Merge branch '217905-net-integration-test' into 'master'v3.18.0

Resolve nuget dependencies from a custom registry. See merge request gitlab-org/security-products/license-management!189
author: Can Eldem <celdem@gitlab.com> 2020-07-15 09:24:27 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-07-15 09:24:27 +0000
commit: f04805cf7b490b9ef9492e4ddc115ab7c2845ab6 (patch)
tree: 290e40b1b3f3c24579ed780e83ce55293e4b1de7 /lib
parent: d8b18764499ed0378d5f5caf0d68460c39510cfe (diff)
parent: 4b9540b7724f89b2c3d2850193721abd415421f6 (diff)
6 files changed, 118 insertions, 11 deletions
diff --git a/lib/license/finder/ext/dotnet.rb b/lib/license/finder/ext/dotnet.rb
index 1b98881..c5ff485 100644
--- a/lib/license/finder/ext/dotnet.rb
+++ b/lib/license/finder/ext/dotnet.rb
@@ -2,10 +2,65 @@
 
 module LicenseFinder
   class Dotnet
+    def possible_package_paths
+      project_path.glob('*.sln') +
+        project_path.glob('*.csproj') +
+        project_path.glob('*.vbproj') +
+        project_path.glob('*.fsproj')
+    end
+
     def prepare
       shell.execute(['apt-get', :update, '-q'])
       shell.execute(['apt-get', :install, '-y', '--no-install-recommends', 'dotnet-sdk-3.1'])
-      shell.execute([:dotnet, :restore])
+      shell.execute([:mkdir, '-p', vendor_path.to_s]) unless vendor_path.exist?
+      shell.execute([
+        :dotnet,
+        :restore, detected_package_path.to_s,
+        '--no-cache',
+        '--packages', vendor_path.to_s,
+        '--locked-mode',
+        '--verbosity', :detailed
+      ])
+    end
+
+    def current_packages
+      asset_files.flat_map do |file|
+        json = JSON.parse(IO.read(file))
+        json.fetch('libraries', []).map do |slug, data|
+          name, version = slug.split('/')
+          map_from(name, version, data)
+        end
+      end
+    end
+
+    private
+
+    def vendor_path
+      @vendor_path ||= Pathname.pwd.join('.gitlab', 'cache', 'vendor')
+    end
+
+    def map_from(name, version, data)
+      Dependency.new(
+        'NuGet',
+        name,
+        version,
+        spec_licenses: licenses_from(data['path'], data.fetch('files', [])),
+        detection_path: detected_package_path,
+        install_path: vendor_path.join(data['path'])
+      )
+    end
+
+    def nuspec_path_from(path, files)
+      install_path = vendor_path.join(path)
+      nuspec_filename = files.find { |x| x.end_with?('.nuspec') }
+      return install_path.join(nuspec_filename) if nuspec_filename
+    end
+
+    def licenses_from(path, files)
+      nuspec = nuspec_path_from(path, files)
+      return [] if nuspec.nil? || !nuspec.exist?
+
+      ::License::Management::Nuspec.new(nuspec.read).licenses
     end
   end
 end
diff --git a/lib/license/finder/ext/nuget.rb b/lib/license/finder/ext/nuget.rb
index 1aa3b1b..6fb2553 100644
--- a/lib/license/finder/ext/nuget.rb
+++ b/lib/license/finder/ext/nuget.rb
@@ -2,22 +2,51 @@
 
 module LicenseFinder
   class Nuget
-    def prepare_command
+    def prepare
       shell.execute(['apt-get', :update, '-q'])
       shell.execute(['apt-get', :install, '-y', '--no-install-recommends', 'mono-complete'])
-      "mono /usr/local/bin/nuget.exe restore -Verbosity detailed"
+      shell.execute([:mkdir, '-p', vendor_path.to_s]) unless vendor_path.exist?
+
+      Dir.chdir(project_path) do
+        shell.execute([
+          :mono, '/usr/local/bin/nuget.exe',
+          :restore, detected_package_path,
+          '-Verbosity detailed',
+          '-PackagesDirectory', vendor_path,
+          '-NoCache',
+          '-LockedMode'
+        ])
+      end
     end
 
