Skip to content

Improve license parsing error handling#309

Merged
goneall merged 8 commits intomasterfrom
issue227
Apr 16, 2025
Merged

Improve license parsing error handling#309
goneall merged 8 commits intomasterfrom
issue227

Conversation

@goneall
Copy link
Member

@goneall goneall commented Apr 14, 2025

Checks simple license tokens to make sure they are either a listed license or a LicenseRef-

Fixes #227

@goneall
Improve license parsing error handling
3c36487 
Checks simple license tokens to make sure they are either a listed
license or a LicenseRef-

Fixes #227
@pmonks
Copy link
Collaborator

pmonks commented Apr 14, 2025
edited
Loading

@goneall this is probably a separate issue, unrelated to this PR, but I'm not seeing any parsing of AdditionRefs in the 3.x parsing functions. I assume those code paths (if/when they're added) would benefit from similar message updates as the ones here?

bact
bact requested changes Apr 14, 2025
View reviewed changes
@goneall @bact
Fix typos in description
ea38013 
Co-authored-by: Arthit Suriyawongkul <arthit@gmail.com>
Signed-off-by: Gary O'Neall <gary@sourceauditor.com>
@goneall
Copy link
Member Author

goneall commented Apr 14, 2025

@goneall this is probably a separate issue, unrelated to this PR, but I'm not seeing any parsing of AdditionRefs in the 3.x parsing functions. I assume those code paths (if/when they're added) would benefit from similar message updates as the ones here?

Good catch @pmonks - In looking at the license addition code, I realized I'm not taking into account external license refs which is yet another issue.

I'll add a check for the AdditionRef syntax and also implement the external license refs. I'll also add some unit tests to make sure these cases are covered.

@pmonks
Copy link
Collaborator

pmonks commented Apr 14, 2025
edited
Loading

@goneall if it's helpful, here are the regexes I use in my own parser for LicenseRefs & AdditionRefs (the values inside the #" ... " syntax):

; LicenseRefs:
#"(DocumentRef-(?<DocumentRef>[\p{Alnum}-\.]+):)?LicenseRef-(?<LicenseRef>[\p{Alnum}-\.]+)"

; AdditionRefs:
#"(DocumentRef-(?<AdditionDocumentRef>[\p{Alnum}-\.]+):)?AdditionRef-(?<AdditionRef>[\p{Alnum}-\.]+)"

Clojure is hosted on the JVM, so these regexes will also work in Spdx-Java-Library (albeit with escaping as needed for a Java string literal that then gets compiled to a Pattern - Clojure has literal syntax for regexes, which obviates the need for escaping of anything but regex-specific characters).

Oh and note that these regexes make use of named capturing groups for extracting the custom sections of the DocumentRef, LicenseRef and AdditionRef components, but NCGs were only added in Java 7, so depending on the minimum Java version Spdx-Java-Library supports, these regexes might need a little tweaking to switch those to regular (non-named) capturing groups.

@goneall
Copy link
Member Author

goneall commented Apr 14, 2025

@goneall this is probably a separate issue, unrelated to this PR, but I'm not seeing any parsing of AdditionRefs in the 3.x parsing functions. I assume those code paths (if/when they're added) would benefit from similar message updates as the ones here?

Good catch @pmonks - In looking at the license addition code, I realized I'm not taking into account external license refs which is yet another issue.

I'll add a check for the AdditionRef syntax and also implement the external license refs. I'll also add some unit tests to make sure these cases are covered.

Turns out I was checking for external license refs (first line of the method), so I only need to add the additional check for the additionref syntax.

@pmonks - let me know if I missed anything

@pmonks
Copy link
Collaborator

pmonks commented Apr 14, 2025

@goneall yep I see handling of external LicenseRefs here.

@goneall
Copy link
Member Author

goneall commented Apr 15, 2025

@pmonks @bact - if you could give this another review - I think I addressed all the issues

@bact bact added the enhancement New feature or request label Apr 16, 2025
bact
bact reviewed Apr 16, 2025
View reviewed changes
Copy link
Collaborator

@bact bact left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes, adding 'a'.

bact added 4 commits April 16, 2025 09:45
@bact
Update src/main/java/org/spdx/utility/license/LicenseExpressionParser…
a3e9f89 
….java

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact
Update src/main/java/org/spdx/utility/license/LicenseExpressionParser…
3354ed2 
….java

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact
Update src/main/java/org/spdx/utility/license/LicenseExpressionParser…
e7b862a 
….java

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@bact
Update src/test/java/org/spdx/utility/license/LicenseExpressionParser…
693f267 
…Test.java

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
@goneall goneall merged commit 95aba1f into master Apr 16, 2025
1 check passed
@goneall goneall deleted the issue227 branch April 16, 2025 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bact bact bact approved these changes

@pmonks pmonks pmonks approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Verify error when license exceptions are used in an expression in LicenseConcluded but not in LicenseInfoInFile

3 participants

@goneall @pmonks @bact