Commit 561d687c authored by Can Eldem's avatar Can Eldem

Merge branch 'composite-licenses' into 'master'

Parse composite license expressions

See merge request gitlab-org/security-products/license-management!228
parents 7fe70519 20b6b061
Pipeline #198947877 failed with stages
in 89 minutes and 1 second
# GitLab License management changelog
## v3.27.0
- Parse SPDX License expressions. !228
## v3.26.1
- Switch to working directory that contains the `go.mod` file. !222
......
......@@ -8,8 +8,9 @@ GIT
PATH
remote: .
specs:
license-management (3.26.1)
license-management (3.27.0)
license_finder (~> 6.7)
spandx (~> 0.13)
GEM
remote: https://rubygems.org/
......@@ -68,7 +69,7 @@ GEM
json-schema (2.8.1)
addressable (>= 2.4)
libyajl2 (1.2.0)
license_finder (6.8.2)
license_finder (6.9.0)
bundler
rubyzip (>= 1, < 3)
thor (~> 1.0.1)
......@@ -79,6 +80,7 @@ GEM
ffi-yajl (~> 2.2)
mixlib-shellout (>= 2.2, < 4.0)
toml-rb (>= 1, < 3)
mini_portile2 (2.4.0)
mixlib-cli (2.1.6)
mixlib-config (3.0.6)
tomlrb
......@@ -86,6 +88,9 @@ GEM
mixlib-shellout (3.0.9)
mixlib-versioning (1.2.12)
multipart-post (2.1.1)
net-hippie (0.3.2)
nokogiri (1.10.10)
mini_portile2 (~> 2.4.0)
ohai (16.2.1)
chef-config (>= 12.8, < 17)
chef-utils (>= 16.0, < 17)
......@@ -99,6 +104,7 @@ GEM
plist (~> 3.1)
systemu (~> 2.6.4)
wmi-lite (~> 1.0)
oj (3.10.14)
omnibus (7.0.13)
aws-sdk-s3 (~> 1)
chef-cleanroom (~> 1.0)
......@@ -114,6 +120,7 @@ GEM
parallel (1.19.1)
parser (2.7.0.4)
ast (~> 2.4.0)
parslet (2.0.0)
pedump (0.5.4)
awesome_print
iostruct (>= 0.0.4)
......@@ -170,15 +177,32 @@ GEM
simplecov-cobertura (1.3.1)
simplecov (~> 0.8)
simplecov-html (0.12.2)
spandx (0.13.5)
addressable (~> 2.7)
bundler (>= 1.16, < 3.0.0)
net-hippie (~> 0.3)
nokogiri (~> 1.10)
oj (~> 3.10)
parslet (~> 2.0)
terminal-table (~> 1.8)
thor
tty-spinner (~> 0.9)
zeitwerk (~> 2.3)
systemu (2.6.5)
terminal-table (1.8.0)
unicode-display_width (~> 1.1, >= 1.1.1)
thor (1.0.1)
toml-rb (2.0.1)
citrus (~> 3.0, > 3.0)
tomlrb (1.3.0)
tty-cursor (0.7.1)
tty-spinner (0.9.3)
tty-cursor (~> 0.7)
unicode-display_width (1.6.1)
with_env (1.1.0)
wmi-lite (1.0.5)
xml-simple (1.1.5)
zeitwerk (2.4.0)
zhexdump (0.0.2)
PLATFORMS
......
......@@ -11,6 +11,7 @@ source({
}
})
dependency "libxml2"
dependency "ruby"
build do
......
......@@ -7,6 +7,7 @@ module LicenseFinder
def initialize(package_manager, name, version, options = {})
@package_manager = package_manager
@detection_path = options[:detection_path] || Pathname.pwd
options[:spec_licenses] = split_licenses_from(options[:spec_licenses]) if options[:spec_licenses]
super(name, version, options)
end
......@@ -23,5 +24,21 @@ module LicenseFinder
summary: other.summary
)
end
private
def split_licenses_from(declared_licenses)
declared_licenses.map do |declared|
license_for(::Spandx::Spdx::Expression.new.parse(declared)[0])
rescue StandardError
declared
end.flatten.compact
end
def license_for(node)
return [node&.to_s] unless node.is_a?(Hash)
[license_for(node[:left]), license_for(node[:right])]
end
end
end
......@@ -3,6 +3,7 @@
require 'json'
require 'logger'
require 'pathname'
require 'spandx'
require 'yaml'
require 'license_finder'
......
......@@ -2,6 +2,6 @@
module License
module Management
VERSION = '3.26.1'
VERSION = '3.27.0'
end
end
......@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
spec.require_paths = ['lib']
spec.add_dependency 'license_finder', '~> 6.7'
spec.add_dependency 'spandx', '~> 0.13'
spec.add_development_dependency 'byebug', '~> 11.1'
spec.add_development_dependency 'gitlab-styles', '~> 3.1'
spec.add_development_dependency 'json-schema', '~> 2.8'
......
