Merge pull request #731 from AA-Turner/compound-spdx

Support compound SPDX licence expressions

Author: takluyver

flit_core/flit_core/config.py

@@ -17,6 +17,7 @@
     except ImportError:
         import tomli as tomllib
 
+from ._spdx_data import licenses
 from .common import normalise_core_metadata_name
 from .versionno import normalise_version
 
@@ -586,7 +587,8 @@ def read_pep621_metadata(proj, path) -> LoadedConfig:
     if 'license' in proj:
         _check_types(proj, 'license', (str, dict))
         if isinstance(proj['license'], str):
-            md_dict['license_expression'] = normalize_license_expr(proj['license'])
+            licence_expr = proj['license']
+            md_dict['license_expression'] = normalise_compound_license_expr(licence_expr)
         else:
             license_tbl = proj['license']
             unrec_keys = set(license_tbl.keys()) - {'text', 'file'}
@@ -821,34 +823,97 @@ def isabs_ish(path):
     return os.path.isabs(path) or path.startswith(('/', '\\'))
 
 
-def normalize_license_expr(s: str):
-    """Validate & normalise an SPDX license expression
+def normalise_compound_license_expr(s: str) -> str:
+    """Validate and normalise a compund SPDX license expression.
 
-    For now this only handles simple expressions (referring to 1 license)
+    Per the specification, licence expression operators (AND, OR and WITH)
+    are matched case-sensitively. The WITH operator is not currently supported.
+
+    Spec: https://spdx.github.io/spdx-spec/v2.2.2/SPDX-license-expressions/
+    """
+    invalid_msg = "'{s}' is not a valid SPDX license expression: {reason}"
+    if not s or s.isspace():
+        raise ConfigError(f"The SPDX license expression must not be empty")
+
+    stack = 0
+    parts = []
+    try:
+        for part in filter(None, re.split(r' +|([()])', s)):
+            if part.upper() == 'WITH':
+                # provide a sensible error message for the WITH operator
+                raise ConfigError(f"The SPDX 'WITH' operator is not yet supported!")
+            elif part in {'AND', 'OR'}:
+                if not parts or parts[-1] in {' AND ', ' OR ', ' WITH ', '('}:
+                    reason = f"a license ID is missing before '{part}'"
+                    raise ConfigError(invalid_msg.format(s=s, reason=reason))
+                parts.append(f' {part} ')
+            elif part.lower() in {'and', 'or', 'with'}:
+                # provide a sensible error message for non-uppercase operators
+                reason = f"operators must be uppercase, not '{part}'"
+                raise ConfigError(invalid_msg.format(s=s, reason=reason))
+            elif part == '(':
+                if parts and parts[-1] not in {' AND ', ' OR ', '('}:
+                    reason = f"'(' must follow either AND, OR, or '('"
+                    raise ConfigError(invalid_msg.format(s=s, reason=reason))
+                stack += 1
+                parts.append(part)
+            elif part == ')':
+                if not parts or parts[-1] in {' AND ', ' OR ', ' WITH ', '('}:
+                    reason = f"a license ID is missing before '{part}'"
+                    raise ConfigError(invalid_msg.format(s=s, reason=reason))
+                stack -= 1
+                if stack < 0:
+                    reason = 'unbalanced brackets'
+                    raise ConfigError(invalid_msg.format(s=s, reason=reason))
+                parts.append(part)
+            else:
+                if parts and parts[-1] not in {' AND ', ' OR ', '('}:
+                    reason = f"a license ID must follow either AND, OR, or '('"
+                    raise ConfigError(invalid_msg.format(s=s, reason=reason))
+                simple_expr = normalise_simple_license_expr(part)
+                parts.append(simple_expr)
+
+        if stack != 0:
+            reason = 'unbalanced brackets'
+            raise ConfigError(invalid_msg.format(s=s, reason=reason))
+        if parts[-1] in {' AND ', ' OR ', ' WITH '}:
+            last_part = parts[-1].strip()
+            reason = f"a license ID or expression should follow '{last_part}'"
+            raise ConfigError(invalid_msg.format(s=s, reason=reason))
+    except ConfigError:
+        if os.environ.get('FLIT_ALLOW_INVALID'):
+            log.warning(f"Invalid license ID {s!r} allowed by FLIT_ALLOW_INVALID")
+            return s
+        raise
+
+    return ''.join(parts)
+
+
+def normalise_simple_license_expr(s: str) -> str:
+    """Normalise a simple SPDX license expression.
+
+    https://spdx.github.io/spdx-spec/v2.2.2/SPDX-license-expressions/#d3-simple-license-expressions
     """
-    from ._spdx_data import licenses
     ls = s.lower()
     if ls.startswith('licenseref-'):
-        ref = s.partition('-')[2]
-        if re.match(r'([a-zA-Z0-9\-.])+$', ref):
+        ref = s[11:]
+        if re.fullmatch(r'[a-zA-Z0-9\-.]+', ref):
             # Normalise case of LicenseRef, leave the rest alone
-            return "LicenseRef-" + ref
+            return f"LicenseRef-{ref}"
         raise ConfigError(
             "LicenseRef- license expression can only contain ASCII letters "
             "& digits, - and ."
         )
 
