From c74d76e9511b113b7e628c788692552b1366b13d Mon Sep 17 00:00:00 2001 From: Richard Estwick Date: Sat, 9 Mar 2024 19:10:00 -0500 Subject: [PATCH 1/3] added license processing --- tern/formats/cyclonedx/cyclonedx_common.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tern/formats/cyclonedx/cyclonedx_common.py b/tern/formats/cyclonedx/cyclonedx_common.py index 1e434222..aa276601 100644 --- a/tern/formats/cyclonedx/cyclonedx_common.py +++ b/tern/formats/cyclonedx/cyclonedx_common.py @@ -10,6 +10,7 @@ import datetime import uuid from tern.utils import general +import re ################### @@ -91,4 +92,16 @@ def get_os_guess(image_obj): def get_license_from_name(name): + if name.isupper() is False: + name = name.split("-") + name = [n.title() if not n.isupper() else n for n in name] + name = "-".join(name) + + if "GPLv" in name: + name = name.replace("GPLv", "GPL-") + + if re.search("GPL-[0-9][^\+\.]", name) or re.search("GPL-[0-9]$", name): + name2 = re.sub(r"GPL-(\d)",r"GPL-\1.0", name) + name = name2 + return {'license': {'id': name}} From 88193b342814798e4234a994205073dc785bb2e8 Mon Sep 17 00:00:00 2001 From: Richard Estwick Date: Mon, 11 Mar 2024 17:17:36 -0400 Subject: [PATCH 2/3] using spdx_license_list for invalid license handling --- requirements.txt | 1 + tern/formats/cyclonedx/cyclonedx_common.py | 21 ++++++--------------- 2 files changed, 7 insertions(+), 15 deletions(-) diff --git a/requirements.txt b/requirements.txt index 25c81da2..5f916b02 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,4 +18,5 @@ GitPython~=3.1 prettytable~=3.8 packageurl-python>=0.11.1 license-expression>=30.1 +spdx-license-list>=3.23 diff --git a/tern/formats/cyclonedx/cyclonedx_common.py b/tern/formats/cyclonedx/cyclonedx_common.py index aa276601..82bfec24 100644 --- a/tern/formats/cyclonedx/cyclonedx_common.py +++ b/tern/formats/cyclonedx/cyclonedx_common.py @@ -10,8 +10,8 @@ import datetime import uuid from tern.utils import general -import re - +import spdx_license_list +sll = spdx_license_list.LICENSES ################### # General Helpers # @@ -92,16 +92,7 @@ def get_os_guess(image_obj): def get_license_from_name(name): - if name.isupper() is False: - name = name.split("-") - name = [n.title() if not n.isupper() else n for n in name] - name = "-".join(name) - - if "GPLv" in name: - name = name.replace("GPLv", "GPL-") - - if re.search("GPL-[0-9][^\+\.]", name) or re.search("GPL-[0-9]$", name): - name2 = re.sub(r"GPL-(\d)",r"GPL-\1.0", name) - name = name2 - - return {'license': {'id': name}} + if sll.get(name) is None: + return {'license': {'name': name}} + else: + return {'license': {'id': name}} From 3ef20ce343b0cc89cd29674ab168ac526ff0dc40 Mon Sep 17 00:00:00 2001 From: Richard Estwick Date: Tue, 12 Mar 2024 17:41:16 -0400 Subject: [PATCH 3/3] added license validation using the cyclonedx-python-lib --- requirements.txt | 2 +- tern/formats/cyclonedx/cyclonedx_common.py | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/requirements.txt b/requirements.txt index 5f916b02..75b731b9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,5 +18,5 @@ GitPython~=3.1 prettytable~=3.8 packageurl-python>=0.11.1 license-expression>=30.1 -spdx-license-list>=3.23 +cyclonedx-python-lib>=5.1.1 diff --git a/tern/formats/cyclonedx/cyclonedx_common.py b/tern/formats/cyclonedx/cyclonedx_common.py index 82bfec24..a598404c 100644 --- a/tern/formats/cyclonedx/cyclonedx_common.py +++ b/tern/formats/cyclonedx/cyclonedx_common.py @@ -10,9 +10,7 @@ import datetime import uuid from tern.utils import general -import spdx_license_list -sll = spdx_license_list.LICENSES - +from cyclonedx.spdx import fixup_id as spdx_id_validate ################### # General Helpers # ################### @@ -92,7 +90,9 @@ def get_os_guess(image_obj): def get_license_from_name(name): - if sll.get(name) is None: - return {'license': {'name': name}} - else: - return {'license': {'id': name}} + spdx_id = spdx_id_validate(name) + if spdx_id: + return {'license': {'id': spdx_id}} + else: + return {'license': {'name': name}} +