Fix #4609: Handle file-type license references in NuGet packages

Detect <license type='file'> in .nuspec files and extract file path
to license_file_references field. Keep extracted_license_statement as
raw path value to integrate with existing license resolution in
process_codebase function.

This follows the two-phase architecture pattern:
- Phase 1: Extract and store file path (this change)
- Phase 2: Existing process_codebase resolves file references

Minimal changes (37 lines) following maintainer feedback from PR #4689.

Fixes #4609

Signed-off-by: Jayant <jayantmcom@gmail.com>

Author: ShraddhaSharma3

CONTRIBUTING.rst

@@ -85,7 +85,7 @@ template. Your help and contribution make ScanCode docs better, we love hearing
 
 The ScanCode documentation is hosted at `scancode-toolkit.readthedocs.io <https://scancode-toolkit.readthedocs.io/en/latest/>`_.
 
-If you want to contribute to Scancode Documentation, you'll find `this guide here <https://scancode-toolkit.readthedocs.io/en/latest/contribute/contrib_doc.html>`_ helpful.
+If you want to contribute to Scancode Documentation, you'll find `this guide here https://scancode-toolkit.readthedocs.io/en/latest/getting-started/contribute/contributing-docs.html`_ helpful.
 
 Development
 ===========

src/packagedcode/nuget.py

@@ -156,10 +156,30 @@ def parse(cls, location, package_only=False):
         urls = get_urls(name, version)
 
         extracted_license_statement = None
+        license_file_references = []
+        
         # See https://docs.microsoft.com/en-us/nuget/reference/nuspec#license
         # This is a SPDX license expression
         if 'license' in nuspec:
-            extracted_license_statement = nuspec.get('license')
+            license_data = nuspec.get('license')
+
+            if isinstance(license_data, dict):
+                license_type = license_data.get('@type', '')
+                license_text = license_data.get('#text', '')
+
+                if license_type == 'expression':
+                    extracted_license_statement = license_text
+
+                elif license_type == 'file':
+                    extracted_license_statement = license_text
+                    license_file_references = [license_text]
+
+                elif license_type == 'url':
+                    extracted_license_statement = license_text
+                else:
+                    extracted_license_statement = str(license_data)
+            else:
+                extracted_license_statement = license_data
         # Deprecated and not a license expression, just a URL
         elif 'licenseUrl' in nuspec:
             extracted_license_statement = nuspec.get('licenseUrl')
@@ -174,6 +194,7 @@ def parse(cls, location, package_only=False):
             parties=parties,
             dependencies=list(get_dependencies(nuspec)),
             extracted_license_statement=extracted_license_statement,
+            license_file_references=license_file_references,
             copyright=nuspec.get('copyright') or None,
             vcs_url=vcs_url,
             **urls,

tests/packagedcode/data/nuget/Castle.Core.nuspec-package-only.json.expected

@@ -45,6 +45,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://www.apache.org/licenses/LICENSE-2.0.html",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/Castle.Core.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://www.apache.org/licenses/LICENSE-2.0.html",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/EntityFramework.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://go.microsoft.com/fwlink/?LinkID=320539",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/Microsoft.AspNet.Mvc.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/Microsoft.Net.Http.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://go.microsoft.com/fwlink/?LinkId=329770",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/bootstrap.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "https://github.com/twbs/bootstrap/blob/master/LICENSE",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/jQuery.UI.Combined.nuspec.json.expected

@@ -68,6 +68,7 @@
     "other_license_expression_spdx": null,
     "other_license_detections": [],
     "extracted_license_statement": "http://jquery.org/license",
+    "license_file_references": [],
     "notice_text": null,
     "source_packages": [],
     "file_references": [],

tests/packagedcode/data/nuget/license_file.nuspec

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
+    <metadata>
+        <id>Test.Package</id>
+        <version>1.0.0</version>
+        <authors>Tester</authors>
+        <description>Test package with license file</description>
+        <license type="file">LICENSE.txt</license>
+    </metadata>
+</package>