-    def license_urls(dependency)
-      filename = "#{dependency.name}.#{dependency.version}.nupkg"
-      files = Dir["**/#{filename}"] +
-        Dir.glob(File.join(Dir.home, '.nuget', 'packages', '**', '**', filename.downcase))
+    def current_packages
+      dependencies.map do |dependency|
+        nupkg = vendor_path.glob("**/#{dependency.name}*.nupkg")[0]
+        ::LicenseFinder::Dependency.new(
+          'NuGet',
+          dependency.name,
+          dependency.version,
+          spec_licenses: license_urls(dependency, nupkg),
+          detection_path: detected_package_path,
+          install_path: nupkg&.parent
+        )
+      end
+    end
 
-      return if files.empty?
+    def license_urls(dependency, nupkg)
+      return if nupkg.nil? || !nupkg.exist?
 
-      Zip::File.open(files.first) do |zipfile|
-        Nuget.nuspec_license_urls(zipfile.read(dependency.name + '.nuspec'))
+      Zip::File.open(nupkg.to_s) do |zipfile|
+        content = zipfile.read("#{dependency.name}.nuspec")
+        ::License::Management::Nuspec.new(content).licenses
       end
+    rescue StandardError => e
+      ::License::Management.logger.error(e)
+      []
+    end
+
+    def vendor_path
+      @vendor_path ||= Pathname.pwd.join('.gitlab', 'cache', 'vendor')
     end
   end
 end
diff --git a/lib/license/management.rb b/lib/license/management.rb
index 8ba2992..58310f7 100644
--- a/lib/license/management.rb
+++ b/lib/license/management.rb
@@ -8,6 +8,7 @@ require 'yaml'
 require 'license_finder'
 require 'license/management/loggable'
 require 'license/management/verifiable'
+require 'license/management/nuspec'
 require 'license/management/python'
 require 'license/management/repository'
 require 'license/management/report'
diff --git a/lib/license/management/nuspec.rb b/lib/license/management/nuspec.rb
new file mode 100644
index 0000000..cd785b4
--- /dev/null
+++ b/lib/license/management/nuspec.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module License
+  module Management
+    class Nuspec
+      attr_reader :xml
+
+      def initialize(xml)
+        @xml = REXML::Document.new(xml)
+      end
+
+      def licenses
+        licenses = REXML::XPath.match(xml, "//package/metadata/license[@type='expression']").map(&:get_text).map(&:to_s)
+        return licenses if licenses.any?
+
+        REXML::XPath.match(xml, '//package/metadata/licenseUrl').map(&:get_text).map(&:to_s)
+      end
+    end
+  end
+end
diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb
index 2bdd95a..408c760 100644
--- a/lib/license/management/shell.rb
+++ b/lib/license/management/shell.rb
@@ -49,6 +49,8 @@ module License
             execute(keytool_list_command)
           end
         end
+        execute([:cp, custom_certificate_path.to_s, "/usr/lib/ssl/certs/"])
+        execute([:c_rehash, '-v'])
       end
 
       def keytool_import_command(file_path)
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 76b9238..cd8bbd5 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.17.2'
+    VERSION = '3.18.0'
   end
 end
author	Can Eldem <celdem@gitlab.com>	2020-07-15 09:24:27 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-07-15 09:24:27 +0000
commit	f04805cf7b490b9ef9492e4ddc115ab7c2845ab6 (patch)
tree	290e40b1b3f3c24579ed780e83ce55293e4b1de7 /lib
parent	d8b18764499ed0378d5f5caf0d68460c39510cfe (diff)
parent	4b9540b7724f89b2c3d2850193721abd415421f6 (diff)