From 6c509e4ed1a6fd0e1710d5a0f2d833f9becc274a Mon Sep 17 00:00:00 2001
From: Philip Hamer <philip@endor.ai>
Date: Fri, 16 Jan 2026 09:41:53 -0500
Subject: [PATCH 1/2] fix parseWith - panic if with followed by no tokens

---
 spdxexp/parse.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spdxexp/parse.go b/spdxexp/parse.go
index 51f8d45..f66de71 100644
--- a/spdxexp/parse.go
+++ b/spdxexp/parse.go
@@ -380,7 +380,7 @@ func (t *tokenStream) parseWith() *string {
 	}
 
 	token := t.peek()
-	if token.role != exceptionToken {
+	if token == nil || token.role != exceptionToken {
 		t.err = errors.New("expected exception after 'WITH'")
 		return nil
 	}

From 234f721bd96e717296b3abd9bd146f1eca0244a7 Mon Sep 17 00:00:00 2001
From: Philip Hamer <philip@endor.ai>
Date: Fri, 16 Jan 2026 09:42:17 -0500
Subject: [PATCH 2/2] unit test for panic fix for parseWith

---
 spdxexp/parse_test.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/spdxexp/parse_test.go b/spdxexp/parse_test.go
index 707331d..1d19abe 100644
--- a/spdxexp/parse_test.go
+++ b/spdxexp/parse_test.go
@@ -1246,6 +1246,7 @@ func TestParseWith(t *testing.T) {
 		{"WITH followed by EXCEPTION", getWithClauseTokens(1), "Bison-exception-2.2", false, 2, nil},
 		{"WITH not followed by EXCEPTION", getInvalidWithClauseTokens(1), "", true, 2, errors.New("expected exception after 'WITH'")},
 		{"not with", getOrClauseTokens(1), "", true, 1, nil},
+		{"WITH not followed by any tokens", getMalformedWithClauseTokens(1), "", true, 2, errors.New("expected exception after 'WITH'")},
 	}
 
 	for _, test := range tests {
@@ -1292,6 +1293,13 @@ func getInvalidWithClauseTokens(index int) *tokenStream {
 	return getTokenStream(tokens, index)
 }
 
+func getMalformedWithClauseTokens(index int) *tokenStream {
+	var tokens []token
+	tokens = append(tokens, token{role: licenseToken, value: "Apache-2.0"})
+	tokens = append(tokens, token{role: operatorToken, value: "WITH"})
+	return getTokenStream(tokens, index)
+}
+
 func getAndClauseTokens(index int) *tokenStream {
 	var tokens []token
 	tokens = append(tokens, token{role: licenseToken, value: "MIT"})