Merge branch 'master' into patch-1

README.md

@@ -12,8 +12,8 @@ Build status
 
 LicenseFinder works with your package managers to find dependencies,
 detect the licenses of the packages in them, compare those licenses
-against a user-defined whitelist, and give you an actionable exception
-report.
+against a user-defined list of permitted licenses,
+and give you an actionable exception report.
 
 * code: https://github.com/pivotal/LicenseFinder
 * ci: https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder
@@ -235,21 +235,21 @@ To record who approved the dependency and why:
 $ license_finder approvals add awesome_gpl_gem --who CTO --why "Go ahead"
 ```
 
-### Whitelisting
+### Permitting Licenses
 
 Approving packages one-by-one can be tedious.  Usually your business has
 blanket policies about which packages are approved.  To tell `license_finder`
 that any package with the MIT license should be approved, run:
 
 ``` sh
-$ license_finder whitelist add MIT
+$ license_finder permitted_licenses add MIT
 ```
 
 Any current or future packages with the MIT license will be excluded from the
 output of `license_finder`.
 
-You can also record `--who` and `--why` when changing the whitelist, or making
-any other decision about your project.
+You can also record `--who` and `--why` when changing permitted licenses,
+or making any other decision about your project.
 
 
 ## Output and Artifacts
@@ -269,7 +269,7 @@ decisions.
 
 You could expect `license_finder`, which is an alias for `license_finder
 action_items` to output something like the following on a Rails project where
-MIT had been whitelisted:
+MIT had been permitted:
 
 ```
 Dependencies that need approval:
@@ -369,14 +369,14 @@ since it is a common dependency whose version changes from machine to
 machine.  Adding it to the `ignored_dependencies` would prevent it
 (and its oscillating versions) from appearing in reports.
 
-### Blacklisting Licenses
+### Restricting Licenses
 
-Some projects will have a list of licenses that cannot be used.  You can add
-these licenses to the blacklist `license_finder blacklist add`.  Any dependency
-that has exclusively blacklisted licenses will always appear in the action
-items, even if someone attempts to manually approve or whitelist it.  However,
-if a dependency has even one license outside of the blacklist, it can still be
-manually approved or whitelisted.
+Some projects will have a list of licenses that cannot be used.  You can
+restrict these licenses with `license_finder restricted_licenses add`.  Any dependency
+that has exclusively restricted licenses will always appear in the action
+items, even if someone attempts to manually approve or permit it.  However,
+if a dependency has even one license that is not restricted, it can still be
+manually approved or permitted.
 
 
 ## Configuration

features/features/cli/cli_spec.rb

@@ -66,7 +66,7 @@
   context 'running action_items --recursive' do
     let(:action_items) { 'license_finder action_items --recursive' }
     let(:action_items_prepare) { 'license_finder action_items --prepare --recursive' }
-    let(:whitelist) { 'license_finder whitelist add MIT' }
+    let(:permitted_licenses) { 'license_finder permitted_licenses add MIT' }
     let(:approvals) { 'license_finder approvals add objenesis' }
     let(:relative_decisions_path) { ' --decisions-file=folder-name/dependency_decisions.yml' }
     let(:absolute_decisions_path) { ' --decisions-file=/folder-name/dependency_decisions.yml' }
@@ -77,23 +77,23 @@
     end
 
     specify 'uses default decisions-file' do
-      developer.execute_command(whitelist)
+      developer.execute_command(permitted_licenses)
       developer.execute_command(approvals)
       developer.execute_command(action_items)
       expect(developer).to_not be_seeing('objenesis')
       expect(developer).to_not be_seeing('MIT')
     end
 
     specify 'uses decisions-file with relative path' do
-      developer.execute_command(whitelist + relative_decisions_path)
+      developer.execute_command(permitted_licenses + relative_decisions_path)
       developer.execute_command(approvals + relative_decisions_path)
       developer.execute_command(action_items + relative_decisions_path)
       expect(developer).to_not be_seeing('objenesis')
       expect(developer).to_not be_seeing('MIT')
     end
 
     specify 'uses decisions-file with absolute path' do
-      developer.execute_command(whitelist + absolute_decisions_path)
+      developer.execute_command(permitted_licenses + absolute_decisions_path)
       developer.execute_command(approvals + absolute_decisions_path)
       developer.execute_command(action_items + absolute_decisions_path)
       expect(developer).to_not be_seeing('objenesis')

features/features/configure/approve_dependencies_spec.rb

@@ -4,7 +4,7 @@
 
 describe 'Manually Approved Dependencies' do
   # As a developer
-  # I want to approve dependencies without whitelisting their licenses
+  # I want to approve dependencies without permitting their licenses
   # So that my business can track individual dependencies which it has approved
 
   let(:developer) { LicenseFinder::TestingDSL::User.new }

features/features/configure/whitelist_licenses_spec.rb → features/features/configure/permitted_licenses_spec.rb

