From 56b135ad668d7b08353077af80ec3d4d59db4da9 Mon Sep 17 00:00:00 2001
From: Ramkumar Chinchani <45800463+rchincha@users.noreply.github.com>
Date: Tue, 30 Jan 2024 09:53:51 -0800
Subject: [PATCH] fix: add support for license detection (#56)

Currently, we are not adding license information into files under a
package.

Also add detection for debian packages.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---
 pkg/distro/apk/apk.go     |   2 +-
 pkg/distro/deb/deb.go     |  24 +-
 pkg/distro/deb/license.go | 454 ++++++++++++++++++++++++++++++++++++++
 pkg/distro/rpm/rpm.go     |   2 +-
 4 files changed, 477 insertions(+), 5 deletions(-)
 create mode 100644 pkg/distro/deb/license.go

diff --git a/pkg/distro/apk/apk.go b/pkg/distro/apk/apk.go
index d3c5a96..c37edf0 100644
--- a/pkg/distro/apk/apk.go
+++ b/pkg/distro/apk/apk.go
@@ -246,7 +246,7 @@ func InstalledPackage(doc *spdx.Document, pkg *IndexEntry, files []string) error
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()
-		sfile.LicenseInfoInFile = "unknown"
+		sfile.LicenseInfoInFile = pkg.PackageLicense
 		sfile.SetEntity(
 			&spdx.Entity{
 				Name: file,
diff --git a/pkg/distro/deb/deb.go b/pkg/distro/deb/deb.go
index bf99dd1..e6286b1 100644
--- a/pkg/distro/deb/deb.go
+++ b/pkg/distro/deb/deb.go
@@ -21,6 +21,8 @@ import (
 	"stackerbuild.io/stacker-bom/pkg/buildgen"
 )
 
+const unknownLicense = "unknown"
+
 // ParsePackage given a deb pkg emits a sbom.
 func ParsePackage(input, output, author, organization, license string) error {
 	debfile, _, err := deb.LoadFile(input)
@@ -114,11 +116,18 @@ func ParsePackage(input, output, author, organization, license string) error {
 		}
 
 		if strings.HasPrefix(hdr.Name, "./usr/share/doc/") && strings.HasSuffix(hdr.Name, "copyright") {
-			log.Info().Str("path", hdr.Name).Msg("license/copyright found")
 			spkg.CopyrightText = string(buf)
+			license = getSpdxLicense(string(buf))
+			log.Info().Str("path", hdr.Name).Str("license", license).Msg("license/copyright found")
 		}
 	}
 
+	spkg.LicenseDeclared = license
+
+	for _, file := range spkg.Files() {
+		file.LicenseInfoInFile = license
+	}
+
 	if err := bom.WriteDocument(sdoc, output); err != nil {
 		log.Error().Err(err).Str("path", output).Msg("unable to write output")
 
@@ -273,6 +282,8 @@ func InstalledPackages(doc *spdx.Document) error {
 }
 
 func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
+	license := unknownLicense
+
 	spkg := &spdx.Package{
 		Entity: spdx.Entity{
 			Name: pkg.Package,
@@ -285,7 +296,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 			Person: pkg.Maintainer,
 		},
 		FilesAnalyzed:   true,
-		LicenseDeclared: "unknown",
+		LicenseDeclared: license,
 	}
 
 	fhandle, err := os.Open(path)
@@ -338,7 +349,7 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()
-		sfile.LicenseInfoInFile = "unknown"
+		sfile.LicenseInfoInFile = unknownLicense
 		sfile.SetEntity(
 			&spdx.Entity{
 				Name: line,
@@ -366,9 +377,16 @@ func InstalledPackage(doc *spdx.Document, pkg Package, path string) error {
 			}
 
 			spkg.CopyrightText = string(buf)
+			license = getSpdxLicense(string(buf))
 		}
 	}
 
+	spkg.LicenseDeclared = license
+
+	for _, file := range spkg.Files() {
+		file.LicenseInfoInFile = license
+	}
+
 	if err := doc.AddPackage(spkg); err != nil {
 		log.Error().Err(err).Msg("unable to add package to doc")
 
diff --git a/pkg/distro/deb/license.go b/pkg/distro/deb/license.go
new file mode 100644
index 0000000..5268017
--- /dev/null
+++ b/pkg/distro/deb/license.go
@@ -0,0 +1,454 @@
+package deb
+
+import "strings"
+
+func getSpdxLicense(text string) string {
+	// https://github.com/Debian/spdx-licenses/blob/master/licenses.md
+	//nolint:lll  // long mnemonics
+	licenses := map[string]string{
+		"BSD Zero Clause License":                                                      "0BSD",
+		"Attribution Assurance License":                                                "AAL",
+		"Abstyles License":                                                             "Abstyles",
+		"Adobe Systems Incorporated Source Code License Agreement":                     "Adobe-2006",
+		"Adobe Glyph List License":                                                     "Adobe-Glyph",
+		"Amazon Digital Services License":                                              "ADSL",
+		"Academic Free License v1.1":                                                   "AFL-1.1",
+		"Academic Free License v1.2":                                                   "AFL-1.2",
+		"Academic Free License v2.0":                                                   "AFL-2.0",
+		"Academic Free License v2.1":                                                   "AFL-2.1",
+		"Academic Free License v3.0":                                                   "AFL-3.0",
+		"Afmparse License":                                                             "Afmparse",
+		"Affero General Public License v1.0 only":                                      "AGPL-1.0-only",
+		"Affero General Public License v1.0 or later":                                  "AGPL-1.0-or-later",
+		"GNU Affero General Public License v3.0 only":                                  "AGPL-3.0-only",
+		"GNU Affero General Public License v3.0 or later":                              "AGPL-3.0-or-later",
+		"Aladdin Free Public License":                                                  "Aladdin",
+		"AMD's plpa_map.c License":                                                     "AMDPLPA",
+		"Apple MIT License":                                                            "AML",
+		"Academy of Motion Picture Arts and Sciences BSD":                              "AMPAS",
+		"ANTLR Software Rights Notice":                                                 "ANTLR-PD",
+		"Apache License 1.0":                                                           "Apache-1.0",
+		"Apache License 1.1":                                                           "Apache-1.1",
+		"Apache License 2.0":                                                           "Apache-2.0",
+		"Adobe Postscript AFM License":                                                 "APAFML",
+		"Adaptive Public License 1.0":                                                  "APL-1.0",
+		"Apple Public Source License 1.0":                                              "APSL-1.0",
+		"Apple Public Source License 1.1":                                              "APSL-1.1",
+		"Apple Public Source License 1.2":                                              "APSL-1.2",
+		"Apple Public Source License 2.0":                                              "APSL-2.0",
+		"Artistic License 1.0":                                                         "Artistic-1.0",
+		"Artistic License 1.0 w/clause 8":                                              "Artistic-1.0-cl8",
+		"Artistic License 1.0 (Perl)":                                                  "Artistic-1.0-Perl",
+		"Artistic License 2.0":                                                         "Artistic-2.0",
+		"Bahyph License":                                                               "Bahyph",
+		"Barr License":                                                                 "Barr",
+		"Beerware License":                                                             "Beerware",
+		"BitTorrent Open Source License v1.0":                                          "BitTorrent-1.0",
+		"BitTorrent Open Source License v1.1":                                          "BitTorrent-1.1",
+		"SQLite Blessing":                                                              "blessing",
+		"Blue Oak Model License 1.0.0":                                                 "BlueOak-1.0.0",
+		"Borceux license":                                                              "Borceux",
+		"BSD 1-Clause License":                                                         "BSD-1-Clause",
+		"BSD 2-Clause \"Simplified\" License":                                          "BSD-2-Clause",
+		"BSD 2-Clause FreeBSD License":                                                 "BSD-2-Clause-FreeBSD",
+		"BSD 2-Clause NetBSD License":                                                  "BSD-2-Clause-NetBSD",
+		"BSD-2-Clause Plus Patent License":                                             "BSD-2-Clause-Patent",
+		"BSD 3-Clause \"New\" or \"Revised\" License":                                  "BSD-3-Clause",
+		"BSD with attribution":                                                         "BSD-3-Clause-Attribution",
+		"BSD 3-Clause Clear License":                                                   "BSD-3-Clause-Clear",
+		"Lawrence Berkeley National Labs BSD variant license":                          "BSD-3-Clause-LBNL",
+		"BSD 3-Clause No Nuclear License":                                              "BSD-3-Clause-No-Nuclear-License",
+		"BSD 3-Clause No Nuclear License 2014":                                         "BSD-3-Clause-No-Nuclear-License-2014",
+		"BSD 3-Clause No Nuclear Warranty":                                             "BSD-3-Clause-No-Nuclear-Warranty",
+		"BSD 3-Clause Open MPI variant":                                                "BSD-3-Clause-Open-MPI",
+		"BSD 4-Clause \"Original\" or \"Old\" License":                                 "BSD-4-Clause",
+		"BSD-4-Clause (University of California-Specific)":                             "BSD-4-Clause-UC",
+		"BSD Protection License":                                                       "BSD-Protection",
+		"BSD Source Code Attribution":                                                  "BSD-Source-Code",
+		"Boost Software License 1.0":                                                   "BSL-1.0",
+		"bzip2 and libbzip2 License v1.0.5":                                            "bzip2-1.0.5",
+		"bzip2 and libbzip2 License v1.0.6":                                            "bzip2-1.0.6",
+		"Caldera License":                                                              "Caldera",
+		"Computer Associates Trusted Open Source License 1.1":                          "CATOSL-1.1",
+		"Creative Commons Attribution 1.0 Generic":                                     "CC-BY-1.0",
+		"Creative Commons Attribution 2.0 Generic":                                     "CC-BY-2.0",
+		"Creative Commons Attribution 2.5 Generic":                                     "CC-BY-2.5",
+		"Creative Commons Attribution 3.0 Unported":                                    "CC-BY-3.0",
+		"Creative Commons Attribution 4.0 International":                               "CC-BY-4.0",
+		"Creative Commons Attribution Non Commercial 1.0 Generic":                      "CC-BY-NC-1.0",
+		"Creative Commons Attribution Non Commercial 2.0 Generic":                      "CC-BY-NC-2.0",
+		"Creative Commons Attribution Non Commercial 2.5 Generic":                      "CC-BY-NC-2.5",
