Make License data properly normalized

Previously License data of type "License1, License2" was replaced
with "License1 License2", which cannot be parsed properly. It
should be "License1 and License2" instead. The comma sign causes
`license_expression` licensing methods to fail

Signed-off-by: Ivana Atanasova <[email protected]>

Author: ivanayov

tern/formats/spdx/spdx_common.py

@@ -49,9 +49,17 @@ def is_spdx_license_expression(license_data):
     return False'''
     licensing = get_spdx_licensing()
     if ',' in license_data:
-        license_data = license_data.replace(',', ' ')
+        license_data = license_data.replace(',', ' and ')
     return licensing.validate(license_data).errors == []
 
+# Searches for declared license data using the license_expression library
+def get_package_license_declared(package_license_declared):
+    if package_license_declared:
+        if is_spdx_license_expression(package_license_declared):
+            return package_license_declared
+        return get_license_ref(package_license_declared)
+    return 'NONE'
+
 
 ########################
 # Common Image Helpers #

tern/formats/spdx/spdxjson/file_helpers.py

@@ -50,7 +50,7 @@ def get_file_dict(filedata, template, layer_id):
         file_license_refs = []
         for lic in spdx_common.get_file_licenses(filedata):
             # Add the LicenseRef to the list instead of license expression
-            file_license_refs.append(spdx_common.get_license_ref(lic))
+            file_license_refs.append(spdx_common.get_package_license_declared(lic))
         file_dict['licenseInfoInFiles'] = file_license_refs
 
     # We only add this if there is a notice

tern/formats/spdx/spdxjson/package_helpers.py

@@ -23,14 +23,6 @@ def get_package_comment(package):
     return comment
 
 
-def get_package_license_declared(package_license_declared):
-    if package_license_declared:
-        if spdx_common.is_spdx_license_expression(package_license_declared):
-            return package_license_declared
-        return spdx_common.get_license_ref(package_license_declared)
-    return 'NONE'
-
-
 def get_source_package_dict(package, template):
     '''''Given a package object and its SPDX template mapping, return a SPDX
     JSON dictionary representation of the associated source package.
@@ -47,7 +39,7 @@ def get_source_package_dict(package, template):
         mapping['PackageDownloadLocation'] else 'NOASSERTION',
         'filesAnalyzed': False,  # always false for packages
         'licenseConcluded': 'NOASSERTION',  # always NOASSERTION
-        'licenseDeclared': get_package_license_declared(
+        'licenseDeclared': spdx_common.get_package_license_declared(
             mapping['PackageLicenseDeclared']),
         'copyrightText': mapping['PackageCopyrightText'] if
         mapping['PackageCopyrightText'] else'NONE',
@@ -72,7 +64,7 @@ def get_package_dict(package, template):
         mapping['PackageDownloadLocation'] else 'NOASSERTION',
         'filesAnalyzed': False,  # always false for packages
         'licenseConcluded': 'NOASSERTION',  # always NOASSERTION
-        'licenseDeclared':  get_package_license_declared(
+        'licenseDeclared':  spdx_common.get_package_license_declared(
             mapping['PackageLicenseDeclared']),
         'copyrightText': mapping['PackageCopyrightText'] if
         mapping['PackageCopyrightText'] else'NONE',

tern/formats/spdx/spdxtagvalue/file_helpers.py

@@ -35,7 +35,7 @@ def get_license_info_block(filedata):
     else:
         for lic in spdx_common.get_file_licenses(filedata):
             block = block + 'LicenseInfoInFile: {}'.format(
-                spdx_common.get_license_ref(lic)) + '\n'
+                spdx_common.get_package_license_declared(lic)) + '\n'
     return block
 
 

tern/formats/spdx/spdxtagvalue/package_helpers.py

@@ -24,14 +24,6 @@ def get_package_comment(package_obj):
     return comment
 
 
-def get_package_license_declared(package_license_declared):
-    if package_license_declared:
-        if spdx_common.is_spdx_license_expression(package_license_declared):
-            return package_license_declared
-        return spdx_common.get_license_ref(package_license_declared)
-    return 'NONE'
-
-
 def get_source_package_block(package_obj, template):
     '''Given a package object and its SPDX template mapping, return a SPDX
     document block for the corresponding source package.
@@ -63,7 +55,7 @@ def get_source_package_block(package_obj, template):
     # Package License Concluded (always NOASSERTION)
     block += 'PackageLicenseConcluded: NOASSERTION\n'
     # Package License Declared (use the license ref for this)
-    block += 'PackageLicenseDeclared: ' + get_package_license_declared(
+    block += 'PackageLicenseDeclared: ' + spdx_common.get_package_license_declared(
         mapping['PackageLicenseDeclared']) + '\n'
     # Package Copyright Text
     if mapping['PackageCopyrightText']:
@@ -105,7 +97,7 @@ def get_package_block(package_obj, template):
     # Package License Concluded (always NOASSERTION)
     block += 'PackageLicenseConcluded: NOASSERTION\n'
     # Package License Declared (use the license ref for this)
-    block += 'PackageLicenseDeclared: ' + get_package_license_declared(
+    block += 'PackageLicenseDeclared: ' + spdx_common.get_package_license_declared(
         mapping['PackageLicenseDeclared']) + '\n'
     # Package Copyright Text
     if mapping['PackageCopyrightText']: