From a54789bcfe9e05ab42dfb6e03457279384e343fe Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 17 Aug 2020 16:23:28 -0600 Subject: Update license_finder to 6.8.1 * Update CHANGELOG * Add default retry for all jobs * Ensure all deb packages are built --- spec/integration/c/conan_spec.rb | 2 + spec/integration/dotnet/examples_spec.rb | 2 + spec/integration/dotnet/nuget_spec.rb | 2 + spec/integration/go/modules_spec.rb | 19 ++++++- spec/integration/java/gradle_spec.rb | 12 +++-- spec/integration/java/maven_spec.rb | 14 ++--- spec/integration/js/bower_spec.rb | 2 + spec/integration/js/npm_spec.rb | 2 + spec/integration/js/yarn_spec.rb | 2 + spec/integration/php/composer_spec.rb | 2 + spec/integration/python/pip_spec.rb | 14 ++++- spec/integration/python/pipenv_spec.rb | 87 +++++++++++++++++++------------- spec/integration/ruby/bundler_spec.rb | 24 ++++++++- spec/integration/rust/cargo_spec.rb | 2 + 14 files changed, 135 insertions(+), 51 deletions(-) (limited to 'spec/integration') diff --git a/spec/integration/c/conan_spec.rb b/spec/integration/c/conan_spec.rb index cdbf029..86025bd 100644 --- a/spec/integration/c/conan_spec.rb +++ b/spec/integration/c/conan_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "conan" do diff --git a/spec/integration/dotnet/examples_spec.rb b/spec/integration/dotnet/examples_spec.rb index f9c63ea..909dd2c 100644 --- a/spec/integration/dotnet/examples_spec.rb +++ b/spec/integration/dotnet/examples_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe ".NET Core" do diff --git a/spec/integration/dotnet/nuget_spec.rb b/spec/integration/dotnet/nuget_spec.rb index 90a189b..5bda5db 100644 --- a/spec/integration/dotnet/nuget_spec.rb +++ b/spec/integration/dotnet/nuget_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "nuget" do diff --git a/spec/integration/go/modules_spec.rb b/spec/integration/go/modules_spec.rb index fa2313c..3edef74 100644 --- a/spec/integration/go/modules_spec.rb +++ b/spec/integration/go/modules_spec.rb @@ -1,9 +1,11 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "modules" do before do # Delete go module cache - system('rm -fr ~/.local/pkg') + system('rm -fr /opt/gitlab/.local/pkg') system('rm -fr /opt/asdf/installs/golang/**/packages/pkg/') end @@ -64,6 +66,21 @@ RSpec.describe "modules" do end end + context "when scanning the `gitlab-runner` project" do + subject { runner.scan } + + before do + runner.clone('https://gitlab.com/gitlab-org/gitlab-runner.git') + end + + specify do + expect(subject).to match_schema + expect(subject[:licenses]).not_to be_empty + expect(subject[:dependencies]).not_to be_empty + expect(subject.dependency_names).to include('gitlab.com/gitlab-org/gitlab-terminal') + end + end + context "when scanning a project with vendored modules" do subject { runner.scan } diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb index c2137b3..25d7e26 100644 --- a/spec/integration/java/gradle_spec.rb +++ b/spec/integration/java/gradle_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "gradle" do @@ -113,17 +115,17 @@ plugins { end context 'when using Java 8 with version 1.* of gradle' do + subject { runner.scan(env: { 'LM_JAVA_VERSION' => '8' }) } + before do runner.mount(dir: fixture_file("java/gradle/java-8")) runner.add_file('.tool-versions', "gradle 1.9") end it 'returns an empty report because the plugin we use does not work in this version of the gradle API' do - report = runner.scan(env: { 'LM_JAVA_VERSION' => '8' }) - - expect(report).to match_schema - expect(report[:dependencies]).to be_empty - expect(report[:licenses]).to be_empty + expect(subject).to match_schema + expect(subject[:dependencies]).to be_empty + expect(subject[:licenses]).to be_empty end end diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb index aa2d1ff..c9a7026 100644 --- a/spec/integration/java/maven_spec.rb +++ b/spec/integration/java/maven_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "maven" do @@ -58,15 +60,15 @@ RSpec.describe "maven" do end describe "When scanning a project with multiple modules" do + subject { runner.scan } + before do runner.mount(dir: fixture_file('java/maven/multimodule')) end it 'detects dependences from each module' do - report = runner.scan - - expect(report).to match_schema - expect(report[:dependencies]).not_to be_empty + expect(subject).to match_schema + expect(subject[:dependencies]).not_to be_empty [ { name: "asm", licenses: ["BSD-4-Clause"] }, @@ -81,10 +83,10 @@ RSpec.describe "maven" do { name: "netty-all", licenses: ["Apache-2.0"] }, { name: "stax2-api", licenses: ["BSD-4-Clause"] } ].each do |dependency| - expect(report.licenses_for(dependency[:name])).to match_array(dependency[:licenses]) + expect(subject.licenses_for(dependency[:name])).to match_array(dependency[:licenses]) end - expect(report.dependency_names).not_to include('junit') + expect(subject.dependency_names).not_to include('junit') end end diff --git a/spec/integration/js/bower_spec.rb b/spec/integration/js/bower_spec.rb index 227718e..1bb366e 100644 --- a/spec/integration/js/bower_spec.rb +++ b/spec/integration/js/bower_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "bower" do diff --git a/spec/integration/js/npm_spec.rb b/spec/integration/js/npm_spec.rb index a8dd2d4..8ab5be6 100644 --- a/spec/integration/js/npm_spec.rb +++ b/spec/integration/js/npm_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "npm" do diff --git a/spec/integration/js/yarn_spec.rb b/spec/integration/js/yarn_spec.rb index d81564c..5b1f9c5 100644 --- a/spec/integration/js/yarn_spec.rb +++ b/spec/integration/js/yarn_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "yarn" do diff --git a/spec/integration/php/composer_spec.rb b/spec/integration/php/composer_spec.rb index 839f0b7..9f71541 100644 --- a/spec/integration/php/composer_spec.rb +++ b/spec/integration/php/composer_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "composer" do diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb index a52b992..9c2721d 100644 --- a/spec/integration/python/pip_spec.rb +++ b/spec/integration/python/pip_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "pip" do @@ -100,10 +102,20 @@ RSpec.describe "pip" do context "when a project uses a custom `SETUP_CMD`" do before do runner.add_file('requirements.txt', 'six==1.14.0') + runner.add_file('.python-version', '3.8.4') + runner.add_file('custom.sh') do + <<~SCRIPT + #!/bin/bash -lx + + asdf install python 3.8.4 + asdf reshim + pip install -r requirements.txt + SCRIPT + end end it 'detects the software licenses' do - report = runner.scan(env: { 'SETUP_CMD' => 'pip install -r requirements.txt' }) + report = runner.scan(env: { 'SETUP_CMD' => 'bash custom.sh' }) expect(report).to match_schema(version: '2.0') expect(report.licenses_for('six')).to match_array(["MIT"]) diff --git a/spec/integration/python/pipenv_spec.rb b/spec/integration/python/pipenv_spec.rb index 5cc9128..cd20522 100644 --- a/spec/integration/python/pipenv_spec.rb +++ b/spec/integration/python/pipenv_spec.rb @@ -1,6 +1,12 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "pipenv" do + subject { runner.scan(env: env) } + + let(:env) { {} } + include_examples "each report version", "python", "pipenv", "pip-file-lock" context "when a project depends on a version 6 Pipfile.lock" do @@ -19,15 +25,15 @@ RSpec.describe "pipenv" do }) end - it 'produces a valid report' do + before do runner.add_file('Pipfile.lock', pipfile_lock_content) + end - report = runner.scan - - expect(report).to match_schema - expect(report[:version]).not_to be_empty - expect(report[:licenses]).not_to be_empty - expect(report.dependency_names).to contain_exactly("six") + it 'produces a valid report' do + expect(subject).to match_schema + expect(subject[:version]).not_to be_empty + expect(subject[:licenses]).not_to be_empty + expect(subject.dependency_names).to contain_exactly("six") end end @@ -64,15 +70,15 @@ RSpec.describe "pipenv" do }) end - it 'produces a valid report' do + before do runner.add_file('Pipfile.lock', pipfile_lock_content) + end - report = runner.scan - - expect(report).to match_schema - expect(report[:version]).not_to be_empty - expect(report[:licenses]).not_to be_empty - expect(report.dependency_names).to match_array([ + it 'produces a valid report' do + expect(subject).to match_schema + expect(subject[:version]).not_to be_empty + expect(subject[:licenses]).not_to be_empty + expect(subject.dependency_names).to match_array([ "backports.shutil_get_terminal_size", "click", "colorama", @@ -124,15 +130,15 @@ RSpec.describe "pipenv" do }) end - it 'produces a valid report' do + before do runner.add_file('Pipfile.lock', pipfile_lock_content) + end - report = runner.scan - - expect(report).to match_schema - expect(report[:version]).not_to be_empty - expect(report[:licenses]).not_to be_empty - expect(report.dependency_names).to match_array(%w[ + it 'produces a valid report' do + expect(subject).to match_schema + expect(subject[:version]).not_to be_empty + expect(subject[:licenses]).not_to be_empty + expect(subject.dependency_names).to match_array(%w[ certifi chardet idna @@ -163,22 +169,19 @@ RSpec.describe "pipenv" do end it 'produces a valid report' do - report = runner.scan - - expect(report).to match_schema - expect(report[:licenses]).not_to be_empty - expect(report[:dependencies].count).to be(1) - expect(report.find('six')).not_to be_nil + expect(subject).to match_schema + expect(subject[:licenses]).not_to be_empty + expect(subject[:dependencies].count).to be(1) + expect(subject.find('six')).not_to be_nil end end context "when scanning a simple Pipfile project" do - let(:lockfile_content) { fixture_file_content('python/simple-Pipfile.lock') } + let(:lockfile_content) { fixture_file_content('python/pipenv/simple/Pipfile.lock') } let(:lockfile_hash) { JSON.parse(lockfile_content) } before do - runner.add_file('Pipfile', fixture_file_content('python/simple-Pipfile')) - runner.add_file('Pipfile.lock', lockfile_content) + runner.mount(dir: fixture_file('python/pipenv/simple')) end [2, 3].each do |version| @@ -204,6 +207,12 @@ RSpec.describe "pipenv" do context "when connecting to a private package repository with self signed certificate" do let(:index_url) { "https://pypi.test/simple" } + let(:env) do + { + 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read, + 'PIP_INDEX_URL' => index_url + } + end before do add_host('pypi.test', '127.0.0.1') @@ -214,13 +223,19 @@ RSpec.describe "pipenv" do end it 'downloads the packages and trusts the certificate' do - report = runner.scan(env: { - 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read, - 'PIP_INDEX_URL' => index_url - }) + expect(subject).to match_schema + expect(subject.dependency_names).to include('requests') + end + end + + context "when scanning a project that declares a specific version of python in the lockfile" do + before do + runner.mount(dir: fixture_file('python/pipenv/specific-python-version')) + end - expect(report).to match_schema - expect(report.dependency_names).to include('requests') + specify do + expect(subject).to match_schema + expect(subject.dependency_names).to match_array(%w[Django docutils pytz requests]) end end end diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb index 30cf776..6cb5543 100644 --- a/spec/integration/ruby/bundler_spec.rb +++ b/spec/integration/ruby/bundler_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "bundler" do @@ -82,8 +84,6 @@ RSpec.describe "bundler" do specify do expect(subject).to match_schema - expect(subject[:licenses]).not_to be_empty - expect(subject[:dependencies]).not_to be_empty expect(subject.dependency_names).to include('rails') expect(subject.dependency_names).to include('vue') end @@ -140,4 +140,24 @@ RSpec.describe "bundler" do expect(subject.licenses_for('spandx')).to match_array(['MIT']) end end + + context "when scanning a jruby project" do + before do + runner.mount(dir: fixture_file('ruby/bundler-jruby')) + end + + pending do + expect(subject).to match_schema + expect(subject[:licenses]).not_to be_empty + expect(subject.dependency_names).not_to include('jruby-profiler-flame_graph_profile_printer') + + expect(subject.dependency_names).to include('activerecord-jdbcpostgresql-adapter') + expect(subject.dependency_names).to include('protobuf_java_helpers') + expect(subject.dependency_names).to include('fast_blank_java') + + expect(subject.licenses_for('activerecord-jdbcpostgresql-adapter')).to match_array(['MIT']) + expect(subject.licenses_for('protobuf_java_helpers')).to match_array(['MIT']) + expect(subject.licenses_for('fast_blank_java')).to match_array(['MIT']) + end + end end diff --git a/spec/integration/rust/cargo_spec.rb b/spec/integration/rust/cargo_spec.rb index 77ad447..3ab010d 100644 --- a/spec/integration/rust/cargo_spec.rb +++ b/spec/integration/rust/cargo_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe "cargo" do -- cgit v1.2.3