spdx 2.0.11 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2666b65e72b1bd12e9fe3d2214ef5177012c7df9ec9a755cf58910c52d6516cd
-  data.tar.gz: ee8c457edf2d81a51ba5d54904fd56a5dd121f7494403bd591033485d8cd0396
+  metadata.gz: 57eb1d8fa593ee4d8502733dd5257f050a5a421e8e272036517f146a362f1eea
+  data.tar.gz: e6d33c4be673643a9e052df93fcac4d41a3c8c809fca6293482979f0ffb62fb1
 SHA512:
-  metadata.gz: 728c74fa33a14330baab9d8c542c7700200dcc67e88310905404d4631e55a5ba08c80dc1145d7c4c32fccc3a2d8837692541e296465027729930e593ef54b46f
-  data.tar.gz: 7719ebb561baa9451c90ca440ae548e76c6562bd260589681ecd8416b57b0fb805f6f28917842f05e0d49f5b91d0c52f026a86e7b56618872c83e9de1a8f9297
+  metadata.gz: 29d8dd9dd27711bc077d2a6828cfa58a8f378a5bcd2e6a0b3915fc070e2561b03b412f7683027985d50624a013310d6e4bdd4f053e3646c4fb659d4675553fd6
+  data.tar.gz: 03ea3f99549c654a817c53077f584feaacd4a85200f008e987a7aebac684435974269ab6edac88a22d253d78f4dd9171ab12f6713c9241a5cf153966ae8b7863

data/README.md

@@ -1,7 +1,6 @@
-# [Spdx](http://libraries.io/rubygems/spdx) - A SPDX license normalizer
-
-This gem allows you to find the closest match using [FuzzyMatch](https://github.com/seamusabshere/fuzzy_match) in the [spdx-licenses](https://github.com/domcleal/spdx-licenses) list for similar (not necessarily exact) license names.
+# [Spdx](http://libraries.io/rubygems/spdx) - A SPDX license parser
 
+This gem allows you validate and parse spdx expressions. It also contains (relatively) up to date license and license exception lists from https://github.com/spdx/license-list-data/tree/master/json
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -21,14 +20,81 @@ Or install it yourself as:
 ## Usage
 
 ```ruby
-Spdx.find('Apache 2') # => <SpdxLicenses::License:0x007fa3a2b462c8 @id="Apache-2.0", @name="Apache License 2.0", @osi_approved=true>
+Spdx.valid?("(MIT OR AGPL-3.0+)")
+=> true
+```
+
+```ruby
+Spdx.parse("MIT OR AGPL-3.0+")
+=> LogicalOr+OrExpression4 offset=0, "MIT OR AGPL-3.0+":
+  License+LicenseId0 offset=0, "MIT" (idstring)
+  LicensePlus+SimpleExpression0 offset=7, "AGPL-3.0+" (license_id):
+    License+LicenseId0 offset=7, "AGPL-3.0" (idstring)
+```
+
+```ruby
+Spdx.normalize("Mit OR agpl-3.0+ AND APACHE-2.0")
+=> "MIT OR (AGPL-3.0+ AND Apache-2.0)"
+
+Spdx.normalize("Mit OR agpl-3.0+ AND APACHE-2.0", top_level_parens: true)
+=> "(MIT OR (AGPL-3.0+ AND Apache-2.0))"
+```
+
+### Nodes
+
+Parsed SPDX license expressions can be a number of various nodes. Each of these nodes share a few methods, most notably `text_value` which contains the text that spans that node, and `licenses` which contains an array of individual licenses used in that portion of the expression. Below are the nodes in more detail, and their additional methods.
+
+#### `License`
+
+This node represents a single license, and is the result of the most simple form of expression, e.g. `Spdx.parse("MIT")`. It can also be found as a child node of other nodes.
+
+#### `LicensePlus`
+
+This node represents the current version of a license or any later version, e.g. `Spdx.parse("CDDL-1.0+")`. The inner license node can be found via the `child` method.
+
+#### `LicenseRef`
+
+This node represents a reference to a license not defined in the SPDX license list, e.g. `Spdx.parse("LicenseRef-23")`.
+
+#### `DocumentRef`
+
+Similar to `LicenseRef`, this node also represents a reference to a license not defined in the SPDX license list, e.g. `Spdx.parse("DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2")`.
+
+#### `LicenseException`
+
+This node represents an exception to a license. See `With`.
+
+#### `With`
+
+This node represents a license with an SPDX-defined license exception, e.g. `Spdx.parse("GPL-2.0-or-later WITH Bison-exception-2.2")`. This node has two extra methods, `license` and `exception`, which return the nodes for the license portion of the expression and the exception portion of the expression, respectively.
+
+#### `LogicalAnd`
+
+This node represents an "AND" expression, e.g. `Spdx.parse("LGPL-2.1-only AND MIT")`. This node has two extra methods, `left` and `right`, which return the node for the left side of the expression and the node for the right side of the expression, respectively. Any node can be the child of `LogicalAnd`, including `LogicalAnd`/`LogicalOr`.
+
+`Spdx.parse("(MIT AND GPL-1.0) OR MPL-2.0 AND Apache-2.0")` would result in the following tree:
+
+```txt
+LogicalOr
+├── LogicalAnd
+│   ├── License (MIT)
+│   └── License (GPL-1.0)
+└── LogicalAnd
+    ├── License (MPL-2.0)
+    └── License Apache-2.0
 ```
 
