Commit 6e40d257 authored by mo khan's avatar mo khan

Map names from the v1 reports to spdx id

* Update report fixture file
* Map the legacy names to SPDX identifiers
* Add changelog entry
parent 58bb22c1
---
title: Map software license names from the v1 license scan report to an equivalent SPDX identifer
merge_request: 20195
author:
type: fixed
...@@ -5,12 +5,42 @@ module Gitlab ...@@ -5,12 +5,42 @@ module Gitlab
module Reports module Reports
module LicenseScanning module LicenseScanning
class License class License
LICENSE_TO_SPDX_ID = {
'AGPL-1.0' => 'AGPL-1.0',
'AGPL-3.0' => 'AGPL-3.0',
'Apache 2.0' => 'Apache-2.0',
'Artistic-2.0' => 'Artistic-2.0',
'BSD' => 'BSD-4-Clause',
'CC0 1.0 Universal' => 'CC0-1.0',
'CDDL-1.0' => 'CDDL-1.0',
'CDDL-1.1' => 'CDDL-1.1',
'EPL-1.0' => 'EPL-1.0',
'EPL-2.0' => 'EPL-2.0',
'GPLv2' => 'GPL-2.0',
'GPLv3' => 'GPL-3.0',
'ISC' => 'ISC',
'LGPL' => 'LGPL-3.0-only',
'LGPL-2.1' => 'LGPL-2.1',
'MIT' => 'MIT',
'Mozilla Public License 2.0' => 'MPL-2.0',
'MS-PL' => 'MS-PL',
'MS-RL' => 'MS-RL',
'New BSD' => 'BSD-3-Clause',
'Python Software Foundation License' => 'Python-2.0',
'ruby' => 'Ruby',
'Simplified BSD' => 'BSD-2-Clause',
'WTFPL' => 'WTFPL',
'Zlib' => 'Zlib'
}.freeze
attr_reader :id, :name, :url attr_reader :id, :name, :url
delegate :count, to: :dependencies delegate :count, to: :dependencies
def initialize(id:, name:, url:) def initialize(id:, name:, url:)
@id = 'unknown' == id ? nil : id @id = LICENSE_TO_SPDX_ID.fetch(name) do
id == 'unknown' ? nil : id
end
@name = name @name = name
@url = url @url = url
@dependencies = Set.new @dependencies = Set.new
......
...@@ -45,7 +45,7 @@ describe Projects::Security::LicensesController do ...@@ -45,7 +45,7 @@ describe Projects::Security::LicensesController do
expect(json_response['licenses'].length).to eq(4) expect(json_response['licenses'].length).to eq(4)
expect(json_response['licenses'][0]).to include({ expect(json_response['licenses'][0]).to include({
'id' => nil, 'id' => nil,
'spdx_identifier' => nil, 'spdx_identifier' => 'Apache-2.0',
'classification' => 'unclassified', 'classification' => 'unclassified',
'name' => 'Apache 2.0', 'name' => 'Apache 2.0',
'url' => 'http://www.apache.org/licenses/LICENSE-2.0.txt', 'url' => 'http://www.apache.org/licenses/LICENSE-2.0.txt',
......
...@@ -37,12 +37,12 @@ ...@@ -37,12 +37,12 @@
"licenses": [ "licenses": [
{ {
"name": "BSD", "name": "BSD",
"url": "http://spdx.org/licenses/BSD-3-Clause.json" "url": "http://spdx.org/licenses/BSD-4-Clause.json"
} }
], ],
"license": { "license": {
"name": "BSD", "name": "BSD",
"url": "http://spdx.org/licenses/BSD-3-Clause.json" "url": "http://spdx.org/licenses/BSD-4-Clause.json"
}, },
"dependency": { "dependency": {
"name": "b", "name": "b",
...@@ -59,7 +59,7 @@ ...@@ -59,7 +59,7 @@
}, },
{ {
"name": "BSD", "name": "BSD",
"url": "http://spdx.org/licenses/BSD-3-Clause.json" "url": "http://spdx.org/licenses/BSD-4-Clause.json"
} }
], ],
"license": { "license": {
......
