Merge pull request LambdaTest#9 from LambdaTest/sync-upstream

Sync upstream

Author: rishabh-arya95

go.mod

@@ -14,8 +14,8 @@ require (
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.24.0
 	golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4
-	golang.org/x/mod v0.11.0
-	golang.org/x/net v0.11.0
+	golang.org/x/mod v0.12.0
+	golang.org/x/net v0.12.0
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -27,5 +27,5 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 )

go.sum

@@ -48,12 +48,12 @@ go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4 h1:K3x+yU+fbot38x5bQbU2QqUAVyYLEktdNH2GxZLnM3U=
 golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=

pkg/java/pom/artifact.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/aquasecurity/go-dep-parser/pkg/log"
+	"github.com/samber/lo"
 	"golang.org/x/exp/slices"
 )
 
@@ -18,20 +19,20 @@ type artifact struct {
 	GroupID    string
 	ArtifactID string
 	Version    version
-	License    string
+	Licenses   []string
 
 	Exclusions map[string]struct{}
 
 	Module bool
 	Root   bool
 }
 
-func newArtifact(groupID, artifactID, version, license string, props map[string]string) artifact {
+func newArtifact(groupID, artifactID, version string, licenses []string, props map[string]string) artifact {
 	return artifact{
 		GroupID:    evaluateVariable(groupID, props, nil),
 		ArtifactID: evaluateVariable(artifactID, props, nil),
 		Version:    newVersion(evaluateVariable(version, props, nil)),
-		License:    license,
+		Licenses:   licenses,
 	}
 }
 
@@ -43,12 +44,26 @@ func (a artifact) Equal(o artifact) bool {
 	return a.GroupID == o.GroupID || a.ArtifactID == o.ArtifactID || a.Version.String() == o.Version.String()
 }
 
+func (a artifact) JoinLicenses() string {
+	return strings.Join(a.Licenses, ", ")
+}
+
+func (a artifact) ToPOMLicenses() pomLicenses {
+	return pomLicenses{License: lo.Map(a.Licenses, func(lic string, _ int) pomLicense {
+		return pomLicense{Name: lic}
+	})}
+}
+
 func (a artifact) Inherit(parent artifact) artifact {
 	// inherited from a parent
 	if a.GroupID == "" {
 		a.GroupID = parent.GroupID
 	}
 
+	if len(a.Licenses) == 0 {
+		a.Licenses = parent.Licenses
+	}
+
 	if a.Version.String() == "" {
 		a.Version = parent.Version
 	}

pkg/java/pom/parse.go

@@ -70,7 +70,7 @@ func (e *extendedParser) GetRemoteRepositories() []string {
 }
 
 func (e *extendedParser) GetProperties(groupID, artifactID, version string) map[string]string {
-	art := newArtifact(groupID, artifactID, version, "", nil)
+	art := newArtifact(groupID, artifactID, version, nil, nil)
 	result := e.cache.get(art)
 	if result == nil {
 		return nil
@@ -233,8 +233,8 @@ func (p *parser) parseRoot(root artifact) ([]types.Library, []types.Dependency,
 		if !art.IsEmpty() {
 			// Override the version
 			uniqArtifacts[art.Name()] = artifact{
-				Version: art.Version,
-				License: art.License,
+				Version:  art.Version,
+				Licenses: art.Licenses,
 			}
 		}
 	}
@@ -244,7 +244,7 @@ func (p *parser) parseRoot(root artifact) ([]types.Library, []types.Dependency,
 		libs = append(libs, types.Library{
 			Name:    name,
 			Version: art.Version.String(),
-			License: art.License,
+			License: art.JoinLicenses(),
 		})
 	}
 	return libs, deps, nil
@@ -416,7 +416,7 @@ func (p *parser) resolveDepManagement(props map[string]string, depManagement []p
 	// Managed dependencies with a scope of "import" should be processed after other managed dependencies.
 	// cf. https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#importing-dependencies
 	for _, imp := range imports {
-		art := newArtifact(imp.GroupID, imp.ArtifactID, imp.Version, "", props)
+		art := newArtifact(imp.GroupID, imp.ArtifactID, imp.Version, nil, props)
 		result, err := p.resolve(art, nil)
 		if err != nil {
 			continue
@@ -466,7 +466,7 @@ func excludeDep(exclusions map[string]struct{}, art artifact) bool {
 
 func (p *parser) parseParent(currentPath string, parent pomParent) (analysisResult, error) {
 	// Pass nil properties so that variables in <parent> are not evaluated.
-	target := newArtifact(parent.GroupId, parent.ArtifactId, parent.Version, "", nil)
+	target := newArtifact(parent.GroupId, parent.ArtifactId, parent.Version, nil, nil)
 	// if version is property (e.g. ${revision}) - we still need to parse this pom
 	if target.IsEmpty() && !isProperty(parent.Version) {
 		return analysisResult{}, nil