+#### `LogicalOr`
+
+The same as `LogicalAnd`, but for "OR" expressions.
+
 ## Testing
 
 Run the tests with:
 
-    $ bundle exec rake
+```sh
+bundle exec rspec
+```
 
 ## Contributing
 

data/exceptions.json

@@ -1,6 +1,6 @@
 {
-  "licenseListVersion": "3.8-126-gff8ed78",
-  "releaseDate": "2020-05-15",
+  "licenseListVersion": "3.10-24-gd78ad74",
+  "releaseDate": "2020-11-05",
   "exceptions": [
     {
       "reference": "./GCC-exception-2.0.html",

data/lib/spdx.rb

@@ -1,187 +1,12 @@
 # frozen_string_literal: true
 
 require "spdx/version"
-require "fuzzy_match"
 require "spdx_parser"
 require "json"
 require_relative "exception"
 require_relative "license"
 
-# Fuzzy matcher for licenses to SPDX standard licenses
 module Spdx
-  def self.find(name)
-    name = name.strip
-    return nil if commercial?(name)
-    return nil if non_spdx?(name)
-
-    search(name)
-  end
-
-  def self.search(name)
-    lookup(name) ||
-      find_by_special_case(name) ||
-      closest(name)
-  end
-
-  def self.commercial?(name)
-    name.casecmp("commercial").zero?
-  end
-
-  def self.non_spdx?(name)
-    ["standard pil license"].include? name.downcase
-  end
-
-  def self.lookup(name)
-    return false if name.nil?
-    return lookup_license(name) if license_exists?(name)
-
-    lowercase = licenses.keys.sort.find { |k| k.casecmp(name).zero? }
-    lookup_license(lowercase) if lowercase
-  end
-
-  def self.closest(name)
-    name.gsub!(/#{stop_words.join('|')}/i, "")
-    name.gsub!(/(\d)/, ' \1 ')
-    best_match = fuzzy_match(name)
-    return nil unless best_match
-
-    lookup(best_match) || find_by_name(best_match)
-  end
-
-  def self.matches(name, max_distance = 40)
-    names.map { |key| [key, Text::Levenshtein.distance(name, key)] }
-      .select { |arr| arr[1] <= max_distance }
-      .sort_by { |arr| arr[1] }
-  end
-
-  def self.fuzzy_match(name)
-    FuzzyMatch.new(names).find(name, must_match_at_least_one_word: true)
-  end
-
-  def self.stop_words
-    %w[version software the or right all]
-  end
-
-  def self.find_by_name(name)
-    match = licenses.find { |_k, v| v["name"] == name }
-    lookup(match[0]) if match
-  end
-
-  def self.find_by_special_case(name)
-    gpl = gpl_match(name)
-    return gpl if gpl
-
-    lookup(special_cases[name.downcase.strip])
-  end
-
-  def self.gpl_match(name)
-    match = name.match(/^(l|a)?gpl-?\s?_?v?(1|2|3)\.?(\d)?(\+)?$/i)
-    return unless match
-
-    lookup "#{match[1]}GPL-#{match[2]}.#{match[3] || 0}#{match[4]}"
-  end
-
-  def self.special_cases
-    {
-      "perl_5" => "Artistic-1.0-Perl",
-      "bsd3" => "BSD-3-Clause",
-      "bsd" => "BSD-3-Clause",
-      "bsd license" => "BSD-3-Clause",
-      "new bsd license" => "BSD-3-Clause",
-      "gnu gpl v2" => "GPL-2.0-only",
-      "gpl" => "GPL-2.0+",
-      "gpl-2 | gpl-3 [expanded from: gpl (≥ 2.0)]" => "GPL-2.0+",
-      "gpl-2 | gpl-3 [expanded from: gpl]" => "GPL-2.0+",
-      "gpl-2 | gpl-3 [expanded from: gpl (≥ 2)]" => "GPL-2.0+",
-      "gpl-2 | gpl-3" => "GPL-2.0+",
-      "gplv2 or later" => "GPL-2.0+",
-      "the gpl v3" => "GPL-3.0",
-      "gpl (≥ 3)" => "GPL-3.0+",
-      "mpl2.0" => "mpl-2.0",
-      "mpl1" => "mpl-1.0",
-      "mpl1.0" => "mpl-1.0",
-      "mpl1.1" => "mpl-1.1",
-      "mpl2" => "mpl-2.0",
-      "gnu lesser general public license" => "LGPL-2.1+",
-      "lgplv2 or later" => "LGPL-2.1+",
-      "gpl2 w/ cpe" => "GPL-2.0-with-classpath-exception",
-      "new bsd license (gpl-compatible)" => "BSD-3-Clause",
-      "public domain" => "Unlicense",
-      "cc0" => "CC0-1.0",
-      "artistic_2" => "Artistic-2.0",
