From ceac46e4caf9f97083c1fbda097cea7b3f8fbf5d Mon Sep 17 00:00:00 2001
From: Thibaut Rousseau <thibaut.rousseau@protonmail.com>
Date: Tue, 20 Mar 2018 19:27:17 +0100
Subject: [PATCH 1/2] Various improvements to install.sh (#109)

* fix(installer): Fix shellcheck warnings

* fix(install): Fix install to PATH

* fix(install): Fix cleanup

* fix(installer): Fix more Shellcheck warnings

* feat(installer): Automatically retrieve latest version

* doc: Fix comment
---
 install.sh | 46 +++++++++++++++++++++++++++++-----------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/install.sh b/install.sh
index 62dd3615d6..5b6e829750 100755
--- a/install.sh
+++ b/install.sh
@@ -11,29 +11,38 @@
 TMP_DIR="/tmp/install-fossa-cli"
 
 function cleanup {
-  echo rm -rf $TMP_DIR > /dev/null
+  rm -rf $TMP_DIR > /dev/null
 }
+trap cleanup EXIT
 
 function fail {
-  cleanup
   msg=$1
   echo "============"
   echo "Error: $msg" 1>&2
   exit 1
 }
 
+# This function will ask for root privileges before executing a command
+# The goal is to allow the user to run this script as a normal user and
+# to be asked for authorizations as needed
+function askRoot {
+  echo "The following command needs administrator privileges:"
+  echo
+  echo -e "\\t$*"
+  echo
+  # The -k flag forces sudo to re-ask the user for their authorization
+  sudo -k "$@"
+}
+
 function install {
   # Settings
   USER="fossas"
   REPO="fossa-cli"
   BIN="fossa"
-  # TODO: automatically get latest version from GitHub Releases API
-  VERSION="0.4.4"
-  RELEASE="v$VERSION"
-  MOVE="true"
   INSECURE="false"
   OUT_DIR="/usr/local/bin"
   GH="https://github.com"
+  GH_API="https://api.github.com"
 
   # `bash` check
   [ ! "$BASH_VERSION" ] && fail "Please use bash instead"
@@ -41,22 +50,22 @@ function install {
 
   # Check for non-POSIX dependencies
   GET=""
-  if which curl > /dev/null; then
+  if command -v curl > /dev/null; then
     GET="curl"
     if [[ $INSECURE = "true" ]]; then GET="$GET --insecure"; fi
     GET="$GET --fail -# -L"
-  elif which wget > /dev/null; then
+  elif command -v wget > /dev/null; then
     GET="wget"
     if [[ $INSECURE = "true" ]]; then GET="$GET --no-check-certificate"; fi
     GET="$GET -qO-"
   else
     fail "neither wget nor curl are installed"
   fi
-  which tar > /dev/null || fail "tar is not installed"
-  which gzip > /dev/null || fail "gzip is not installed"
+  command -v tar > /dev/null || fail "tar is not installed"
+  command -v gzip > /dev/null || fail "gzip is not installed"
 
   # Detect OS
-  case `uname -s` in
+  case $(uname -s) in
     Darwin) OS="darwin";;
     Linux) OS="linux";;
     *) fail "unknown os: $(uname -s)";;
@@ -81,13 +90,16 @@ function install {
   *) fail "No asset for platform ${OS}-${ARCH}";;
   esac
 
-
   # Enter temporary directory
-  echo "Installing $USER/$REPO $RELEASE..."
   mkdir -p $TMP_DIR
-  cd $TMP_DIR
+  cd $TMP_DIR || fail "changing directory to $TMP_DIR failed"
 
   # Download and validate release
+  bash -c "$GET $GH_API/repos/$USER/$REPO/releases/latest" > latest || fail "downloading latest release metadata failed"
+  RELEASE=$(grep tag_name latest | cut -d'"' -f4)
+  VERSION=${RELEASE#v} # remove prefix "v"
+
+  echo "Installing $USER/$REPO $RELEASE..."
   RELEASE_URL="$GH/$USER/$REPO/releases/download/$RELEASE"
   bash -c "$GET $RELEASE_URL/${REPO}_${VERSION}_${OS}_${ARCH}.tar.gz" > release.tar.gz || fail "downloading release failed"
   bash -c "$GET $RELEASE_URL/${REPO}_${VERSION}_checksums.txt" > checksums.txt || fail "downloading checksums failed"
@@ -98,10 +110,10 @@ function install {
 
