Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ANE-2105] Update Themis to fix ANE-2105 #1483

Merged
merged 1 commit into from
Nov 21, 2024
Merged

[ANE-2105] Update Themis to fix ANE-2105 #1483

merged 1 commit into from
Nov 21, 2024

Conversation

spatten
Copy link
Contributor

@spatten spatten commented Nov 21, 2024
edited by jira bot
Loading

Overview

Pull in the changes to Themis that fix ANE-2105

Acceptance criteria

We use the new version of Themis

Testing plan

Run a license scan on a directory with a .map file that does not contain JSON, and show that it still returns results from other licenses in that directory.

mkdir bad-map-files
echo "this is not JSON" > bad-map-files/something.map

Also, copy something with a license into the bad-map-files directory. I copied the MIT license from Themis: https://github.com/fossas/themis/blob/main/license-data/licenses/mit.LICENSE

Then, scan that directory. With Themis versions >=1.0.21 and <1.0.25, this will fail to find any licenses. With the current Themis (1.0.25) it will find the MIT license.

With Themis 1.0.24:

cabal run fossa -- analyze --experimental-force-first-party-scans --output $scandirs/bad-map-files
{"projects":[],"sourceUnits":[]}%

With Themis 1.0.25:

cabal run fossa -- analyze --experimental-force-first-party-scans --output $scandirs/bad-map-files | jq
{
  "projects": [],
  "sourceUnits": [
    {
      "AdditionalDependencyData": null,
      "Build": null,
      "Data": [
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.25",
          "match_data": null,
          "path": "bad.map"
        }
      ],
      "Files": [
        "bad.map"
      ],
      "GraphBreadth": "complete",
      "Info": {
        "Description": ""
      },
      "Manifest": null,
      "Name": "No_license_found",
      "NoticeFiles": [],
      "OriginPaths": [],
      "Title": null,
      "Type": "LicenseUnit"
    },
    {
      "AdditionalDependencyData": null,
      "Build": null,
      "Data": [
        {
          "Contents": null,
          "Copyright": null,
          "Copyrights": null,
          "ThemisVersion": "1.0.25",
          "match_data": [
            {
              "end_line": 18,
              "index": 0,
              "length": 1021,
              "location": 0,
              "match_string": "Permission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
              "start_line": 1
            }
          ],
          "path": "mit.LICENSE"
        }
      ],
      "Files": [
        "mit.LICENSE"
      ],
      "GraphBreadth": "complete",
      "Info": {
        "Description": ""
      },
      "Manifest": null,
      "Name": "mit",
      "NoticeFiles": [],
      "OriginPaths": [],
      "Title": null,
      "Type": "LicenseUnit"
    }
  ]
}

Risks

Metrics

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

@spatten spatten marked this pull request as ready for review November 21, 2024 22:34
@spatten spatten requested a review from a team as a code owner November 21, 2024 22:34
@spatten spatten merged commit 936d1fa into master Nov 21, 2024
19 checks passed
@spatten spatten deleted the prep-for-release-v3.9.40 branch November 21, 2024 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csasarak csasarak csasarak approved these changes

@JeffreyHuynh1 JeffreyHuynh1 Awaiting requested review from JeffreyHuynh1 JeffreyHuynh1 is a code owner automatically assigned from fossas/analysis

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spatten @csasarak