-      "artistic_1" => "Artistic-1.0",
-      "alv2" => "Apache-2.0",
-      "asl" => "Apache-2.0",
-      "asl 2.0" => "Apache-2.0",
-      "mpl 2.0" => "MPL-2.0",
-      "publicdomain" => "Unlicense",
-      "unlicensed" => "Unlicense",
-      "psfl" => "Python-2.0",
-      "psf" => "Python-2.0",
-      "psf 2" => "Python-2.0",
-      "psf 2.0" => "Python-2.0",
-      "asl2" => "Apache-2.0",
-      "al2" => "Apache-2.0",
-      "aslv2" => "Apache-2.0",
-      "apache_2_0" => "Apache-2.0",
-      "apache_v2" => "Apache-2.0",
-      "zpl 1.1" => "ZPL-1.1",
-      "zpl 2.0" => "ZPL-2.0",
-      "zpl 2.1" => "ZPL-2.1",
-      "lgpl_2_1" => "LGPL-2.1",
-      "lgpl_v2_1" => "LGPL-2.1",
-      "lgpl version 3" => "LGPL-3.0",
-      "gnu lgpl v3+" => "LGPL-3.0",
-      "gnu lgpl" => "LGPL-2.1+",
-      "cc by-sa 4.0" => "CC-BY-SA-4.0",
-      "cc by-nc-sa 3.0" => "CC-BY-NC-SA-3.0",
-      "cc by-sa 3.0" => "CC-BY-SA-3.0",
-      "mpl v2.0" => "MPL-2.0",
-      "mplv2.0" => "MPL-2.0",
-      "mplv2" => "MPL-2.0",
-      "cpal v1.0" => "CPAL-1.0",
-      "cddl 1.0" => "CDDL-1.0",
-      "cddl 1.1" => "CDDL-1.1",
-      "epl" => "EPL-1.0",
-      "mit-license" => "MIT",
-      "(mit or x11)" => "MIT",
-      "iscl" => "ISC",
-      "wtf" => "WTFPL",
-      "2-clause bsdl" => "BSD-2-clause",
-      "3-clause bsdl" => "BSD-3-clause",
-      "2-clause bsd" => "BSD-2-clause",
-      "3-clause bsd" => "BSD-3-clause",
-      "bsd 3-clause" => "BSD-3-clause",
-      "bsd 2-clause" => "BSD-2-clause",
-      "two-clause bsd-style license" => "BSD-2-clause",
-      "bsd style" => "BSD-3-clause",
-      "cc0 1.0 universal (cc0 1.0) public domain dedication" => "CC0-1.0",
-      "common development and distribution license 1.0 (cddl-1.0)" => "CDDL-1.0",
-      "european union public licence 1.0 (eupl 1.0)" => "EUPL-1.0",
-      "european union public licence 1.1 (eupl 1.1)" => "EUPL-1.1",
-      "european union public licence 1.2 (eupl 1.2)" => "EUPL-1.2",
-      "vovida software license 1.0" => "VSL-1.0",
-      "w3c license" => "W3C",
-      "zlib/libpng license" => "zlib-acknowledgement",
-      "gnu general public license (gpl)" => "GPL-2.0+",
-      "gnu general public license v2 (gplv2)" => "GPL-2.0",
-      "gnu general public license v2 or later (gplv2+)" => "GPL-2.0+",
-      "gnu general public license v3 (gplv3)" => "GPL-3.0",
-      "gnu general public license v3 or later (gplv3+)" => "GPL-3.0+",
-      "gnu lesser general public license v2 (lgplv2)" => "LGPL-2.0",
-      "gnu lesser general public license v2 or later (lgplv2+)" => "LGPL-2.0+",
-      "gnu lesser general public license v3 (lgplv3)" => "LGPL-3.0",
-      "gnu lesser general public license v3 or later (lgplv3+)" => "LGPL-3.0+",
-      "gnu library or lesser general public license (lgpl)" => "LGPL-2.0+",
-      "netscape public License (npl)" => "NPL-1.1",
-      "apache software license" => "Apache-2.0",
-      "academic free license (afl)" => "AFL-3.0",
-      "gnu free documentation license (fdl)" => "GFDL-1.3",
-      "sun industry standards source license (sissl)" => "SISSL-1.2",
-      "zope public license" => "ZPL-2.1",
-    }
-  end
-
   def self.names
     (licenses.keys + licenses.map { |_k, v| v["name"] }).sort
   end
@@ -190,6 +15,7 @@ module Spdx
     unless defined?(@exceptions)
       data = JSON.parse(File.read(File.expand_path("../exceptions.json", __dir__)))
       @exceptions = {}
+
       data["exceptions"].each do |details|
         id = details.delete("licenseExceptionId")
         @exceptions[id] = details
@@ -199,27 +25,18 @@ module Spdx
   end
 
