Merge pull request #20 from spandx/bugs-bunnyv0.13.2

Fix bugs.
author: Can Eldem <eldemcan@users.noreply.github.com> 2020-05-18 10:04:25 +0100
committer: GitHub <noreply@github.com> 2020-05-18 10:04:25 +0100
commit: baa882c452ea6311b4c934ca388e04757c7c436d (patch)
tree: 2322da54fb505427915c65f296eb1a88afdd533b
parent: 6b392af62854d28b9f12fe292e21b79baa25c63b (diff)
parent: f1cbf51f1a185d70c45959c3e2199b29ccbacd1d (diff)
18 files changed, 75 insertions, 24 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5df3da6..848aa3f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ jobs:
     strategy:
       matrix:
         ruby: [ '2.5', '2.6', '2.7' ]
-    name: Ruby ${{ matrix.ruby }}
+    name: RSpec Ruby ${{ matrix.ruby }}
     steps:
       - uses: actions/checkout@v2
         with:
@@ -17,9 +17,30 @@ jobs:
           ruby-version: ${{ matrix.ruby }}
       - name: setup
         run: ./bin/setup
-      - name: integration
-        run: ./bin/test spec/integration
-      - name: unit
-        run: ./bin/test spec/unit
+      - name: test
+        run: ./bin/test
+  lint:
+    runs-on: ubuntu-latest
+    name: Lint
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          lfs: true
+          submodules: recursive
+      - uses: actions/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: setup
+        run: ./bin/setup
       - name: lint
         run: ./bin/lint
+  docker:
+    runs-on: ubuntu-latest
+    name: Docker
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          lfs: true
+          submodules: recursive
+      - name: docker
+        run: docker build .
diff --git a/.gitignore b/.gitignore
index 17326d4..90053cf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@
 /spec/reports/
 /tmp/
 *.so
+*.bundle
 
 # rspec failure tracking
 .rspec_status
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 41ce307..a51725f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-Version 0.13.1
+Version 0.13.2
 
 # Changelog
 
@@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.13.2] - 2020-05-17
+### Fixed
+- Detect licenses when provided as an array.
+- Skip empty lockfiles.
+
 ## [0.13.1] - 2020-05-16
 ### Fixed
 - Add `ext/**/*.c` and `ext/**/*.h` to list of files.
diff --git a/Dockerfile b/Dockerfile
index 4068f40..7dcc15b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:latest
 WORKDIR /scan
-ENV PACKAGES build-base bash ruby ruby-dev ruby-json git libxml2-dev openssl-dev
+ENV PACKAGES build-base bash ruby ruby-dev ruby-json ruby-rdoc git libxml2-dev openssl-dev
 COPY . /opt/spandx/
 RUN apk update && \
   apk add $PACKAGES && \
@@ -9,6 +9,7 @@ RUN apk update && \
   gem build *.gemspec && \
   gem install --no-document *.gem && \
   spandx pull && \
+  spandx version && \
   apk del build-base ruby-dev && \
   rm -r /root/.gem && \
   rm -fr /var/cache/apk/*
diff --git a/Gemfile.lock b/Gemfile.lock
index c94a123..4b8bc59 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    spandx (0.13.1)
+    spandx (0.13.2)
       addressable (~> 2.7)
       bundler (>= 1.16, < 3.0.0)
       net-hippie (~> 0.3)
diff --git a/ext/spandx/spandx.c b/ext/spandx/spandx.c
index 29c7006..a2f6393 100644
--- a/ext/spandx/spandx.c
+++ b/ext/spandx/spandx.c
@@ -20,7 +20,7 @@ static VALUE parse(VALUE self, VALUE line)
 
   const VALUE items = rb_ary_new2(3);
   const char *s, *n;
-  const int len = RSTRING_LEN(line);
+  const long len = RSTRING_LEN(line);
   enum { open, closed } state = closed;
 
   for (int i = 0; i < len && *p; i++) {
diff --git a/lib/spandx/core/git.rb b/lib/spandx/core/git.rb
index 51949a0..f98734d 100644
--- a/lib/spandx/core/git.rb
+++ b/lib/spandx/core/git.rb
@@ -42,7 +42,5 @@ module Spandx
         end
       end
     end
-
-    Database = Git
   end
 end
diff --git a/lib/spandx/core/guess.rb b/lib/spandx/core/guess.rb
index 62967ce..81862b1 100644
--- a/lib/spandx/core/guess.rb
+++ b/lib/spandx/core/guess.rb
@@ -10,7 +10,14 @@ module Spandx
       end
 
       def license_for(raw)
-        raw.is_a?(Hash) ? from_hash(raw) : from_string(raw)
+        case raw
+        when Hash
+          from_hash(raw)
+        when Array
+          from_array(raw)
+        else
+          from_string(raw)
+        end
       end
 
       private
@@ -21,6 +28,10 @@ module Spandx
           unknown(hash[:name] || hash[:url])
       end
 
+      def from_array(array)
+        from_string(array.join(' AND '))
+      end
+
       def from_string(raw)
         return if raw.nil?
 
