update licenses.json and parsing without xml conversion #94
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,2 @@ | ||
| Updated version of licenses.json file may be found here: | ||
| https://github.com/spdx/license-list-data/blob/main/json/licenses.json | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| package com.github.sbt.sbom.licenses | ||
|
|
||
| final case class License(id: String, name: String, references: Seq[String]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,23 +1,36 @@ | ||
| package com.github.sbt.sbom.licenses | ||
|
|
||
| import com.github.sbt.sbom.licenses.LicensesArchive.normalizeUrl | ||
|
|
||
| import scala.io.Source | ||
|
|
||
| class LicensesArchive(licenses: Seq[License]) { | ||
| private val licensesByNormalizedUrl: Map[String, License] = | ||
| licenses.iterator.flatMap { license => | ||
| license.references.map { reference => | ||
| (normalizeUrl(reference), license) | ||
| } | ||
| }.toMap | ||
|
|
||
| def findByNormalizedUrl(url: String): Option[License] = licensesByNormalizedUrl.get(normalizeUrl(url)) | ||
|
There was a problem hiding this comment. Do we really need this method? It seems only to be used in tests, or am I misunderstanding that? |
||
|
|
||
| def findById(id: String): Option[License] = licenses.find(_.id.contains(id)) | ||
| } | ||
|
|
||
| object LicensesArchive { | ||
| private def normalizeUrl(url: String): String = url.toLowerCase | ||
| .replaceFirst("^https://", "http://") | ||
| .replaceFirst("\\.html$", "") | ||
| .replaceFirst("\\.txt$", "") | ||
|
There was a problem hiding this comment. Is this safe? Wouldn't this risk changing the URL in a way that might not resolve anymore? If we do do this, wouldn't it be nicer to normalize towards using https instead? There was a problem hiding this comment. The normalization is really only used for comparing urls. Sadly the licenses that sbt returns often don't match with the urls from the license.json. using these three replacements got me really far to match most license ids. Yes https would probably be better even if it doesn't really matter that much. |
||
|
|
||
| private def loadResourceAsString(resource: String): String = { | ||
| val fileStream = getClass.getResourceAsStream(resource) | ||
| Source.fromInputStream(fileStream).mkString | ||
| } | ||
|
|
||
| def fromJsonString(json: String): LicensesArchive = | ||
| new LicensesArchive(LicensesArchiveJsonParser.parseString(json)) | ||
|
|
||
| lazy val bundled: LicensesArchive = | ||
| fromJsonString(loadResourceAsString("/licenses.json")) | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| package com.github.sbt.sbom.licenses | ||
|
|
||
| import io.circe.Decoder | ||
| import io.circe.generic.semiauto.deriveDecoder | ||
| import io.circe.parser.* | ||
|
|
||
| import scala.util.control.NonFatal | ||
|
|
||
| private[licenses] object LicensesArchiveJsonParser { | ||
| private case class LicenseJson( | ||
| licenseId: String, | ||
| name: String, | ||
| seeAlso: Seq[String] | ||
| ) | ||
|
|
||
| private object LicenseJson { | ||
| implicit val decoder: Decoder[LicenseJson] = deriveDecoder | ||
| } | ||
|
|
||
| private case class LicensesArchiveJson( | ||
| licenses: Seq[LicenseJson] | ||
| ) | ||
|
|
||
| private object LicensesArchiveJson { | ||
| implicit val decoder: Decoder[LicensesArchiveJson] = deriveDecoder | ||
| } | ||
|
|
||
| private def licenseFromLicenseEntry(licenseEntry: LicenseJson): License = License( | ||
| id = licenseEntry.licenseId, | ||
| name = licenseEntry.name, | ||
| references = licenseEntry.seeAlso | ||
| ) | ||
|
|
||
| def parseString(string: String): Seq[License] = { | ||
