Update spdx (#791)

Jake-Shadle · web-flow · commit fdc008ca244e · 2025-08-19T10:10:57.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -103,7 +103,7 @@ serde_json = "1.0"
 # Avoid some heap allocations when we likely won't need them
 smallvec = "1.14"
 # Used for parsing and checking SPDX license expressions
-spdx = "0.11"
+spdx = "0.12"
 # Lazy
 strum = { version = "0.27", features = ["derive"] }
 # Index retrieval and querying
diff --git a/src/licenses.rs b/src/licenses.rs
@@ -178,33 +178,30 @@ fn evaluate_expression(
                     notes.push("  - No additional metadata available for license".into());
                 }
             } else {
-                // This would only happen if askalono used a newer license list than spdx, but we update
-                // both simultaneously
+                // This would only happen if askalono used a newer license list
+                // than spdx, but we update both simultaneously
                 notes.push(format!("{} is not an SPDX license", failed_req.req));
             }
         }
 
-        let (id, offset) =
-            //if let Some(((file_id, range), original)) = original_loc.clone().zip(original) {
-                //let mut err_span = failed_req.span.start as usize..failed_req.span.end as usize;
-                //Gatherer::correct_span(original, &mut err_span);
-            if let Some((file_id, range)) = &original_loc {
-                (
-                    *file_id,
-                    range.start,
-                )
-            } else {
-                (
-                    nfo.file_id,
-                    nfo.offset,
-                )
-            };
+        let (id, offset) = if let Some((file_id, range)) = &original_loc {
+            (*file_id, range.start)
+        } else {
+            (nfo.file_id, nfo.offset)
+        };
 
         let start = offset + failed_req.span.start as usize;
 
         // TODO: fix this in spdx, but we only get the span for the license, not the exception
-        let end = if let Some(exc) = &failed_req.req.exception {
-            failed_req.span.end as usize + 6 /*" WITH "*/ + exc.name.len()
+        let end = if let Some(ai) = &failed_req.req.addition {
+            failed_req.span.end as usize + 6 /*" WITH "*/ + match ai {
+                spdx::AdditionItem::Spdx(exc) => exc.name.len(),
+                spdx::AdditionItem::Other { doc_ref, add_ref } => {
+                    /*AdditionRef-*/ 12 + add_ref.len() + doc_ref.as_deref().map_or(0, |dr| {
+                        /*DocumentRef-:*/ 13 + dr.len()
+                    })
+                }
+            }
         } else {
             failed_req.span.end as usize
         };
@@ -254,9 +251,9 @@ pub fn check(
     for krate_lic_nfo in summary.nfos {
         let mut pack = Pack::with_kid(Check::Licenses, krate_lic_nfo.krate.id.clone());
 
-        // If the user has set this, check if it's a private workspace
-        // crate or a crate from a private registry and just print out
-        // a help message that we skipped it
+        // If the user has set this, check if it's a private workspace crate or
+        // a crate from a private registry and just print out a help message
+        // that we skipped it
         if ctx.cfg.private.ignore
             && (krate_lic_nfo.krate.is_private(&private_registries)
                 || ctx
diff --git a/tests/licenses.rs b/tests/licenses.rs
@@ -332,3 +332,30 @@ fn forces_apache_over_pixar() {
 
     insta::assert_json_snapshot!(diags);
 }
+
+#[test]
+fn insane_licenses() {
+    let cfg = tu::Config::new("allow = ['MIT']");
+
+    let mut cmd = krates::Cmd::new();
+    cmd.manifest_path("tests/test_data/insane-licenses/Cargo.toml");
+
+    let krates: Krates = krates::Builder::new()
+        .build(cmd, krates::NoneFilter)
+        .unwrap();
+
+    let (ctx, summary) = setup(&krates, func_name!(), cfg);
+
+    let diags = tu::run_gather(ctx, |ctx, tx| {
+        crate::licenses::check(
+            ctx,
+            summary,
+            diag::ErrorSink {
+                overrides: None,
+                channel: tx,
+            },
+        );
+    });
+
+    insta::assert_json_snapshot!(diags);
+}
diff --git a/tests/snapshots/licenses__insane_licenses.snap b/tests/snapshots/licenses__insane_licenses.snap
@@ -0,0 +1,65 @@
+---
+source: tests/licenses.rs
+expression: diags
+---
+[
+  {
+    "fields": {
+      "code": "rejected",
+      "graphs": [
+        {
+          "Krate": {
+            "name": "insane-licenses",
+            "version": "0.1.0"
+          }
+        }
+      ],
+      "labels": [
+        {
+          "column": 12,
+          "line": 5,
+          "message": "",
+          "span": "(MIT or Apache-2.0 with LLVM-exception) and BSD-2-Clause with AdditionRef-boop or BSD-3-Clause with DocumentRef-bippity:AdditionRef-boppity"
+        },
+        {
+          "column": 13,
+          "line": 5,
+          "message": "accepted: license is explicitly allowed",
+          "span": "MIT"
+        },
+        {
+          "column": 20,
+          "line": 5,
+          "message": "rejected: license is not explicitly allowed",
+          "span": "Apache-2.0 with LLVM-exception"
+        },
+        {
+          "column": 56,
+          "line": 5,
+          "message": "rejected: license is not explicitly allowed",
+          "span": "BSD-2-Clause with AdditionRef-boop"
+        },
+        {
+          "column": 94,
+          "line": 5,
+          "message": "rejected: license is not explicitly allowed",
+          "span": "BSD-3-Clause with DocumentRef-bippity:AdditionRef-boppity"
+        }
+      ],
+      "message": "failed to satisfy license requirements",
+      "notes": [
+        "Apache-2.0 - Apache License 2.0:",
+        "  - OSI approved",
+        "  - FSF Free/Libre",
+        "BSD-2-Clause - BSD 2-Clause \"Simplified\" License:",
+        "  - OSI approved",
+        "  - FSF Free/Libre",
+        "BSD-3-Clause - BSD 3-Clause \"New\" or \"Revised\" License:",
+        "  - OSI approved",
+        "  - FSF Free/Libre"
+      ],
+      "severity": "error"
+    },
+    "type": "diagnostic"
+  }
+]
diff --git a/tests/test_data/insane-licenses/Cargo.lock b/tests/test_data/insane-licenses/Cargo.lock
diff --git a/tests/test_data/insane-licenses/Cargo.toml b/tests/test_data/insane-licenses/Cargo.toml
@@ -0,0 +1,7 @@
+[package]
+name = "insane-licenses"
+version = "0.1.0"
+edition = "2024"
+license = "(MIT or Apache-2.0 with LLVM-exception) and BSD-2-Clause with AdditionRef-boop or BSD-3-Clause with DocumentRef-bippity:AdditionRef-boppity"
+
+[workspace]
diff --git a/tests/test_data/insane-licenses/src/lib.rs b/tests/test_data/insane-licenses/src/lib.rs
@@ -0,0 +1,14 @@
+pub fn add(left: u64, right: u64) -> u64 {
+    left + right
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn it_works() {
+        let result = add(2, 2);
+        assert_eq!(result, 4);
+    }
+}
