spdx 3.0.0 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +71 -5
  3. data/exceptions.json +2 -2
  4. data/lib/spdx.rb +49 -4
  5. data/lib/spdx/version.rb +1 -1
  6. data/lib/spdx_grammar.rb +46 -10
  7. data/lib/spdx_parser.rb +37 -8
  8. data/lib/spdx_parser.treetop +27 -18
  9. data/licenses.json +472 -447
  10. data/spdx.gemspec +1 -2
  11. data/spec/spdx_spec.rb +112 -27
  12. metadata +4 -18
data/spdx.gemspec CHANGED
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
9
9
  spec.version = Spdx::VERSION
10
10
  spec.authors = ["Tidelift, Inc."]
11
11
  spec.email = ["support@tidelift.com"]
12
- spec.summary = "A SPDX license normalizer"
12
+ spec.summary = "A SPDX license parser"
13
13
  spec.homepage = "https://github.com/librariesio/spdx"
14
14
  spec.license = "MIT"
15
15
 
@@ -18,7 +18,6 @@ Gem::Specification.new do |spec|
18
18
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
19
  spec.require_paths = ["lib"]
20
20
 
21
- spec.add_dependency "fuzzy_match", "~> 2.1"
22
21
  spec.add_dependency "treetop", "~> 1.6"
23
22
  spec.add_development_dependency "bundler"
24
23
  spec.add_development_dependency "pry"
data/spec/spdx_spec.rb CHANGED
@@ -4,61 +4,146 @@ require "spec_helper"
4
4
 
5
5
  describe Spdx do
6
6
  context "spdx parsing" do
7
- context "valid_spdx?" do
7
+ context "parse" do
8
+ it "handles bad input" do
9
+ expect { Spdx.parse(nil) }.to raise_error(SpdxGrammar::SpdxParseError)
10
+ expect { Spdx.parse("") }.to raise_error(SpdxGrammar::SpdxParseError)
11
+ end
12
+ it "parses into respective classes" do
13
+ expect(Spdx.parse("MIT")).to be_an_instance_of(SpdxGrammar::License)
14
+ expect(Spdx.parse("MIT AND Apache-2.0")).to be_an_instance_of(SpdxGrammar::LogicalAnd)
15
+ expect(Spdx.parse("(MIT AND Apache-2.0)")).to be_an_instance_of(SpdxGrammar::LogicalAnd)
16
+ expect(Spdx.parse("MIT OR Apache-2.0")).to be_an_instance_of(SpdxGrammar::LogicalOr)
17
+ expect(Spdx.parse("MIT AND Apache-2.0").left).to be_an_instance_of(SpdxGrammar::License)
18
+ expect(Spdx.parse("MIT AND Apache-2.0").right).to be_an_instance_of(SpdxGrammar::License)
19
+ expect(Spdx.parse("MIT+")).to be_an_instance_of(SpdxGrammar::LicensePlus)
20
+ expect(Spdx.parse("LicenseRef-MIT-style-1")).to be_an_instance_of(SpdxGrammar::LicenseRef)
21
+ expect(Spdx.parse("DocumentRef-something-1:LicenseRef-MIT-style-1")).to be_an_instance_of(SpdxGrammar::DocumentRef)
22
+ expect(Spdx.parse("GPL-2.0-only WITH Classpath-exception-2.0")).to be_an_instance_of(SpdxGrammar::With)
23
+ expect(Spdx.parse("GPL-2.0-only WITH Classpath-exception-2.0").license).to be_an_instance_of(SpdxGrammar::License)
24
+ expect(Spdx.parse("GPL-2.0-only WITH Classpath-exception-2.0").exception).to be_an_instance_of(SpdxGrammar::LicenseException)
25
+ expect(Spdx.parse("NONE")).to be_an_instance_of(SpdxGrammar::None)
26
+ expect(Spdx.parse("NOASSERTION")).to be_an_instance_of(SpdxGrammar::NoAssertion)
27
+ end
28
+ end
29
+ context "valid?" do
8
30
  it "returns false for invalid spdx" do
9
- expect(Spdx.valid_spdx?("AND AND")).to be false
10
- expect(Spdx.valid_spdx?("MIT OR MIT AND OR")).to be false
11
- expect(Spdx.valid_spdx?("MIT OR FAKEYLICENSE")).to be false
12
- expect(Spdx.valid_spdx?(nil)).to be false
13
- expect(Spdx.valid_spdx?("")).to be false
14
- expect(Spdx.valid_spdx?("MIT (MIT)")).to be false
31
+ expect(Spdx.valid?("AND AND")).to be false
32
+ expect(Spdx.valid?(" AND ")).to be false
33
+ expect(Spdx.valid?(" WITH ")).to be false
34
+ expect(Spdx.valid?("MIT AND ")).to be false
35
+ expect(Spdx.valid?("MIT OR MIT AND OR")).to be false
36
+ expect(Spdx.valid?("MIT OR FAKEYLICENSE")).to be false
37
+ expect(Spdx.valid?(nil)).to be false
38
+ expect(Spdx.valid?("")).to be false
39
+ expect(Spdx.valid?("MIT (MIT)")).to be false
15
40
  end
16
41
  it "returns true for valid spdx" do
17
- expect(Spdx.valid_spdx?("(MIT OR MPL-2.0)")).to be true
18
- expect(Spdx.valid_spdx?("MIT")).to be true
19
- expect(Spdx.valid_spdx?("((MIT OR AGPL-1.0) AND (MIT OR MPL-2.0))")).to be true
20
- expect(Spdx.valid_spdx?("MIT OR (MIT)")).to be true
42
+ expect(Spdx.valid?("(MIT OR MPL-2.0)")).to be true
43
+ expect(Spdx.valid?("MIT")).to be true
44
+ expect(Spdx.valid?("MIT OR MPL-2.0 AND AGPL-1.0")).to be true
45
+ expect(Spdx.valid?("MIT OR (GPL-1.0 OR MPL-2.0) AND AGPL-1.0")).to be true
46
+ expect(Spdx.valid?("MIT AND MPL-2.0 OR AGPL-1.0")).to be true
47
+ expect(Spdx.valid?("MIT AND (GPL-1.0 OR MPL-2.0) OR AGPL-1.0")).to be true
48
+ expect(Spdx.valid?("MIT OR (DocumentRef-something-1:LicenseRef-MIT-style-1 OR MPL-2.0) AND AGPL-1.0")).to be true
49
+ expect(Spdx.valid?("((MIT OR AGPL-1.0) AND (MIT OR MPL-2.0))")).to be true
50
+ expect(Spdx.valid?("MIT OR (MIT)")).to be true
21
51
  end
22
52
  it "returns true for NONE and NOASSERTION" do
23
- expect(Spdx.valid_spdx?("NONE")).to be true
24
- expect(Spdx.valid_spdx?("(NONE)")).to be false
25
- expect(Spdx.valid_spdx?("NOASSERTION")).to be true
26
- expect(Spdx.valid_spdx?("MIT OR NONE")).to be false
53
+ expect(Spdx.valid?("NONE")).to be true
54
+ expect(Spdx.valid?("(NONE)")).to be false
55
+ expect(Spdx.valid?("NOASSERTION")).to be true
56
+ expect(Spdx.valid?("MIT OR NONE")).to be false
27
57
  end
28
58
  it "returns true for + expression" do
29
- expect(Spdx.valid_spdx?("AGPL-3.0+")).to be true
59
+ expect(Spdx.valid?("AGPL-3.0+")).to be true
30
60
  end
31
61
  it "is case insentive for license ids" do
32
- expect(Spdx.valid_spdx?("mit OR agpl-3.0+")).to be true
62
+ expect(Spdx.valid?("mit OR agpl-3.0+")).to be true
33
63
  end
34
64
  it "handles LicenseRef" do
35
- expect(Spdx.valid_spdx?("MIT OR LicenseRef-MIT-style-1")).to be true
65
+ expect(Spdx.valid?("MIT OR LicenseRef-MIT-style-1")).to be true
36
66
  end
37
67
  it "handles DocumentRef" do
38
- expect(Spdx.valid_spdx?("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1")).to be true
39
- expect(Spdx.valid_spdx?("MIT OR DocumentRef-something-1")).to be false
68
+ expect(Spdx.valid?("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1")).to be true
69
+ expect(Spdx.valid?("MIT OR DocumentRef-something-1")).to be false
40
70
  end
41
71
  end
42
72
  end
73
+ context "normalize" do