...@@ -51,14 +51,14 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do ...@@ -51,14 +51,14 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
it { expect(report.version).to eql('1.1') } it { expect(report.version).to eql('1.1') }
it { expect(report.licenses.count).to eq(3) } it { expect(report.licenses.count).to eq(3) }
it { expect(report.licenses[0].id).to be_nil } it { expect(report.licenses[0].id).to eql('BSD-4-Clause') }
it { expect(report.licenses[0].name).to eql('BSD') } it { expect(report.licenses[0].name).to eql('BSD') }
it { expect(report.licenses[0].url).to eql('http://spdx.org/licenses/BSD-3-Clause.json') } it { expect(report.licenses[0].url).to eql('http://spdx.org/licenses/BSD-4-Clause.json') }
it { expect(report.licenses[0].count).to be(2) } it { expect(report.licenses[0].count).to be(2) }
it { expect(report.licenses[0].dependencies.count).to be(2) } it { expect(report.licenses[0].dependencies.count).to be(2) }
it { expect(report.licenses[0].dependencies.map(&:name)).to contain_exactly('b', 'c') } it { expect(report.licenses[0].dependencies.map(&:name)).to contain_exactly('b', 'c') }
it { expect(report.licenses[1].id).to be_nil } it { expect(report.licenses[1].id).to eql('MIT') }
it { expect(report.licenses[1].name).to eql('MIT') } it { expect(report.licenses[1].name).to eql('MIT') }
it { expect(report.licenses[1].url).to eql('http://opensource.org/licenses/mit-license') } it { expect(report.licenses[1].url).to eql('http://opensource.org/licenses/mit-license') }
it { expect(report.licenses[1].count).to be(2) } it { expect(report.licenses[1].count).to be(2) }
......
...@@ -47,6 +47,45 @@ describe Gitlab::Ci::Reports::LicenseScanning::License do ...@@ -47,6 +47,45 @@ describe Gitlab::Ci::Reports::LicenseScanning::License do
it { expect(subject.canonical_id).to eql(subject.name.downcase) } it { expect(subject.canonical_id).to eql(subject.name.downcase) }
end end
context 'when the name matches a known legacy software license name' do
where(:name, :spdx_id) do
[
['AGPL-1.0', 'AGPL-1.0'],
['AGPL-3.0', 'AGPL-3.0'],
['Apache 2.0', 'Apache-2.0'],
['Artistic-2.0', 'Artistic-2.0'],
['BSD', 'BSD-4-Clause'],
['CC0 1.0 Universal', 'CC0-1.0'],
['CDDL-1.0', 'CDDL-1.0'],
['CDDL-1.1', 'CDDL-1.1'],
['EPL-1.0', 'EPL-1.0'],
['EPL-2.0', 'EPL-2.0'],
['GPLv2', 'GPL-2.0'],
['GPLv3', 'GPL-3.0'],
%w[ISC ISC],
['LGPL', 'LGPL-3.0-only'],
['LGPL-2.1', 'LGPL-2.1'],
%w[MIT MIT],
['Mozilla Public License 2.0', 'MPL-2.0'],
['MS-PL', 'MS-PL'],
['MS-RL', 'MS-RL'],
['New BSD', 'BSD-3-Clause'],
['Python Software Foundation License', 'Python-2.0'],
%w[ruby Ruby],
['Simplified BSD', 'BSD-2-Clause'],
%w[WTFPL WTFPL],
%w[Zlib Zlib]
]
end
with_them do
subject { described_class.new(id: nil, name: name, url: nil) }
it { expect(subject.id).to eql(spdx_id) }
it { expect(subject.canonical_id).to eql(spdx_id) }
end
end
context 'when the license was produced from a v2 report' do context 'when the license was produced from a v2 report' do
subject { described_class.new(id: 'MIT', name: 'MIT License', url: nil) } subject { described_class.new(id: 'MIT', name: 'MIT License', url: nil) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment