-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error thrown when Invalid license key character provided #76
Comments
When a license is reported with invalid license keys (i.e. anything besides letters and numbers, underscore, dot, colon or hyphen signs and spaces) the `is_spdx_license_expression()` function fails because the liense-expression library does not properly handle the unknown characters. This commit is a workaround until the issue opened in the license-expression library[1] is resolved. Resolves tern-tools#1199 [1] aboutcode-org/license-expression#76 Signed-off-by: Rose Judge <rjudge@vmware.com>
When a license is reported with invalid license keys (i.e. anything besides letters and numbers, underscore, dot, colon or hyphen signs and spaces) the `is_spdx_license_expression()` function fails because the liense-expression library does not properly handle the unknown characters. This commit is a workaround until the issue opened in the license-expression library[1] is resolved. Resolves #1199 [1] aboutcode-org/license-expression#76 Signed-off-by: Rose Judge <rjudge@vmware.com>
@pombredanne any thoughts on this? |
"MIT/X11" is not a valid license key: not an SPDX one and it further contains characters typically not supported in the SPDX spec. There are multiple tokenizers to handle an expression: a simple one or one based on an automaton. This later one accepts arbitrary strings. A simple way to do things is to create multiple aliases for a given license symbol:
Here You would need to know ahead of time all the supported aliases and build you own licensing for this. Alternatively, if you have a list of these, we could also add these aliases as a standard "key_aliases" in each license record in https://github.com/nexB/scancode-toolkit/blob/cc14890e1bb6264b01ddb96975cac54466bd6a64/src/licensedcode/models.py#L272 and then update the code here to also treat "key_aliases" as LicenseSymbol aliases in https://github.com/nexB/license-expression/blob/15481270d1080d18e94ad5c5e9618f07e07eb933/src/license_expression/__init__.py#L868 Note also that using scancode-toolkit will always be better for this:
But in practice, each package type/ecosystem will have its specialized ways to provide license information so this approach will onot always work and the packagedcode module handles this for each package manifest and formats already: https://github.com/nexB/scancode-toolkit/search?q=populate_license_fields&type=code Even the standard code that works mostly across package types does much more than just using the license_expression library: https://github.com/nexB/scancode-toolkit/blob/develop/src/packagedcode/licensing.py |
Added PDF and ePub download option for RTD documentation as requested in aboutcode-org/aboutcode#127
Tern uses license-expression to validate SPDX licenses. When an invalid license key is provided (i.e. contains invalid characters like
/
or,
), license-expression throws an error when it should handle it.When a valid license key is provided (i.e. no unexpected characters), the library returns as expected:
I would expect the library to handle unexpected characters and mark expressions with unexpected characters as an invalid license.
The text was updated successfully, but these errors were encountered: