RubyGems - spdx - Versions diffs - 2.0.10 → 3.1.0 - Mend

spdx 2.0.10 → 3.1.0

Files changed (12) hide show

data/spdx.gemspec CHANGED

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.version       = Spdx::VERSION
   spec.authors       = ["Tidelift, Inc."]
   spec.email         = ["support@tidelift.com"]
-  spec.summary       = "A SPDX license normalizer"
+  spec.summary       = "A SPDX license parser"
   spec.homepage      = "https://github.com/librariesio/spdx"
   spec.license       = "MIT"
@@ -18,7 +18,6 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_dependency "fuzzy_match", "~> 2.1"
   spec.add_dependency "treetop", "~> 1.6"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "pry"

data/spec/spdx_spec.rb CHANGED

@@ -3,183 +3,6 @@
 require "spec_helper"
 describe Spdx do
-  describe "find" do
-    it "should return know license from short code" do
-      expect(Spdx.find("Apache-2.0").name).to eq("Apache License 2.0")
-    end
-    it "should work with case-insentive short codes" do
-      expect(Spdx.find("apache-2.0").name).to eq("Apache License 2.0")
-      expect(Spdx.find("agpl-3.0").name).to eq("GNU Affero General Public License v3.0")
-    end
-    it "should return know license from full name" do
-      expect(Spdx.find("Apache License 2.0").name).to eq("Apache License 2.0")
-    end
-    it "should return nil for commercial" do
-      expect(Spdx.find("Commercial")).to be_nil
-    end
-    it "should return nil for garbage" do
-      expect(Spdx.find("foo bar baz")).to be_nil
-      expect(Spdx.find("https://github.com/AuthorizeNet/sdk-ruby/blob/master/license.txt")).to be_nil
-    end
-    it "should return know license from an alias" do
-      expect(Spdx.find("The Apache Software License, Version 2.0").name).to eq("Apache License 2.0")
-      expect(Spdx.find("Apache2").name).to eq("Apache License 2.0")
-      expect(Spdx.find("Apache License, Version 2.0").name).to eq("Apache License 2.0")
-      expect(Spdx.find("Educational Community License, Version 2.0").name).to eq("Educational Community License v2.0")
-      expect(Spdx.find("CDDL + GPLv2 with classpath exception").name).to \
-        eq("GNU General Public License v2.0 w/Classpath exception")
-      expect(Spdx.find("The MIT License").name).to eq("MIT License")
-      expect(Spdx.find("UNLICENSE").name).to eq("The Unlicense")
-    end
-    it "should strip whitespace from strings before lookups" do
-      expect(Spdx.find(" BSD-3-Clause").id).to eq("BSD-3-Clause")
-    end
-    it "should handle pypi classifiers properly" do
-      pypi_mappings = [
-        ["Aladdin Free Public License (AFPL)", "Aladdin"],
-        ["CC0 1.0 Universal (CC0 1.0) Public Domain Dedication", "CC0-1.0"],
-        ["CeCILL-B Free Software License Agreement (CECILL-B)", "CECILL-B"],
-        ["CeCILL-C Free Software License Agreement (CECILL-C)", "CECILL-C"],
-        ["Eiffel Forum License (EFL)", "EFL-2.0"],
-        ["Netscape Public License (NPL)", "NPL-1.1"],
-        ["Nokia Open Source License (NOKOS)", "Nokia"],
-        ["Academic Free License (AFL)", "AFL-3.0"],
-        ["Apache Software License", "Apache-2.0"],
-        ["Apple Public Source License", "APSL-2.0"],
-        ["Artistic License", "Artistic-2.0"],
-        ["Attribution Assurance License", "AAL"],
-        ["Boost Software License 1.0 (BSL-1.0)", "BSL-1.0"],
-        ["BSD License", "BSD-3-Clause"],
-        ["Common Development and Distribution License 1.0 (CDDL-1.0)", "CDDL-1.0"],
-        ["Common Public License", "CPL-1.0"],
-        ["Eclipse Public License 1.0 (EPL-1.0)", "EPL-1.0"],
-        ["Eclipse Public License 2.0 (EPL-2.0)", "EPL-2.0"],
-        ["Eiffel Forum License", "EFL-2.0"],
-        ["European Union Public Licence 1.0 (EUPL 1.0)", "EUPL-1.0"],
-        ["European Union Public Licence 1.1 (EUPL 1.1)", "EUPL-1.1"],
-        ["European Union Public Licence 1.2 (EUPL 1.2)", "EUPL-1.2"],
-        ["GNU Affero General Public License v3", "AGPL-3.0"],
-        ["GNU Affero General Public License v3 or later (AGPLv3+)", "AGPL-3.0-or-later"],
-        ["GNU Free Documentation License (FDL)", "GFDL-1.3"],
-        ["GNU General Public License (GPL)", "GPL-2.0+"],
-        ["GNU General Public License v2 (GPLv2)", "GPL-2.0"],
-        ["GNU General Public License v2 or later (GPLv2+)", "GPL-2.0+"],
-        ["GNU General Public License v3 (GPLv3)", "GPL-3.0"],
-        ["GNU General Public License v3 or later (GPLv3+)", "GPL-3.0+"],
-        ["GNU Lesser General Public License v2 (LGPLv2)", "LGPL-2.0"],
-        ["GNU Lesser General Public License v2 or later (LGPLv2+)", "LGPL-2.0+"],
-        ["GNU Lesser General Public License v3 (LGPLv3)", "LGPL-3.0"],
