Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement 'licenseChecker' config option to change how dependency licenses are matched against allowedLicenses #297

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,10 @@ licenseReport {
// This is for the allowed-licenses-file in checkLicense Task
// Accepts File, URL or String path to local or remote file
allowedLicensesFile = project.layout.projectDirectory.file("config/allowed-licenses.json").asFile
// (default) OneRequiredLicenseChecker: a dependency is good, if any of its licenses are matched with allowedLicenses
// AllRequiredLicenseChecker: a dependency is good, if all of its (non-null) licenses are matched with allowedLicenses
// any class implementing LicenseChecker can be provided here
licenseChecker = new com.github.jk1.license.check.OneRequiredLicenseChecker()
}
```

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
*/
package com.github.jk1.license

import com.github.jk1.license.check.LicenseChecker
import com.github.jk1.license.check.OneRequiredLicenseChecker
import com.github.jk1.license.filter.DependencyFilter
import com.github.jk1.license.importer.DependencyDataImporter
import com.github.jk1.license.render.ReportRenderer
Expand All @@ -41,6 +43,7 @@ class LicenseReportExtension {
public String[] excludeGroups
public String[] excludes
public Object allowedLicensesFile
public LicenseChecker licenseChecker

LicenseReportExtension(Project project) {
unionParentPomLicenses = true
Expand All @@ -54,6 +57,7 @@ class LicenseReportExtension {
excludes = []
importers = []
filters = []
licenseChecker = new OneRequiredLicenseChecker()
}

@Nested
Expand Down Expand Up @@ -103,6 +107,8 @@ class LicenseReportExtension {
snapshot += excludes
snapshot << 'unionParentPomLicenses'
snapshot += unionParentPomLicenses
snapshot << "licenseChecker"
snapshot += licenseChecker.class.name
snapshot.join("!")
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
/*
* Copyright 2018 Evgeny Naumenko <jk.vc@mail.ru>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.github.jk1.license.check

/**
* All licenses of a dependency must be found inside allowedLicenses to pass.
*/
class AllRequiredLicenseChecker implements LicenseChecker {
@Override
List<Tuple2<Dependency, List<ModuleLicense>>> checkAllDependencyLicensesAreAllowed(List<AllowedLicense> allowedLicenses, List<Dependency> allDependencies) {
removeNullLicenses(allDependencies)
List<Tuple2<Dependency, List<ModuleLicense>>> result = new ArrayList<>()
for (Dependency dependency : (allDependencies)) {
List<AllowedLicense> perDependencyAllowedLicenses = allowedLicenses.findAll { isDependencyNameMatchesAllowedLicense(dependency, it) && isDependencyVersionMatchesAllowedLicense(dependency, it) }
// allowedLicense matches anything, so we don't need to further check
if (perDependencyAllowedLicenses.any { it.moduleLicense == null || it.moduleLicense == ".*" }) {
continue
}
List<ModuleLicense> notAllowedLicenses = dependency.moduleLicenses.findAll { !isDependencyLicenseMatchesAllowedLicense(it, perDependencyAllowedLicenses) }
if (!notAllowedLicenses.isEmpty()) {
result.add(new Tuple2(dependency, notAllowedLicenses))
}
}
return result
}

private static boolean isDependencyNameMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return dependency.moduleName ==~ allowedLicense.moduleName || allowedLicense.moduleName == null || dependency.moduleName == allowedLicense.moduleName
}

private static boolean isDependencyVersionMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return dependency.moduleVersion ==~ allowedLicense.moduleVersion || allowedLicense.moduleVersion == null || dependency.moduleVersion == allowedLicense.moduleVersion
}

private static boolean isDependencyLicenseMatchesAllowedLicense(ModuleLicense moduleLicense, List<AllowedLicense> allowedLicenses) {
for (AllowedLicense allowedLicense : allowedLicenses) {
if (allowedLicense.moduleLicense == null || allowedLicense.moduleLicense == ".*") return true

if (moduleLicense.moduleLicense ==~ allowedLicense.moduleLicense || moduleLicense.moduleLicense == allowedLicense.moduleLicense) return true
}
return false
}

/**
* removes 'null'-licenses from dependencies which have at least one more license
*/
private static void removeNullLicenses(List<Dependency> dependencies) {
for (Dependency dependency : dependencies) {
