spdx 2.0.10 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +15 -5
- data/exceptions.json +2 -2
- data/lib/spdx.rb +20 -187
- data/lib/spdx/version.rb +1 -1
- data/lib/spdx_grammar.rb +15 -0
- data/lib/spdx_parser.rb +4 -4
- data/lib/spdx_parser.treetop +15 -7
- data/licenses.json +703 -433
- data/spdx.gemspec +1 -2
- data/spec/spdx_spec.rb +19 -178
- metadata +4 -19
data/spdx.gemspec
CHANGED
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.version = Spdx::VERSION
|
10
10
|
spec.authors = ["Tidelift, Inc."]
|
11
11
|
spec.email = ["support@tidelift.com"]
|
12
|
-
spec.summary = "A SPDX license
|
12
|
+
spec.summary = "A SPDX license parser"
|
13
13
|
spec.homepage = "https://github.com/librariesio/spdx"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
@@ -18,7 +18,6 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
-
spec.add_dependency "fuzzy_match", "~> 2.1"
|
22
21
|
spec.add_dependency "treetop", "~> 1.6"
|
23
22
|
spec.add_development_dependency "bundler"
|
24
23
|
spec.add_development_dependency "pry"
|
data/spec/spdx_spec.rb
CHANGED
@@ -3,183 +3,6 @@
|
|
3
3
|
require "spec_helper"
|
4
4
|
|
5
5
|
describe Spdx do
|
6
|
-
describe "find" do
|
7
|
-
it "should return know license from short code" do
|
8
|
-
expect(Spdx.find("Apache-2.0").name).to eq("Apache License 2.0")
|
9
|
-
end
|
10
|
-
|
11
|
-
it "should work with case-insentive short codes" do
|
12
|
-
expect(Spdx.find("apache-2.0").name).to eq("Apache License 2.0")
|
13
|
-
expect(Spdx.find("agpl-3.0").name).to eq("GNU Affero General Public License v3.0")
|
14
|
-
end
|
15
|
-
|
16
|
-
it "should return know license from full name" do
|
17
|
-
expect(Spdx.find("Apache License 2.0").name).to eq("Apache License 2.0")
|
18
|
-
end
|
19
|
-
|
20
|
-
it "should return nil for commercial" do
|
21
|
-
expect(Spdx.find("Commercial")).to be_nil
|
22
|
-
end
|
23
|
-
|
24
|
-
it "should return nil for garbage" do
|
25
|
-
expect(Spdx.find("foo bar baz")).to be_nil
|
26
|
-
expect(Spdx.find("https://github.com/AuthorizeNet/sdk-ruby/blob/master/license.txt")).to be_nil
|
27
|
-
end
|
28
|
-
|
29
|
-
it "should return know license from an alias" do
|
30
|
-
expect(Spdx.find("The Apache Software License, Version 2.0").name).to eq("Apache License 2.0")
|
31
|
-
expect(Spdx.find("Apache2").name).to eq("Apache License 2.0")
|
32
|
-
expect(Spdx.find("Apache License, Version 2.0").name).to eq("Apache License 2.0")
|
33
|
-
expect(Spdx.find("Educational Community License, Version 2.0").name).to eq("Educational Community License v2.0")
|
34
|
-
expect(Spdx.find("CDDL + GPLv2 with classpath exception").name).to \
|
35
|
-
eq("GNU General Public License v2.0 w/Classpath exception")
|
36
|
-
expect(Spdx.find("The MIT License").name).to eq("MIT License")
|
37
|
-
expect(Spdx.find("UNLICENSE").name).to eq("The Unlicense")
|
38
|
-
end
|
39
|
-
|
40
|
-
it "should strip whitespace from strings before lookups" do
|
41
|
-
expect(Spdx.find(" BSD-3-Clause").id).to eq("BSD-3-Clause")
|
42
|
-
end
|
43
|
-
|
44
|
-
it "should handle pypi classifiers properly" do
|
45
|
-
pypi_mappings = [
|
46
|
-
["Aladdin Free Public License (AFPL)", "Aladdin"],
