test: update tests to match new SPDXLicense structure

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
This commit is contained in:
Christopher Phillips 2024-10-01 11:52:48 -04:00
parent 8a722d0ffe
commit 6f401891e7
No known key found for this signature in database
3 changed files with 28 additions and 6 deletions

View file

@ -3,13 +3,16 @@ package helpers
import (
"crypto/sha256"
"fmt"
"strings"
"regexp"
"github.com/anchore/syft/internal/spdxlicense"
"github.com/anchore/syft/syft/license"
"github.com/anchore/syft/syft/pkg"
"strings"
)
var validSPDXValue = regexp.MustCompile("[^A-Za-z0-9\\-\\.]+")
func License(p pkg.Package) (concluded, declared string) {
// source: https://spdx.github.io/spdx-spec/v2.3/package-information/#713-concluded-license-field
// The options to populate this field are limited to:
@ -60,6 +63,7 @@ func joinLicenses(licenses []SPDXLicense) string {
type SPDXLicense struct {
ID string
Value string
FullText string
}
func ParseLicenses(raw []pkg.License) (concluded, declared []SPDXLicense) {
@ -69,14 +73,25 @@ func ParseLicenses(raw []pkg.License) (concluded, declared []SPDXLicense) {
}
candidate := SPDXLicense{}
// a pkg license can have a couple combinations of values
if l.SPDXExpression != "" {
// extract which value was used for the license
switch {
case l.SPDXExpression != "":
candidate.ID = l.SPDXExpression
hash := sha256.Sum256([]byte(l.Value))
candidate.ID = fmt.Sprintf("%s%x", spdxlicense.LicenseRefPrefix, hash)
candidate.Value = l.Value
case l.Value != "":
hash := sha256.Sum256([]byte(l.Value))
candidate.ID = fmt.Sprintf("%s%x", spdxlicense.LicenseRefPrefix, hash)
validSpdxRef := validSPDXValue.ReplaceAllString(l.Value, "-")
candidate.Value = fmt.Sprintf("%s%s", spdxlicense.LicenseRefPrefix, validSpdxRef)
default:
hash := sha256.Sum256([]byte(l.FullText))
candidate.ID = fmt.Sprintf("%s%x", spdxlicense.LicenseRefPrefix, hash)
candidate.FullText = l.FullText
}
// extract if concluded or declared
switch l.Type {
case license.Concluded:
concluded = append(concluded, candidate)

View file

@ -77,7 +77,7 @@ func Test_License(t *testing.T) {
expected: expected{
concluded: "NOASSERTION",
// because we separate licenses between valid SPDX and non valid, valid ID always end at the front
declared: "MIT AND LicenseRef-one-thing-first AND LicenseRef-two-things----second",
declared: "MIT AND LicenseRef-one-thing-first AND LicenseRef-two-things-second",
},
},
{
@ -121,6 +121,11 @@ func Test_joinLicenses(t *testing.T) {
args: []string{"MIT AND Apache", "GPL-3.0-only"},
want: "(MIT AND Apache) AND GPL-3.0-only",
},
{
name: "multiple licenses with license references?",
args: []string{"MIT AND Apache", "GPL-3.0-only"},
want: "(MIT AND Apache) AND GPL-3.0-only",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {

View file

@ -81,6 +81,7 @@ func NewLicenseFromType(value string, t license.Type) License {
// in this case we annotate this as the full text to not lose value and do not extract the complex case
if strings.Contains(value, "\n") {
return License{
Type: t,
FullText: value,
}
}
@ -98,6 +99,7 @@ func NewLicenseFromType(value string, t license.Type) License {
}
return License{
Value: value,
SPDXExpression: spdxExpression,
Type: t,
Locations: file.NewLocationSet(),