if (dependency.moduleLicenses.any { it.moduleLicense == null } && !dependency.moduleLicenses.every {
it.moduleLicense == null
}) {
dependency.moduleLicenses = dependency.moduleLicenses.findAll { it.moduleLicense != null }
}
}
}
}
80 changes: 30 additions & 50 deletions src/main/groovy/com/github/jk1/license/check/LicenseChecker.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -18,70 +18,50 @@ package com.github.jk1.license.check
import groovy.json.JsonOutput
import org.gradle.api.GradleException

class LicenseChecker {
/**
* This class compares the found licences with the allowed licenses and creates a report for any missing license
*/
interface LicenseChecker extends Serializable {
List<Tuple2<Dependency, List<ModuleLicense>>> checkAllDependencyLicensesAreAllowed(
List<AllowedLicense> allowedLicenses,
List<Dependency> allDependencies)

void checkAllDependencyLicensesAreAllowed(
Object allowedLicensesFile, File projectLicensesDataFile, File notPassedDependenciesOutputFile) {
List<Dependency> allDependencies = LicenseCheckerFileReader.importDependencies(projectLicensesDataFile)
List<AllowedLicense> allowedLicenses = LicenseCheckerFileReader.importAllowedLicenses(allowedLicensesFile)
List<Dependency> notPassedDependencies = searchForNotAllowedDependencies(allDependencies, allowedLicenses)
generateNotPassedDependenciesFile(notPassedDependencies, notPassedDependenciesOutputFile)
default void checkAllDependencyLicensesAreAllowed(
Object allowedLicensesFile, File projectLicensesDataFile, File notPassedDependenciesOutputFile) {
def notPassedDependencies = checkAllDependencyLicensesAreAllowed(
parseAllowedLicenseFile(allowedLicensesFile), getProjectDependencies(projectLicensesDataFile))

generateNotPassedDependenciesFile(notPassedDependencies, notPassedDependenciesOutputFile)
if (!notPassedDependencies.isEmpty()) {
throw new GradleException("Some library licenses are not allowed.\n" +
"Read [$notPassedDependenciesOutputFile.path] for more information.")
}
}

private List<Dependency> searchForNotAllowedDependencies(
List<Dependency> dependencies, List<AllowedLicense> allowedLicenses) {
return dependencies.findAll { !isDependencyHasAllowedLicense(it, allowedLicenses) }
}

private void generateNotPassedDependenciesFile(
List<Dependency> notPassedDependencies, File notPassedDependenciesOutputFile) {
notPassedDependenciesOutputFile.text =
JsonOutput.prettyPrint(JsonOutput.toJson(
["dependenciesWithoutAllowedLicenses": notPassedDependencies.collect { toAllowedLicenseList(it) }.flatten()]))
}

private boolean isDependencyHasAllowedLicense(Dependency dependency, List<AllowedLicense> allowedLicenses) {
for(allowedLicense in allowedLicenses) {
if (isDependencyMatchesAllowedLicense(dependency, allowedLicense)) return true
throw new GradleException("Some library licenses are not allowed:\n" +
"$notPassedDependenciesOutputFile.text\n\n" +
"Read [$notPassedDependenciesOutputFile.path] for more information.")
}
return false
}

private boolean isDependencyMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return isDependencyNameMatchesAllowedLicense(dependency, allowedLicense) &&
isDependencyLicenseMatchesAllowedLicense(dependency, allowedLicense) &&
isDependencyVersionMatchesAllowedLicense(dependency, allowedLicense)
}

private boolean isDependencyNameMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return dependency.moduleName ==~ allowedLicense.moduleName || allowedLicense.moduleName == null ||
dependency.moduleName == allowedLicense.moduleName
default List<AllowedLicense> parseAllowedLicenseFile(Object allowedLicenseFile) {
return LicenseCheckerFileReader.importAllowedLicenses(allowedLicenseFile)
}

private boolean isDependencyVersionMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return dependency.moduleVersion ==~ allowedLicense.moduleVersion || allowedLicense.moduleVersion == null ||
dependency.moduleVersion == allowedLicense.moduleVersion
default List<Dependency> getProjectDependencies(File depenenciesFile) {
return LicenseCheckerFileReader.importDependencies(depenenciesFile)
}

private boolean isDependencyLicenseMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
if (allowedLicense.moduleLicense == null || allowedLicense.moduleLicense == ".*") return true

for (moduleLicenses in dependency.moduleLicenses)
