Use the declared_license_expression_spdx value in SPDX output #63

For the "license_declared" field. Signed-off-by: tdruez <tdruez@nexb.com>
aboutcode-org · Jul 4, 2024 · a330c44 · a330c44
1 parent 9ba5da0
commit a330c44
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 6 deletions.
diff --git a/component_catalog/models.py b/component_catalog/models.py
@@ -1330,7 +1330,12 @@ def aboutcode_data(self):
         return without_empty_values(component_data)
 
     def as_spdx(self, license_concluded=None):
-        """Return this Component as an SPDX Package entry."""
+        """
+        Return this Component as an SPDX Package entry.
+        An optional ``license_concluded`` can be provided to override the
+        ``license_expression`` value defined on this instance.
+        This can be a license choice applied to a Product relationship.
+        """
         external_refs = []
 
         if cpe_external_ref := self.get_spdx_cpe_external_ref():
@@ -1347,7 +1352,7 @@ def as_spdx(self, license_concluded=None):
             spdx_id=f"dejacode-{self._meta.model_name}-{self.uuid}",
             supplier=self.owner.as_spdx() if self.owner else "",
             license_concluded=license_concluded or license_expression_spdx,
-            license_declared=license_expression_spdx,
+            license_declared=self.declared_license_expression_spdx,
             copyright_text=self.copyright,
             version=self.version,
             homepage=self.homepage_url,
@@ -2213,7 +2218,12 @@ def get_about_files(self):
         return about_files
 
     def as_spdx(self, license_concluded=None):
-        """Return this Package as an SPDX Package entry."""
+        """
+        Return this Package as an SPDX Package entry.
+        An optional ``license_concluded`` can be provided to override the
+        ``license_expression`` value defined on this instance.
+        This can be a license choice applied to a Product relationship.
+        """
         checksums = [
             spdx.Checksum(algorithm=algorithm, value=checksum_value)
             for algorithm in ["sha1", "md5"]
@@ -2244,8 +2254,8 @@ def as_spdx(self, license_concluded=None):
             name=self.name or self.filename,
             spdx_id=f"dejacode-{self._meta.model_name}-{self.uuid}",
             download_location=self.download_url,
-            license_declared=license_expression_spdx,
             license_concluded=license_concluded or license_expression_spdx,
+            license_declared=self.declared_license_expression_spdx,
             copyright_text=self.copyright,
             version=self.version,
             homepage=self.homepage_url,

diff --git a/component_catalog/tests/test_models.py b/component_catalog/tests/test_models.py
@@ -2139,6 +2139,7 @@ def test_component_model_get_about_files(self):
 
     def test_component_model_as_spdx(self):
         self.component1.license_expression = f"{self.license1.key} AND {self.license2.key}"
+        self.component1.declared_license_expression = self.license1.key
         self.component1.copyright = "copyright on component"
         self.component1.homepage_url = "https://homepage.url"
         self.component1.description = "Description"
@@ -2152,7 +2153,7 @@ def test_component_model_as_spdx(self):
             "attributionTexts": [("Notice\r\nText",)],
             "downloadLocation": "NOASSERTION",
             "licenseConcluded": "SPDX-1 AND LicenseRef-dejacode-license2",
-            "licenseDeclared": "SPDX-1 AND LicenseRef-dejacode-license2",
+            "licenseDeclared": "SPDX-1",
             "copyrightText": "copyright on component",
             "filesAnalyzed": False,
             "supplier": "Organization: Owner",
@@ -2173,6 +2174,7 @@ def test_package_model_as_spdx(self):
             copyright="copyright on package",
             notice_text="Notice\r\nText",
             license_expression=f"{self.license1.key} AND {self.license2.key}",
+            declared_license_expression=self.license1.key,
             sha1="5ba93c9db0cff93f52b521d7420e43f6eda2784f",
             md5="93b885adfe0da089cdf634904fd59f71",
             cpe="cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*",
@@ -2191,7 +2193,7 @@ def test_package_model_as_spdx(self):
             "SPDXID": f"SPDXRef-dejacode-package-{package1.uuid}",
             "downloadLocation": "htp://domain.com/package.zip",
             "licenseConcluded": "SPDX-1 AND LicenseRef-dejacode-license2",
-            "licenseDeclared": "SPDX-1 AND LicenseRef-dejacode-license2",
+            "licenseDeclared": "SPDX-1",
             "copyrightText": "copyright on package",
             "filesAnalyzed": False,
             "versionInfo": "7.50.3-1",

diff --git a/product_portfolio/tests/test_models.py b/product_portfolio/tests/test_models.py
@@ -837,6 +837,7 @@ def test_product_relationship_models_as_spdx(self):
         component1 = Component.objects.create(
             name="c1",
             license_expression=f"{self.license1.key} OR {self.license2.key}",
+            declared_license_expression=f"{self.license1.key} OR {self.license2.key}",
             dataspace=self.dataspace,
         )
         pc1 = ProductComponent.objects.create(
@@ -859,6 +860,7 @@ def test_product_relationship_models_as_spdx(self):
         package1 = Package.objects.create(
             filename="package1",
             license_expression=f"{self.license1.key} OR {self.license2.key}",
+            declared_license_expression=f"{self.license1.key} OR {self.license2.key}",
             dataspace=self.dataspace,
         )
         pp1 = ProductPackage.objects.create(