From cbc4d1e328fd0e578f038d57fbd6b9354dafa79e Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 13 Jul 2020 09:57:29 -0600 Subject: Install tools from .deb package --- .../pipenv/specific-python-version/.tool-versions | 1 - spec/integration/dotnet/nuget_spec.rb | 1 + spec/integration/java/gradle_spec.rb | 6 +- spec/integration/java/maven_spec.rb | 42 ------------ spec/integration/python/pip_spec.rb | 59 ++++------------- spec/integration/python/pipenv_spec.rb | 4 ++ spec/integration/ruby/bundler_spec.rb | 17 +++++ spec/support/shared.rb | 8 +-- spec/unit/license_finder/bundler_spec.rb | 58 +++++++++++++---- spec/unit/license_finder/dotnet_spec.rb | 37 +++++++++++ spec/unit/license_finder/gradle_spec.rb | 65 +++++++++++++++++++ spec/unit/license_finder/maven_spec.rb | 65 +++++++++++++++++++ spec/unit/license_finder/pip_spec.rb | 69 ++++++++++++++++++++ spec/unit/license_finder/pipenv_spec.rb | 75 ++++++++++++++++++++++ spec/unit/license_finder/yarn_spec.rb | 33 ++++++++++ 15 files changed, 429 insertions(+), 111 deletions(-) delete mode 100644 spec/fixtures/python/pipenv/specific-python-version/.tool-versions create mode 100644 spec/unit/license_finder/dotnet_spec.rb create mode 100644 spec/unit/license_finder/gradle_spec.rb create mode 100644 spec/unit/license_finder/maven_spec.rb create mode 100644 spec/unit/license_finder/pip_spec.rb create mode 100644 spec/unit/license_finder/pipenv_spec.rb create mode 100644 spec/unit/license_finder/yarn_spec.rb (limited to 'spec') diff --git a/spec/fixtures/python/pipenv/specific-python-version/.tool-versions b/spec/fixtures/python/pipenv/specific-python-version/.tool-versions deleted file mode 100644 index 5f51665..0000000 --- a/spec/fixtures/python/pipenv/specific-python-version/.tool-versions +++ /dev/null @@ -1 +0,0 @@ -python 3.4.10 diff --git a/spec/integration/dotnet/nuget_spec.rb b/spec/integration/dotnet/nuget_spec.rb index c72296e..f640c32 100644 --- a/spec/integration/dotnet/nuget_spec.rb +++ b/spec/integration/dotnet/nuget_spec.rb @@ -8,6 +8,7 @@ RSpec.describe "nuget" do let(:env) { {} } before do + system("rm -fr /opt/asdf/installs/mono") system("rm -fr /opt/gitlab/.nuget/packages") end diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb index 25d7e26..e6bda3c 100644 --- a/spec/integration/java/gradle_spec.rb +++ b/spec/integration/java/gradle_spec.rb @@ -122,10 +122,10 @@ plugins { runner.add_file('.tool-versions', "gradle 1.9") end - it 'returns an empty report because the plugin we use does not work in this version of the gradle API' do + specify do expect(subject).to match_schema - expect(subject[:dependencies]).to be_empty - expect(subject[:licenses]).to be_empty + expect(subject.dependency_names).to match_array(['postgresql']) + expect(subject.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) end end diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb index 65d8bf5..217035d 100644 --- a/spec/integration/java/maven_spec.rb +++ b/spec/integration/java/maven_spec.rb @@ -114,48 +114,6 @@ RSpec.describe "maven" do specify { expect(report.licenses_for('jackson-core')).to match_array(['Apache-2.0']) } end - context "when specifying the version of java using environment variables" do - let(:output_file) { Pathname.new(runner.project_path.join('output.txt')) } - - before do - runner.add_file('custom.sh') do - <<~SCRIPT - #!/bin/bash -l - - java -version &> '#{output_file}' - SCRIPT - end - end - - it 'prioritizes `LM_JAVA_VERSION` over the `ASDF_JAVA_VERSION`' do - runner.scan(env: { - 'ASDF_JAVA_VERSION' => 'adopt-openjdk-11.0.7+10', - 'LM_JAVA_VERSION' => '8', - 'SETUP_CMD' => 'bash custom.sh' - }) - - expect(output_file).to exist - expect(output_file.read).to include('openjdk version "1.8.0_252"') - end - - it 'reads the ASDF_JAVA_VERSION' do - runner.scan(env: { - 'ASDF_JAVA_VERSION' => 'adopt-openjdk-11.0.7+10.1', - 'SETUP_CMD' => 'bash custom.sh' - }) - - expect(output_file).to exist - expect(output_file.read).to include('openjdk version "11.0.7"') - end - - it 'defaults to java 8' do - runner.scan(env: { 'SETUP_CMD' => 'bash custom.sh' }) - - expect(output_file).to exist - expect(output_file.read).to include('openjdk version "1.8.0_252"') - end - end - [ { java: '8', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] }, { java: '11', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] } diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb index 9911dc5..8b7d43b 100644 --- a/spec/integration/python/pip_spec.rb +++ b/spec/integration/python/pip_spec.rb @@ -3,6 +3,10 @@ require 'spec_helper' RSpec.describe "pip" do + before do + system('rm -fr /opt/asdf/installs/python') + end + context "when a project depends on the latest version of pip" do let(:requirements) { "sentry-sdk>=0.7.7" } @@ -65,18 +69,21 @@ RSpec.describe "pip" do [{ version: '2', commit: '04dce91b' }, { version: '3', commit: '48e250a1' }].each do |python| ['1.0', '1.1', '2.0', '2.1'].each do |report_version| context "when generating a `#{report_version}` report using Python `#{python[:version]}`" do + subject { runner.scan(env: environment) } + let(:url) { "https://gitlab.com/gitlab-org/security-products/tests/#{language}-#{package_manager}.git" } let(:language) { 'python' } let(:package_manager) { 'pip' } let(:environment) { { 'LM_REPORT_VERSION' => report_version, 'LM_PYTHON_VERSION' => python[:version] } } let(:expected_content) { fixture_file_content("expected/#{language}/#{python[:version]}/#{package_manager}/v#{report_version}.json").chomp } - it 'matches the expected report' do + before do runner.clone(url, branch: python[:commit]) - report = runner.scan(env: environment) + end - expect(JSON.pretty_generate(report.to_h)).to eq(expected_content) - expect(report).to match_schema(version: report_version) + it 'matches the expected report' do + expect(JSON.pretty_generate(subject.to_h)).to eq(expected_content) + expect(subject).to match_schema(version: report_version) end end end @@ -134,8 +141,8 @@ RSpec.describe "pip" do report = runner.scan(env: { 'SETUP_CMD' => 'bash custom.sh' }) expect(report).to match_schema(version: '2.0') - expect(report.licenses_for('six')).to match_array(["MIT"]) expect(report.dependency_names).to contain_exactly('six') + expect(report.licenses_for('six')).to match_array(["MIT"]) end end @@ -187,46 +194,4 @@ RSpec.describe "pip" do expect(report.licenses_for('requests')).to match_array(['Apache-2.0']) end end - - context "when specifying the version of Python using environment variables" do - let(:output_file) { Pathname.new(runner.project_path.join('output.txt')) } - - before do - runner.add_file('custom.sh') do - <<~SCRIPT - #!/bin/bash -l - - python --version &> '#{output_file}' - SCRIPT - end - end - - it 'prioritizes `LM_PYTHON_VERSION` over the `ASDF_PYTHON_VERSION`' do - runner.scan(env: { - 'ASDF_PYTHON_VERSION' => '3.8.2', - 'LM_PYTHON_VERSION' => '2.7.18', - 'SETUP_CMD' => 'bash custom.sh' - }) - - expect(output_file).to exist - expect(output_file.read).to include('2.7.18') - end - - it 'reads the ASDF_PYTHON_VERSION' do - runner.scan(env: { - 'ASDF_PYTHON_VERSION' => '3.8.2', - 'SETUP_CMD' => 'bash custom.sh' - }) - - expect(output_file).to exist - expect(output_file.read).to include('3.8.2') - end - - it 'defaults to Python 3' do - runner.scan(env: { 'SETUP_CMD' => 'bash custom.sh' }) - - expect(output_file).to exist - expect(output_file.read).to include('3.8.2') - end - end end diff --git a/spec/integration/python/pipenv_spec.rb b/spec/integration/python/pipenv_spec.rb index cd20522..fad3edf 100644 --- a/spec/integration/python/pipenv_spec.rb +++ b/spec/integration/python/pipenv_spec.rb @@ -7,6 +7,10 @@ RSpec.describe "pipenv" do let(:env) { {} } + before do + system('rm -fr /opt/asdf/installs/python') + end + include_examples "each report version", "python", "pipenv", "pip-file-lock" context "when a project depends on a version 6 Pipfile.lock" do diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb index 6cb5543..1c0e472 100644 --- a/spec/integration/ruby/bundler_spec.rb +++ b/spec/integration/ruby/bundler_spec.rb @@ -7,6 +7,10 @@ RSpec.describe "bundler" do let(:env) { {} } + before do + system('rm -fr /opt/asdf/installs/ruby') + end + include_examples "each report version", "ruby", "bundler" context "when the project depends on an older version of ruby specified in a `.ruby-version` file" do @@ -89,6 +93,19 @@ RSpec.describe "bundler" do end end + context "when scanning the `gitlab-runner` project" do + before do + runner.clone('https://gitlab.com/gitlab-org/gitlab-runner.git') + end + + specify do + expect(subject).to match_schema + expect(subject[:licenses]).not_to be_empty + expect(subject[:dependencies]).not_to be_empty + expect(subject.dependency_names).to include('gitlab.com/gitlab-org/gitlab-terminal') + end + end + context "when fetching dependencies from a custom registry" do before do add_host('rubygems.test', '127.0.0.1') diff --git a/spec/support/shared.rb b/spec/support/shared.rb index 298d85d..28eb8c3 100644 --- a/spec/support/shared.rb +++ b/spec/support/shared.rb @@ -3,6 +3,8 @@ RSpec.shared_examples "each report version" do |language, package_manager, branch = 'master'| ['1.0', '1.1', '2.0', '2.1'].each do |version| context "when generating a `#{version}` report for #{package_manager}" do + subject { runner.scan(env: { 'LM_REPORT_VERSION' => version }) } + let(:url) { "https://gitlab.com/gitlab-org/security-products/tests/#{language}-#{package_manager}.git" } let(:expected_content) { JSON.parse(fixture_file_content("expected/#{language}/#{package_manager}/v#{version}.json")) } @@ -11,10 +13,8 @@ RSpec.shared_examples "each report version" do |language, package_manager, branc end it 'matches the expected report' do - actual = runner.scan(env: { 'LM_REPORT_VERSION' => version }) - - expect(JSON.pretty_generate(actual.to_h)).to eq(JSON.pretty_generate(expected_content)) - expect(actual).to match_schema(version: version) + expect(JSON.pretty_generate(subject.to_h)).to eq(JSON.pretty_generate(expected_content)) + expect(subject).to match_schema(version: version) end end end diff --git a/spec/unit/license_finder/bundler_spec.rb b/spec/unit/license_finder/bundler_spec.rb index 5458892..84edde2 100644 --- a/spec/unit/license_finder/bundler_spec.rb +++ b/spec/unit/license_finder/bundler_spec.rb @@ -1,26 +1,28 @@ +# frozen_string_literal: true + require 'spec_helper' RSpec.describe LicenseFinder::Bundler do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + describe "#current_packages" do subject do project.chdir do - bundler.prepare - bundler.current_packages + package_manager.prepare + package_manager.current_packages end end - let(:bundler) { described_class.new(options) } - let(:options) { { ignored_groups: [], project_path: project.project_path } } - let(:project) { ProjectHelper.new } - - before do - project.mount(dir: project_fixture) - end - - after do - project.cleanup - end - context "when scanning a v2.1 bundler project" do let(:project_fixture) { fixture_file('ruby/bundler-v2.1') } @@ -45,4 +47,32 @@ RSpec.describe LicenseFinder::Bundler do specify { expect(subject.map(&:name)).to include("saml-kit") } end end + + describe "#ruby_version" do + subject { package_manager.send(:ruby_version) } + + context "when the version of ruby is specified in the Gemfile" do + let(:project_fixture) { fixture_file('ruby/bundler/ruby-2.4.9') } + + specify { expect(subject).to eql('2.4.9') } + end + + context "when the version of ruby is specified in a .ruby-version file" do + let(:project_fixture) { fixture_file('ruby/bundler-ruby-2.4.9-no-lockfile') } + + specify { expect(subject).to eql('2.4.9') } + end + + context "when the version of ruby is specified in a .tool-versions file" do + let(:project_fixture) { fixture_file('ruby/bundler/ruby-2.6.0-tool-versions') } + + specify { expect(subject).to eql('2.6.0') } + end + + context "when a ruby is not specified it uses the default version" do + let(:project_fixture) { fixture_file('ruby/bundler-v2.1') } + + specify { expect(subject).to eql('2.6.6') } + end + end end diff --git a/spec/unit/license_finder/dotnet_spec.rb b/spec/unit/license_finder/dotnet_spec.rb new file mode 100644 index 0000000..144d29e --- /dev/null +++ b/spec/unit/license_finder/dotnet_spec.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe LicenseFinder::Dotnet do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + + describe "#dotnet_version" do + subject { package_manager.dotnet_version } + + context "when the version of dotnet is specified in a .tool-versions file" do + let(:project_fixture) { fixture_file('dotnet/nuget-csproj') } + + before do + project.add_file('.tool-versions', 'dotnet-core 3.1.301') + end + + specify { expect(subject).to eql('3.1.301') } + end + + context "when a nodejs version is not specified" do + let(:project_fixture) { fixture_file('dotnet/nuget-csproj') } + + specify { expect(subject).to eql('3.1.302') } + end + end +end diff --git a/spec/unit/license_finder/gradle_spec.rb b/spec/unit/license_finder/gradle_spec.rb new file mode 100644 index 0000000..18c58d7 --- /dev/null +++ b/spec/unit/license_finder/gradle_spec.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe LicenseFinder::Gradle do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + let(:project_fixture) { fixture_file('java/gradle/java-8') } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + + describe "#java_version" do + subject { package_manager.send(:java_version, env: env) } + + let(:env) { {} } + + context "when the version is specified in a .tool-versions file" do + let(:project_fixture) { fixture_file('java/maven/tool-versions') } + + specify { expect(subject).to eql('tool-versions') } + end + + context "when the version is specified in a .java-version file" do + let(:project_fixture) { fixture_file('java/maven/java-version') } + + specify { expect(subject).to eql('java-version') } + end + + context "when the version is specified via a ASDF_JAVA_VERSION environment variable" do + let(:env) { { "ASDF_JAVA_VERSION" => 'adopt-openjdk-11' } } + + specify { expect(subject).to eql('adoptopenjdk-11') } + end + + %w[8 11].each do |java_version| + context "when the version is specified via a LM_JAVA_VERSION (#{java_version}) environment variable" do + let(:env) { { "LM_JAVA_VERSION" => java_version } } + + specify { expect(subject).to eql(java_version) } + end + end + + context "when LM_JAVA_VERSION and ASDF_JAVA_VERSION is provided" do + let(:env) do + { + 'ASDF_JAVA_VERSION' => 'adopt-openjdk-11', + 'LM_JAVA_VERSION' => '8' + } + end + + specify { expect(subject).to eql('8') } + end + + context 'when a custom Java version is not specified' do + specify { expect(subject).to eql('8') } + end + end +end diff --git a/spec/unit/license_finder/maven_spec.rb b/spec/unit/license_finder/maven_spec.rb new file mode 100644 index 0000000..737b707 --- /dev/null +++ b/spec/unit/license_finder/maven_spec.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe LicenseFinder::Maven do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + let(:project_fixture) { fixture_file('java/maven/simple') } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + + describe "#java_version" do + subject { package_manager.send(:java_version, env: env) } + + let(:env) { {} } + + context "when the version is specified in a .tool-versions file" do + let(:project_fixture) { fixture_file('java/maven/tool-versions') } + + specify { expect(subject).to eql('tool-versions') } + end + + context "when the version is specified in a .java-version file" do + let(:project_fixture) { fixture_file('java/maven/java-version') } + + specify { expect(subject).to eql('java-version') } + end + + context "when the version is specified via a ASDF_JAVA_VERSION environment variable" do + let(:env) { { "ASDF_JAVA_VERSION" => 'adopt-openjdk-11' } } + + specify { expect(subject).to eql('adoptopenjdk-11') } + end + + %w[8 11].each do |java_version| + context "when the version is specified via a LM_JAVA_VERSION (#{java_version}) environment variable" do + let(:env) { { "LM_JAVA_VERSION" => java_version } } + + specify { expect(subject).to eql(java_version) } + end + end + + context "when LM_JAVA_VERSION and ASDF_JAVA_VERSION is provided" do + let(:env) do + { + 'ASDF_JAVA_VERSION' => 'adopt-openjdk-11', + 'LM_JAVA_VERSION' => '8' + } + end + + specify { expect(subject).to eql('8') } + end + + context 'when a custom Java version is not specified' do + specify { expect(subject).to eql('8') } + end + end +end diff --git a/spec/unit/license_finder/pip_spec.rb b/spec/unit/license_finder/pip_spec.rb new file mode 100644 index 0000000..8a5efbc --- /dev/null +++ b/spec/unit/license_finder/pip_spec.