-    or_later = s.endswith('+')
+    or_later = ls.endswith('+')
     if or_later:
         ls = ls[:-1]
 
     try:
-        info = licenses[ls]
+        normalised_id = licenses[ls]['id']
     except KeyError:
-        if os.environ.get('FLIT_ALLOW_INVALID'):
-            log.warning("Invalid license ID {!r} allowed by FLIT_ALLOW_INVALID"
-                        .format(s))
-            return s
         raise ConfigError(f"{s!r} is not a recognised SPDX license ID")
 
-    return info['id'] + ('+' if or_later else '')
+    if or_later:
+        return f'{normalised_id}+'
+    return normalised_id

flit_core/tests_core/test_common.py

@@ -215,8 +215,12 @@ def test_metadata_2_3_provides_extra(provides_extra, expected_result):
     ('value', 'expected_license', 'expected_license_expression'),
     [
         ({'license': 'MIT'}, 'MIT', None),
+        ({'license': 'MIT OR Apache-2.0'}, 'MIT OR Apache-2.0', None),
+        ({'license': 'MIT AND Apache-2.0'}, 'MIT AND Apache-2.0', None),
         ({'license_expression': 'MIT'}, None, 'MIT'),
         ({'license_expression': 'Apache-2.0'}, None, 'Apache-2.0'),
+        ({'license_expression': 'MIT OR Apache-2.0'}, None, 'MIT OR Apache-2.0'),
+        ({'license_expression': 'MIT AND Apache-2.0'}, None, 'MIT AND Apache-2.0'),
     ],
 )
 def test_metadata_license(value, expected_license, expected_license_expression):

flit_core/tests_core/test_config.py

@@ -222,8 +222,17 @@ def test_bad_pep621_readme(readme, err_match):
     ("mit",  "MIT"),
     ("apache-2.0", "Apache-2.0"),
     ("APACHE-2.0+", "Apache-2.0+"),
-    # TODO: compound expressions
-    #("mit and (apache-2.0 or bsd-2-clause)", "MIT AND (Apache-2.0 OR BSD-2-Clause)"),
+    ("mit AND (apache-2.0 OR bsd-2-clause)", "MIT AND (Apache-2.0 OR BSD-2-Clause)"),
+    ("(mit)", "(MIT)"),
+    ("MIT OR Apache-2.0", "MIT OR Apache-2.0"),
+    ("MIT AND Apache-2.0", "MIT AND Apache-2.0"),
+    ("MIT AND Apache-2.0+ OR 0BSD", "MIT AND Apache-2.0+ OR 0BSD"),
+    ("MIT AND (Apache-2.0+ OR (0BSD))", "MIT AND (Apache-2.0+ OR (0BSD))"),
+    ("MIT OR(mit)", "MIT OR (MIT)"),
+    ("(mit)AND mit", "(MIT) AND MIT"),
+    ("MIT OR (MIT OR ( MIT )) AND ((MIT) AND MIT) OR MIT", "MIT OR (MIT OR (MIT)) AND ((MIT) AND MIT) OR MIT"),
+    ("LICENSEREF-Public-Domain OR cc0-1.0 OR unlicense", "LicenseRef-Public-Domain OR CC0-1.0 OR Unlicense"),
+    ("mit  AND  ( apache-2.0+  OR  mpl-2.0+ )", "MIT AND (Apache-2.0+ OR MPL-2.0+)"),
     # LicenseRef expressions: only the LicenseRef is normalised
     ("LiceNseref-Public-DoMain", "LicenseRef-Public-DoMain"),
 ])
@@ -235,19 +244,143 @@ def test_license_expr(value, license_expression):
     assert 'license' not in info.metadata
     assert info.metadata['license_expression'] == license_expression
 
-def test_license_expr_error():
+@pytest.mark.parametrize('invalid_expr', [
+    "LicenseRef-foo_bar",
+    "LicenseRef-foo~bar",
+    "LicenseRef-foo:bar",
+    "LicenseRef-foo[bar]",
+    "LicenseRef-foo-bar+",
+])
+def test_license_expr_error_licenseref(invalid_expr: str):
     proj = {
         'name': 'module1', 'version': '1.0', 'description': 'x',
-        'license': 'LicenseRef-foo_bar',  # Underscore not allowed
+        'license': invalid_expr,
     }
     with pytest.raises(config.ConfigError, match="can only contain"):
         config.read_pep621_metadata(proj, samples_dir / 'pep621' / 'pyproject.toml')
 
-    proj['license'] = "BSD-33-Clause"  # Not a real license
+
+@pytest.mark.parametrize('invalid_expr', [
+    # Not a real licence
+    "BSD-33-Clause",
+    "MIT OR BSD-33-Clause",
+    "MIT OR (MIT AND BSD-33-Clause)",
+])
+def test_license_expr_error_not_recognised(invalid_expr: str):
+    proj = {
+        'name': 'module1', 'version': '1.0', 'description': 'x',
+        'license': invalid_expr,
+    }
     with pytest.raises(config.ConfigError, match="recognised"):
         config.read_pep621_metadata(proj, samples_dir / 'pep621' / 'pyproject.toml')
 
 
+@pytest.mark.parametrize('invalid_expr', [
+    # No operator
+    "MIT MIT",
+    "MIT OR (MIT MIT)",
+    # Only operator
+    "AND",
+    "OR",
+    "AND AND AND",
+    "OR OR OR",
+    "OR AND OR",
+    "AND OR OR AND OR OR AND",
+    # Too many operators
+    "MIT AND AND MIT",
+    "MIT OR OR OR MIT",
+    "MIT AND OR MIT",
+    # Mixed case operator
+    "MIT aND MIT",
+    "MIT oR MIT",
+    "MIT AND MIT oR MIT",
+    # Missing operand
+    "MIT AND",
+    "AND MIT",
+    "MIT OR",
+    "OR MIT",
+    "MIT (AND MIT)",
+    "(MIT OR) MIT",
+    # Unbalanced brackets
+    ")(",
+    "(",
+    ")",
+    "MIT OR ()",
+    ") AND MIT",
+    "MIT OR (",
+    "MIT OR (MIT))",
+    # Only brackets
+    "()",
+    "()()",
+    "()(())",
+    "(  )",
+    "  (  )",
+    "(  )  ",
+    "  (  )  ",
+])
+def test_license_expr_error(invalid_expr: str):
+    proj = {
+        'name': 'module1', 'version': '1.0', 'description': 'x',
+        'license': invalid_expr,
+    }
+    with pytest.raises(config.ConfigError, match="is not a valid"):
+        config.read_pep621_metadata(proj, samples_dir / 'pep621' / 'pyproject.toml')
+
+
+@pytest.mark.parametrize('invalid_expr', [
+    "",
+    " ",
+    "\t",
+    "\r",
+    "\n",
+    "\f",
+    " \t \n \r \f ",
+])
+def test_license_expr_error_empty(invalid_expr: str):
+    proj = {
+        'name': 'module1', 'version': '1.0', 'description': 'x',
+        'license': invalid_expr,
+    }
+    with pytest.raises(config.ConfigError, match="must not be empty"):
+        config.read_pep621_metadata(proj, samples_dir / 'pep621' / 'pyproject.toml')
+
+
+@pytest.mark.parametrize('invalid_expr', [
+    "mit or mit",
+    "or",
+    "and",
+    "MIT and MIT",
+    "MIT AND MIT or MIT",
+    "MIT AND (MIT or MIT)",
+])
+def test_license_expr_error_lowercase(invalid_expr: str):
+    proj = {
+        'name': 'module1', 'version': '1.0', 'description': 'x',
+        'license': invalid_expr,
+    }
+    with pytest.raises(config.ConfigError, match="must be uppercase"):
+        config.read_pep621_metadata(proj, samples_dir / 'pep621' / 'pyproject.toml')
+
+
+@pytest.mark.parametrize('invalid_expr', [
+    "WITH",
+    "with",
+    "WiTh",
+    "wiTH",
+    "MIT WITH MIT-Exception",
+    "(MIT WITH MIT-Exception)",
+    "MIT OR MIT WITH MIT-Exception",
+    "MIT WITH MIT-Exception OR (MIT AND MIT)",
+])
+def test_license_expr_error_unsupported_with(invalid_expr: str):
+    proj = {
+        'name': 'module1', 'version': '1.0', 'description': 'x',
+        'license': invalid_expr,
+    }
+    with pytest.raises(config.ConfigError, match="not yet supported"):
+        config.read_pep621_metadata(proj, samples_dir / 'pep621' / 'pyproject.toml')
+
+
 def test_license_file_defaults_with_old_metadata():
     metadata = {'module': 'mymod', 'author': ''}
     info = config._prep_metadata(metadata, samples_dir / 'pep621_license_files' / 'pyproject.toml')