Skip to content

Commit

Permalink
Fixes copyleft license details
Browse files Browse the repository at this point in the history
  • Loading branch information
@agustingroh
agustingroh committed Aug 20, 2024
1 parent 607d57f commit 41185ed
Show file tree
Hide file tree
Showing 7 changed files with 166 additions and 42 deletions.
46 changes: 33 additions & 13 deletions __tests__/result-service.test.ts
View file

Large diffs are not rendered by default.

76 changes: 62 additions & 14 deletions dist/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions src/main.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import * as outputs from './app.output';

import { scanService, uploadResults } from './services/scan.service';
import { policyManager } from './policies/policy.manager';
import { licenseUtil } from './utils/license.utils';

Check warning on line 32 in src/main.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase 

'licenseUtil' is defined but never used

Check warning on line 32 in src/main.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests 

'licenseUtil' is defined but never used
/**
* The main function for the action.
* @returns {Promise<void>} Resolves when the action is complete.
Expand Down
8 changes: 4 additions & 4 deletions src/policies/copyleft-policy-check.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import { Component, getComponents } from '../services/result.service';
import { generateTable } from '../utils/markdown.utils';
import * as core from '@actions/core';

Check warning on line 29 in src/policies/copyleft-policy-check.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase 

'core' is defined but never used

Check warning on line 29 in src/policies/copyleft-policy-check.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests 

'core' is defined but never used
import { context } from '@actions/github';

Check warning on line 30 in src/policies/copyleft-policy-check.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase 

'context' is defined but never used

Check warning on line 30 in src/policies/copyleft-policy-check.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests 

'context' is defined but never used
import { getOSADL } from '../utils/license.utils';
import { licenseUtil } from '../utils/license.utils';

/**
* This class checks if any of the components identified in the scanner results are subject to copyleft licenses.
Expand Down Expand Up @@ -74,7 +74,7 @@ export class CopyleftPolicyCheck extends PolicyCheck {
// Filter copyleft components
const componentsWithCopyleft = components.filter(component =>
component.licenses.some(
license => !!license.copyleft || this.copyleftLicenses.has(license.spdxid.trim().toLowerCase())
license => !!license.copyleft || licenseUtil.isCopyLeft(license.spdxid.trim().toLowerCase())
)
);

Expand Down Expand Up @@ -107,12 +107,12 @@ export class CopyleftPolicyCheck extends PolicyCheck {

components.forEach(component => {
component.licenses.forEach(license => {
const copyleftIcon = license.copyleft ? ':x:' : ' ';
const copyleftIcon = licenseUtil.isCopyLeft(license.spdxid?.trim().toLowerCase()) ? ':x:' : ' ';
rows.push([
component.purl,
component.version,
license.spdxid,
`${getOSADL(license.spdxid) || ''}`,
`${licenseUtil.getOSADL(license?.spdxid) || ''}`,
copyleftIcon
]);
});
Expand Down
4 changes: 2 additions & 2 deletions src/services/report.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import * as core from '@actions/core';
import { CONCLUSION, PolicyCheck } from '../policies/policy-check';
import { generateTable } from '../utils/markdown.utils';
import { context } from '@actions/github';
import { getOSADL } from '../utils/license.utils';
import { licenseUtil } from '../utils/license.utils';

export function generatePRSummary(scannerResults: ScannerResults, policies: PolicyCheck[]): string {
const components = getComponents(scannerResults);
Expand Down Expand Up @@ -83,7 +83,7 @@ export async function generateJobSummary(scannerResults: ScannerResults, policie

items.forEach(l => {
const copyleftIcon = l.copyleft ? ':x:' : ' ';
ROWS.push([l.spdxid, copyleftIcon, `${getOSADL(l.spdxid) || ''}`]);
ROWS.push([l.spdxid, copyleftIcon, `${licenseUtil.getOSADL(l?.spdxid) || ''}`]);
});
return generateTable(HEADERS, ROWS);
};
Expand Down
22 changes: 16 additions & 6 deletions src/services/result.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
*/

import { ComponentID, DependencyComponent, ScannerComponent, ScannerResults } from './result.interfaces';
import { getOSADL } from '../utils/license.utils';
import { licenseUtil } from '../utils/license.utils';