+		"Creative Commons Attribution Non Commercial 3.0 Unported":                     "CC-BY-NC-3.0",
+		"Creative Commons Attribution Non Commercial 4.0 International":                "CC-BY-NC-4.0",
+		"Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic":       "CC-BY-NC-ND-1.0",
+		"Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic":       "CC-BY-NC-ND-2.0",
+		"Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic":       "CC-BY-NC-ND-2.5",
+		"Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported":      "CC-BY-NC-ND-3.0",
+		"Creative Commons Attribution Non Commercial No Derivatives 4.0 International": "CC-BY-NC-ND-4.0",
+		"Creative Commons Attribution Non Commercial Share Alike 1.0 Generic":          "CC-BY-NC-SA-1.0",
+		"Creative Commons Attribution Non Commercial Share Alike 2.0 Generic":          "CC-BY-NC-SA-2.0",
+		"Creative Commons Attribution Non Commercial Share Alike 2.5 Generic":          "CC-BY-NC-SA-2.5",
+		"Creative Commons Attribution Non Commercial Share Alike 3.0 Unported":         "CC-BY-NC-SA-3.0",
+		"Creative Commons Attribution Non Commercial Share Alike 4.0 International":    "CC-BY-NC-SA-4.0",
+		"Creative Commons Attribution No Derivatives 1.0 Generic":                      "CC-BY-ND-1.0",
+		"Creative Commons Attribution No Derivatives 2.0 Generic":                      "CC-BY-ND-2.0",
+		"Creative Commons Attribution No Derivatives 2.5 Generic":                      "CC-BY-ND-2.5",
+		"Creative Commons Attribution No Derivatives 3.0 Unported":                     "CC-BY-ND-3.0",
+		"Creative Commons Attribution No Derivatives 4.0 International":                "CC-BY-ND-4.0",
+		"Creative Commons Attribution Share Alike 1.0 Generic":                         "CC-BY-SA-1.0",
+		"Creative Commons Attribution Share Alike 2.0 Generic":                         "CC-BY-SA-2.0",
+		"Creative Commons Attribution Share Alike 2.5 Generic":                         "CC-BY-SA-2.5",
+		"Creative Commons Attribution Share Alike 3.0 Unported":                        "CC-BY-SA-3.0",
+		"Creative Commons Attribution Share Alike 4.0 International":                   "CC-BY-SA-4.0",
+		"Creative Commons Public Domain Dedication and Certification":                  "CC-PDDC",
+		"Creative Commons Zero v1.0 Universal":                                         "CC0-1.0",
+		"Common Development and Distribution License 1.0":                              "CDDL-1.0",
+		"Common Development and Distribution License 1.1":                              "CDDL-1.1",
+		"Community Data License Agreement Permissive 1.0":                              "CDLA-Permissive-1.0",
+		"Community Data License Agreement Sharing 1.0":                                 "CDLA-Sharing-1.0",
+		"CeCILL Free Software License Agreement v1.0":                                  "CECILL-1.0",
+		"CeCILL Free Software License Agreement v1.1":                                  "CECILL-1.1",
+		"CeCILL Free Software License Agreement v2.0":                                  "CECILL-2.0",
+		"CeCILL Free Software License Agreement v2.1":                                  "CECILL-2.1",
+		"CeCILL-B Free Software License Agreement":                                     "CECILL-B",
+		"CeCILL-C Free Software License Agreement":                                     "CECILL-C",
+		"CERN Open Hardware Licence v1.1":                                              "CERN-OHL-1.1",
+		"CERN Open Hardware Licence v1.2":                                              "CERN-OHL-1.2",
+		"Clarified Artistic License":                                                   "ClArtistic",
+		"CNRI Jython License":                                                          "CNRI-Jython",
+		"CNRI Python License":                                                          "CNRI-Python",
+		"CNRI Python Open Source GPL Compatible License Agreement":                     "CNRI-Python-GPL-Compatible",
+		"Condor Public License v1.1":                                                   "Condor-1.1",
+		"copyleft-next 0.3.0":                                                          "copyleft-next-0.3.0",
+		"copyleft-next 0.3.1":                                                          "copyleft-next-0.3.1",
+		"Common Public Attribution License 1.0":                                        "CPAL-1.0",
+		"Common Public License 1.0":                                                    "CPL-1.0",
+		"Code Project Open License 1.02":                                               "CPOL-1.02",
+		"Crossword License":                                                            "Crossword",
+		"CrystalStacker License":                                                       "CrystalStacker",
+		"CUA Office Public License v1.0":                                               "CUA-OPL-1.0",
+		"Cube License":                                                                 "Cube",
+		"curl License":                                                                 "curl",
+		"Deutsche Freie Software Lizenz":                                               "D-FSL-1.0",
+		"diffmark license":                                                             "diffmark",
+		"DOC License":                                                                  "DOC",
+		"Dotseqn License":                                                              "Dotseqn",