@@ -2,9 +2,9 @@
 
 require_relative '../../support/feature_helper'
 
-describe 'Whitelisted licenses' do
+describe 'Permitted licenses' do
   # As a developer
-  # I want to whitelist certain licenses that my business has pre-approved
+  # I want to permit certain licenses that my business has pre-approved
   # So that any dependencies with those licenses do not show up as action items
 
   let(:developer) { LicenseFinder::TestingDSL::User.new }
@@ -13,7 +13,7 @@
 
   specify 'approve dependencies with those licenses' do
     developer.execute_command 'license_finder dependencies add bsd_gem BSD'
-    developer.execute_command 'license_finder whitelist add BSD'
+    developer.execute_command 'license_finder permitted_licenses add BSD'
 
     developer.run_license_finder
     expect(developer).to_not be_seeing 'bsd_gem'
@@ -22,19 +22,19 @@
   specify 'approve dependencies with any of those licenses' do
     developer.execute_command 'license_finder dependencies add dep_with_many_licenses GPL'
     developer.execute_command 'license_finder licenses add dep_with_many_licenses MIT'
-    developer.execute_command 'license_finder whitelist add GPL'
+    developer.execute_command 'license_finder permitted_licenses add GPL'
 
     developer.run_license_finder
     expect(developer).not_to be_seeing 'dep_with_many_licenses'
   end
 
   specify 'are shown in the CLI' do
-    developer.execute_command 'license_finder whitelist add Expat'
-    developer.execute_command 'license_finder whitelist list'
+    developer.execute_command 'license_finder permitted_licenses add Expat'
+    developer.execute_command 'license_finder permitted_licenses list'
     expect(developer).to be_seeing 'MIT'
 
-    developer.execute_command 'license_finder whitelist remove Expat'
-    developer.execute_command 'license_finder whitelist list'
+    developer.execute_command 'license_finder permitted_licenses remove Expat'
+    developer.execute_command 'license_finder permitted_licenses list'
     expect(developer).to_not be_seeing 'MIT'
   end
 end

features/features/configure/restricted_licenses_spec.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative '../../support/feature_helper'
+
+describe 'Restricted licenses' do
+  # As a lawyer
+  # I want to restrict certain licenses
+  # So that any dependencies with only these licenses cannot be approved
+
+  let(:developer) { LicenseFinder::TestingDSL::User.new }
+  let(:lawyer) { LicenseFinder::TestingDSL::User.new }
+
+  before do
+    developer.create_empty_project
+    lawyer.execute_command 'license_finder restricted_licenses add BSD'
+    developer.execute_command 'license_finder dependencies add restricted_dep BSD'
+  end
+
+  specify 'prevent packages from being approved' do
+    developer.execute_command 'license_finder approval add restricted_dep'
+
+    lawyer.run_license_finder
+    expect(lawyer).to be_seeing 'restricted_dep'
+  end
+
+  specify 'override the permitted licenses' do
+    developer.execute_command 'license_finder permitted_licenses add BSD'
+
+    lawyer.run_license_finder
+    expect(lawyer).to be_seeing 'restricted_dep'
+  end
+end

features/features/report/html_spec.rb

@@ -39,7 +39,7 @@
     developer.create_empty_project
     developer.execute_command 'license_finder dependencies add gpl_dep GPL'
     developer.execute_command 'license_finder dependencies add mit_dep MIT'
-    developer.execute_command 'license_finder whitelist add MIT'
+    developer.execute_command 'license_finder permitted_licenses add MIT'
 
     html = product_owner.view_html
     expect(html).to be_unapproved 'gpl_dep'

lib/license_finder/cli.rb

@@ -8,8 +8,8 @@ module CLI
 require 'license_finder/cli/patched_thor'
 require 'license_finder/cli/base'
 require 'license_finder/cli/makes_decisions'
-require 'license_finder/cli/whitelist'
-require 'license_finder/cli/blacklist'
+require 'license_finder/cli/permitted_licenses'
+require 'license_finder/cli/restricted_licenses'
 require 'license_finder/cli/dependencies'
 require 'license_finder/cli/licenses'
 require 'license_finder/cli/approvals'

lib/license_finder/cli/main.rb

@@ -107,7 +107,7 @@ def action_items
         finder = LicenseAggregator.new(config, aggregate_paths)
         any_packages = finder.any_packages?
         unapproved = finder.unapproved
-        blacklisted = finder.blacklisted
+        restricted = finder.restricted
 
