Skip to content

Commit

Permalink
license: curate incorrect license
Browse files Browse the repository at this point in the history
  • Loading branch information
kikofernandez committed Nov 22, 2024
1 parent 93c4082 commit 35fd4ed
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 8 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/license-scanner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ jobs:
- name: License Compliance Check
run: |
pip install scancode-toolkit==32.3.0
scancode-reindex-licenses --additional-directory scripts/licensedetection/
scripts/scan-code.escript --file-or-dir "${{ steps.new-files.outputs.new_files }}" \
--sarif results.sarif
Expand Down Expand Up @@ -86,4 +87,4 @@ jobs:
if: ${{ !cancelled() }}
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # ratchet:github/codeql-action/upload-sarif@v3
with:
sarif_file: "SARIF file/results.sarif"
sarif_file: "SARIF file/results.sarif"
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
##
## %CopyrightBegin%
##
## Copyright Ericsson AB 2024. All Rights Reserved.
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
## %CopyrightEnd%

---
key: apache-2.0-or-lgpl-2.1-or-later
short_name: Apache 2.0 OR LGPL-2.1-or-later
name: Apache 2.0 OR LGPL 2.1 or later
category: Permissive
owner: Unspecified
spdx_license_key: Apache-2.0 OR LGPL-2.1-or-later
---

Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at <http://www.apache.org/licenses/LICENSE-2.0>

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Alternatively, you may use this file under the terms of the GNU Lesser
General Public License (the "LGPL") as published by the Free Software
Foundation; either version 2.1, or (at your option) any later version.
If you wish to allow use of your version of this file only under the
terms of the LGPL, you should delete the provisions above and replace
them with the notice and other provisions required by the LGPL; see
<http://www.gnu.org/licenses/>. If you do not delete the provisions
above, a recipient may use your version of this file under the terms of
either the Apache License or the LGPL.
35 changes: 28 additions & 7 deletions scripts/scan-code.escript
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,15 @@ reviewed() ->
<<"autoconf-simple-exception">>, <<"unicode">>, <<"tcl">>, <<"gpl-2.0 WITH classpath-exception-2.0">>,
<<"zlib">>, <<"lgpl-2.0-plus WITH wxwindows-exception-3.1">>,
<<"openssl-ssleay">>, <<"cc-by-sa-3.0">>, <<"cc-by-4.0">>, <<"dco-1.1">>, <<"fsf-ap">>,
<<"classpath-exception-2.0">>, <<"ietf-trust">> ].
<<"classpath-exception-2.0">>, <<"ietf-trust">>, <<"apache-2.0-or-lgpl-2.1-or-later">> ].

not_approved() ->
[<<"gpl">>, <<"gpl-3.0-plus">>, <<"gpl-2.0">>, <<"gpl-1.0-plus">>, <<"unlicense">>,
<<"lgpl-2.0-plus">>, <<"lgpl-2.1-plus">>, <<"agpl-1.0-plus">>, <<"agpl-1.0">>,
<<"agpl-3.0-plus">>, <<"erlangpl-1.1">>, <<"gpl-2.0-plus">>, <<"null">>, <<"agpl-3.0">>,
<<"mpl-1.1">>, 'null'].
<<"agpl-3.0-plus">>, <<"erlangpl-1.1">>, <<"gpl-2.0-plus">>, <<"agpl-3.0">>, <<"mpl-1.1">>].

no_license() ->
[<<"null">>, 'null'].

scan_option() ->
#{name => scan_option,
Expand Down Expand Up @@ -90,6 +92,7 @@ sarif_option() ->
long => "-sarif"}.

scancode(Config) ->
io:format("Files to scan: ~ts~n", [maps:get(file_or_dir, Config, none)]),
ok = cp_files(Config),
scan_folder(Config).

Expand Down Expand Up @@ -147,22 +150,27 @@ execute(Command, Config) ->
ok.

compliance_check(Licenses) when is_list(Licenses) ->
lists:foldl(fun ({Path, License, SPDX, Copyright}, Acc) ->
lists:foldl(fun ({Path, License, SPDX0, Copyright}, Acc) ->
SPDX = spdx_nonnull(SPDX0),
CopyrightResult = check_copyright(Copyright),
LicenseResult = compliance_check(License),
R = lists:foldl(fun (ok, Acc0) -> Acc0;
({error, Msg}, Acc0) -> [{SPDX, Path, Msg} | Acc0]
end, [], [CopyrightResult, LicenseResult]),
R ++ Acc
end, [], Licenses);
compliance_check('null') ->
{error, no_license};
compliance_check(License) ->
Handler = [ {not_approved(), {error, license_not_approved}},
Handler = [ {no_license(), {error, no_license}},
{not_approved(), {error, license_not_approved}},
{reviewed(), {error, license_to_be_reviewed}},
{approved(), ok}],
license_check(License, Handler).

spdx_nonnull(null) ->
<<"no license/copyright">>;
spdx_nonnull(X) ->
X.

check_copyright([]) ->
{error, no_copyright};
check_copyright([#{<<"copyright">> := _} | _]) ->
Expand Down Expand Up @@ -289,6 +297,19 @@ error_type_to_description({no_license, _}) ->
scancode has not found any license in this file. To fix this,
add a license declaration to the top of the file.
""";
error_type_to_description({no_copyright, _}) ->
~"""
scancode has not found any copyright in this file. To fix this,
add a copyright declaration to the top of the file.
""";
error_type_to_description({license_to_be_reviewed, L}) ->
unicode:characters_to_binary(
io_lib:format(
"""
The license ~ts must be reviewed manually.
This license is only allowed under certain
special circumstances.
""", [L]));
error_type_to_description({license_not_recognised, L}) ->
unicode:characters_to_binary(
io_lib:format(
Expand Down

0 comments on commit 35fd4ed

Please sign in to comment.