Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPL-2.0 false alarm #2757

Open
dd-jy opened this issue Nov 17, 2021 · 8 comments
Open

GPL-2.0 false alarm #2757

dd-jy opened this issue Nov 17, 2021 · 8 comments
Labels
bug

Comments

@dd-jy
Copy link
Contributor

dd-jy commented Nov 17, 2021

Description

GPL-2.0 false alarm detected.

How To Reproduce

I scanned the source code of ipython 7.25.0.
It detected GPL-2.0 in the file (https://github.com/ipython/ipython/blob/7.25.0/setup.py).

Matched Text

#  Distributed under the terms of the Modified BSD License.
#
#  The full license is in the file COPYING.txt, distributed with this software.

System configuration

  • What OS are you running on? Linux
  • What version of scancode-toolkit was used to generate the scan file? v21.3.31
  • What installation method was used to install/run scancode? pip
@dd-jy dd-jy added the bug label Nov 17, 2021
@pombredanne
Copy link
Member

@dd-jy Thank you ++
Excellent finding!
For reference the detection would yield this:

headers:
    -   tool_name: scancode-toolkit
        tool_version: 30.0.0
        options:
            input:
                - gpl
            --license: yes
            --license-text: yes
            --license-text-diagnostics: yes
            --yaml: '-'
        notice: |
            Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
            OR CONDITIONS OF ANY KIND, either express or implied. No content created from
            ScanCode should be considered or used as legal advice. Consult an Attorney
            for any legal advice.
            ScanCode is a free software code scanning tool from nexB Inc. and others.
            Visit https://github.com/nexB/scancode-toolkit/ for support and download.
        start_timestamp: '2021-11-17T130204.328449'
        end_timestamp: '2021-11-17T130206.150247'
        output_format_version: 2.0.0
        duration: '1.8218252658843994'
        message:
        errors: []
        extra_data:
            spdx_license_list_version: '3.14'
            files_count: 1
files:
    -   path: gpl
        type: file
        licenses:
            -   key: gpl-2.0-plus
                score: '60.61'
                name: GNU General Public License 2.0 or later
                short_name: GPL 2.0 or later
                category: Copyleft
                is_exception: no
                is_unknown: no
                owner: Free Software Foundation (FSF)
                homepage_url: http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
                text_url: http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
                reference_url: https://scancode-licensedb.aboutcode.org/gpl-2.0-plus
                scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/gpl-2.0-plus.LICENSE
                scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/gpl-2.0-plus.yml
                spdx_license_key: GPL-2.0-or-later
                spdx_url: https://spdx.org/licenses/GPL-2.0-or-later
                start_line: 1
                end_line: 3
                matched_rule:
                    identifier: gpl-2.0-plus_and_bootloader-exception_1.RULE
                    license_expression: gpl-2.0-plus AND bootloader-exception
                    licenses:
                        - gpl-2.0-plus
                        - bootloader-exception
                    referenced_filenames:
                        - COPYING.txt
                    is_license_text: no
                    is_license_notice: yes
                    is_license_reference: no
                    is_license_tag: no
                    is_license_intro: no
                    has_unknown: no
                    matcher: 3-seq
                    rule_length: 33
                    matched_length: 20
                    match_coverage: '60.61'
                    rule_relevance: 100
                matched_text: |
                    Distributed under the terms of the [Modified] [BSD] License.
                    #
                    #  The full license is in the file COPYING.txt, distributed with this software.
            -   key: bootloader-exception
                score: '60.61'
                name: Bootloader Distribution Exception to GPL 2.0 or later
                short_name: Bootloader Distribution Exception to GPL 2.0
                category: Copyleft Limited
                is_exception: yes
                is_unknown: no
                owner: PyInstaller Project
                homepage_url: https://github.com/pyinstaller/pyinstaller/blob/develop/COPYING.txt
                text_url:
                reference_url: https://scancode-licensedb.aboutcode.org/bootloader-exception
                scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bootloader-exception.LICENSE
                scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bootloader-exception.yml
                spdx_license_key: Bootloader-exception
                spdx_url: https://spdx.org/licenses/Bootloader-exception
                start_line: 1
                end_line: 3
                matched_rule:
                    identifier: gpl-2.0-plus_and_bootloader-exception_1.RULE
                    license_expression: gpl-2.0-plus AND bootloader-exception
                    licenses:
                        - gpl-2.0-plus
                        - bootloader-exception
                    referenced_filenames:
                        - COPYING.txt
                    is_license_text: no
                    is_license_notice: yes
                    is_license_reference: no
                    is_license_tag: no
                    is_license_intro: no
                    has_unknown: no
                    matcher: 3-seq
                    rule_length: 33
                    matched_length: 20
                    match_coverage: '60.61'
                    rule_relevance: 100
                matched_text: |
                    Distributed under the terms of the [Modified] [BSD] License.
                    #
                    #  The full license is in the file COPYING.txt, distributed with this software.
        license_expressions:
            - gpl-2.0-plus AND bootloader-exception
        percentage_of_license_text: '90.91'
        scan_errors: []

@pombredanne
Copy link
Member

@dd-jy Could I interest you in submitting a pull request to fix this? 😇
That would be super nice if I you have the time.

@pombredanne
Copy link
Member

@mrombout could this be an interesting use case and tests for the PR you are working on at develop...softsense:issue-2637-allow-license-rules-to-require-the-presence-of-certain-defining-keywords for #2637 ?

