Implement NuGet license file logic

- Add license_file_references field to PackageData model
- Implement get_license_details() helper in nuget.py
- Update NugetNuspecHandler to capture file references
- Add test case for file-based license
- Update existing expectations with minimal surgical changes

Fixes #4609

Signed-off-by: Jayant <jayantmcom@gmail.com>

Author: Jayant-kernel

src/packagedcode/models.py

@@ -672,6 +672,12 @@ class PackageData(IdentifiablePackageData):
              'package manifest and extracted. This can be a string, a list or dict of '
              'strings possibly nested, as found originally in the manifest.')
 
+    license_file_references = List(
+        item_type=str,
+        label='license file references',
+        help='A list of license file path references as found in a package manifest.'
+    )
+
     notice_text = String(
         label='notice text',
         help='A notice text for this package.')
@@ -881,7 +887,6 @@ def to_dict(self, with_details=True, **kwargs):
         mapping = super().to_dict(with_details=with_details, **kwargs)
         if not with_details:
             # these are not used in the Package subclass
-            mapping.pop('file_references', None)
             mapping.pop('dependencies', None)
             mapping.pop('datasource_id', None)
 

src/packagedcode/nuget.py

@@ -90,6 +90,29 @@ def get_urls(name, version, **kwargs):
     )
 
 
+
+def get_license_details(nuspec):
+    license_info = nuspec.get('license')
+    if not license_info:
+        return None, []
+
+    license_type = None
+    license_text = None
+    if isinstance(license_info, dict):
+        license_type = (license_info.get('@type') or '').lower()
+        license_text = license_info.get('#text') or ''
+        if not license_text:
+            license_text = license_info.get('@value') or ''
+    else:
+        license_text = license_info
+
+    if license_type == 'file':
+        license_text = license_text or None
+        return license_text, [license_text] if license_text else []
+
+    return license_text or None, []
+
+
 class NugetNupkgHandler(models.NonAssemblableDatafileHandler):
     datasource_id = 'nuget_nupkg'
     path_patterns = ('*.nupkg',)
@@ -156,10 +179,10 @@ def parse(cls, location, package_only=False):
         urls = get_urls(name, version)
 
         extracted_license_statement = None
-        # See https://docs.microsoft.com/en-us/nuget/reference/nuspec#license
-        # This is a SPDX license expression
+        license_file_references = []
+
         if 'license' in nuspec:
-            extracted_license_statement = nuspec.get('license')
+            extracted_license_statement, license_file_references = get_license_details(nuspec)
         # Deprecated and not a license expression, just a URL
         elif 'licenseUrl' in nuspec:
             extracted_license_statement = nuspec.get('licenseUrl')
@@ -174,6 +197,7 @@ def parse(cls, location, package_only=False):
             parties=parties,
             dependencies=list(get_dependencies(nuspec)),
             extracted_license_statement=extracted_license_statement,
+            license_file_references=license_file_references,
             copyright=nuspec.get('copyright') or None,
             vcs_url=vcs_url,
             **urls,

tests/packagedcode/data/nuget/Castle.Core.nuspec-package-only.json.expected

@@ -45,6 +45,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://www.apache.org/licenses/LICENSE-2.0.html",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/Castle.Core.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://www.apache.org/licenses/LICENSE-2.0.html",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/EntityFramework.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://go.microsoft.com/fwlink/?LinkID=320539",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/Microsoft.AspNet.Mvc.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/Microsoft.Net.Http.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://go.microsoft.com/fwlink/?LinkId=329770",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/bootstrap.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "https://github.com/twbs/bootstrap/blob/master/LICENSE",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/jQuery.UI.Combined.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://jquery.org/license",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/license_file.nuspec

@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<package>
+  <metadata>
+    <id>FileLicense</id>
+    <version>1.0.0</version>
+    <authors>Example Org</authors>
+    <owners>Example Org</owners>
+    <description>Sample package with file-based license reference.</description>
+    <license type="file">LICENSE.txt</license>
+  </metadata>
+</package>