         # Ensure to start output on a new line even with dot progress indicators.
         say "\n"
@@ -120,12 +120,12 @@ def action_items
         if unapproved.empty?
           say 'All dependencies are approved for use', :green
         else
-          unless blacklisted.empty?
-            say 'Blacklisted dependencies:', :red
-            say report_of(blacklisted)
+          unless restricted.empty?
+            say 'Restricted dependencies:', :red
+            say report_of(restricted)
           end
 
-          other_unapproved = unapproved - blacklisted
+          other_unapproved = unapproved - restricted
           unless other_unapproved.empty?
             say 'Dependencies that need approval:', :yellow
             say report_of(other_unapproved)
@@ -165,11 +165,11 @@ def diff(file1, file2)
 
       subcommand 'dependencies', Dependencies, 'Add or remove dependencies that your package managers are not aware of'
       subcommand 'licenses', Licenses, "Set a dependency's licenses, if the licenses found by license_finder are missing or wrong"
-      subcommand 'approvals', Approvals, 'Manually approve dependencies, even if their licenses are not whitelisted'
+      subcommand 'approvals', Approvals, 'Manually approve dependencies, even if their licenses are not permitted'
       subcommand 'ignored_groups', IgnoredGroups, 'Exclude test and development dependencies from action items and reports'
       subcommand 'ignored_dependencies', IgnoredDependencies, 'Exclude individual dependencies from action items and reports'
-      subcommand 'whitelist', Whitelist, 'Automatically approve any dependency that has a whitelisted license'
-      subcommand 'blacklist', Blacklist, 'Forbid approval of any dependency whose licenses are all blacklisted'
+      subcommand 'permitted_licenses', PermittedLicenses, 'Automatically approve any dependency that has a permitted license'
+      subcommand 'restricted_licenses', RestrictedLicenses, 'Forbid approval of any dependency whose licenses are all restricted'
       subcommand 'project_name', ProjectName, 'Set the project name, for display in reports'
 
       private

lib/license_finder/cli/permitted_licenses.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module CLI
+    class PermittedLicenses < Base
+      extend Subcommand
+      include MakesDecisions
+
+      desc 'list', 'List all the permitted licenses'
+      def list
+        say 'Permitted Licenses:', :blue
+        say_each(decisions.permitted, &:name)
+      end
+
+      auditable
+      desc 'add LICENSE...', 'Add one or more licenses to the permitted licenses'
+      def add(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.permit(l, txn) } }
+        say "Added #{licenses.join(', ')} to the permitted licenses"
+      end
+
+      auditable
+      desc 'remove LICENSE...', 'Remove one or more licenses from the permitted licenses'
+      def remove(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.unpermit(l, txn) } }
+        say "Removed #{licenses.join(', ')} from the license permitted licenses"
+      end
+    end
+  end
+end

lib/license_finder/cli/restricted_licenses.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module CLI
+    class RestrictedLicenses < Base
+      extend Subcommand
+      include MakesDecisions
+
+      desc 'list', 'List all the restricted licenses'
+      def list
+        say 'Restricted Licenses:', :blue
+        say_each(decisions.restricted, &:name)
+      end
+
+      auditable
+      desc 'add LICENSE...', 'Add one or more licenses to the restricted licenses'
+      def add(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.restrict(l, txn) } }
+        say "Added #{licenses.join(', ')} to the restricted licenses"
+      end
+
+      auditable
+      desc 'remove LICENSE...', 'Remove one or more licenses from the restricted licenses'
+      def remove(*licenses)
+        assert_some licenses
+        modifying { licenses.each { |l| decisions.unrestrict(l, txn) } }
+        say "Removed #{licenses.join(', ')} from the restricted licenses"
+      end
+    end
+  end
+end