Merge pull request #926 from dangoor/dangoor/replace-other

Replace OTHER with a LicenseRef

Author: dangoor

__tests__/spdx.test.ts

@@ -55,6 +55,16 @@ describe('satisfiesAny', () => {
       candidate: 'MIT OR ISC',
       licenses: ['MiT'],
       expected: false
+    },
+    {
+      candidate: 'MIT AND OTHER',
+      licenses: ['MIT'],
+      expected: false
+    },
+    {
+      candidate: 'MIT OR OTHER',
+      licenses: ['MIT', 'LicenseRef-clearlydefined-OTHER'],
+      expected: true
     }
   ]
 
@@ -130,6 +140,16 @@ describe('satisfiesAll', () => {
       candidate: 'MIT OR ISC',
       licenses: ['MiT'],
       expected: false
+    },
+    {
+      candidate: 'MIT AND OTHER',
+      licenses: ['MIT'],
+      expected: false
+    },
+    {
+      candidate: 'MIT AND OTHER',
+      licenses: ['MIT', 'LicenseRef-clearlydefined-OTHER'],
+      expected: true
     }
   ]
 
@@ -210,6 +230,16 @@ describe('satisfies', () => {
       candidate: '',
       allowList: ['BSD-3-Clause', 'ISC', 'MIT'],
       expected: false
+    },
+    {
+      candidate: 'MIT OR OTHER',
+      allowList: ['MIT', 'LicenseRef-clearlydefined-OTHER'],
+      expected: true
+    },
+    {
+      candidate: '(Apache-2.0 AND OTHER) OR (MIT AND OTHER)',
+      allowList: ['Apache-2.0', 'LicenseRef-clearlydefined-OTHER'],
+      expected: true
     }
   ]
 
@@ -246,6 +276,10 @@ describe('isValid', () => {
     {
       candidate: '',
       expected: false
+    },
+    {
+      candidate: 'MIT AND OTHER',
+      expected: true
     }
   ]
   for (const unit of units) {
@@ -255,3 +289,38 @@ describe('isValid', () => {
     })
   }
 })
+
+describe('cleanInvalidSPDX', () => {
+  const units = [
+    {
+      candidate: 'MIT',
+      expected: 'MIT'
+    },
+    {
+      candidate: 'OTHER',
+      expected: 'LicenseRef-clearlydefined-OTHER'
+    },
+    {
+      candidate: 'LicenseRef-clearlydefined-OTHER',
+      expected: 'LicenseRef-clearlydefined-OTHER'
+    },
+    {
+      candidate: 'OTHER AND MIT',
+      expected: 'LicenseRef-clearlydefined-OTHER AND MIT'
+    },
+    {
+      candidate: 'MIT AND OTHER',
+      expected: 'MIT AND LicenseRef-clearlydefined-OTHER'
+    },
+    {
+      candidate: 'MIT AND SomethingElse-OTHER',
+      expected: 'MIT AND SomethingElse-OTHER'
+    }
+  ]
+  for (const unit of units) {
+    const got: string = spdx.cleanInvalidSPDX(unit.candidate)
+    test(`should return ${unit.expected} for ("${unit.candidate}")`, () => {
+      expect(got).toBe(unit.expected)
+    })
+  }
+})

dist/index.js

@@ -12,6 +12,7 @@ import parse from 'spdx-expression-parse'
 // accepts a pair of well-formed SPDX expressions. the
 // candidate is tested against the constraint
 export function satisfies(candidateExpr: string, allowList: string[]): boolean {
+  candidateExpr = cleanInvalidSPDX(candidateExpr)
   try {
     return spdxSatisfies(candidateExpr, allowList)
   } catch (_) {
@@ -24,6 +25,7 @@ export function satisfiesAny(
   candidateExpr: string,
   licenses: string[]
 ): boolean {
+  candidateExpr = cleanInvalidSPDX(candidateExpr)
   try {
     return spdxlib.satisfiesAny(candidateExpr, licenses)
   } catch (_) {
@@ -36,6 +38,7 @@ export function satisfiesAll(
   candidateExpr: string,
   licenses: string[]
 ): boolean {
+  candidateExpr = cleanInvalidSPDX(candidateExpr)
   try {
     return spdxlib.satisfiesAll(candidateExpr, licenses)
   } catch (_) {
@@ -45,10 +48,19 @@ export function satisfiesAll(
 
 // accepts any SPDX expression
 export function isValid(spdxExpr: string): boolean {
+  spdxExpr = cleanInvalidSPDX(spdxExpr)
   try {
     parse(spdxExpr)
     return true
   } catch (_) {
     return false
   }
 }
+
+const replaceOtherRegex = /(?<![\w-])OTHER(?![\w-])/g
+
+// adjusts license expressions to not include the invalid `OTHER`
+// which ClearlyDefined adds to license strings
+export function cleanInvalidSPDX(spdxExpr: string): string {
+  return spdxExpr.replace(replaceOtherRegex, 'LicenseRef-clearlydefined-OTHER')
+}