From a17ff7b5556e4272d9ff154c7adeab4074b33c93 Mon Sep 17 00:00:00 2001
From: Keith Zantow <kzantow@gmail.com>
Date: Tue, 30 Aug 2022 14:38:12 -0400
Subject: [PATCH] Fix RPM DB license handling (#1184)

---
 internal/formats/common/spdxhelpers/to_syft_model.go | 6 +++++-
 syft/pkg/cataloger/rpmdb/parse_rpmdb.go              | 4 ++++
 syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go         | 2 ++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/internal/formats/common/spdxhelpers/to_syft_model.go b/internal/formats/common/spdxhelpers/to_syft_model.go
index 57dbe3692..f71e63573 100644
--- a/internal/formats/common/spdxhelpers/to_syft_model.go
+++ b/internal/formats/common/spdxhelpers/to_syft_model.go
@@ -322,13 +322,17 @@ func extractMetadata(p *spdx.Package2_2, info pkgInfo) (pkg.MetadataType, interf
 		} else {
 			epoch = &converted
 		}
+		license := p.PackageLicenseDeclared
+		if license == "" {
+			license = p.PackageLicenseConcluded
+		}
 		return pkg.RpmdbMetadataType, pkg.RpmdbMetadata{
 			Name:      p.PackageName,
 			Version:   p.PackageVersion,
 			Epoch:     epoch,
 			Arch:      arch,
 			SourceRpm: upstreamValue,
-			License:   p.PackageLicenseConcluded,
+			License:   license,
 			Vendor:    p.PackageOriginatorOrganization,
 		}
 	case pkg.DebPkg:
diff --git a/syft/pkg/cataloger/rpmdb/parse_rpmdb.go b/syft/pkg/cataloger/rpmdb/parse_rpmdb.go
index 10b3b6c4c..d3ec6e205 100644
--- a/syft/pkg/cataloger/rpmdb/parse_rpmdb.go
+++ b/syft/pkg/cataloger/rpmdb/parse_rpmdb.go
@@ -92,6 +92,10 @@ func newPkg(resolver source.FilePathResolver, dbLocation source.Location, entry
 		Metadata:     metadata,
 	}
 
+	if entry.License != "" {
+		p.Licenses = append(p.Licenses, entry.License)
+	}
+
 	p.SetID()
 	return &p, nil
 }
diff --git a/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go b/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go
index d378e36e9..659c6d898 100644
--- a/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go
+++ b/syft/pkg/cataloger/rpmdb/parse_rpmdb_test.go
@@ -75,6 +75,7 @@ func TestParseRpmDB(t *testing.T) {
 					FoundBy:      catalogerName,
 					Type:         pkg.RpmPkg,
 					MetadataType: pkg.RpmdbMetadataType,
+					Licenses:     []string{"MIT"},
 					Metadata: pkg.RpmdbMetadata{
 						Name:      "dive",
 						Epoch:     nil,
@@ -102,6 +103,7 @@ func TestParseRpmDB(t *testing.T) {
 					FoundBy:      catalogerName,
 					Type:         pkg.RpmPkg,
 					MetadataType: pkg.RpmdbMetadataType,
+					Licenses:     []string{"MIT"},
 					Metadata: pkg.RpmdbMetadata{
 						Name:      "dive",
 						Epoch:     nil,