filter license when undefined to fix error in CycloneDX/discussions/1255

 (CycloneDX#1256)

* Test filter license when undefined to fix error in CycloneDX/discussions/1255, add unite tests for undefined license and multiple licenses and update git ignore to add line for IntelliJ module files - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Remove multi license test since it already exits and fix formatting - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Run pnpm to fix linting issuse - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Enable getRepoLicense and getGoPkgLicense tests - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Cleanup package json - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Cleanup package json - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Formatting fix in utils.test - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

* Ran pnpm again to fix formatting - Signed-off-by: Cory Fitzpatrick [email protected]

Signed-off-by: Cory Fitzpatrick <[email protected]>

---------

Signed-off-by: Cory Fitzpatrick <[email protected]>
Co-authored-by: Cory Fitzpatrick <[email protected]>

.gitignore

@@ -125,3 +125,6 @@ roots/
 .python-version
 build/
 .mise.toml
+
+# Ignore IntelliJ IDEA module file
+cdxgen.iml

types/utils.d.ts

@@ -39,7 +39,8 @@ export function isSpdxLicenseExpression(license: string): boolean;
  * Convert the array of licenses to a CycloneDX 1.5 compliant license array.
  * This should return an array containing:
  * - one or more SPDX license if no expression is present
- * - the first license expression if at least one is present
+ * - the license of the expression if one expression is present
+ * - a unified conditional 'OR' license expression if more then one expression is present
  *
  * @param {Array} licenses Array of licenses
  * @returns {Array} CycloneDX 1.5 compliant license array

utils.js

@@ -512,43 +512,45 @@ export function getLicenses(pkg) {
       license = [license];
     }
     return adjustLicenseInformation(
-      license.map((l) => {
-        let licenseContent = {};
-        if (typeof l === "string" || l instanceof String) {
-          if (
-            spdxLicenses.some((v) => {
-              return l === v;
-            })
-          ) {
-            licenseContent.id = l;
-            licenseContent.url = `https://opensource.org/licenses/${l}`;
-          } else if (l.startsWith("http")) {
-            const knownLicense = getKnownLicense(l, pkg);
-            if (knownLicense) {
-              licenseContent.id = knownLicense.id;
-              licenseContent.name = knownLicense.name;
-            }
-            // We always need a name to avoid validation errors
-            // Issue: #469
-            if (!licenseContent.name && !licenseContent.id) {
-              licenseContent.name = "CUSTOM";
+      license
+        .filter((l) => l !== undefined)
+        .map((l) => {
+          let licenseContent = {};
+          if (typeof l === "string" || l instanceof String) {
+            if (
+              spdxLicenses.some((v) => {
+                return l === v;
+              })
+            ) {
+              licenseContent.id = l;
+              licenseContent.url = `https://opensource.org/licenses/${l}`;
+            } else if (l.startsWith("http")) {
+              const knownLicense = getKnownLicense(l, pkg);
+              if (knownLicense) {
+                licenseContent.id = knownLicense.id;
+                licenseContent.name = knownLicense.name;
+              }
+              // We always need a name to avoid validation errors
+              // Issue: #469
+              if (!licenseContent.name && !licenseContent.id) {
+                licenseContent.name = "CUSTOM";
+              }
+              licenseContent.url = l;
+            } else if (isSpdxLicenseExpression(l)) {
+              licenseContent.expression = l;
+            } else {
+              licenseContent.name = l;
             }
-            licenseContent.url = l;
-          } else if (isSpdxLicenseExpression(l)) {
-            licenseContent.expression = l;
+          } else if (Object.keys(l).length) {
+            licenseContent = l;
           } else {
-            licenseContent.name = l;
+            return undefined;
           }
-        } else if (Object.keys(l).length) {
-          licenseContent = l;
-        } else {
-          return undefined;
-        }
-        if (!licenseContent.id) {
-          addLicenseText(pkg, l, licenseContent);
-        }
-        return licenseContent;
-      }),
+          if (!licenseContent.id) {
+            addLicenseText(pkg, l, licenseContent);
+          }
+          return licenseContent;
+        }),
     );
   }
   const knownLicense = getKnownLicense(undefined, pkg);

