From c6eb75ff742987143ff26873045ed3f0d7280f7a Mon Sep 17 00:00:00 2001 From: Thomas Schafer Date: Thu, 6 Feb 2025 16:04:38 +0000 Subject: [PATCH] chore: use normalized licenses from versioned package --- internal/utils/spdx.go | 12 ++++++------ internal/utils/spdx_test.go | 12 ++++++------ lib/ecosystems/enrich_cyclonedx_test.go | 12 ++++++------ 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/internal/utils/spdx.go b/internal/utils/spdx.go index 962c47c..658768e 100644 --- a/internal/utils/spdx.go +++ b/internal/utils/spdx.go @@ -33,14 +33,14 @@ func GetPurlFromSPDXPackage(pkg *spdx_2_3.Package) (*packageurl.PackageURL, erro } func GetSPDXLicenseExpressionFromEcosystemsLicense(pkgVersionData *packages.VersionWithDependencies, pkgData *packages.Package) string { - licenses := "" + licenses := []string{} if pkgVersionData != nil && pkgVersionData.Licenses != nil && *pkgVersionData.Licenses != "" { - licenses = *pkgVersionData.Licenses - } else if pkgData != nil && pkgData.Licenses != nil && *pkgData.Licenses != "" { - licenses = *pkgData.Licenses + licenses = strings.Split(*pkgVersionData.Licenses, ",") + } else if pkgData != nil && len(pkgData.NormalizedLicenses) > 0 { + licenses = pkgData.NormalizedLicenses } - if licenses == "" { + if len(licenses) == 0 { return "" } - return fmt.Sprintf("(%s)", strings.Join(strings.Split(licenses, ","), " OR ")) + return fmt.Sprintf("(%s)", strings.Join(licenses, " OR ")) } diff --git a/internal/utils/spdx_test.go b/internal/utils/spdx_test.go index 58c3bac..65eb3b7 100644 --- a/internal/utils/spdx_test.go +++ b/internal/utils/spdx_test.go @@ -13,8 +13,8 @@ func TestGetSPDXLicenseExpressionFromEcosystemsLicense(t *testing.T) { assert := assert.New(t) versionedLicenses := "GPLv2,MIT" pkgVersionData := packages.VersionWithDependencies{Licenses: &versionedLicenses} - latestLicenses := "Apache-2.0" - pkgData := packages.Package{Licenses: &latestLicenses} + latestLicenses := []string{"Apache-2.0"} + pkgData := packages.Package{NormalizedLicenses: latestLicenses} expression := utils.GetSPDXLicenseExpressionFromEcosystemsLicense(&pkgVersionData, &pkgData) assert.Equal("(GPLv2 OR MIT)", expression) } @@ -28,8 +28,8 @@ func TestGetSPDXLicenseExpressionFromEcosystemsLicense_NoData(t *testing.T) { func TestGetSPDXLicenseExpressionFromEcosystemsLicense_NoVersionedData(t *testing.T) { assert := assert.New(t) pkgVersionData := packages.VersionWithDependencies{} - latestLicenses := "Apache-2.0" - pkgData := packages.Package{Licenses: &latestLicenses} + latestLicenses := []string{"Apache-2.0"} + pkgData := packages.Package{NormalizedLicenses: latestLicenses} expression := utils.GetSPDXLicenseExpressionFromEcosystemsLicense(&pkgVersionData, &pkgData) assert.Equal("(Apache-2.0)", expression) } @@ -55,8 +55,8 @@ func TestGetSPDXLicenseExpressionFromEcosystemsLicense_EmptyLicenses(t *testing. assert := assert.New(t) versionedLicenses := "" pkgVersionData := packages.VersionWithDependencies{Licenses: &versionedLicenses} - latestLicenses := "" - pkgData := packages.Package{Licenses: &latestLicenses} + latestLicenses := []string{""} + pkgData := packages.Package{NormalizedLicenses: latestLicenses} expression := utils.GetSPDXLicenseExpressionFromEcosystemsLicense(&pkgVersionData, &pkgData) assert.Equal("", expression) } diff --git a/lib/ecosystems/enrich_cyclonedx_test.go b/lib/ecosystems/enrich_cyclonedx_test.go index 3d33a44..ef9c6c3 100644 --- a/lib/ecosystems/enrich_cyclonedx_test.go +++ b/lib/ecosystems/enrich_cyclonedx_test.go @@ -192,8 +192,8 @@ func TestEnrichLicense(t *testing.T) { } versionedLicenses := "BSD-3-Clause" pkgVersionData := &packages.VersionWithDependencies{Licenses: &versionedLicenses} - latestLicenses := "Apache-2.0" - pkgData := &packages.Package{Licenses: &latestLicenses} + latestLicenses := []string{"Apache-2.0"} + pkgData := &packages.Package{NormalizedLicenses: latestLicenses} enrichCDXLicense(component, pkgVersionData, pkgData) @@ -211,8 +211,8 @@ func TestEnrichLicenseNoVersionedLicense(t *testing.T) { } versionedLicenses := "" pkgVersionData := &packages.VersionWithDependencies{Licenses: &versionedLicenses} - latestLicenses := "Apache-2.0" - pkgData := &packages.Package{Licenses: &latestLicenses} + latestLicenses := []string{"Apache-2.0"} + pkgData := &packages.Package{NormalizedLicenses: latestLicenses} enrichCDXLicense(component, pkgVersionData, pkgData) @@ -230,8 +230,8 @@ func TestEnrichLicenseNoLatestLicense(t *testing.T) { } versionedLicenses := "BSD-3-Clause" pkgVersionData := &packages.VersionWithDependencies{Licenses: &versionedLicenses} - latestLicenses := "" - pkgData := &packages.Package{Licenses: &latestLicenses} + latestLicenses := []string{""} + pkgData := &packages.Package{NormalizedLicenses: latestLicenses} enrichCDXLicense(component, pkgVersionData, pkgData)