   # Move binary into output directory
   chmod +x $BIN || fail "chmod +x failed"
-  mv $BIN $OUT_DIR/$BIN || fail "mv failed"
-  echo "Installed at $OUT_DIR/$BIN"
 
-  cleanup
+  # Admin privileges are required to run this command
+  askRoot mv $BIN $OUT_DIR/$BIN || fail "mv failed"
+  echo "Installed at $OUT_DIR/$BIN"
 }
 
 install

From 91944c92bb7dcd6a896277a980f7821c1362d7f8 Mon Sep 17 00:00:00 2001
From: Leo Zhang <leo@fossa.io>
Date: Tue, 20 Mar 2018 12:11:59 -0700
Subject: [PATCH 2/2] chore: Add TODOs, ignore third_party in autoconfig

---
 builders/gradle.go | 2 ++
 cmd/fossa/init.go  | 2 +-
 cmd/fossa/main.go  | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/builders/gradle.go b/builders/gradle.go
index cff654bae5..ad7c234719 100644
--- a/builders/gradle.go
+++ b/builders/gradle.go
@@ -64,6 +64,7 @@ func (builder *GradleBuilder) Analyze(m module.Module, allowUnresolved bool) ([]
 
 	// TODO: We need to let the user configure the right configurations
 	// NOTE: we are intentionally using exec.Command over runLogged here, due to path issues with defining cmd.Dir
+	// TODO: set TERM=dumb
 	dependenciesOutput, err := exec.Command(builder.GradleCmd, taskName+":dependencies", "-q", "--configuration="+taskConfiguration, "--offline", "-a").Output()
 	if len(dependenciesOutput) == 0 || err != nil {
 		return nil, fmt.Errorf("could not run Gradle task %s:dependencies", taskName)
@@ -120,6 +121,7 @@ func (builder *GradleBuilder) DiscoverModules(dir string) ([]module.Config, erro
 			// Search for subprojects using Gradle task list instead of grepping for build.gradle
 			var moduleConfigurations []module.Config
 			// NOTE: this leaves out the root ("") dependencies task. To include, replace with `(\w+:)?dependencies -`
+			// TODO: check for root dependencies task if not found otherwise
 			taskListRe := regexp.MustCompile(`\w+:dependencies -`)
 			for _, line := range strings.Split(string(taskListOutput), "\n") {
 				trimmed := strings.TrimSpace(line)
diff --git a/cmd/fossa/init.go b/cmd/fossa/init.go
index 4334026c7a..f0b3652775 100644
--- a/cmd/fossa/init.go
+++ b/cmd/fossa/init.go
@@ -50,7 +50,7 @@ func doInit(conf *config.CLIConfig, overwrite bool, includeAll bool) error {
 			// Filter suspicious modules
 			var filteredModuleConfigs []module.Config
 			for _, c := range conf.Modules {
-				if matched, err := regexp.MatchString("(docs?/|test|example|vendor/|node_modules/|.srclib-cache/|spec/|Godeps/|.git/|bower_components/)", c.Path); err != nil || matched != true {
+				if matched, err := regexp.MatchString("(docs?/|test|example|vendor/|node_modules/|.srclib-cache/|spec/|Godeps/|.git/|bower_components/|third_party/)", c.Path); err != nil || matched != true {
 					filteredModuleConfigs = append(filteredModuleConfigs, c)
 				} else {
 					initLogger.Warningf("Filtering out suspicious module: %s (%s)", c.Name, c.Path)
diff --git a/cmd/fossa/main.go b/cmd/fossa/main.go
index 46dfa42355..92265f6788 100644
--- a/cmd/fossa/main.go
+++ b/cmd/fossa/main.go
@@ -16,6 +16,7 @@ import (
 )
 
 // main.{version,commit,goversion} are set by linker flags in Makefile and goreleaser
+// TODO: These may empty if built using `go get`
 var version string
 var commit string
 var goversion string