Merge branch '212923-bower-offline' into 'master'v3.9.1

Add support for bower in offline environment

See merge request gitlab-org/security-products/license-management!150

2 files changed, 82 insertions, 0 deletions

diff --git a/spec/fixtures/js/bower/bower.json b/spec/fixtures/js/bower/bower.json
new file mode 100644
index 0000000..f2760e7
--- /dev/null
+++ b/spec/fixtures/js/bower/bower.json
@@ -0,0 +1,18 @@
+{
+  "name": "example-project",
+  "license": "ISC",
+  "private": true,
+  "ignore": [
+    "**/.*",
+    "node_modules",
+    "bower_components",
+    "test",
+    "tests"
+  ],
+  "dependencies": {
+    "jquery": "^3.5.1",
+    "masonry-layout": "desandro/masonry#^4.2.2",
+    "cli": "git://github.com/npm/cli.git#^6.14.5",
+    "stimulus.umd": "https://unpkg.com/stimulus/dist/stimulus.umd.js"
+  }
+}
diff --git a/spec/integration/js/bower_spec.rb b/spec/integration/js/bower_spec.rb
new file mode 100644
index 0000000..2127c2e
--- /dev/null
+++ b/spec/integration/js/bower_spec.rb
@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+RSpec.describe "bower" do
+  context "when scanning a simple bower project" do
+    subject { runner.scan }
+
+    before do
+      runner.add_file('bower.json', fixture_file_content('js/bower/bower.json'))
+    end
+
+    specify { expect(subject).to match_schema(version: '2.0') }
+    specify { expect(subject.dependency_names).to match_array(['cli', 'ev-emitter', 'example-project', 'fizzy-ui-utils', 'get-size', 'jquery', 'masonry-layout', 'matches-selector', 'outlayer', 'stimulus.umd']) }
+    specify { expect(subject.licenses_for('cli')).to match_array(['Apache-2.0', 'BSD-3-Clause', 'ISC', 'MIT']) }
+    specify { expect(subject.licenses_for('ev-emitter')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('example-project')).to match_array(['ISC']) }
+    specify { expect(subject.licenses_for('fizzy-ui-utils')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('get-size')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('jquery')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('masonry-layout')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('matches-selector')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('outlayer')).to match_array(['MIT']) }
+    specify { expect(subject.licenses_for('stimulus.umd')).to match_array(['unknown']) }
+  end
+
+  context "when scanning a bower project with a dependency from a custom registry" do
+    subject { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('js/custom-npm.crt') }) }
+
+    before do
+      runner.add_file(".npmrc", "registry = https://#{private_npm_host}")
+      runner.add_file(".bowerrc") do
+        JSON.pretty_generate({ resolvers: ['bower-npm-resolver'] })
+      end
+      runner.add_file("bower.json") do
+        JSON.pretty_generate({
+          name: "js-bower",
+          license: "ISC",
+          dependencies: { lodash: "npm:lodash#4.17.10" }
+        })
+      end
+    end
+
+    specify { expect(subject).to match_schema(version: '2.0') }
+    specify { expect(subject.dependency_names).to match_array(%w[js-bower lodash]) }
+    specify { expect(subject.licenses_for('js-bower')).to match_array(['ISC']) }
+    specify { expect(subject.licenses_for('lodash')).to match_array(['MIT']) }
+  end
+
+  [
+    'https://gitlab.com/gitlab-org/ci-training-slides',
+    'https://gitlab.com/gitlab-org/frontend/At.js.git',
+    'https://gitlab.com/gitlab-org/gitter/gitter-marked.git'
+  ].each do |git_repo|
+    context "when scanning #{git_repo}" do
+      subject { runner.scan }
+
+      before do
+        runner.clone(git_repo)
+      end
+
+      specify { expect(subject).to match_schema(version: '2.0') }
+      specify { expect(subject.dependency_names).not_to be_empty }
+    end
+  end
+end