From e5e0f3f47135eae01852b5ce9329478a1d90dac2 Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Thu, 7 Dec 2023 17:11:10 +0100
Subject: [PATCH] fix(evaluator): Apply excludes before lookups in the OSADL
 matrix

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 evaluator/src/main/resources/rules/osadl.rules.kts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/evaluator/src/main/resources/rules/osadl.rules.kts b/evaluator/src/main/resources/rules/osadl.rules.kts
index b825668927273..98c2d21d4f3ad 100644
--- a/evaluator/src/main/resources/rules/osadl.rules.kts
+++ b/evaluator/src/main/resources/rules/osadl.rules.kts
@@ -37,11 +37,16 @@ val ruleSet = ruleSet(ortResult, licenseInfoResolver) {
             -isExcluded()
         }
 
-        val projectLicenseInfo = licenseInfoResolver.resolveLicenseInfo(project.id).filter(licenseView)
+        val projectLicenseInfo = licenseInfoResolver.resolveLicenseInfo(project.id).filter(licenseView).filterExcluded()
         val outboundLicenses = projectLicenseInfo.licenses.map { it.license }
 
         // Define a rule that is executed for each license of the dependency.
         licenseRule("OSADL_PROJECT_LICENSE_COMPATIBILITY", licenseView) {
+            // Requirements for the rule to trigger a violation.
+            require {
+                -isExcluded()
+            }
+
             outboundLicenses.forEach { outboundLicense ->
                 val compatibilityInfo = CompatibilityMatrix
                     // Be conservative and use the simple license string without the exception string for lookup.