@dd-jy
Copy link
Contributor Author

dd-jy commented Nov 18, 2021

@pombredanne
I tested it after fixing 2 files (gpl-2.0-plus_and_bootloader-exception_1.RULE, gpl-2.0-plus_and_bootloader-exception_1.yml) with the branch (softsense:issue-2637-allow-license-rules-to-require-the-presence-of-certain-defining-keywords).
And it detected only BSD-3-Clause. The new feature(#2637) works very good!
In which branch can I make a pull request to the modified gpl-2.0-plus_and_bootloader-exception_1.RULE?

headers:
    -   tool_name: scancode-toolkit
        tool_version: 30.1.0
        options:
            input:
                - .
            --copyright: yes
            --license: yes
            --license-text: yes
            --license-text-diagnostics: yes
            --yaml: test.yaml
        notice: |
            Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
            OR CONDITIONS OF ANY KIND, either express or implied. No content created from
            ScanCode should be considered or used as legal advice. Consult an Attorney
            for any legal advice.
            ScanCode is a free software code scanning tool from nexB Inc. and others.
            Visit https://github.com/nexB/scancode-toolkit/ for support and download.
        start_timestamp: '2021-11-18T114757.995489'
        end_timestamp: '2021-11-18T114839.593982'
        output_format_version: 2.0.0
        duration: '41.59850454330444'
        message:
        errors: []
        extra_data:
            spdx_license_list_version: '3.14'
            files_count: 1
files:
    -   path: scancode_tst
        type: directory
        licenses: []
        license_expressions: []
        percentage_of_license_text: '0'
        copyrights: []
        holders: []
        authors: []
        scan_errors: []
    -   path: scancode_tst/setup.py
        type: file
        licenses:
            -   key: bsd-new
                score: '100.0'
                name: BSD-3-Clause
                short_name: BSD-3-Clause
                category: Permissive
                is_exception: no
                is_unknown: no
                owner: Regents of the University of California
                homepage_url: http://www.opensource.org/licenses/BSD-3-Clause
                text_url: http://www.opensource.org/licenses/BSD-3-Clause
                reference_url: https://scancode-licensedb.aboutcode.org/bsd-new
                scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-new.LICENSE
                scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-new.yml
                spdx_license_key: BSD-3-Clause
                spdx_url: https://spdx.org/licenses/BSD-3-Clause
                start_line: 1466
                end_line: 1466
                matched_rule:
                    identifier: bsd-new_641.RULE
                    license_expression: bsd-new
                    licenses:
                        - bsd-new
                    referenced_filenames: []
                    is_license_text: no
                    is_license_notice: yes
                    is_license_reference: no
                    is_license_tag: no
                    is_license_intro: no
                    has_unknown: no
                    matcher: 2-aho
                    rule_length: 9
                    matched_length: 9
                    match_coverage: '100.0'
                    rule_relevance: 100
                matched_text: Distributed under the terms of the Modified BSD License.</
        license_expressions:
            - bsd-new
        percentage_of_license_text: '0.03'

@pombredanne
Copy link
Member

@dd-jy re:

I tested it after fixing 2 files (gpl-2.0-plus_and_bootloader-exception_1.RULE, gpl-2.0-plus_and_bootloader-exception_1.yml) with the branch (softsense:issue-2637-allow-license-rules-to-require-the-presence-of-certain-defining-keywords).
And it detected only BSD-3-Clause. The new feature(#2637) works very good!

This is awesome! 🙇

@mrombout would you accept a PR of @dd-jy on top of your branch at develop...softsense:issue-2637-allow-license-rules-to-require-the-presence-of-certain-defining-keywords?

@dd-jy otherwise, just make a PR here from develop and we can handle the merge once @mrombout is finished and merged.

@mrombout
Copy link
Contributor

@mrombout would you accept a PR of @dd-jy on top of your branch at develop...softsense:issue-2637-allow-license-rules-to-require-the-presence-of-certain-defining-keywords?

@dd-jy otherwise, just make a PR here from develop and we can handle the merge once @mrombout is finished and merged.

Either way is fine by me!

@MdSahil-oss
Copy link

Hey! I'm interested in solving this bug , is there still this bug or been solved

@pombredanne
Copy link
Member

@MdSahil-oss Thank you ++ but I think this is under control.

@dd-jy drafted a PR https://github.com/softsense/scancode-toolkit/pull/2 to be merged in https://github.com/softsense/scancode-toolkit/pull/1/ with this commit https://github.com/dd-jy/scancode-toolkit/commit/80e154bfe72f005de5a0c9a1cd3d89273a5f0557

I separately added a new RULE https://github.com/nexB/scancode-toolkit/pull/2765/files?authenticity_token=QSQKmI9aaMEERTcICQ3zaWUdvg0Nrvd5OrBp5aUYY%2FE9P9xcv07XwE1X8%2Fe8geKs%2BdXMzdK8yNqlopVn9n0iJg%3D%3D&file-filters[]=.RULE&hide-deleted-files=true#diff-7669ef422e532f18d59a5a9ca0ecba4d5f5e10862ad27577b47fff72b9b0846a in #2765 to the other rule, already using prospectively the new {{}} key phrase syntax.

If you are looking for some other license-related bug to flex your muscles on please check https://github.com/nexB/scancode-toolkit/issues?q=is%3Aissue+is%3Aopen+label%3A"license+scan"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mrombout @pombredanne @dd-jy @MdSahil-oss