   def self.license_exists?(id)
-    licenses.key?(id.to_s)
-  end
-
-  def self.lookup_license(id)
-    json = licenses[id.to_s]
-    Spdx::License.new(id.to_s, json["name"], json["isOsiApproved"]) if json
-  end
-
-  def self.lookup_exception(id)
-    json = exceptions[id.to_s]
-    Spdx::Exception.new(id.to_s, json["name"], json["isDeprecatedLicenseId"]) if json
+    licenses.key?(id.to_s) || licenses_downcase.key?(id.to_s.downcase)
   end
 
   def self.exception_exists?(id)
-    exceptions.key?(id.to_s)
+    exceptions.key?(id.to_s) || exceptions_downcase.key?(id.to_s.downcase)
   end
 
   def self.licenses
     unless defined?(@licenses)
       data = JSON.parse(File.read(File.expand_path("../licenses.json", __dir__)))
       @licenses = {}
+
       data["licenses"].each do |details|
         id = details.delete("licenseId")
         @licenses[id] = details
@@ -228,7 +45,70 @@ module Spdx
     @licenses
   end
 
-  def self.valid_spdx?(spdx_string)
+  def self.licenses_downcase
+    unless defined?(@licenses_downcase)
+      @licenses_downcase = {}
+      licenses.keys.each { |key| @licenses_downcase[key.downcase] = key }
+    end
+    @licenses_downcase
+  end
+
+  def self.exceptions_downcase
+    unless defined?(@exceptions_downcase)
+      @exceptions_downcase = {}
+      exceptions.keys.each { |key| @exceptions_downcase[key.downcase] = key }
+    end
+    @exceptions_downcase
+  end
+
+  def self.normalize(spdx_string, top_level_parens: false)
+    normalize_tree(SpdxParser.parse(spdx_string), parens: top_level_parens)
+  end
+
+  private_class_method def self.normalize_tree(node, parens: true)
+    case node
+    when SpdxGrammar::LogicalAnd
+      left = normalize_tree(node.left)
+      right = normalize_tree(node.right)
+      if parens
+        "(#{left} AND #{right})"
+      else
+        "#{left} AND #{right}"
+      end
+    when SpdxGrammar::LogicalOr
+      left = normalize_tree(node.left)
+      right = normalize_tree(node.right)
+      if parens
+        "(#{left} OR #{right})"
+      else
+        "#{left} OR #{right}"
+      end
+    when SpdxGrammar::With
+      license = normalize_tree(node.license)
+      exception = normalize_tree(node.exception)
+      if parens
+        "(#{license} WITH #{exception})"
+      else
+        "#{license} WITH #{exception}"
+      end
+    when SpdxGrammar::None
+      "NONE"
+    when SpdxGrammar::NoAssertion
+      "NOASSERTION"
+    when SpdxGrammar::License
+      licenses_downcase[node.text_value.downcase]
+    when SpdxGrammar::LicensePlus
+      "#{normalize_tree(node.child)}+"
