From 85ff284d4c06ab763686bf9ef0630bd6359dc635 Mon Sep 17 00:00:00 2001
From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Date: Thu, 3 Oct 2024 14:13:43 -0400
Subject: [PATCH] feat: update policy

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---
 grant/evalutation/license_evaluation_test.go | 10 +++++-----
 grant/policy.go                              | 13 ++++++++++++-
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/grant/evalutation/license_evaluation_test.go b/grant/evalutation/license_evaluation_test.go
index 7b73eb6..61304cf 100644
--- a/grant/evalutation/license_evaluation_test.go
+++ b/grant/evalutation/license_evaluation_test.go
@@ -57,10 +57,10 @@ func Test_checkLicense(t *testing.T) {
 		}
 	}{
 		{
-			name:    "should reject denied licenses",
-			license: grant.License{Name: "MIT"},
+			name:    "should reject denied licenses when SPDX expressions and CheckNON SPDX is False",
+			license: grant.License{ID: "MIT", SPDXExpression: "MIT", LicenseID: "MIT"},
 			// Only allow OSI licenses.
-			config: EvaluationConfig{CheckNonSPDX: true, Policy: grant.DefaultPolicy()},
+			config: EvaluationConfig{CheckNonSPDX: false, Policy: grant.DefaultPolicy().SetMatchNonSPDX(false)},
 			wants: struct {
 				Pass    bool
 				Reasons []Reason
@@ -73,10 +73,10 @@ func Test_checkLicense(t *testing.T) {
 			},
 		},
 		{
-			name:    "should reject denied licenses when CheckNonSPDX is also false",
+			name:    "should reject denied licenses when CheckNonSPDX is also true",
 			license: grant.License{Name: "foobar"},
 			// Only allow OSI licenses.
-			config: EvaluationConfig{CheckNonSPDX: false, Policy: grant.DefaultPolicy()},
+			config: EvaluationConfig{CheckNonSPDX: true, Policy: grant.DefaultPolicy().SetMatchNonSPDX(true)},
 			wants: struct {
 				Pass    bool
 				Reasons []Reason
diff --git a/grant/policy.go b/grant/policy.go
index 4c75c03..ca0fcdc 100644
--- a/grant/policy.go
+++ b/grant/policy.go
@@ -50,8 +50,13 @@ func (p Policy) IsEmpty() bool {
 // IsDenied returns true if the given license is denied by the policy
 func (p Policy) IsDenied(license License, pkg *Package) (bool, *Rule) {
 	for _, rule := range p.Rules {
+		// ignore non spdx licenses if the rule is configured to not match on non spdx
+		isSPDX := license.IsSPDX()
+		matchNonSPDX := p.MatchNonSPDX
+		if !matchNonSPDX && !isSPDX {
+			continue
+		}
 		var toMatch string
-
 		if license.IsSPDX() {
 			toMatch = strings.ToLower(license.LicenseID)
 		} else {
@@ -82,3 +87,9 @@ func (p Policy) IsDenied(license License, pkg *Package) (bool, *Rule) {
 	}
 	return false, nil
 }
+
+// SetMatchNonSPDX updates the match option for the given policy
+func (p Policy) SetMatchNonSPDX(matchNonSPDX bool) Policy {
+	p.MatchNonSPDX = matchNonSPDX
+	return p
+}