74
+ it "normalizes simple licenses" do
75
+ expect(Spdx.normalize("MIT")).to eq "MIT"
76
+ expect(Spdx.normalize("mit")).to eq "MIT"
77
+ expect(Spdx.normalize("MiT")).to eq "MIT"
78
+ expect(Spdx.normalize("(MiT)")).to eq "MIT"
79
+ expect(Spdx.normalize("(((MiT)))")).to eq "MIT"
80
+ expect(Spdx.normalize("LicenseRef-MIT-style-1")).to eq "LicenseRef-MIT-style-1"
81
+ expect(Spdx.normalize("DocumentRef-something-1:LicenseRef-MIT-style-1")).to eq "DocumentRef-something-1:LicenseRef-MIT-style-1"
82
+ expect(Spdx.normalize("Apache-2.0+")).to eq "Apache-2.0+"
83
+ expect(Spdx.normalize("apache-2.0+")).to eq "Apache-2.0+"
84
+ end
85
+ it "normalizes NONE/NOASSERTION" do
86
+ expect(Spdx.normalize("NONE")).to eq "NONE"
87
+ expect(Spdx.normalize("NOASSERTION")).to eq "NOASSERTION"
88
+ end
89
+ it "normalizes boolean expressions" do
90
+ expect(Spdx.normalize("mit AND gPL-2.0")).to eq "MIT AND GPL-2.0"
91
+ expect(Spdx.normalize("mit OR gPL-2.0")).to eq "MIT OR GPL-2.0"
92
+ expect(Spdx.normalize("mit OR gPL-2.0")).to eq "MIT OR GPL-2.0"
93
+
94
+ # With top level parens
95
+ expect(Spdx.normalize("mit AND gPL-2.0", top_level_parens: true)).to eq "(MIT AND GPL-2.0)"
96
+ expect(Spdx.normalize("mit OR gPL-2.0", top_level_parens: true)).to eq "(MIT OR GPL-2.0)"
97
+ expect(Spdx.normalize("mit OR gPL-2.0", top_level_parens: true)).to eq "(MIT OR GPL-2.0)"
98
+
99
+ # Does semantic grouping
100
+ expect(Spdx.normalize("mit OR gPL-2.0 AND apAcHe-2.0+")).to eq "MIT OR (GPL-2.0 AND Apache-2.0+)"
101
+
102
+ # But also preserves original groups
103
+ expect(Spdx.normalize("(mit OR gPL-2.0) AND apAcHe-2.0+")).to eq "(MIT OR GPL-2.0) AND Apache-2.0+"
104
+ end
105
+ it "normalizes WITH expressions" do
106
+ expect(Spdx.normalize("GPL-2.0-only WITH Classpath-exception-2.0")).to eq "GPL-2.0-only WITH Classpath-exception-2.0"
107
+ expect(Spdx.normalize("Gpl-2.0-ONLY WITH ClassPath-exception-2.0")).to eq "GPL-2.0-only WITH Classpath-exception-2.0"
108
+
109
+ # With top level parens
110
+ expect(Spdx.normalize("GPL-2.0-only WITH Classpath-exception-2.0", top_level_parens: true)).to eq "(GPL-2.0-only WITH Classpath-exception-2.0)"
111
+ expect(Spdx.normalize("Gpl-2.0-ONLY WITH ClassPath-exception-2.0", top_level_parens: true)).to eq "(GPL-2.0-only WITH Classpath-exception-2.0)"
112
+
113
+ expect(Spdx.normalize("EPL-2.0 OR (GPL-2.0-only WITH Classpath-exception-2.0)")).to eq "EPL-2.0 OR (GPL-2.0-only WITH Classpath-exception-2.0)"
114
+ expect(Spdx.normalize("epl-2.0 OR (gpl-2.0-only WITH classpath-exception-2.0)")).to eq "EPL-2.0 OR (GPL-2.0-only WITH Classpath-exception-2.0)"
115
+ expect(Spdx.normalize("epl-2.0 OR gpl-2.0-only WITH classpath-exception-2.0")).to eq "EPL-2.0 OR (GPL-2.0-only WITH Classpath-exception-2.0)"
116
+ expect(Spdx.normalize("epl-2.0 OR gpl-2.0-only WITH classpath-exception-2.0 AND mpl-2.0+")).to eq "EPL-2.0 OR ((GPL-2.0-only WITH Classpath-exception-2.0) AND MPL-2.0+)"
117
+ end
118
+ end
43
119
  context "licenses" do
44
120
  it "returns a list of possible licenses" do
45
- expect(Spdx.parse_spdx("MIT OR MPL-2.0").licenses).to eq ["MIT", "MPL-2.0"]
