diff options
| author | mo khan <mo.khan@gmail.com> | 2020-04-14 12:51:18 -0600 |
|---|---|---|
| committer | mo khan <mo.khan@gmail.com> | 2020-04-14 12:51:18 -0600 |
| commit | 7ca5e094766b70fe8a8783c0c2f33fdeba46d2c5 (patch) | |
| tree | f8c847639a68305b8546f31003faf63d04735984 | |
| parent | bae02b6ae73dda47dc86590b73c21a85bb7273a5 (diff) | |
bundle exec rubocop -a
| -rw-r--r-- | .rspec | 2 | ||||
| -rw-r--r-- | spec/integration/dotnet/examples_spec.rb | 4 | ||||
| -rw-r--r-- | spec/integration/dotnet/nuget_spec.rb | 102 | ||||
| -rw-r--r-- | spec/integration/go/modules_spec.rb | 36 | ||||
| -rw-r--r-- | spec/integration/java/gradle_spec.rb | 28 | ||||
| -rw-r--r-- | spec/integration/java/maven_spec.rb | 54 | ||||
| -rw-r--r-- | spec/integration/js/npm_spec.rb | 6 | ||||
| -rw-r--r-- | spec/integration/js/yarn_spec.rb | 6 | ||||
| -rw-r--r-- | spec/integration/php/composer_spec.rb | 210 | ||||
| -rw-r--r-- | spec/integration/python/pip_spec.rb | 54 | ||||
| -rw-r--r-- | spec/integration/python/pipenv_spec.rb | 224 | ||||
| -rw-r--r-- | spec/integration/ruby/bundler_spec.rb | 158 | ||||
| -rw-r--r-- | spec/support/fixture_file_helper.rb | 2 | ||||
| -rw-r--r-- | spec/support/integration_test_helper.rb | 2 | ||||
| -rw-r--r-- | spec/support/matchers.rb | 4 | ||||
| -rw-r--r-- | spec/support/shared.rb | 4 | ||||
| -rw-r--r-- | spec/unit/license/management/report/v2_spec.rb | 6 | ||||
| -rw-r--r-- | spec/unit/license/management/repository_spec.rb | 8 |
18 files changed, 471 insertions, 439 deletions
@@ -1,3 +1,3 @@ ---format documentation +--format progress --color --require spec_helper diff --git a/spec/integration/dotnet/examples_spec.rb b/spec/integration/dotnet/examples_spec.rb index 13f4712..5df675c 100644 --- a/spec/integration/dotnet/examples_spec.rb +++ b/spec/integration/dotnet/examples_spec.rb @@ -1,6 +1,6 @@ -require 'spec_helper' +# frozen_string_literal: true -RSpec.describe ".NET Core" do +RSpec.describe '.NET Core' do it 'scans https://github.com/microsoft/RockPaperScissorsLizardSpock.git' do runner.clone('https://github.com/microsoft/RockPaperScissorsLizardSpock.git') report = runner.scan(env: { 'LICENSE_FINDER_CLI_OPTS' => '--recursive' }) diff --git a/spec/integration/dotnet/nuget_spec.rb b/spec/integration/dotnet/nuget_spec.rb index 6eeb261..a60172f 100644 --- a/spec/integration/dotnet/nuget_spec.rb +++ b/spec/integration/dotnet/nuget_spec.rb @@ -1,24 +1,26 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "nuget" do - include_examples "each report version", "csharp", "nuget-dotnetcore" +RSpec.describe 'nuget' do + include_examples 'each report version', 'csharp', 'nuget-dotnetcore' - context "when a project has a nuget packages.config file in the root" do + context 'when a project has a nuget packages.config file in the root' do let(:packages_config) do - <<-XML -<?xml version="1.0" encoding="utf-8"?> -<packages> - <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.0" targetFramework="net46" /> - <package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net46" developmentDependency="true" /> - <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net46" /> - <package id="Microsoft.Web.Xdt" version="2.1.1" targetFramework="net46" /> - <package id="Newtonsoft.Json" version="8.0.3" allowedVersions="[8,10)" targetFramework="net46" /> - <package id="NuGet.Core" version="2.11.1" targetFramework="net46" /> - <package id="NuGet.Server" version="2.11.2" targetFramework="net46" /> - <package id="RouteMagic" version="1.3" targetFramework="net46" /> - <package id="WebActivatorEx" version="2.1.0" targetFramework="net46" /> - <package id="jive" version="0.1.0" /> -</packages> + <<~XML + <?xml version="1.0" encoding="utf-8"?> + <packages> + <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.0" targetFramework="net46" /> + <package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net46" developmentDependency="true" /> + <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net46" /> + <package id="Microsoft.Web.Xdt" version="2.1.1" targetFramework="net46" /> + <package id="Newtonsoft.Json" version="8.0.3" allowedVersions="[8,10)" targetFramework="net46" /> + <package id="NuGet.Core" version="2.11.1" targetFramework="net46" /> + <package id="NuGet.Server" version="2.11.2" targetFramework="net46" /> + <package id="RouteMagic" version="1.3" targetFramework="net46" /> + <package id="WebActivatorEx" version="2.1.0" targetFramework="net46" /> + <package id="jive" version="0.1.0" /> + </packages> XML end @@ -29,36 +31,36 @@ RSpec.describe "nuget" do expect(report).to match_schema(version: '2.0') expect(report[:licenses].count).not_to be_zero expect(report.dependency_names).to match_array([ - "Microsoft.CodeDom.Providers.DotNetCompilerPlatform", - "Microsoft.Net.Compilers", - "Microsoft.Web.Infrastructure", - "Microsoft.Web.Xdt", - "Newtonsoft.Json", - "NuGet.Core", - "NuGet.Server", - "RouteMagic", - "WebActivatorEx", - "jive" - ]) + 'Microsoft.CodeDom.Providers.DotNetCompilerPlatform', + 'Microsoft.Net.Compilers', + 'Microsoft.Web.Infrastructure', + 'Microsoft.Web.Xdt', + 'Newtonsoft.Json', + 'NuGet.Core', + 'NuGet.Server', + 'RouteMagic', + 'WebActivatorEx', + 'jive' + ]) end end - context "when a project has multiple nuget packages.config in different sub directories" do + context 'when a project has multiple nuget packages.config in different sub directories' do let(:console_packages) do - <<-XML -<?xml version="1.0" encoding="utf-8"?> -<packages> - <package id="jive" version="0.1.0" /> -</packages> + <<~XML + <?xml version="1.0" encoding="utf-8"?> + <packages> + <package id="jive" version="0.1.0" /> + </packages> XML end let(:winforms_packages) do - <<-XML -<?xml version="1.0" encoding="utf-8"?> -<packages> - <package id="MvcMailer" version="4.5.0" /> -</packages> + <<~XML + <?xml version="1.0" encoding="utf-8"?> + <packages> + <package id="MvcMailer" version="4.5.0" /> + </packages> XML end @@ -75,11 +77,11 @@ RSpec.describe "nuget" do context "when a project has a dependency that has it's own dependencies" do let(:packages) do - <<-XML -<?xml version="1.0" encoding="utf-8"?> -<packages> - <package id="NHibernate" version="5.2.6" /> -</packages> + <<~XML + <?xml version="1.0" encoding="utf-8"?> + <packages> + <package id="NHibernate" version="5.2.6" /> + </packages> XML end @@ -91,12 +93,12 @@ RSpec.describe "nuget" do expect(report[:licenses].count).not_to be_zero expect(report[:licenses].map { |x| x[:id] }.uniq).to match_array(['LGPL-2.1', 'Apache-2.0', 'BSD-3-Clause']) expect(report.dependency_names).to match_array([ - 'Iesi.Collections', - 'Remotion.Linq', - 'Remotion.Linq.EagerFetching', - "Antlr3.Runtime", - "NHibernate" - ]) + 'Iesi.Collections', + 'Remotion.Linq', + 'Remotion.Linq.EagerFetching', + 'Antlr3.Runtime', + 'NHibernate' + ]) end end end diff --git a/spec/integration/go/modules_spec.rb b/spec/integration/go/modules_spec.rb index 143d8ea..c70b48b 100644 --- a/spec/integration/go/modules_spec.rb +++ b/spec/integration/go/modules_spec.rb @@ -1,9 +1,11 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "modules" do - include_examples "each report version", "go", "modules" +RSpec.describe 'modules' do + include_examples 'each report version', 'go', 'modules' - context "when scanning a customers go.mod and go.sum files" do + context 'when scanning a customers go.mod and go.sum files' do let(:report) { runner.scan } before do @@ -17,19 +19,19 @@ RSpec.describe "modules" do specify do expect(report.dependency_names).to match_array([ - "github.com/davecgh/go-spew", - "github.com/dimfeld/httptreemux/v5", - "github.com/go-logfmt/logfmt", - "github.com/golang/protobuf", - "github.com/google/uuid", - "github.com/pmezard/go-difflib", - "github.com/stretchr/objx", - "golang.org/x/net", - "golang.org/x/oauth2", - "google.golang.org/appengine", - "gopkg.in/yaml.v2", - 'github.com/stretchr/testify' - ]) + 'github.com/davecgh/go-spew', + 'github.com/dimfeld/httptreemux/v5', + 'github.com/go-logfmt/logfmt', + 'github.com/golang/protobuf', + 'github.com/google/uuid', + 'github.com/pmezard/go-difflib', + 'github.com/stretchr/objx', + 'golang.org/x/net', + 'golang.org/x/oauth2', + 'google.golang.org/appengine', + 'gopkg.in/yaml.v2', + 'github.com/stretchr/testify' + ]) end specify { expect(report.licenses_for('github.com/dimfeld/httptreemux/v5')).to match_array(['MIT']) } @@ -39,7 +41,7 @@ RSpec.describe "modules" do specify { expect(report.licenses_for('golang.org/x/oauth2')).to match_array(['BSD-3-Clause']) } end - context "when scanning the `gitaly` project" do + context 'when scanning the `gitaly` project' do let(:report) { runner.scan } before do diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb index 1b566bb..fcc4347 100644 --- a/spec/integration/java/gradle_spec.rb +++ b/spec/integration/java/gradle_spec.rb @@ -1,20 +1,22 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "gradle" do - include_examples "each report version", "java", "gradle" +RSpec.describe 'gradle' do + include_examples 'each report version', 'java', 'gradle' - context "when running a default gradle build" do + context 'when running a default gradle build' do it 'scans a gradle project' do content = <<~GRADLE -/* - * This file was generated by the Gradle 'init' task. - * - * This is a general purpose Gradle build. - * Learn how to create Gradle builds at https://guides.gradle.org/creating-new-gradle-builds - */ -plugins { - id "com.github.hierynomus.license" version "0.15.0" -} + /* + * This file was generated by the Gradle 'init' task. + * + * This is a general purpose Gradle build. + * Learn how to create Gradle builds at https://guides.gradle.org/creating-new-gradle-builds + */ + plugins { + id "com.github.hierynomus.license" version "0.15.0" + } GRADLE runner.add_file('build.gradle', content) @@ -59,7 +61,7 @@ plugins { ].each do |gradle_version| %w[8 11].each do |java_version| context "when scanning a gradle (v#{gradle_version}) project that uses a kotlin build script" do - let(:build_file_content) { fixture_file_content("java/build.gradle.kts") } + let(:build_file_content) { fixture_file_content('java/build.gradle.kts') } it 'scans a gradle project' do runner.add_file('build.gradle.kts', build_file_content) diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb index 92444e8..1d55026 100644 --- a/spec/integration/java/maven_spec.rb +++ b/spec/integration/java/maven_spec.rb @@ -1,16 +1,18 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "maven" do - include_examples "each report version", "java", "maven" - include_examples "each report version", "java", "maven-multimodules" +RSpec.describe 'maven' do + include_examples 'each report version', 'java', 'maven' + include_examples 'each report version', 'java', 'maven-multimodules' - describe "When the maven dependencies come from a custom public maven repository" do + describe 'When the maven dependencies come from a custom public maven repository' do it 'is able to detect some of the licenses' do runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml')) report = runner.scan(env: { - 'CI_PROJECT_ID' => '17523603' - }) + 'CI_PROJECT_ID' => '17523603' + }) expect(report).to match_schema(version: '2.0') expect(report[:dependencies]).to match_array([{ name: 'mvn-spike', url: '', description: '', paths: ['.'], licenses: ['MIT'] }]) @@ -21,34 +23,34 @@ RSpec.describe "maven" do runner.add_file('my_settings.xml', fixture_file_content('java/custom-maven-settings.xml')) report = runner.scan(env: { - 'CI_PROJECT_ID' => 'invalid', - 'MAVEN_CLI_OPTS' => "--settings my_settings.xml" - }) + 'CI_PROJECT_ID' => 'invalid', + 'MAVEN_CLI_OPTS' => '--settings my_settings.xml' + }) expect(report).to match_schema(version: '2.0') expect(report[:dependencies]).to match_array([{ name: 'mvn-spike', url: '', description: '', paths: ['.'], licenses: ['MIT'] }]) end end - describe "When using the `SETUP_CMD`" do + describe 'When using the `SETUP_CMD`' do it 'executes the custom script' do runner.add_file('custom.sh') do <<~SCRIPT - #!/bin/bash -l + #!/bin/bash -l - echo 'hello' + echo 'hello' SCRIPT end report = runner.scan(env: { - 'SETUP_CMD' => 'bash custom.sh' - }) + 'SETUP_CMD' => 'bash custom.sh' + }) expect(report).to match_schema(version: '2.0') end end - describe "When scanning a project with multiple modules" do + describe 'When scanning a project with multiple modules' do before do runner.mount(dir: fixture_file('java/maven-multimodule')) end @@ -60,17 +62,17 @@ RSpec.describe "maven" do expect(report[:dependencies]).not_to be_empty [ - { name: "asm", licenses: ["BSD-4-Clause"] }, - { name: "asm-commons", licenses: ["BSD-4-Clause"] }, - { name: "jackson-annotations", licenses: ["Apache-2.0"] }, - { name: "jackson-core", licenses: ["Apache-2.0"] }, - { name: "jackson-databind", licenses: ["Apache-2.0"] }, - { name: "jackson-dataformat-xml", licenses: ["Apache-2.0"] }, - { name: "jackson-module-jaxb-annotations", licenses: ["Apache-2.0"] }, - { name: "log4j-api", licenses: ["Apache-2.0"] }, - { name: "log4j-core", licenses: ["Apache-2.0"] }, - { name: "netty-all", licenses: ["Apache-2.0"] }, - { name: "stax2-api", licenses: ["BSD-4-Clause"] } + { name: 'asm', licenses: ['BSD-4-Clause'] }, + { name: 'asm-commons', licenses: ['BSD-4-Clause'] }, + { name: 'jackson-annotations', licenses: ['Apache-2.0'] }, + { name: 'jackson-core', licenses: ['Apache-2.0'] }, + { name: 'jackson-databind', licenses: ['Apache-2.0'] }, + { name: 'jackson-dataformat-xml', licenses: ['Apache-2.0'] }, + { name: 'jackson-module-jaxb-annotations', licenses: ['Apache-2.0'] }, + { name: 'log4j-api', licenses: ['Apache-2.0'] }, + { name: 'log4j-core', licenses: ['Apache-2.0'] }, + { name: 'netty-all', licenses: ['Apache-2.0'] }, + { name: 'stax2-api', licenses: ['BSD-4-Clause'] } ].each do |dependency| expect(report.licenses_for(dependency[:name])).to match_array(dependency[:licenses]) end diff --git a/spec/integration/js/npm_spec.rb b/spec/integration/js/npm_spec.rb index 1c272bf..5123072 100644 --- a/spec/integration/js/npm_spec.rb +++ b/spec/integration/js/npm_spec.rb @@ -1,5 +1,7 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "npm" do - include_examples "each report version", "js", "npm" +RSpec.describe 'npm' do + include_examples 'each report version', 'js', 'npm' end diff --git a/spec/integration/js/yarn_spec.rb b/spec/integration/js/yarn_spec.rb index 0756f9d..72e2a69 100644 --- a/spec/integration/js/yarn_spec.rb +++ b/spec/integration/js/yarn_spec.rb @@ -1,5 +1,7 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "yarn" do - include_examples "each report version", "js", "yarn" +RSpec.describe 'yarn' do + include_examples 'each report version', 'js', 'yarn' end diff --git a/spec/integration/php/composer_spec.rb b/spec/integration/php/composer_spec.rb index 62ff598..943cae4 100644 --- a/spec/integration/php/composer_spec.rb +++ b/spec/integration/php/composer_spec.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "composer" do - include_examples "each report version", "php", "composer" +RSpec.describe 'composer' do + include_examples 'each report version', 'php', 'composer' context "when the project's dependencies require php-gd e.g. in the case of Drupal" do it 'installs the required dependencies and produces a valid report' do @@ -14,108 +16,108 @@ RSpec.describe "composer" do expect(report[:version]).not_to be_empty expect(report[:licenses]).not_to be_empty expect(report.dependency_names).to match_array(%w[ - asm89/stack-cors - behat/mink - behat/mink-browserkit-driver - behat/mink-goutte-driver - behat/mink-selenium2-driver - brumann/polyfill-unserialize - composer/semver - doctrine/annotations - doctrine/cache - doctrine/collections - doctrine/common - doctrine/event-manager - doctrine/inflector - doctrine/instantiator - doctrine/lexer - doctrine/persistence - doctrine/reflection - drupal/coder - easyrdf/easyrdf - egulias/email-validator - fabpot/goutte - guzzlehttp/guzzle - guzzlehttp/promises - guzzlehttp/psr7 - instaclick/php-webdriver - jcalderonzumba/gastonjs - jcalderonzumba/mink-phantomjs-driver - justinrainbow/json-schema - masterminds/html5 - mikey179/vfsstream - myclabs/deep-copy - paragonie/random_compat - pear/archive_tar - pear/console_getopt - pear/pear-core-minimal - pear/pear_exception - phar-io/manifest - phar-io/version - phpdocumentor/reflection-common - phpdocumentor/reflection-docblock - phpdocumentor/type-resolver - phpspec/prophecy - phpunit/php-code-coverage - phpunit/php-file-iterator - phpunit/php-text-template - phpunit/php-timer - phpunit/php-token-stream - phpunit/phpunit - phpunit/phpunit-mock-objects - psr/container - psr/http-message - psr/log - ralouphie/getallheaders - sebastian/code-unit-reverse-lookup - sebastian/comparator - sebastian/diff - sebastian/environment - sebastian/exporter - sebastian/global-state - sebastian/object-enumerator - sebastian/object-reflector - sebastian/recursion-context - sebastian/resource-operations - sebastian/version - squizlabs/php_codesniffer - stack/builder - symfony-cmf/routing - symfony/browser-kit - symfony/class-loader - symfony/console - symfony/css-selector - symfony/debug - symfony/dependency-injection - symfony/dom-crawler - symfony/event-dispatcher - symfony/http-foundation - symfony/http-kernel - symfony/phpunit-bridge - symfony/polyfill-ctype - symfony/polyfill-iconv - symfony/polyfill-intl-idn - symfony/polyfill-mbstring - symfony/polyfill-php56 - symfony/polyfill-php70 - symfony/polyfill-php72 - symfony/polyfill-util - symfony/process - symfony/psr-http-message-bridge - symfony/routing - symfony/serializer - symfony/translation - symfony/validator - symfony/yaml - theseer/tokenizer - twig/twig - typo3/phar-stream-wrapper - webmozart/assert - zendframework/zend-diactoros - zendframework/zend-escaper - zendframework/zend-feed - zendframework/zend-stdlib - ]) + asm89/stack-cors + behat/mink + behat/mink-browserkit-driver + behat/mink-goutte-driver + behat/mink-selenium2-driver + brumann/polyfill-unserialize + composer/semver + doctrine/annotations + doctrine/cache + doctrine/collections + doctrine/common + doctrine/event-manager + doctrine/inflector + doctrine/instantiator + doctrine/lexer + doctrine/persistence + doctrine/reflection + drupal/coder + easyrdf/easyrdf + egulias/email-validator + fabpot/goutte + guzzlehttp/guzzle + guzzlehttp/promises + guzzlehttp/psr7 + instaclick/php-webdriver + jcalderonzumba/gastonjs + jcalderonzumba/mink-phantomjs-driver + justinrainbow/json-schema + masterminds/html5 + mikey179/vfsstream + myclabs/deep-copy + paragonie/random_compat + pear/archive_tar + pear/console_getopt + pear/pear-core-minimal + pear/pear_exception + phar-io/manifest + phar-io/version + phpdocumentor/reflection-common + phpdocumentor/reflection-docblock + phpdocumentor/type-resolver + phpspec/prophecy + phpunit/php-code-coverage + phpunit/php-file-iterator + phpunit/php-text-template + phpunit/php-timer + phpunit/php-token-stream + phpunit/phpunit + phpunit/phpunit-mock-objects + psr/container + psr/http-message + psr/log + ralouphie/getallheaders + sebastian/code-unit-reverse-lookup + sebastian/comparator + sebastian/diff + sebastian/environment + sebastian/exporter + sebastian/global-state + sebastian/object-enumerator + sebastian/object-reflector + sebastian/recursion-context + sebastian/resource-operations + sebastian/version + squizlabs/php_codesniffer + stack/builder + symfony-cmf/routing + symfony/browser-kit + symfony/class-loader + symfony/console + symfony/css-selector + symfony/debug + symfony/dependency-injection + symfony/dom-crawler + symfony/event-dispatcher + symfony/http-foundation + symfony/http-kernel + symfony/phpunit-bridge + symfony/polyfill-ctype + symfony/polyfill-iconv + symfony/polyfill-intl-idn + symfony/polyfill-mbstring + symfony/polyfill-php56 + symfony/polyfill-php70 + symfony/polyfill-php72 + symfony/polyfill-util + symfony/process + symfony/psr-http-message-bridge + symfony/routing + symfony/serializer + symfony/translation + symfony/validator + symfony/yaml + theseer/tokenizer + twig/twig + typo3/phar-stream-wrapper + webmozart/assert + zendframework/zend-diactoros + zendframework/zend-escaper + zendframework/zend-feed + zendframework/zend-stdlib + ]) end end end diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb index 8e3ec3d..848e873 100644 --- a/spec/integration/python/pip_spec.rb +++ b/spec/integration/python/pip_spec.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "pip" do - context "when a project depends on the latest version of pip" do - let(:requirements) { "sentry-sdk>=0.7.7" } +RSpec.describe 'pip' do + context 'when a project depends on the latest version of pip' do + let(:requirements) { 'sentry-sdk>=0.7.7' } it 'produces a valid report' do runner.add_file('requirements.txt', requirements) @@ -11,12 +13,12 @@ RSpec.describe "pip" do expect(report).to match_schema(version: '2.0') expect(report[:version]).to start_with('2') - expect(report.dependency_names).to include("sentry-sdk") - expect(report.licenses_for('sentry-sdk')).to match_array(["BSD-4-Clause"]) + expect(report.dependency_names).to include('sentry-sdk') + expect(report.licenses_for('sentry-sdk')).to match_array(['BSD-4-Clause']) end end - context "when the project has a dependency that depends on a