pombredanne
commented
2 years ago Thank you for the report! Would you want to help fix this?
Open ablam opened 2 years ago
pombredanne
commented
2 years ago Thank you for the report! Would you want to help fix this?
ablam
commented
2 years ago sure, np
pombredanne
commented
2 years ago I fetched: https://gitlab.com/apparmor/apparmor/-/raw/master/libraries/libapparmor/src/parser.h
/*
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
* NOVELL (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2.1 of the GNU Lesser General
* Public License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, <http://www.gnu.org/licenses/>.
*/
[....]and run a scan:
headers:
- tool_name: scancode-toolkit
tool_version: 30.0.0
options:
input:
- parser.h
--license: yes
--license-text: yes
--license-text-diagnostics: yes
--yaml: '-'
notice: |
Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/nexB/scancode-toolkit/ for support and download.
start_timestamp: '2021-11-18T123029.304640'
end_timestamp: '2021-11-18T123031.224382'
output_format_version: 2.0.0
duration: '1.9197578430175781'
message:
errors: []
extra_data:
spdx_license_list_version: '3.14'
files_count: 1
files:
- path: parser.h
type: file
licenses:
- key: lgpl-3.0
score: '94.74'
name: GNU Lesser General Public License 3.0
short_name: LGPL 3.0
category: Copyleft Limited
is_exception: no
is_unknown: no
owner: Free Software Foundation (FSF)
homepage_url: http://www.gnu.org/licenses/lgpl-3.0.html
text_url: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
reference_url: https://scancode-licensedb.aboutcode.org/lgpl-3.0
scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/lgpl-3.0.LICENSE
scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/lgpl-3.0.yml
spdx_license_key: LGPL-3.0-only
spdx_url: https://spdx.org/licenses/LGPL-3.0-only
start_line: 5
end_line: 15
matched_rule:
identifier: lgpl-3.0_45.RULE
license_expression: lgpl-3.0
licenses:
- lgpl-3.0
referenced_filenames: []
is_license_text: no
is_license_notice: yes
is_license_reference: no
is_license_tag: no
is_license_intro: no
has_unknown: no
matcher: 3-seq
rule_length: 95
matched_length: 90
match_coverage: '94.74'
rule_relevance: 100
matched_text: |
This program is free software; you can redistribute it and/or
* modify it under the terms of version [2].[1] of the GNU Lesser General
* Public License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser [General] [Public] License
* along with this program; if not, <http://www.gnu.org/licenses/>.
license_expressions:
- lgpl-3.0
percentage_of_license_text: '41.67'
scan_errors: []the culprit is that "2.1" is not matched alright.
@ablam re:
Solution: creating similar rule for LGPL 2.1 based on the one for 3.0 fixes the problem
yes! that's exactly it.
In a near future I think that this would also be something that #2637 by @mrombout would be able to cure? See https://github.com/nexB/scancode-toolkit/compare/develop...softsense:issue-2637-allow-license-rules-to-require-the-presence-of-certain-defining-keywords
Description
Incorrect version of LGPL - detected 3 instead of 2.1
How To Reproduce
Scan AppArmor (https://gitlab.com/apparmor/apparmor) Check licence for libraries\libapparmor\src\parser.h Expected: LGPL 2.1 as in file header:
Issue: there is no rule for LGPL 2.1 with such pattern, so closest match is rule lgpl-3.0_45.RULE:
Solution: creating similar rule for LGPL 2.1 based on the one for 3.0 fixes the problem
System configuration