Merge pull request #3447 from nexB/update-maven-detections

Update maven detections
aboutcode-org · Jul 13, 2023 · f55754a · f55754a
2 parents a15174f + e3a1c90
commit f55754a
Show file tree

Hide file tree

Showing 290 changed files with 5,566 additions and 3,536 deletions.
diff --git a/src/licensedcode/data/rules/apache-2.0_1276.RULE b/src/licensedcode/data/rules/apache-2.0_1276.RULE
@@ -0,0 +1,10 @@
+---
+license_expression: apache-2.0
+is_license_tag: yes
+ignorable_urls:
+    - https://www.apache.org/licenses/LICENSE-2.0.txt
+---
+
+name: Apache License, Version 2.0
+url: https://www.apache.org/licenses/LICENSE-2.0.txt
+comments: A business-friendly OSS license
diff --git a/src/licensedcode/data/rules/apache-2.0_1277.RULE b/src/licensedcode/data/rules/apache-2.0_1277.RULE
@@ -0,0 +1,10 @@
+---
+license_expression: apache-2.0
+is_license_tag: yes
+ignorable_urls:
+    - http://www.apache.org/licenses/LICENSE-2.0.txt
+---
+
+name: The Apache Software License, Version 2.0
+url: http://www.apache.org/licenses/LICENSE-2.0.txt
+comments: A business-friendly OSS license
diff --git a/src/licensedcode/data/rules/apache-2.0_1278.RULE b/src/licensedcode/data/rules/apache-2.0_1278.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: apache-2.0
+is_license_tag: yes
+ignorable_urls:
+    - http://www.apache.org/licenses/
+---
+
+name: ASL, version 2
+url: http://www.apache.org/licenses/
diff --git a/src/licensedcode/data/rules/apache-2.0_1279.RULE b/src/licensedcode/data/rules/apache-2.0_1279.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: apache-2.0
+is_license_tag: yes
+ignorable_urls:
+    - http://www.apache.org/licenses/LICENSE-2.0.txt
+---
+
+name: Apache License v2.0
+url: http://www.apache.org/licenses/LICENSE-2.0.txt
diff --git a/src/licensedcode/data/rules/bsd-3-clause-no-nuclear-warranty_12.RULE b/src/licensedcode/data/rules/bsd-3-clause-no-nuclear-warranty_12.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: bsd-3-clause-no-nuclear-warranty
+is_license_tag: yes
+referenced_filenames:
+    - LICENSE-Sun.txt
+---
+
+name: {{BSD 3-clause License w/nuclear disclaimer}}
+url: LICENSE-Sun.txt
diff --git a/src/licensedcode/data/rules/bsd-new_1300.RULE b/src/licensedcode/data/rules/bsd-new_1300.RULE
@@ -0,0 +1,11 @@
+---
+license_expression: bsd-new
+is_license_tag: yes
+referenced_filenames:
+    - https://github.com/jimsch/COSE-JAVA/blob/master/LICENSE
+ignorable_urls:
+    - https://github.com/jimsch/COSE-JAVA/blob/master/LICENSE
+---
+
+name: BSD3 
+url: {{https://github.com/jimsch/COSE-JAVA/blob/master/LICENSE}}
diff --git a/src/licensedcode/data/rules/bsd-new_1301.RULE b/src/licensedcode/data/rules/bsd-new_1301.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: bsd-new
+is_license_tag: yes
+ignorable_urls:
+    - http://www.jcraft.com/jzlib/LICENSE.txt
+---
+
+name: BSD
+url: http://www.jcraft.com/jzlib/LICENSE.txt
diff --git a/src/licensedcode/data/rules/cc0-1.0_203.RULE b/src/licensedcode/data/rules/cc0-1.0_203.RULE
@@ -0,0 +1,10 @@
+---
+license_expression: cc0-1.0
+is_license_tag: yes
+relevance: 100
+ignorable_urls:
+    - http://www.creativecommons.org/publicdomain/zero/1.0/
+---
+
+name: CC0 universal
+url: http://www.creativecommons.org/publicdomain/zero/1.0/
diff --git a/src/licensedcode/data/rules/cpl-1.0_38.RULE b/src/licensedcode/data/rules/cpl-1.0_38.RULE
@@ -0,0 +1,10 @@
+---
+license_expression: cpl-1.0
+is_license_tag: yes
+ignorable_urls:
+    - http://www.opensource.org/licenses/cpl1.0.txt
+---
+
+name: CPL
+url: http://www.opensource.org/licenses/cpl1.0.txt
+comments: Common Public License
diff --git a/src/licensedcode/data/rules/jj2000_1.RULE b/src/licensedcode/data/rules/jj2000_1.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: jj2000
+is_license_tag: yes
+referenced_filenames:
+    - LICENSE-JJ2000.txt
+---
+
+name: {{JJ2000}}
+url: LICENSE-JJ2000.txt
diff --git a/src/licensedcode/data/rules/json_17.RULE b/src/licensedcode/data/rules/json_17.RULE
@@ -0,0 +1,33 @@
+---
+license_expression: json
+is_license_text: yes
+ignorable_copyrights:
+    - Copyright (c) 2002 JSON.org
+ignorable_holders:
+    - JSON.org
+ignorable_urls:
+    - http://json.org/license.html
+---
+
+name: The JSON License
+url: http://json.org/license.html
+comments:
+
+Copyright (c) 2002 JSON.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+The Software shall be used for Good, not Evil.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/licensedcode/data/rules/lgpl-2.1-plus_473.RULE b/src/licensedcode/data/rules/lgpl-2.1-plus_473.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: lgpl-2.1-plus
+is_license_tag: yes
+ignorable_urls:
+    - http://www.gnu.org/licenses/lgpl.html
+---
+
+name: GNU Lesser Public License
+url: http://www.gnu.org/licenses/lgpl.html
diff --git a/src/licensedcode/data/rules/lgpl-2.1_444.RULE b/src/licensedcode/data/rules/lgpl-2.1_444.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: lgpl-2.1
+is_license_tag: yes
+ignorable_urls:
+    - http://www.gnu.org/licenses/licenses.html
+---
+
+name: LGPL, version 2.1
+url: http://www.gnu.org/licenses/licenses.html
diff --git a/src/licensedcode/data/rules/unicode-icu-58_2.RULE b/src/licensedcode/data/rules/unicode-icu-58_2.RULE
@@ -0,0 +1,9 @@
+---
+license_expression: unicode-icu-58
+is_license_tag: yes
+ignorable_urls:
+    - http://source.icu-project.org/repos/icu/trunk/icu4j/main/shared/licenses/LICENSE
+---
+
+name: Unicode/ICU License
+url: http://source.icu-project.org/repos/icu/trunk/icu4j/main/shared/licenses/LICENSE
diff --git a/src/licensedcode/detection.py b/src/licensedcode/detection.py
@@ -667,7 +667,14 @@ def to_dict(
 