|
47
|
-
["CC0 1.0 Universal (CC0 1.0) Public Domain Dedication", "CC0-1.0"],
|
48
|
-
["CeCILL-B Free Software License Agreement (CECILL-B)", "CECILL-B"],
|
49
|
-
["CeCILL-C Free Software License Agreement (CECILL-C)", "CECILL-C"],
|
50
|
-
["Eiffel Forum License (EFL)", "EFL-2.0"],
|
51
|
-
["Netscape Public License (NPL)", "NPL-1.1"],
|
52
|
-
["Nokia Open Source License (NOKOS)", "Nokia"],
|
53
|
-
["Academic Free License (AFL)", "AFL-3.0"],
|
54
|
-
["Apache Software License", "Apache-2.0"],
|
55
|
-
["Apple Public Source License", "APSL-2.0"],
|
56
|
-
["Artistic License", "Artistic-2.0"],
|
57
|
-
["Attribution Assurance License", "AAL"],
|
58
|
-
["Boost Software License 1.0 (BSL-1.0)", "BSL-1.0"],
|
59
|
-
["BSD License", "BSD-3-Clause"],
|
60
|
-
["Common Development and Distribution License 1.0 (CDDL-1.0)", "CDDL-1.0"],
|
61
|
-
["Common Public License", "CPL-1.0"],
|
62
|
-
["Eclipse Public License 1.0 (EPL-1.0)", "EPL-1.0"],
|
63
|
-
["Eclipse Public License 2.0 (EPL-2.0)", "EPL-2.0"],
|
64
|
-
["Eiffel Forum License", "EFL-2.0"],
|
65
|
-
["European Union Public Licence 1.0 (EUPL 1.0)", "EUPL-1.0"],
|
66
|
-
["European Union Public Licence 1.1 (EUPL 1.1)", "EUPL-1.1"],
|
67
|
-
["European Union Public Licence 1.2 (EUPL 1.2)", "EUPL-1.2"],
|
68
|
-
["GNU Affero General Public License v3", "AGPL-3.0"],
|
69
|
-
["GNU Affero General Public License v3 or later (AGPLv3+)", "AGPL-3.0-or-later"],
|
70
|
-
["GNU Free Documentation License (FDL)", "GFDL-1.3"],
|
71
|
-
["GNU General Public License (GPL)", "GPL-2.0+"],
|
72
|
-
["GNU General Public License v2 (GPLv2)", "GPL-2.0"],
|
73
|
-
["GNU General Public License v2 or later (GPLv2+)", "GPL-2.0+"],
|
74
|
-
["GNU General Public License v3 (GPLv3)", "GPL-3.0"],
|
75
|
-
["GNU General Public License v3 or later (GPLv3+)", "GPL-3.0+"],
|
76
|
-
["GNU Lesser General Public License v2 (LGPLv2)", "LGPL-2.0"],
|
77
|
-
["GNU Lesser General Public License v2 or later (LGPLv2+)", "LGPL-2.0+"],
|
78
|
-
["GNU Lesser General Public License v3 (LGPLv3)", "LGPL-3.0"],
|
79
|
-
["GNU Lesser General Public License v3 or later (LGPLv3+)", "LGPL-3.0+"],
|
80
|
-
["GNU Library or Lesser General Public License (LGPL)", "LGPL-2.0+"],
|
81
|
-
["IBM Public License", "IPL-1.0"],
|
82
|
-
["Intel Open Source License", "Intel"],
|
83
|
-
["ISC License (ISCL)", "ISC"],
|
84
|
-
# ['MirOS License (MirOS)', 'MirOS'],
|
85
|
-
["MIT License", "MIT"],
|
86
|
-
["Motosoto License", "Motosoto"],
|
87
|
-
["Mozilla Public License 1.0 (MPL)", "MPL-1.0"],
|
88
|
-
["Mozilla Public License 1.1 (MPL 1.1)", "MPL-1.1"],
|
89
|
-
["Mozilla Public License 2.0 (MPL 2.0)", "MPL-2.0"],
|
90
|
-
["Nethack General Public License", "NGPL"],
|
91
|
-
["Nokia Open Source License", "Nokia"],
|
92
|
-
["Open Group Test Suite License", "OGTSL"],
|
93
|
-
["PostgreSQL License", "PostgreSQL"],
|
94
|
-
["Python License (CNRI Python License)", "CNRI-Python"],
|
95
|
-
# ['Python Software Foundation License', 'Python-2.0'],
|
96
|
-
["Qt Public License (QPL)", "QPL-1.0"],
|
97
|
-
["Ricoh Source Code Public License", "RSCPL"],
|
98
|
-
["SIL Open Font License 1.1 (OFL-1.1)", "OFL-1.1"],
|
99
