Merge branch '13083-license-urls' into 'master'

Use user friendly URL instead of details URL.

See merge request gitlab-org/security-products/license-management!72

9 files changed, 41 insertions, 32 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index efeebe2..a7e3d6a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## v1.7.1
 
 - Add mappings for legacy license names
+- Use the license url instead of details url
 
 ## v1.7.0
 
diff --git a/lib/license/management/repository.rb b/lib/license/management/repository.rb
index a478dd6..164653c 100644
--- a/lib/license/management/repository.rb
+++ b/lib/license/management/repository.rb
@@ -36,7 +36,7 @@ module License
           {
             'id' => data['licenseId'],
             'name' => data['name'],
-            'url' => data['detailsUrl']
+            'url' => data['seeAlso'][-1]
           }
         else
           log_info("could not find license named `#{license.send(:short_name)}` in SPDX index")
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 7fec52d..8e65182 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '1.7.0'
+    VERSION = '1.7.1'
   end
 end
diff --git a/spec/license/management/report/v2_spec.rb b/spec/license/management/report/v2_spec.rb
index 766c08d..85c6158 100644
--- a/spec/license/management/report/v2_spec.rb
+++ b/spec/license/management/report/v2_spec.rb
@@ -39,5 +39,13 @@ RSpec.describe License::Management::Report::V2 do
         specify { expect(result[:licenses][0]['id']).to eq(spdx_id) }
       end
     end
+
+    context "when choosing an appropriate url for a license" do
+      subject { described_class.new([dependency]) }
+      let(:license) { LicenseFinder::License.new(short_name: 'MIT', matcher: LicenseFinder::License::NoneMatcher.new, url: nil) }
+      let(:dependency) { double(name: 'x', summary: '', description: '', homepage: '', licenses: [license]) }
+
+      specify { expect(subject.to_h[:licenses][0]['url']).to eql('https://opensource.org/licenses/MIT') }
+    end
   end
 end
diff --git a/test/results/java-maven-v2.json b/test/results/java-maven-v2.json
index c9858e5..1585f84 100644
--- a/test/results/java-maven-v2.json
+++ b/test/results/java-maven-v2.json
@@ -4,13 +4,13 @@
     {
       "id": "Apache-2.0",
       "name": "Apache License 2.0",
-      "url": "http://spdx.org/licenses/Apache-2.0.json",
+      "url": "https://opensource.org/licenses/Apache-2.0",
       "count": 27
     },
     {
       "id": "MIT",
       "name": "MIT License",
-      "url": "http://spdx.org/licenses/MIT.json",
+      "url": "https://opensource.org/licenses/MIT",
       "count": 3
     },
     {
@@ -22,13 +22,13 @@
     {
       "id": "LGPL-2.1",
       "name": "GNU Lesser General Public License v2.1 only",
-      "url": "http://spdx.org/licenses/LGPL-2.1.json",
+      "url": "https://opensource.org/licenses/LGPL-2.1",
       "count": 2
     },
     {
       "id": "BSD-4-Clause",
       "name": "BSD 4-Clause \"Original\" or \"Old\" License",
-      "url": "http://spdx.org/licenses/BSD-4-Clause.json",
+      "url": "http://directory.fsf.org/wiki/License:BSD_4Clause",
       "count": 1
     },
     {
@@ -46,13 +46,13 @@
     {
       "id": "MPL-1.1",
       "name": "Mozilla Public License 1.1",
-      "url": "http://spdx.org/licenses/MPL-1.1.json",
+      "url": "https://opensource.org/licenses/MPL-1.1",
       "count": 1
     },
     {
       "id": "MPL-2.0",
       "name": "Mozilla Public License 2.0",
-      "url": "http://spdx.org/licenses/MPL-2.0.json",
+      "url": "https://opensource.org/licenses/MPL-2.0",
       "count": 1
     }
   ],
diff --git a/test/results/js-yarn-v2.json b/test/results/js-yarn-v2.json
index fcbc0b0..f37e8e2 100644
--- a/test/results/js-yarn-v2.json
+++ b/test/results/js-yarn-v2.json
@@ -4,37 +4,37 @@
     {
       "id": "MIT",
       "name": "MIT License",
-      "url": "http://spdx.org/licenses/MIT.json",
+      "url": "https://opensource.org/licenses/MIT",
       "count": 1176
     },
     {
       "id": "ISC",
       "name": "ISC License",
-      "url": "http://spdx.org/licenses/ISC.json",
+      "url": "https://opensource.org/licenses/ISC",
       "count": 121
     },
     {
       "id": "BSD-3-Clause",
       "name": "BSD 3-Clause \"New\" or \"Revised\" License",
-      "url": "http://spdx.org/licenses/BSD-3-Clause.json",
+      "url": "https://opensource.org/licenses/BSD-3-Clause",
       "count": 39
     },
     {
       "id": "BSD-2-Clause",
       "name": "BSD 2-Clause \"Simplified\" License",
-      "url": "http://spdx.org/licenses/BSD-2-Clause.json",
+      "url": "https://opensource.org/licenses/BSD-2-Clause",
       "count": 34
     },
     {
       "id": "Apache-2.0",
       "name": "Apache License 2.0",
-      "url": "http://spdx.org/licenses/Apache-2.0.json",
+      "url": "https://opensource.org/licenses/Apache-2.0",
       "count": 23
     },
     {
       "id": "CC0-1.0",
       "name": "Creative Commons Zero v1.0 Universal",
-      "url": "http://spdx.org/licenses/CC0-1.0.json",
