source/tools/python/test_licenses.py

"""
Validate 3rdparty library licenses as approved.
"""

import re

from pkg_resources import (
    DistInfoDistribution,
    working_set,
)
import pytest


# Licenses approved as representing non-copyleft and not precluding commercial usage.
# This is all easy, there's a good schema here.
APPROVED_LICENSES = [
    MIT := "License :: OSI Approved :: MIT License",
    APACHE := "License :: OSI Approved :: Apache Software License",
    BSD := "License :: OSI Approved :: BSD License",
    MPL10 := "License :: OSI Approved :: Mozilla Public License 1.0 (MPL)",
    MPL11 := "License :: OSI Approved :: Mozilla Public License 1.1 (MPL 1.1)",
    MPL20 := "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
    PSFL := "License :: OSI Approved :: Python Software Foundation License",
    LGPL := "License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL)",
    LGPL3 := "License :: OSI Approved :: GNU Lesser General Public License v3 or later (LGPLv3+)",
    ISCL := "License :: OSI Approved :: ISC License (ISCL)",
]

UNAPPROVED_LICENSES = [
    GPL1 := "License :: OSI Approved :: GNU General Public License",
    GPL2 := "License :: OSI Approved :: GNU General Public License v2 (GPLv2)",
    GPL3 := "License :: OSI Approved :: GNU General Public License v3 (GPLv3)",
]

# This data is GARBO.
LICENSES_BY_LOWERNAME = {
    "apache 2.0": APACHE,
    "apache": APACHE,
    "http://www.apache.org/licenses/license-2.0": APACHE,
    "bsd 3": BSD,
    "bsd": BSD,
    "gpl": GPL1,
    "gpl2": GPL2,
    "gpl3": GPL3,
    "lgpl": LGPL,
    "lgpl3": LGPL3,
    "isc": ISCL,
    "mit": MIT,
    "mpl": MPL10,
    "mpl 2.0": MPL20,
    "psf": PSFL,
}

# Mash in some cases.
LICENSES_BY_LOWERNAME.update(
    {lic.split(" :: ")[-1].lower(): lic for lic in APPROVED_LICENSES}
)

# As a workaround for packages which don"t have correct meadata on PyPi, hand-verified packages
APPROVED_PACKAGES = [
    "yamllint",  # WARNING: YAMLLINT IS GLP3"d.
    "Flask_Log_Request_ID",  # MIT, currently depended on as a git dep.
    "anosql",  # BSD
]


def bash_license(ln):
    while True:
        lnn = re.sub(
            r"[(),]|( version)|( license)|( ?v(?=\d))|([ -]clause)|(or later)",
            "",
            ln.lower(),
        )
        if ln != lnn:
            ln = lnn
        else:
            break

    ln = LICENSES_BY_LOWERNAME.get(ln, ln)
    return ln


@pytest.mark.parametrize(
    "a,b",
    [
        ("MIT", MIT),
        ("mit", MIT),
        ("BSD", BSD),
        ("BSD 3-clause", BSD),
        ("BSD 3 clause", BSD),
        ("GPL3", GPL3),
        ("GPL v3", GPL3),
        ("GPLv3", GPL3),
    ],
)
def test_bash_license(a, b):
    assert bash_license(a) == b


def licenses(dist: DistInfoDistribution):
    """Get dist metadata (the licenses list) from PyPi.

    pip and other tools use the local dist metadata to introspect licenses which requires that
    packages be installed. Going to PyPi isn't strictly reproducible both because the PyPi database
    could be updated and we could see network failures but there really isn't a good way to solve
    this problem.

    """

    lics = []
    name = dist.project_name
    version = dist.version
    print(name, version, type(dist))

    meta = dist.get_metadata(dist.PKG_INFO).split("\n")
    classifiers = [
        l.replace("Classifier: ", "", 1) for l in meta if l.startswith("Classifier: ")
    ]
    license = bash_license(
        next((l for l in meta if l.startswith("License:")), "License: UNKNOWN").replace(
            "License: ", "", 1
        )
    )
    lics.extend(l for l in classifiers if l.startswith("License ::"))

    if not lics:
        lics.append(license)

    return lics


@pytest.mark.parametrize(
    "dist",
    (w for w in working_set if w.location.find("arrdem_source_pypi") != -1),
    ids=lambda dist: dist.project_name,
)
def test_approved_license(dist: DistInfoDistribution):
    """Ensure that a given package is either allowed by name or uses an approved license."""