121
+ expect(Spdx.parse("MIT").licenses).to eq ["MIT"]
122
+ expect(Spdx.parse("MIT OR MPL-2.0").licenses).to eq ["MIT", "MPL-2.0"]
123
+ expect(Spdx.parse("MIT OR MPL-2.0+").licenses).to eq ["MIT", "MPL-2.0+"]
124
+ expect(Spdx.parse("GPL-2.0-only WITH Classpath-exception-2.0").licenses).to eq ["GPL-2.0-only"]
46
125
  end
47
126
  it "returns empty array for NONE or NOASSERTION" do
48
- expect(Spdx.parse_spdx("NONE").licenses).to eq []
49
- expect(Spdx.parse_spdx("NOASSERTION").licenses).to eq []
127
+ expect(Spdx.parse("NONE").licenses).to eq []
128
+ expect(Spdx.parse("NOASSERTION").licenses).to eq []
129
+ end
130
+ it "returns LicenseRefs" do
131
+ expect(Spdx.parse("MIT OR LicenseRef-MIT-style-1").licenses).to eq %w[MIT LicenseRef-MIT-style-1]
132
+ end
133
+ it "returns DocumentRefs" do
134
+ expect(Spdx.parse("MIT OR DocumentRef-something-1:LicenseRef-MIT-style-1").licenses).to eq %w[MIT DocumentRef-something-1:LicenseRef-MIT-style-1]
50
135
  end
51
136
  end
52
137
 
53
138
  context "exceptions" do
54
- it "parses a valid spdx with expression" do
55
- expect(Spdx.valid_spdx?("EPL-2.0 OR (GPL-2.0-only WITH Classpath-exception-2.0)")).to be true
139
+ it "parses a valid spdx WITH expression" do
140
+ expect(Spdx.valid?("EPL-2.0 OR (GPL-2.0-only WITH Classpath-exception-2.0)")).to be true
56
141
  end
57
142
  it "returns false for a license in the exception spot" do
58
- expect(Spdx.valid_spdx?("EPL-2.0 OR (GPL-2.0-only WITH AGPL-3.0)")).to be false
143
+ expect(Spdx.valid?("EPL-2.0 OR (GPL-2.0-only WITH AGPL-3.0)")).to be false
59
144
  end
60
145
  it "provides full details for a parse error" do
61
- expect { Spdx.parse_spdx("MIT OR ((WHAT)") }.to raise_error(SpdxGrammar::SpdxParseError, "Unable to parse expression '(MIT OR ((WHAT))'. Parse error at offset: 0")
146
+ expect { Spdx.parse("MIT OR ((WHAT)") }.to raise_error(SpdxGrammar::SpdxParseError, "Unable to parse expression 'MIT OR ((WHAT)'. Parse error at offset: 3")
62
147
  end
63
148
  end
64
149
  end
metadata CHANGED
@@ -1,29 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spdx
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 4.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tidelift, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-10 00:00:00.000000000 Z
11
+ date: 2021-02-09 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: fuzzy_match
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '2.1'
20
- type: :runtime
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '2.1'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: treetop
29
15
  requirement: !ruby/object:Gem::Requirement
@@ -161,10 +147,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
161
147
  - !ruby/object:Gem::Version
162
148
  version: '0'
163
149
  requirements: []
164
- rubygems_version: 3.0.8
150
+ rubygems_version: 3.1.2
165
151
  signing_key:
166
152
  specification_version: 4
167
- summary: A SPDX license normalizer
153
+ summary: A SPDX license parser
168
154
  test_files:
169
155
  - spec/spdx_spec.rb
170
156
  - spec/spec_helper.rb