mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
706322f826
* add initial spdx support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * expose FileOwner and use in SPDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add initial json support for SPDX Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add remaining package fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add spdx license list generation + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * keep fileOwner unexported from pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore cli test util Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add external refs to spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add golang support to CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use tag-value format as default "spdx" format flavor Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests around spdx presenters + refactor presenter tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add bouncer exception for spdx tools-golang repo Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdx model questions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
64 lines
1.6 KiB
Go
64 lines
1.6 KiB
Go
package deb
|
|
|
|
import (
|
|
"bufio"
|
|
"io"
|
|
"regexp"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/anchore/syft/internal"
|
|
)
|
|
|
|
// For more information see: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-syntax
|
|
|
|
var (
|
|
licensePattern = regexp.MustCompile(`^License: (?P<license>\S*)`)
|
|
commonLicensePathPattern = regexp.MustCompile(`/usr/share/common-licenses/(?P<license>[0-9A-Za-z_.\-]+)`)
|
|
)
|
|
|
|
func parseLicensesFromCopyright(reader io.Reader) []string {
|
|
findings := internal.NewStringSet()
|
|
scanner := bufio.NewScanner(reader)
|
|
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
if value := findLicenseClause(licensePattern, "license", line); value != "" {
|
|
findings.Add(value)
|
|
}
|
|
if value := findLicenseClause(commonLicensePathPattern, "license", line); value != "" {
|
|
findings.Add(value)
|
|
}
|
|
}
|
|
|
|
results := findings.ToSlice()
|
|
|
|
sort.Strings(results)
|
|
|
|
return results
|
|
}
|
|
|
|
func findLicenseClause(pattern *regexp.Regexp, valueGroup, line string) string {
|
|
matchesByGroup := internal.MatchNamedCaptureGroups(pattern, line)
|
|
|
|
candidate, ok := matchesByGroup[valueGroup]
|
|
if !ok {
|
|
return ""
|
|
}
|
|
|
|
return ensureIsSingleLicense(candidate)
|
|
}
|
|
|
|
func ensureIsSingleLicense(candidate string) (license string) {
|
|
candidate = strings.TrimSpace(candidate)
|
|
if strings.Contains(candidate, " or ") || strings.Contains(candidate, " and ") {
|
|
// this is a multi-license summary, ignore this as other recurrent license lines should cover this
|
|
return
|
|
}
|
|
if candidate != "" && strings.ToLower(candidate) != "none" {
|
|
// the license may be at the end of a sentence, clean . characters
|
|
license = strings.TrimSuffix(candidate, ".")
|
|
}
|
|
return license
|
|
}
|