Add allow option (#19)

* Add --allow option
* Bump composer version to include bugfix GHSA-h5h8-pc6h-jvvx
* Bump version to 2.2.0

Author: dominikb

.scrutinizer.yml

@@ -24,6 +24,9 @@ build:
                 override:
                     - php-scrutinizer-run
         coverage:
+            environment:
+                variables:
+                    XDEBUG_MODE: coverage
             tests:
                 override:
                     - command: composer test-coverage

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to `composer-license-checker` will be documented in this file
 
+## 2.2.0 - 2021-06-02
+
+### Added
+- __--allow__ option to always allow a specific package or author/vendor
+
 ## 2.1.0 - 2020-12-31
 
 ### Added

README.md

@@ -28,7 +28,10 @@ Two separate commands are provided:
 Use `./composer-license-checker help` to get info about general usage or use the syntax `./composer-license-checker help COMMAND_NAME` to see more information about a specific command available. 
 
 ``` bash
-vendor/bin/composer-license-checker check --allowlist MIT
+./vendor/bin/composer-license-checker check \
+        --allowlist MIT \ # Fail if anything but MIT license is used
+        --blocklist GPL \ # Fail if any dependency uses GPL
+        --allow dominikb/composer-license-checker # Always allow this dependency regardless of its license
 
 vendor/bin/composer-license-checker report -p /path/to/your/project -c /path/to/composer.phar
 ```

composer-license-checker

@@ -41,7 +41,7 @@ $reportCommand = new ReportCommand;
 $reportCommand->setLicenseLookup($licenceLookUp);
 $reportCommand->setDependencyLoader(new DependencyLoader);
 
-$application = new Application('composer-license-checker', '2.0.0');
+$application = new Application('composer-license-checker', '2.2.0');
 
 $application->addCommands([$checkCommand, $reportCommand]);
 

composer.json

@@ -1,7 +1,7 @@
 {
     "name": "dominikb/composer-license-checker",
     "description": "Utility to check for licenses of dependencies and block/allow them.",
-    "version": "2.1.0",
+    "version": "2.2.0",
     "keywords": [
         "dominikb",
         "composer-license-checker"
@@ -18,7 +18,7 @@
     ],
     "require": {
         "php": "^7.3|^8.0",
-        "composer/composer": "^1.8|^2.0",
+        "composer/composer": ">=1.10.22|>=2.0.13",
         "guzzlehttp/guzzle": "^6.3|^7.2",
         "psr/simple-cache": "^1.0",
         "symfony/cache": "^4.2.3|^5.2",

src/CheckCommand.php

@@ -59,6 +59,12 @@ protected function configure()
                 InputOption::VALUE_IS_ARRAY | InputOption::VALUE_OPTIONAL,
                 'Mark a specific license prohibited for usage'
             ),
+            new InputOption(
+              'allow',
+              '',
+              InputOption::VALUE_IS_ARRAY | InputOption::VALUE_OPTIONAL,
+              'Determine a vendor or package to always be allowed and never trigger violations'
+            ),
         ]));
     }
 
@@ -82,7 +88,11 @@ public function execute(InputInterface $input, OutputInterface $output)
         $this->io->writeln(count($dependencies).' dependencies were found ...');
         $this->io->newLine();
 
-        $violations = $this->determineViolations($dependencies, $input->getOption('blocklist'), $input->getOption('allowlist'));
+        $violations = $this->determineViolations($dependencies,
+            $input->getOption('blocklist'),
+            $input->getOption('allowlist'),
+            $input->getOption('allow')
+        );
 
         try {
             $this->handleViolations($violations);
@@ -110,11 +120,15 @@ private function ensureCommandCanBeExecuted(): void
         }
     }
 
-    private function determineViolations(array $dependencies, array $blocklist, array $allowlist): array
+    private function determineViolations(array $dependencies, array $blocklist, array $allowlist, array $allowed): array
     {
         $this->licenseConstraintHandler->setBlocklist($blocklist);
         $this->licenseConstraintHandler->setAllowlist($allowlist);
 
+        $this->licenseConstraintHandler->allow(array_map(function ($dependency) {
+            return new Dependency($dependency);
+        }, $allowed));
+
         return $this->licenseConstraintHandler->detectViolations($dependencies);
     }
 

src/ConstraintViolationDetector.php

@@ -15,6 +15,9 @@ class ConstraintViolationDetector implements LicenseConstraintHandler
     /** @var string[] */
     protected $allowlist = [];
 
+    /** @var Dependency[] */
+    private $alwaysAllowed = [];
+
     public function setBlocklist(array $licenses): void
     {
         $this->blocklist = $licenses;
@@ -25,6 +28,17 @@ public function setAllowlist(array $licenses): void
         $this->allowlist = $licenses;
     }
 
