🐛 fix Unlicense detection (ossf#4145)

* fix unlicense detection The code previously had some special logic for handling the Unlicense SPDX identifier. While this worked for local file detection, it broke detection for SPDX identifiers provided by the forge. This change moves the logic to the part of the code concerned with local file detection, so both work now. Signed-off-by: Spencer Schrock <[email protected]> * remove part of comment which is no longer relevant Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: balteraivshay <[email protected]>
balteravishay · Jun 12, 2024 · d01d57d · d01d57d
1 parent eeadb43
commit d01d57d
Showing 1 changed file with 17 additions and 26 deletions.
diff --git a/checks/raw/license.go b/checks/raw/license.go
@@ -160,17 +160,10 @@ func License(c *checker.CheckRequest) (checker.LicenseData, error) {
 
 	// scorecard search stops at first candidate (isLicenseFile) license file found
 	if path != (checker.LicenseFile{}) {
-		//
-		// now it is time to "map it back" in the case of the
-		// Spdx Identifier for "UNLICENSE" which was mapped to "UN"
-		// for the regex group match and this check.
-		// grab what is needed before clobbering the Spdx Identifier
-		// Aside from 'UN', these settings (Name, Key) match GH repo API
-		// for when the Spdx Identifier cannot be determined.
 		path.LicenseInformation.Name = fsfOsiApprovedLicenseCiMap[strings.ToUpper(path.LicenseInformation.SpdxID)].Name
-		if strings.ToUpper(path.LicenseInformation.SpdxID) == "UN" {
-			path.LicenseInformation.SpdxID = "UNLICENSE"
-		} else if path.LicenseInformation.SpdxID == "" {
+		// these settings (Name, Key) match GH repo API
+		// for when the Spdx Identifier cannot be determined.
+		if path.LicenseInformation.SpdxID == "" {
 			path.LicenseInformation.SpdxID = "NOASSERTION"
 			path.LicenseInformation.Name = "Other"
 		}
@@ -226,19 +219,7 @@ func setCiMap() {
 	defer ciMapMutex.Unlock()
 	if len(fsfOsiApprovedLicenseCiMap) == 0 {
 		for key, entry := range fsfOsiApprovedLicenseMap {
-			// Special case, the unlicense, in the map is
-			// called 'The Unlicense' with the Spdx id 'Unlicense'.
-			// For the regex's 'un' will match the [pre|suf]Spdx
-			// regex group (just as it would match '0BSD'), but
-			// 'un' will not "hit" in the map with key 'Unlicense'
-			// so change to 'UN' for 'unlicense' for 'isLicenseFile()'
-			// TODO: make this general (pass a key map for changing these
-			//       special cases). For now this is the only one.
-			if strings.ToUpper(key) == "UNLICENSE" {
-				fsfOsiApprovedLicenseCiMap["UN"] = entry
-			} else {
-				fsfOsiApprovedLicenseCiMap[strings.ToUpper(key)] = entry
-			}
+			fsfOsiApprovedLicenseCiMap[strings.ToUpper(key)] = entry
 		}
 	}
 }
@@ -261,12 +242,22 @@ func getSpdxID(matches []string) string {
 	// value, preSpdx takes precedence.
 	// (e.g., 0BSD-LICENSE-GPL-2.0.txt)
 	// TODO: decide if that is OK or should "fail"
+	var id string
 	if matches[reGroupIdxs["preSpdx"]] != "" {
-		return matches[reGroupIdxs["preSpdx"]]
+		id = matches[reGroupIdxs["preSpdx"]]
 	} else if matches[reGroupIdxs["sufSpdx"]] != "" {
-		return matches[reGroupIdxs["sufSpdx"]]
+		id = matches[reGroupIdxs["sufSpdx"]]
 	}
-	return ""
+	// Special case, the unlicense, in the map is
+	// called 'The Unlicense' with the Spdx id 'Unlicense'.
+	// For the regex's 'un' will match the [pre|suf]Spdx
+	// regex group (just as it would match '0BSD'), but
+	// 'un' will not "hit" in the map with key 'Unlicense'
+	if strings.EqualFold(id, "UN") {
+		id = "UNLICENSE"
+	}
+
+	return id
 }
 
 func getExt(filename string, matches []string) string {