pkg/java/pom/parse_test.go

@@ -785,6 +785,18 @@ func TestPom_Parse(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:      "inherit parent license",
+			inputFile: filepath.Join("testdata", "inherit-license", "module", "submodule", "pom.xml"),
+			local:     true,
+			want: []types.Library{
+				{
+					Name:    "com.example.app:submodule",
+					Version: "1.0.0",
+					License: "Apache-2.0",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

pkg/java/pom/pom.go

@@ -25,6 +25,7 @@ func (p *pom) inherit(result analysisResult) {
 
 	p.content.GroupId = art.GroupID
 	p.content.ArtifactId = art.ArtifactID
+	p.content.Licenses = art.ToPOMLicenses()
 
 	if isProperty(art.Version.String()) {
 		p.content.Version = evaluateVariable(art.Version.String(), p.content.Properties, nil)
@@ -100,17 +101,13 @@ func (p pom) listProperties(val reflect.Value) map[string]string {
 }
 
 func (p pom) artifact() artifact {
-	return newArtifact(p.content.GroupId, p.content.ArtifactId, p.content.Version, p.joinLicenses(), p.content.Properties)
+	return newArtifact(p.content.GroupId, p.content.ArtifactId, p.content.Version, p.licenses(), p.content.Properties)
 }
 
-func (p pom) joinLicenses() string {
-	var licenses []string
-	for _, license := range p.content.Licenses.License {
-		if license.Name != "" {
-			licenses = append(licenses, license.Name)
-		}
-	}
-	return strings.Join(licenses, ", ")
+func (p pom) licenses() []string {
+	return lo.FilterMap(p.content.Licenses.License, func(lic pomLicense, _ int) (string, bool) {
+		return lic.Name, lic.Name != ""
+	})
 }
 
 func (p pom) repositories() []string {
@@ -124,16 +121,12 @@ func (p pom) repositories() []string {
 }
 
 type pomXML struct {
-	Parent     pomParent `xml:"parent"`
-	GroupId    string    `xml:"groupId"`
-	ArtifactId string    `xml:"artifactId"`
-	Version    string    `xml:"version"`
-	Licenses   struct {
-		License []struct {
-			Name string `xml:"name"`
-		} `xml:"license"`
-	} `xml:"licenses"`
-	Modules struct {
+	Parent     pomParent   `xml:"parent"`
+	GroupId    string      `xml:"groupId"`
+	ArtifactId string      `xml:"artifactId"`
+	Version    string      `xml:"version"`
+	Licenses   pomLicenses `xml:"licenses"`
+	Modules    struct {
 		Text   string   `xml:",chardata"`
 		Module []string `xml:"module"`
 	} `xml:"modules"`
@@ -169,6 +162,15 @@ type pomParent struct {
 	RelativePath string `xml:"relativePath"`
 }
 
+type pomLicenses struct {
+	Text    string       `xml:",chardata"`
+	License []pomLicense `xml:"license"`
+}
+
+type pomLicense struct {
+	Name string `xml:"name"`
+}
+
 type pomDependencies struct {
 	Text       string          `xml:",chardata"`
 	Dependency []pomDependency `xml:"dependency"`

pkg/java/pom/testdata/inherit-license/module/pom.xml

@@ -0,0 +1,10 @@
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>com.example.app</groupId>
+    <artifactId>my-app</artifactId>
+    <version>1.0.0</version>
+  </parent>
+  <packaging>pom</packaging>
+  <artifactId>module</artifactId>
+</project>

pkg/java/pom/testdata/inherit-license/module/submodule/pom.xml

@@ -0,0 +1,10 @@
+<project>
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>com.example.app</groupId>
+        <artifactId>module</artifactId>
+        <version>1.0.0</version>
+    </parent>
+
+    <artifactId>submodule</artifactId>
+</project>

pkg/java/pom/testdata/inherit-license/pom.xml

@@ -0,0 +1,15 @@
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <packaging>pom</packaging>
+  <groupId>com.example.app</groupId>
+  <artifactId>my-app</artifactId>
+  <version>1.0.0</version>
+
+  <licenses>
+    <license>
+      <name>Apache-2.0</name>
+      <url>https://www.apache.org/licenses/LICENSE-2.0</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+</project>

