Fix: Use WITH operator for license exceptions in SPDX expressions (Issue #4623) #4641
+139
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…andle license exceptions using the WITH operator for valid SPDX expressions. Update get_detected_license_expression to utilize this new function. Signed-off-by: asmitbanik <[email protected]>
asmitbanik
force-pushed
the
invalid-spdx
branch
from
cf277bc to
fe7d734
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes invalid SPDX license expressions by using the WITH operator instead of AND when combining base licenses with license exceptions.
Problem
ScanCode was producing invalid SPDX expressions when detecting licenses with exceptions:
❌ Before: "GPL-3.0-only AND GCC-exception-3.1"
✅ After: "GPL-3.0-only WITH GCC-exception-3.1"
According to the SPDX specification, exceptions must always appear on the right side of a WITH expression. Using AND to combine a license with an exception produces an invalid SPDX expression.
Solution
Added a new function combine_expressions_with_exceptions() in detection.py that:
Checks if a license key has is_exception=True in the license database
Combines exceptions with their preceding base license using WITH instead of AND
Falls back to AND for regular license combinations
Changes
Modified: src/licensedcode/detection.py
Added combine_expressions_with_exceptions() function
Updated get_detected_license_expression() to use the new function
Testing
Test: ['gpl-3.0', 'gcc-exception-3.1']Result: gpl-3.0 WITH gcc-exception-3.1 ✓Test: ['gpl-3.0', 'gcc-exception-3.1', 'mit']Result: gpl-3.0 WITH gcc-exception-3.1 AND mit ✓Test: ['gpl-2.0', 'classpath-exception-2.0']Result: gpl-2.0 WITH classpath-exception-2.0 ✓
Impact
This fix applies to all 281 license exceptions in ScanCode's database, ensuring valid SPDX expressions for any license+exception combination.
Related Issues
Fixes #[issue_number] - Invalid SPDX expressions with license exceptions
Checklist:
[✓] Code follows project conventions
[✓] Self-reviewed the code changes
[✓] Tested with multiple exception types (GCC, Classpath, etc.)
[✓] No breaking changes to public API