Skip to content

Commit

Permalink
Cargo: replace / by OR in the license field of Rust crates
Browse files Browse the repository at this point in the history 
cargo supports the legacy '/' format to specify multiple licenses and
the consensus is that crates.io should only accept SPDX 2.1 license
expressions, but this is not enforced as of yet.

see: rust-lang/cargo#2039

Signed-off-by: Gabriel Féron <gabriel.feron@here.com>
  • Loading branch information
@sschuberth
Gabriel Féron authored and sschuberth committed Sep 1, 2020
1 parent bfa7e23 commit c343abe
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 60 deletions.
80 changes: 32 additions & 48 deletions analyzer/src/funTest/assets/projects/synthetic/cargo-expected-output.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,9 @@ project:
id: "Cargo::lib:0.1.0"
definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
vcs:
type: ""
url: ""
Expand Down Expand Up @@ -128,10 +127,9 @@ packages:
id: "Cargo::autocfg:0.1.6"
purl: "pkg:cargo/autocfg@0.1.6"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "Apache-2.0 OR MIT"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "Apache-2.0 OR MIT"
description: "Automatic cfg for Rust compiler features"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -159,10 +157,9 @@ packages:
id: "Cargo::bitflags:1.1.0"
purl: "pkg:cargo/bitflags@1.1.0"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "A macro to generate structures which behave like bitflags.\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -190,10 +187,9 @@ packages:
id: "Cargo::cfg-if:0.1.9"
purl: "pkg:cargo/cfg-if@0.1.9"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "A macro to ergonomically define an item depending on a large number\
\ of #[cfg]\nparameters. Structured like an if-else chain, the first matching\
\ branch is the\nitem that gets emitted.\n"
Expand Down Expand Up @@ -313,10 +309,9 @@ packages:
id: "Cargo::rand:0.6.5"
purl: "pkg:cargo/rand@0.6.5"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Random number generators and other randomness functionality.\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -344,10 +339,9 @@ packages:
id: "Cargo::rand_chacha:0.1.1"
purl: "pkg:cargo/rand_chacha@0.1.1"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "ChaCha random number generator\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -375,10 +369,9 @@ packages:
id: "Cargo::rand_core:0.3.1"
purl: "pkg:cargo/rand_core@0.3.1"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Core random number generator traits and tools for implementation.\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -406,10 +399,9 @@ packages:
id: "Cargo::rand_core:0.4.2"
purl: "pkg:cargo/rand_core@0.4.2"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Core random number generator traits and tools for implementation.\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -437,10 +429,9 @@ packages:
id: "Cargo::rand_hc:0.1.0"
purl: "pkg:cargo/rand_hc@0.1.0"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "HC128 random number generator\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -468,10 +459,9 @@ packages:
id: "Cargo::rand_isaac:0.1.1"
purl: "pkg:cargo/rand_isaac@0.1.1"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "ISAAC random number generator\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -529,10 +519,9 @@ packages:
id: "Cargo::rand_os:0.1.3"
purl: "pkg:cargo/rand_os@0.1.3"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "OS backed Random Number Generator"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -560,10 +549,9 @@ packages:
id: "Cargo::rand_pcg:0.1.2"
purl: "pkg:cargo/rand_pcg@0.1.2"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Selected PCG random number generators\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -591,10 +579,9 @@ packages:
id: "Cargo::rand_xorshift:0.1.1"
purl: "pkg:cargo/rand_xorshift@0.1.1"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Xorshift random number generator\n"
homepage_url: ""
binary_artifact:
Expand Down Expand Up @@ -684,10 +671,9 @@ packages:
id: "Cargo::winapi-i686-pc-windows-gnu:0.4.0"
purl: "pkg:cargo/winapi-i686-pc-windows-gnu@0.4.0"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Import libraries for the i686-pc-windows-gnu target. Please don't\
\ use this crate directly, depend on winapi instead."
homepage_url: ""
Expand Down Expand Up @@ -716,10 +702,9 @@ packages:
id: "Cargo::winapi-x86_64-pc-windows-gnu:0.4.0"
purl: "pkg:cargo/winapi-x86_64-pc-windows-gnu@0.4.0"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Import libraries for the x86_64-pc-windows-gnu target. Please don't\
\ use this crate directly, depend on winapi instead."
homepage_url: ""
Expand Down Expand Up @@ -748,10 +733,9 @@ packages:
id: "Cargo::winapi:0.3.8"
purl: "pkg:cargo/winapi@0.3.8"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "Raw FFI bindings for all of Windows API."
homepage_url: ""
binary_artifact:
Expand Down
5 changes: 2 additions & 3 deletions analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate-client-expected-output.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,9 @@ packages:
id: "Cargo::cfg-if:0.1.9"
purl: "pkg:cargo/cfg-if@0.1.9"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "A macro to ergonomically define an item depending on a large number\
\ of #[cfg]\nparameters. Structured like an if-else chain, the first matching\
\ branch is the\nitem that gets emitted.\n"
Expand Down
10 changes: 4 additions & 6 deletions analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate-lib-expected-output.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,9 @@ project:
id: "Cargo::lib:0.1.0"
definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
vcs:
type: ""
url: ""
Expand Down Expand Up @@ -39,10 +38,9 @@ packages:
id: "Cargo::cfg-if:0.1.9"
purl: "pkg:cargo/cfg-if@0.1.9"
declared_licenses:
- "Apache-2.0"
- "MIT"
- "MIT OR Apache-2.0"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
spdx_expression: "MIT OR Apache-2.0"
description: "A macro to ergonomically define an item depending on a large number\
\ of #[cfg]\nparameters. Structured like an if-else chain, the first matching\
\ branch is the\nitem that gets emitted.\n"
Expand Down
9 changes: 6 additions & 3 deletions analyzer/src/main/kotlin/managers/Cargo.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import com.fasterxml.jackson.databind.JsonNode
import com.moandjiezana.toml.Toml

import java.io.File
import java.util.SortedSet

import org.ossreviewtoolkit.analyzer.AbstractPackageManagerFactory
import org.ossreviewtoolkit.analyzer.PackageManager
Expand Down Expand Up @@ -89,11 +90,13 @@ class Cargo(
private fun extractVcsInfo(node: JsonNode) =
VcsHost.toVcsInfo(extractRepositoryUrl(node))

private fun extractDeclaredLicenses(node: JsonNode) =
node["license"].textValueOrEmpty().split("/")
private fun extractDeclaredLicenses(node: JsonNode): SortedSet<String> {
val licenses = node["license"].textValueOrEmpty().split('/')
.map { it.trim() }
.filter { it.isNotEmpty() }
.toSortedSet()

return if (licenses.isEmpty()) sortedSetOf() else sortedSetOf(licenses.joinToString(" OR "))
}

private fun extractSourceArtifact(
node: JsonNode,
Expand Down

0 comments on commit c343abe

Please sign in to comment.