pkg/nodejs/packagejson/parse_test.go

@@ -40,27 +40,10 @@ func TestParse(t *testing.T) {
 				OptionalDependencies: map[string]string{
 					"colors": "^1.4.0",
 				},
-				DevDependencies: map[string]string{"@babel/cli": "^7.14.5", "@babel/core": "^7.14.6",
-					"@babel/preset-env": "^7.14.7", "@popperjs/core": "^2.9.2",
-					"@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-commonjs": "^19.0.1",
-					"@rollup/plugin-node-resolve": "^13.0.2", "@rollup/plugin-replace": "^3.0.0",
-					"autoprefixer": "^10.2.6", "bundlewatch": "^0.3.2", "clean-css-cli": "^5.3.0",
-					"cross-env": "^7.0.3", "eslint": "^7.31.0", "eslint-config-xo": "^0.36.0",
-					"eslint-plugin-import": "^2.23.4", "eslint-plugin-unicorn": "^31.0.0",
-					"find-unused-sass-variables": "^3.1.0", "glob": "^7.1.7", "globby": "^11.0.4",
-					"hammer-simulator": "0.0.1", "hugo-bin": "^0.73.0", "ip": "^1.1.5",
-					"jquery": "^3.6.0", "karma": "^6.3.4", "karma-browserstack-launcher": "1.4.0",
-					"karma-chrome-launcher":            "^3.1.0",
-					"karma-coverage-istanbul-reporter": "^3.0.3",
-					"karma-detect-browsers":            "^2.3.3",
-					"karma-firefox-launcher":           "^2.1.1", "karma-jasmine": "^4.0.1",
-					"karma-jasmine-html-reporter": "^1.7.0",
-					"karma-rollup-preprocessor":   "^7.0.7", "linkinator": "^2.14.0",
-					"lockfile-lint": "^4.6.2", "nodemon": "^2.0.12", "npm-run-all": "^4.1.5",
-					"postcss": "^8.3.5", "postcss-cli": "^8.3.1", "rollup": "^2.53.3",
-					"rollup-plugin-istanbul": "^3.0.0", "rtlcss": "^3.3.0", "sass": "^1.35.2",
-					"shelljs": "^0.8.4", "stylelint": "^13.13.1",
-					"stylelint-config-twbs-bootstrap": "^2.2.3", "terser": "5.1.0", "vnu-jar": "21.6.11"},
+				DevDependencies: map[string]string{
+					"@babel/cli":  "^7.14.5",
+					"@babel/core": "^7.14.6",
+				},
 				Workspaces: []string{
 					"packages/*",
 					"backend",
@@ -78,27 +61,10 @@ func TestParse(t *testing.T) {
 					License: "ISC",
 				},
 				Dependencies: map[string]string{},
-				DevDependencies: map[string]string{"@babel/cli": "^7.14.5", "@babel/core": "^7.14.6",
-					"@babel/preset-env": "^7.14.7", "@popperjs/core": "^2.9.2",
-					"@rollup/plugin-babel": "^5.3.0", "@rollup/plugin-commonjs": "^19.0.1",
-					"@rollup/plugin-node-resolve": "^13.0.2", "@rollup/plugin-replace": "^3.0.0",
-					"autoprefixer": "^10.2.6", "bundlewatch": "^0.3.2", "clean-css-cli": "^5.3.0",
-					"cross-env": "^7.0.3", "eslint": "^7.31.0", "eslint-config-xo": "^0.36.0",
-					"eslint-plugin-import": "^2.23.4", "eslint-plugin-unicorn": "^31.0.0",
-					"find-unused-sass-variables": "^3.1.0", "glob": "^7.1.7", "globby": "^11.0.4",
-					"hammer-simulator": "0.0.1", "hugo-bin": "^0.73.0", "ip": "^1.1.5",
-					"jquery": "^3.6.0", "karma": "^6.3.4", "karma-browserstack-launcher": "1.4.0",
-					"karma-chrome-launcher":            "^3.1.0",
-					"karma-coverage-istanbul-reporter": "^3.0.3",
-					"karma-detect-browsers":            "^2.3.3",
-					"karma-firefox-launcher":           "^2.1.1", "karma-jasmine": "^4.0.1",
-					"karma-jasmine-html-reporter": "^1.7.0",
-					"karma-rollup-preprocessor":   "^7.0.7", "linkinator": "^2.14.0",
-					"lockfile-lint": "^4.6.2", "nodemon": "^2.0.12", "npm-run-all": "^4.1.5",
-					"postcss": "^8.3.5", "postcss-cli": "^8.3.1", "rollup": "^2.53.3",
-					"rollup-plugin-istanbul": "^3.0.0", "rtlcss": "^3.3.0", "sass": "^1.35.2",
-					"shelljs": "^0.8.4", "stylelint": "^13.13.1",
-					"stylelint-config-twbs-bootstrap": "^2.2.3", "terser": "5.1.0", "vnu-jar": "21.6.11"},
+				DevDependencies: map[string]string{
+					"@babel/cli":  "^7.14.5",
+					"@babel/core": "^7.14.6",
+				},
 			},
 		},
 		{