Commit a8077f3c authored by mo khan's avatar mo khan

Fallback to matching policy on license name

When the `spdx_identifier` is not specified
for a license in the `software_licenses` table
then the diff should match based on the
name of the license that was detected.

* Change the premade license reports used for testing to Apache 2.0
* Update License Compliance end to end tests
* Update qa fixture to use v2.1 report format
parent f6adacd5
...@@ -46,7 +46,10 @@ module SCA ...@@ -46,7 +46,10 @@ module SCA
.diff_with(other.license_scan_report) .diff_with(other.license_scan_report)
.transform_values do |reported_licenses| .transform_values do |reported_licenses|
reported_licenses.map do |reported_license| reported_licenses.map do |reported_license|
build_policy(reported_license, known_policies[reported_license.canonical_id]) matching_license_policy =
known_policies[reported_license.canonical_id] ||
known_policies[reported_license&.name&.downcase]
build_policy(reported_license, matching_license_policy)
end end
end end
end end
......
---
title: Fallback to matching policies on license name
merge_request: 43488
author:
type: fixed
...@@ -417,6 +417,18 @@ RSpec.describe SCA::LicenseCompliance do ...@@ -417,6 +417,18 @@ RSpec.describe SCA::LicenseCompliance do
specify { expect(subject[:added].count).to eq(3) } specify { expect(subject[:added].count).to eq(3) }
specify { expect(subject[:removed]).to be_empty } specify { expect(subject[:removed]).to be_empty }
specify { expect(subject[:unchanged]).to be_empty } specify { expect(subject[:unchanged]).to be_empty }
context "when a software license record does not have an spdx identifier" do
let(:license_name) { 'MIT License' }
let!(:policy) { create(:software_license_policy, :allowed, project: project, software_license: create(:software_license, name: license_name)) }
it "falls back to matching detections based on name rather than spdx id" do
mit = subject[:added].find { |item| item.name == license_name }
expect(mit).to be_present
expect(mit.classification).to eql('allowed')
end
end
end end
end end
end end
{ {
"version": "2.0", "version": "2.1",
"licenses": [ "licenses": [
{ {
"id": "WTFPL", "id": "Apache-2.0",
"name": "WTFPL License", "name": "Apache License 2.0",
"url": "http://www.wtfpl.net/", "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
"count": 1
} }
], ],
"dependencies": [ "dependencies": [
{ {
"name": "wtfpl_init", "name": "test_dependency",
"licenses": [ "version": "0.1.0",
"WTFPL" "package_manager": "bundler",
], "path": "Gemfile.lock",
"url": "https://rubygems.org/gems/wtfpl_init", "licenses": ["Apache-2.0"]
"description": "Download WTFPL license file and rename to LICENSE.md or something",
"paths": [
"."
]
} }
] ]
} }
{ {
"version": "2.0", "version": "2.1",
"licenses": [{ "licenses": [
"id": "WTFPL", {
"name": "WTFPL", "id": "Apache-2.0",
"url": "http://www.wtfpl.net/", "name": "Apache License 2.0",
"count": 1 "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
}, },
{ {
"id": "MIT", "id": "MIT",
"name": "MIT License", "name": "MIT License",
"url": "https://opensource.org/licenses/MIT", "url": "https://opensource.org/licenses/MIT"
"count": 1 }
} ],
], "dependencies": [
"dependencies": [{ {
"name": "wtfpl_init", "name": "actioncable",
"licenses": [ "version": "6.0.3.3",
"WTFPL" "package_manager": "bundler",
], "path": "Gemfile.lock",
"url": "https://rubygems.org/gems/wtfpl_init", "licenses": ["MIT"]
"description": "Download WTFPL license file and rename to LICENSE.md or something",
"paths": [
"."
]
}, },
{ {
"name": "actioncable", "name": "test_package",
"licenses": [ "version": "0.1.0",
"MIT" "package_manager": "bundler",
], "path": "Gemfile.lock",
"url": "http://rubyonrails.org", "licenses": ["Apache-2.0"]
"description": "WebSocket framework for Rails.", }
"paths": [ ]
"." }
]
}
]
}
...@@ -5,7 +5,7 @@ require 'pathname' ...@@ -5,7 +5,7 @@ require 'pathname'
module QA module QA
RSpec.describe 'Secure', :runner do RSpec.describe 'Secure', :runner do
let(:approved_license_name) { "MIT License" } let(:approved_license_name) { "MIT License" }
let(:denied_license_name) { "WTFPL" } let(:denied_license_name) { "Apache License 2.0" }
describe 'License Compliance page' do describe 'License Compliance page' do
after(:all) do after(:all) do
......
...@@ -5,8 +5,8 @@ require 'pathname' ...@@ -5,8 +5,8 @@ require 'pathname'
module QA module QA
RSpec.describe 'Secure', :runner do RSpec.describe 'Secure', :runner do
describe 'License merge request widget' do describe 'License merge request widget' do
let(:approved_license_name) { "MIT" } let(:approved_license_name) { "MIT License" }
let(:denied_license_name) { "Zlib" } let(:denied_license_name) { "zlib License" }
let(:executor) {"qa-runner-#{Time.now.to_i}"} let(:executor) {"qa-runner-#{Time.now.to_i}"}
after do after do
...@@ -51,9 +51,9 @@ module QA ...@@ -51,9 +51,9 @@ module QA
"version": "2.1", "version": "2.1",
"licenses": [ "licenses": [
{ {
"id": "WTFPL", "id": "Apache-2.0",
"name": "Do What The F*ck You Want To Public License", "name": "Apache License 2.0",
"url": "http://www.wtfpl.net/about/" "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
}, },
{ {
"id": "MIT", "id": "MIT",
...@@ -75,14 +75,14 @@ module QA ...@@ -75,14 +75,14 @@ module QA
"licenses": ["MIT"] "licenses": ["MIT"]
}, },
{ {
"name": "wtfpl_init", "name": "test_package",
"version": "0.1.0", "version": "0.1.0",
"package_manager": "bundler", "package_manager": "bundler",
"path": "Gemfile.lock", "path": "Gemfile.lock",
"licenses": ["WTFPL"] "licenses": ["Apache-2.0"]
}, },
{ {
"name": "Zlib", "name": "zlib",
"version": "1.2.11", "version": "1.2.11",
"package_manager": "bundler", "package_manager": "bundler",
"path": "Gemfile.lock", "path": "Gemfile.lock",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment