fix: support multiple license violations

google · Mar 28, 2024 · 9d20ff7 · 9d20ff7
1 parent 92cf5a2
commit 9d20ff7
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 3 deletions.
diff --git a/internal/output/__snapshots__/vertical_test.snap b/internal/output/__snapshots__/vertical_test.snap
@@ -62,6 +62,15 @@ path/to/my/first/lockfile: found 1 package
 
 ---
 
+[TestPrintVerticalResults_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1]
+path/to/my/first/lockfile: found 1 package
+  no known vulnerabilities found
+  mine1@1.2.3 is using incompatible licenses: MIT, Apache-2.0
+
+  2 license violations found in path/to/my/first/lockfile
+
+---
+
 [TestPrintVerticalResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1]
 path/to/my/first/lockfile: found 1 package
   no known vulnerabilities found

diff --git a/internal/output/vertical.go b/internal/output/vertical.go
@@ -3,6 +3,7 @@ package output
 import (
 	"fmt"
 	"io"
+	"strings"
 	"unicode"
 
 	"github.com/fatih/color"
@@ -93,12 +94,19 @@ func printVerticalLicenseViolations(result models.PackageSource, out io.Writer)
 			continue
 		}
 
+		violations := make([]string, len(pkg.LicenseViolations))
+		for i, l := range pkg.LicenseViolations {
+			violations[i] = string(l)
+		}
+
 		fmt.Fprintf(out,
 			"  %s %s %s\n",
 			color.YellowString("%s@%s", pkg.Package.Name, pkg.Package.Version),
-			color.RedString("is using an incompatible license:"),
-			// todo: handle multiple licenses
-			color.CyanString(string(pkg.LicenseViolations[0])),
+			color.RedString(Form(len(violations),
+				"is using an incompatible license:",
+				"is using incompatible licenses:",
+			)),
+			color.CyanString(strings.Join(violations, ", ")),
 		)
 	}
 

diff --git a/internal/output/vertical_test.go b/internal/output/vertical_test.go
@@ -672,6 +672,30 @@ func TestPrintVerticalResults_WithLicenseViolations(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "one source with one package and multiple license violations",
+			args: args{
+				vulnResult: &models.VulnerabilityResults{
+					ExperimentalAnalysisConfig: experimentalAnalysisConfig,
+					Results: []models.PackageSource{
+						{
+							Source: models.SourceInfo{Path: "path/to/my/first/lockfile"},
+							Packages: []models.PackageVulns{
+								{
+									Package: models.PackageInfo{
+										Name:      "mine1",
+										Version:   "1.2.3",
+										Ecosystem: "npm",
+									},
+									Licenses:          []models.License{"MIT", "Apache-2.0"},
+									LicenseViolations: []models.License{"MIT", "Apache-2.0"},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		tt := tt