|
-
["Sleepycat License", "Sleepycat"],
|
100
|
-
["Sun Industry Standards Source License (SISSL)", "SISSL-1.2"],
|
101
|
-
["Sun Public License", "SPL-1.0"],
|
102
|
-
["Universal Permissive License (UPL)", "UPL-1.0"],
|
103
|
-
["University of Illinois/NCSA Open Source License", "NCSA"],
|
104
|
-
["Vovida Software License 1.0", "VSL-1.0"],
|
105
|
-
["W3C License", "W3C"],
|
106
|
-
["X.Net License", "Xnet"],
|
107
|
-
["zlib/libpng License", "zlib-acknowledgement"],
|
108
|
-
["Zope Public License", "ZPL-2.1"],
|
109
|
-
]
|
110
|
-
pypi_mappings.each do |license, mapped|
|
111
|
-
expect(Spdx.find(license).id).to eq(mapped)
|
112
|
-
end
|
113
|
-
end
|
114
|
-
|
115
|
-
it "should return know licenses for special cases" do
|
116
|
-
expect(Spdx.find("MPL1").name).to eq("Mozilla Public License 1.0")
|
117
|
-
expect(Spdx.find("MPL1.0").name).to eq("Mozilla Public License 1.0")
|
118
|
-
expect(Spdx.find("MPL1.1").name).to eq("Mozilla Public License 1.1")
|
119
|
-
expect(Spdx.find("MPL2").name).to eq("Mozilla Public License 2.0")
|
120
|
-
expect(Spdx.find("MPL2.0").name).to eq("Mozilla Public License 2.0")
|
121
|
-
expect(Spdx.find("GPL3").name).to eq("GNU General Public License v3.0 only")
|
122
|
-
expect(Spdx.find("GPL v3").name).to eq("GNU General Public License v3.0 only")
|
123
|
-
expect(Spdx.find("GPL3").name).to eq("GNU General Public License v3.0 only")
|
124
|
-
expect(Spdx.find("GPL 3.0").name).to eq("GNU General Public License v3.0 only")
|
125
|
-
expect(Spdx.find("GPL-3").name).to eq("GNU General Public License v3.0 only")
|
126
|
-
expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL (≥ 2)]").name).to \
|
127
|
-
eq("GNU General Public License v2.0 or later")
|
128
|
-
expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL]").name).to \
|
129
|
-
eq("GNU General Public License v2.0 or later")
|
130
|
-
expect(Spdx.find("GPL (≥ 3)").name).to eq("GNU General Public License v3.0 or later")
|
131
|
-
expect(Spdx.find("gpl30").name).to eq("GNU General Public License v3.0 only")
|
132
|
-
expect(Spdx.find("GPL v2+").name).to eq("GNU General Public License v2.0 or later")
|
133
|
-
expect(Spdx.find("GPL 2").name).to eq("GNU General Public License v2.0 only")
|
134
|
-
expect(Spdx.find("GPL v2").name).to eq("GNU General Public License v2.0 only")
|
135
|
-
expect(Spdx.find("GPL2").name).to eq("GNU General Public License v2.0 only")
|
136
|
-
expect(Spdx.find("GPL-2 | GPL-3").name).to eq("GNU General Public License v2.0 or later")
|
137
|
-
expect(Spdx.find("GPL-2 | GPL-3 [expanded from: GPL (≥ 2.0)]").name).to \
|
138
|
-
eq("GNU General Public License v2.0 or later")
|
139
|
-
expect(Spdx.find("GPL2 w/ CPE").name).to eq("GNU General Public License v2.0 w/Classpath exception")
|
140
|
-
expect(Spdx.find("GPL 2.0").name).to eq("GNU General Public License v2.0 only")
|
141
|
-
expect(Spdx.find("New BSD License (GPL-compatible)").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
142
|
-
expect(Spdx.find("The GPL V3").name).to eq("GNU General Public License v3.0 only")
|
143
|
-
expect(Spdx.find("perl_5").name).to eq("Artistic License 1.0 (Perl)")
|
144
|
-
