Skip to content

Fix #4609: Handle file-type license references in NuGet packages #4689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
NullPointer-cell wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Fix #4609: Handle file-type license references in NuGet packages #4689

NullPointer-cell wants to merge 1 commit into from
+174 −4

Conversation

@NullPointer-cell
Copy link

@NullPointer-cell NullPointer-cell commented Jan 17, 2026
edited
Loading

Fixes #4609

Problem
When scanning NuGet packages that reference license files (like [email protected]), the parser was dumping the raw XML dict instead of extracting the actual file path. This made the output pretty useless for anyone trying to find the license.

Before:

"extracted_license_statement": "{'@type': 'file', '#text': 'tools\\\\LICENSE.txt'}"

After:

"extracted_license_statement": "See file at tools\\LICENSE.txt"

What changed?

The parser now checks if the license element has type="file" and extracts the path properly:

if license_type == 'file':
    extracted_license_statement = f"See file at {license_text}"

Pretty straightforward - just needed to handle the dict structure that xmltodict returns when parsing <license type="file">path</license>.

Testing

Ran all the NuGet tests - 10/10 passing. Also verified:

  • [email protected] now shows "See file at tools\LICENSE.txt" ✓
  • URL-based licenses (like in the bootstrap package) still work fine ✓
  • Expression-based licenses unchanged ✓

The "unknown" declared license is expected here since we can't actually determine the license type without reading the file itself.

Files changed

  • src/packagedcode/nuget.py - the actual fix
  • Test fixtures for the python package (nuspec, expected output, license file)

Checklist:

  • Tests pass
  • No breaking changes
  • Signed commit
    Signed-off-by: NullPointer-cell
    [email protected]

@NullPointer-cell NullPointer-cell force-pushed the fix-4609-nuget-license-file-detection branch 3 times, most recently from 4059968 to b0b7018 Compare January 18, 2026 19:52
Fix aboutcode-org#4609: Handle file-type license references in NuGet …
3800279 
…packages

- Modified nuget.py to detect file-type license references
- Extract file path from <license type=file> elements
- Set extracted_license_statement to 'See file at {path}'
- Preserves license file location information
- All 10 NuGet tests passing

Fixes aboutcode-org#4609

Signed-off-by: NullPointer-cell <[email protected]>
@NullPointer-cell NullPointer-cell force-pushed the fix-4609-nuget-license-file-detection branch from b0b7018 to 3800279 Compare January 18, 2026 19:55
@NullPointer-cell
Copy link
Author

NullPointer-cell commented Jan 19, 2026

@capfei sir
I would like you to review my pr and I would be happy to any recommendation on changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

NuGet scans return LicenseRef-scancode-unknown

1 participant

@NullPointer-cell