Fallback to matching policy on license name

When the `spdx_identifier` is not specified for a license in the `software_licenses` table then the diff should match based on the name of the license that was detected. * Change the premade license reports used for testing to Apache 2.0 * Update License Compliance end to end tests * Update qa fixture to use v2.1 report format

Fallback to matching policy on license name
When the `spdx_identifier` is not specified for a license in the `software_licenses` table then the diff should match based on the name of the license that was detected. * Change the premade license reports used for testing to Apache 2.0 * Update License Compliance end to end tests * Update qa fixture to use v2.1 report format
a8077f3c · mo khan · f6adacd5 · a8077f3c · a8077f3c · a8077f3c
Commit a8077f3c authored Sep 27, 2020 by mo khan
7 changed files
--- a/ee/app/models/sca/license_compliance.rb
+++ b/ee/app/models/sca/license_compliance.rb
@@ -46,7 +46,10 @@ module SCA
        .diff_with(other.license_scan_report)
        .transform_values do |reported_licenses|
          reported_licenses.map do |reported_license|
-            build_policy(reported_license, known_policies[reported_license.canonical_id])
+            matching_license_policy =
+              known_policies[reported_license.canonical_id] ||
+              known_policies[reported_license&.name&.downcase]
+            build_policy(reported_license, matching_license_policy)
          end
        end
    end

--- a/ee/changelogs/unreleased/208723-qa-specs.yml
+++ b/ee/changelogs/unreleased/208723-qa-specs.yml
+---
+title: Fallback to matching policies on license name
+merge_request: 43488
+author:
+type: fixed
--- a/ee/spec/models/sca/license_compliance_spec.rb
+++ b/ee/spec/models/sca/license_compliance_spec.rb
@@ -417,6 +417,18 @@ RSpec.describe SCA::LicenseCompliance do
      specify { expect(subject[:added].count).to eq(3) }
      specify { expect(subject[:removed]).to be_empty }
      specify { expect(subject[:unchanged]).to be_empty }
+
+      context "when a software license record does not have an spdx identifier" do
+        let(:license_name) { 'MIT License' }
+        let!(:policy) { create(:software_license_policy, :allowed, project: project, software_license: create(:software_license, name: license_name)) }
+
+        it "falls back to matching detections based on name rather than spdx id" do
+          mit = subject[:added].find { |item| item.name == license_name }
+
+          expect(mit).to be_present
+          expect(mit.classification).to eql('allowed')
+        end
+      end
    end
  end
 end
--- a/qa/qa/ee/fixtures/secure_license_files/gl-license-scanning-report.json
+++ b/qa/qa/ee/fixtures/secure_license_files/gl-license-scanning-report.json
 {
-  "version": "2.0",
+  "version": "2.1",
  "licenses": [
    {
-      "id": "WTFPL",
-      "name": "WTFPL License",
-      "url": "http://www.wtfpl.net/",
-      "count": 1
+      "id": "Apache-2.0",
+      "name": "Apache License 2.0",
+      "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
    }
  ],
  "dependencies": [
    {
-      "name": "wtfpl_init",
-      "licenses": [
-        "WTFPL"
-      ],
-      "url": "https://rubygems.org/gems/wtfpl_init",
-      "description": "Download WTFPL license file and rename to LICENSE.md or something",
-      "paths": [
-        "."
-      ]
+      "name": "test_dependency",
+      "version": "0.1.0",
+      "package_manager": "bundler",
+      "path": "Gemfile.lock",
+      "licenses": ["Apache-2.0"]
    }
  ]
 }
--- a/qa/qa/ee/fixtures/secure_premade_reports/gl-license-scanning-report.json
+++ b/qa/qa/ee/fixtures/secure_premade_reports/gl-license-scanning-report.json
 {
-    "version": "2.0",
-    "licenses": [{
-      "id": "WTFPL",
-      "name": "WTFPL",
-      "url": "http://www.wtfpl.net/",
-      "count": 1
+  "version": "2.1",
+  "licenses": [
+    {
+      "id": "Apache-2.0",
+      "name": "Apache License 2.0",
+      "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
    },
-      {
-        "id": "MIT",
-        "name": "MIT License",
-        "url": "https://opensource.org/licenses/MIT",
-        "count": 1
-      }
-    ],
-    "dependencies": [{
-      "name": "wtfpl_init",
-      "licenses": [
-        "WTFPL"
-      ],
-      "url": "https://rubygems.org/gems/wtfpl_init",
-      "description": "Download WTFPL license file and rename to LICENSE.md or something",
-      "paths": [
-        "."
-      ]
+    {
+      "id": "MIT",
+      "name": "MIT License",
+      "url": "https://opensource.org/licenses/MIT"
+    }
+  ],
+  "dependencies": [
+    {
+      "name": "actioncable",
+      "version": "6.0.3.3",
+      "package_manager": "bundler",
+      "path": "Gemfile.lock",
+      "licenses": ["MIT"]
    },
-      {
-        "name": "actioncable",
-        "licenses": [
-          "MIT"
-        ],
-        "url": "http://rubyonrails.org",
-        "description": "WebSocket framework for Rails.",
-        "paths": [
-          "."
-        ]
-      }
-    ]
-  }
+    {
+      "name": "test_package",
+      "version": "0.1.0",
+      "package_manager": "bundler",
+      "path": "Gemfile.lock",
+      "licenses": ["Apache-2.0"]
+    }
+  ]
+}
--- a/qa/qa/specs/features/ee/browser_ui/secure/license_compliance_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/license_compliance_spec.rb
@@ -5,7 +5,7 @@ require 'pathname'
 module QA
  RSpec.describe 'Secure', :runner do
    let(:approved_license_name) { "MIT License" }
-    let(:denied_license_name) { "WTFPL" }
+    let(:denied_license_name) { "Apache License 2.0" }

    describe 'License Compliance page' do
      after(:all) do

--- a/qa/qa/specs/features/ee/browser_ui/secure/merge_request_license_widget_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/merge_request_license_widget_spec.rb
@@ -5,8 +5,8 @@ require 'pathname'
 module QA
  RSpec.describe 'Secure', :runner do
    describe 'License merge request widget' do
-      let(:approved_license_name) { "MIT" }
-      let(:denied_license_name) { "Zlib" }
+      let(:approved_license_name) { "MIT License" }
+      let(:denied_license_name) { "zlib License" }
      let(:executor) {"qa-runner-#{Time.now.to_i}"}

      after do
@@ -51,9 +51,9 @@ module QA
              "version": "2.1",
              "licenses": [
                {
-                  "id": "WTFPL",
-                  "name": "Do What The F*ck You Want To Public License",
-                  "url": "http://www.wtfpl.net/about/"
+                  "id": "Apache-2.0",
+                  "name": "Apache License 2.0",
+                  "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
                },
                {
                  "id": "MIT",
@@ -75,14 +75,14 @@ module QA
                  "licenses": ["MIT"]
                },
                {
-                  "name": "wtfpl_init",
+                  "name": "test_package",
                  "version": "0.1.0",
                  "package_manager": "bundler",
                  "path": "Gemfile.lock",
-                  "licenses": ["WTFPL"]
+                  "licenses": ["Apache-2.0"]
                },
                {
-                  "name": "Zlib",
+                  "name": "zlib",
                  "version": "1.2.11",
                  "package_manager": "bundler",
                  "path": "Gemfile.lock",