Update licenseDeclared to output license info (json)

ivanayov · ivanayov · commit 184a6d26cbb5 · 2022-05-30T19:25:56.000+03:00
Previously the `licenseDeclared` data for `spdxjson` was set to
license reference of type `LicenseRef-df8cb33` which is not
informative. This change updates that data to the actual  license
info, f.e. `MIT`, in case a license is declared, or the
`LicenseRef-df8cb33` value if it's not

Signed-off-by: Ivana Atanasova &lt;iyovcheva@vmware.com&gt;
diff --git a/tern/formats/spdx/spdxjson/package_helpers.py b/tern/formats/spdx/spdxjson/package_helpers.py
@@ -7,11 +7,21 @@
 Helper functions for packages in SPDX JSON document creation
 """
 
+from license_expression import get_spdx_licensing
 from tern.report import content
 from tern.formats.spdx import spdx_common
 from tern.formats.spdx.spdxjson import formats as json_formats
 
 
+def is_spdx_license_expression(license_data):
+    '''Return True if the license is a valid SPDX license expression, else
+    return False'''
+    licensing = get_spdx_licensing()
+    if ',' in license_data:
+        license_data = license_data.replace(',', ' ')
+    return licensing.validate(license_data).errors == []
+
+
 def get_package_comment(package):
     '''Given a package object, return a PackageComment string for a list of
     NoticeOrigin objects'''
@@ -23,6 +33,14 @@ def get_package_comment(package):
     return comment
 
 
+def get_package_license_declared(package_license_declared):
+    if package_license_declared:
+        if is_spdx_license_expression(package_license_declared):
+            return package_license_declared
+        return spdx_common.get_license_ref(package_license_declared)
+    return 'NONE'
+
+
 def get_source_package_dict(package, template):
     '''''Given a package object and its SPDX template mapping, return a SPDX
     JSON dictionary representation of the associated source package.
@@ -39,9 +57,8 @@ def get_source_package_dict(package, template):
         mapping['PackageDownloadLocation'] else 'NOASSERTION',
         'filesAnalyzed': False,  # always false for packages
         'licenseConcluded': 'NOASSERTION',  # always NOASSERTION
-        'licenseDeclared': spdx_common.get_license_ref(
-            mapping['PackageLicenseDeclared']) if
-        mapping['PackageLicenseDeclared'] else 'NONE',
+        'licenseDeclared': get_package_license_declared(
+            mapping['PackageLicenseDeclared']),
         'copyrightText': mapping['PackageCopyrightText'] if
         mapping['PackageCopyrightText'] else'NONE',
         'comment': json_formats.source_package_comment
@@ -65,9 +82,8 @@ def get_package_dict(package, template):
         mapping['PackageDownloadLocation'] else 'NOASSERTION',
         'filesAnalyzed': False,  # always false for packages
         'licenseConcluded': 'NOASSERTION',  # always NOASSERTION
-        'licenseDeclared': spdx_common.get_license_ref(
-            mapping['PackageLicenseDeclared']) if
-        mapping['PackageLicenseDeclared'] else 'NONE',
+        'licenseDeclared':  get_package_license_declared(
+            mapping['PackageLicenseDeclared']),
         'copyrightText': mapping['PackageCopyrightText'] if
         mapping['PackageCopyrightText'] else'NONE',
         'comment': get_package_comment(package)
