-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added NuGet support via nuget-license build plugin
- Loading branch information
Showing
9 changed files
with
201 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
101 changes: 101 additions & 0 deletions
101
.../porscheinformatik/sonarqube/licensecheck/nugetlicense/NugetLicenseDependencyScanner.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| package at.porscheinformatik.sonarqube.licensecheck.nugetlicense; | ||
|
|
||
| import java.io.IOException; | ||
| import java.io.InputStream; | ||
| import java.util.HashSet; | ||
| import java.util.Set; | ||
|
|
||
| import javax.json.Json; | ||
| import javax.json.JsonArray; | ||
| import javax.json.JsonObject; | ||
| import javax.json.JsonReader; | ||
|
|
||
| import org.sonar.api.batch.fs.FilePredicate; | ||
| import org.sonar.api.batch.fs.FileSystem; | ||
| import org.sonar.api.batch.fs.InputFile; | ||
| import org.sonar.api.batch.sensor.SensorContext; | ||
| import org.sonar.api.utils.log.Logger; | ||
| import org.sonar.api.utils.log.Loggers; | ||
|
|
||
| import at.porscheinformatik.sonarqube.licensecheck.Dependency; | ||
| import at.porscheinformatik.sonarqube.licensecheck.LicenseCheckRulesDefinition; | ||
| import at.porscheinformatik.sonarqube.licensecheck.Scanner; | ||
| import at.porscheinformatik.sonarqube.licensecheck.licensemapping.LicenseMappingService; | ||
|
|
||
| public class NugetLicenseDependencyScanner implements Scanner | ||
| { | ||
| private static final Logger LOGGER = Loggers.get(NugetLicenseDependencyScanner.class); | ||
|
|
||
| private final LicenseMappingService licenseMappingService; | ||
|
|
||
| public NugetLicenseDependencyScanner(LicenseMappingService licenseMappingService) | ||
| { | ||
| this.licenseMappingService = licenseMappingService; | ||
| } | ||
|
|
||
| @Override | ||
| public Set<Dependency> scan(SensorContext context) | ||
| { | ||
| LOGGER.debug("Finding and scanning licenses.json"); | ||
|
|
||
| FileSystem fs = context.fileSystem(); | ||
| FilePredicate licenseJsonPredicate = fs.predicates().matchesPathPattern("**/licenses.json"); | ||
|
|
||
| Set<Dependency> allDependencies = new HashSet<>(); | ||
|
|
||
| for (InputFile licenseJsonFile : fs.inputFiles(licenseJsonPredicate)) | ||
| { | ||
| context.markForPublishing(licenseJsonFile); | ||
| LOGGER.info("Scanning for licenses (file={})", licenseJsonFile.toString()); | ||
| allDependencies.addAll(dependencyParser(licenseJsonFile)); | ||
| } | ||
|
|
||
| LOGGER.debug("Nuget scanning complete."); | ||
|
|
||
| return allDependencies; | ||
| } | ||
|
|
||
| private Set<Dependency> dependencyParser(InputFile licenseJsonFile) | ||
| { | ||
| Set<Dependency> dependencies = new HashSet<>(); | ||
|
|
||
| try (InputStream fis = licenseJsonFile.inputStream(); | ||
| JsonReader jsonReader = Json.createReader(fis)) | ||
| { | ||
| JsonArray licensesJson = jsonReader.readArray(); | ||
|
|
||
| if (licensesJson != null) | ||
| { | ||
| for (int i = 0; i < licensesJson.size(); i++) | ||
| { | ||
| JsonObject nextPackage = licensesJson.getJsonObject(i); | ||
| String packageName = nextPackage.getString("PackageName"); | ||
| String packageVersion = nextPackage.getString("PackageVersion"); | ||
| String packageLicense = nextPackage.getString("LicenseType"); | ||
|
|
||
| if (dependencies.stream().anyMatch(d -> packageName.equals(d.getName()) && packageVersion.equals(d.getVersion()))) | ||
| { | ||
| LOGGER.debug("Package {} {} has already been encountered and will not be scanned again", packageName, packageVersion); | ||
| continue; | ||
| } | ||
|
|
||
| String license = licenseMappingService.mapLicense(packageLicense); | ||
|
|
||
| LOGGER.debug("Found license. Name: {} Version: {} License: {}", packageName, packageVersion, packageLicense); | ||
|
|
||
| Dependency dependency = new Dependency(packageName, packageVersion, license, LicenseCheckRulesDefinition.LANG_CS); | ||
| dependency.setInputComponent(licenseJsonFile); | ||
| dependency.setTextRange(licenseJsonFile.selectLine(1)); | ||
|
|
||
| dependencies.add(dependency); | ||
| } | ||
| } | ||
| } | ||
| catch (IOException e) | ||
| { | ||
| LOGGER.error("Error reading license.json", e); | ||
| } | ||
|
|
||
| return dependencies; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
78 changes: 78 additions & 0 deletions
78
...scheinformatik/sonarqube/licensecheck/nugetlicense/NugetLicenseDependencyScannerTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| package at.porscheinformatik.sonarqube.licensecheck.nugetlicense; | ||
|
|
||
| import static org.hamcrest.MatcherAssert.assertThat; | ||
| import static org.hamcrest.Matchers.containsInAnyOrder; | ||
