Skip to content

Commit

Permalink
Fix bug in any and all conditions
Browse files Browse the repository at this point in the history 
Due to wrong handling of any and all functions license matches are
categorized as having full relevance or copyrights, even if they
do not. This leads to a regression in false positive detection.

Correct the any and all conditions to correctly detect copyrights
and relevance.

Signed-off-by: alexzurbonsen <[email protected]>
  • Loading branch information
@alexzurbonsen
alexzurbonsen committed Dec 10, 2024
1 parent c40476a commit ee32157
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 141 deletions.
16 changes: 6 additions & 10 deletions src/licensedcode/detection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1166,26 +1166,22 @@ def is_false_positive(license_matches, package_license=False):
# FIXME: actually run copyright detection here?
copyright_words = ["copyright", "(c)"]
has_copyrights = all(
True
for license_match in license_matches
if any(
True
any(
word in license_match.matched_text().lower()
for word in copyright_words
if word in license_match.matched_text().lower()
)
)
for license_match in license_matches
)
has_full_relevance = all(
True
license_match.rule.relevance == 100
for license_match in license_matches
if license_match.rule.relevance == 100
)
if has_copyrights or has_full_relevance:
return False

has_low_relevance = all(
True
license_match.rule.relevance < 60
for license_match in license_matches
if license_match.rule.relevance < 60
)

start_line_region = min(
Expand Down
217 changes: 86 additions & 131 deletions tests/licensedcode/data/plugin_license/scan/ffmpeg-license.expected.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,41 @@
{
"headers": [
{
"tool_name": "scancode-toolkit",
"tool_version": "v32.3.0-17-g35029f3b77",
"options": {
"input": [
"tests/licensedcode/data/plugin_license/scan/ffmpeg-LICENSE.md"
],
"--json": "scancode_test.json",
"--license": true,
"--license-diagnostics": true,
"--license-text": true,
"--license-text-diagnostics": true,
"--strip-root": true,
"--verbose": true
},
"notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No content created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.",
"start_timestamp": "2024-12-10T164908.294977",
"end_timestamp": "2024-12-10T164912.937268",
"output_format_version": "4.0.0",
"duration": 4.642332077026367,
"message": null,
"errors": [],
"warnings": [],
"extra_data": {
"system_environment": {
"operating_system": "mac",
"cpu_architecture": "64",
"platform": "macOS-15.1.1-x86_64-i386-64bit",
"platform_version": "Darwin Kernel Version 24.1.0: Thu Oct 10 21:05:23 PDT 2024; root:xnu-11215.41.3~2/RELEASE_ARM64_T6031",
"python_version": "3.12.5 (main, Nov 18 2024, 22:55:02) [Clang 15.0.0 (clang-1500.0.40.1)]"
},
"spdx_license_list_version": "3.25",
"files_count": 1
}
}
],
"license_detections": [
{
"identifier": "gpl_1_0_plus-0211bbc4-784e-97fe-2ac1-f150ccba866e",
Expand Down Expand Up @@ -82,47 +119,6 @@
}
]
},
{
"identifier": "gpl_2_0_and_lgpl_2_0_plus-e597690d-3d55-0948-8697-914f460389e8",
"license_expression": "gpl-2.0 AND lgpl-2.0-plus",
"license_expression_spdx": "GPL-2.0-only AND LGPL-2.0-or-later",
"detection_count": 1,
"detection_log": [],
"reference_matches": [
{
"license_expression": "gpl-2.0",
"license_expression_spdx": "GPL-2.0-only",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 100,
"end_line": 100,
"matcher": "2-aho",
"score": 100.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 100,
"rule_identifier": "gpl-2.0_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0_bare_single_word.RULE",
"matched_text": "are incompatible with the GPLv2 and v3. We do not know for certain if their",
"matched_text_diagnostics": "GPLv2"
},
{
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 101,
"end_line": 101,
"matcher": "2-aho",
"score": 60.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 60,
"rule_identifier": "lgpl_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE",
"matched_text": "licenses are compatible with the LGPL.",
"matched_text_diagnostics": "LGPL."
}
]
},
{
"identifier": "ijg_and_mit-e50613dc-8a09-65cc-c498-5d9527795382",
"license_expression": "ijg AND mit",
Expand Down Expand Up @@ -182,31 +178,6 @@
}
]
},
{
"identifier": "lgpl_2_0_plus-e66c5b24-33ce-ea1b-0e3b-28952361ec32",
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"detection_count": 1,
"detection_log": [],
"reference_matches": [
{
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 104,
"end_line": 104,
"matcher": "2-aho",
"score": 60.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 60,
"rule_identifier": "lgpl_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE",
"matched_text": "be under a complex license mix that is more restrictive than the LGPL and that",
"matched_text_diagnostics": "LGPL"
}
]
},
{
"identifier": "lgpl_2_1_plus_and_other_permissive_and_gpl_2_0_plus-666058ef-8c38-3b17-d8e7-448b304de833",
"license_expression": "lgpl-2.1-plus AND other-permissive AND gpl-2.0-plus",
Expand Down Expand Up @@ -294,8 +265,8 @@
{
"path": "ffmpeg-LICENSE.md",
"type": "file",
"detected_license_expression": "(lgpl-2.1-plus AND other-permissive AND gpl-2.0-plus) AND (lgpl-3.0 AND lgpl-3.0-plus AND (lgpl-3.0 AND gpl-3.0)) AND (ijg AND mit) AND gpl-1.0-plus AND (gpl-2.0 AND apache-2.0 AND lgpl-3.0-plus) AND (gpl-2.0 AND lgpl-2.0-plus) AND lgpl-2.0-plus",
"detected_license_expression_spdx": "(LGPL-2.1-or-later AND LicenseRef-scancode-other-permissive AND GPL-2.0-or-later) AND (LGPL-3.0-only AND LGPL-3.0-or-later AND (LGPL-3.0-only AND GPL-3.0-only)) AND (IJG AND MIT) AND GPL-1.0-or-later AND (GPL-2.0-only AND Apache-2.0 AND LGPL-3.0-or-later) AND (GPL-2.0-only AND LGPL-2.0-or-later) AND LGPL-2.0-or-later",
"detected_license_expression": "(lgpl-2.1-plus AND other-permissive AND gpl-2.0-plus) AND (lgpl-3.0 AND lgpl-3.0-plus AND (lgpl-3.0 AND gpl-3.0)) AND (ijg AND mit) AND gpl-1.0-plus AND (gpl-2.0 AND apache-2.0 AND lgpl-3.0-plus)",
"detected_license_expression_spdx": "(LGPL-2.1-or-later AND LicenseRef-scancode-other-permissive AND GPL-2.0-or-later) AND (LGPL-3.0-only AND LGPL-3.0-or-later AND (LGPL-3.0-only AND GPL-3.0-only)) AND (IJG AND MIT) AND GPL-1.0-or-later AND (GPL-2.0-only AND Apache-2.0 AND LGPL-3.0-or-later)",
"license_detections": [
{
"license_expression": "lgpl-2.1-plus AND other-permissive AND gpl-2.0-plus",
Expand Down Expand Up @@ -514,73 +485,41 @@
],
"detection_log": [],
"identifier": "gpl_2_0_and_apache_2_0_and_lgpl_3_0_plus-c2393e5a-e531-304f-58a9-a6431d46d214"
},
}
],
"license_clues": [
{
"license_expression": "gpl-2.0 AND lgpl-2.0-plus",
"license_expression_spdx": "GPL-2.0-only AND LGPL-2.0-or-later",
"matches": [
{
"license_expression": "gpl-2.0",
"license_expression_spdx": "GPL-2.0-only",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 100,
"end_line": 100,
"matcher": "2-aho",
"score": 100.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 100,
"rule_identifier": "gpl-2.0_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0_bare_single_word.RULE",
"matched_text": "are incompatible with the GPLv2 and v3. We do not know for certain if their",
"matched_text_diagnostics": "GPLv2"
},
{
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 101,
"end_line": 101,
"matcher": "2-aho",
"score": 60.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 60,
"rule_identifier": "lgpl_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE",
"matched_text": "licenses are compatible with the LGPL.",
"matched_text_diagnostics": "LGPL."
}
],
"detection_log": [],
"identifier": "gpl_2_0_and_lgpl_2_0_plus-e597690d-3d55-0948-8697-914f460389e8"
"license_expression": "gpl-2.0",
"license_expression_spdx": "GPL-2.0-only",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 100,
"end_line": 100,
"matcher": "2-aho",
"score": 100.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 100,
"rule_identifier": "gpl-2.0_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0_bare_single_word.RULE",
"matched_text": "are incompatible with the GPLv2 and v3. We do not know for certain if their",
"matched_text_diagnostics": "GPLv2"
},
{
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"matches": [
{
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 104,
"end_line": 104,
"matcher": "2-aho",
"score": 60.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 60,
"rule_identifier": "lgpl_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE",
"matched_text": "be under a complex license mix that is more restrictive than the LGPL and that",
"matched_text_diagnostics": "LGPL"
}
],
"detection_log": [],
"identifier": "lgpl_2_0_plus-e66c5b24-33ce-ea1b-0e3b-28952361ec32"
}
],
"license_clues": [
"from_file": "ffmpeg-LICENSE.md",
"start_line": 101,
"end_line": 101,
"matcher": "2-aho",
"score": 60.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 60,
"rule_identifier": "lgpl_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE",
"matched_text": "licenses are compatible with the LGPL.",
"matched_text_diagnostics": "LGPL."
},
{
"license_expression": "proprietary-license",
"license_expression_spdx": "LicenseRef-scancode-proprietary-license",
Expand All @@ -596,10 +535,26 @@
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/proprietary-license_490.RULE",
"matched_text": "If you wish to enable these libraries, pass --enable-nonfree to configure.",
"matched_text_diagnostics": "enable-nonfree"
},
{
"license_expression": "lgpl-2.0-plus",
"license_expression_spdx": "LGPL-2.0-or-later",
"from_file": "ffmpeg-LICENSE.md",
"start_line": 104,
"end_line": 104,
"matcher": "2-aho",
"score": 60.0,
"matched_length": 1,
"match_coverage": 100.0,
"rule_relevance": 60,
"rule_identifier": "lgpl_bare_single_word.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE",
"matched_text": "be under a complex license mix that is more restrictive than the LGPL and that",
"matched_text_diagnostics": "LGPL"
}
],
"percentage_of_license_text": 34.78,
"scan_errors": []
}
]
}
}

0 comments on commit ee32157

Please sign in to comment.