Add license plugin for composer

author: mo khan <mo.khan@gmail.com> 2020-04-12 10:24:49 -0600
committer: mo khan <mo.khan@gmail.com> 2020-04-12 10:24:49 -0600
commit: 53bbd7d472fa75e6d41d9603a47b7aa08334117a (patch)
tree: fe9bfbb9350cb0bea7a697298956984af0feb241
parent: ddce2f342e47b0f06774c896e5d689b06a6d90b2 (diff)
6 files changed, 101 insertions, 25 deletions
diff --git a/lib/spandx/core/cache.rb b/lib/spandx/core/cache.rb
index 6d5eaba..3e73f1e 100644
--- a/lib/spandx/core/cache.rb
+++ b/lib/spandx/core/cache.rb
@@ -5,7 +5,7 @@ module Spandx
     class Cache
       attr_reader :db, :package_manager
 
-      def initialize(package_manager, url:)
+      def initialize(package_manager, url: 'https://github.com/mokhan/spandx-index.git')
         @package_manager = package_manager
         @db = ::Spandx::Core::Database.new(url: url)
         @cache = {}
diff --git a/lib/spandx/core/dependency.rb b/lib/spandx/core/dependency.rb
index b7a0a84..749ae41 100644
--- a/lib/spandx/core/dependency.rb
+++ b/lib/spandx/core/dependency.rb
@@ -3,13 +3,6 @@
 module Spandx
   module Core
     class Dependency
-      GATEWAYS = {
-        composer: ::Spandx::Php::PackagistGateway,
-        maven: ::Spandx::Java::Gateway,
-        nuget: ::Spandx::Dotnet::NugetGateway,
-        rubygems: ::Spandx::Ruby::Gateway,
-      }.freeze
-
       attr_reader :package_manager, :name, :version, :licenses, :meta
 
       def initialize(package_manager:, name:, version:, licenses: [], meta: {})
@@ -24,12 +17,6 @@ module Spandx
         package_manager == value&.to_sym
       end
 
-      #def licenses(catalogue: Spdx::Catalogue.from_git)
-        #Spdx::GatewayAdapter
-          #.new(catalogue: catalogue, gateway: combine(cache_for(package_manager), gateway_for(package_manager)))
-          #.licenses_for(name, version)
-      #end
-
       def <=>(other)
         [name, version] <=> [other.name, other.version]
       end
@@ -52,6 +39,19 @@ module Spandx
 
       private
 
+      GATEWAYS = {
+        composer: ::Spandx::Php::PackagistGateway,
+        maven: ::Spandx::Java::Gateway,
+        nuget: ::Spandx::Dotnet::NugetGateway,
+        rubygems: ::Spandx::Ruby::Gateway,
+      }.freeze
+
+      def xlicenses(catalogue: Spdx::Catalogue.from_git)
+        Spdx::GatewayAdapter
+          .new(catalogue: catalogue, gateway: combine(cache_for(package_manager), gateway_for(package_manager)))
+          .licenses_for(name, version)
+      end
+
       def gateway_for(package_manager)
         case package_manager
         when :yarn, :npm
diff --git a/lib/spandx/dotnet/license_plugin.rb b/lib/spandx/dotnet/license_plugin.rb
index cf7ed68..3b64057 100644
--- a/lib/spandx/dotnet/license_plugin.rb
+++ b/lib/spandx/dotnet/license_plugin.rb
@@ -28,7 +28,7 @@ module Spandx
       def gateway
         @gateway ||=
           ::Spandx::Core::CompositeGateway.new(
-            ::Spandx::Core::Cache.new(:nuget, url: 'https://github.com/mokhan/spandx-rubygems.git'),
+            ::Spandx::Core::Cache.new(:nuget),
             ::Spandx::Dotnet::NugetGateway.new
         )
       end
diff --git a/lib/spandx/php/license_plugin.rb b/lib/spandx/php/license_plugin.rb
new file mode 100644
index 0000000..5aa7cdd
--- /dev/null
+++ b/lib/spandx/php/license_plugin.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Php
+    class LicensePlugin < Spandx::Core::Plugin
+      def initialize(catalogue: Spdx::Catalogue.from_git)
+        @catalogue = catalogue
+      end
+
+      def enhance(dependency)
+        return dependency unless dependency.managed_by?(:composer)
+        if dependency.meta['license']
+          dependency.meta['license'].each do |x|
+            detected_license = catalogue[x]
+            dependency.licenses << detected_license if detected_license
+          end
+          return dependency
+        end
+
+        licenses_for(dependency).each do |license|
+          dependency.licenses << license
+        end
+        dependency
+      end
+
+      private
+
+      attr_reader :catalogue
+
+      def licenses_for(dependency)
+        @adapter ||= Spdx::GatewayAdapter.new(catalogue: catalogue, gateway: gateway)
+        @adapter.licenses_for(dependency.name, dependency.version)
+      end
+
+      def gateway
+        @gateway ||=
+          ::Spandx::Core::CompositeGateway.new(
+            ::Spandx::Core::Cache.new(:composer),
+            ::Spandx::Php::PackagistGateway.new
+        )
+      end
+    end
+  end
+end
diff --git a/spec/unit/core/dependency_spec.rb b/spec/unit/core/dependency_spec.rb
index 3a1f0c9..6f65e7e 100644
--- a/spec/unit/core/dependency_spec.rb
+++ b/spec/unit/core/dependency_spec.rb
@@ -3,13 +3,6 @@
 RSpec.describe Spandx::Core::Dependency do
   describe "#licenses" do
     [
-      { package_manager: :composer, name: 'doctrine/instantiator', version: '1.3.0', expected: ['MIT'] },
-      { package_manager: :composer, name: 'hamcrest/hamcrest-php', version: 'v2.0.0', expected: ['Nonstandard'] },
-      { package_manager: :composer, name: 'mockery/mockery', version: '1.3.1', expected: ['BSD-3-Clause'] },
-      { package_manager: :composer, name: 'phpdocumentor/reflection-common', version: '2.0.0', expected: ['MIT'] },
-      { package_manager: :composer, name: 'phpdocumentor/type-resolver', version: '1.0.1', expected: ['MIT'] },
-      { package_manager: :composer, name: 'symfony/polyfill-ctype', version: 'v1.14.0', expected: ['MIT'] },
-      { package_manager: :composer, name: 'webmozart/assert', version: '1.7.0', expected: ['MIT'] },
       { package_manager: :maven, name: 'junit:junit', version: '3.8.1', expected: ['CPL-1.0'] },
       { package_manager: :npm, name: 'accepts', version: '1.3.7', expected: ['MIT'] },
       { package_manager: :npm, name: 'array-flatten', version: '1.1.1', expected: ['MIT'] },
@@ -61,9 +54,6 @@ RSpec.describe Spandx::Core::Dependency do
       { package_manager: :npm, name: 'unpipe', version: '1.0.0', expected: ['MIT'] },
       { package_manager: :npm, name: 'utils-merge', version: '1.0.1', expected: ['MIT'] },
       { package_manager: :npm, name: 'vary', version: '1.1.2', expected: ['MIT'] },
-      { package_manager: :nuget, name: 'NHibernate', version: '5.2.6', expected: ['LGPL-2.1-only'] },
-      { package_manager: :nuget, name: 'System.Security.Principal.Windows', version: '4.3.0', expected: ['Nonstandard'] },
-      { package_manager: :nuget, name: 'jive', version: '0.1.0', expected: ['MIT'] },
       { package_manager: :pypi, name: 'six', version: '1.14.0', expected: ['MIT'] },
       { package_manager: :rubygems, name: 'spandx', version: '0.1.0', expected: ['MIT'] },
       { package_manager: :yarn, name: 'accepts', version: '1.3.7', expected: ['MIT'] },
diff --git a/spec/unit/php/license_plugin_spec.rb b/spec/unit/php/license_plugin_spec.rb
new file mode 100644
index 0000000..855e49d
--- /dev/null
+++ b/spec/unit/php/license_plugin_spec.rb
@@ -0,0 +1,42 @@
+RSpec.describe Spandx::Php::LicensePlugin do
+  subject { described_class.new }
+
+  describe "#enhance" do
+    context "when the dependency is not managed by the `composer` package manager" do
+      let(:dependency) { ::Spandx::Core::Dependency.new(package_manager: :rubygems, name: 'spandx', version: '0.1.0') }
+
+      specify { expect(subject.enhance(dependency)).to eql(dependency) }
+    end
+
+    [
+      { package_manager: :composer, name: 'doctrine/instantiator', version: '1.3.0', expected: ['MIT'] },
+      { package_manager: :composer, name: 'hamcrest/hamcrest-php', version: 'v2.0.0', expected: ['Nonstandard'] },
+      { package_manager: :composer, name: 'mockery/mockery', version: '1.3.1', expected: ['BSD-3-Clause'] },
+      { package_manager: :composer, name: 'phpdocumentor/reflection-common', version: '2.0.0', expected: ['MIT'] },
+      { package_manager: :composer, name: 'phpdocumentor/type-resolver', version: '1.0.1', expected: ['MIT'] },
+      { package_manager: :composer, name: 'symfony/polyfill-ctype', version: 'v1.14.0', expected: ['MIT'] },
+      { package_manager: :composer, name: 'webmozart/assert', version: '1.7.0', expected: ['MIT'] },
+    ].each do |item|
+      context "#{item[:package_manager]}-#{item[:name]}-#{item[:version]}" do
+        let(:dependency) { ::Spandx::Core::Dependency.new(package_manager: item[:package_manager], name: item[:name], version: item[:version]) }
+
+        let(:results) do
+          VCR.use_cassette("#{item[:package_manager]}-#{item[:name]}-#{item[:version]}") do
+            subject.enhance(dependency).licenses
+          end
+        end
+
+        specify { expect(results.map(&:id)).to match_array(item[:expected]) }
+      end
+    end
+
+    context "when the metadata includes the detected license" do
+      let(:dependency) { ::Spandx::Core::Dependency.new(package_manager: :composer, name: 'spandx/example', version: '0.1.0', meta: { 'license' => ['MIT'] }) }
+      let(:results) { subject.enhance(dependency).licenses }
+
+      it 'skips the network lookup' do
+        expect(results.map(&:id)).to match_array(['MIT'])
+      end
+    end
+  end
+end
author	mo khan <mo.khan@gmail.com>	2020-04-12 10:24:49 -0600
committer	mo khan <mo.khan@gmail.com>	2020-04-12 10:24:49 -0600
commit	53bbd7d472fa75e6d41d9603a47b7aa08334117a (patch)
tree	fe9bfbb9350cb0bea7a697298956984af0feb241
parent	ddce2f342e47b0f06774c896e5d689b06a6d90b2 (diff)