+		"DSDP License":                                                                 "DSDP",
+		"dvipdfm License":                                                              "dvipdfm",
+		"Educational Community License v1.0":                                           "ECL-1.0",
+		"Educational Community License v2.0":                                           "ECL-2.0",
+		"Eiffel Forum License v1.0":                                                    "EFL-1.0",
+		"Eiffel Forum License v2.0":                                                    "EFL-2.0",
+		"eGenix.com Public License 1.1.0":                                              "eGenix",
+		"Entessa Public License v1.0":                                                  "Entessa",
+		"Eclipse Public License 1.0":                                                   "EPL-1.0",
+		"Eclipse Public License 2.0":                                                   "EPL-2.0",
+		"Erlang Public License v1.1":                                                   "ErlPL-1.1",
+		"Etalab Open License 2.0":                                                      "etalab-2.0",
+		"EU DataGrid Software License":                                                 "EUDatagrid",
+		"European Union Public License 1.0":                                            "EUPL-1.0",
+		"European Union Public License 1.1":                                            "EUPL-1.1",
+		"European Union Public License 1.2":                                            "EUPL-1.2",
+		"Eurosym License":                                                              "Eurosym",
+		"Fair License":                                                                 "Fair",
+		"Frameworx Open License 1.0":                                                   "Frameworx-1.0",
+		"FreeImage Public License v1.0":                                                "FreeImage",
+		"FSF All Permissive License":                                                   "FSFAP",
+		"FSF Unlimited License":                                                        "FSFUL",
+		"FSF Unlimited License (with License Retention)":                               "FSFULLR",
+		"Freetype Project License":                                                     "FTL",
+		"GNU Free Documentation License v1.1 only":                                     "GFDL-1.1-only",
+		"GNU Free Documentation License v1.1 or later":                                 "GFDL-1.1-or-later",
+		"GNU Free Documentation License v1.2 only":                                     "GFDL-1.2-only",
+		"GNU Free Documentation License v1.2 or later":                                 "GFDL-1.2-or-later",
+		"GNU Free Documentation License v1.3 only":                                     "GFDL-1.3-only",
+		"GNU Free Documentation License v1.3 or later":                                 "GFDL-1.3-or-later",
+		"Giftware License":                                                             "Giftware",
+		"GL2PS License":                                                                "GL2PS",
+		"3dfx Glide License":                                                           "Glide",
+		"Glulxe License":                                                               "Glulxe",
+		"gnuplot License":                                                              "gnuplot",
+		"GNU General Public License v1.0 only":                                         "GPL-1.0-only",
+		"GNU General Public License v1.0 or later":                                     "GPL-1.0-or-later",
+		"GNU General Public License v2.0 only":                                         "GPL-2.0-only",
+		"GNU General Public License v2.0 or later":                                     "GPL-2.0-or-later",
+		"GNU General Public License v3.0 only":                                         "GPL-3.0-only",
+		"GNU General Public License v3.0 or later":                                     "GPL-3.0-or-later",
+		// add the following as a fallback
+		"GNU General Public License":                                 "GPL-2.0-or-later",
+		"gSOAP Public License v1.3b":                                 "gSOAP-1.3b",
+		"Haskell Language Report License":                            "HaskellReport",
+		"Historical Permission Notice and Disclaimer":                "HPND",
+		"Historical Permission Notice and Disclaimer - sell variant": "HPND-sell-variant",
+		"IBM PowerPC Initialization and Boot Software":               "IBM-pibs",
+		"ICU License":                                                     "ICU",
+		"Independent JPEG Group License":                                  "IJG",
+		"ImageMagick License":                                             "ImageMagick",
+		"iMatix Standard Function Library Agreement":                      "iMatix",
+		"Imlib2 License":                                                  "Imlib2",
+		"Info-ZIP License":                                                "Info-ZIP",
+		"Intel Open Source License":                                       "Intel",
+		"Intel ACPI Software License Agreement":                           "Intel-ACPI",
+		"Interbase Public License v1.0":                                   "Interbase-1.0",
+		"IPA Font License":                                                "IPA",
+		"IBM Public License v1.0":                                         "IPL-1.0",
+		"ISC License":                                                     "ISC",
