From cff25776ee8791db773624d8138c8d1f0ee0178b Mon Sep 17 00:00:00 2001
From: Anthony Harrison <anthony.p.harrison@gmail.com>
Date: Mon, 8 Aug 2022 21:58:33 +0100
Subject: [PATCH] Report SPDX licence identifier in CycloneDX SBOMs

---
 sbom4python/cyclonedxgenerator.py | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/sbom4python/cyclonedxgenerator.py b/sbom4python/cyclonedxgenerator.py
index 4cfca77..1f7881b 100644
--- a/sbom4python/cyclonedxgenerator.py
+++ b/sbom4python/cyclonedxgenerator.py
@@ -3,6 +3,7 @@
 
 import uuid
 
+from sbom4python.license import LicenseScanner
 
 class CycloneDXGenerator:
     """
@@ -17,7 +18,7 @@ class CycloneDXGenerator:
     SPDX_LICENCE_VERSION = "3.9"
     SPDX_PROJECT_ID = "SPDXRef-DOCUMENT"
     NAME = "SBOM4PYTHON_Generator"
-    VERSION = "0.1"
+    # VERSION = "0.1"
     PACKAGE_PREAMBLE = "SPDXRef-Package-"
     LICENSE_PREAMBLE = "LicenseRef-"
 
@@ -25,6 +26,7 @@ def __init__(self, include_license: False, cyclonedx_format="json"):
         self.doc = []
         self.package_id = 0
         self.include_license = include_license
+        self.license = LicenseScanner()
         self.format = cyclonedx_format
         if self.format == "xml":
             self.doc = []
@@ -110,11 +112,12 @@ def generateJSONComponent(self, id, type, name, supplier, version, identified_li
         component["name"] = name
         component["version"] = version
         component["cpe"] = f"cpe:/a:{supplier}:{name}:{version}"
-        license = dict()
-        license["id"] = identified_licence
-        item = dict()
-        item["license"] = license
-        component["licenses"] = [ item ]
+        if identified_licence != "":
+            license = dict()
+            license["id"] = self.license.find_license(identified_licence)
+            item = dict()
+            item["license"] = license
+            component["licenses"] = [ item ]
         self.component.append(component)
 
     def generateXMLComponent(self, id, type, name, supplier, version, identified_licence):
@@ -122,9 +125,10 @@ def generateXMLComponent(self, id, type, name, supplier, version, identified_lic
         self.store(f"<name>{name}<\\name>")
         self.store(f"<version>{version}<\\version>")
         self.store(f"<cpe>cpe:/a:{supplier}:{name}:{version}<\\cpe>")
-        self.store("<licenses>")
-        self.store("<license>")
-        self.store(f"<id>{identified_licence}<\\id>")
-        self.store("<\\license>")
-        self.store("<\\licenses>")
+        if identified_licence != "":
+            self.store("<licenses>")
+            self.store("<license>")
+            self.store(f"<id>{self.license.find_license(identified_licence)}<\\id>")
+            self.store("<\\license>")
+            self.store("<\\licenses>")
         self.store("<\\component>")
\ No newline at end of file