From 38cc437aba4b0ac8d81c21056d923c0bd8647411 Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Thu, 28 Mar 2024 16:27:20 +0100
Subject: [PATCH] fix(scancode): Use SPDX expressions for file matches if
 present

Make use of a new field added with ScanCode 32.1.0 in output file format
3.1.0.

Note that in the per-file `detectedLicenseExpression(Spdx)` fields
ScanCode seems to consolidate e.g. separate `gpl-2.0` and `gpl-2.0-plus`
matches to just `gpl-2.0-plus`, which seems to be a bug in ScanCode.
This is why this change also needs to update a test where previous the
ScanCode key to SPDX ID mapping did not succeed if ScanCode was run
without `--license-references`.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 .../scancode/src/main/kotlin/ScanCodeResultModel.kt        | 1 +
 .../scancode/src/main/kotlin/ScanCodeResultModelMapper.kt  | 7 ++++++-
 .../scancode/src/test/kotlin/ScanCodeResultParserTest.kt   | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModel.kt b/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModel.kt
index 988c7c131112c..8dd890891c1ef 100644
--- a/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModel.kt
+++ b/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModel.kt
@@ -158,6 +158,7 @@ sealed interface LicenseEntry {
         override val startLine: Int,
         override val endLine: Int,
         override val licenseExpression: String,
+        val spdxLicenseExpression: String? = null, // This might be missing in JSON.
         val fromFile: String? = null // This might be missing in JSON.
     ) : LicenseEntry
 }
diff --git a/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModelMapper.kt b/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModelMapper.kt
index 42643baa41fbb..d064c8fa7c009 100644
--- a/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModelMapper.kt
+++ b/plugins/scanners/scancode/src/main/kotlin/ScanCodeResultModelMapper.kt
@@ -112,7 +112,12 @@ fun ScanCodeResult.toScanSummary(preferFileLicense: Boolean = false): ScanSummar
         } else {
             licenses.mapTo(licenseFindings) { license ->
                 // ScanCode uses its own license keys as identifiers in license expressions.
-                val spdxLicenseExpression = license.licenseExpression.mapLicense(scanCodeKeyToSpdxIdMappings)
+                val spdxLicenseExpression = when {
+                    license is LicenseEntry.Version3 && license.spdxLicenseExpression != null -> {
+                        license.spdxLicenseExpression
+                    }
+                    else -> license.licenseExpression.mapLicense(scanCodeKeyToSpdxIdMappings)
+                }
 
                 LicenseFinding(
                     license = spdxLicenseExpression,
diff --git a/plugins/scanners/scancode/src/test/kotlin/ScanCodeResultParserTest.kt b/plugins/scanners/scancode/src/test/kotlin/ScanCodeResultParserTest.kt
index 34f9f0b798128..e55c939b58e0e 100644
--- a/plugins/scanners/scancode/src/test/kotlin/ScanCodeResultParserTest.kt
+++ b/plugins/scanners/scancode/src/test/kotlin/ScanCodeResultParserTest.kt
@@ -166,7 +166,7 @@ class ScanCodeResultParserTest : FreeSpec({
                         score = 96.69f
                     ),
                     LicenseFinding(
-                        license = "LGPL-2.1-only AND gpl-2.0 AND gpl-3.0",
+                        license = "LGPL-2.1-only AND GPL-2.0-only AND GPL-3.0-only",
                         location = TextLocation("COPYING", 52, 55),
                         score = 100.0f
                     ),