Fix exception issue and add regression tests (#16)

* Fix exception issue and add regression tests

* Bump version

Author: PaulKMueller

Cargo.lock

@@ -1,7 +1,7 @@
 [package]
 name = "conda-deny"
 description = "A CLI tool to check your project's dependencies for license compliance."
-version = "0.3.1"
+version = "0.3.2"
 edition = "2021"
 
 [features]

Cargo.toml

@@ -71,6 +71,8 @@ feature-depth = 1
 # output a note when they are encountered.
 ignore = [
     #"RUSTSEC-0000-0000",
+    # This crate is stable:
+    "RUSTSEC-2024-0388",
     #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
     #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
     #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },

deny.toml

@@ -1,24 +1,20 @@
 use anyhow::{Context, Result};
-use spdx::{Expression, LicenseItem, LicenseReq, ParseMode};
+use spdx::{Expression, LicenseReq, ParseMode};
 
-pub fn extract_license_ids(expression: &Expression) -> Vec<String> {
+pub fn extract_license_texts(expression: &Expression) -> Vec<String> {
     expression
         .requirements()
-        .map(|req| match &req.req.license {
-            LicenseItem::Spdx { id, .. } => id.name.to_string(),
-            LicenseItem::Other { lic_ref, .. } => lic_ref.clone(),
-        })
+        .map(|req| req.req.to_string())
         .collect()
 }
 
 fn check_license_req_safety(license_req: &LicenseReq, safe_licenses: &[Expression]) -> bool {
-    let safe_license_ids: Vec<String> =
-        safe_licenses.iter().flat_map(extract_license_ids).collect();
+    let safe_license_requirements: Vec<String> = safe_licenses
+        .iter()
+        .flat_map(extract_license_texts)
+        .collect();
 
-    match &license_req.license {
-        LicenseItem::Spdx { id, .. } => safe_license_ids.contains(&id.name.to_string()),
-        LicenseItem::Other { lic_ref, .. } => safe_license_ids.contains(lic_ref),
-    }
+    safe_license_requirements.contains(&license_req.to_string())
 }
 
 pub fn check_expression_safety(expression: &Expression, safe_licenses: &[Expression]) -> bool {
@@ -43,12 +39,54 @@ mod tests {
 
     use crate::expression_utils::parse_expression;
 
+    #[test]
+    fn test_extract_license_texts() {
+        let expression = parse_expression("MIT OR GPL-3.0-or-later").unwrap();
+        let license_texts = extract_license_texts(&expression);
+
+        assert_eq!(
+            license_texts,
+            vec!["MIT".to_string(), "GPL-3.0-or-later".to_string()]
+        );
+    }
+
+    #[test]
+    fn test_license_with_exception() {
+        let expression = parse_expression("GPL-2.0-only").unwrap();
+        let safe_licenses = &[Expression::parse("GPL-2.0-only WITH GCC-exception-2.0").unwrap()];
+
+        let license_allowed = check_expression_safety(&expression, safe_licenses);
+
+        assert!(!license_allowed);
+
+        let expression = parse_expression("GPL-2.0-only WITH GCC-exception-2.0").unwrap();
+        let safe_licenses = &[Expression::parse("GPL-2.0-only").unwrap()];
+        let license_allowed = check_expression_safety(&expression, safe_licenses);
+
+        assert!(!license_allowed);
+
+        let expression = parse_expression("GPL-3.0-only WITH GCC-exception-3.1").unwrap();
+        let safe_licenses = &[Expression::parse("GPL-3.0-only").unwrap()];
+        let license_allowed = check_expression_safety(&expression, safe_licenses);
+
+        assert!(!license_allowed);
+
+        let expression = parse_expression("GPL-3.0-only").unwrap();
+        let safe_licenses = &[Expression::parse("GPL-3.0-only WITH GCC-exception-3.1").unwrap()];
+        let license_allowed = check_expression_safety(&expression, safe_licenses);
+
+        assert!(!license_allowed);
+    }
+
     #[test]
     fn test_extract_license_ids() {
         let expression = parse_expression("MIT OR GPL-3.0-or-later").unwrap();
-        let license_ids = super::extract_license_ids(&expression);
+        let license_ids = super::extract_license_texts(&expression);
 
-        assert_eq!(license_ids, vec!["MIT".to_string(), "GPL-3.0".to_string()]);
+        assert_eq!(
+            license_ids,
+            vec!["MIT".to_string(), "GPL-3.0-or-later".to_string()]
+        );
     }
 
     #[test]

src/expression_utils.rs

@@ -9,7 +9,7 @@ use colored::*;
 use crate::{
     conda_deny_config::CondaDenyConfig,
     conda_meta_entry::{CondaMetaEntries, CondaMetaEntry},
-    expression_utils::{check_expression_safety, extract_license_ids, parse_expression},
+    expression_utils::{check_expression_safety, extract_license_texts, parse_expression},
     license_whitelist::ParsedLicenseWhitelist,
     list,
     pixi_lock::get_package_records_for_pixi_lock,
@@ -272,7 +272,7 @@ impl LicenseInfos {
         for license_info in &self.license_infos {
             match &license_info.license {
                 LicenseState::Valid(license) => {
-                    let license_ids = extract_license_ids(license);
+                    let license_ids = extract_license_texts(license);
                     let is_safe = license_ids.iter().all(|license_id_str| {
                         if let Some(license_id) = spdx::license_id(license_id_str) {
                             license_id.is_osi_approved()

src/license_info.rs

@@ -128,4 +128,13 @@ mod tests {
 
         println!("Output has {} lines", line_count);
     }
+
+    #[test]
+    fn test_exception_check() {
+        let test_dir = Path::new("tests/test_end_to_end/test_exception_use_case");
+
+        let mut command = Command::cargo_bin("conda-deny").unwrap();
+        command.arg("check").current_dir(test_dir);
+        command.assert().failure();
+    }
 }