Skip to content

Fix #915: handle UNLICENSED in NuGet license expressions #1004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jainlakshya wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix #915: handle UNLICENSED in NuGet license expressions #1004

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions CycloneDX.Tests/NugetV3ServiceTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -482,6 +482,38 @@ public async Task GetComponent_SingleLicenseExpression_ReturnsComponent()
Assert.Equal("Apache-2.0", component.Licenses.First().License.Id);
}

[Fact]
public async Task GetComponent_UnlicensedLicenseExpression_MapsToLicenseName()
{
var nuspecFileContents = @"<?xml version=""1.0"" encoding=""utf-8""?>
<package xmlns=""http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd"">
<metadata>
<id>testpackage</id>
<license type=""expression"">UNLICENSED</license>
</metadata>
</package>";
var mockFileSystem = new MockFileSystem(new Dictionary<string, MockFileData>
{
{ XFS.Path(@"c:\nugetcache\testpackage\1.0.0\testpackage.nuspec"), new MockFileData(nuspecFileContents) },
});

var mockGitHubService = new Mock<IGithubService>();

var nugetService = new NugetV3Service(null,
mockFileSystem,
new List<string> { XFS.Path(@"c:\nugetcache") },
mockGitHubService.Object,
new NullLogger(), false);

var component = await nugetService.GetComponentAsync("testpackage", "1.0.0", Component.ComponentScope.Required).ConfigureAwait(true);

Assert.Single(component.Licenses);
Assert.Equal("UNLICENSED", component.Licenses.First().License.Name);
Assert.True(string.IsNullOrEmpty(component.Licenses.First().License.Id));
}



[Fact]
public async Task GetComponent_MultiLicenseExpression_ReturnsComponent()
{
Expand Down
17 changes: 15 additions & 2 deletions CycloneDX/Services/NugetV3Service.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,12 +262,25 @@ public async Task<Component> GetComponentAsync(string name, string version, Comp
{
Action<NuGetLicense> licenseProcessor = delegate (NuGetLicense nugetLicense)
{
var identifier = nugetLicense?.Identifier?.Trim();
var license = new License();
license.Id = nugetLicense.Identifier;
license.Name = license.Id == null ? nugetLicense.Identifier : null;

// UNLICENSED is not a valid SPDX license id, so emit as name instead.
// (Avoids generating invalid CycloneDX output like <id>UNLICENSED</id>.)
if (!string.IsNullOrEmpty(identifier) &&
string.Equals(identifier, "UNLICENSED", StringComparison.OrdinalIgnoreCase))
{
license.Name = "UNLICENSED";
}
else
{
license.Id = identifier;
}

component.Licenses ??= new List<LicenseChoice>();
component.Licenses.Add(new LicenseChoice { License = license });
};

licenseMetadata.LicenseExpression.OnEachLeafNode(licenseProcessor, null);
}
else if (_githubService == null)
Expand Down