minimum of python 3.6" do + context 'when the project has a dependency that depends on a minimum of python 3.6' do let(:requirements) do [ 'boto3', @@ -64,7 +66,7 @@ RSpec.describe "pip" do end end - context "when scanning projects with a `setup.py` and does not have a `requirements.txt` file" do + context 'when scanning projects with a `setup.py` and does not have a `requirements.txt` file' do it 'detects licenses in a simple `setup.py`' do runner.add_file('setup.py', fixture_file_content('python/simple-setup.py')) report = runner.scan @@ -84,7 +86,7 @@ RSpec.describe "pip" do end end - context "when scanning projects that have a custom index-url" do + context 'when scanning projects that have a custom index-url' do before do runner.add_file('requirements.txt', 'six') end @@ -93,11 +95,11 @@ RSpec.describe "pip" do report = runner.scan(env: { 'PIP_INDEX_URL' => 'https://test.pypi.org/simple/' }) expect(report).to match_schema(version: '2.0') - expect(report.licenses_for('six')).to match_array(["MIT"]) + expect(report.licenses_for('six')).to match_array(['MIT']) end end - context "when a project uses a custom `SETUP_CMD`" do + context 'when a project uses a custom `SETUP_CMD`' do before do runner.add_file('requirements.txt', 'six==1.14.0') end @@ -106,20 +108,20 @@ RSpec.describe "pip" do report = runner.scan(env: { 'SETUP_CMD' => 'pip install -r requirements.txt' }) expect(report).to match_schema(version: '2.0') - expect(report.licenses_for('six')).to match_array(["MIT"]) + expect(report.licenses_for('six')).to match_array(['MIT']) expect(report.dependency_names).to contain_exactly('six') end end - context "when a projects is running in airgap mode" do + context 'when a projects is running in airgap mode' do before do runner.add_file('requirements.txt', '') end it 'is able to scan the project' do report = runner.scan(env: { - 'PIP_INDEX_URL' => 'https://localhost/simple/' - }) + 'PIP_INDEX_URL' => 'https://localhost/simple/' + }) expect(report).to match_schema(version: '2.0') expect(report[:licenses]).to be_empty @@ -127,30 +129,30 @@ RSpec.describe "pip" do end end - context "when connecting to a private package repository with self signed certificate" do + context 'when connecting to a private package repository with self signed certificate' do let(:index_url) { "https://#{private_pypi_host}/simple" } let(:bundle) { fixture_file_content('python/pypi.crt') } before do runner.add_file('setup.py') do <<~RAW -from setuptools import setup, find_packages - -setup( - name='gitlab-sp-test-python-pip', - version='1.2.0', - packages=find_packages(), - install_requires=['requests'], -) + from setuptools import setup, find_packages + + setup( + name='gitlab-sp-test-python-pip', + version='1.2.0', + packages=find_packages(), + install_requires=['requests'], + ) RAW end end it 'downloads the packages and trusts the certificate' do report = runner.scan(env: { - 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, - 'PIP_INDEX_URL' => index_url - }) + 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, + 'PIP_INDEX_URL' => index_url + }) expect(report).to match_schema(version: '2.0') expect(report.dependency_names).to include('requests') diff --git a/spec/integration/python/pipenv_spec.rb b/spec/integration/python/pipenv_spec.rb index b54ee99..0f8cfbc 100644 --- a/spec/integration/python/pipenv_spec.rb +++ b/spec/integration/python/pipenv_spec.rb @@ -1,22 +1,24 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "pipenv" do - include_examples "each report version", "python", "pipenv", "pip-file-lock" +RSpec.describe 'pipenv' do + include_examples 'each report version', 'python', 'pipenv', 'pip-file-lock' - context "when a project depends on a version 6 Pipfile.lock" do + context 'when a project depends on a version 6 Pipfile.lock' do let(:pipfile_lock_content) do JSON.pretty_generate({ - "_meta": { - "hash": { "sha256": "" }, - "pipfile-spec": 6, - "requires": { "python_version": "3.8" }, - "sources": [{ "name": "pypi", "url": "https://pypi.org/simple", "verify_ssl": true }] - }, - "default": { - "six": { "hashes": [], "index": "pypi", "version": "==1.13.0" } - }, - "develop": {} - }) + "_meta": { + "hash": { "sha256": '' }, + "pipfile-spec": 6, + "requires": { "python_version": '3.8' }, + "sources": [{ "name": 'pypi', "url": 'https://pypi.org/simple', "verify_ssl": true }] + }, + "default": { + "six": { "hashes": [], "index": 'pypi', "version": '==1.13.0' } + }, + "develop": {} + }) end it 'produces a valid report' do @@ -27,41 +29,41 @@ RSpec.describe "pipenv" do expect(report).to match_schema(version: '2.0') expect(report[:version]).not_to be_empty expect(report[:licenses]).not_to be_empty - expect(report.dependency_names).to contain_exactly("six") + expect(report.dependency_names).to contain_exactly('six') end end - context "when a project depends on a version 3.2.1 Pipfile.lock" do + context 'when a project depends on a version 3.2.1 Pipfile.lock' do let(:pipfile_lock_content) do JSON.pretty_generate({ - "default": { - "crayons": { "version": "==0.1.2", "hash": "" }, - "requirements-parser": { "version": "==0.1.0", "hash": "" }, - "pexpect": { "version": "==4.2.1", "hash": "" }, - "delegator.py": { "version": "==0.0.8", "hash": "" }, - "backports.shutil_get_terminal_size": { "version": "==1.0.0", "hash": "" }, - "ptyprocess": { "version": "==0.5.1", "hash": "" }, - "parse": { "version": "==1.6.6", "hash": "" }, - "toml": { "version": "==0.9.2", "hash": "" }, - "colorama": { "version": "==0.3.7", "hash": "" }, - "requests": { "version": "==2.13.0", "hash": "" }, - "click": { "version": "==6.7", "hash": "" } - }, - "develop": { - "packaging": { "version": "==16.8", "hash": "" }, - "pytest": { "version": "==3.0.6", "hash": "" }, - "setuptools": { "version": "==34.0.2", "hash": "" }, - "pyparsing": { "version": "==2.1.10", "hash": "" }, - "py": { "version": "==1.4.32", "hash": "" }, - "six": { "version": "==1.10.0", "hash": "" }, - "appdirs": { "version": "==1.4.0", "hash": "" } - }, - "_meta": { - "sources": [{ "url": "https://pypi.python.org/simple", "verify_ssl": true }], - "requires": {}, - "Pipfile-sha256": "24f12b631b7c40b8c5eff934a1aef263ed04f5eaffb4acf4706442f3d23cba36" - } - }) + "default": { + "crayons": { "version": '==0.1.2', "hash": '' }, + "requirements-parser": { "version": '==0.1.0', "hash": '' }, + "pexpect": { "version": '==4.2.1', "hash": '' }, + "delegator.py": { "version": '==0.0.8', "hash": '' }, + "backports.shutil_get_terminal_size": { "version": '==1.0.0', "hash": '' }, + "ptyprocess": { "version": '==0.5.1', "hash": '' }, + "parse": { "version": '==1.6.6', "hash": '' }, + "toml": { "version": '==0.9.2', "hash": '' }, + "colorama": { "version": '==0.3.7', "hash": '' }, + "requests": { "version": '==2.13.0', "hash": '' }, + "click": { "version": '==6.7', "hash": '' } + }, + "develop": { + "packaging": { "version": '==16.8', "hash": '' }, + "pytest": { "version": '==3.0.6', "hash": '' }, + "setuptools": { "version": '==34.0.2', "hash": '' }, + "pyparsing": { "version": '==2.1.10', "hash": '' }, + "py": { "version": '==1.4.32', "hash": '' }, + "six": { "version": '==1.10.0', "hash": '' }, + "appdirs": { "version": '==1.4.0', "hash": '' } + }, + "_meta": { + "sources": [{ "url": 'https://pypi.python.org/simple', "verify_ssl": true }], + "requires": {}, + "Pipfile-sha256": '24f12b631b7c40b8c5eff934a1aef263ed04f5eaffb4acf4706442f3d23cba36' + } + }) end it 'produces a valid report' do @@ -73,55 +75,55 @@ RSpec.describe "pipenv" do expect(report[:version]).not_to be_empty expect(report[:licenses]).not_to be_empty expect(report.dependency_names).to match_array([ - "backports.shutil_get_terminal_size", - "click", - "colorama", - "crayons", - "delegator.py", - "parse", - "pexpect", - "ptyprocess", - "requests", - "requirements-parser", - "toml" - ]) + 'backports.shutil_get_terminal_size', + 'click', + 'colorama', + 'crayons', + 'delegator.py', + 'parse', + 'pexpect', + 'ptyprocess', + 'requests', + 'requirements-parser', + 'toml' + ]) end end - context "when a project depends on a version 5 Pipfile.lock" do + context 'when a project depends on a version 5 Pipfile.lock' do let(:pipfile_lock_content) do JSON.pretty_generate({ - "_meta": { - "hash": { "sha256": "" }, - "host-environment-markers": { - "implementation_name": "cpython", - "implementation_version": "3.6.1", - "os_name": "posix", - "platform_machine": "x86_64", - "platform_python_implementation": "CPython", - "platform_release": "16.7.0", - "platform_system": "Darwin", - "platform_version": "Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64", - "python_full_version": "3.6.1", - "python_version": "3.6", - "sys_platform": "darwin" - }, - "pipfile-spec": 5, - "requires": {}, - "sources": [{ "name": "pypi", "url": "https://pypi.python.org/simple", "verify_ssl": true }] - }, - "default": { - "certifi": { "hashes": ["", ""], "version": "==2017.7.27.1" }, - "chardet": { "hashes": ["", ""], "version": "==3.0.4" }, - "idna": { "hashes": ["", ""], "version": "==2.6" }, - "requests": { "hashes": ["", ""], "version": "==2.18.4" }, - "urllib3": { "hashes": ["", ""], "version": "==1.22" } - }, - "develop": { - "py": { "hashes": ["", ""], "version": "==1.4.34" }, - "pytest": { "hashes": ["", ""], "version": "==3.2.2" } - } - }) + "_meta": { + "hash": { "sha256": '' }, + "host-environment-markers": { + "implementation_name": 'cpython', + "implementation_version": '3.6.1', + "os_name": 'posix', + "platform_machine": 'x86_64', + "platform_python_implementation": 'CPython', + "platform_release": '16.7.0', + "platform_system": 'Darwin', + "platform_version": 'Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64', + "python_full_version": '3.6.1', + "python_version": '3.6', + "sys_platform": 'darwin' + }, + "pipfile-spec": 5, + "requires": {}, + "sources": [{ "name": 'pypi', "url": 'https://pypi.python.org/simple', "verify_ssl": true }] + }, + "default": { + "certifi": { "hashes": ['', ''], "version": '==2017.7.27.1' }, + "chardet": { "hashes": ['', ''], "version": '==3.0.4' }, + "idna": { "hashes": ['', ''], "version": '==2.6' }, + "requests": { "hashes": ['', ''], "version": '==2.18.4' }, + "urllib3": { "hashes": ['', ''], "version": '==1.22' } + }, + "develop": { + "py": { "hashes": ['', ''], "version": '==1.4.34' }, + "pytest": { "hashes": ['', ''], "version": '==3.2.2' } + } + }) end it 'produces a valid report' do @@ -133,29 +135,29 @@ RSpec.describe "pipenv" do expect(report[:version]).not_to be_empty expect(report[:licenses]).not_to be_empty expect(report.dependency_names).to match_array(%w[ - certifi - chardet - idna - requests - urllib3 - ]) + certifi + chardet + idna + requests + urllib3 + ]) end end - context "when fetching metadata from a custom source" do + context 'when fetching metadata from a custom source' do let(:pipfile_lock_content) do JSON.pretty_generate({ - "_meta": { - "hash": { "sha256": "" }, - "pipfile-spec": 6, - "requires": { "python_version": "3.8" }, - "sources": [{ "name": "pypi", "url": "https://test.pypi.org/simple", "verify_ssl": true }] - }, - "default": { - "six": { "hashes": [], "index": "pypi", "version": "==1.13.0" } - }, - "develop": {} - }) + "_meta": { + "hash": { "sha256": '' }, + "pipfile-spec": 6, + "requires": { "python_version": '3.8' }, + "sources": [{ "name": 'pypi', "url": 'https://test.pypi.org/simple', "verify_ssl": true }] + }, + "default": { + "six": { "hashes": [], "index": 'pypi', "version": '==1.13.0' } + }, + "develop": {} + }) end before do @@ -172,7 +174,7 @@ RSpec.describe "pipenv" do end end - context "when scanning a simple Pipfile project" do + context 'when scanning a simple Pipfile project' do let(:lockfile_content) { fixture_file_content('python/simple-Pipfile.lock') } let(:lockfile_hash) { JSON.parse(lockfile_content) } @@ -202,7 +204,7 @@ RSpec.describe "pipenv" do end end - context "when connecting to a private package repository with self signed certificate" do + context 'when connecting to a private package repository with self signed certificate' do let(:index_url) { "https://#{private_pypi_host}/simple" } let(:bundle) { fixture_file_content('python/pypi.crt') } @@ -213,9 +215,9 @@ RSpec.describe "pipenv" do it 'downloads the packages and trusts the certificate' do report = runner.scan(env: { - 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, - 'PIP_INDEX_URL' => index_url - }) + 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, + 'PIP_INDEX_URL' => index_url + }) expect(report).to match_schema(version: '2.0') expect(report.dependency_names).to include('requests') diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb index 5236adf..1f87275 100644 --- a/spec/integration/ruby/bundler_spec.rb +++ b/spec/integration/ruby/bundler_spec.rb @@ -1,83 +1,85 @@ +# frozen_string_literal: true + require 'spec_helper' -RSpec.describe "bundler" do - include_examples "each report version", "ruby", "bundler" +RSpec.describe 'bundler' do + include_examples 'each report version', 'ruby', 'bundler' - context "when the project depends on an older version of ruby specified in a `.ruby-version` file" do + context 'when the project depends on an older version of ruby specified in a `.ruby-version` file' do it 'installs the required ruby and produces a valid report' do runner.add_file('.ruby-version', 'ruby-2.4.9') runner.add_file('Gemfile') do <<~RAW -source 'https://rubygems.org' + source 'https://rubygems.org' -gem 'saml-kit' + gem 'saml-kit' RAW end report = runner.scan expect(report).to match_schema(version: '2.0') expect(report[:licenses]).not_to be_empty - expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit") + expect(report[:dependencies].map { |x| x[:name] }).to include('saml-kit') end end - context "when a project depends on an older version of bundler" do + context 'when a project depends on an older version of bundler' do it 'produces a valid report' do runner.add_file('Gemfile') do <<~RAW -source 'https://rubygems.org' + source 'https://rubygems.org' -gem 'saml-kit' + gem 'saml-kit' RAW end runner.add_file('Gemfile.lock') do <<~RAW -GEM - remote: https://rubygems.org/ - specs: - activemodel (6.0.2.1) - activesupport (= 6.0.2.1) - activesupport (6.0.2.1) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2) - builder (3.2.4) - concurrent-ruby (1.1.5) - i18n (1.7.1) - concurrent-ruby (~> 1.0) - mini_portile2 (2.4.0) - minitest (5.13.0) - net-hippie (0.2.7) - nokogiri (1.10.7) - mini_portile2 (~> 2.4.0) - saml-kit (1.1.0) - activemodel (>= 4.2.0) - net-hippie (~> 0.1) - xml-kit (>= 0.3.0, < 1.0.0) - thread_safe (0.3.6) - tilt (2.0.10) - tzinfo (1.2.6) - thread_safe (~> 0.1) - xml-kit (0.4.0) - activemodel (>= 4.2.0) - builder (~> 3.2) - nokogiri (~> 1.10) - tilt (>= 1.4.1) - xmldsig (~> 0.6) - xmldsig (0.6.6) - nokogiri (>= 1.6.8, < 2.0.0) - zeitwerk (2.2.2) - -PLATFORMS - ruby - -DEPENDENCIES - saml-kit - -BUNDLED WITH - 1.17.3 + GEM + remote: https://rubygems.org/ + specs: + activemodel (6.0.2.1) + activesupport (= 6.0.2.1) + activesupport (6.0.2.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + zeitwerk (~> 2.2) + builder (3.2.4) + concurrent-ruby (1.1.5) + i18n (1.7.1) + concurrent-ruby (~> 1.0) + mini_portile2 (2.4.0) + minitest (5.13.0) + net-hippie (0.2.7) + nokogiri (1.10.7) + mini_portile2 (~> 2.4.0) + saml-kit (1.1.0) + activemodel (>= 4.2.0) + net-hippie (~> 0.1) + xml-kit (>= 0.3.0, < 1.0.0) + thread_safe (0.3.6) + tilt (2.0.10) + tzinfo (1.2.6) + thread_safe (~> 0.1) + xml-kit (0.4.0) + activemodel (>= 4.2.0) + builder (~> 3.2) + nokogiri (~> 1.10) + tilt (>= 1.4.1) + xmldsig (~> 0.6) + xmldsig (0.6.6) + nokogiri (>= 1.6.8, < 2.0.0) + zeitwerk (2.2.2) + + PLATFORMS + ruby + + DEPENDENCIES + saml-kit + + BUNDLED WITH + 1.17.3 RAW end @@ -85,34 +87,34 @@ BUNDLED WITH expect(report).to match_schema(version: '2.0') expect(report[:licenses]).not_to be_empty - expect(report.dependency_names).to include("saml-kit") + expect(report.dependency_names).to include('saml-kit') end end - context "when a project depends on bundler `~> 2.0`" do + context 'when a project depends on bundler `~> 2.0`' do it 'produces a valid report' do runner.add_file('Gemfile') do <<~RAW -source 'https://rubygems.org' + source 'https://rubygems.org' -gem 'net-hippie' + gem 'net-hippie' RAW end runner.add_file('Gemfile.lock') do <<~RAW -GEM - remote: https://rubygems.org/ - specs: - net-hippie (0.3.2) + GEM + remote: https://rubygems.org/ + specs: + net-hippie (0.3.2) -PLATFORMS - ruby + PLATFORMS + ruby -DEPENDENCIES - net-hippie + DEPENDENCIES + net-hippie -BUNDLED WITH - 2.1.4 + BUNDLED WITH + 2.1.4 RAW end @@ -121,20 +123,20 @@ BUNDLED WITH expect(report).to match_schema(version: '2.0') expect(report[:licenses]).not_to be_empty expect(report.find('net-hippie')).to eql({ - name: 'net-hippie', - description: "net/http for hippies. ☮️", - url: "https://github.com/mokhan/net-hippie/", - paths: ['.'], - licenses: ['MIT'] - }) + name: 'net-hippie', + description: 'net/http for hippies. ☮️', + url: 'https://github.com/mokhan/net-hippie/', + paths: ['.'], + licenses: ['MIT'] + }) end end - context "when passing custom options to license finder" do + context 'when passing custom options to license finder' do it 'forwards the options to license finder' do report = runner.scan(env: { - 'LICENSE_FINDER_CLI_OPTS' => "--debug --aggregate-paths=. ruby" - }) + 'LICENSE_FINDER_CLI_OPTS' => '--debug --aggregate-paths=. ruby' + }) expect(report).to match_schema(version: '2.0') end diff --git a/spec/support/fixture_file_helper.rb b/spec/support/fixture_file_helper.rb index 5a9599f..6905f02 100644 --- a/spec/support/fixture_file_helper.rb +++ b/spec/support/fixture_file_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module FixtureFileHelper def fixture_file_content(path, data = {}) content = IO.read(fixture_file(path)) diff --git a/spec/support/integration_test_helper.rb b/spec/support/integration_test_helper.rb index 52693f2..d1ff14a 100644 --- a/spec/support/integration_test_helper.rb +++ b/spec/support/integration_test_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module IntegrationTestHelper class Report attr_reader :report diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb index 66bb92c..038c593 100644 --- a/spec/support/matchers.rb +++ b/spec/support/matchers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RSpec::Matchers.define :match_schema do |version: '2.0'| def schema_for(version) License::Management.root.join("spec/fixtures/schema/v#{version}.json").to_s @@ -7,7 +9,7 @@ RSpec::Matchers.define :match_schema do |version: '2.0'| !actual.nil? && (@errors = JSON::Validator.fully_validate(schema_for(version), actual.to_h)).empty? end - failure_message do |response| + failure_message do |_response| "didn't match the schema for version #{version}" \ " The validation errors were:\n#{@errors.join("\n")}" end diff --git a/spec/support/shared.rb b/spec/support/shared.rb index 51b161a..2e84dd2 100644 --- a/spec/support/shared.rb +++ b/spec/support/shared.rb @@ -1,4 +1,6 @@ -RSpec.shared_examples "each report version" do |language, package_manager, branch = 'master'| +# frozen_string_literal: true + +RSpec.shared_examples 'each report version' do |language, package_manager, branch = 'master'| ['1.0', '1.1', '2.0'].each do |version| context "when generating a `#{version}` report for #{package_manager}" do let(:url) { "https://gitlab.com/gitlab-org/security-products/tests/#{language}-#{package_manager}.git" } diff --git a/spec/unit/license/management/report/v2_spec.rb b/spec/unit/license/management/report/v2_spec.rb index e5a941e..8ba2fa3 100644 --- a/spec/unit/license/management/report/v2_spec.rb +++ b/spec/unit/license/management/report/v2_spec.rb @@ -1,5 +1,7 @@ +# frozen_string_literal: true + RSpec.describe License::Management::Report::V2 do - describe "#to_h" do + describe '#to_h' do { 'AGPL-1.0' => 'AGPL-1.0', 'AGPL-3.0' => 'AGPL-3.0', @@ -40,7 +42,7 @@ RSpec.describe License::Management::Report::V2 do end end - context "when choosing an appropriate url for a license" do + context 'when choosing an appropriate url for a license' do subject { described_class.new([dependency]) } let(:license) { LicenseFinder::License.new(short_name: 'MIT', matcher: LicenseFinder::License::NoneMatcher.new, url: nil) } diff --git a/spec/unit/license/management/repository_spec.rb b/spec/unit/license/management/repository_spec.rb index 6006e8a..5ab7a03 100644 --- a/spec/unit/license/management/repository_spec.rb +++ b/spec/unit/license/management/repository_spec.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + RSpec.describe License::Management::Repository do - describe "#item_for" do + describe '#item_for' do let(:spdx_licenses) { JSON.parse(IO.read('spdx-licenses.json'))['licenses'] } - context "when mapping a license that refers to opensource.org" do + context 'when mapping a license that refers to opensource.org' do it 'parses the SPDX id from the url' do spdx_licenses.each do |license| spdx_id = license['licenseId'] @@ -20,7 +22,7 @@ RSpec.describe License::Management::Repository do end end - context "when mapping a license that refers to nuget.org" do + context 'when mapping a license that refers to nuget.org' do it 'parses the SPDX id from the url' do spdx_licenses.each do |license| spdx_id = license['licenseId'] |