From b3faccb3e3007ddfd41ef251ad8a925542fe2500 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 20 Jul 2020 15:55:59 -0600 Subject: Update maven/gradle offline tests * Let maven figure out the version of the license plugin that it is compatible with * Print the error when the setup fails * Add tests for multiple versions of maven and java * Install packages into a project specific directory to prevent cross test pollution * Specify the list of supported Maven versions * Update CHANGELOG and bump the version --- .gitlab/build.yml | 2 +- CHANGELOG.md | 5 + Gemfile.lock | 2 +- README.md | 2 +- lib/license/finder/ext/maven.rb | 2 +- lib/license/management/shell.rb | 13 +- lib/license/management/version.rb | 2 +- normalized-licenses.yml | 1 + spec/fixtures/expected/js/bower/v2.1.json | 2 +- spec/fixtures/haproxy.cfg | 18 +++ spec/fixtures/java/11/build.gradle | 13 -- spec/fixtures/java/8/build.gradle | 9 -- spec/fixtures/java/build.gradle.kts | 13 -- spec/fixtures/java/custom-maven-settings.xml | 16 -- spec/fixtures/java/example/pom.xml | 39 ----- spec/fixtures/java/example/settings.xml | 15 -- spec/fixtures/java/gradle/build.gradle.kts | 13 ++ spec/fixtures/java/gradle/java-11/build.gradle | 13 ++ spec/fixtures/java/gradle/java-8/build.gradle | 9 ++ .../java/gradle/offline-environment/build.gradle | 2 +- .../java/gradle/offline-environment/bundle.crt | 49 ------ spec/fixtures/java/maven-multimodule/api/pom.xml | 26 ---- spec/fixtures/java/maven-multimodule/model/pom.xml | 27 ---- spec/fixtures/java/maven-multimodule/pom.xml | 27 ---- spec/fixtures/java/maven-multimodule/web/pom.xml | 27 ---- spec/fixtures/java/maven.crt | 24 --- spec/fixtures/java/maven/example/pom.xml | 39 +++++ spec/fixtures/java/maven/example/settings.xml | 15 ++ .../java/maven/external-gitlab-repo/pom.xml | 21 +++ .../java/maven/external-gitlab-repo/settings.xml | 16 ++ spec/fixtures/java/maven/gitlab-repo/pom.xml | 21 +++ spec/fixtures/java/maven/multimodule/api/pom.xml | 26 ++++ spec/fixtures/java/maven/multimodule/model/pom.xml | 27 ++++ spec/fixtures/java/maven/multimodule/pom.xml | 27 ++++ spec/fixtures/java/maven/multimodule/web/pom.xml | 27 ++++ .../my-spring-app2/.mvn/wrapper/maven-wrapper.jar | Bin 0 -> 47610 bytes .../.mvn/wrapper/maven-wrapper.properties | 1 + spec/fixtures/java/maven/my-spring-app2/mvnw | 165 +++++++++++++++++++++ spec/fixtures/java/maven/my-spring-app2/pom.xml | 90 +++++++++++ .../java/com/example/demo/DemoApplication.java | 18 +++ .../src/main/resources/application.properties | 0 .../com/example/demo/DemoApplicationTests.java | 26 ++++ spec/fixtures/java/maven/pom-single.xml.erb | 27 ++++ .../maven/simple/.mvn/wrapper/maven-wrapper.jar | Bin 0 -> 47610 bytes .../.mvn/wrapper/maven-wrapper.properties.erb | 1 + spec/fixtures/java/maven/simple/mvnw | 165 +++++++++++++++++++++ spec/fixtures/java/maven/simple/pom.xml | 22 +++ spec/fixtures/java/maven/simple/settings.xml | 3 + .../fixtures/java/pom-public-gitlab-repository.xml | 21 --- spec/fixtures/java/pom-single.xml.erb | 27 ---- spec/integration/java/gradle_spec.rb | 28 ++-- spec/integration/java/maven_spec.rb | 100 +++++++++---- spec/support/integration_test_helper.rb | 6 - spec/support/proxy_helper.rb | 8 +- spec/unit/license/management/repository_spec.rb | 1 + 55 files changed, 906 insertions(+), 393 deletions(-) delete mode 100644 spec/fixtures/java/11/build.gradle delete mode 100644 spec/fixtures/java/8/build.gradle delete mode 100644 spec/fixtures/java/build.gradle.kts delete mode 100644 spec/fixtures/java/custom-maven-settings.xml delete mode 100644 spec/fixtures/java/example/pom.xml delete mode 100644 spec/fixtures/java/example/settings.xml create mode 100644 spec/fixtures/java/gradle/build.gradle.kts create mode 100644 spec/fixtures/java/gradle/java-11/build.gradle create mode 100644 spec/fixtures/java/gradle/java-8/build.gradle delete mode 100644 spec/fixtures/java/gradle/offline-environment/bundle.crt delete mode 100644 spec/fixtures/java/maven-multimodule/api/pom.xml delete mode 100644 spec/fixtures/java/maven-multimodule/model/pom.xml delete mode 100644 spec/fixtures/java/maven-multimodule/pom.xml delete mode 100644 spec/fixtures/java/maven-multimodule/web/pom.xml delete mode 100644 spec/fixtures/java/maven.crt create mode 100644 spec/fixtures/java/maven/example/pom.xml create mode 100644 spec/fixtures/java/maven/example/settings.xml create mode 100644 spec/fixtures/java/maven/external-gitlab-repo/pom.xml create mode 100644 spec/fixtures/java/maven/external-gitlab-repo/settings.xml create mode 100644 spec/fixtures/java/maven/gitlab-repo/pom.xml create mode 100644 spec/fixtures/java/maven/multimodule/api/pom.xml create mode 100644 spec/fixtures/java/maven/multimodule/model/pom.xml create mode 100644 spec/fixtures/java/maven/multimodule/pom.xml create mode 100644 spec/fixtures/java/maven/multimodule/web/pom.xml create mode 100644 spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.jar create mode 100644 spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.properties create mode 100755 spec/fixtures/java/maven/my-spring-app2/mvnw create mode 100644 spec/fixtures/java/maven/my-spring-app2/pom.xml create mode 100644 spec/fixtures/java/maven/my-spring-app2/src/main/java/com/example/demo/DemoApplication.java create mode 100644 spec/fixtures/java/maven/my-spring-app2/src/main/resources/application.properties create mode 100644 spec/fixtures/java/maven/my-spring-app2/src/test/java/com/example/demo/DemoApplicationTests.java create mode 100644 spec/fixtures/java/maven/pom-single.xml.erb create mode 100644 spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar create mode 100644 spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb create mode 100755 spec/fixtures/java/maven/simple/mvnw create mode 100644 spec/fixtures/java/maven/simple/pom.xml create mode 100644 spec/fixtures/java/maven/simple/settings.xml delete mode 100644 spec/fixtures/java/pom-public-gitlab-repository.xml delete mode 100644 