Skip to content

Fix reported license normalization bugs #1599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AgentGoose32 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix reported license normalization bugs #1599

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions app/models/package.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,8 +270,6 @@ def normalize_licenses
self.normalized_licenses =
if licenses.blank?
[]
elsif licenses.length > 150
["Other"]
else
spdx = spdx_license
if spdx.empty?
Expand All @@ -287,9 +285,13 @@ def licenses
end

NON_SPDX_LICENSE_VALUES = %w[other unknown none noassertion proprietary custom see\ license].freeze
SPDX_EXACT_LICENSE_IDS = {
'edl-1.0' => 'EDL-1.0'
}.freeze

def spdx_license
return Spdx.parse_spdx(licenses).licenses if Spdx.valid_spdx?(licenses)
return ["MIT"] if licenses.match?(/mit license.*permission is hereby granted/im)

licenses
.downcase
Expand All @@ -301,9 +303,15 @@ def spdx_license
.flat_map { |l| l.split(/[,\/]/) }
.map(&:strip)
.reject { |l| l.blank? || l.match?(/\A(version\s+)?[\d.]+\z/) }
.map { |l| NON_SPDX_LICENSE_VALUES.include?(l) ? nil : Spdx.find(l) }
.map { |l| license_id_for(l) }
.compact
.map(&:id)
end

def license_id_for(license)
return nil if NON_SPDX_LICENSE_VALUES.include?(license)
return SPDX_EXACT_LICENSE_IDS[license] if SPDX_EXACT_LICENSE_IDS.key?(license)

Spdx.find(license)&.id
end

def manual_license_format(license)
Expand Down
17 changes: 17 additions & 0 deletions test/models/package_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,23 @@ class PackageTest < ActiveSupport::TestCase
assert_equal ["Apache-2.0"], package.normalized_licenses
end

test 'normalize_licenses preserves EDL in compound SPDX expression' do
package = @registry.packages.create(name: 'test_edl', ecosystem: @registry.ecosystem, licenses: '(EDL-1.0 OR EPL-1.0)')
package.normalize_licenses
assert_equal ["EDL-1.0", "EPL-1.0"], package.normalized_licenses
end

test 'normalize_licenses recognizes long MIT license text' do
license_text = <<~LICENSE
MIT License Copyright (c) 2023 Thomas Montaigu Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software.
LICENSE
package = @registry.packages.create(name: 'test_mit_text', ecosystem: @registry.ecosystem, licenses: license_text)
package.normalize_licenses
assert_equal ["MIT"], package.normalized_licenses
end

test 'set_latest_release_published_at' do
@package.set_latest_release_published_at
assert_equal @package.latest_release_published_at, @version2.published_at
Expand Down