Merge branch 'composite-licenses' into 'master'v3.27.0

Parse composite license expressions

See merge request gitlab-org/security-products/license-management!228

3 files changed, 19 insertions, 1 deletions

diff --git a/lib/license/finder/ext/dependency.rb b/lib/license/finder/ext/dependency.rb
index 48939bf..6e4aff6 100644
--- a/lib/license/finder/ext/dependency.rb
+++ b/lib/license/finder/ext/dependency.rb
@@ -7,6 +7,7 @@ module LicenseFinder
     def initialize(package_manager, name, version, options = {})
       @package_manager = package_manager
       @detection_path = options[:detection_path] || Pathname.pwd
+      options[:spec_licenses] = split_licenses_from(options[:spec_licenses]) if options[:spec_licenses]
       super(name, version, options)
     end
 
@@ -23,5 +24,21 @@ module LicenseFinder
         summary: other.summary
       )
     end
+
+    private
+
+    def split_licenses_from(declared_licenses)
+      declared_licenses.map do |declared|
+        license_for(::Spandx::Spdx::Expression.new.parse(declared)[0])
+      rescue StandardError
+        declared
+      end.flatten.compact
+    end
+
+    def license_for(node)
+      return [node&.to_s] unless node.is_a?(Hash)
+
+      [license_for(node[:left]), license_for(node[:right])]
+    end
   end
 end
diff --git a/lib/license/management.rb b/lib/license/management.rb
index 0b418e7..8cf5b56 100644
--- a/lib/license/management.rb
+++ b/lib/license/management.rb
@@ -3,6 +3,7 @@
 require 'json'
 require 'logger'
 require 'pathname'
+require 'spandx'
 require 'yaml'
 
 require 'license_finder'
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 8ffd30d..3c28192 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.26.1'
+    VERSION = '3.27.0'
   end
 end