spec/fixtures/java/pom-single.xml.erb diff --git a/.gitlab/build.yml b/.gitlab/build.yml index 17005c2..84bd5ac 100644 --- a/.gitlab/build.yml +++ b/.gitlab/build.yml @@ -30,5 +30,5 @@ build-mvn-pkg: image: maven:3.3.9-jdk-8 stage: build script: - - cd spec/fixtures/java/example/ && mvn deploy -s settings.xml + - cd spec/fixtures/java/maven/example/ && mvn deploy -s settings.xml allow_failure: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 38d1587..19f155b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # GitLab License management changelog +## v3.19.1 + +- Choose a version of the `org.codehaus.mojo:license-maven-plugin:aggregate-download-licenses` that is compatible with the version of Maven used by the project. (!195) +- Print error messages to the console when a scan fails. (!195) + ## v3.19.0 - Include the latest LTS of the .NET SDK in the Docker image. (!191) diff --git a/Gemfile.lock b/Gemfile.lock index b3cbb88..12f0d02 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,7 +8,7 @@ GIT PATH remote: . specs: - license-management (3.19.0) + license-management (3.19.1) license_finder (~> 6.6.0) GEM diff --git a/README.md b/README.md index b3a1789..bc652d2 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ The following table shows which languages and package managers are supported. | .NET | [.NET Core CLI][dotnet_core], [Nuget][nuget] | | C/C++ | [Conan][conan] | | Go | [Go modules][gomod], [Godep][godep], go get | -| Java | [Gradle][gradle], [Maven][maven] | +| Java | [Gradle][gradle], [Maven v3.2.5+)][maven] | | JavaScript | [npm][npm], [yarn][yarn], [Bower][bower] | | PHP | [composer][composer] | | Python | [pip][pip], [pipenv][pipenv] | diff --git a/lib/license/finder/ext/maven.rb b/lib/license/finder/ext/maven.rb index 1a3dea8..6c95b1d 100644 --- a/lib/license/finder/ext/maven.rb +++ b/lib/license/finder/ext/maven.rb @@ -25,7 +25,7 @@ module LicenseFinder [ package_management_command, "-e", - "org.codehaus.mojo:license-maven-plugin:2.0.0:aggregate-download-licenses", + "org.codehaus.mojo:license-maven-plugin:aggregate-download-licenses", "-Dlicense.excludedScopes=#{@ignored_groups.to_a.join(',')}", "-Dorg.slf4j.simpleLogger.log.org.codehaus.mojo.license=debug", ENV.fetch('MAVEN_CLI_OPTS', '-DskipTests') diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb index 408c760..47639df 100644 --- a/lib/license/management/shell.rb +++ b/lib/license/management/shell.rb @@ -79,14 +79,13 @@ module License end def record(stdout, stderr, status) - logger.debug(stdout) if present?(stdout) - return unless present?(stderr) + severity = status.success? ? Logger::DEBUG : Logger::ERROR + flush(stdout, severity) + flush(stderr, severity) + end - if status.success? - logger.debug(stderr) - else - logger.error(stderr) - end + def flush(message, severity) + logger.add(severity, message) if present?(message) end def collapsible_section(header) diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index 72c1491..5402857 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.19.0' + VERSION = '3.19.1' end end diff --git a/normalized-licenses.yml b/normalized-licenses.yml index 6e13d65..46c7d26 100644 --- a/normalized-licenses.yml +++ b/normalized-licenses.yml @@ -17,6 +17,7 @@ ids: CC0 1.0 Universal: CC0-1.0 CC01: CC0-1.0 CDDL1: CDDL-1.0 + CDDL 1.1: CDDL-1.1 COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: CDDL-1.0 Common Development and Distribution License 1.1: CDDL-1.1 Common Public License Version 1.0: CPL-1.0 diff --git a/spec/fixtures/expected/js/bower/v2.1.json b/spec/fixtures/expected/js/bower/v2.1.json index 78570ca..ab5fe6d 100644 --- a/spec/fixtures/expected/js/bower/v2.1.json +++ b/spec/fixtures/expected/js/bower/v2.1.json @@ -35,7 +35,7 @@ "dependencies": [ { "name": "cli", - "version": "6.14.6", + "version": "6.14.7", "package_manager": "bower", "path": "bower.json", "licenses": [ diff --git a/spec/fixtures/haproxy.cfg b/spec/fixtures/haproxy.cfg index e15da8a..b0ab370 100644 --- a/spec/fixtures/haproxy.cfg +++ b/spec/fixtures/haproxy.cfg @@ -21,22 +21,40 @@ frontend www-https bind *:443 ssl crt wildcard.test.pem acl goproxy-backend ssl_fc_sni goproxy.test + acl maven-backend ssl_fc_sni maven.test + acl npm-backend ssl_fc_sni npm.test acl nuget-backend ssl_fc_sni nuget.test + acl pypi-backend ssl_fc_sni pypi.test acl rubygems-backend ssl_fc_sni rubygems.test http-request replace-header Host .* api.nuget.org if nuget-backend http-request replace-header Host .* proxy.golang.org if goproxy-backend + http-request replace-header Host .* pypi.org if pypi-backend + http-request replace-header Host .* registry.npmjs.org if npm-backend + http-request replace-header Host .* repo1.maven.org if maven-backend http-request replace-header Host .* rubygems.org if rubygems-backend use_backend goproxy-backend if goproxy-backend + use_backend maven-backend if maven-backend + use_backend npm-backend if npm-backend use_backend nuget-backend if nuget-backend + use_backend pypi-backend if pypi-backend use_backend rubygems-backend if rubygems-backend backend goproxy-backend server www1 proxy.golang.org:443 ssl verify none +backend maven-backend + server www1 repo1.maven.org:443 ssl verify none + +backend npm-backend + server www1 registry.npmjs.org:443 ssl verify none + backend nuget-backend server www1 api.nuget.org:443 ssl verify none +backend pypi-backend + server www1 pypi.org:443 ssl verify none + backend rubygems-backend server www1 rubygems.org:443 ssl verify none diff --git a/spec/fixtures/java/11/build.gradle b/spec/fixtures/java/11/build.gradle deleted file mode 100644 index fa128ea..0000000 --- a/spec/fixtures/java/11/build.gradle +++ /dev/null @@ -1,13 +0,0 @@ -plugins { - id 'java-library' -} - -repositories { - jcenter() -} - -dependencies { - runtime "org.postgresql:postgresql:42.1.4" - implementation 'com.google.guava:guava:28.2-jre' - testImplementation 'junit:junit:4.12' -} diff --git a/spec/fixtures/java/8/build.gradle b/spec/fixtures/java/8/build.gradle deleted file mode 100644 index b7cffcd..0000000 --- a/spec/fixtures/java/8/build.gradle +++ /dev/null @@ -1,9 +0,0 @@ -apply plugin: 'groovy' - -repositories { - mavenCentral() -} - -dependencies { - compile 'org.postgresql:postgresql:42.1.4' -} diff --git a/spec/fixtures/java/build.gradle.kts b/spec/fixtures/java/build.gradle.kts deleted file mode 100644 index 2ca8866..0000000 --- a/spec/fixtures/java/build.gradle.kts +++ /dev/null @@ -1,13 +0,0 @@ -plugins { - `java-library` -} - -repositories { - jcenter() -} - -dependencies { - runtime("org.postgresql:postgresql:42.1.4") - implementation("com.google.guava:guava:28.1-jre") - testImplementation("junit:junit:4.12") -} diff --git a/spec/fixtures/java/custom-maven-settings.xml b/spec/fixtures/java/custom-maven-settings.xml deleted file mode 100644 index b7dbb1c..0000000 --- a/spec/fixtures/java/custom-maven-settings.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - custom - - true - - - - gitlab-maven - https://gitlab.com/api/v4/projects/6130122/packages/maven - - - - - diff --git a/spec/fixtures/java/example/pom.xml b/spec/fixtures/java/example/pom.xml deleted file mode 100644 index b59f809..0000000 --- a/spec/fixtures/java/example/pom.xml +++ /dev/null @@ -1,39 +0,0 @@ - - 4.0.0 - com.gitlab.secure - example - jar - 1.0 - example - http://maven.apache.org - - - MIT - https://opensource.org/licenses/MIT - - - - - junit - junit - 3.8.1 - test - - - - - gitlab-maven - https://gitlab.com/api/v4/projects/6130122/packages/maven - - - - - gitlab-maven - https://gitlab.com/api/v4/projects/6130122/packages/maven - - - gitlab-maven - https://gitlab.com/api/v4/projects/6130122/packages/maven - - - diff --git a/spec/fixtures/java/example/settings.xml b/spec/fixtures/java/example/settings.xml deleted file mode 100644 index e84b931..0000000 --- a/spec/fixtures/java/example/settings.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - gitlab-maven - - - - Job-Token - ${env.CI_JOB_TOKEN} - - - - - - diff --git a/spec/fixtures/java/gradle/build.gradle.kts b/spec/fixtures/java/gradle/build.gradle.kts new file mode 100644 index 0000000..2ca8866 --- /dev/null +++ b/spec/fixtures/java/gradle/build.gradle.kts @@ -0,0 +1,13 @@ +plugins { + `java-library` +} + +repositories { + jcenter() +} + +dependencies { + runtime("org.postgresql:postgresql:42.1.4") + implementation("com.google.guava:guava:28.1-jre") + testImplementation("junit:junit:4.12") +} diff --git a/spec/fixtures/java/gradle/java-11/build.gradle b/spec/fixtures/java/gradle/java-11/build.gradle new file mode 100644 index 0000000..fa128ea --- /dev/null +++ b/spec/fixtures/java/gradle/java-11/build.gradle @@ -0,0 +1,13 @@ +plugins { + id 'java-library' +} + +repositories { + jcenter() +} + +dependencies { + runtime "org.postgresql:postgresql:42.1.4" + implementation 'com.google.guava:guava:28.2-jre' + testImplementation 'junit:junit:4.12' +} diff --git a/spec/fixtures/java/gradle/java-8/build.gradle b/spec/fixtures/java/gradle/java-8/build.gradle new file mode 100644 index 0000000..b7cffcd --- /dev/null +++ b/spec/fixtures/java/gradle/java-8/build.gradle @@ -0,0 +1,9 @@ +apply plugin: 'groovy' + +repositories { + mavenCentral() +} + +dependencies { + compile 'org.postgresql:postgresql:42.1.4' +} diff --git a/spec/fixtures/java/gradle/offline-environment/build.gradle b/spec/fixtures/java/gradle/offline-environment/build.gradle index 6e44ce9..cec239c 100644 --- a/spec/fixtures/java/gradle/offline-environment/build.gradle +++ b/spec/fixtures/java/gradle/offline-environment/build.gradle @@ -6,7 +6,7 @@ apply plugin: "java" ext { mavenHost = System.getenv('PRIVATE_MAVEN_HOST') } repositories { - maven { url "https://$mavenHost/artifactory/mvn/" } + maven { url "https://$mavenHost/maven2/" } } dependencies { diff --git a/spec/fixtures/java/gradle/offline-environment/bundle.crt b/spec/fixtures/java/gradle/offline-environment/bundle.crt deleted file mode 100644 index 398c90f..0000000 --- a/spec/fixtures/java/gradle/offline-environment/bundle.crt +++ /dev/null @@ -1,49 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIJAI21kFz1PLI3MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD -VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg -V2lkZ2l0cyBQdHkgTHRkMUQwQgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13 -ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5hbDAeFw0yMDA0MTcw -NjE4NTFaFw0yMTA0MTcwNjE4NTFaMIGLMQswCQYDVQQGEwJBVTETMBEGA1UECAwK -U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMUQw -QgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13ZXN0MS1iLmMuZ3JvdXAtc2Vj -dXJlLWE4OWZlNy5pbnRlcm5hbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK7lgNeL7Z6pj/vNLDw0QWuv6VKhY6jqd6Rdd03FJ1kG6pG4iUREhaH6UKjF -IYBFQFHtH+WJV78nU3D5WQayAhKxPJMPeLfVmeBxO+3rFtVCylgkytqJEP4fEkwP -lOyiUWVa6pcRkdijE5Y9pi+7buagZMZoCyQITiVOgqMsTwuxUDmuhDZQx8cmyfiq -zV7STaKVYx4h7P7p5cOhXaMPg7mKbCEIjrRfxcA4BZTlFOt+/8uyqQDfTXarl4gp -buv/zSzZtrFbsyc0MmTY40foKkMuTKHwbaVjoRqiqYzGyEhBuSYdaNQMTHWAGl4e -Ts3dIC8ysmEyWyxsUdBYhkHoi0ECAwEAAaNTMFEwHQYDVR0OBBYEFDC4YeQ2AxrR -3aXK63Y4+KWbdq0tMB8GA1UdIwQYMBaAFDC4YeQ2AxrR3aXK63Y4+KWbdq0tMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAF8D6h0e8ogZQrX+YRDc -FMvz2vYv6Oo2cLG5u5YSX1bJeOQHcCmmAvYBA+Pqjomxw9csRmktcy69hxIbvccn -m7jCF3hasOoCivM5ifSmdXSBqmnmaQUErEhF+g9VIl696dR4H+47ewTmDc+2uzvP -FFEfV/gC7QLIhMlpYJUn2/y4SgPjp08zJqulDDZL++srUqFktfiKyehriQXBn1M8 -JsW9G0at1fufKpFIgQWve0QtE1haBF+g6SGXQ/+guZnw5stUJ7ksFheJu4WsEPIx -vtRkKZ60p/Hpq7tmO5UG5fKK1tuyBSj3vxewBBYtgH23h7/c7KxoeDIOnyNRshoA -7Dg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIUe5OYnWvcwt2MgCpVSUgvFa8E3D0wDQYJKoZIhvcNAQEL -BQAwgbAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMSEwHwYDVQQK -DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxRTBDBgNVBAMMPGdpdGxhYi1haXJn -YXAtdGVzdC51cy13ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5h -bDEiMCAGCSqGSIb3DQEJARYTbGNoYXJsZXNAZ2l0bGFiLmNvbTAeFw0yMDAzMDky -MTU1NDhaFw0yMTAzMDkyMTU1NDhaMIGwMQswCQYDVQQGEwJVUzETMBEGA1UECAwK -Q2FsaWZvcm5pYTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMUUw -QwYDVQQDDDxnaXRsYWItYWlyZ2FwLXRlc3QudXMtd2VzdDEtYi5jLmdyb3VwLXNl -Y3VyZS1hODlmZTcuaW50ZXJuYWwxIjAgBgkqhkiG9w0BCQEWE2xjaGFybGVzQGdp -dGxhYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDypJmnetUl -HhXOLLFS+/sc8NoDMM3R9zN98x71iSK4Jn6a94vFYpg/8DU2mg7e972VvT1NKEHK -1+BGbgDMtbAiBeca+cWpJdswiWL69yNEozWRq69soUq1zcBu+MFnAdtB0SzK2ohd -R9aJqJmy9aVaEYZFRGktpjLObQZ/qVysCUo8Ts9dfSu50+DqEmVnmDkbgqNl4y7W -7x2PNCG+6m40+PGnHTdTpnah9DARqJhj/ORHfbFz/a+zHMlU+SDw06dqKBjwxEW3 -azjRDgmC4bGXj/Qbt7VUJriFCA0W22v4VqMTMhU0PWOw5MJa/cT82avlaA5bBskj -kN6wJ5WwabsDAgMBAAGjUzBRMB0GA1UdDgQWBBQ0siXTvUqJwrslaeYax0K64mLH -KjAfBgNVHSMEGDAWgBQ0siXTvUqJwrslaeYax0K64mLHKjAPBgNVHRMBAf8EBTAD -AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCNI1pKNMiTcx3msHVOmVHhA44ocJbl6Jws -ztpp7aSduKI/Ib4FvONLSV5kJDhQ2Q9dBQWQiSsqoEIfvU3RWuAeU69fl/ojHOTy -JwXiitWT0QZ1rXGIak+tYAHOyHn42nfiHg0H9D67DZ0uDQdQ7Uqwwe+21eqz/vQ9 -3Edj7C5Oag+Uf1zdAR60+zMm4DZJ0guDfQXhRuYF1GTll5avpxZA0QMhGgysekXe -IPcVVawMK/ChUcbktFylIAu9ohWrJHU5KuDrzhEOyG+0hEFGFnzYfpJSADIHvNNS -Gtpf/YEZclLD7wHrkhbeIThnU/Z9q270dm15wEGO9MLACEob6DZo ------END CERTIFICATE----- diff --git a/spec/fixtures/java/maven-multimodule/api/pom.xml b/spec/fixtures/java/maven-multimodule/api/pom.xml deleted file mode 100644 index c621c1a..0000000 --- a/spec/fixtures/java/maven-multimodule/api/pom.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - 4.0.0 - - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - - com.gitlab.security_products.tests - api - 1.0-SNAPSHOT - api - http://maven.apache.org - - - ${project.groupId} - model - ${project.version} - - - org.apache.struts - struts2-core - 2.5.1 - - - diff --git a/spec/fixtures/java/maven-multimodule/model/pom.xml b/spec/fixtures/java/maven-multimodule/model/pom.xml deleted file mode 100644 index 91b366b..0000000 --- a/spec/fixtures/java/maven-multimodule/model/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - 4.0.0 - - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - - com.gitlab.security_products.tests - model - 1.0-SNAPSHOT - model - http://maven.apache.org - - 1.6 - 1.6 - UTF-8 - - - - org.apache.logging.log4j - log4j-core - 2.8.2 - - - diff --git a/spec/fixtures/java/maven-multimodule/pom.xml b/spec/fixtures/java/maven-multimodule/pom.xml deleted file mode 100644 index e84ad4a..0000000 --- a/spec/fixtures/java/maven-multimodule/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - 4.0.0 - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - pom - java-maven-multi-modules - - api - model - web - - - - io.netty - netty-all - 4.1.0.Final - - - junit - junit - 3.8.1 - test - - - \ No newline at end of file diff --git a/spec/fixtures/java/maven-multimodule/web/pom.xml b/spec/fixtures/java/maven-multimodule/web/pom.xml deleted file mode 100644 index 548e9fb..0000000 --- a/spec/fixtures/java/maven-multimodule/web/pom.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - 4.0.0 - - com.gitlab.security_products.tests - java-maven-multi-modules - 1.0-SNAPSHOT - - com.gitlab.security_products.tests - web - 1.0-SNAPSHOT - web - http://maven.apache.org - - 1.6 - 1.6 - UTF-8 - - - - com.fasterxml.jackson.dataformat - jackson-dataformat-xml - 2.7.3 - - - diff --git a/spec/fixtures/java/maven.crt b/spec/fixtures/java/maven.crt deleted file mode 100644 index fe9fcf7..0000000 --- a/spec/fixtures/java/maven.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIJAI21kFz1PLI3MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD -VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg -V2lkZ2l0cyBQdHkgTHRkMUQwQgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13 -ZXN0MS1iLmMuZ3JvdXAtc2VjdXJlLWE4OWZlNy5pbnRlcm5hbDAeFw0yMDA0MTcw -NjE4NTFaFw0yMTA0MTcwNjE4NTFaMIGLMQswCQYDVQQGEwJBVTETMBEGA1UECAwK -U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMUQw -QgYDVQQDDDtnaXRsYWItYWlyZ2FwLWp2bS51cy13ZXN0MS1iLmMuZ3JvdXAtc2Vj -dXJlLWE4OWZlNy5pbnRlcm5hbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAK7lgNeL7Z6pj/vNLDw0QWuv6VKhY6jqd6Rdd03FJ1kG6pG4iUREhaH6UKjF -IYBFQFHtH+WJV78nU3D5WQayAhKxPJMPeLfVmeBxO+3rFtVCylgkytqJEP4fEkwP -lOyiUWVa6pcRkdijE5Y9pi+7buagZMZoCyQITiVOgqMsTwuxUDmuhDZQx8cmyfiq -zV7STaKVYx4h7P7p5cOhXaMPg7mKbCEIjrRfxcA4BZTlFOt+/8uyqQDfTXarl4gp -buv/zSzZtrFbsyc0MmTY40foKkMuTKHwbaVjoRqiqYzGyEhBuSYdaNQMTHWAGl4e -Ts3dIC8ysmEyWyxsUdBYhkHoi0ECAwEAAaNTMFEwHQYDVR0OBBYEFDC4YeQ2AxrR -3aXK63Y4+KWbdq0tMB8GA1UdIwQYMBaAFDC4YeQ2AxrR3aXK63Y4+KWbdq0tMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAF8D6h0e8ogZQrX+YRDc -FMvz2vYv6Oo2cLG5u5YSX1bJeOQHcCmmAvYBA+Pqjomxw9csRmktcy69hxIbvccn -m7jCF3hasOoCivM5ifSmdXSBqmnmaQUErEhF+g9VIl696dR4H+47ewTmDc+2uzvP -FFEfV/gC7QLIhMlpYJUn2/y4SgPjp08zJqulDDZL++srUqFktfiKyehriQXBn1M8 -JsW9G0at1fufKpFIgQWve0QtE1haBF+g6SGXQ/+guZnw5stUJ7ksFheJu4WsEPIx -vtRkKZ60p/Hpq7tmO5UG5fKK1tuyBSj3vxewBBYtgH23h7/c7KxoeDIOnyNRshoA -7Dg= ------END CERTIFICATE----- diff --git a/spec/fixtures/java/maven/example/pom.xml b/spec/fixtures/java/maven/example/pom.xml new file mode 100644 index 0000000..b59f809 --- /dev/null +++ b/spec/fixtures/java/maven/example/pom.xml @@ -0,0 +1,39 @@ + + 4.0.0 + com.gitlab.secure + example + jar + 1.0 + example + http://maven.apache.org + + + MIT + https://opensource.org/licenses/MIT + + + + + junit + junit + 3.8.1 + test + + + + + gitlab-maven + https://gitlab.com/api/v4/projects/6130122/packages/maven + + + + + gitlab-maven + https://gitlab.com/api/v4/projects/6130122/packages/maven + + + gitlab-maven + https://gitlab.com/api/v4/projects/6130122/packages/maven + + + diff --git a/spec/fixtures/java/maven/example/settings.xml b/spec/fixtures/java/maven/example/settings.xml new file mode 100644 index 0000000..e84b931 --- /dev/null +++ b/spec/fixtures/java/maven/example/settings.xml @@ -0,0 +1,15 @@ + + + + gitlab-maven + + + + Job-Token + ${env.CI_JOB_TOKEN} + + + + + + diff --git a/spec/fixtures/java/maven/external-gitlab-repo/pom.xml b/spec/fixtures/java/maven/external-gitlab-repo/pom.xml new file mode 100644 index 0000000..07bc1a7 --- /dev/null +++ b/spec/fixtures/java/maven/external-gitlab-repo/pom.xml @@ -0,0 +1,21 @@ + + 4.0.0 + com.gitlab.secure + license-scanning + jar + 1.0-SNAPSHOT + example + http://maven.apache.org + + + com.gitlab.secure + example + 1.0 + + + javax.xml.bind + jaxb-api + 2.3.0 + + + diff --git a/spec/fixtures/java/maven/external-gitlab-repo/settings.xml b/spec/fixtures/java/maven/external-gitlab-repo/settings.xml new file mode 100644 index 0000000..b7dbb1c --- /dev/null +++ b/spec/fixtures/java/maven/external-gitlab-repo/settings.xml @@ -0,0 +1,16 @@ + + + + custom + + true + + + + gitlab-maven + https://gitlab.com/api/v4/projects/6130122/packages/maven + + + + + diff --git a/spec/fixtures/java/maven/gitlab-repo/pom.xml b/spec/fixtures/java/maven/gitlab-repo/pom.xml new file mode 100644 index 0000000..07bc1a7 --- /dev/null +++ b/spec/fixtures/java/maven/gitlab-repo/pom.xml @@ -0,0 +1,21 @@ + + 4.0.0 + com.gitlab.secure + license-scanning + jar + 1.0-SNAPSHOT + example + http://maven.apache.org + + + com.gitlab.secure + example + 1.0 + + + javax.xml.bind + jaxb-api + 2.3.0 + + + diff --git a/spec/fixtures/java/maven/multimodule/api/pom.xml b/spec/fixtures/java/maven/multimodule/api/pom.xml new file mode 100644 index 0000000..c621c1a --- /dev/null +++ b/spec/fixtures/java/maven/multimodule/api/pom.xml @@ -0,0 +1,26 @@ + + + 4.0.0 + + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + + com.gitlab.security_products.tests + api + 1.0-SNAPSHOT + api + http://maven.apache.org + + + ${project.groupId} + model + ${project.version} + + + org.apache.struts + struts2-core + 2.5.1 + + + diff --git a/spec/fixtures/java/maven/multimodule/model/pom.xml b/spec/fixtures/java/maven/multimodule/model/pom.xml new file mode 100644 index 0000000..91b366b --- /dev/null +++ b/spec/fixtures/java/maven/multimodule/model/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + + com.gitlab.security_products.tests + model + 1.0-SNAPSHOT + model + http://maven.apache.org + + 1.6 + 1.6 + UTF-8 + + + + org.apache.logging.log4j + log4j-core + 2.8.2 + + + diff --git a/spec/fixtures/java/maven/multimodule/pom.xml b/spec/fixtures/java/maven/multimodule/pom.xml new file mode 100644 index 0000000..e84ad4a --- /dev/null +++ b/spec/fixtures/java/maven/multimodule/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + pom + java-maven-multi-modules + + api + model + web + + + + io.netty + netty-all + 4.1.0.Final + + + junit + junit + 3.8.1 + test + + + \ No newline at end of file diff --git a/spec/fixtures/java/maven/multimodule/web/pom.xml b/spec/fixtures/java/maven/multimodule/web/pom.xml new file mode 100644 index 0000000..548e9fb --- /dev/null +++ b/spec/fixtures/java/maven/multimodule/web/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + + com.gitlab.security_products.tests + web + 1.0-SNAPSHOT + web + http://maven.apache.org + + 1.6 + 1.6 + UTF-8 + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-xml + 2.7.3 + + + diff --git a/spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.jar b/spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.jar new file mode 100644 index 0000000..9cc84ea Binary files /dev/null and b/spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.jar differ diff --git a/spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.properties b/spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..b573bb5 --- /dev/null +++ b/spec/fixtures/java/maven/my-spring-app2/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1 @@ +distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.3/apache-maven-3.5.3-bin.zip diff --git a/spec/fixtures/java/maven/my-spring-app2/mvnw b/spec/fixtures/java/maven/my-spring-app2/mvnw new file mode 100755 index 0000000..5d8e6c3 --- /dev/null +++ b/spec/fixtures/java/maven/my-spring-app2/mvnw @@ -0,0 +1,165 @@ +#!/bin/sh + +if [ -z "$MAVEN_SKIP_RC" ] ; then + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi +fi + +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + export JAVA_HOME="`/usr/libexec/java_home`" + else + export JAVA_HOME="/Library/Java/Home" + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +if [ -z "$M2_HOME" ] ; then + PRG="$0" + + while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG="`dirname "$PRG"`/$link" + fi + done + saveddir=`pwd` + M2_HOME=`dirname "$PRG"`/.. + M2_HOME=`cd "$M2_HOME" && pwd` + cd "$saveddir" +fi + +if $cygwin ; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --unix "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +if $mingw ; then + [ -n "$M2_HOME" ] && + M2_HOME="`(cd "$M2_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD="`which java`" + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi + +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi + +CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher + +find_maven_basedir() { + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi + + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + done + echo "${basedir}" +} + +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} +echo $MAVEN_PROJECTBASEDIR +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" + +if $cygwin; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --path --windows "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +fi + +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +exec "$JAVACMD" \ + $MAVEN_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/spec/fixtures/java/maven/my-spring-app2/pom.xml b/spec/fixtures/java/maven/my-spring-app2/pom.xml new file mode 100644 index 0000000..a603294 --- /dev/null +++ b/spec/fixtures/java/maven/my-spring-app2/pom.xml @@ -0,0 +1,90 @@ + + + 4.0.0 + com.example + demo + 0.0.1-SNAPSHOT + jar + demo + Demo project for Spring Boot + + org.springframework.boot + spring-boot-starter-parent + 2.0.1.RELEASE + + + + UTF-8 + UTF-8 + 1.8 + + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-test + test + + + org.apache.struts + struts2-core + 2.2.3.1 + + + com.itextpdf + barcodes + 7.0.0 + + + com.itextpdf + font-asian + 7.0.0 + + + com.itextpdf + forms + 7.0.0 + + + com.itextpdf + hyph + 7.0.0 + + + com.itextpdf + io + 7.0.0 + + + com.itextpdf + kernel + 7.0.0 + + + com.itextpdf + layout + 7.0.0 + + + com.itextpdf + pdfa + 7.0.0 + + + com.itextpdf + sign + 7.0.0 + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + diff --git a/spec/fixtures/java/maven/my-spring-app2/src/main/java/com/example/demo/DemoApplication.java b/spec/fixtures/java/maven/my-spring-app2/src/main/java/com/example/demo/DemoApplication.java new file mode 100644 index 0000000..1a42144 --- /dev/null +++ b/spec/fixtures/java/maven/my-spring-app2/src/main/java/com/example/demo/DemoApplication.java @@ -0,0 +1,18 @@ +package com.example.demo; + +import org.springframework.boot.