| import static org.hamcrest.Matchers.hasSize; | ||
| import static org.mockito.Matchers.anyString; | ||
| import static org.mockito.Mockito.mock; | ||
| import static org.mockito.Mockito.when; | ||
|
|
||
| import java.io.File; | ||
| import java.io.FileInputStream; | ||
| import java.io.IOException; | ||
| import java.util.Set; | ||
|
|
||
| import org.junit.Test; | ||
| import org.sonar.api.batch.fs.FileSystem; | ||
| import org.sonar.api.batch.fs.InputFile; | ||
| import org.sonar.api.batch.fs.internal.DefaultFileSystem; | ||
| import org.sonar.api.batch.sensor.SensorContext; | ||
|
|
||
| import at.porscheinformatik.sonarqube.licensecheck.Dependency; | ||
| import at.porscheinformatik.sonarqube.licensecheck.Scanner; | ||
| import at.porscheinformatik.sonarqube.licensecheck.licensemapping.LicenseMappingService; | ||
|
|
||
| public class NugetLicenseDependencyScannerTest | ||
| { | ||
| private static final File RESOURCE_FOLDER = new File("src/test/resources"); | ||
|
|
||
| private SensorContext createContext(File folder) | ||
| { | ||
| SensorContext context = mock(SensorContext.class); | ||
| InputFile packageJson = mock(InputFile.class); | ||
| when(packageJson.language()).thenReturn("json"); | ||
| when(packageJson.filename()).thenReturn("licenses.json"); | ||
| when(packageJson.relativePath()).thenReturn("/licenses.json"); | ||
| when(packageJson.type()).thenReturn(InputFile.Type.MAIN); | ||
| try | ||
| { | ||
| when(packageJson.inputStream()).thenAnswer(i -> new FileInputStream(new File(folder, "licenses.json"))); | ||
| } | ||
| catch (IOException e) | ||
| { | ||
| throw new RuntimeException(e); | ||
| } | ||
| FileSystem fileSystem = new DefaultFileSystem(folder.toPath()).add(packageJson); | ||
| when(context.fileSystem()).thenReturn(fileSystem); | ||
| return context; | ||
| } | ||
|
|
||
| @Test | ||
| public void testHappyPath() | ||
| { | ||
| Set<Dependency> dependencies = createScanner().scan(createContext(RESOURCE_FOLDER)); | ||
|
|
||
| assertThat(dependencies, hasSize(4)); | ||
| assertThat(dependencies, containsInAnyOrder( | ||
| new Dependency("MonoGame.Content.Builder.Task", "3.8.0.1641", "MS-PL"), | ||
| new Dependency("MonoGame.Framework.DesktopGL", "3.8.0.1641", "MS-PL"), | ||
| new Dependency("CommandLineParser", "2.8.0", "License.md"), | ||
| new Dependency("Newtonsoft.Json", "13.0.1", "MIT"))); | ||
| } | ||
|
|
||
| @Test | ||
| public void testNoPackageJson() | ||
| { | ||
| Set<Dependency> dependencies = createScanner().scan(createContext(new File("src"))); | ||
|
|
||
| assertThat(dependencies, hasSize(0)); | ||
| } | ||
|
|
||
| private Scanner createScanner() | ||
| { | ||
| LicenseMappingService licenseMappingService = mock(LicenseMappingService.class); | ||
| when(licenseMappingService.mapLicense(anyString())).thenCallRealMethod(); | ||
|
|
||
| return new NugetLicenseDependencyScanner(licenseMappingService); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| [{"PackageName":"MonoGame.Content.Builder.Task","PackageVersion":"3.8.0.1641","PackageUrl":"https://www.monogame.net/","Copyright":"","Authors":["MonoGame Team"],"Description":"MSBuild task to automatically build content for MonoGame.","LicenseUrl":"https://licenses.nuget.org/MS-PL","LicenseType":"MS-PL","Repository":{"Type":"","Url":"https://github.com/MonoGame/MonoGame","Commit":""}},{"PackageName":"MonoGame.Framework.DesktopGL","PackageVersion":"3.8.0.1641","PackageUrl":"https://www.monogame.net/","Copyright":"","Authors":["MonoGame Team"],"Description":"The MonoGame runtime supporting Windows, Linux and macOS using SDL2 and OpenGL.","LicenseUrl":"https://licenses.nuget.org/MS-PL","LicenseType":"MS-PL","Repository":{"Type":"","Url":"https://github.com/MonoGame/MonoGame","Commit":""}},{"PackageName":"CommandLineParser","PackageVersion":"2.8.0","PackageUrl":"https://github.com/commandlineparser/commandline","Copyright":"Copyright (c) 2005 - 2020 Giacomo Stelluti Scala & Contributors","Authors":["gsscoder","nemec","ericnewton76","moh-hassan"],"Description":"Terse syntax C# command line parser for .NET. For FSharp support see CommandLineParser.FSharp. The Command Line Parser Library offers to CLR applications a clean and concise API for manipulating command line arguments and related tasks.","LicenseUrl":"https://www.nuget.org/packages/CommandLineParser/2.8.0/License","LicenseType":"License.md"},{"PackageName":"Newtonsoft.Json","PackageVersion":"13.0.1","PackageUrl":"https://www.newtonsoft.com/json","Copyright":"Copyright © James Newton-King 2008","Authors":["James Newton-King"],"Description":"Json.NET is a popular high-performance JSON framework for .NET","LicenseUrl":"https://licenses.nuget.org/MIT","LicenseType":"MIT"}] |