......@@ -42,51 +42,51 @@
},
{
"count": 1,
"name": "(BSD-2-Clause OR MIT OR Apache-2.0)"
"name": "BSD*"
},
{
"count": 1,
"name": "(GPL-2.0 OR MIT)"
"name": "LIL"
},
{
"count": 1,
"name": "(MIT AND BSD-3-Clause)"
"name": "MIT, Apache 2.0"
},
{
"count": 1,
"name": "(MIT AND Zlib)"
"name": "MIT, CC0-1.0"
},
{
"count": 1,
"name": "(MIT OR Apache-2.0)"
"name": "MIT, GPL-2.0"
},
{
"count": 1,
"name": "(MIT OR CC0-1.0)"
"name": "Mozilla Public License 2.0"
},
{
"count": 1,
"name": "(WTFPL OR MIT)"
"name": "New BSD, MIT"
},
{
"count": 1,
"name": "BSD*"
"name": "Public Domain"
},
{
"count": 1,
"name": "LIL"
"name": "Simplified BSD, MIT, Apache 2.0"
},
{
"count": 1,
"name": "Mozilla Public License 2.0"
"name": "UNKNOWN"
},
{
"count": 1,
"name": "Public Domain"
"name": "WTFPL, MIT"
},
{
"count": 1,
"name": "UNKNOWN"
"name": "Zlib, MIT"
}
],
"dependencies": [
......@@ -2582,7 +2582,8 @@
},
{
"license": {
"name": "(MIT OR Apache-2.0)"
"name": "MIT, Apache 2.0",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "atob",
......@@ -10210,7 +10211,8 @@
},
{
"license": {
"name": "(WTFPL OR MIT)"
"name": "WTFPL, MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "opener",
......@@ -10349,7 +10351,8 @@
},
{
"license": {
"name": "(MIT AND Zlib)"
"name": "Zlib, MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "pako",
......@@ -12670,7 +12673,8 @@
},
{
"license": {
"name": "(BSD-2-Clause OR MIT OR Apache-2.0)"
"name": "Simplified BSD, MIT, Apache 2.0",
"url": "http://opensource.org/licenses/bsd-license"
},
"dependency": {
"name": "rc",
......@@ -13453,7 +13457,8 @@
},
{
"license": {
"name": "(MIT AND BSD-3-Clause)"
"name": "New BSD, MIT",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "sha.js",
......@@ -14683,7 +14688,8 @@
},
{
"license": {
"name": "(MIT OR CC0-1.0)"
"name": "MIT, CC0-1.0",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "type-fest",
......@@ -14724,7 +14730,8 @@
},
{
"license": {
"name": "(GPL-2.0 OR MIT)"
"name": "MIT, GPL-2.0",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "ua-parser-js",
......@@ -15953,4 +15960,4 @@
}
}
]
}
}
\ No newline at end of file
......@@ -43,51 +43,51 @@
},
{
"count": 1,
"name": "(BSD-2-Clause OR MIT OR Apache-2.0)"
"name": "BSD*"
},
{
"count": 1,
"name": "(GPL-2.0 OR MIT)"
"name": "LIL"
},
{
"count": 1,
"name": "(MIT AND BSD-3-Clause)"
"name": "MIT, Apache 2.0"
},
{
"count": 1,
"name": "(MIT AND Zlib)"
"name": "MIT, CC0-1.0"
},
{
"count": 1,
"name": "(MIT OR Apache-2.0)"
"name": "MIT, GPL-2.0"
},
{
"count": 1,
"name": "(MIT OR CC0-1.0)"
"name": "Mozilla Public License 2.0"
},
{
"count": 1,
"name": "(WTFPL OR MIT)"
"name": "New BSD, MIT"
},
{
"count": 1,
"name": "BSD*"
"name": "Public Domain"
},
{
"count": 1,
"name": "LIL"
"name": "Simplified BSD, MIT, Apache 2.0"
},
{
"count": 1,
"name": "Mozilla Public License 2.0"
"name": "UNKNOWN"
},
{
"count": 1,
"name": "Public Domain"
"name": "WTFPL, MIT"
},
{
"count": 1,
"name": "UNKNOWN"
"name": "Zlib, MIT"
}
],
"dependencies": [
......@@ -3652,12 +3652,17 @@
{
"licenses": [
{
"name": "(MIT OR Apache-2.0)",
"url": ""
"name": "Apache 2.0",
"url": "http://www.apache.org/licenses/LICENSE-2.0.txt"
},
{
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
}
],
"license": {
"name": "(MIT OR Apache-2.0)"
"name": "MIT, Apache 2.0",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "atob",
......@@ -14556,12 +14561,17 @@
{
"licenses": [
{
"name": "(WTFPL OR MIT)",
"url": ""
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
{
"name": "WTFPL",
"url": "http://www.wtfpl.net/"
}
],
"license": {
"name": "(WTFPL OR MIT)"
