fix: properly decode SPDX license expressions in CycloneDX format (#3175)

Signed-off-by: Mikail Kocak <mikail-gh@pm.me>
This commit is contained in:
Mikail 2024-08-29 17:05:43 +02:00 committed by GitHub
parent 731fc77641
commit f2caf45695
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 8 deletions

View file

@ -54,17 +54,14 @@ func decodeLicenses(c *cyclonedx.Component) []pkg.License {
} }
for _, l := range *c.Licenses { for _, l := range *c.Licenses {
if l.License == nil {
continue
}
// these fields are mutually exclusive in the spec // these fields are mutually exclusive in the spec
switch { switch {
case l.License.ID != "": case l.License != nil && l.License.ID != "":
licenses = append(licenses, pkg.NewLicenseFromURLs(l.License.ID, l.License.URL)) licenses = append(licenses, pkg.NewLicenseFromURLs(l.License.ID, l.License.URL))
case l.License.Name != "": case l.License != nil && l.License.Name != "":
licenses = append(licenses, pkg.NewLicenseFromURLs(l.License.Name, l.License.URL)) licenses = append(licenses, pkg.NewLicenseFromURLs(l.License.Name, l.License.URL))
case l.Expression != "": case l.Expression != "":
licenses = append(licenses, pkg.NewLicenseFromURLs(l.Expression, l.License.URL)) licenses = append(licenses, pkg.NewLicense(l.Expression))
default: default:
} }
} }

View file

@ -254,7 +254,8 @@ func TestDecodeLicenses(t *testing.T) {
input: &cyclonedx.Component{ input: &cyclonedx.Component{
Licenses: &cyclonedx.Licenses{ Licenses: &cyclonedx.Licenses{
{ {
License: &cyclonedx.License{}, // CycloneDX specification doesn't allow to provide License if Expression is provided
License: nil,
Expression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0", Expression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
}, },
}, },
@ -264,7 +265,6 @@ func TestDecodeLicenses(t *testing.T) {
Value: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0", Value: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
SPDXExpression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0", SPDXExpression: "MIT AND GPL-3.0-only WITH Classpath-exception-2.0",
Type: license.Declared, Type: license.Declared,
URLs: []string{},
}, },
}, },
}, },