//TODO: Move all functions to a class named ResultService that produces an object { licenses: []; compoments: []; dependencies: []; vulns: [];}

Expand Down Expand Up @@ -58,7 +58,7 @@ export function getComponents(results: ScannerResults): Component[] {
version: (c as ScannerComponent).version,
licenses: (c as ScannerComponent).licenses.map(l => ({
spdxid: l.name,
copyleft: !l.copyleft ? null : l.copyleft === 'yes' ? true : false,
copyleft: licenseUtil.isCopyLeft(l.name?.trim().toLowerCase()),
url: l?.url ? l.url : null,
count: 1
}))
Expand All @@ -72,7 +72,12 @@ export function getComponents(results: ScannerResults): Component[] {
purl: d.purl,
version: d.version,
licenses: d.licenses
.map(l => ({ spdxid: l.spdx_id, copyleft: null, url: null, count: 1 }))
.map(l => ({
spdxid: l.spdx_id,
copyleft: licenseUtil.isCopyLeft(l.spdx_id?.trim().toLowerCase()),
url: null,
count: 1
}))
.filter(l => l.spdxid)
});
}
Expand Down Expand Up @@ -123,8 +128,8 @@ export function getLicenses(results: ScannerResults): License[] {
for (const l of (c as ScannerComponent).licenses) {
licenses.push({
spdxid: l.name,
copyleft: !l.copyleft ? null : l.copyleft === 'yes' ? true : false,
url: getOSADL(l.name),
copyleft: licenseUtil.isCopyLeft(l.name.trim().toLowerCase()),
url: licenseUtil.getOSADL(l?.name),
count: 1
});
}
Expand All @@ -135,7 +140,12 @@ export function getLicenses(results: ScannerResults): License[] {
for (const d of dependencies) {
for (const l of d.licenses) {
if (!l.spdx_id) continue;
licenses.push({ spdxid: l.spdx_id, copyleft: null, url: getOSADL(l.spdx_id), count: 1 });
licenses.push({
spdxid: l.spdx_id,
copyleft: licenseUtil.isCopyLeft(l.spdx_id?.trim().toLowerCase()),
url: licenseUtil.getOSADL(l?.spdx_id),
count: 1
});
}
}
}
Expand Down
51 changes: 48 additions & 3 deletions src/utils/license.utils.ts
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,48 @@
export const getOSADL = (spdxid: string): string => {
return `https://spdx.org/licenses/${spdxid}.html`;
};
export class LicenseUtil {
private BASE_OSADL_URL = 'https://spdx.org/licenses';
private HTML = 'html';
constructor() {
this.init();
}

private defaultCopyleftLicenses = new Set<string>(
[
'GPL-1.0-only',
'GPL-2.0-only',
'GPL-3.0-only',
'AGPL-3.0-only',
'Sleepycat',
'Watcom-1.0',
'GFDL-1.1-only',
'GFDL-1.2-only',
'GFDL-1.3-only',
'LGPL-2.1-only',
'LGPL-3.0-only',
'MPL-1.1',
'MPL-2.0',
'EPL-1.0',
'EPL-2.0',
'CDDL-1.0',
'CDDL-1.1',
'CECILL-2.1',
'Artistic-1.0',
'Artistic-2.0',
'CC-BY-SA-4.0'
].map(l => l.toLowerCase())
);

private copyLeftLicenses = new Set<string>();

private init(): void {
this.copyLeftLicenses = this.defaultCopyleftLicenses;
}

isCopyLeft(spdxid: string): boolean {
return this.copyLeftLicenses.has(spdxid);
}

getOSADL(spdxid: string): string {
return `${this.BASE_OSADL_URL}/${spdxid}/.${this.HTML}`;
}
}
export const licenseUtil = new LicenseUtil();

0 comments on commit 41185ed

Please sign in to comment.