"name": "WTFPL, MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "opener",
......@@ -14755,12 +14765,17 @@
{
"licenses": [
{
"name": "(MIT AND Zlib)",
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
{
"name": "Zlib",
"url": ""
}
],
"license": {
"name": "(MIT AND Zlib)"
"name": "Zlib, MIT",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "pako",
......@@ -18078,12 +18093,21 @@
{
"licenses": [
{
"name": "(BSD-2-Clause OR MIT OR Apache-2.0)",
"url": ""
"name": "Apache 2.0",
"url": "http://www.apache.org/licenses/LICENSE-2.0.txt"
},
{
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
{
"name": "Simplified BSD",
"url": "http://opensource.org/licenses/bsd-license"
}
],
"license": {
"name": "(BSD-2-Clause OR MIT OR Apache-2.0)"
"name": "Simplified BSD, MIT, Apache 2.0",
"url": "http://opensource.org/licenses/bsd-license"
},
"dependency": {
"name": "rc",
......@@ -19197,12 +19221,17 @@
{
"licenses": [
{
"name": "(MIT AND BSD-3-Clause)",
"url": ""
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
},
{
"name": "New BSD",
"url": "http://opensource.org/licenses/BSD-3-Clause"
}
],
"license": {
"name": "(MIT AND BSD-3-Clause)"
"name": "New BSD, MIT",
"url": "http://opensource.org/licenses/BSD-3-Clause"
},
"dependency": {
"name": "sha.js",
......@@ -20955,12 +20984,17 @@
{
"licenses": [
{
"name": "(MIT OR CC0-1.0)",
"name": "CC0-1.0",
"url": ""
},
{
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
}
],
"license": {
"name": "(MIT OR CC0-1.0)"
"name": "MIT, CC0-1.0",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "type-fest",
......@@ -21014,12 +21048,17 @@
{
"licenses": [
{
"name": "(GPL-2.0 OR MIT)",
"name": "GPL-2.0",
"url": ""
},
{
"name": "MIT",
"url": "http://opensource.org/licenses/mit-license"
}
],
"license": {
"name": "(GPL-2.0 OR MIT)"
"name": "MIT, GPL-2.0",
"url": "http://opensource.org/licenses/mit-license"
},
"dependency": {
"name": "ua-parser-js",
......@@ -22770,4 +22809,4 @@
}
}
]
}
}
\ No newline at end of file
......@@ -5,7 +5,7 @@
"id": "MIT",
"name": "MIT License",
"url": "https://opensource.org/licenses/MIT",
"count": 949
"count": 956
},
{
"id": "ISC",
......@@ -17,25 +17,25 @@
"id": "BSD-2-Clause",
"name": "BSD 2-Clause \"Simplified\" License",
"url": "https://opensource.org/licenses/BSD-2-Clause",
"count": 23
"count": 24
},
{
"id": "BSD-3-Clause",
"name": "BSD 3-Clause \"New\" or \"Revised\" License",
"url": "https://opensource.org/licenses/BSD-3-Clause",
"count": 22
"count": 23
},
{
"id": "CC0-1.0",
"name": "Creative Commons Zero v1.0 Universal",
"url": "https://creativecommons.org/publicdomain/zero/1.0/legalcode",
"count": 21
"count": 22
},
{
"id": "Apache-2.0",
"name": "Apache License 2.0",
"url": "https://opensource.org/licenses/Apache-2.0",
"count": 14
"count": 16
},
{
"id": "CC-BY-4.0",
......@@ -62,51 +62,21 @@
"count": 2
},
{
"id": "(bsd-2-clause or mit or apache-2.0)",
"name": "(BSD-2-Clause OR MIT OR Apache-2.0)",
"url": "",
"count": 1
},
{
"id": "(gpl-2.0 or mit)",
"name": "(GPL-2.0 OR MIT)",
"url": "",
"count": 1
},
{
"id": "(mit and bsd-3-clause)",
"name": "(MIT AND BSD-3-Clause)",
"url": "",
"count": 1
},
{
"id": "(mit and zlib)",
"name": "(MIT AND Zlib)",
"url": "",
"count": 1
},
{
"id": "(mit or apache-2.0)",
"name": "(MIT OR Apache-2.0)",
"id": "bsd*",
"name": "BSD*",
"url": "",
"count": 1
},
{
"id": "(mit or cc0-1.0)",
"name": "(MIT OR CC0-1.0)",
"url": "",
"id": "WTFPL",
"name": "Do What The F*ck You Want To Public License",
"url": "http://sam.zoy.org/wtfpl/COPYING",
"count": 1
},
{
"id": "(wtfpl or mit)",
"name": "(WTFPL OR MIT)",
"url": "",
"count": 1
},
{
"id": "bsd*",
"name": "BSD*",
"url"