expect(Spdx.find("BSD3").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
145
|
-
expect(Spdx.find("BSD").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
146
|
-
expect(Spdx.find("GPLv3").name).to eq("GNU General Public License v3.0 only")
|
147
|
-
expect(Spdx.find("LGPLv2 or later").name).to eq("GNU Library General Public License v2.1 or later")
|
148
|
-
expect(Spdx.find("GPLv2 or later").name).to eq("GNU General Public License v2.0 or later")
|
149
|
-
expect(Spdx.find("Public Domain").name).to eq("The Unlicense")
|
150
|
-
expect(Spdx.find("GPL-2").name).to eq("GNU General Public License v2.0 only")
|
151
|
-
expect(Spdx.find("GPL").name).to eq("GNU General Public License v2.0 or later")
|
152
|
-
expect(Spdx.find("GNU LESSER GENERAL PUBLIC LICENSE").name).to \
|
153
|
-
eq("GNU Library General Public License v2.1 or later")
|
154
|
-
expect(Spdx.find("New BSD License").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
155
|
-
expect(Spdx.find("(MIT OR X11) ").name).to eq("MIT License")
|
156
|
-
expect(Spdx.find("mit-license").name).to eq("MIT License")
|
157
|
-
expect(Spdx.find("lgpl-3").name).to eq("GNU Lesser General Public License v3.0 only")
|
158
|
-
expect(Spdx.find("agpl-3").name).to eq("GNU Affero General Public License v3.0")
|
159
|
-
expect(Spdx.find("cc by-sa 4.0").name).to eq("Creative Commons Attribution Share Alike 4.0 International")
|
160
|
-
expect(Spdx.find("cc by-nc-sa 3.0").name).to \
|
161
|
-
eq("Creative Commons Attribution Non Commercial Share Alike 3.0 Unported")
|
162
|
-
expect(Spdx.find("cc by-sa 3.0").name).to eq("Creative Commons Attribution Share Alike 3.0 Unported")
|
163
|
-
expect(Spdx.find("gpl_1").name).to eq("GNU General Public License v1.0 only")
|
164
|
-
expect(Spdx.find("gpl_2").name).to eq("GNU General Public License v2.0 only")
|
165
|
-
expect(Spdx.find("gpl_3").name).to eq("GNU General Public License v3.0 only")
|
166
|
-
expect(Spdx.find("artistic_2").name).to eq("Artistic License 2.0")
|
167
|
-
expect(Spdx.find("artistic_1").name).to eq("Artistic License 1.0")
|
168
|
-
expect(Spdx.find("apache_2_0").name).to eq("Apache License 2.0")
|
169
|
-
expect(Spdx.find("apache_v2").name).to eq("Apache License 2.0")
|
170
|
-
expect(Spdx.find("lgpl_2_1").name).to eq("GNU Lesser General Public License v2.1 only")
|
171
|
-
expect(Spdx.find("lgpl_v2_1").name).to eq("GNU Lesser General Public License v2.1 only")
|
172
|
-
|
173
|
-
expect(Spdx.find("BSD 3-Clause").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
174
|
-
expect(Spdx.find("BSD 3-Clause").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
175
|
-
expect(Spdx.find("BSD 2-Clause").name).to eq('BSD 2-Clause "Simplified" License')
|
176
|
-
expect(Spdx.find("BSD 2-clause").name).to eq('BSD 2-Clause "Simplified" License')
|
177
|
-
expect(Spdx.find("BSD Style").name).to eq('BSD 3-Clause "New" or "Revised" License')
|
178
|
-
|
179
|
-
expect(Spdx.find("GNU LGPL v3+").name).to eq("GNU Lesser General Public License v3.0 only")
|
180
|
-
expect(Spdx.find("ZPL 2.1").name).to eq("Zope Public License 2.1")
|
181
|
-
end
|
182
|
-
end
|
183
6
|
context "spdx parsing" do
|
184
7
|
context "valid_spdx?" do
