github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/licensing/normalize.go (about) 1 package licensing 2 3 import ( 4 "regexp" 5 "strings" 6 ) 7 8 var mapping = map[string]string{ 9 // GPL 10 "GPL-1": GPL10, 11 "GPL-1+": GPL10, 12 "GPL 1.0": GPL10, 13 "GPL 1": GPL10, 14 "GPL2": GPL20, 15 "GPL 2.0": GPL20, 16 "GPL 2": GPL20, 17 "GPL-2": GPL20, 18 "GPL-2.0-ONLY": GPL20, 19 "GPL2+": GPL20, 20 "GPLV2": GPL20, 21 "GPLV2+": GPL20, 22 "GPL-2+": GPL20, 23 "GPL-2.0+": GPL20, 24 "GPL-2.0-OR-LATER": GPL20, 25 "GPL-2+ WITH AUTOCONF EXCEPTION": GPL20withautoconfexception, 26 "GPL-2+-with-bison-exception": GPL20withbisonexception, 27 "GPL3": GPL30, 28 "GPL 3.0": GPL30, 29 "GPL 3": GPL30, 30 "GPLV3": GPL30, 31 "GPLV3+": GPL30, 32 "GPL-3": GPL30, 33 "GPL-3.0-ONLY": GPL30, 34 "GPL3+": GPL30, 35 "GPL-3+": GPL30, 36 "GPL-3.0-OR-LATER": GPL30, 37 "GPL-3+ WITH AUTOCONF EXCEPTION": GPL30withautoconfexception, 38 "GPL-3+-WITH-BISON-EXCEPTION": GPL20withbisonexception, 39 "GPL": GPL30, // 2? 3? 40 41 // LGPL 42 "LGPL2": LGPL20, 43 "LGPL 2": LGPL20, 44 "LGPL 2.0": LGPL20, 45 "LGPL-2": LGPL20, 46 "LGPL2+": LGPL20, 47 "LGPL-2+": LGPL20, 48 "LGPL-2.0+": LGPL20, 49 "LGPL-2.1": LGPL21, 50 "LGPL 2.1": LGPL21, 51 "LGPL-2.1+": LGPL21, 52 "LGPLV2.1+": LGPL21, 53 "LGPL-3": LGPL30, 54 "LGPL 3": LGPL30, 55 "LGPL-3+": LGPL30, 56 "LGPL": LGPL30, // 2? 3? 57 "GNU LESSER": LGPL30, // 2? 3? 58 59 // MPL 60 "MPL1.0": MPL10, 61 "MPL1": MPL10, 62 "MPL 1.0": MPL10, 63 "MPL 1": MPL10, 64 "MPL2.0": MPL20, 65 "MPL 2.0": MPL20, 66 "MPL2": MPL20, 67 "MPL 2": MPL20, 68 69 // BSD 70 "BSD": BSD3Clause, // 2? 3? 71 "BSD-2-CLAUSE": BSD2Clause, 72 "BSD-3-CLAUSE": BSD3Clause, 73 "BSD-4-CLAUSE": BSD4Clause, 74 75 "APACHE": Apache20, // 1? 2? 76 "APACHE 2.0": Apache20, 77 "RUBY": Ruby, 78 "ZLIB": Zlib, 79 80 // Public Domain 81 "PUBLIC DOMAIN": Unlicense, 82 } 83 84 // Split licenses without considering "and"/"or" 85 // examples: 86 // 'GPL-1+,GPL-2' => {"GPL-1+", "GPL-2"} 87 // 'GPL-1+ or Artistic or Artistic-dist' => {"GPL-1+", "Artistic", "Artistic-dist"} 88 // 'LGPLv3+_or_GPLv2+' => {"LGPLv3+", "GPLv2"} 89 // 'BSD-3-CLAUSE and GPL-2' => {"BSD-3-CLAUSE", "GPL-2"} 90 // 'GPL-1+ or Artistic, and BSD-4-clause-POWERDOG' => {"GPL-1+", "Artistic", "BSD-4-clause-POWERDOG"} 91 // 'BSD 3-Clause License or Apache License, Version 2.0' => {"BSD 3-Clause License", "Apache License, Version 2.0"} 92 // var LicenseSplitRegexp = regexp.MustCompile("(,?[_ ]+or[_ ]+)|(,?[_ ]+and[_ ])|(,[ ]*)") 93 94 var licenseSplitRegexp = regexp.MustCompile("(,?[_ ]+(?:or|and)[_ ]+)|(,[ ]*)") 95 96 func Normalize(name string) string { 97 if l, ok := mapping[strings.ToUpper(name)]; ok { 98 return l 99 } 100 return name 101 } 102 103 func SplitLicenses(str string) []string { 104 var licenses []string 105 for _, maybeLic := range licenseSplitRegexp.Split(str, -1) { 106 lower := strings.ToLower(maybeLic) 107 if (strings.HasPrefix(lower, "ver ") || strings.HasPrefix(lower, "version ")) && len(licenses) > 0 { 108 licenses[len(licenses)-1] += ", " + maybeLic 109 } else { 110 licenses = append(licenses, maybeLic) 111 } 112 } 113 return licenses 114 }