fix(scancode): Use SPDX expressions for file matches if present

Make use of a new field added with ScanCode 32.1.0 in output file format 3.1.0. Note that in the per-file `detectedLicenseExpression(Spdx)` fields ScanCode seems to consolidate e.g. separate `gpl-2.0` and `gpl-2.0-plus` matches to just `gpl-2.0-plus`, which seems to be a bug in ScanCode. This is why this change also needs to update a test where previous the ScanCode key to SPDX ID mapping did not succeed if ScanCode was run without `--license-references`. Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · Apr 2, 2024 · 38cc437 · 38cc437
1 parent d690060
commit 38cc437
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModel.kt b/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModel.kt
@@ -158,6 +158,7 @@ sealed interface LicenseEntry {
         override val startLine: Int,
         override val endLine: Int,
         override val licenseExpression: String,
+        val spdxLicenseExpression: String? = null, // This might be missing in JSON.
         val fromFile: String? = null // This might be missing in JSON.
     ) : LicenseEntry
 }

diff --git a/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModelMapper.kt b/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModelMapper.kt
@@ -112,7 +112,12 @@ fun ScanCodeResult.toScanSummary(preferFileLicense: Boolean = false): ScanSummar
         } else {
             licenses.mapTo(licenseFindings) { license ->
                 // ScanCode uses its own license keys as identifiers in license expressions.
-                val spdxLicenseExpression = license.licenseExpression.mapLicense(scanCodeKeyToSpdxIdMappings)
+                val spdxLicenseExpression = when {
+                    license is LicenseEntry.Version3 && license.spdxLicenseExpression != null -> {
+                        license.spdxLicenseExpression
+                    }
+                    else -> license.licenseExpression.mapLicense(scanCodeKeyToSpdxIdMappings)
+                }
 
                 LicenseFinding(
                     license = spdxLicenseExpression,

diff --git a/plugins/scanners/scancode/src/test/kotlin/ScanCodeResultParserTest.kt b/plugins/scanners/scancode/src/test/kotlin/ScanCodeResultParserTest.kt
@@ -166,7 +166,7 @@ class ScanCodeResultParserTest : FreeSpec({
                         score = 96.69f
                     ),
                     LicenseFinding(
-                        license = "LGPL-2.1-only AND gpl-2.0 AND gpl-3.0",
+                        license = "LGPL-2.1-only AND GPL-2.0-only AND GPL-3.0-only",
                         location = TextLocation("COPYING", 52, 55),
                         score = 100.0f
                     ),