    _licenses = licenses(dist)
    print(dist.location)
    assert dist.project_name in APPROVED_PACKAGES or any(
        lic in APPROVED_LICENSES for lic in _licenses
    ), f"{dist.project_name} ({dist.location}) was not approved and its license(s) were unknown {_licenses!r}"
Initial state 2021-04-08 06:37:51 +00:00			`"""`
			`Validate 3rdparty library licenses as approved.`
			`"""`

			`import re`

Fmt. 2021-09-20 00:05:22 +00:00			`from pkg_resources import (`
			`DistInfoDistribution,`
			`working_set,`
			`)`
Initial state 2021-04-08 06:37:51 +00:00			`import pytest`
Fmt. 2021-05-31 18:28:46 +00:00
Initial state 2021-04-08 06:37:51 +00:00
			`# Licenses approved as representing non-copyleft and not precluding commercial usage.`
			`# This is all easy, there's a good schema here.`
			`APPROVED_LICENSES = [`
Black all the things 2021-09-03 04:10:35 +00:00			`MIT := "License :: OSI Approved :: MIT License",`
Fmt. 2021-05-31 18:28:46 +00:00			`APACHE := "License :: OSI Approved :: Apache Software License",`
Black all the things 2021-09-03 04:10:35 +00:00			`BSD := "License :: OSI Approved :: BSD License",`
			`MPL10 := "License :: OSI Approved :: Mozilla Public License 1.0 (MPL)",`
			`MPL11 := "License :: OSI Approved :: Mozilla Public License 1.1 (MPL 1.1)",`
			`MPL20 := "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",`
			`PSFL := "License :: OSI Approved :: Python Software Foundation License",`
			`LGPL := "License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL)",`
			`LGPL3 := "License :: OSI Approved :: GNU Lesser General Public License v3 or later (LGPLv3+)",`
			`ISCL := "License :: OSI Approved :: ISC License (ISCL)",`
Fmt. 2021-05-31 18:28:46 +00:00			`]`

			`UNAPPROVED_LICENSES = [`
			`GPL1 := "License :: OSI Approved :: GNU General Public License",`
			`GPL2 := "License :: OSI Approved :: GNU General Public License v2 (GPLv2)",`
			`GPL3 := "License :: OSI Approved :: GNU General Public License v3 (GPLv3)",`
Initial state 2021-04-08 06:37:51 +00:00			`]`

			`# This data is GARBO.`
			`LICENSES_BY_LOWERNAME = {`
Fmt. 2021-05-31 18:28:46 +00:00			`"apache 2.0": APACHE,`
			`"apache": APACHE,`
			`"http://www.apache.org/licenses/license-2.0": APACHE,`
			`"bsd 3": BSD,`
			`"bsd": BSD,`
			`"gpl": GPL1,`
			`"gpl2": GPL2,`
			`"gpl3": GPL3,`
Allow LGPL deps 2021-08-14 15:25:47 +00:00			`"lgpl": LGPL,`
			`"lgpl3": LGPL3,`
Fmt. 2021-05-31 18:28:46 +00:00			`"isc": ISCL,`
			`"mit": MIT,`
			`"mpl": MPL10,`
			`"mpl 2.0": MPL20,`
			`"psf": PSFL,`
Initial state 2021-04-08 06:37:51 +00:00			`}`

			`# Mash in some cases.`
			`LICENSES_BY_LOWERNAME.update(`
Done with flake8 2021-08-30 07:06:21 +00:00			`{lic.split(" :: ")[-1].lower(): lic for lic in APPROVED_LICENSES}`
Initial state 2021-04-08 06:37:51 +00:00			`)`

			`# As a workaround for packages which don"t have correct meadata on PyPi, hand-verified packages`
			`APPROVED_PACKAGES = [`
			`"yamllint", # WARNING: YAMLLINT IS GLP3"d.`
			`"Flask_Log_Request_ID", # MIT, currently depended on as a git dep.`
Allowlist anosql 2021-05-15 00:47:16 +00:00			`"anosql", # BSD`
Initial state 2021-04-08 06:37:51 +00:00			`]`