| val licensesArchiveJson = | ||
| try { | ||
| decode[LicensesArchiveJson](string).toTry.get | ||
| } catch { | ||
| case NonFatal(e) => throw new RuntimeException("failed to parse licenses archive json", e) | ||
| } | ||
|
|
||
| licensesArchiveJson.licenses.map(licenseFromLicenseEntry) | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,83 +1,91 @@ | ||
| package com.github.sbt.sbom | ||
|
|
||
| import com.github.sbt.sbom.licenses.LicensesArchive | ||
| import org.scalatest.matchers.should.Matchers | ||
| import org.scalatest.wordspec.AnyWordSpec | ||
|
|
||
| class LicensesArchiveSpec extends AnyWordSpec with Matchers { | ||
| "LicensesArchiveParser" should { | ||
| "fail parsing a not valid archive" in { | ||
| assertThrows[RuntimeException] { | ||
| LicensesArchive.fromJsonString("") | ||
| } | ||
| } | ||
|
|
||
| "parse a valid archive" in { | ||
| LicensesArchive.fromJsonString(json) | ||
| } | ||
| } | ||
|
|
||
| "LicenseRegister" should { | ||
| "find no license by ref" in { | ||
| val register = LicensesArchive.fromJsonString(json) | ||
| register.findByNormalizedUrl("http://www.domain.com/missingLicense") shouldBe None | ||
| } | ||
|
|
||
| "find licenses by ref" in { | ||
| val register = LicensesArchive.fromJsonString(json) | ||
| val gps2 = register.findByNormalizedUrl("https://opensource.org/licenses/GPL-2.0") | ||
| val zeroBsd = register.findByNormalizedUrl("http://landley.net/toybox/license.html") | ||
|
|
||
| gps2.isDefined shouldBe true | ||
| gps2.get.id shouldBe "GPL-2.0-or-later" | ||
| zeroBsd.isDefined shouldBe true | ||
| zeroBsd.get.id shouldBe "0BSD" | ||
| } | ||
|
|
||
| "find no licenses by id" in { | ||
| val register = LicensesArchive.fromJsonString(json) | ||
| register.findById("an invalid id") shouldBe None | ||
| } | ||
|
|
||
| "shoud read licenses from resource file" in { | ||
| val gpl2OrLater = LicensesArchive.bundled.findByNormalizedUrl("https://opensource.org/licenses/GPL-2.0") | ||
| gpl2OrLater.isDefined shouldBe true | ||
| gpl2OrLater.get.id shouldBe "GPL-2.0-or-later" | ||
| } | ||
|
|
||
| "find licenses by id" in { | ||
| val register = LicensesArchive.fromJsonString(json) | ||
| val gpl2 = register.findById("GPL-2.0-or-later") | ||
| gpl2.isDefined shouldBe true | ||
| gpl2.get.id shouldBe "GPL-2.0-or-later" | ||
| } | ||
| } | ||
|
|
||
| lazy val json: String = | ||
| """{ | ||
| | "licenseListVersion": "b5a3b2e", | ||
| | "licenses": [ | ||
| | { | ||
| | "reference": "https://spdx.org/licenses/0BSD.html", | ||
| | "isDeprecatedLicenseId": false, | ||
| | "detailsUrl": "https://spdx.org/licenses/0BSD.json", | ||
| | "referenceNumber": 430, | ||
| | "name": "BSD Zero Clause License", | ||
| | "licenseId": "0BSD", | ||
| | "seeAlso": [ | ||
| | "http://landley.net/toybox/license.html", | ||
| | "https://opensource.org/licenses/0BSD" | ||
| | ], | ||
| | "isOsiApproved": true | ||
| | }, | ||
| | { | ||
| | "reference": "https://spdx.org/licenses/GPL-2.0-or-later.html", | ||
| | "isDeprecatedLicenseId": false, | ||
| | "detailsUrl": "https://spdx.org/licenses/GPL-2.0-or-later.json", | ||
| | "referenceNumber": 629, | ||
| | "name": "GNU General Public License v2.0 or later", | ||
| | "licenseId": "GPL-2.0-or-later", | ||
| | "seeAlso": [ | ||
| | "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html", | ||
| | "https://opensource.org/licenses/GPL-2.0" | ||
| | ], | ||
| | "isOsiApproved": true, | ||
| | "isFsfLibre": true | ||
| | } | ||
| | ], | ||
| | "releaseDate": "2024-06-28" | ||
| |} | ||
| """.stripMargin | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 much nicer