 def collect_license_detections(codebase, include_license_clues=True):
     """
-    Return a list of LicenseDetectionFromResult from a ``codebase``
+    Return a list of LicenseDetectionFromResult object rehydrated from
+    LicenseDetection mappings, from resources and packages in a ``codebase``.
+
+    As a side effect, this also corrects `declared_license_expression` in packages
+    according to their license detections. This is required because package fields
+    are populated in package plugin, which runs before the license plugin, and thus
+    the license plugin step where unknown references to other files are dereferenced
+    does not show up automatically in package attributes. 
     """
     has_packages = hasattr(codebase.root, 'package_data')
     has_licenses = hasattr(codebase.root, 'license_detections')
@@ -711,13 +718,33 @@ def collect_license_detections(codebase, include_license_clues=True):
             package_data = getattr(resource, 'package_data', []) or []
 
             package_license_detection_mappings = []
+            modified = False
             for package in package_data:
 
-                if package["license_detections"]:
-                    package_license_detection_mappings.extend(package["license_detections"])
-
-                if package["other_license_detections"]:
-                    package_license_detection_mappings.extend(package["other_license_detections"])
+                package_license_detections = package["license_detections"]
+                if package_license_detections:
+                    package_license_detection_mappings.extend(package_license_detections)
+                    detection_is_same, license_expression = verify_package_license_expression(
+                        license_detection_mappings=package_license_detections,
+                        license_expression=package["declared_license_expression"]
+                    )
+                    if not detection_is_same:
+                        package["declared_license_expression"] = license_expression
+                        modified = True
+
+                other_license_detections = package["other_license_detections"]
+                if other_license_detections:
+                    package_license_detection_mappings.extend(other_license_detections)
+                    detection_is_same, license_expression = verify_package_license_expression(
+                        license_detection_mappings=other_license_detections,
+                        license_expression=package["other_license_expression"]
+                    )
+                    if not detection_is_same:
+                        package["other_license_expression"] = license_expression
+                        modified = True
+
+            if modified:
+                codebase.save_resource(resource)
 
             if package_license_detection_mappings:
                 package_license_detection_objects = detections_from_license_detection_mappings(
@@ -729,6 +756,33 @@ def collect_license_detections(codebase, include_license_clues=True):
     return all_license_detections
 
 
+
+def verify_package_license_expression(license_detection_mappings, license_expression):
+    """
+    Returns a tuple of two files: `detection_is_same` and `license_expression` depending
+    on whether the `license_expression` is same as the license_expression computed from
+    `license_detection_mappings`:
+    1. If they are the same, we return True and None for the `license_expression`
+    2. If they are not the same, we return False, and the computed `license_expression`
+    """
+    license_expressions_from_detections = [
+            detection["license_expression"]
+            for detection in license_detection_mappings
+        ]
+
+    license_expression_from_detections = str(combine_expressions(
+        expressions=license_expressions_from_detections,
+        relation='AND',
+        unique=True,
+    ))
+
+    if not license_expression_from_detections == license_expression:
+        return False, license_expression_from_detections
+    else:
+        return True, None
+
+
+
 @attr.s
 class UniqueDetection:
     """
@@ -978,9 +1032,12 @@ def is_false_positive(license_matches, package_license=False):
         match_rule_length == 1
         for match_rule_length in match_rule_length_values
     )
-
-    is_gpl_bare = all(
-        'gpl_bare' in license_match.rule.identifier
+    bare_rules = ['gpl_bare', 'freeware_bare', 'public-domain_bare']
+    is_bare_rule = all(
+        any([
+            bare_rule in license_match.rule.identifier
+            for bare_rule in bare_rules
+        ])
         for license_match in license_matches
     )
 
@@ -995,7 +1052,7 @@ def is_false_positive(license_matches, package_license=False):
 
     is_single_match = len(license_matches) == 1
 
-    if is_single_match and is_gpl_bare:
+    if is_single_match and is_bare_rule:
         return True
 
     if is_gpl and all_match_rule_length_one:

diff --git a/src/packagedcode/__init__.py b/src/packagedcode/__init__.py
@@ -101,10 +101,10 @@
 
     haxe.HaxelibJsonHandler,
 
-    jar_manifest.JavaJarManifestHandler,
-
     maven.MavenPomXmlHandler,
     maven.MavenPomPropertiesHandler,
+    maven.JavaJarManifestHandler,
+    maven.JavaOSGiManifestHandler,
 
     misc.AndroidAppArchiveHandler,
     misc.AndroidLibraryHandler,
@@ -253,3 +253,7 @@ def get_package_handler(package_data):
         raise UnknownPackageDatasource(package_data)
     return ppc
 
+
+PACKAGE_DATA_CLASS_BY_DATASOURCE_ID = {
+    maven.MavenPackageData.datasource_id: maven.MavenPackageData
+}