+    public function allow($dependencies): void
+    {
+        if (! is_array($dependencies)) {
+            $dependencies = [$dependencies];
+        }
+
+        foreach ($dependencies as $allowed) {
+            $this->alwaysAllowed[] = $allowed;
+        }
+    }
+
     /**
      * @param Dependency[] $dependencies
      *
@@ -35,9 +49,11 @@ public function detectViolations(array $dependencies): array
     {
         $this->ensureConfigurationIsValid();
 
+        $possibleViolators = $this->exceptAllowed($dependencies);
+
         return [
-            $this->detectBlocklistViolation($dependencies),
-            $this->detectAllowlistViolation($dependencies),
+            $this->detectBlocklistViolation($possibleViolators),
+            $this->detectAllowlistViolation($possibleViolators),
         ];
     }
 
@@ -99,4 +115,56 @@ private function anyLicenseOnList(array $licenses, array $list): bool
     {
         return count(array_intersect($licenses, $list)) > 0;
     }
+
+    /**
+     * @param Dependency[] $dependencies
+     *
+     * @return Dependency[]
+     */
+    private function exceptAllowed(array $dependencies): array
+    {
+        $possiblyViolating = [];
+
+        if (empty($this->alwaysAllowed)) {
+            return $dependencies;
+        }
+
+        foreach ($dependencies as $dependency) {
+            foreach ($this->alwaysAllowed as $allowedDependency) {
+                if ($this->matches($allowedDependency, $dependency)) {
+                    continue 2; // Outer for: test next dependency
+                }
+            }
+
+            $possiblyViolating[] = $dependency;
+        }
+
+        return $possiblyViolating;
+    }
+
+    /**
+     * Determine if the $original author and package name match for $tryMatch.
+     * An empty string for either the author or package gets interpreted as a wilcard.
+     *
+     * @param Dependency $original
+     * @param Dependency $tryMatch
+     *
+     * @return bool
+     */
+    private function matches(Dependency $original, Dependency $tryMatch): bool
+    {
+        if ($original->getAuthorName()) {
+            if (! ($original->getAuthorName() === $tryMatch->getAuthorName())) {
+                return false;
+            }
+        }
+
+        if ($original->getPackageName()) {
+            if (! ($original->getPackageName() === $tryMatch->getPackageName())) {
+                return false;
+            }
+        }
+
+        return true;
+    }
 }

src/Contracts/LicenseConstraintHandler.php

@@ -13,6 +13,11 @@ public function setBlocklist(array $licenses): void;
 
     public function setAllowlist(array $licenses): void;
 
+    /**
+     * @param Dependency[]|Dependency $dependencies
+     */
+    public function allow($dependencies): void;
+
     /**
      * @param Dependency[] $dependencies
      *

src/Dependency.php

@@ -15,6 +15,20 @@ class Dependency
     /** @var string[] */
     private $licenses;
 
+    /**
+     * Dependency constructor.
+     *
+     * @param string   $name
+     * @param string   $version
+     * @param string[] $licenses
+     */
+    public function __construct(string $name = '', string $version = '', array $licenses = [])
+    {
+        $this->name = $name;
+        $this->version = $version;
+        $this->licenses = $licenses;
+    }
+
     /**
      * @return string
      */
@@ -68,4 +82,20 @@ public function setLicenses(array $licenses): self
 
         return $this;
     }
+
+    public function getAuthorName(): string
+    {
+        return explode('/', $this->name)[0];
+    }
+
+    public function getPackageName(): string
+    {
+        $parts = explode('/', $this->name);
+
+        if (count($parts) != 2) {
+            return '';
+        }
+
+        return $parts[1];
+    }
 }

src/ReportCommand.php

@@ -8,7 +8,7 @@
 use Dominikb\ComposerLicenseChecker\Contracts\LicenseLookupAware;
 use Dominikb\ComposerLicenseChecker\Traits\DependencyLoaderAwareTrait;
 use Dominikb\ComposerLicenseChecker\Traits\LicenseLookupAwareTrait;
-use Symfony\Component\Cache\Simple\NullCache;
+use Symfony\Component\Cache\Adapter\NullAdapter;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Helper\Table;
 use Symfony\Component\Console\Input\InputDefinition;
@@ -20,8 +20,6 @@ class ReportCommand extends Command implements LicenseLookupAware, DependencyLoa
 {
     use LicenseLookupAwareTrait, DependencyLoaderAwareTrait;
 
-    const LINES_BEFORE_DEPENDENCY_VERSIONS = 2;
-
     protected static $defaultName = 'report';
 
     protected function configure()
@@ -92,7 +90,7 @@ private function groupDependenciesByLicense(array $dependencies)
     private function lookUpLicenses(array $licenses, OutputInterface $output, $useCache = true)
     {
         if (! $useCache) {
-            $this->licenseLookup->setCache(new NullCache);
+            $this->licenseLookup->setCache(new NullAdapter);
         }
 
         $lookedUp = [];