Merge branch '199059-setup-py' into 'master'v3.2.0

Read `PIP_INDEX_URL` to install python packages.

See merge request gitlab-org/security-products/license-management!125

1 files changed, 33 insertions, 0 deletions

diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb
index 9c565a9..e54aa19 100644
--- a/spec/integration/python/pip_spec.rb
+++ b/spec/integration/python/pip_spec.rb
@@ -65,4 +65,37 @@ RSpec.describe "pip" do
       end
     end
   end
+
+  context "when scanning projects with a `setup.py` but do not have a `requirements.txt` files" do
+    pending 'detects licenses in a simple `setup.py`' do
+      runner.add_file('setup.py', fixture_file_content('python/simple-setup.py'))
+      report = runner.scan
+
+      expect(report).to match_schema(version: '2.0')
+      expect(report[:dependencies]).not_to be_empty
+      expect(find_in(report, 'boto3')[:licenses]).to match_array(['MIT'])
+    end
+
+    pending 'detects licenses in a more complicated `setup.py`' do
+      runner.add_file('setup.py', fixture_file_content('python/complex-setup.py'))
+      report = runner.scan
+
+      expect(report).to match_schema(version: '2.0')
+      expect(report[:dependencies]).not_to be_empty
+      expect(find_in(report, 'peppercorn')[:licenses]).to match_array(['BSD-2-Clause'])
+    end
+  end
+
+  context "when scanning projects that have a custom index-url" do
+    before do
+      runner.add_file('requirements.txt', 'pip==18.1')
+    end
+
+    it 'detects the licenses from the custom index' do
+      report = runner.scan(env: { 'PIP_INDEX_URL' => 'https://test.pypi.org/simple/' })
+
+      expect(report).to match_schema(version: '2.0')
+      expect(find_in(report, 'pip')[:licenses]).to match_array(["MIT"])
+    end
+  end
 end