Parse Python licenses from LicenseExpression entry in the Wheel Metad…

…ata (#2431) Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
anchore · Dec 14, 2023 · 649d152 · 649d152
1 parent f5d5892
commit 649d152
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/syft/pkg/cataloger/python/package.go b/syft/pkg/cataloger/python/package.go
@@ -59,9 +59,13 @@ func newPackageForRequirementsWithMetadata(name, version string, metadata pkg.Py
 
 func newPackageForPackage(resolver file.Resolver, m parsedData, sources ...file.Location) pkg.Package {
 	var licenseSet pkg.LicenseSet
-	if m.Licenses != "" {
+
+	switch {
+	case m.LicenseExpression != "":
+		licenseSet = pkg.NewLicenseSet(pkg.NewLicensesFromLocation(m.LicenseLocation, m.LicenseExpression)...)
+	case m.Licenses != "":
 		licenseSet = pkg.NewLicenseSet(pkg.NewLicensesFromLocation(m.LicenseLocation, m.Licenses)...)
-	} else if m.LicenseLocation.Path() != "" {
+	case m.LicenseLocation.Path() != "":
 		// If we have a license file then resolve and parse it
 		found, err := resolver.FilesByPath(m.LicenseLocation.Path())
 		if err != nil {
@@ -82,6 +86,7 @@ func newPackageForPackage(resolver file.Resolver, m parsedData, sources ...file.
 			}
 		}
 	}
+
 	p := pkg.Package{
 		Name:      m.Name,
 		Version:   m.Version,

diff --git a/syft/pkg/cataloger/python/parse_wheel_egg_metadata.go b/syft/pkg/cataloger/python/parse_wheel_egg_metadata.go
@@ -18,6 +18,7 @@ import (
 type parsedData struct {
 	Licenses          string `mapstructure:"License"`
 	LicenseFile       string `mapstructure:"LicenseFile"`
+	LicenseExpression string `mapstructure:"LicenseExpression"`
 	LicenseLocation   file.Location
 	pkg.PythonPackage `mapstructure:",squash"`
 }
@@ -81,7 +82,7 @@ func parseWheelOrEggMetadata(path string, reader io.Reader) (parsedData, error)
 	// add additional metadata not stored in the egg/wheel metadata file
 
 	pd.SitePackagesRootPath = determineSitePackagesRootPath(path)
-	if pd.Licenses != "" {
+	if pd.Licenses != "" || pd.LicenseExpression != "" {
 		pd.LicenseLocation = file.NewLocation(path)
 	} else if pd.LicenseFile != "" {
 		pd.LicenseLocation = file.NewLocation(filepath.Join(filepath.Dir(path), pd.LicenseFile))

diff --git a/syft/pkg/cataloger/python/parse_wheel_egg_metadata_test.go b/syft/pkg/cataloger/python/parse_wheel_egg_metadata_test.go
@@ -20,6 +20,7 @@ func TestParseWheelEggMetadata(t *testing.T) {
 			ExpectedMetadata: parsedData{
 				"Apache 2.0",
 				"",
+				"",
 				file.NewLocation("test-fixtures/egg-info/PKG-INFO"),
 				pkg.PythonPackage{
 					Name:                 "requests",
@@ -36,6 +37,7 @@ func TestParseWheelEggMetadata(t *testing.T) {
 			ExpectedMetadata: parsedData{
 				"BSD License",
 				"",
+				"",
 				file.NewLocation("test-fixtures/dist-info/METADATA"),
 				pkg.PythonPackage{
 					Name:                 "Pygments",
@@ -136,6 +138,7 @@ func TestParseWheelEggMetadataInvalid(t *testing.T) {
 		{
 			Fixture: "test-fixtures/egg-info/PKG-INFO-INVALID",
 			ExpectedMetadata: parsedData{
+				"",
 				"",
 				"",
 				file.Location{},