+      "url": "https://creativecommons.org/publicdomain/zero/1.0/legalcode",
       "count": 22
     },
     {
@@ -58,13 +58,13 @@
     {
       "id": "BSD-4-Clause",
       "name": "BSD 4-Clause \"Original\" or \"Old\" License",
-      "url": "http://spdx.org/licenses/BSD-4-Clause.json",
+      "url": "http://directory.fsf.org/wiki/License:BSD_4Clause",
       "count": 2
     },
     {
       "id": "CC-BY-4.0",
       "name": "Creative Commons Attribution 4.0 International",
-      "url": "http://spdx.org/licenses/CC-BY-4.0.json",
+      "url": "https://creativecommons.org/licenses/by/4.0/legalcode",
       "count": 2
     },
     {
@@ -76,7 +76,7 @@
     {
       "id": "Unlicense",
       "name": "The Unlicense",
-      "url": "http://spdx.org/licenses/Unlicense.json",
+      "url": "http://unlicense.org/",
       "count": 2
     },
     {
@@ -136,13 +136,13 @@
     {
       "id": "CC-BY-3.0",
       "name": "Creative Commons Attribution 3.0 Unported",
-      "url": "http://spdx.org/licenses/CC-BY-3.0.json",
+      "url": "https://creativecommons.org/licenses/by/3.0/legalcode",
       "count": 1
     },
     {
       "id": "WTFPL",
       "name": "Do What The F*ck You Want To Public License",
-      "url": "http://spdx.org/licenses/WTFPL.json",
+      "url": "http://sam.zoy.org/wtfpl/COPYING",
       "count": 1
     },
     {
@@ -154,7 +154,7 @@
     {
       "id": "MPL-2.0",
       "name": "Mozilla Public License 2.0",
-      "url": "http://spdx.org/licenses/MPL-2.0.json",
+      "url": "https://opensource.org/licenses/MPL-2.0",
       "count": 1
     },
     {
diff --git a/test/results/python-pip-v2.json b/test/results/python-pip-v2.json
index b3d5034..a3bbb94 100644
--- a/test/results/python-pip-v2.json
+++ b/test/results/python-pip-v2.json
@@ -4,19 +4,19 @@
     {
       "id": "BSD-4-Clause",
       "name": "BSD 4-Clause \"Original\" or \"Old\" License",
-      "url": "http://spdx.org/licenses/BSD-4-Clause.json",
+      "url": "http://directory.fsf.org/wiki/License:BSD_4Clause",
       "count": 4
     },
     {
       "id": "MIT",
       "name": "MIT License",
-      "url": "http://spdx.org/licenses/MIT.json",
+      "url": "https://opensource.org/licenses/MIT",
       "count": 4
     },
     {
       "id": "BSD-3-Clause",
       "name": "BSD 3-Clause \"New\" or \"Revised\" License",
-      "url": "http://spdx.org/licenses/BSD-3-Clause.json",
+      "url": "https://opensource.org/licenses/BSD-3-Clause",
       "count": 1
     },
     {
@@ -28,7 +28,7 @@
     {
       "id": "Python-2.0",
       "name": "Python License 2.0",
-      "url": "http://spdx.org/licenses/Python-2.0.json",
+      "url": "https://opensource.org/licenses/Python-2.0",
       "count": 1
     },
     {
diff --git a/test/results/python3-pip-v2.json b/test/results/python3-pip-v2.json
index 109e8e2..dc965d0 100644
--- a/test/results/python3-pip-v2.json
+++ b/test/results/python3-pip-v2.json
@@ -4,25 +4,25 @@
     {
       "id": "BSD-4-Clause",
       "name": "BSD 4-Clause \"Original\" or \"Old\" License",
-      "url": "http://spdx.org/licenses/BSD-4-Clause.json",
+      "url": "http://directory.fsf.org/wiki/License:BSD_4Clause",
       "count": 4
     },
     {
       "id": "MIT",
       "name": "MIT License",
-      "url": "http://spdx.org/licenses/MIT.json",
+      "url": "https://opensource.org/licenses/MIT",
       "count": 4
     },
     {
       "id": "Apache-2.0",
       "name": "Apache License 2.0",
-      "url": "http://spdx.org/licenses/Apache-2.0.json",
+      "url": "https://opensource.org/licenses/Apache-2.0",
       "count": 1
     },
     {
       "id": "BSD-3-Clause",
       "name": "BSD 3-Clause \"New\" or \"Revised\" License",
-      "url": "http://spdx.org/licenses/BSD-3-Clause.json",
+      "url": "https://opensource.org/licenses/BSD-3-Clause",
       "count": 1
     },
     {
@@ -34,7 +34,7 @@
     {
       "id": "Python-2.0",
       "name": "Python License 2.0",
-      "url": "http://spdx.org/licenses/Python-2.0.json",
+      "url": "https://opensource.org/licenses/Python-2.0",
       "count": 1
     },
     {
diff --git a/test/results/ruby-bundler-v2.json b/test/results/ruby-bundler-v2.json
index 5e4501f..e9e5ba0 100644
--- a/test/results/ruby-bundler-v2.json
+++ b/test/results/ruby-bundler-v2.json
@@ -4,19 +4,19 @@
     {
       "id": "MIT",
       "name": "MIT License",
-      "url": "http://spdx.org/licenses/MIT.json",
+      "url": "https://opensource.org/licenses/MIT",
       "count": 13
     },
     {
       "id": "BSD-3-Clause",
       "name": "BSD 3-Clause \"New\" or \"Revised\" License",
-      "url": "http://spdx.org/licenses/BSD-3-Clause.json",
+      "url": "https://opensource.org/licenses/BSD-3-Clause",
       "count": 2
     },
     {
       "id": "LGPL-3.0-only",
       "name": "GNU Lesser General Public License v3.0 only",
-      "url": "http://spdx.org/licenses/LGPL-3.0-only.json",
+      "url": "https://opensource.org/licenses/LGPL-3.0",
       "count": 1
     }
   ],