Merge branch '207904-bsd-not-precise' into 'master'v3.24.0

Denormalize BSD-4-Clause license

See merge request gitlab-org/security-products/license-management!196

4 files changed, 34 insertions, 18 deletions

diff --git a/spec/integration/c/conan_spec.rb b/spec/integration/c/conan_spec.rb
index 52b7a39..baae361 100644
--- a/spec/integration/c/conan_spec.rb
+++ b/spec/integration/c/conan_spec.rb
@@ -16,7 +16,7 @@ RSpec.describe "conan" do
 
     specify { expect(subject).to match_schema }
     specify { expect { subject }.to perform_under(60).sec.warmup(0).times }
-    specify { expect(subject.dependency_names).to match_array(%w[openssl poco]) }
+    specify { expect(subject.dependency_names).to match_array(%w[bzip2 expat openssl pcre poco sqlite3 zlib]) }
     specify { expect(subject.licenses_for('openssl')).to match_array(['OpenSSL']) }
     specify { expect(subject.licenses_for('poco')).to match_array(['BSL-1.0']) }
   end
diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb
index c9a7026..65d8bf5 100644
--- a/spec/integration/java/maven_spec.rb
+++ b/spec/integration/java/maven_spec.rb
@@ -71,8 +71,8 @@ RSpec.describe "maven" do
       expect(subject[:dependencies]).not_to be_empty
 
       [
-        { name: "asm", licenses: ["BSD-4-Clause"] },
-        { name: "asm-commons", licenses: ["BSD-4-Clause"] },
+        { name: "asm", licenses: ["bsd"] },
+        { name: "asm-commons", licenses: ["bsd"] },
         { name: "jackson-annotations", licenses: ["Apache-2.0"] },
         { name: "jackson-core", licenses: ["Apache-2.0"] },
         { name: "jackson-databind", licenses: ["Apache-2.0"] },
@@ -81,7 +81,7 @@ RSpec.describe "maven" do
         { name: "log4j-api", licenses: ["Apache-2.0"] },
         { name: "log4j-core", licenses: ["Apache-2.0"] },
         { name: "netty-all", licenses: ["Apache-2.0"] },
-        { name: "stax2-api", licenses: ["BSD-4-Clause"] }
+        { name: "stax2-api", licenses: ["bsd"] }
       ].each do |dependency|
         expect(subject.licenses_for(dependency[:name])).to match_array(dependency[:licenses])
       end
diff --git a/spec/integration/js/npm_spec.rb b/spec/integration/js/npm_spec.rb
index 8ab5be6..1481748 100644
--- a/spec/integration/js/npm_spec.rb
+++ b/spec/integration/js/npm_spec.rb
@@ -95,7 +95,7 @@ RSpec.describe "npm" do
         ["isstream", "0.1.2", ["MIT"]],
         ["jsbn", "0.1.1", ["MIT"]],
         ["jsdom", "15.2.1", ["MIT"]],
-        ["json-schema", "0.2.3", ["AFL-2.1", "BSD-4-Clause"]],
+        ["json-schema", "0.2.3", ["AFL-2.1", "bsd"]],
         ["json-schema-traverse", "0.4.1", ["MIT"]],
         ["json-stringify-safe", "5.0.1", ["ISC"]],
         ["jsonfile", "4.0.0", ["MIT"]],
@@ -242,7 +242,7 @@ RSpec.describe "npm" do
         ["isstream", "0.1.2", ["MIT"]],
         ["jsbn", "0.1.1", ["MIT"]],
         ["jsdom", "15.2.1", ["MIT"]],
-        ["json-schema", "0.2.3", ["AFL-2.1", "BSD-4-Clause"]],
+        ["json-schema", "0.2.3", ["AFL-2.1", "bsd"]],
         ["json-schema-traverse", "0.4.1", ["MIT"]],
         ["json-stringify-safe", "5.0.1", ["ISC"]],
         ["jsonfile", "4.0.0", ["MIT"]],
@@ -397,7 +397,7 @@ RSpec.describe "npm" do
         ["isstream", "0.1.2", ["MIT"]],
         ["jsbn", "0.1.1", ["MIT"]],
         ["jsdom", "15.2.1", ["MIT"]],
-        ["json-schema", "0.2.3", ["AFL-2.1", "BSD-4-Clause"]],
+        ["json-schema", "0.2.3", ["AFL-2.1", "bsd"]],
         ["json-schema-traverse", "0.4.1", ["MIT"]],
         ["json-stringify-safe", "5.0.1", ["ISC"]],
         ["jsonfile", "4.0.0", ["MIT"]],
diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb
index 9c2721d..9911dc5 100644
--- a/spec/integration/python/pip_spec.rb
+++ b/spec/integration/python/pip_spec.rb
@@ -14,7 +14,7 @@ RSpec.describe "pip" do
       expect(report).to match_schema
       expect(report[:version]).to start_with('2')
       expect(report.dependency_names).to include("sentry-sdk")
-      expect(report.licenses_for('sentry-sdk')).to match_array(["BSD-4-Clause"])
+      expect(report.licenses_for('sentry-sdk')).to match_array(["bsd"])
     end
   end
 
@@ -46,6 +46,22 @@ RSpec.describe "pip" do
     end
   end
 
+  context 'with BSD licenses dependencies' do
+    let(:requirements) { %w[webencodings idna click EasyProcess PyVirtualDisplay].join("\n") }
+
+    it 'finds proper versions of BSD license' do
+      runner.add_file('requirements.txt', requirements)
+
+      report = runner.scan
+
+      expect(report.licenses_for('webencodings')).to eq(['bsd'])
+      expect(report.licenses_for('idna')).to eq(['bsd-like'])
+      expect(report.licenses_for('EasyProcess')).to eq(['bsd'])
+      expect(report.licenses_for('PyVirtualDisplay')).to eq(['bsd'])
+      expect(report.licenses_for('click')).to eq(['BSD-3-Clause'])
+    end
+  end
+
   [{ version: '2', commit: '04dce91b' }, { version: '3', commit: '48e250a1' }].each do |python|
     ['1.0', '1.1', '2.0', '2.1'].each do |report_version|
       context "when generating a `#{report_version}` report using Python `#{python[:version]}`" do
@@ -148,14 +164,14 @@ RSpec.describe "pip" do
 
       runner.add_file('setup.py') do
         <<~RAW
-from setuptools import setup, find_packages
-
-setup(
-    name='gitlab-sp-test-python-pip',
-    version='1.2.0',
-    packages=find_packages(),
-    install_requires=['requests'],
-)
+          from setuptools import setup, find_packages
+
+          setup(
+              name='gitlab-sp-test-python-pip',
+              version='1.2.0',
+              packages=find_packages(),
+              install_requires=['requests'],
+          )
         RAW
       end
     end
@@ -178,9 +194,9 @@ setup(
     before do
       runner.add_file('custom.sh') do
         <<~SCRIPT
-        #!/bin/bash -l
+          #!/bin/bash -l
 
-        python --version &> '#{output_file}'
+          python --version &> '#{output_file}'
         SCRIPT
       end
     end