Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add NOTICE files to source units #1466

Merged
merged 17 commits into from
Oct 7, 2024
Merged

Add NOTICE files to source units #1466

merged 17 commits into from
Oct 7, 2024

Conversation

spatten
Copy link
Contributor

@spatten spatten commented Sep 5, 2024
edited
Loading

Overview

In https://github.com/fossas/themis/pull/68, Themis added NoticeFiles to its srclib output.

This PR updates the CLI to parse the NoticeFiles fields.

Acceptance criteria

  • The CLI can parse SourceUnits with and without NoticeFile entries

Testing plan

First, you'll need to update the version of Themis that is embedded into the CLI. Run vendor_download.sh with the temporary edits in this PR, and then cabal clean; cabal build.

Run fossa analyze --experimental-force-first-party-scans on a directory structure with and without notice files in it.

For a directory structure with notice files in it, you can use this:
notice-file-tester.zip

For a directory without notice files, just copy a license into an empty directory.

Run cabal run fossa -- analyze --experimental-force-first-party-scans --output on both directories.

For the run against the directory structure with just licenses and no notice files, you should see one SourceUnit per license in the directory structure, and all SourceUnits should have a type of "LicenseUnit".

For the run against the notice-file-tester directory structure, the output will look something like this. There are two sourceUnits with a type of "LicenseUnit" and a third with a type of "NoticeFileMatches" that contains the notice file data.

{
  "projects": [],
  "sourceUnits": [
    {
      "AdditionalDependencyData": null,
      "Build": null,
      "Data": [
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "NOTICE.txt"
        },
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "foo_NOTICE.txt"
        },
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "mit_NOTICE.txt"
        },
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "one/two/three/third-party-notices.txt"
        }
      ],
      "Files": [
        "NOTICE.txt",
        "foo_NOTICE.txt",
        "mit_NOTICE.txt",
        "one/two/three/third-party-notices.txt"
      ],
      "GraphBreadth": "complete",
      "Info": {
        "Description": ""
      },
      "Manifest": null,
      "Name": "",
      "NoticeFiles": [
        {
          "contents": "Apache Commons Lang\nCopyright 2001-2017 The Apache Software Foundation\n\nThis product includes software developed at\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())\n",
          "path": "NOTICE.txt"
        },
        {
          "contents": "Apache Commons Lang\nCopyright 2001-2017 The Apache Software Foundation\n\nThis product includes software developed at\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())\n",
          "path": "foo_NOTICE.txt"
        },
        {
          "contents": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
          "path": "mit_NOTICE.txt"
        },
        {
          "contents": "This is a third-party notice\n",
          "path": "one/two/three/third-party-notices.txt"
        }
      ],
      "OriginPaths": [],
      "Title": null,
      "Type": "NoticeFileMatches"
    },
    {
      "AdditionalDependencyData": null,
      "Build": null,
      "Data": [
        {
          "Contents": null,
          "Copyright": "2001-2017 The Apache Software Foundation",
          "Copyrights": [
            "2001-2017 The Apache Software Foundation"
          ],
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "NOTICE.txt"
        },
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "foo.rb"
        },
        {
          "Contents": null,
          "Copyright": "2001-2017 The Apache Software Foundation",
          "Copyrights": [
            "2001-2017 The Apache Software Foundation"
          ],
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "foo_NOTICE.txt"
        },
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": null,
          "path": "one/two/three/third-party-notices.txt"
        }
      ],
      "Files": [
        "NOTICE.txt",
        "foo.rb",
        "foo_NOTICE.txt",
        "one/two/three/third-party-notices.txt"
      ],
      "GraphBreadth": "complete",
      "Info": {
        "Description": "2001-2017 The Apache Software Foundation"
      },
      "Manifest": null,
      "Name": "No_license_found",
      "NoticeFiles": null,
      "OriginPaths": [],
      "Title": null,
      "Type": "LicenseUnit"
    },
    {
      "AdditionalDependencyData": null,
      "Build": null,
      "Data": [
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.17-beta",
          "match_data": [
            {
              "end_line": 18,
              "index": 0,
              "length": 1021,
              "location": 0,
              "match_string": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
              "start_line": 1
            }
          ],
          "path": "mit_NOTICE.txt"
        }
      ],
      "Files": [
        "mit_NOTICE.txt"
      ],
      "GraphBreadth": "complete",
      "Info": {
        "Description": ""
      },
      "Manifest": null,
      "Name": "mit",
      "NoticeFiles": null,
      "OriginPaths": [],
      "Title": null,
      "Type": "LicenseUnit"
    }
  ]
}

Risks

This is safe to merge with and without the change to Themis, but the tests won't pass unless we use the version of Themis in https://github.com/fossas/themis/pull/68

Metrics

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
    - [ ] If this PR introduced a user-visible change, I added documentation into docs/.
    - [ ] If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
    - [ ] If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
    - [ ] If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

@spatten spatten force-pushed the add-notice-files-to-source-units branch from 8c5bf4d to a0c5992 Compare September 12, 2024 21:24
@spatten spatten marked this pull request as ready for review September 12, 2024 21:27
@spatten spatten requested a review from a team as a code owner September 12, 2024 21:27
csasarak
csasarak approved these changes Sep 16, 2024
View reviewed changes
src/App/Fossa/ManualDeps.hs Outdated
@@ -517,7 +519,8 @@ instance FromJSON RemoteDependency where
<$> (obj `neText` "name")
<*> (unTextLike <$> obj `neText` "version")
<*> (obj `neText` "url")
<*> obj .:? "metadata"
<*> obj
.:? "metadata"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did the formatter do this? Not at all blocking but just wanted to ask.

src/Srclib/Types.hs Outdated Show resolved Hide resolved
src/Srclib/Types.hs Outdated Show resolved Hide resolved
src/Srclib/Types.hs Outdated Show resolved Hide resolved
test/App/Fossa/FirstPartyScanSpec.hs Outdated Show resolved Hide resolved
vendor_download.sh Outdated Show resolved Hide resolved
@spatten spatten force-pushed the add-notice-files-to-source-units branch 2 times, most recently from 1838003 to 11e55d4 Compare September 17, 2024 22:23
@spatten spatten force-pushed the add-notice-files-to-source-units branch from 88b374c to 4d6d466 Compare October 7, 2024 22:29
@spatten spatten enabled auto-merge (squash) October 7, 2024 22:32
@spatten spatten merged commit dc572c6 into master Oct 7, 2024
19 checks passed
@spatten spatten deleted the add-notice-files-to-source-units branch October 7, 2024 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csasarak csasarak csasarak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spatten @csasarak