Merge branch '199059-setup-py' into 'master'v3.2.0

Read `PIP_INDEX_URL` to install python packages. See merge request gitlab-org/security-products/license-management!125
author: Can Eldem <celdem@gitlab.com> 2020-03-27 16:47:50 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-03-27 16:47:50 +0000
commit: d0ff10b6ae1075a13827e00dd0120fac9639fde8 (patch)
tree: 74a5154ac105b2df4f27e5d2952b04f6547a078c /spec/integration
parent: 4db9ccdf7a07654e7d546b5a6ab7467cf3818c93 (diff)
parent: f601e9bfb512ef21f727313959ff6349490abf17 (diff)
4 files changed, 39 insertions, 6 deletions
diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb
index 3c63e37..7a510ac 100644
--- a/spec/integration/java/gradle_spec.rb
+++ b/spec/integration/java/gradle_spec.rb
@@ -60,7 +60,7 @@ plugins {
   ].each do |gradle_version|
     %w[8 11].each do |java_version|
       context "when scanning a gradle (v#{gradle_version}) project that uses a kotlin build script" do
-        let(:build_file_content) { fixture_file_content("build.gradle.kts") }
+        let(:build_file_content) { fixture_file_content("java/build.gradle.kts") }
 
         it 'scans a gradle project' do
           runner.add_file('build.gradle.kts', build_file_content)
diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb
index ad4cf5e..176cb6e 100644
--- a/spec/integration/java/maven_spec.rb
+++ b/spec/integration/java/maven_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe "maven" do
 
   describe "When the maven dependencies come from a custom public maven repository" do
     it 'is able to detect some of the licenses' do
-      runner.add_file('pom.xml', fixture_file_content('pom-public-gitlab-repository.xml'))
+      runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml'))
 
       report = runner.scan(env: {
         'CI_PROJECT_ID' => '17523603'
@@ -17,8 +17,8 @@ RSpec.describe "maven" do
     end
 
     it 'downloads packages from by using a custom `settings.xml`' do
-      runner.add_file('pom.xml', fixture_file_content('pom-public-gitlab-repository.xml'))
-      runner.add_file('my_settings.xml', fixture_file_content('custom-maven-settings.xml'))
+      runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml'))
+      runner.add_file('my_settings.xml', fixture_file_content('java/custom-maven-settings.xml'))
 
       report = runner.scan(env: {
         'CI_PROJECT_ID' => 'invalid',
@@ -50,7 +50,7 @@ RSpec.describe "maven" do
 
   describe "When scanning a project with multiple modules" do
     before do
-      runner.mount(dir: fixture_file('maven-multimodule'))
+      runner.mount(dir: fixture_file('java/maven-multimodule'))
     end
 
     it 'detects dependences from each module' do
diff --git a/spec/integration/php/composer_spec.rb b/spec/integration/php/composer_spec.rb
index 2b6d697..1419dd4 100644
--- a/spec/integration/php/composer_spec.rb
+++ b/spec/integration/php/composer_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe "composer" do
   context "when the project's dependencies require php-gd e.g. in the case of Drupal" do
     it 'installs the required dependencies and produces a valid report' do
       # composer.json from https://git.drupalcode.org/project/drupal/raw/8.7.x/core/composer.json
-      runner.add_file('composer.json', fixture_file_content('drupal_composer.json'))
+      runner.add_file('composer.json', fixture_file_content('php/drupal_composer.json'))
 
       report = runner.scan
       expect(report).to match_schema(version: '2.0')
diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb
index 9c565a9..e54aa19 100644
--- a/spec/integration/python/pip_spec.rb
+++ b/spec/integration/python/pip_spec.rb
@@ -65,4 +65,37 @@ RSpec.describe "pip" do
       end
     end
   end
+
+  context "when scanning projects with a `setup.py` but do not have a `requirements.txt` files" do
+    pending 'detects licenses in a simple `setup.py`' do
+      runner.add_file('setup.py', fixture_file_content('python/simple-setup.py'))
+      report = runner.scan
+
+      expect(report).to match_schema(version: '2.0')
+      expect(report[:dependencies]).not_to be_empty
+      expect(find_in(report, 'boto3')[:licenses]).to match_array(['MIT'])
+    end
+
+    pending 'detects licenses in a more complicated `setup.py`' do
+      runner.add_file('setup.py', fixture_file_content('python/complex-setup.py'))
+      report = runner.scan
+
+      expect(report).to match_schema(version: '2.0')
+      expect(report[:dependencies]).not_to be_empty
+      expect(find_in(report, 'peppercorn')[:licenses]).to match_array(['BSD-2-Clause'])
+    end
+  end
+
+  context "when scanning projects that have a custom index-url" do
+    before do
+      runner.add_file('requirements.txt', 'pip==18.1')
+    end
+
+    it 'detects the licenses from the custom index' do
+      report = runner.scan(env: { 'PIP_INDEX_URL' => 'https://test.pypi.org/simple/' })
+
+      expect(report).to match_schema(version: '2.0')
+      expect(find_in(report, 'pip')[:licenses]).to match_array(["MIT"])
+    end
+  end
 end
author	Can Eldem <celdem@gitlab.com>	2020-03-27 16:47:50 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-03-27 16:47:50 +0000
commit	d0ff10b6ae1075a13827e00dd0120fac9639fde8 (patch)
tree	74a5154ac105b2df4f27e5d2952b04f6547a078c /spec/integration
parent	4db9ccdf7a07654e7d546b5a6ab7467cf3818c93 (diff)
parent	f601e9bfb512ef21f727313959ff6349490abf17 (diff)