if (moduleLicenses.moduleLicense ==~ allowedLicense.moduleLicense ||
moduleLicenses.moduleLicense == allowedLicense.moduleLicense) return true
return false
default void generateNotPassedDependenciesFile(List<Tuple2<Dependency, List<ModuleLicense>>> notPassedDependencies, File notPassedDependenciesOutputFile) {
notPassedDependenciesOutputFile.text = JsonOutput.prettyPrint(
JsonOutput.toJson([
"dependenciesWithoutAllowedLicenses": notPassedDependencies.collect {
toAllowedLicenseList(it.getV1(), it.getV2())
}.flatten()
]))
}

private List<AllowedLicense> toAllowedLicenseList(Dependency dependency) {
if (dependency.moduleLicenses.isEmpty()) {
return [ new AllowedLicense(dependency.moduleName, dependency.moduleVersion, null) ]
default List<AllowedLicense> toAllowedLicenseList(Dependency dependency, List<ModuleLicense> moduleLicenses) {
if (moduleLicenses.isEmpty()) {
return [new AllowedLicense(dependency.moduleName, dependency.moduleVersion, null)]
} else {
return dependency.moduleLicenses.collect { new AllowedLicense(dependency.moduleName, dependency.moduleVersion, it.moduleLicense) }
return moduleLicenses.findAll { it }.collect { new AllowedLicense(dependency.moduleName, dependency.moduleVersion, it.moduleLicense) }
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright 2018 Evgeny Naumenko <jk.vc@mail.ru>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.github.jk1.license.check

/**
* A Dependency, which has at least one license inside allowedLicenses, will pass.
*/
class OneRequiredLicenseChecker implements LicenseChecker {

@Override
List<Tuple2<Dependency, List<ModuleLicense>>> checkAllDependencyLicensesAreAllowed(List<AllowedLicense> allowedLicenses, List<Dependency> allDependencies) {
List<Dependency> notPassedDependencies = allDependencies.findAll { !isDependencyHasAllowedLicense(it, allowedLicenses) }
return notPassedDependencies.collect { new Tuple2(it, it.moduleLicenses.isEmpty() ? null : it.moduleLicenses) }
}

private boolean isDependencyHasAllowedLicense(Dependency dependency, List<AllowedLicense> allowedLicenses) {
for (allowedLicense in allowedLicenses) {
if (isDependencyMatchesAllowedLicense(dependency, allowedLicense)) return true
}
return false
}

private boolean isDependencyMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return isDependencyNameMatchesAllowedLicense(dependency, allowedLicense) &&
isDependencyLicenseMatchesAllowedLicense(dependency, allowedLicense) &&
isDependencyVersionMatchesAllowedLicense(dependency, allowedLicense)
}

private boolean isDependencyNameMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return dependency.moduleName ==~ allowedLicense.moduleName || allowedLicense.moduleName == null ||
dependency.moduleName == allowedLicense.moduleName
}

private boolean isDependencyVersionMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
return dependency.moduleVersion ==~ allowedLicense.moduleVersion || allowedLicense.moduleVersion == null ||
dependency.moduleVersion == allowedLicense.moduleVersion
}

private boolean isDependencyLicenseMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
if (allowedLicense.moduleLicense == null || allowedLicense.moduleLicense == ".*") return true

for (moduleLicenses in dependency.moduleLicenses)
if (moduleLicenses.moduleLicense ==~ allowedLicense.moduleLicense ||
moduleLicenses.moduleLicense == allowedLicense.moduleLicense) return true
return false
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ class CheckLicenseTask extends DefaultTask {
return new File("${config.absoluteOutputDir}/${PROJECT_JSON_FOR_LICENSE_CHECKING_FILE}")
}

@Input
LicenseChecker getLicenseChecker() {
return config.licenseChecker
}

@OutputFile
File getNotPassedDependenciesFile() {
new File("${config.absoluteOutputDir}/$NOT_PASSED_DEPENDENCIES_FILE")
Expand All @@ -64,9 +69,9 @@ class CheckLicenseTask extends DefaultTask {
@TaskAction
void checkLicense() {
LOGGER.info("Startup CheckLicense for ${config.projects.first()}")
LicenseChecker licenseChecker = new LicenseChecker()
LicenseChecker licenseChecker = getLicenseChecker()
LOGGER.info("Check licenses if they are allowed to use.")
licenseChecker.checkAllDependencyLicensesAreAllowed(
getAllowedLicenseFile(), getProjectDependenciesData(), notPassedDependenciesFile)
getAllowedLicenseFile(), getProjectDependenciesData(), notPassedDependenciesFile)
}
}
Loading