improved documentation in pep621.py, moved test_pep621.py to integration/test_utils_pep621.py, and improved test coverage

Signed-off-by: Manav Gupta <[email protected]>

Author: manavgup

cyclonedx_py/_internal/utils/pep621.py

@@ -61,9 +61,13 @@ def project2licenses(project: dict[str, Any], lfac: 'LicenseFactory', *,
         # https://packaging.python.org/en/latest/specifications/core-metadata/#classifier-multiple-use
         yield from classifiers2licenses(classifiers, lfac, lack)
     if isinstance(plicense := project.get('license'), dict):
+        # https://packaging.python.org/en/latest/specifications/pyproject-toml/#license
         if 'file' in plicense and 'text' in plicense:
             raise ValueError('`license.file` and `license.text` are mutually exclusive,')
         if 'file' in plicense:
+            # per spec:
+            # > [...] a string value that is a relative file path [...].
+            # > Tools MUST assume the file’s encoding is UTF-8.
             with open(join(dirname(fpath), plicense['file']), 'rb') as plicense_fileh:
                 yield DisjunctiveLicense(name=f"declared license of '{project['name']}'",
                                          acknowledgement=lack,
@@ -73,6 +77,7 @@ def project2licenses(project: dict[str, Any], lfac: 'LicenseFactory', *,
             license = lfac.make_from_string(plicense_text,
                                             license_acknowledgement=lack)
             if isinstance(license, DisjunctiveLicense) and license.id is None:
+                # per spec, `License` is either a SPDX ID/Expression, or a license text(not name!)
                 yield DisjunctiveLicense(name=f"declared license of '{project['name']}'",
                                          acknowledgement=lack,
                                          text=AttachedText(content=plicense_text))

tests/integration/test_utils_pep621.py

@@ -0,0 +1,76 @@
+# This file is part of CycloneDX Python
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+
+import os
+import tempfile
+import unittest
+
+from cyclonedx.factory.license import LicenseFactory
+from cyclonedx.model.license import DisjunctiveLicense, LicenseAcknowledgement
+
+from cyclonedx_py._internal.utils.pep621 import project2licenses
+
+
+class TestUtilsPEP621(unittest.TestCase):
+
+    def test_license_dict_text_pep621(self) -> None:
+        lfac = LicenseFactory()
+        fpath = tempfile.mktemp()
+        project = {
+            'name': 'testpkg',
+            'license': {'text': 'This is the license text.'},
+        }
+        licenses = list(project2licenses(project, lfac, fpath=fpath))
+        self.assertEqual(len(licenses), 1)
+        lic = licenses[0]
+        self.assertIsInstance(lic, DisjunctiveLicense)
+        self.assertIsNone(lic.id)
+        self.assertEqual(lic.text.content, 'This is the license text.')
+        self.assertEqual(lic.acknowledgement, LicenseAcknowledgement.DECLARED)
+
+    def test_license_dict_file_pep621(self) -> None:
+        lfac = LicenseFactory()
+        with tempfile.NamedTemporaryFile('w+', delete=True) as tf:
+            tf.write('File license text')
+            tf.flush()
+            project = {
+                'name': 'testpkg',
+                'license': {'file': os.path.basename(tf.name)},
+            }
+            # fpath should be the file path so dirname(fpath) resolves to the correct directory
+            licenses = list(project2licenses(project, lfac, fpath=tf.name))
+
+        self.assertEqual(len(licenses), 1)
+        lic = licenses[0]
+        self.assertIsInstance(lic, DisjunctiveLicense)
+        self.assertIsNotNone(lic.text.content)
+        self.assertEqual(lic.acknowledgement, LicenseAcknowledgement.DECLARED)
+
+    def test_license_non_dict_pep621(self) -> None:
+        lfac = LicenseFactory()
+        fpath = tempfile.mktemp()
+
+        # Test with string license (should be silently skipped)
+        project = {
+            'name': 'testpkg',
+            'license': 'MIT',
+        }
+        licenses = list(project2licenses(project, lfac, fpath=fpath))
+        self.assertEqual(len(licenses), 0)
+
+        # Test with None license (should be silently skipped)
+        project = {
+            'name': 'testpkg',
+            'license': None,
+        }
+        licenses = list(project2licenses(project, lfac, fpath=fpath))
+        self.assertEqual(len(licenses), 0)
+
+        # Test with list license (should be silently skipped)
+        project = {
+            'name': 'testpkg',
+            'license': ['MIT', 'Apache-2.0'],
+        }
+        licenses = list(project2licenses(project, lfac, fpath=fpath))
+        self.assertEqual(len(licenses), 0)