The --include-license feature is currently broken due to reuse of the freq variable in generator.py.
Before https://github.com/anthonyharrison/sbom2doc/commit/397ab4b5118b837a7262ffeccc3d5475a254cd18 this variable contained a map of licenses, but now it contains the suppliers. As a consequence, the license downloading code at the end of generator.py operates on incorrect input.
Here is a POC of a fix:
diff --git a/generator.py b/generator.py
index c9f3d6d..7cf088b 100644
--- a/generator.py
+++ b/generator.py
@@ -148,10 +148,10 @@ def generate_document(format, sbom_parser, filename, outfile, include_license):
sbom_document.createtable(["License", "Count"], [25, 6])
#
# Create an empty dictionary
- freq = {}
+ freqLicenses = {}
for items in sorted(sbom_licenses):
- freq[items] = sbom_licenses.count(items)
- for key, value in freq.items():
+ freqLicenses[items] = sbom_licenses.count(items)
+ for key, value in freqLicenses.items():
sbom_document.addrow([key, str(value)])
sbom_document.showtable(widths=[10, 4])
@@ -189,7 +189,7 @@ def generate_document(format, sbom_parser, filename, outfile, include_license):
if include_license:
sbom_document.pagebreak()
sbom_document.heading(1, "License Text")
- for key, value in freq.items():
+ for key, value in freqLicenses.items():
# Ignore undefined licenses or expressions
if key == "NOASSERTION" or license_info.license_expression(key):
continue
The
--include-licensefeature is currently broken due to reuse of thefreqvariable in generator.py. Before https://github.com/anthonyharrison/sbom2doc/commit/397ab4b5118b837a7262ffeccc3d5475a254cd18 this variable contained a map of licenses, but now it contains the suppliers. As a consequence, the license downloading code at the end of generator.py operates on incorrect input.Here is a POC of a fix:
By the way, thanks for this useful tool!