Class: GemXray::Analyzers::LicenseAnalyzer

Inherits:
Base
  • Object
show all
Defined in:
lib/gemxray/analyzers/license_analyzer.rb

Constant Summary

Constants inherited from Base

Base::AUTOLOADED_GEMS

Instance Method Summary collapse

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from GemXray::Analyzers::Base

Instance Method Details

#analyze(gems) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/gemxray/analyzers/license_analyzer.rb', line 6

def analyze(gems)
  allowed = config.license_allowed
  deny_unknown = config.license_deny_unknown?
  fetcher = LicenseFetcher.new
  matcher = LicenseMatcher.new

  gems.filter_map do |gem_entry|
    next if skipped?(gem_entry)

    info = fetcher.fetch(gem_entry.name, version: gem_entry.version)

    if info.licenses.empty?
      build_result(
        gem_entry: gem_entry,
        type: :license_unknown,
        severity: deny_unknown ? :danger : :warning,
        detail: "no license information found"
      )
    elsif allowed.any?
      violating = info.licenses.reject { |lic| matcher.match?(lic, allowed) }
      next if violating.empty?

      build_result(
        gem_entry: gem_entry,
        type: :license_violation,
        severity: :danger,
        detail: "license not in allowed list: #{violating.join(', ')}"
      )
    end
  end
end