fix: add support for license detection (#56)

Currently, we are not adding license information into files under a package. Also add detection for debian packages. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
project-stacker · Jan 30, 2024 · 56b135a · 56b135a
1 parent 363073d
commit 56b135a
Show file tree

Hide file tree

Showing 4 changed files with 477 additions and 5 deletions.
diff --git a/pkg/distro/apk/apk.go b/pkg/distro/apk/apk.go
@@ -246,7 +246,7 @@ func InstalledPackage(doc *spdx.Document, pkg *IndexEntry, files []string) error
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()
-		sfile.LicenseInfoInFile = "unknown"
+		sfile.LicenseInfoInFile = pkg.PackageLicense
 		sfile.SetEntity(
 			&spdx.Entity{
 				Name: file,

diff --git a/pkg/distro/deb/deb.go b/pkg/distro/deb/deb.go
@@ -21,6 +21,8 @@ import (
 	"stackerbuild.io/stacker-bom/pkg/buildgen"
 )
 
+const unknownLicense = "unknown"
+
 // ParsePackage given a deb pkg emits a sbom.
 func ParsePackage(input, output, author, organization, license string) error {
 	debfile, _, err := deb.LoadFile(input)
@@ -114,11 +116,18 @@ func ParsePackage(input, output, author, organization, license string) error {
 		}
 
 		if strings.HasPrefix(hdr.Name, "./usr/share/doc/") && strings.HasSuffix(hdr.Name, "copyright") {
-			log.Info().Str("path", hdr.Name).Msg("license/copyright found")
 			spkg.CopyrightText = string(buf)
+			license = getSpdxLicense(string(buf))
+			log.Info().Str("path", hdr.Name).Str("license", license).Msg("license/copyright found")
 		}
 	}
 
+	spkg.LicenseDeclared = license
+
+	for _, file := range spkg.Files() {
+		file.LicenseInfoInFile = license
+	}
+
 	if err := bom.WriteDocument(sdoc, output); err != nil {
 		log.Error().Err(err).Str("path", output).Msg("unable to write output")
 
@@ -273,6 +282,8 @@ func InstalledPackages(doc *spdx.Document) error {
 }
 
 func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
+	license := unknownLicense
+
 	spkg := &spdx.Package{
 		Entity: spdx.Entity{
 			Name: pkg.Package,
@@ -285,7 +296,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 			Person: pkg.Maintainer,
 		},
 		FilesAnalyzed:   true,
-		LicenseDeclared: "unknown",
+		LicenseDeclared: license,
 	}
 
 	fhandle, err := os.Open(path)
@@ -338,7 +349,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()
-		sfile.LicenseInfoInFile = "unknown"
+		sfile.LicenseInfoInFile = unknownLicense
 		sfile.SetEntity(
 			&spdx.Entity{
 				Name: line,
@@ -366,9 +377,16 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 			}
 
 			spkg.CopyrightText = string(buf)
+			license = getSpdxLicense(string(buf))
 		}
 	}
 
+	spkg.LicenseDeclared = license
+
+	for _, file := range spkg.Files() {
+		file.LicenseInfoInFile = license
+	}
+
 	if err := doc.AddPackage(spkg); err != nil {
 		log.Error().Err(err).Msg("unable to add package to doc")