Merge branch 'main' into 5.0.0-dev

jkowalleck · web-flow · commit 55f6f4d0ad23 · 2023-10-16T20:09:30.000+02:00
diff --git a/cyclonedx/spdx.py b/cyclonedx/spdx.py
@@ -67,6 +67,9 @@ def is_compound_expression(value: str) -> bool:
     .. _SPDX license expression spec: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
     .. _license-expression library: https://github.com/nexB/license-expression
     """
-    return 0 == len(
-        __SPDX_EXPRESSION_LICENSING.validate(value).errors
-    )
+    try:
+        res = __SPDX_EXPRESSION_LICENSING.validate(value)
+    except Exception:
+        # the throw happens when internals crash due to unexpected input characters.
+        return False
+    return 0 == len(res.errors)
diff --git a/tests/test_spdx.py b/tests/test_spdx.py
@@ -89,6 +89,7 @@ def test_positive(self, valid_expression: str) -> None:
         'MIT AND Apache-2.0 OR something-unknown'
         'something invalid',
         '(c) John Doe',
+        'Apache License, Version 2.0'
     )
     def test_negative(self, invalid_expression: str) -> None:
         actual = spdx.is_compound_expression(invalid_expression)

Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,7 @@ def test_positive(self, valid_expression: str) -> None:`
`89`	`89`	`'MIT AND Apache-2.0 OR something-unknown'`
`90`	`90`	`'something invalid',`
`91`	`91`	`'(c) John Doe',`
	`92`	`+ 'Apache License, Version 2.0'`
`92`	`93`	`)`
`93`	`94`	`def test_negative(self, invalid_expression: str) -> None:`
`94`	`95`	`actual = spdx.is_compound_expression(invalid_expression)`