-        ["GNU Lesser General Public License v3 or later (LGPLv3+)", "LGPL-3.0+"],
-        ["GNU Library or Lesser General Public License (LGPL)", "LGPL-2.0+"],
-        ["IBM Public License", "IPL-1.0"],
-        ["Intel Open Source License", "Intel"],
-        ["ISC License (ISCL)", "ISC"],
-        # ['MirOS License (MirOS)', 'MirOS'],
-        ["MIT License", "MIT"],
-        ["Motosoto License", "Motosoto"],
-        ["Mozilla Public License 1.0 (MPL)", "MPL-1.0"],
-        ["Mozilla Public License 1.1 (MPL 1.1)", "MPL-1.1"],
-        ["Mozilla Public License 2.0 (MPL 2.0)", "MPL-2.0"],
-        ["Nethack General Public License", "NGPL"],
-        ["Nokia Open Source License", "Nokia"],
-        ["Open Group Test Suite License", "OGTSL"],
-        ["PostgreSQL License", "PostgreSQL"],
-        ["Python License (CNRI Python License)", "CNRI-Python"],
-        # ['Python Software Foundation License', 'Python-2.0'],
-        ["Qt Public License (QPL)", "QPL-1.0"],
-        ["Ricoh Source Code Public License", "RSCPL"],
-        ["SIL Open Font License 1.1 (OFL-1.1)", "OFL-1.1"],
-        ["Sleepycat License", "Sleepycat"],
-        ["Sun Industry Standards Source License (SISSL)", "SISSL-1.2"],
-        ["Sun Public License", "SPL-1.0"],
-        ["Universal Permissive License (UPL)", "UPL-1.0"],
-        ["University of Illinois/NCSA Open Source License", "NCSA"],
-        ["Vovida Software License 1.0", "VSL-1.0"],
-        ["W3C License", "W3C"],
-        ["X.Net License", "Xnet"],
-        ["zlib/libpng License", "zlib-acknowledgement"],
-        ["Zope Public License", "ZPL-2.1"],
-      ]
-      pypi_mappings.each do |license, mapped|
-        expect(Spdx.find(license).id).to eq(mapped)
-      end
-    end
-    it "should return know licenses for special cases" do
-      expect(Spdx.find("MPL1").name).to eq("Mozilla Public License 1.0")
-      expect(Spdx.find("MPL1.0").name).to eq("Mozilla Public License 1.0")
-      expect(Spdx.find("MPL1.1").name).to eq("Mozilla Public License 1.1")
-      expect(Spdx.find("MPL2").name).to eq("Mozilla Public License 2.0")
-      expect(Spdx.find("MPL2.0").name).to eq("Mozilla Public License 2.0")
-      expect(Spdx.find("GPL3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("GPL v3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("GPL3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("GPL 3.0").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("GPL-3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL (≥ 2)]").name).to \
-        eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL]").name).to \
-        eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("GPL (≥ 3)").name).to eq("GNU General Public License v3.0 or later")
-      expect(Spdx.find("gpl30").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("GPL v2+").name).to eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("GPL 2").name).to eq("GNU General Public License v2.0 only")
-      expect(Spdx.find("GPL v2").name).to eq("GNU General Public License v2.0 only")
-      expect(Spdx.find("GPL2").name).to eq("GNU General Public License v2.0 only")
-      expect(Spdx.find("GPL-2 | GPL-3").name).to eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL (≥ 2.0)]").name).to \
-        eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("GPL2 w/ CPE").name).to eq("GNU General Public License v2.0 w/Classpath exception")
-      expect(Spdx.find("GPL 2.0").name).to eq("GNU General Public License v2.0 only")
-      expect(Spdx.find("New BSD License (GPL-compatible)").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("The GPL V3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("perl_5").name).to eq("Artistic License 1.0 (Perl)")
-      expect(Spdx.find("BSD3").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("BSD").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("GPLv3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("LGPLv2 or later").name).to eq("GNU Library General Public License v2.1 or later")
-      expect(Spdx.find("GPLv2 or later").name).to eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("Public Domain").name).to eq("The Unlicense")
-      expect(Spdx.find("GPL-2").name).to eq("GNU General Public License v2.0 only")
-      expect(Spdx.find("GPL").name).to eq("GNU General Public License v2.0 or later")
-      expect(Spdx.find("GNU LESSER GENERAL PUBLIC LICENSE").name).to \
-        eq("GNU Library General Public License v2.1 or later")
-      expect(Spdx.find("New BSD License").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("(MIT OR X11) ").name).to eq("MIT License")
-      expect(Spdx.find("mit-license").name).to eq("MIT License")