*; +import org.springframework.boot.autoconfigure.*; +import org.springframework.web.bind.annotation.*; + +@SpringBootApplication +@RestController +public class DemoApplication { + @GetMapping("/") + String home() { + return "Spring is here!"; + } + + public static void main(String[] args) { + SpringApplication.run(DemoApplication.class, args); + } +} diff --git a/spec/fixtures/java/maven/my-spring-app2/src/main/resources/application.properties b/spec/fixtures/java/maven/my-spring-app2/src/main/resources/application.properties new file mode 100644 index 0000000..e69de29 diff --git a/spec/fixtures/java/maven/my-spring-app2/src/test/java/com/example/demo/DemoApplicationTests.java b/spec/fixtures/java/maven/my-spring-app2/src/test/java/com/example/demo/DemoApplicationTests.java new file mode 100644 index 0000000..e7be4a5 --- /dev/null +++ b/spec/fixtures/java/maven/my-spring-app2/src/test/java/com/example/demo/DemoApplicationTests.java @@ -0,0 +1,26 @@ +package com.example.demo; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.junit4.SpringRunner; +import static org.assertj.core.api.Assertions.assertThat; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class DemoApplicationTests { + @Test + public void contextLoads() { } + + @Autowired + private TestRestTemplate restTemplate; + + @Test + public void homeResponse() { + String body = this.restTemplate.getForObject("/", String.class); + assertThat(body).isEqualTo("Spring is here!"); + } +} diff --git a/spec/fixtures/java/maven/pom-single.xml.erb b/spec/fixtures/java/maven/pom-single.xml.erb new file mode 100644 index 0000000..897b3a6 --- /dev/null +++ b/spec/fixtures/java/maven/pom-single.xml.erb @@ -0,0 +1,27 @@ + + 4.0.0 + com.gitlab.secure + license-scanning + jar + 1.0-SNAPSHOT + example + + + <%= group_id %> + <%= artifact_id %> + <%= version %> + + + + + <%= repository_id %> + <%= repository_url %> + + + + + <%= repository_id %> + <%= repository_url %> + + + diff --git a/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar new file mode 100644 index 0000000..9cc84ea Binary files /dev/null and b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.jar differ diff --git a/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb new file mode 100644 index 0000000..5ab4ccc --- /dev/null +++ b/spec/fixtures/java/maven/simple/.mvn/wrapper/maven-wrapper.properties.erb @@ -0,0 +1 @@ +distributionUrl=<% distribution_url %> diff --git a/spec/fixtures/java/maven/simple/mvnw b/spec/fixtures/java/maven/simple/mvnw new file mode 100755 index 0000000..5d8e6c3 --- /dev/null +++ b/spec/fixtures/java/maven/simple/mvnw @@ -0,0 +1,165 @@ +#!/bin/sh + +if [ -z "$MAVEN_SKIP_RC" ] ; then + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi +fi + +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + export JAVA_HOME="`/usr/libexec/java_home`" + else + export JAVA_HOME="/Library/Java/Home" + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +if [ -z "$M2_HOME" ] ; then + PRG="$0" + + while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG="`dirname "$PRG"`/$link" + fi + done + saveddir=`pwd` + M2_HOME=`dirname "$PRG"`/.. + M2_HOME=`cd "$M2_HOME" && pwd` + cd "$saveddir" +fi + +if $cygwin ; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --unix "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +if $mingw ; then + [ -n "$M2_HOME" ] && + M2_HOME="`(cd "$M2_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD="`which java`" + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi + +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi + +CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher + +find_maven_basedir() { + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi + + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + done + echo "${basedir}" +} + +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} +echo $MAVEN_PROJECTBASEDIR +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" + +if $cygwin; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --path --windows "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +fi + +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +exec "$JAVACMD" \ + $MAVEN_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/spec/fixtures/java/maven/simple/pom.xml b/spec/fixtures/java/maven/simple/pom.xml new file mode 100644 index 0000000..d4becd3 --- /dev/null +++ b/spec/fixtures/java/maven/simple/pom.xml @@ -0,0 +1,22 @@ + + + 4.0.0 + com.gitlab.security_products.tests + java-maven-multi-modules + 1.0-SNAPSHOT + pom + simple + + + io.netty + netty-all + 4.1.0.Final + + + junit + junit + 3.8.1 + test + + + diff --git a/spec/fixtures/java/maven/simple/settings.xml b/spec/fixtures/java/maven/simple/settings.xml new file mode 100644 index 0000000..ed45b79 --- /dev/null +++ b/spec/fixtures/java/maven/simple/settings.xml @@ -0,0 +1,3 @@ + + ${env.PWD}/.m2/repository + diff --git a/spec/fixtures/java/pom-public-gitlab-repository.xml b/spec/fixtures/java/pom-public-gitlab-repository.xml deleted file mode 100644 index 11abf7f..0000000 --- a/spec/fixtures/java/pom-public-gitlab-repository.xml +++ /dev/null @@ -1,21 +0,0 @@ - - 4.0.0 - com.gitlab.secure - license-scanning - jar - 1.0-SNAPSHOT - example - http://maven.apache.org - - - com.gitlab.secure - example - 1.0 - - - javax.xml.bind - jaxb-api - 2.3.0 - - - diff --git a/spec/fixtures/java/pom-single.xml.erb b/spec/fixtures/java/pom-single.xml.erb deleted file mode 100644 index 897b3a6..0000000 --- a/spec/fixtures/java/pom-single.xml.erb +++ /dev/null @@ -1,27 +0,0 @@ - - 4.0.0 - com.gitlab.secure - license-scanning - jar - 1.0-SNAPSHOT - example - - - <%= group_id %> - <%= artifact_id %> - <%= version %> - - - - - <%= repository_id %> - <%= repository_url %> - - - - - <%= repository_id %> - <%= repository_url %> - - - diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb index 0e71038..c2137b3 100644 --- a/spec/integration/java/gradle_spec.rb +++ b/spec/integration/java/gradle_spec.rb @@ -49,16 +49,20 @@ plugins { end end - context 'when scanning a project that needs to connect to multiple TLS endpoints with different custom certificate chains', environment: 'offline' do + context 'when scanning a project that needs to connect to multiple TLS endpoints with different custom certificate chains' do subject do runner.scan(env: { - 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('java/gradle/offline-environment/bundle.crt'), + 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read, 'PRIVATE_MAVEN_HOST' => private_maven_host }) end + let(:private_maven_host) { 'maven.test' } + before do - runner.mount(dir: fixture_file('java/gradle/offline-environment/')) + add_host('maven.test', '127.0.0.1') + start_proxy_server + runner.mount(dir: fixture_file('java/gradle/offline-environment')) end specify { expect(subject).to match_schema } @@ -96,22 +100,22 @@ plugins { end context "when scanning a gradle project with a custom option to generate a profiler report" do - let(:report) { runner.scan(env: { 'GRADLE_CLI_OPTS' => '--profile' }) } + subject { runner.scan(env: { 'GRADLE_CLI_OPTS' => '--profile' }) } before do - runner.add_file('build.gradle', fixture_file_content("java/11/build.gradle")) + runner.mount(dir: fixture_file("java/gradle/java-11")) end - specify { expect(report).to match_schema } - specify { expect { report }.to change { Dir.glob("#{runner.project_path}/build/reports/profile/profile-*.html").count }.from(0).to(1) } - specify { expect(report.dependency_names).to match_array(['postgresql']) } - specify { expect(report.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) } + specify { expect(subject).to match_schema } + specify { expect { subject }.to change { Dir.glob("#{runner.project_path}/build/reports/profile/profile-*.html").count }.from(0).to(1) } + specify { expect(subject.dependency_names).to match_array(['postgresql']) } + specify { expect(subject.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) } end context 'when using Java 8 with version 1.* of gradle' do before do + runner.mount(dir: fixture_file("java/gradle/java-8")) runner.add_file('.tool-versions', "gradle 1.9") - runner.add_file('build.gradle', fixture_file_content("java/8/build.gradle")) end it 'returns an empty report because the plugin we use does not work in this version of the gradle API' do @@ -129,7 +133,7 @@ plugins { before do runner.add_file('.tool-versions', "gradle #{gradle_version}") - runner.add_file('build.gradle.kts', fixture_file_content("java/build.gradle.kts")) + runner.add_file('build.gradle.kts', fixture_file_content("java/gradle/build.gradle.kts")) runner.add_file('settings.gradle.kts', 'rootProject.name = "example"') end @@ -149,7 +153,7 @@ plugins { before do runner.add_file('.tool-versions', "gradle #{gradle_version}") - runner.add_file('build.gradle', fixture_file_content("java/#{item[:java]}/build.gradle")) + runner.add_file('build.gradle', fixture_file_content("java/gradle/java-#{item[:java]}/build.gradle")) runner.add_file('settings.gradle', 'rootProject.name = "example"') end diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb index 49ee82c..faa5fc1 100644 --- a/spec/integration/java/maven_spec.rb +++ b/spec/integration/java/maven_spec.rb @@ -4,32 +4,38 @@ RSpec.describe "maven" do include_examples "each report version", "java", "maven" include_examples "each report version", "java", "maven-multimodules" - describe "When the maven dependencies come from a custom public maven repository" do - it 'is able to detect some of the licenses' do - runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) - - report = runner.scan(env: { - 'CI_PROJECT_ID' => '6130122' - }) + context "when the maven dependencies come from the same projects public maven repository" do + subject { runner.scan(env: { 'CI_PROJECT_ID' => '6130122' }) } - expect(report).to match_schema - expect(report.dependency_names).to match_array(%w[example jaxb-api]) - expect(report.licenses_for('example')).to match_array(['MIT']) - expect(report.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'cddl 1.1']) + before do + runner.mount(dir: fixture_file('java/maven/gitlab-repo')) end - it 'downloads packages from by using a custom `settings.xml`' do - runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) - runner.add_file('my_settings.xml', fixture_file_content('java/custom-maven-settings.xml')) + it 'is able to detect some of the licenses' do + expect(subject).to match_schema + expect(subject.dependency_names).to match_array(%w[example jaxb-api]) + expect(subject.licenses_for('example')).to match_array(['MIT']) + expect(subject.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'CDDL-1.1']) + end + end - report = runner.scan(env: { + context "when packages are sourced from an external package registry" do + subject do + runner.scan(env: { 'CI_PROJECT_ID' => 'invalid', - 'MAVEN_CLI_OPTS' => "--settings my_settings.xml" + 'MAVEN_CLI_OPTS' => "--settings settings.xml" }) + end - expect(report).to match_schema - expect(report[:dependencies]).to match_array([{ name: 'example', url: '', description: '', paths: ['.'], licenses: ['MIT'] }, - { description: '', licenses: ['GPL-2.0-only', 'cddl 1.1'], name: 'jaxb-api', paths: ['.'], url: '' }]) + before do + runner.mount(dir: fixture_file('java/maven/external-gitlab-repo')) + end + + it 'downloads packages from by using a custom `settings.xml`' do + expect(subject).to match_schema + expect(subject.dependency_names).to match_array(%w[example jaxb-api]) + expect(subject.licenses_for('example')).to match_array(['MIT']) + expect(subject.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'CDDL-1.1']) end end @@ -53,7 +59,7 @@ RSpec.describe "maven" do describe "When scanning a project with multiple modules" do before do - runner.mount(dir: fixture_file('java/maven-multimodule')) + runner.mount(dir: fixture_file('java/maven/multimodule')) end it 'detects dependences from each module' do @@ -82,18 +88,21 @@ RSpec.describe "maven" do end end - context "when connecting to a custom package registry with a self signed certificate", environment: 'offline' do - let(:bundle) { fixture_file_content('java/maven.crt') } - let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, 'LOG_LEVEL' => 'debug' }) } + context "when connecting to a custom package registry with a self signed certificate" do + let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read }) } + let(:private_maven_host) { 'maven.test' } before do + add_host('maven.test', '127.0.0.1') + start_proxy_server + runner.add_file('pom.xml') do - fixture_file_content('java/pom-single.xml.erb', { + fixture_file_content('java/maven/pom-single.xml.erb', { group_id: 'com.fasterxml.jackson.core', artifact_id: 'jackson-core', version: '2.10.0', repository_id: 'custom', - repository_url: "https://#{private_maven_host}/artifactory/mvn-cache" + repository_url: "https://#{private_maven_host}/maven2" }) end end @@ -144,4 +153,45 @@ RSpec.describe "maven" do expect(output_file.read).to include('openjdk version "1.8.0_252"') end end + + context "when scanning a project that depends on an older version of maven" do + subject { runner.scan } + + before do + runner.mount(dir: fixture_file('java/maven/my-spring-app2')) + end + + specify { expect(subject).to match_schema } + specify { expect(subject.dependency_names).to match_array(["asm", "asm-commons", "asm-tree", "barcodes", "classmate", "commons-fileupload", "commons-io", "commons-lang", "font-asian", "forms", "freemarker", "hibernate-validator", "hyph", "io", "jackson-annotations", "jackson-core", "jackson-databind", "jackson-datatype-jdk8", "jackson-datatype-jsr310", "jackson-module-parameter-names", "javassist", "javax.annotation-api", "jboss-logging", "jul-to-slf4j", "kernel", "layout", "log4j-api", "log4j-to-slf4j", "logback-classic", "logback-core", "ognl", "pdfa", "sign", "slf4j-api", "snakeyaml", "spring-aop", "spring-beans", "spring-boot", "spring-boot-autoconfigure", "spring-boot-starter", "spring-boot-starter-json", "spring-boot-starter-logging", "spring-boot-starter-tomcat", "spring-boot-starter-web", "spring-context", "spring-core", "spring-expression", "spring-jcl", "spring-web", "spring-webmvc", "struts2-core", "tomcat-embed-core", "tomcat-embed-el", "tomcat-embed-websocket", "validation-api", "xwork-core"]) } + end + + [ + { java: '8', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] }, + { java: '11', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] } + ].each do |item| + item[:maven].each do |maven_version| + context "when using Java v#{item[:java]} with maven v#{maven_version}" do + let(:report) { runner.scan(env: env) } + let(:env) do + { + 'LM_JAVA_VERSION' => item[:java], + 'MAVEN_CLI_OPTS' => "--settings settings.xml" + } + end + + before do + runner.mount(dir: fixture_file('java/maven/simple')) + runner.add_file('.mvn/wrapper/maven-wrapper.properties') do + "distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/#{maven_version}/apache-maven-#{maven_version}-bin.zip" + end + end + + specify do + expect(report).to match_schema + expect(report.dependency_names).to match_array(['netty-all']) + expect(report.licenses_for('netty-all')).to match_array(['Apache-2.0']) + end + end + end + end end diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb index 244f363..e482d6d 100644 --- a/spec/support/integration_test_helper.rb +++ b/spec/support/integration_test_helper.rb @@ -11,12 +11,6 @@ module IntegrationTestHelper end end - def private_maven_host - @private_maven_host ||= ENV.fetch('PRIVATE_MAVEN_HOST').tap do |host| - add_host(host, ENV.fetch('PRIVATE_MAVEN_IP')) - end - end - def runner(*args) @runner ||= ProjectHelper.new(*args) end diff --git a/spec/support/proxy_helper.rb b/spec/support/proxy_helper.rb index a07ee84..93805c6 100644 --- a/spec/support/proxy_helper.rb +++ b/spec/support/proxy_helper.rb @@ -5,9 +5,11 @@ module ProxyHelper def generate_self_signed_certificate_for(host) Dir.chdir License::Management.root.join('tmp') do - system("rm -f #{host}.*") - system("/usr/bin/openssl req -x509 -newkey rsa:4096 -keyout #{host}.key -out #{host}.crt -days 999 -nodes -subj '/C=/ST=/L=/O=/OU=/CN=*.test' -addext 'subjectAltName=DNS:nuget.test,DNS:rubygems.test,DNS:goproxy.test'") - system("cat #{host}.* > #{host}.pem") + system([ + "rm -f #{host}.*", + "/usr/bin/openssl req -x509 -newkey rsa:4096 -keyout #{host}.key -out #{host}.crt -days 999 -nodes -subj '/C=/ST=/L=/O=/OU=/CN=*.test' -addext 'subjectAltName=DNS:nuget.test,DNS:rubygems.test,DNS:goproxy.test,DNS:maven.test,DNS:pypi.test,DNS:npm.test'", + "cat #{host}.* > #{host}.pem" + ].join("&&")) end end diff --git a/spec/unit/license/management/repository_spec.rb b/spec/unit/license/management/repository_spec.rb index 5fa37e9..a391d09 100644 --- a/spec/unit/license/management/repository_spec.rb +++ b/spec/unit/license/management/repository_spec.rb @@ -35,6 +35,7 @@ RSpec.describe License::Management::Repository do ['Apache License v2.0', 'Apache-2.0'], ['COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0', 'CDDL-1.0'], ['Common Development and Distribution License 1.1', 'CDDL-1.1'], + ['CDDL 1.1', 'CDDL-1.1'], ['Apache Software License - Version 2.0', 'Apache-2.0'], ['ASF 2.0', 'Apache-2.0'], ['Eclipse Public License - v 1.0', 'EPL-1.0'], -- cgit v1.2.3