From fcd816e95e73a78fd24a7e6baef709d7657d265f Mon Sep 17 00:00:00 2001
From: Yuchen Pei <hi@ypei.me>
Date: Thu, 13 Oct 2022 13:55:41 +1100
Subject: `// @license` should be at the beginning of a line (mod whitespace)

Otherwise the following will be processed for @license / @license-end
method:

// foo.js
// // @license magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-3.0
// document.getElementById('bar');
// // @license-end
function foo(x, y) {
  console.log(x + y);
}

$ node ./utitlities/check-script foo.js

[
  true,
  '// // @license magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-3.0\n' +
    "// document.getElementById('bar');\n" +
    '// // @license-end\n' +
    'function foo(x, y) {\n' +
    '  console.log(x + y);\n' +
    '}\n',
  '\n' +
    'Recognized license: "GNU General Public License (GPL) version 3".\n' +
    'Script appears to be trivial.'
]
---
 common/checks.js         |  4 ++--
 test/spec/LibreJSSpec.js | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/common/checks.js b/common/checks.js
index 2a4ab9c..01765e4 100644
--- a/common/checks.js
+++ b/common/checks.js
@@ -56,8 +56,8 @@ const LOOPKEYS = new Set(['for', 'if', 'while', 'switch']);
 const OPERATORS = new Set(['||', '&&', '=', '==', '++', '--', '+=', '-=', '*']);
 // @license match, second and third capture groups are canonicalUrl
 // and license name
-const OPENING_LICENSE_RE = /\/[/*]\s*?(@license)\s+(\S+)\s+(\S+).*$/mi;
-const CLOSING_LICENSE_RE = /\/([*/])\s*@license-end\s*(\*\/)?/mi;
+const OPENING_LICENSE_RE = /^\s*\/[/*]\s*?(@license)\s+(\S+)\s+(\S+).*$/mi;
+const CLOSING_LICENSE_RE = /^\s*\/([*/])\s*@license-end\s*(\*\/)?/mi;
 /**
 *	If this is true, it evaluates entire scripts instead of returning as soon as it encounters a violation.
 *
diff --git a/test/spec/LibreJSSpec.js b/test/spec/LibreJSSpec.js
index 7828bcb..d7a49f5 100644
--- a/test/spec/LibreJSSpec.js
+++ b/test/spec/LibreJSSpec.js
@@ -42,7 +42,11 @@ describe('LibreJS\' components', () => {
   const trivialCall = 'foo();';
   let licensed = `// @license ${license.magnet} ${license.id}\n${nontrivial}\n// @license-end`;
   let unknownLicensed = `// @license ${unknownLicense.magnet} ${unknownLicense.id}\n${nontrivial}\n// @license-end`;
+  let commentedOutUnknownLicensed =
+    unknownLicensed.split('\n').map(y => '// ' + y).join('\n');
   let malformedLicensed = `// @license\n${nontrivial}`;
+  let commentedOutMalformedLicensed =
+    malformedLicensed.split('\n').map(y => '// ' + y).join('\n');
   let tab, documentUrl;
   const enableContactFinderTests = false;
 
@@ -124,10 +128,20 @@ describe('LibreJS\' components', () => {
       expect(processed).not.toContain(nontrivial);
     });
 
+    it('should leave alone scripts with commented out unknown license tags', async () => {
+      let processed = await processScript(commentedOutUnknownLicensed);
+      expect(processed).toContain(nontrivial);
+    });
+
     it('should block scripts with malformed license tags', async () => {
       let processed = await processScript(malformedLicensed);
       expect(processed).not.toContain(nontrivial);
     });
+
+    it('should leave alone scripts with commented out malformed license tags', async () => {
+      let processed = await processScript(commentedOutMalformedLicensed);
+      expect(processed).toContain(nontrivial);
+    });
   });
 
   describe('The HTML processor', () => {
-- 
cgit v1.2.3