From 6809c72764b9755391ce4c3daee272e609a2eba8 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <christopher.phillips@anchore.com>
Date: Tue, 16 May 2023 11:54:16 -0400
Subject: [PATCH] fix: update cataloger to check for expressions before split

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
---
 syft/pkg/cataloger/apkdb/package.go             | 9 ++++++++-
 syft/pkg/cataloger/apkdb/parse_apk_db_test.go   | 2 +-
 syft/pkg/cataloger/apkdb/test-fixtures/multiple | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/syft/pkg/cataloger/apkdb/package.go b/syft/pkg/cataloger/apkdb/package.go
index 392fe277154..4bc59ba170d 100644
--- a/syft/pkg/cataloger/apkdb/package.go
+++ b/syft/pkg/cataloger/apkdb/package.go
@@ -4,13 +4,20 @@ import (
 	"strings"
 
 	"github.com/anchore/packageurl-go"
+	"github.com/anchore/syft/syft/license"
 	"github.com/anchore/syft/syft/linux"
 	"github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/source"
 )
 
 func newPackage(d parsedData, release *linux.Release, dbLocation source.Location) pkg.Package {
-	licenseStrings := strings.Split(d.License, " ")
+	// check if license is a valid spdx expression before splitting
+	licenseStrings := []string{d.License}
+	_, err := license.ParseExpression(d.License)
+	if err != nil {
+		// invalid so update to split on space
+		licenseStrings = strings.Split(d.License, " ")
+	}
 
 	p := pkg.Package{
 		Name:         d.Package,
diff --git a/syft/pkg/cataloger/apkdb/parse_apk_db_test.go b/syft/pkg/cataloger/apkdb/parse_apk_db_test.go
index ba26eb4f09a..3070e95ccbf 100644
--- a/syft/pkg/cataloger/apkdb/parse_apk_db_test.go
+++ b/syft/pkg/cataloger/apkdb/parse_apk_db_test.go
@@ -701,7 +701,7 @@ func TestMultiplePackages(t *testing.T) {
 			Name:    "libc-utils",
 			Version: "0.7.2-r0",
 			Licenses: pkg.NewLicenseSet(
-				pkg.NewLicenseFromLocations("BSD", location),
+				pkg.NewLicenseFromLocations("MPL-2.0 AND MIT", location),
 			),
 			Type:         pkg.ApkPkg,
 			PURL:         "pkg:apk/alpine/libc-utils@0.7.2-r0?arch=x86_64&upstream=libc-dev&distro=alpine-3.12",
diff --git a/syft/pkg/cataloger/apkdb/test-fixtures/multiple b/syft/pkg/cataloger/apkdb/test-fixtures/multiple
index 9ade5ff5abb..7bf964cf8ec 100644
--- a/syft/pkg/cataloger/apkdb/test-fixtures/multiple
+++ b/syft/pkg/cataloger/apkdb/test-fixtures/multiple
@@ -6,7 +6,7 @@ S:1175
 I:4096
 T:Meta package to pull in correct libc
 U:http://alpinelinux.org
-L:BSD
+L:MPL-2.0 AND MIT
 o:libc-dev
 m:Natanael Copa <ncopa@alpinelinux.org>
 t:1575749004