utils.test.js

@@ -8,10 +8,12 @@ import {
   findLicenseId,
   getCratesMetadata,
   getDartMetadata,
+  getGoPkgLicense,
   getLicenses,
   getMvnMetadata,
   getNugetMetadata,
   getPyMetadata,
+  getRepoLicense,
   guessPypiMatchingVersion,
   hasAnyProjectType,
   isValidIriReference,
@@ -2246,76 +2248,82 @@ test("parsePomMetadata", async () => {
   const data = await getMvnMetadata(deps);
   expect(data.length).toEqual(deps.length);
 });
-/*
+
 test("get repo license", async () => {
-  let license = await utils.getRepoLicense(
-    "https://github.com/ShiftLeftSecurity/sast-scan"
+  let license = await getRepoLicense(
+    "https://github.com/ShiftLeftSecurity/sast-scan",
+    {
+      group: "ShiftLeftSecurity",
+      name: "sast-scan",
+    },
   );
   expect(license).toEqual({
-    id: "GPL-3.0-or-later",
-    url: "https://github.com/ShiftLeftSecurity/sast-scan/blob/master/LICENSE"
+    id: "Apache-2.0",
+    url: "https://github.com/ShiftLeftSecurity/sast-scan/blob/master/LICENSE",
   });
 
-  license = await utils.getRepoLicense("https://github.com/cyclonedx/cdxgen", {
-    group: "",
-    name: "cdxgen"
+  license = await getRepoLicense("https://github.com/cyclonedx/cdxgen", {
+    group: "cyclonedx",
+    name: "cdxgen",
   });
   expect(license).toEqual({
     id: "Apache-2.0",
-    url: "https://github.com/cyclonedx/cdxgen/blob/master/LICENSE"
+    url: "https://github.com/CycloneDX/cdxgen/blob/master/LICENSE",
   });
 
-  license = await utils.getRepoLicense("https://cloud.google.com/go", {
+  // These tests are disabled because they are returning undefined
+  /*
+  license = await getRepoLicense("https://cloud.google.com/go", {
     group: "cloud.google.com",
     name: "go"
   });
   expect(license).toEqual("Apache-2.0");
 
-  license = await utils.getRepoLicense(undefined, {
+  license = await getRepoLicense(undefined, {
     group: "github.com/ugorji",
     name: "go"
   });
   expect(license).toEqual({
     id: "MIT",
     url: "https://github.com/ugorji/go/blob/master/LICENSE"
   });
+  */
 });
+
 test("get go pkg license", async () => {
-  jest.setTimeout(120000);
-  let license = await utils.getGoPkgLicense({
+  let license = await getGoPkgLicense({
     group: "github.com/Azure/azure-amqp-common-go",
-    name: "v2"
+    name: "v2",
   });
   expect(license).toEqual([
     {
       id: "MIT",
-      url: "https://pkg.go.dev/github.com/Azure/azure-amqp-common-go/v2?tab=licenses"
-    }
+      url: "https://pkg.go.dev/github.com/Azure/azure-amqp-common-go/v2?tab=licenses",
+    },
   ]);
 
-  license = await utils.getGoPkgLicense({
+  license = await getGoPkgLicense({
     group: "go.opencensus.io",
-    name: "go.opencensus.io"
+    name: "go.opencensus.io",
   });
   expect(license).toEqual([
     {
       id: "Apache-2.0",
-      url: "https://pkg.go.dev/go.opencensus.io?tab=licenses"
-    }
+      url: "https://pkg.go.dev/go.opencensus.io?tab=licenses",
+    },
   ]);
 
-  license = await utils.getGoPkgLicense({
+  license = await getGoPkgLicense({
     group: "github.com/DataDog",
-    name: "zstd"
+    name: "zstd",
   });
   expect(license).toEqual([
     {
       id: "BSD-3-Clause",
-      url: "https://pkg.go.dev/github.com/DataDog/zstd?tab=licenses"
-    }
+      url: "https://pkg.go.dev/github.com/DataDog/zstd?tab=licenses",
+    },
   ]);
 });
-*/
 
 test("get licenses", () => {
   let licenses = getLicenses({ license: "MIT" });
@@ -2398,6 +2406,11 @@ test("get licenses", () => {
       expression: "GPL-3.0-only WITH Classpath-exception-2.0",
     },
   ]);
+
+  licenses = getLicenses({
+    license: undefined,
+  });
+  expect(licenses).toEqual(undefined);
 });
 
 test("parsePkgJson", async () => {