From e9a7844ba1adfa0b5972da35b50bee6af06b20cd Mon Sep 17 00:00:00 2001
From: "E. Lynette Rayle" <elrayle@github.com>
Date: Tue, 4 Oct 2022 16:15:13 -0400
Subject: [PATCH] add support for licenseRefs processing in Satisfies

---
 spdxexp/node.go           | 13 +++++++++++++
 spdxexp/satisfies.go      |  4 ++--
 spdxexp/satisfies_test.go | 26 ++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/spdxexp/node.go b/spdxexp/node.go
index 1a780b2..10c6308 100644
--- a/spdxexp/node.go
+++ b/spdxexp/node.go
@@ -209,6 +209,19 @@ func (nodes *nodePair) licensesAreCompatible() bool {
 	return nodes.licensesExactlyEqual()
 }
 
+func (nodes *nodePair) licenseRefsAreCompatible() bool {
+	if !nodes.firstNode.isLicenseRef() || !nodes.secondNode.isLicenseRef() {
+		return false
+	}
+
+	compatible := *nodes.firstNode.licenseRef() == *nodes.secondNode.licenseRef()
+	compatible = compatible && (nodes.firstNode.hasDocumentRef() == nodes.secondNode.hasDocumentRef())
+	if compatible && nodes.firstNode.hasDocumentRef() {
+		compatible = compatible && (*nodes.firstNode.documentRef() == *nodes.secondNode.documentRef())
+	}
+	return compatible
+}
+
 // Return true if two licenses are compatible in the context of their ranges; otherwise, false.
 func (nodes *nodePair) rangesAreCompatible() bool {
 	if nodes.licensesExactlyEqual() {
diff --git a/spdxexp/satisfies.go b/spdxexp/satisfies.go
index 822cb5a..d59d251 100644
--- a/spdxexp/satisfies.go
+++ b/spdxexp/satisfies.go
@@ -85,7 +85,7 @@ func isCompatible(expressionPart, allowed []*node) bool {
 		compatible := false
 		for _, allowedLicense := range allowed {
 			nodes := &nodePair{firstNode: expLicense, secondNode: allowedLicense}
-			if nodes.licensesAreCompatible() {
+			if nodes.licensesAreCompatible() || nodes.licenseRefsAreCompatible() {
 				compatible = true
 				break
 			}
@@ -192,7 +192,7 @@ func (n *node) expandAnd() [][]*node {
 // expandAndTerm expands the terms of an AND expression.
 func expandAndTerm(term *node) [][]*node {
 	var result [][]*node
-	if term.isLicense() {
+	if term.isLicense() || term.isLicenseRef() {
 		result = append(result, []*node{term})
 	} else if term.isExpression() {
 		if term.isAndExpression() {
diff --git a/spdxexp/satisfies_test.go b/spdxexp/satisfies_test.go
index f97a12c..529adb6 100644
--- a/spdxexp/satisfies_test.go
+++ b/spdxexp/satisfies_test.go
@@ -104,6 +104,32 @@ func TestSatisfies(t *testing.T) {
 			"MIT AND (GPL-2.0 OR ISC)", []string{"MIT"}, false, nil},
 		{"! (MIT OR Apache-2.0) AND (ISC OR GPL-2.0) satisfies [MIT]",
 			"(MIT OR Apache-2.0) AND (ISC OR GPL-2.0)", []string{"MIT"}, false, nil},
+		{"licenseRef is expression",
+			"LicenseRef-X-BSD-3-Clause-Golang", []string{"MIT", "Apache-2.0", "LicenseRef-X-BSD-3-Clause-Golang"}, true, nil},
+		{"licenseRef in expression",
+			"MIT AND LicenseRef-X-BSD-3-Clause-Golang", []string{"MIT", "Apache-2.0", "LicenseRef-X-BSD-3-Clause-Golang"}, true, nil},
+		{"licenseRef not in expression",
+			"MIT AND Apache-2.0", []string{"MIT", "Apache-2.0", "LicenseRef-X-BSD-3-Clause-Golang"}, true, nil},
+		{"licenseRef not allowed",
+			"MIT AND LicenseRef-X-BSD-3-Clause-Golang", []string{"MIT", "Apache-2.0"}, false, nil},
+		{"licenseRef with documentRef is expression",
+			"DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang",
+			[]string{"MIT", "Apache-2.0", "DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang"}, true, nil},
+		{"licenseRef with documentRef in expression",
+			"MIT AND DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang",
+			[]string{"MIT", "Apache-2.0", "DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang"}, true, nil},
+		{"licenseRef with documentRef not in expression",
+			"MIT AND Apache-2.0",
+			[]string{"MIT", "Apache-2.0", "DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang"}, true, nil},
+		{"licenseRef with documentRef not allowed",
+			"MIT AND DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang",
+			[]string{"MIT", "Apache-2.0"}, false, nil},
+		{"licenseRef allowed, but documentRef not allowed",
+			"MIT AND DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang",
+			[]string{"MIT", "Apache-2.0", "LicenseRef-X-BSD-3-Clause-Golang"}, false, nil},
+		{"licenseRef alone not allowed, but with documentRef allowed",
+			"MIT AND LicenseRef-X-BSD-3-Clause-Golang",
+			[]string{"MIT", "Apache-2.0", "DocumentRef-spdx-tool-1.2:LicenseRef-X-BSD-3-Clause-Golang"}, false, nil},
 	}
 
 	for _, test := range tests {