Fmt. 2021-05-31 18:28:46 +00:00			`def bash_license(ln):`
			`while True:`
Black all the things 2021-09-03 04:10:35 +00:00			`lnn = re.sub(`
Fmt. 2021-09-25 04:37:38 +00:00			`r"[(),]\|( version)\|( license)\|( ?v(?=\d))\|([ -]clause)\|(or later)",`
			`"",`
			`ln.lower(),`
Black all the things 2021-09-03 04:10:35 +00:00			`)`
Fmt. 2021-05-31 18:28:46 +00:00			`if ln != lnn:`
			`ln = lnn`
			`else:`
			`break`
Initial state 2021-04-08 06:37:51 +00:00
Fmt. 2021-05-31 18:28:46 +00:00			`ln = LICENSES_BY_LOWERNAME.get(ln, ln)`
			`return ln`
Initial state 2021-04-08 06:37:51 +00:00

Black all the things 2021-09-03 04:10:35 +00:00			`@pytest.mark.parametrize(`
			`"a,b",`
			`[`
			`("MIT", MIT),`
			`("mit", MIT),`
			`("BSD", BSD),`
			`("BSD 3-clause", BSD),`
			`("BSD 3 clause", BSD),`
			`("GPL3", GPL3),`
			`("GPL v3", GPL3),`
			`("GPLv3", GPL3),`
			`],`
			`)`
Fmt. 2021-05-31 18:28:46 +00:00			`def test_bash_license(a, b):`
			`assert bash_license(a) == b`
Initial state 2021-04-08 06:37:51 +00:00

Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`def licenses(dist: DistInfoDistribution):`
			`"""Get dist metadata (the licenses list) from PyPi.`
Initial state 2021-04-08 06:37:51 +00:00
Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`pip and other tools use the local dist metadata to introspect licenses which requires that`
Initial state 2021-04-08 06:37:51 +00:00			`packages be installed. Going to PyPi isn't strictly reproducible both because the PyPi database`
			`could be updated and we could see network failures but there really isn't a good way to solve`
			`this problem.`

			`"""`
Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00
Done with flake8 2021-08-30 07:06:21 +00:00			`lics = []`
Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`name = dist.project_name`
			`version = dist.version`
			`print(name, version, type(dist))`

			`meta = dist.get_metadata(dist.PKG_INFO).split("\n")`
Fmt. 2021-09-25 04:37:38 +00:00			`classifiers = [`
			`l.replace("Classifier: ", "", 1) for l in meta if l.startswith("Classifier: ")`
			`]`
			`license = bash_license(`
			`next((l for l in meta if l.startswith("License:")), "License: UNKNOWN").replace(`
			`"License: ", "", 1`
			`)`
			`)`
Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`lics.extend(l for l in classifiers if l.startswith("License ::"))`

			`if not lics:`
			`lics.append(license)`
Initial state 2021-04-08 06:37:51 +00:00
Done with flake8 2021-08-30 07:06:21 +00:00			`return lics`
Initial state 2021-04-08 06:37:51 +00:00

Fmt. 2021-09-25 04:37:38 +00:00			`@pytest.mark.parametrize(`
			`"dist",`
			`(w for w in working_set if w.location.find("arrdem_source_pypi") != -1),`
			`ids=lambda dist: dist.project_name,`
			`)`
Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`def test_approved_license(dist: DistInfoDistribution):`
Initial state 2021-04-08 06:37:51 +00:00			`"""Ensure that a given package is either allowed by name or uses an approved license."""`

Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`_licenses = licenses(dist)`
			`print(dist.location)`
			`assert dist.project_name in APPROVED_PACKAGES or any(`
Done with flake8 2021-08-30 07:06:21 +00:00			`lic in APPROVED_LICENSES for lic in _licenses`
Get test_licenses using pkg_info ala liccheck Fixes #2 2021-09-19 23:59:18 +00:00			`), f"{dist.project_name} ({dist.location}) was not approved and its license(s) were unknown {_licenses!r}"`