chore: add new field custom_document_license_refs into license

bxf12315 · bxf12315 · commit c2f7976ce1f6 · 2025-08-05T22:20:29.000+08:00
diff --git a/entity/src/license.rs b/entity/src/license.rs
@@ -9,6 +9,7 @@ pub struct Model {
     pub spdx_licenses: Option<Vec<String>>,
     pub spdx_license_exceptions: Option<Vec<String>>,
     pub custom_license_refs: Option<Vec<String>>,
+    pub custom_document_license_refs: Option<Vec<String>>,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
diff --git a/etc/test-data/spdx/license-sbom.json b/etc/test-data/spdx/license-sbom.json
diff --git a/migration/src/m0001150_license_add_custom_license_refs.rs b/migration/src/m0001150_license_add_custom_license_refs.rs
@@ -11,6 +11,9 @@ impl MigrationTrait for Migration {
                 Table::alter()
                     .table(License::Table)
                     .add_column(ColumnDef::new(License::CustomLicenseRefs).array(ColumnType::Text))
+                    .add_column(
+                        ColumnDef::new(License::CustomDocumentLicenseRefs).array(ColumnType::Text),
+                    )
                     .to_owned(),
             )
             .await?;
@@ -24,6 +27,7 @@ impl MigrationTrait for Migration {
                 Table::alter()
                     .table(License::Table)
                     .drop_column(License::CustomLicenseRefs)
+                    .drop_column(License::CustomDocumentLicenseRefs)
                     .to_owned(),
             )
             .await?;
@@ -35,4 +39,5 @@ impl MigrationTrait for Migration {
 enum License {
     Table,
     CustomLicenseRefs,
+    CustomDocumentLicenseRefs,
 }
diff --git a/modules/fundamental/tests/sbom/license.rs b/modules/fundamental/tests/sbom/license.rs
@@ -1,20 +1,18 @@
 use flate2::read::GzDecoder;
-use sea_orm::{ColumnTrait, QuerySelect};
-use sea_orm::{EntityTrait, QueryFilter};
+use sea_orm::{ColumnTrait, QuerySelect, EntityTrait, QueryFilter};
+
 use sea_query::Cond;
 use serde_json::{Value, json};
 use std::io::Read;
 use tar::Archive;
 use test_context::test_context;
 use test_log::test;
-use trustify_entity::sbom_package_license::LicenseCategory;
-use trustify_entity::{license, sbom_package, sbom_package_license};
+use trustify_entity::{sbom_package_license::LicenseCategory, license, sbom_package, sbom_package_license};
 use trustify_module_fundamental::license::{
     model::sbom_license::SbomNameId,
     service::{LicenseService, license_export::LicenseExporter},
 };
-use trustify_test_context::TrustifyContext;
-use trustify_test_context::subset::ContainsSubset;
+use trustify_test_context::{TrustifyContext, subset::ContainsSubset};
 
 #[test_context(TrustifyContext)]
 #[test(tokio::test)]
@@ -46,27 +44,21 @@ async fn test_cyclonedx(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
 #[test_context(TrustifyContext)]
 #[test(tokio::test)]
 async fn test_custom_license_refs_spdx(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
-    let result = ctx
-        .ingest_document("spdx/SATELLITE-6.15-RHEL-8.json")
-        .await?;
-
-    assert_eq!(
-        Some("https://access.redhat.com/security/data/sbom/spdx/SATELLITE-6.15-RHEL-8"),
-        result.clone().document_id.as_deref()
-    );
+    let _result = ctx.ingest_document("spdx/license-sbom.json").await?;
 
     let license_result = license::Entity::find()
         .filter(
             Cond::any()
-                .add(license::Column::Text.eq("LicenseRef-2 OR Ruby"))
-                .add(license::Column::Text.eq("LicenseRef-GPLv3 AND LicenseRef-21")),
+                .add(license::Column::Text.eq("(LicenseRef-1 AND MIT) OR DocumentRef-OCP-TOOLS-4.11-RHEL-8:LicenseRef-Netscape"))
+                .add(license::Column::Text.eq("(LicenseRef-JasPer AND LicenseRef-1) OR DocumentRef-OCP-TOOLS-4.11-RHEL-8:LicenseRef-MPL")),
         )
         .select_only()
         .column(license::Column::Id)
         .column(license::Column::Text)
         .column(license::Column::SpdxLicenses)
         .column(license::Column::SpdxLicenseExceptions)
         .column(license::Column::CustomLicenseRefs)
+        .column(license::Column::CustomDocumentLicenseRefs)
         .all(&ctx.db)
         .await?;
 
@@ -76,20 +68,23 @@ async fn test_custom_license_refs_spdx(ctx: &TrustifyContext) -> Result<(), anyh
     );
     let expected_result = json!([
         {
-            "id": "107c5a51-d315-56fb-9d4c-dd337f242d2e",
-            "text": "LicenseRef-2 OR Ruby",
-            "spdx_licenses": ["Ruby"],
+            "id": "37551706-5849-5761-ab10-9fd29d317656",
+            "text": "(LicenseRef-1 AND MIT) OR DocumentRef-OCP-TOOLS-4.11-RHEL-8:LicenseRef-Netscape",
+            "spdx_licenses": ["MIT"],
             "spdx_license_exceptions": null,
-            "custom_license_refs": ["LicenseRef-2:GPLv2+"]
+            "custom_license_refs": ["LicenseRef-1:MIT/X License, GPL/CDDL, ASL2"],
+            "custom_document_license_refs": ["DocumentRef-OCP-TOOLS-4.11-RHEL-8:LicenseRef-Netscape"]
         },
         {
-            "id": "5bec012e-9891-5715-a550-09287ced2d54",
-            "text": "LicenseRef-GPLv3 AND LicenseRef-21",
+            "id": "119b7505-184b-5557-a729-dce9720718af",
+            "text": "(LicenseRef-JasPer AND LicenseRef-1) OR DocumentRef-OCP-TOOLS-4.11-RHEL-8:LicenseRef-MPL",
             "spdx_licenses": null,
             "spdx_license_exceptions": null,
-            "custom_license_refs": ["LicenseRef-GPLv3:GPLv3", "LicenseRef-21:Public domain"]
+            "custom_license_refs": ["LicenseRef-JasPer:JasPer", "LicenseRef-1:MIT/X License, GPL/CDDL, ASL2"],
+            "custom_document_license_refs": ["DocumentRef-OCP-TOOLS-4.11-RHEL-8:LicenseRef-MPL"]
         }
     ]);
+
     let license_result_value: Value =
         serde_json::to_value(&license_result).expect("Failed to serialize license_result to JSON");
     assert!(expected_result.contains_subset(license_result_value));
diff --git a/modules/ingestor/src/graph/sbom/common/license.rs b/modules/ingestor/src/graph/sbom/common/license.rs
@@ -22,7 +22,7 @@ impl LicenseInfo {
         Uuid::new_v5(&NAMESPACE, self.license.to_lowercase().as_bytes())
     }
 
-    pub fn spdx_info(&self) -> (Vec<String>, Vec<String>, Vec<String>) {
+    pub fn spdx_info(&self) -> (Vec<String>, Vec<String>, Vec<String>, Vec<String>) {
         SpdxExpression::parse(&self.license)
             .map(|parsed| {
                 let spdx_licenses = parsed
@@ -49,9 +49,27 @@ impl LicenseInfo {
                     .map(|e| format!("LicenseRef-{}", e.identifier))
                     .collect::<Vec<_>>();
 
-                (spdx_licenses, spdx_license_exceptions, custom_license_refs)
+                let custom_document_license_refs = parsed
+                    .licenses()
+                    .iter()
+                    .filter(|e| e.license_ref && e.document_ref.is_some())
+                    .map(|e| {
+                        if let Some(doc_ref) = &e.document_ref {
+                            format!("DocumentRef-{}:LicenseRef-{}", doc_ref, e.identifier)
+                        } else {
+                            String::default()
+                        }
+                    })
+                    .collect::<Vec<_>>();
+
+                (
+                    spdx_licenses,
+                    spdx_license_exceptions,
+                    custom_license_refs,
+                    custom_document_license_refs,
+                )
             })
-            .unwrap_or((vec![], vec![], vec![]))
+            .unwrap_or((vec![], vec![], vec![], vec![]))
     }
 }
 
@@ -84,7 +102,8 @@ impl LicenseCreator {
     pub fn add(&mut self, info: &LicenseInfo) {
         let uuid = info.uuid();
 
-        let (spdx_licenses, spdx_exceptions, custom_license_refs) = info.spdx_info();
+        let (spdx_licenses, spdx_exceptions, custom_license_refs, custom_document_license_refs) =
+            info.spdx_info();
         let missing_custom_refs: Vec<_> = custom_license_refs
             .iter()
             .filter(|ref_id| {
@@ -121,6 +140,11 @@ impl LicenseCreator {
                 Set(Some(spdx_exceptions))
             },
             custom_license_refs: Set(custom_license_refs_value),
+            custom_document_license_refs: if custom_document_license_refs.is_empty() {
+                Set(None)
+            } else {
+                Set(Some(custom_document_license_refs))
+            },
         });
     }
 
diff --git a/modules/ingestor/src/graph/sbom/mod.rs b/modules/ingestor/src/graph/sbom/mod.rs
@@ -424,7 +424,8 @@ impl SbomContext {
             license: license.to_string(),
         };
 
-        let (spdx_licenses, spdx_exceptions, custom_license_refs) = license_info.spdx_info();
+        let (spdx_licenses, spdx_exceptions, custom_license_refs, custom_document_license_refs) =
+            license_info.spdx_info();
 
         let license = license::Entity::find_by_id(license_info.uuid())
             .one(connection)
@@ -451,6 +452,12 @@ impl SbomContext {
                 } else {
                     Set(Some(custom_license_refs))
                 },
+
+                custom_document_license_refs: if custom_document_license_refs.is_empty() {
+                    Set(None)
+                } else {
+                    Set(Some(custom_document_license_refs))
+                },
             }
             .insert(connection)
             .await?

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ pub struct Model {`
`9`	`9`	`pub spdx_licenses: Option<Vec<String>>,`
`10`	`10`	`pub spdx_license_exceptions: Option<Vec<String>>,`
`11`	`11`	`pub custom_license_refs: Option<Vec<String>>,`
	`12`	`+ pub custom_document_license_refs: Option<Vec<String>>,`
`12`	`13`	`}`
`13`	`14`
`14`	`15`	`#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]`