+    when SpdxGrammar::LicenseRef
+      node.text_value
+    when SpdxGrammar::DocumentRef
+      node.text_value
+    when SpdxGrammar::LicenseException
+      exceptions_downcase[node.text_value.downcase]
+    end
+  end
+
+  def self.valid?(spdx_string)
     return false unless spdx_string.is_a?(String)
 
     SpdxParser.parse(spdx_string)
@@ -237,7 +117,7 @@ module Spdx
     false
   end
 
-  def self.parse_spdx(spdx_string)
+  def self.parse(spdx_string)
     SpdxParser.parse(spdx_string)
   end
 end

data/lib/spdx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spdx
-  VERSION = "2.0.11"
+  VERSION = "4.0.0"
 end

data/lib/spdx_grammar.rb

@@ -1,19 +1,40 @@
 # frozen_string_literal: true
 
 module SpdxGrammar
-  class CompoundExpression < Treetop::Runtime::SyntaxNode
+  class LogicalBinary < Treetop::Runtime::SyntaxNode
+    # Used internally
+
     def licenses
-      elements[0].licenses
+      (left.licenses + right.licenses).uniq
+    end
+
+    def left
+      elements[0]
+    end
+
+    def right
+      elements[1]
     end
   end
 
-  class LogicalOr < Treetop::Runtime::SyntaxNode
+  class LogicalAnd < LogicalBinary
   end
 
-  class LogicalAnd < Treetop::Runtime::SyntaxNode
+  class LogicalOr < LogicalBinary
   end
 
   class With < Treetop::Runtime::SyntaxNode
+    def licenses
+      license.licenses
+    end
+
+    def license
+      elements[0]
+    end
+
+    def exception
+      elements[1]
+    end
   end
 
   class None < Treetop::Runtime::SyntaxNode
@@ -30,20 +51,44 @@ module SpdxGrammar
 
   class License < Treetop::Runtime::SyntaxNode
     def licenses
-      text_value
+      [text_value]
     end
   end
 
-  class LicenseException < Treetop::Runtime::SyntaxNode
-    # TODO: actually do license exceptions
+  class LicensePlus < Treetop::Runtime::SyntaxNode
+    def licenses
+      child.licenses
+    end
+
+    def child
+      elements[0]
+    end
   end
 
-  class Body < Treetop::Runtime::SyntaxNode
+  class LicenseRef < Treetop::Runtime::SyntaxNode
     def licenses
-      elements.map { |node| node.licenses if node.respond_to?(:licenses) }.flatten.uniq.compact
+      [text_value]
     end
   end
 
+  class DocumentRef < Treetop::Runtime::SyntaxNode
+    def licenses
+      [text_value]
+    end
+  end
+
+  class LicenseException < Treetop::Runtime::SyntaxNode
+    # TODO: actually do license exceptions
+  end
+
+  class GroupedExpression < Treetop::Runtime::SyntaxNode
+    # Used internally
+  end
+
+  class Operand < Treetop::Runtime::SyntaxNode
+    # Used internally
+  end
+
   class SpdxParseError < StandardError
   end
 end