Commit 9048c668 authored by mo khan's avatar mo khan Committed by James Lopez

Decouple from license scan report v1 structure

This change updates the dependency list parser to delegate
to the license report parser to parse the license report
json. This ensures that upgrades to the license report
schema do not break the functionality in the dependency list.
parent a38d9e77
---
title: Decouple dependency list parser from v1.0 license scanning report
merge_request: 18103
author:
type: fixed
......@@ -22,8 +22,8 @@ module Gitlab
end
def parse_licenses!(json_data, report)
licenses = JSON.parse(json_data, symbolize_names: true)
licenses[:dependencies].each do |license|
license_report = ::Gitlab::Ci::Reports::LicenseScanning::Report.parse_from(json_data)
license_report.licenses.each do |license|
report.apply_license(license)
end
end
......
......@@ -17,10 +17,10 @@ module Gitlab
def apply_license(license)
dependencies.each do |dependency|
next unless dependency[:name] == license[:dependency][:name]
next if dependency[:licenses].include?(license[:license])
next unless license.dependencies.find { |license_dependency| license_dependency.name == dependency[:name] }
next if dependency[:licenses].find { |license_hash| license_hash[:name] == license.name }
dependency[:licenses] << license[:license]
dependency[:licenses].push(name: license.name, url: license.url)
end
end
end
......
......@@ -49,6 +49,12 @@ module Gitlab
found_licenses.empty?
end
def self.parse_from(json)
new.tap do |report|
::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning.new.parse!(json, report)
end
end
private
def canonicalize(name)
......
......@@ -20,24 +20,17 @@ describe Gitlab::Ci::Reports::DependencyList::Report do
describe '#apply_license' do
subject { report.dependencies.last[:licenses].size }
let(:license) do
{
dependency: {
name: 'nokogiri'
},
license: {
name: 'MIT',
url: 'http://opensource.org/licenses/mit-license'
}
}
end
let(:license) { build(:ci_reports_license_management_report, :mit).licenses.first }
before do
license.add_dependency(name_of_dependency_with_license)
report.add_dependency(dependency)
report.apply_license(license)
end
context 'with matching dependency' do
let(:name_of_dependency_with_license) { dependency[:name] }
context 'with empty license list' do
let(:dependency) { build :dependency }
......@@ -57,6 +50,7 @@ describe Gitlab::Ci::Reports::DependencyList::Report do
context 'without matching dependency' do
let(:dependency) { build :dependency, name: 'irigokon' }
let(:name_of_dependency_with_license) { dependency[:name].reverse }
it 'does not apply the license at all' do
is_expected.to eq(0)
......
......@@ -68,4 +68,13 @@ describe Gitlab::Ci::Reports::LicenseScanning::Report do
it { expect(empty_report).to be_empty }
it { expect(completed_report).not_to be_empty }
end
describe ".parse_from" do
context "when parsing a v1 report" do
subject { described_class.parse_from(v1_json) }
let(:v1_json) { fixture_file('security_reports/master/gl-license-management-report.json', dir: 'ee') }
specify { expect(subject.licenses.count).to eq(4) }
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment