Merge branch 'main' into nik-excl-sources

docs/docs/references/configuration/cli/trivy_aws.md

@@ -69,7 +69,7 @@ trivy aws [flags]
  --arn string The AWS ARN to show results for. Useful to filter results once a scan is cached.
  --compliance string compliance report to generate (aws-cis-1.2, aws-cis-1.4)
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
  --endpoint string AWS Endpoint override
  --exit-code int specify exit code when any security issues are found

docs/docs/references/configuration/cli/trivy_config.md

@@ -14,7 +14,7 @@ trivy config [flags] DIR
  --clear-cache clear image caches without scanning
  --compliance string compliance report to generate
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --enable-modules strings [EXPERIMENTAL] module names to enable
  --exit-code int specify exit code when any security issues are found
  --file-patterns strings specify config file patterns

docs/docs/references/configuration/cli/trivy_filesystem.md

@@ -24,7 +24,7 @@ trivy filesystem [flags] PATH
  --clear-cache clear image caches without scanning
  --compliance string compliance report to generate
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --custom-headers strings custom headers in client mode
  --db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
  --dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages

docs/docs/references/configuration/cli/trivy_image.md

@@ -39,7 +39,7 @@ trivy image [flags] IMAGE_NAME
  --clear-cache clear image caches without scanning
  --compliance string compliance report to generate (docker-cis)
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --custom-headers strings custom headers in client mode
  --db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
  --dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages

docs/docs/references/configuration/cli/trivy_kubernetes.md

@@ -34,7 +34,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
  --compliance string compliance report to generate (k8s-nsa,k8s-cis, k8s-pss-baseline, k8s-pss-restricted)
  --components strings specify which components to scan (default [workload,infra])
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --context string specify a context to scan
  --db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
  --dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages

docs/docs/references/configuration/cli/trivy_repository.md

@@ -22,7 +22,7 @@ trivy repository [flags] REPO_URL
  --clear-cache clear image caches without scanning
  --commit string pass the commit hash to be scanned
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --custom-headers strings custom headers in client mode
  --db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
  --dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages

docs/docs/references/configuration/cli/trivy_rootfs.md

@@ -26,7 +26,7 @@ trivy rootfs [flags] ROOTDIR
  --cache-ttl duration cache TTL when using redis as cache backend
  --clear-cache clear image caches without scanning
  --config-data strings specify paths from which data for the Rego policies will be recursively loaded
- --config-policy strings specify paths to the Rego policy files directory, applying config files
+ --config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
  --custom-headers strings custom headers in client mode
  --db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
  --dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages

docs/docs/references/configuration/config-file.md

@@ -243,6 +243,7 @@ rego
  policy:
  - policy/repository
  - policy/custom
+ - policy/some-policy.rego
 
  # Same as '--config-data'
  # Default is empty

docs/docs/scanner/misconfiguration/custom/index.md

@@ -2,15 +2,12 @@
 
 ## Overview
 You can write custom policies in [Rego][rego].
-Once you finish writing custom policies, you can pass the directory where those policies are stored with `--policy` option.
+Once you finish writing custom policies, you can pass the policy files or the directory where those policies are stored with `--policy` option.
 
 ``` bash
-trivy conf --policy /path/to/custom_policies --namespaces user /path/to/config_dir
+trivy conf --policy /path/to/policy.rego --policy /path/to/custom_policies --namespaces user /path/to/config_dir
 ```
 
-!!! Tip
- Note: The `--policy` path always needs to refer to a directory. You cannot pass a specific policy file.
-
 As for `--namespaces` option, the detail is described as below.
 
 ### File formats

docs/docs/scanner/misconfiguration/custom/schema.md

@@ -83,8 +83,7 @@ The policies can be placed in a structure as follows
  └── barschema.json
  ```
 
-To use such a policy with Trivy, use the `--config-policy` flag that points to the directory where the schemas and policies
-are contained.
+To use such a policy with Trivy, use the `--config-policy` flag that points to the policy file or to the directory where the schemas and policies are contained.
 
 ```bash
 $ trivy --config-policy=/Users/user/my-custom-policies <path/to/iac>

docs/docs/scanner/misconfiguration/index.md

@@ -316,19 +316,18 @@ This section describes misconfiguration-specific configuration.
 Other common options are documented [here](../../configuration/index.md).
 
 ### Pass custom policies
-You can pass directories including your custom policies through `--policy` option.
-This can be repeated for specifying multiple directories.
+You can pass policy files or directories including your custom policies through `--policy` option.
+This can be repeated for specifying multiple files or directories.
 
 ```bash
 cd examplex/misconf/
-trivy conf --policy custom-policy/policy --policy combine/policy --namespaces user misconf/mixed
+trivy conf --policy custom-policy/policy --policy combine/policy --policy policy.rego --namespaces user misconf/mixed
 ```
 
 For more details, see [Custom Policies](./custom/index.md).
 
 !!! tip
- You also need to specify `--namespaces` option.
- Furthermore, the `--policy` path always needs to refer to a directory. You cannot pass a specific policy file.
+You also need to specify `--namespaces` option.
 
 ### Pass custom data
 You can pass directories including your custom data through `--data` option.

go.mod

@@ -14,7 +14,7 @@ require (
  github.com/alicebob/miniredis/v2 v2.30.4
  github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
  github.com/aquasecurity/defsec v0.90.3
- github.com/aquasecurity/go-dep-parser v0.0.0-20230626110909-e7ea5097483b
+ github.com/aquasecurity/go-dep-parser v0.0.0-20230627073354-fb7eb3159bd5
  github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
  github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
  github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
@@ -25,7 +25,7 @@ require (
  github.com/aquasecurity/tml v0.6.1
  github.com/aquasecurity/trivy-db v0.0.0-20230703082116-dc52e83376ce
  github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728
- github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230628140707-dae3bdb6ee81
+ github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9
  github.com/aws/aws-sdk-go v1.44.245
  github.com/aws/aws-sdk-go-v2 v1.18.1
  github.com/aws/aws-sdk-go-v2/config v1.18.25
@@ -102,7 +102,7 @@ require (
  google.golang.org/protobuf v1.31.0
  gopkg.in/yaml.v3 v3.0.1
  gotest.tools v2.2.0+incompatible
- k8s.io/api v0.27.2
+ k8s.io/api v0.27.3
  k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5
  modernc.org/sqlite v1.23.1
 )
@@ -373,14 +373,14 @@ require (
  gopkg.in/yaml.v2 v2.4.0 // indirect
  helm.sh/helm/v3 v3.12.1 // indirect
  k8s.io/apiextensions-apiserver v0.27.2 // indirect
- k8s.io/apimachinery v0.27.2 // indirect
+ k8s.io/apimachinery v0.27.3 // indirect
  k8s.io/apiserver v0.27.2 // indirect
- k8s.io/cli-runtime v0.27.2 // indirect
- k8s.io/client-go v0.27.2 // indirect
- k8s.io/component-base v0.27.2 // indirect
+ k8s.io/cli-runtime v0.27.3 // indirect
+ k8s.io/client-go v0.27.3 // indirect
+ k8s.io/component-base v0.27.3 // indirect
  k8s.io/klog/v2 v2.100.1 // indirect
  k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
- k8s.io/kubectl v0.27.2 // indirect
+ k8s.io/kubectl v0.27.3 // indirect
  lukechampine.com/uint128 v1.2.0 // indirect
  modernc.org/cc/v3 v3.40.0 // indirect
  modernc.org/ccgo/v3 v3.16.13 // indirect

go.sum

@@ -323,8 +323,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
 github.com/aquasecurity/defsec v0.90.3 h1:ZBPhzS5/+75SLGEZe6fWFyWEuNtibNc7CZZXl2yQhjw=
 github.com/aquasecurity/defsec v0.90.3/go.mod h1:VPkgjZz3dx3znIIVLZgbtFhSzN9aZC2409s5V5Oqb7o=
-github.com/aquasecurity/go-dep-parser v0.0.0-20230626110909-e7ea5097483b h1:9Ju7hWzTS8H9K/z1CqkJdZi+yxw1pZQZE11gVICtmTE=
-github.com/aquasecurity/go-dep-parser v0.0.0-20230626110909-e7ea5097483b/go.mod h1:VjG2wX19QDny5yKN+he0v9wuZjF0k+00173mh0FJCVU=
+github.com/aquasecurity/go-dep-parser v0.0.0-20230627073354-fb7eb3159bd5 h1:FA5XM/KP1l+PYH+QafFzzBjdsT+WxWTWsYGPzKrMeAQ=
+github.com/aquasecurity/go-dep-parser v0.0.0-20230627073354-fb7eb3159bd5/go.mod h1:VjG2wX19QDny5yKN+he0v9wuZjF0k+00173mh0FJCVU=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
 github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg=
@@ -347,8 +347,8 @@ github.com/aquasecurity/trivy-db v0.0.0-20230703082116-dc52e83376ce h1:swoQLWQoZ
 github.com/aquasecurity/trivy-db v0.0.0-20230703082116-dc52e83376ce/go.mod h1:cXuqKo+FaMY0ixJNoUcyDHdfCBRPWOysI2Td8N4fRsg=
 github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 h1:0eS+V7SXHgqoT99tV1mtMW6HL4HdoB9qGLMCb1fZp8A=
 github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
-github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230628140707-dae3bdb6ee81 h1:5/tKpCr861auON/CMHSXnRzNixx1FTWAeHSwV0PtA0U=
-github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230628140707-dae3bdb6ee81/go.mod h1:GCm7uq++jz7Ij8cA9mAorpKJ9/qSBCl7v6EKYA8DxJ8=
+github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9 h1:PA91rctNeAZY0hb2tPK68lAEpau3ItSto4FnqFXPF4g=
+github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9/go.mod h1:R7LNrrjSc4PEs0suUd+pXSqSUMMU/eY5byWHfKSZyjQ=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
@@ -2504,32 +2504,32 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
 k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo=
-k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4=
+k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
+k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
 k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
 k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
 k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg=
-k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
+k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
+k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
 k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
 k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
 k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
 k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
 k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
-k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw=
-k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw=
+k8s.io/cli-runtime v0.27.3 h1:h592I+2eJfXj/4jVYM+tu9Rv8FEc/dyCoD80UJlMW2Y=
+k8s.io/cli-runtime v0.27.3/go.mod h1:LzXud3vFFuDFXn2LIrWnscPgUiEj7gQQcYZE2UPn9Kw=
 k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
 k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
 k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE=
-k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ=
+k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
+k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
 k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
 k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
 k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
-k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo=
-k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo=
+k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k=
+k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY=
 k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
 k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
 k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
@@ -2542,8 +2542,8 @@ k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
-k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
-k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
+k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw=
+k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=

pkg/fanal/analyzer/language/python/packaging/packaging_test.go

@@ -63,18 +63,39 @@ func Test_packagingAnalyzer_Analyze(t *testing.T) {
  },
  },
  {
- name: "egg-info no-license",
- inputFile: "testdata/no_license.egg-info/PKG-INFO",
+ name: "egg-info license classifiers",
+ inputFile: "testdata/classifier-license.egg-info/PKG-INFO",
  want: &analyzer.AnalysisResult{
  Applications: []types.Application{
  {
  Type: types.PythonPkg,
- FilePath: "testdata/no_license.egg-info/PKG-INFO",
+ FilePath: "testdata/classifier-license.egg-info/PKG-INFO",
  Libraries: []types.Package{
  {
  Name: "setuptools",
  Version: "51.3.3",
- FilePath: "testdata/no_license.egg-info/PKG-INFO",
+ Licenses: []string{"MIT License"},
+ FilePath: "testdata/classifier-license.egg-info/PKG-INFO",
+ },
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "dist-info license classifiers",
+ inputFile: "testdata/classifier-license.dist-info/METADATA",
+ want: &analyzer.AnalysisResult{
+ Applications: []types.Application{
+ {
+ Type: types.PythonPkg,
+ FilePath: "testdata/classifier-license.dist-info/METADATA",
+ Libraries: []types.Package{
+ {
+ Name: "setuptools",
+ Version: "51.3.3",
+ Licenses: []string{"MIT License"},
+ FilePath: "testdata/classifier-license.dist-info/METADATA",
  },
  },
  },