chdir(project_path) { yield }
     end
 
-    def pypi
-      @pypi ||= Spandx::Python::PyPI.new(sources: [
-        Spandx::Python::Source.new({
-          'name' => 'pypi',
-          'url' => python.pip_index_url,
-          'verify_ssl' => true
-        })
-      ])
-    end
-
     def legacy_results
+      sources = [Spandx::Python::Source.new({ 'name' => 'pypi', 'url' => python.pip_index_url, 'verify_ssl' => true })]
+      pypi = Spandx::Python::PyPI.new
       pip_output.map do |name, version, _children, _location|
-        spec = pypi.definition_for(name, version)
+        spec = pypi.definition_for(name, version, sources: sources)
         Package.new(
           name,
           version,
diff --git a/lib/license/finder/ext/pipenv.rb b/lib/license/finder/ext/pipenv.rb
index 056b81d..ebe8cad 100644
--- a/lib/license/finder/ext/pipenv.rb
+++ b/lib/license/finder/ext/pipenv.rb
@@ -38,11 +38,15 @@ module LicenseFinder
     end
 
     def build_package_for(name, version)
-      PipPackage.new(name, version, pypi.definition_for(name, version))
+      PipPackage.new(name, version, pypi.definition_for(name, version, sources: sources))
+    end
+
+    def sources
+      @sources ||= ::Spandx::Python::Source.sources_from(lockfile_hash)
     end
 
     def pypi
-      @pypi ||= ::Spandx::Python::PyPI.new(sources: ::Spandx::Python::Source.sources_from(lockfile_hash))
+      @pypi ||= ::Spandx::Python::Pypi.new
     end
 
     def lockfile_hash
diff --git a/lib/license/management.rb b/lib/license/management.rb
index e156d42..4be002d 100644
--- a/lib/license/management.rb
+++ b/lib/license/management.rb
@@ -24,7 +24,11 @@ module License
     end
 
     def self.logger
-      @logger ||= Logger.new(STDOUT, level: ENV.fetch('LOG_LEVEL', Logger::WARN))
+      @logger ||= Logger.new(STDOUT, level: ENV.fetch('LOG_LEVEL', Logger::WARN)).tap do |x|
+        x.formatter = proc do |severity, _datetime, _progname, message|
+          "#{severity} -- : #{message}\n"
+        end
+      end
     end
 
     def self.shell
diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb
index 8850e60..6720460 100644
--- a/lib/license/management/shell.rb
+++ b/lib/license/management/shell.rb
@@ -40,6 +40,7 @@ module License
         return unless present?(certificate)
 
         custom_certificate_path.write(certificate)
+        execute("openssl x509 -in #{custom_certificate_path} -text -noout")
         execute('update-ca-certificates -v')
       end
 
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index fe617f9..46ec201 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.7.1'
+    VERSION = '3.7.2'
   end
 end