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe LicenseFinder::Pip do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + let(:project_fixture) { fixture_file('python/pip/requirements') } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + + describe "#python_version" do + subject { package_manager.send(:python_version, env: env) } + + let(:env) { {} } + + context "when the version is specified in a .tool-versions file" do + before do + project.add_file(".tool-versions", "python 3.8.1") + end + + specify { expect(subject).to eql('3.8.5') } + end + + context "when the version is specified in a .python-version file" do + before do + project.add_file(".python-version", "3.8.0") + end + + specify { expect(subject).to eql('3.8.5') } + end + + context "when the version is specified via a ASDF_PYTHON_VERSION environment variable" do + let(:env) { { "ASDF_PYTHON_VERSION" => '3.8.1' } } + + specify { expect(subject).to eql('3.8.5') } + end + + [['2', '2.7.18'], ['3', '3.8.5']].each do |(major, version)| + context "when the version is specified via a LM_PYTHON_VERSION (#{major}) environment variable" do + let(:env) { { "LM_PYTHON_VERSION" => major } } + + specify { expect(subject).to eql(version) } + end + end + + context "when LM_PYTHON_VERSION and ASDF_PYTHON_VERSION is provided" do + let(:env) do + { + 'ASDF_PYTHON_VERSION' => '2.7.19', + 'LM_PYTHON_VERSION' => '3' + } + end + + specify { expect(subject).to eql('3.8.5') } + end + + context 'when a custom Python version is not specified' do + specify { expect(subject).to eql('3.8.5') } + end + end +end diff --git a/spec/unit/license_finder/pipenv_spec.rb b/spec/unit/license_finder/pipenv_spec.rb new file mode 100644 index 0000000..7971df5 --- /dev/null +++ b/spec/unit/license_finder/pipenv_spec.rb @@ -0,0 +1,75 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe LicenseFinder::Pipenv do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + let(:project_fixture) { fixture_file('python/pipenv/simple') } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + + describe "#python_version" do + subject { package_manager.send(:python_version, env: env) } + + let(:env) { {} } + + context "when the version is specified in a .tool-versions file" do + before do + project.add_file(".tool-versions", "python 3.8.1") + end + + specify { expect(subject).to eql('3.8.5') } + end + + context "when the version is specified in a .python-version file" do + before do + project.add_file(".python-version", "3.8.0") + end + + specify { expect(subject).to eql('3.8.5') } + end + + context "when the version is specified via a ASDF_PYTHON_VERSION environment variable" do + let(:env) { { "ASDF_PYTHON_VERSION" => '3.8.1' } } + + specify { expect(subject).to eql('3.8.5') } + end + + [['2', '2.7.18'], ['3', '3.8.5']].each do |(major, version)| + context "when the version is specified via a LM_PYTHON_VERSION (#{major}) environment variable" do + let(:env) { { "LM_PYTHON_VERSION" => major } } + + specify { expect(subject).to eql(version) } + end + end + + context "when LM_PYTHON_VERSION and ASDF_PYTHON_VERSION is provided" do + let(:env) do + { + 'ASDF_PYTHON_VERSION' => '2.7.19', + 'LM_PYTHON_VERSION' => '3' + } + end + + specify { expect(subject).to start_with('3.8') } + end + + context 'when the version is specified in the Pipfile.lock' do + let(:project_fixture) { fixture_file('python/pipenv/specific-python-version') } + + specify { expect(subject).to start_with('3.4') } + end + + context 'when a custom Python version is not specified' do + specify { expect(subject).to eql('3.8.5') } + end + end +end diff --git a/spec/unit/license_finder/yarn_spec.rb b/spec/unit/license_finder/yarn_spec.rb new file mode 100644 index 0000000..7062ea3 --- /dev/null +++ b/spec/unit/license_finder/yarn_spec.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe LicenseFinder::Yarn do + let(:package_manager) { described_class.new(options) } + let(:options) { { ignored_groups: [], project_path: project.project_path } } + let(:project) { ProjectHelper.new } + + before do + project.mount(dir: project_fixture) + end + + after do + project.cleanup + end + + describe "#nodejs_version" do + subject { package_manager.send(:nodejs_version) } + + context "when the version of nodejs is specified in a .tool-versions file" do + let(:project_fixture) { fixture_file('js/10.21.0-tool-versions') } + + specify { expect(subject).to eql('10.21.0') } + end + + context "when a nodejs version is not specified" do + let(:project_fixture) { fixture_file('js/yarn/single-declared-dependency') } + + specify { expect(subject).to eql('12.18.2') } + end + end +end -- cgit v1.2.3