Validate license data more thoroughly
Jordi Boggiano
parent
cc820306eb
commit
59b63bc231
|
|
@ -132,33 +132,54 @@ class ValidatingArrayLoader implements LoaderInterface
|
|||
}
|
||||
}
|
||||
|
||||
// check for license validity on newly updated branches
|
||||
if (isset($this->config['license']) && (null === $releaseDate || $releaseDate->getTimestamp() >= strtotime('-8days'))) {
|
||||
if (isset($this->config['license'])) {
|
||||
// validate main data types
|
||||
if (is_array($this->config['license']) || is_string($this->config['license'])) {
|
||||
$licenses = (array) $this->config['license'];
|
||||
|
||||
$licenseValidator = new SpdxLicenses();
|
||||
foreach ($licenses as $license) {
|
||||
// replace proprietary by MIT for validation purposes since it's not a valid SPDX identifier, but is accepted by composer
|
||||
if ('proprietary' === $license) {
|
||||
continue;
|
||||
foreach ($licenses as $index => $license) {
|
||||
if (!is_string($license)) {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s should be a string.',
|
||||
json_encode($license)
|
||||
);
|
||||
unset($licenses[$index]);
|
||||
}
|
||||
$licenseToValidate = str_replace('proprietary', 'MIT', $license);
|
||||
if (!$licenseValidator->validate($licenseToValidate)) {
|
||||
if ($licenseValidator->validate(trim($licenseToValidate))) {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s must not contain extra spaces, make sure to trim it.',
|
||||
json_encode($license)
|
||||
);
|
||||
} else {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
|
||||
'If the software is closed-source, you may use "proprietary" as license.',
|
||||
json_encode($license)
|
||||
);
|
||||
}
|
||||
|
||||
// check for license validity on newly updated branches/tags
|
||||
if (null === $releaseDate || $releaseDate->getTimestamp() >= strtotime('-8days')) {
|
||||
$licenseValidator = new SpdxLicenses();
|
||||
foreach ($licenses as $license) {
|
||||
// replace proprietary by MIT for validation purposes since it's not a valid SPDX identifier, but is accepted by composer
|
||||
if ('proprietary' === $license) {
|
||||
continue;
|
||||
}
|
||||
$licenseToValidate = str_replace('proprietary', 'MIT', $license);
|
||||
if (!$licenseValidator->validate($licenseToValidate)) {
|
||||
if ($licenseValidator->validate(trim($licenseToValidate))) {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s must not contain extra spaces, make sure to trim it.',
|
||||
json_encode($license)
|
||||
);
|
||||
} else {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
|
||||
'If the software is closed-source, you may use "proprietary" as license.',
|
||||
json_encode($license)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->config['license'] = array_values($licenses);
|
||||
} else {
|
||||
$this->warnings[] = sprintf(
|
||||
'License must be a string or array of strings, got %s.',
|
||||
json_encode($this->config['license'])
|
||||
);
|
||||
unset($this->config['license']);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ class ValidatingArrayLoaderTest extends TestCase
|
|||
'keywords' => ['a', 'b_c', 'D E', 'éîüø', '微信'],
|
||||
'homepage' => 'https://foo.com',
|
||||
'time' => '2010-10-10T10:10:10+00:00',
|
||||
'license' => 'MIT',
|
||||
'license' => ['MIT', 'WTFPL'],
|
||||
'authors' => [
|
||||
[
|
||||
'name' => 'Alice',
|
||||
|
|
@ -165,12 +165,6 @@ class ValidatingArrayLoaderTest extends TestCase
|
|||
'transport-options' => ['ssl' => ['local_cert' => '/opt/certs/test.pem']],
|
||||
],
|
||||
],
|
||||
[ // test licenses as array
|
||||
[
|
||||
'name' => 'foo/bar',
|
||||
'license' => ['MIT', 'WTFPL'],
|
||||
],
|
||||
],
|
||||
[ // test bin as string
|
||||
[
|
||||
'name' => 'foo/bar',
|
||||
|
|
@ -252,7 +246,7 @@ class ValidatingArrayLoaderTest extends TestCase
|
|||
* @param array<string, mixed> $config
|
||||
* @param string[] $expectedWarnings
|
||||
*/
|
||||
public function testLoadSkipsWarningDataWhenIgnoringErrors(array $config, array $expectedWarnings, bool $mustCheck = true): void
|
||||
public function testLoadSkipsWarningDataWhenIgnoringErrors(array $config, array $expectedWarnings, bool $mustCheck = true, ?array $expectedArray = null): void
|
||||
{
|
||||
if (!$mustCheck) {
|
||||
self::assertTrue(true); // @phpstan-ignore staticMethod.alreadyNarrowedType
|
||||
|
|
@ -263,7 +257,7 @@ class ValidatingArrayLoaderTest extends TestCase
|
|||
$internalLoader
|
||||
->expects($this->once())
|
||||
->method('load')
|
||||
->with(['name' => 'a/b']);
|
||||
->with($expectedArray ?? ['name' => 'a/b']);
|
||||
|
||||
$loader = new ValidatingArrayLoader($internalLoader, true, null, ValidatingArrayLoader::CHECK_ALL);
|
||||
$config['name'] = 'a/b';
|
||||
|
|
@ -552,6 +546,35 @@ class ValidatingArrayLoaderTest extends TestCase
|
|||
],
|
||||
false,
|
||||
],
|
||||
[
|
||||
[
|
||||
'name' => 'a/b',
|
||||
'license' => 'XXXXX',
|
||||
],
|
||||
[
|
||||
'License "XXXXX" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.'.PHP_EOL.
|
||||
'If the software is closed-source, you may use "proprietary" as license.',
|
||||
],
|
||||
true,
|
||||
[
|
||||
'name' => 'a/b',
|
||||
'license' => ['XXXXX'],
|
||||
]
|
||||
],
|
||||
[
|
||||
[
|
||||
'name' => 'a/b',
|
||||
'license' => [['author'=>'bar'], 'MIT'],
|
||||
],
|
||||
[
|
||||
'License {"author":"bar"} should be a string.',
|
||||
],
|
||||
true,
|
||||
[
|
||||
'name' => 'a/b',
|
||||
'license' => ['MIT'],
|
||||
]
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue