mirror of
https://github.com/anchore/syft.git
synced 2026-04-05 14:20:34 +02:00
42fa9e4965
this PR makes the following changes to update the underlying license model to have more expressive capabilities it also provides some guarantee's surrounding the license values themselves - Licenses are updated from string -> pkg.LicenseSet which contain pkg.License with the following fields: - original `Value` read by syft - If it's possible to construct licenses will always have a valid SPDX expression for downstream consumption - the above is run against a generated list of SPDX license ID to try and find the correct ID - SPDX concluded vs declared is added to the new struct - URL source for license is added to the new struct - Location source is added to the new struct to show where the expression was pulled from
36 lines
871 B
Go
36 lines
871 B
Go
// package license provides common methods for working with SPDX license data
|
|
package license
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/github/go-spdx/v2/spdxexp"
|
|
|
|
"github.com/anchore/syft/internal/spdxlicense"
|
|
)
|
|
|
|
type Type string
|
|
|
|
const (
|
|
Declared Type = "declared"
|
|
Concluded Type = "concluded"
|
|
)
|
|
|
|
func ParseExpression(expression string) (string, error) {
|
|
licenseID, exists := spdxlicense.ID(expression)
|
|
if exists {
|
|
return licenseID, nil
|
|
}
|
|
|
|
// If it doesn't exist initially in the SPDX list it might be a more complex expression
|
|
// ignored variable is any invalid expressions
|
|
// TODO: contribute to spdxexp to expose deprecated license IDs
|
|
// https://github.com/anchore/syft/issues/1814
|
|
valid, _ := spdxexp.ValidateLicenses([]string{expression})
|
|
if !valid {
|
|
return "", fmt.Errorf("failed to validate spdx expression: %s", expression)
|
|
}
|
|
|
|
return expression, nil
|
|
}
|