Map names from the v1 reports to spdx id

* Update report fixture file
* Map the legacy names to SPDX identifiers
* Add changelog entry

ee/changelogs/unreleased/34825-legacy-ids.yml

+---
+title: Map software license names from the v1 license scan report to an equivalent SPDX identifer
+merge_request: 20195
+author:
+type: fixed

ee/lib/gitlab/ci/reports/license_scanning/license.rb

@@ -5,12 +5,42 @@ module Gitlab
     module Reports
       module LicenseScanning
         class License
+          LICENSE_TO_SPDX_ID = {
+            'AGPL-1.0' => 'AGPL-1.0',
+            'AGPL-3.0' => 'AGPL-3.0',
+            'Apache 2.0' => 'Apache-2.0',
+            'Artistic-2.0' => 'Artistic-2.0',
+            'BSD' => 'BSD-4-Clause',
+            'CC0 1.0 Universal' => 'CC0-1.0',
+            'CDDL-1.0' => 'CDDL-1.0',
+            'CDDL-1.1' => 'CDDL-1.1',
+            'EPL-1.0' => 'EPL-1.0',
+            'EPL-2.0' => 'EPL-2.0',
+            'GPLv2' => 'GPL-2.0',
+            'GPLv3' => 'GPL-3.0',
+            'ISC' => 'ISC',
+            'LGPL' => 'LGPL-3.0-only',
+            'LGPL-2.1' => 'LGPL-2.1',
+            'MIT' => 'MIT',
+            'Mozilla Public License 2.0' => 'MPL-2.0',
+            'MS-PL' => 'MS-PL',
+            'MS-RL' => 'MS-RL',
+            'New BSD' => 'BSD-3-Clause',
+            'Python Software Foundation License' => 'Python-2.0',
+            'ruby' => 'Ruby',
+            'Simplified BSD' => 'BSD-2-Clause',
+            'WTFPL' => 'WTFPL',
+            'Zlib' => 'Zlib'
+          }.freeze
+
           attr_reader :id, :name, :url
 
           delegate :count, to: :dependencies
 
           def initialize(id:, name:, url:)
-            @id = 'unknown' == id ? nil : id
+            @id = LICENSE_TO_SPDX_ID.fetch(name) do
+              id == 'unknown' ? nil : id
+            end
             @name = name
             @url = url
             @dependencies = Set.new

ee/spec/controllers/projects/security/licenses_controller_spec.rb

@@ -45,7 +45,7 @@ describe Projects::Security::LicensesController do
             expect(json_response['licenses'].length).to eq(4)
             expect(json_response['licenses'][0]).to include({
               'id' => nil,
-              'spdx_identifier' => nil,
+              'spdx_identifier' => 'Apache-2.0',
               'classification' => 'unclassified',
               'name' => 'Apache 2.0',
               'url' => 'http://www.apache.org/licenses/LICENSE-2.0.txt',

ee/spec/fixtures/security_reports/gl-license-management-report-v1.1.json

@@ -37,12 +37,12 @@
       "licenses": [
         {
           "name": "BSD",
-          "url": "http://spdx.org/licenses/BSD-3-Clause.json"
+          "url": "http://spdx.org/licenses/BSD-4-Clause.json"
         }
       ],
       "license": {
         "name": "BSD",
-        "url": "http://spdx.org/licenses/BSD-3-Clause.json"
+        "url": "http://spdx.org/licenses/BSD-4-Clause.json"
       },
       "dependency": {
         "name": "b",
@@ -59,7 +59,7 @@
         },
         {
           "name": "BSD",
-          "url": "http://spdx.org/licenses/BSD-3-Clause.json"
+          "url": "http://spdx.org/licenses/BSD-4-Clause.json"
         }
       ],
       "license": {

ee/spec/lib/gitlab/ci/parsers/license_compliance/license_scanning_spec.rb

@@ -51,14 +51,14 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
       it { expect(report.version).to eql('1.1') }
       it { expect(report.licenses.count).to eq(3) }
 
-      it { expect(report.licenses[0].id).to be_nil }
+      it { expect(report.licenses[0].id).to eql('BSD-4-Clause') }
       it { expect(report.licenses[0].name).to eql('BSD') }
-      it { expect(report.licenses[0].url).to eql('http://spdx.org/licenses/BSD-3-Clause.json') }
+      it { expect(report.licenses[0].url).to eql('http://spdx.org/licenses/BSD-4-Clause.json') }
       it { expect(report.licenses[0].count).to be(2) }
       it { expect(report.licenses[0].dependencies.count).to be(2) }
       it { expect(report.licenses[0].dependencies.map(&:name)).to contain_exactly('b', 'c') }
 
-      it { expect(report.licenses[1].id).to be_nil }
+      it { expect(report.licenses[1].id).to eql('MIT') }
       it { expect(report.licenses[1].name).to eql('MIT') }
       it { expect(report.licenses[1].url).to eql('http://opensource.org/licenses/mit-license') }
       it { expect(report.licenses[1].count).to be(2) }

ee/spec/lib/gitlab/ci/reports/license_scanning/license_spec.rb

@@ -47,6 +47,45 @@ describe Gitlab::Ci::Reports::LicenseScanning::License do
       it { expect(subject.canonical_id).to eql(subject.name.downcase) }
     end
 
+    context 'when the name matches a known legacy software license name' do
+      where(:name, :spdx_id) do
+        [
+          ['AGPL-1.0', 'AGPL-1.0'],
+          ['AGPL-3.0', 'AGPL-3.0'],
+          ['Apache 2.0', 'Apache-2.0'],
+          ['Artistic-2.0', 'Artistic-2.0'],
+          ['BSD', 'BSD-4-Clause'],
+          ['CC0 1.0 Universal', 'CC0-1.0'],
+          ['CDDL-1.0', 'CDDL-1.0'],
+          ['CDDL-1.1', 'CDDL-1.1'],
+          ['EPL-1.0', 'EPL-1.0'],
+          ['EPL-2.0', 'EPL-2.0'],
+          ['GPLv2', 'GPL-2.0'],
+          ['GPLv3', 'GPL-3.0'],
+          %w[ISC ISC],
+          ['LGPL', 'LGPL-3.0-only'],
+          ['LGPL-2.1', 'LGPL-2.1'],
+          %w[MIT MIT],
+          ['Mozilla Public License 2.0', 'MPL-2.0'],
+          ['MS-PL', 'MS-PL'],
+          ['MS-RL', 'MS-RL'],
+          ['New BSD', 'BSD-3-Clause'],
+          ['Python Software Foundation License', 'Python-2.0'],
+          %w[ruby Ruby],
+          ['Simplified BSD', 'BSD-2-Clause'],
+          %w[WTFPL WTFPL],
+          %w[Zlib Zlib]
+        ]
+      end
+
+      with_them do
+        subject { described_class.new(id: nil, name: name, url: nil) }
+
+        it { expect(subject.id).to eql(spdx_id) }
+        it { expect(subject.canonical_id).to eql(spdx_id) }
+      end
+    end
+
     context 'when the license was produced from a v2 report' do
       subject { described_class.new(id: 'MIT', name: 'MIT License', url: nil) }