|
185
8
|
it "returns false for invalid spdx" do
|
@@ -188,11 +11,13 @@ describe Spdx do
|
|
188
11
|
expect(Spdx.valid_spdx?("MIT OR FAKEYLICENSE")).to be false
|
189
12
|
expect(Spdx.valid_spdx?(nil)).to be false
|
190
13
|
expect(Spdx.valid_spdx?("")).to be false
|
14
|
+
expect(Spdx.valid_spdx?("MIT (MIT)")).to be false
|
191
15
|
end
|
192
16
|
it "returns true for valid spdx" do
|
193
17
|
expect(Spdx.valid_spdx?("(MIT OR MPL-2.0)")).to be true
|
194
18
|
expect(Spdx.valid_spdx?("MIT")).to be true
|
195
19
|
expect(Spdx.valid_spdx?("((MIT OR AGPL-1.0) AND (MIT OR MPL-2.0))")).to be true
|
20
|
+
expect(Spdx.valid_spdx?("MIT OR (MIT)")).to be true
|
196
21
|
end
|
197
22
|
it "returns true for NONE and NOASSERTION" do
|
198
23
|
expect(Spdx.valid_spdx?("NONE")).to be true
|
@@ -201,7 +26,17 @@ describe Spdx do
|
|
201
26
|
expect(Spdx.valid_spdx?("MIT OR NONE")).to be false
|
202
27
|
end
|
203
28
|
it "returns true for + expression" do
|
204
|
-
expect(Spdx.valid_spdx?("AGPL-
|
29
|
+
expect(Spdx.valid_spdx?("AGPL-3.0+")).to be true
|
30
|
+
end
|
31
|
+
it "is case insentive for license ids" do
|
32
|
+
expect(Spdx.valid_spdx?("mit OR agpl-3.0+")).to be true
|
33
|
+
end
|
34
|
+
it "handles LicenseRef" do
|
35
|
+
expect(Spdx.valid_spdx?("MIT OR LicenseRef-MIT-style-1")).to be true
|
36
|
+
end
|
37
|
+
it "handles DocumentRef" do
|
38
|
+
expect(Spdx.valid_spdx?("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1")).to be true
|
39
|
+
expect(Spdx.valid_spdx?("MIT OR DocumentRef-something-1")).to be false
|
205
40
|
end
|
206
41
|
end
|
207
42
|
end
|
@@ -213,6 +48,12 @@ describe Spdx do
|
|
213
48
|
expect(Spdx.parse_spdx("NONE").licenses).to eq []
|
214
49
|
expect(Spdx.parse_spdx("NOASSERTION").licenses).to eq []
|
215
50
|
end
|
51
|
+
it "returns LicenseRefs" do
|
52
|
+
expect(Spdx.parse_spdx("MIT OR LicenseRef-MIT-style-1").licenses).to eq %w[MIT LicenseRef-MIT-style-1]
|
53
|
+
end
|
54
|
+
it "returns DocumentRefs" do
|
55
|
+
expect(Spdx.parse_spdx("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1").licenses).to eq %w[MIT DocumentRef-something-1:LicenseRef-MIT-style-1]
|
56
|
+
end
|
216
57
|
end
|
217
58
|
|
218
59
|
context "exceptions" do
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spdx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tidelift, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-11-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: fuzzy_match
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '2.1'
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '2.1'
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: treetop
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -161,11 +147,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
161
147
|
- !ruby/object:Gem::Version
|
162
148
|
version: '0'
|
163
149
|
requirements: []
|
164
|
-
|
165
|
-
rubygems_version: 2.7.4
|
150
|
+
rubygems_version: 3.1.2
|
166
151
|
signing_key:
|
167
152
|
specification_version: 4
|
168
|
-
summary: A SPDX license
|
153
|
+
summary: A SPDX license parser
|
169
154
|
test_files:
|
170
155
|
- spec/spdx_spec.rb
|
171
156
|
- spec/spec_helper.rb
|