+		"JasPer License":                                                  "JasPer-2.0",
+		"Japan Network Information Center License":                        "JPNIC",
+		"JSON License":                                                    "JSON",
+		"Licence Art Libre 1.2":                                           "LAL-1.2",
+		"Licence Art Libre 1.3":                                           "LAL-1.3",
+		"Latex2e License":                                                 "Latex2e",
+		"Leptonica License":                                               "Leptonica",
+		"GNU Library General Public License v2 only":                      "LGPL-2.0-only",
+		"GNU Library General Public License v2 or later":                  "LGPL-2.0-or-later",
+		"GNU Lesser General Public License v2.1 only":                     "LGPL-2.1-only",
+		"GNU Lesser General Public License v2.1 or later":                 "LGPL-2.1-or-later",
+		"GNU Lesser General Public License v3.0 only":                     "LGPL-3.0-only",
+		"GNU Lesser General Public License v3.0 or later":                 "LGPL-3.0-or-later",
+		"Lesser General Public License For Linguistic Resources":          "LGPLLR",
+		"libpng License":                                                  "Libpng",
+		"PNG Reference Library version 2":                                 "libpng-2.0",
+		"libselinux public domain notice":                                 "libselinux-1.0",
+		"libtiff License":                                                 "libtiff",
+		"Licence Libre du Québec – Permissive version 1.1":                "LiLiQ-P-1.1",
+		"Licence Libre du Québec – Réciprocité version 1.1":               "LiLiQ-R-1.1",
+		"Licence Libre du Québec – Réciprocité forte version 1.1":         "LiLiQ-Rplus-1.1",
+		"Linux Kernel Variant of OpenIB.org license":                      "Linux-OpenIB",
+		"Lucent Public License Version 1.0":                               "LPL-1.0",
+		"Lucent Public License v1.02":                                     "LPL-1.02",
+		"LaTeX Project Public License v1.0":                               "LPPL-1.0",
+		"LaTeX Project Public License v1.1":                               "LPPL-1.1",
+		"LaTeX Project Public License v1.2":                               "LPPL-1.2",
+		"LaTeX Project Public License v1.3a":                              "LPPL-1.3a",
+		"LaTeX Project Public License v1.3c":                              "LPPL-1.3c",
+		"MakeIndex License":                                               "MakeIndex",
+		"The MirOS Licence":                                               "MirOS",
+		"MIT License":                                                     "MIT",
+		"MIT No Attribution":                                              "MIT-0",
+		"Enlightenment License (e16)":                                     "MIT-advertising",
+		"CMU License":                                                     "MIT-CMU",
+		"enna License":                                                    "MIT-enna",
+		"feh License":                                                     "MIT-feh",
+		"MIT +no-false-attribs license":                                   "MITNFA",
+		"Motosoto License":                                                "Motosoto",
+		"mpich2 License":                                                  "mpich2",
+		"Mozilla Public License 1.0":                                      "MPL-1.0",
+		"Mozilla Public License 1.1":                                      "MPL-1.1",
+		"Mozilla Public License 2.0":                                      "MPL-2.0",
+		"Mozilla Public License 2.0 (no copyleft exception)":              "MPL-2.0-no-copyleft-exception",
+		"Microsoft Public License":                                        "MS-PL",
+		"Microsoft Reciprocal License":                                    "MS-RL",
+		"Matrix Template Library License":                                 "MTLL",
+		"Mulan Permissive Software License, Version 1":                    "MulanPSL-1.0",
+		"Multics License":                                                 "Multics",
+		"Mup License":                                                     "Mup",
+		"NASA Open Source Agreement 1.3":                                  "NASA-1.3",
+		"Naumen Public License":                                           "Naumen",
+		"Net Boolean Public License v1":                                   "NBPL-1.0",
+		"University of Illinois/NCSA Open Source License":                 "NCSA",
+		"Net-SNMP License":                                                "Net-SNMP",
+		"NetCDF license":                                                  "NetCDF",
+		"Newsletr License":                                                "Newsletr",
+		"Nethack General Public License":                                  "NGPL",
+		"Norwegian Licence for Open Government Data":                      "NLOD-1.0",
+		"No Limit Public License":                                         "NLPL",
+		"Nokia Open Source License":                                       "Nokia",
+		"Netizen Open Source License":                                     "NOSL",
+		"Noweb License":                                                   "Noweb",
+		"Netscape Public License v1.0":                                    "NPL-1.0",
+		"Netscape Public License v1.1":                                    "NPL-1.1",
+		"Non-Profit Open Software License 3.0":                            "NPOSL-3.0",
+		"NRL License":                                                     "NRL",
+		"NTP License":                                                     "NTP",
+		"NTP No Attribution":                                              "NTP-0",
+		"Open CASCADE Technology Public License":                          "OCCT-PL",
+		"OCLC Research Public License 2.0":                                "OCLC-2.0",
+		"ODC Open Database License v1.0":                                  "ODbL-1.0",
+		"Open Data Commons Attribution License v1.0":                      "ODC-By-1.0",
+		"SIL Open Font License 1.0":                                       "OFL-1.0",
+		"SIL Open Font License 1.0 with no Reserved Font Name":            "OFL-1.0-no-RFN",
+		"SIL Open Font License 1.0 with Reserved Font Name":               "OFL-1.0-RFN",
+		"SIL Open Font License 1.1":                                       "OFL-1.1",
+		"SIL Open Font License 1.1 with no Reserved Font Name":            "OFL-1.1-no-RFN",
+		"SIL Open Font License 1.1 with Reserved Font Name":               "OFL-1.1-RFN",
+		"Open Government Licence - Canada":                                "OGL-Canada-2.0",
+		"Open Government Licence v1.0":                                    "OGL-UK-1.0",
+		"Open Government Licence v2.0":                                    "OGL-UK-2.0",
+		"Open Government Licence v3.0":                                    "OGL-UK-3.0",
+		"Open Group Test Suite License":                                   "OGTSL",
+		"Open LDAP Public License v1.1":                                   "OLDAP-1.1",
+		"Open LDAP Public License v1.2":                                   "OLDAP-1.2",
+		"Open LDAP Public License v1.3":                                   "OLDAP-1.3",
+		"Open LDAP Public License v1.4":                                   "OLDAP-1.4",
+		"Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)":       "OLDAP-2.0",
+		"Open LDAP Public License v2.0.1":                                 "OLDAP-2.0.1",
+		"Open LDAP Public License v2.1":                                   "OLDAP-2.1",
+		"Open LDAP Public License v2.2":                                   "OLDAP-2.2",
+		"Open LDAP Public License v2.2.1":                                 "OLDAP-2.2.1",
+		"Open LDAP Public License 2.2.2":                                  "OLDAP-2.2.2",
+		"Open LDAP Public License v2.3":                                   "OLDAP-2.3",
+		"Open LDAP Public License v2.4":                                   "OLDAP-2.4",
+		"Open LDAP Public License v2.5":                                   "OLDAP-2.5",
+		"Open LDAP Public License v2.6":                                   "OLDAP-2.6",
+		"Open LDAP Public License v2.7":                                   "OLDAP-2.7",
+		"Open LDAP Public License v2.8":                                   "OLDAP-2.8",
+		"Open Market License":                                             "OML",
+		"OpenSSL License":                                                 "OpenSSL",
+		"Open Public License v1.0":                                        "OPL-1.0",
+		"OSET Public License version 2.1":                                 "OSET-PL-2.1",
+		"Open Software License 1.0":                                       "OSL-1.0",
+		"Open Software License 1.1":                                       "OSL-1.1",
+		"Open Software License 2.0":                                       "OSL-2.0",
+		"Open Software License 2.1":                                       "OSL-2.1",
+		"Open Software License 3.0":                                       "OSL-3.0",
+		"The Parity Public License 6.0.0":                                 "Parity-6.0.0",
+		"ODC Public Domain Dedication & License 1.0":                      "PDDL-1.0",
+		"PHP License v3.0":                                                "PHP-3.0",
+		"PHP License v3.01":                                               "PHP-3.01",
+		"Plexus Classworlds License":                                      "Plexus",
+		"PostgreSQL License":                                              "PostgreSQL",
+		"Python Software Foundation License 2.0":                          "PSF-2.0",
+		"psfrag License":                                                  "psfrag",
+		"psutils License":                                                 "psutils",
+		"Python License 2.0":                                              "Python-2.0",
+		"Qhull License":                                                   "Qhull",
+		"Q Public License 1.0":                                            "QPL-1.0",
+		"Rdisc License":                                                   "Rdisc",
+		"Red Hat eCos Public License v1.1":                                "RHeCos-1.1",
+		"Reciprocal Public License 1.1":                                   "RPL-1.1",
+		"Reciprocal Public License 1.5":                                   "RPL-1.5",
+		"RealNetworks Public Source License v1.0":                         "RPSL-1.0",
+		"RSA Message-Digest License":                                      "RSA-MD",
+		"Ricoh Source Code Public License":                                "RSCPL",
+		"Ruby License":                                                    "Ruby",
+		"Sax Public Domain Notice":                                        "SAX-PD",
+		"Saxpath License":                                                 "Saxpath",
+		"SCEA Shared Source License":                                      "SCEA",
+		"Sendmail License":                                                "Sendmail",
+		"Sendmail License 8.23":                                           "Sendmail-8.23",
+		"SGI Free Software License B v1.0":                                "SGI-B-1.0",
+		"SGI Free Software License B v1.1":                                "SGI-B-1.1",
+		"SGI Free Software License B v2.0":                                "SGI-B-2.0",
+		"Solderpad Hardware License v0.5":                                 "SHL-0.5",
+		"Solderpad Hardware License, Version 0.51":                        "SHL-0.51",
+		"Simple Public License 2.0":                                       "SimPL-2.0",
+		"Sun Industry Standards Source License v1.1":                      "SISSL",
+		"Sun Industry Standards Source License v1.2":                      "SISSL-1.2",
+		"Sleepycat License":                                               "Sleepycat",
+		"Standard ML of New Jersey License":                               "SMLNJ",
+		"Secure Messaging Protocol Public License":                        "SMPPL",
+		"SNIA Public License 1.1":                                         "SNIA",
+		"Spencer License 86":                                              "Spencer-86",
+		"Spencer License 94":                                              "Spencer-94",
+		"Spencer License 99":                                              "Spencer-99",
+		"Sun Public License v1.0":                                         "SPL-1.0",
+		"SSH OpenSSH license":                                             "SSH-OpenSSH",
+		"SSH short notice":                                                "SSH-short",
+		"Server Side Public License, v 1":                                 "SSPL-1.0",
+		"SugarCRM Public License v1.1.3":                                  "SugarCRM-1.1.3",
+		"Scheme Widget Library (SWL) Software License Agreement":          "SWL",
+		"TAPR Open Hardware License v1.0":                                 "TAPR-OHL-1.0",
+		"TCL/TK License":                                                  "TCL",
+		"TCP Wrappers License":                                            "TCP-wrappers",
+		"TMate Open Source License":                                       "TMate",
+		"TORQUE v2.5+ Software License v1.1":                              "TORQUE-1.1",
+		"Trusster Open Source License":                                    "TOSL",
+		"Technische Universitaet Berlin License 1.0":                      "TU-Berlin-1.0",
+		"Technische Universitaet Berlin License 2.0":                      "TU-Berlin-2.0",
+		"Upstream Compatibility License v1.0":                             "UCL-1.0",
+		"Unicode License Agreement - Data Files and Software (2015)":      "Unicode-DFS-2015",
+		"Unicode License Agreement - Data Files and Software (2016)":      "Unicode-DFS-2016",
+		"Unicode Terms of Use":                                            "Unicode-TOU",
+		"The Unlicense":                                                   "Unlicense",
+		"Universal Permissive License v1.0":                               "UPL-1.0",
+		"Vim License":                                                     "Vim",
+		"VOSTROM Public License for Open Source":                          "VOSTROM",
+		"Vovida Software License v1.0":                                    "VSL-1.0",
+		"W3C Software Notice and License (2002-12-31)":                    "W3C",
+		"W3C Software Notice and License (1998-07-20)":                    "W3C-19980720",
+		"W3C Software Notice and Document License (2015-05-13)":           "W3C-20150513",
+		"Sybase Open Watcom Public License 1.0":                           "Watcom-1.0",
+		"Wsuipa License":                                                  "Wsuipa",
+		"Do What The F*ck You Want To Public License":                     "WTFPL",
+		"X11 License":                                                     "X11",
+		"Xerox License":                                                   "Xerox",
+		"XFree86 License 1.1":                                             "XFree86-1.1",
+		"xinetd License":                                                  "xinetd",
+		"X.Net License":                                                   "Xnet",
+		"XPP License":                                                     "xpp",
+		"XSkat License":                                                   "XSkat",
+		"Yahoo! Public License v1.0":                                      "YPL-1.0",
+		"Yahoo! Public License v1.1":                                      "YPL-1.1",
+		"Zed License":                                                     "Zed",
+		"Zend License v2.0":                                               "Zend-2.0",
+		"Zimbra Public License v1.3":                                      "Zimbra-1.3",
+		"Zimbra Public License v1.4":                                      "Zimbra-1.4",
+		"zlib License":                                                    "Zlib",
+		"zlib/libpng License with Acknowledgement":                        "zlib-acknowledgement",
+		"Zope Public License 1.1":                                         "ZPL-1.1",
+		"Zope Public License 2.0":                                         "ZPL-2.0",
+		"Zope Public License 2.1":                                         "ZPL-2.1",
+		"389 Directory Server Exception":                                  "389-exception",
+		"Autoconf exception 2.0":                                          "Autoconf-exception-2.0",
+		"Autoconf exception 3.0":                                          "Autoconf-exception-3.0",
+		"Bison exception 2.2":                                             "Bison-exception-2.2",
+		"Bootloader Distribution Exception":                               "Bootloader-exception",
+		"Classpath exception 2.0":                                         "Classpath-exception-2.0",
+		"CLISP exception 2.0":                                             "CLISP-exception-2.0",
+		"DigiRule FOSS License Exception":                                 "DigiRule-FOSS-exception",
+		"eCos exception 2.0":                                              "eCos-exception-2.0",
+		"Fawkes Runtime Exception":                                        "Fawkes-Runtime-exception",
+		"FLTK exception":                                                  "FLTK-exception",
+		"Font exception 2.0":                                              "Font-exception-2.0",
+		"FreeRTOS Exception 2.0":                                          "freertos-exception-2.0",
+		"GCC Runtime Library exception 2.0":                               "GCC-exception-2.0",
+		"GCC Runtime Library exception 3.1":                               "GCC-exception-3.1",
+		"GNU JavaMail exception":                                          "gnu-javamail-exception",
+		"GPL-3.0 Linking Exception":                                       "GPL-3.0-linking-exception",
+		"GPL-3.0 Linking Exception (with Corresponding Source)":           "GPL-3.0-linking-source-exception",
+		"GPL Cooperation Commitment 1.0":                                  "GPL-CC-1.0",
+		"i2p GPL+Java Exception":                                          "i2p-gpl-java-exception",
+		"Libtool Exception":                                               "Libtool-exception",
+		"Linux Syscall Note":                                              "Linux-syscall-note",
+		"LLVM Exception":                                                  "LLVM-exception",
+		"LZMA exception":                                                  "LZMA-exception",
+		"Macros and Inline Functions Exception":                           "mif-exception",
+		"OCaml LGPL Linking Exception":                                    "OCaml-LGPL-linking-exception",
+		"Open CASCADE Exception 1.0":                                      "OCCT-exception-1.0",
+		"OpenJDK Assembly exception 1.0":                                  "OpenJDK-assembly-exception-1.0",
+		"OpenVPN OpenSSL Exception":                                       "openvpn-openssl-exception",
+		"PS/PDF font exception (2017-08-17)":                              "PS-or-PDF-font-exception-20170817",
+		"Qt GPL exception 1.0":                                            "Qt-GPL-exception-1.0",
+		"Qt LGPL exception 1.1":                                           "Qt-LGPL-exception-1.1",
+		"Qwt exception 1.0":                                               "Qwt-exception-1.0",
+		"Swift Exception":                                                 "Swift-exception",
+		"U-Boot exception 2.0":                                            "u-boot-exception-2.0",
+		"Universal FOSS Exception, Version 1.0":                           "Universal-FOSS-exception-1.0",
+		"WxWindows Library Exception 3.1":                                 "WxWindows-exception-3.1",
+		"Affero General Public License v1.0":                              "AGPL-1.0",
+		"GNU Affero General Public License v3.0":                          "AGPL-3.0",
+		"eCos license version 2.0":                                        "eCos-2.0",
+		"GNU Free Documentation License v1.1":                             "GFDL-1.1",
+		"GNU Free Documentation License v1.2":                             "GFDL-1.2",
+		"GNU Free Documentation License v1.3":                             "GFDL-1.3",
+		"GNU General Public License v2.0 w/Autoconf exception":            "GPL-2.0-with-autoconf-exception",
+		"GNU General Public License v2.0 w/Bison exception":               "GPL-2.0-with-bison-exception",
+		"GNU General Public License v2.0 w/Classpath exception":           "GPL-2.0-with-classpath-exception",
+		"GNU General Public License v2.0 w/Font exception":                "GPL-2.0-with-font-exception",
+		"GNU General Public License v2.0 w/GCC Runtime Library exception": "GPL-2.0-with-GCC-exception",
+		"GNU General Public License v3.0 w/Autoconf exception":            "GPL-3.0-with-autoconf-exception",
+		"GNU General Public License v3.0 w/GCC Runtime Library exception": "GPL-3.0-with-GCC-exception",
+		"GNU Library General Public License v2.1 or later":                "LGPL-2.1+",
+		"Nunit License":                                                   "Nunit",
+		"wxWindows Library License":                                       "wxWindows",
+	}
+
+	for key, val := range licenses {
+		if strings.Contains(text, key) {
+			return val
+		}
+	}
+
+	return "unknown"
+}
diff --git a/pkg/distro/rpm/rpm.go b/pkg/distro/rpm/rpm.go
index 434397b..6e51fe7 100644
--- a/pkg/distro/rpm/rpm.go
+++ b/pkg/distro/rpm/rpm.go
@@ -236,7 +236,7 @@ func InstalledPackage(doc *spdx.Document, pkg *rpmdb.PackageInfo) error {
 			Msg("file entry detected")
 
 		sfile := spdx.NewFile()
-		sfile.LicenseInfoInFile = "unknown"
+		sfile.LicenseInfoInFile = pkg.License
 		sfile.SetEntity(
 			&spdx.Entity{
 				Name: ifile.Path,