-      expect(Spdx.find("lgpl-3").name).to eq("GNU Lesser General Public License v3.0 only")
-      expect(Spdx.find("agpl-3").name).to eq("GNU Affero General Public License v3.0")
-      expect(Spdx.find("cc by-sa 4.0").name).to eq("Creative Commons Attribution Share Alike 4.0 International")
-      expect(Spdx.find("cc by-nc-sa 3.0").name).to \
-        eq("Creative Commons Attribution Non Commercial Share Alike 3.0 Unported")
-      expect(Spdx.find("cc by-sa 3.0").name).to eq("Creative Commons Attribution Share Alike 3.0 Unported")
-      expect(Spdx.find("gpl_1").name).to eq("GNU General Public License v1.0 only")
-      expect(Spdx.find("gpl_2").name).to eq("GNU General Public License v2.0 only")
-      expect(Spdx.find("gpl_3").name).to eq("GNU General Public License v3.0 only")
-      expect(Spdx.find("artistic_2").name).to eq("Artistic License 2.0")
-      expect(Spdx.find("artistic_1").name).to eq("Artistic License 1.0")
-      expect(Spdx.find("apache_2_0").name).to eq("Apache License 2.0")
-      expect(Spdx.find("apache_v2").name).to eq("Apache License 2.0")
-      expect(Spdx.find("lgpl_2_1").name).to eq("GNU Lesser General Public License v2.1 only")
-      expect(Spdx.find("lgpl_v2_1").name).to eq("GNU Lesser General Public License v2.1 only")
-      expect(Spdx.find("BSD 3-Clause").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("BSD 3-Clause").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("BSD 2-Clause").name).to eq('BSD 2-Clause "Simplified" License')
-      expect(Spdx.find("BSD 2-clause").name).to eq('BSD 2-Clause "Simplified" License')
-      expect(Spdx.find("BSD Style").name).to eq('BSD 3-Clause "New" or "Revised" License')
-      expect(Spdx.find("GNU LGPL v3+").name).to eq("GNU Lesser General Public License v3.0 only")
-      expect(Spdx.find("ZPL 2.1").name).to eq("Zope Public License 2.1")
-    end
-  end
   context "spdx parsing" do
     context "valid_spdx?" do
       it "returns false for invalid spdx" do
@@ -188,11 +11,13 @@ describe Spdx do
         expect(Spdx.valid_spdx?("MIT OR FAKEYLICENSE")).to be false
         expect(Spdx.valid_spdx?(nil)).to be false
         expect(Spdx.valid_spdx?("")).to be false
+        expect(Spdx.valid_spdx?("MIT (MIT)")).to be false
       end
       it "returns true for valid spdx" do
         expect(Spdx.valid_spdx?("(MIT OR MPL-2.0)")).to be true
         expect(Spdx.valid_spdx?("MIT")).to be true
         expect(Spdx.valid_spdx?("((MIT OR AGPL-1.0) AND (MIT OR MPL-2.0))")).to be true
+        expect(Spdx.valid_spdx?("MIT OR (MIT)")).to be true
       end
       it "returns true for NONE and NOASSERTION" do
         expect(Spdx.valid_spdx?("NONE")).to be true
@@ -201,7 +26,17 @@ describe Spdx do
         expect(Spdx.valid_spdx?("MIT OR NONE")).to be false
       end
       it "returns true for + expression" do
-        expect(Spdx.valid_spdx?("AGPL-1.0+"))
+        expect(Spdx.valid_spdx?("AGPL-3.0+")).to be true
+      end
+      it "is case insentive for license ids" do
+        expect(Spdx.valid_spdx?("mit OR agpl-3.0+")).to be true
+      end
+      it "handles LicenseRef" do
+        expect(Spdx.valid_spdx?("MIT OR LicenseRef-MIT-style-1")).to be true
+      end
+      it "handles DocumentRef" do
+        expect(Spdx.valid_spdx?("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1")).to be true
+        expect(Spdx.valid_spdx?("MIT OR DocumentRef-something-1")).to be false
       end
     end
   end
@@ -213,6 +48,12 @@ describe Spdx do
       expect(Spdx.parse_spdx("NONE").licenses).to eq []
       expect(Spdx.parse_spdx("NOASSERTION").licenses).to eq []
     end
+    it "returns LicenseRefs" do
+      expect(Spdx.parse_spdx("MIT OR LicenseRef-MIT-style-1").licenses).to eq %w[MIT LicenseRef-MIT-style-1]
+    end
+    it "returns DocumentRefs" do
+      expect(Spdx.parse_spdx("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1").licenses).to eq %w[MIT DocumentRef-something-1:LicenseRef-MIT-style-1]
+    end
   end
   context "exceptions" do

metadata CHANGED

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: spdx
 version: !ruby/object:Gem::Version
-  version: 2.0.10
+  version: 3.1.0
 platform: ruby
 authors:
 - Tidelift, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-08 00:00:00.000000000 Z
+date: 2020-11-11 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: fuzzy_match
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: treetop
   requirement: !ruby/object:Gem::Requirement
@@ -161,11 +147,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.4
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
-summary: A SPDX license normalizer
+summary: A SPDX license parser
 test_files:
 - spec/spdx_spec.rb
 - spec/spec_helper.rb