diff --git a/lib/spandx/core/parser.rb b/lib/spandx/core/parser.rb
index 4c92854..00d0278 100644
--- a/lib/spandx/core/parser.rb
+++ b/lib/spandx/core/parser.rb
@@ -21,6 +21,8 @@ module Spandx
         include Registerable
 
         def for(path)
+          return UNKNOWN if !File.exist?(path) || File.size(path).zero?
+
           find { |x| x.matches?(File.basename(path)) } || UNKNOWN
         end
       end
diff --git a/lib/spandx/python/pypi.rb b/lib/spandx/python/pypi.rb
index 3c1006b..7849f29 100644
--- a/lib/spandx/python/pypi.rb
+++ b/lib/spandx/python/pypi.rb
@@ -96,7 +96,5 @@ module Spandx
         Nokogiri::HTML(http.get(url).body)
       end
     end
-
-    PyPI = Pypi
   end
 end
diff --git a/lib/spandx/version.rb b/lib/spandx/version.rb
index d26e19a..e2f8abb 100644
--- a/lib/spandx/version.rb
+++ b/lib/spandx/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.13.1'
+  VERSION = '0.13.2'
 end
diff --git a/spec/fixtures/empty/composer.lock b/spec/fixtures/empty/composer.lock
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/spec/fixtures/empty/composer.lock
diff --git a/spec/fixtures/spdx b/spec/fixtures/spdx
-Subproject 44837a94516118d3adbc3c2241f9e2ec818d4a9
+Subproject 3c4b2f1675ef25d307a8f4aa61d75ec5a2c3976
diff --git a/spec/integration/core/git_spec.rb b/spec/integration/core/git_spec.rb
index 12d4a42..186c5b7 100644
--- a/spec/integration/core/git_spec.rb
+++ b/spec/integration/core/git_spec.rb
@@ -44,6 +44,4 @@ RSpec.describe Spandx::Core::Git do
       it { expect(shell).to have_received(:system).with('git', 'pull', '--no-rebase', '--quiet', 'origin', 'master') }
     end
   end
-
-  specify { expect(Spandx::Core::Database).to eql(described_class) }
 end
diff --git a/spec/unit/core/guess_spec.rb b/spec/unit/core/guess_spec.rb
index c001c8a..058b4f6 100644
--- a/spec/unit/core/guess_spec.rb
+++ b/spec/unit/core/guess_spec.rb
@@ -32,7 +32,7 @@ RSpec.describe Spandx::Core::Guess do
       end
     end
 
-    pending 'does not contain any duplicate names' do
+    specify 'does not contain any duplicate names' do
       items = Hash.new { |hash, key| hash[key] = 0 }
       active_licenses.each { |license| items[license.name] += 1 }
       expect(items.find_all { |_x, y| y > 1 }).to be_empty
@@ -44,6 +44,7 @@ RSpec.describe Spandx::Core::Guess do
       specify { expect(subject.license_for(content)&.id).to eql('MIT') }
     end
 
+    specify { expect(subject.license_for(%w[MIT 0BSD]).id).to eql('MIT AND 0BSD') }
     specify { expect(subject.license_for('(0BSD OR MIT)')&.id).to eql('0BSD OR MIT') }
     specify { expect(subject.license_for('(BSD-2-Clause OR MIT OR Apache-2.0)')&.id).to eql('BSD-2-Clause OR MIT OR Apache-2.0') }
     specify { expect(subject.license_for('(BSD-3-Clause OR GPL-2.0)')&.id).to eql('BSD-3-Clause OR GPL-2.0') }
diff --git a/spec/unit/core/parser_spec.rb b/spec/unit/core/parser_spec.rb
new file mode 100644
index 0000000..9ad5bea
--- /dev/null
+++ b/spec/unit/core/parser_spec.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+RSpec.describe Spandx::Core::Parser do
+  subject { described_class }
+
+  describe '.for' do
+    describe 'when the `composer.lock` file is empty' do
+      let(:empty_file) { fixture_file('empty/composer.lock') }
+      let(:result) { subject.for(empty_file) }
+
+      specify { expect(result).to be(Spandx::Core::Parser::UNKNOWN) }
+    end
+
+    describe 'when the `composer.lock` file is discovered' do
+      let(:lock_file) { fixture_file('composer/composer.lock') }
+      let(:result) { subject.for(lock_file) }
+
+      specify { expect(result).to be_instance_of(Spandx::Php::Parsers::Composer) }
+    end
+  end
+end
diff --git a/spec/unit/python/pypi_spec.rb b/spec/unit/python/pypi_spec.rb
index 9836c9d..cb09c4a 100644
--- a/spec/unit/python/pypi_spec.rb
+++ b/spec/unit/python/pypi_spec.rb
@@ -203,8 +203,4 @@ RSpec.describe Spandx::Python::Pypi do
       end
     end
   end
-
-  describe 'PyPI' do
-    specify { expect(Spandx::Python::PyPI).to eql(described_class) }
-  end
 end
diff --git a/spec/unit/ruby/parsers/gemfile_lock_spec.rb b/spec/unit/ruby/parsers/gemfile_lock_spec.rb
index 20f1734..7160033 100644
--- a/spec/unit/ruby/parsers/gemfile_lock_spec.rb
+++ b/spec/unit/ruby/parsers/gemfile_lock_spec.rb
@@ -29,6 +29,4 @@ RSpec.describe Spandx::Ruby::Parsers::GemfileLock do
       specify { expect(spandx.meta[:source]).to be_a_kind_of(Bundler::Source) }
     end
   end
-
-  specify { expect(Spandx::Rubygems::Parsers::GemfileLock).to eql(described_class) }
 end
author	Can Eldem <eldemcan@users.noreply.github.com>	2020-05-18 10:04:25 +0100
committer	GitHub <noreply@github.com>	2020-05-18 10:04:25 +0100
commit	baa882c452ea6311b4c934ca388e04757c7c436d (patch)
tree	2322da54fb505427915c65f296eb1a88afdd533b
parent	6b392af62854d28b9f12fe292e21b79baa25c63b (diff)
parent	f1cbf51f1a185d70c45959c3e2199b29ccbacd1d (diff)