Update Source-Build License Scan Baselines and Exclusions

[dotnet-sb-bot]

This PR was created by the CreateBaselineUpdatePR tool for build 2589095.

The updated test results can be found at https://dev.azure.com/dnceng/internal/_build/results?buildId=2589095 (internal Microsoft link)

[mthalman]

I don't understand why this is thinking the exclusion isn't necessary. The scan code results show a reference of ms-net-library-2016-05 which should be triggering a failure without the exclusion. This requires more investigation.

[mthalman]

I don't understand why this is thinking the exclusion isn't necessary. The scan code results show a reference of ms-net-library-2016-05 which should be triggering a failure without the exclusion. This requires more investigation.

I figured out what's going on here. Basically, everything is working as expected. There is some nuance in why things are happening the way they are though. Let's take a look at the scancode results:

{
  "path": "license.rtf",
  "type": "file",
  "detected_license_expression": null,
  "detected_license_expression_spdx": null,
  "license_detections": [],
  "license_clues": [
    {
      "license_expression": "ms-net-library-2016-05",
      "license_expression_spdx": "LicenseRef-scancode-ms-net-library-2016-05",
      "from_file": "license/license.rtf",
      "start_line": 26,
      "end_line": 58,
      "matcher": "3-seq",
      "score": 25.24,
      "matched_length": 373,
      "match_coverage": 25.24,
      "rule_relevance": 100,
      "rule_identifier": "ms-net-library-2016-05.LICENSE",
      "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/ms-net-library-2016-05.LICENSE"
    },
    {
      "license_expression": "ms-net-library-2016-05",
      "license_expression_spdx": "LicenseRef-scancode-ms-net-library-2016-05",
      "from_file": "license/license.rtf",
      "start_line": 61,
      "end_line": 94,
      "matcher": "3-seq",
      "score": 48.99,
      "matched_length": 724,
      "match_coverage": 48.99,
      "rule_relevance": 100,
      "rule_identifier": "ms-net-library-2016-05.LICENSE",
      "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/ms-net-library-2016-05.LICENSE"
    }
  ],
  "percentage_of_license_text": 51.0,
  "scan_errors": []
}

The key bit of data here is the value of the detected_license_expression field, which is set to null. So essentially scancode is telling us that it's final determination of this file is that it has no license references. What's interesting is the license_clues results. That describes content within the file that scancode has found which provides evidence that a license reference might exist. But ultimately that evidence isn't strong enough for it to make a final result of having this particular license. I believe this is due to the formatting of that file. It's an RTF file so it contains a lot of formatting gunk mixed in with the actual license content. So all those extra characters mixed in there lowers the confidence of the tool. This ultimately means that this is a false negative and just something we need to be aware of; the tool can't find everything.