forked from anchore/syft
-
Notifications
You must be signed in to change notification settings - Fork 0
/
license.go
45 lines (37 loc) · 1.26 KB
/
license.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// package license provides common methods for working with SPDX license data
package license
import (
"fmt"
"runtime/debug"
"github.com/github/go-spdx/v2/spdxexp"
"github.com/gsoc2/syft/internal/spdxlicense"
)
type Type string
const (
Declared Type = "declared"
Concluded Type = "concluded"
)
func ParseExpression(expression string) (ex string, err error) {
// https://github.com/gsoc2/syft/issues/1837
// The current spdx library can panic when parsing some expressions
// This is a temporary fix to recover and patch until we can investigate and contribute
// a fix to the upstream github library
defer func() {
if r := recover(); r != nil {
err = fmt.Errorf("recovered from panic while parsing license expression at: \n%s", string(debug.Stack()))
}
}()
licenseID, exists := spdxlicense.ID(expression)
if exists {
return licenseID, nil
}
// If it doesn't exist initially in the SPDX list it might be a more complex expression
// ignored variable is any invalid expressions
// TODO: contribute to spdxexp to expose deprecated license IDs
// https://github.com/gsoc2/syft/issues/1814
valid, _ := spdxexp.ValidateLicenses([]string{expression})
if !valid {
return "", fmt.Errorf("invalid SPDX expression: %s", expression)
}
return expression, nil
}