Initial implementation of issue 141

spdx / Spdx-Java-Library

Java library which implements the Java object model for SPDX and provides useful helper functions

Apache License 2.0

35 stars 33 forks source link

Initial implementation of issue 141 #145

Closed pmonks closed 1 year ago

pmonks commented 1 year ago

This is an initial implementation of issue #141 (add support for multi-license texts to license comparison logic).

sonatype-lift[bot] commented 1 year ago

🛠 Lift Auto-fix

Some of the Lift findings in this PR can be automatically fixed. You can download and apply these changes in your local project directory of your branch to review the suggestions before committing.[^1]

# Download the patch
curl https://lift.sonatype.com/api/patch/github.com/spdx/Spdx-Java-Library/145.diff -o lift-autofixes.diff

# Apply the patch with git
git apply lift-autofixes.diff

# Review the changes
git diff

Want it all in a single command? Open a terminal in your project's directory and copy and paste the following command:

curl https://lift.sonatype.com/api/patch/github.com/spdx/Spdx-Java-Library/145.diff | git apply

Once you're satisfied commit and push your changes in your project. [^1]: You can preview the patch by opening the patch URL in the browser.

goneall commented 1 year ago

Thanks @pmonks - Could you sign-off your commits - or you could also just add add a comment to this PR that you agree to the licensing section of the CONTRIBUTING.md file: https://github.com/spdx/Spdx-Java-Library/blob/master/CONTRIBUTING.md#licensing

Also - one of the checks in the CI is complaining about a possible null pointer exception - on line https://github.com/spdx/Spdx-Java-Library/blob/180f4a5ac83614f30a7a11f4dd22251aa9c78f76/src/main/java/org/spdx/utility/compare/LicenseCompareHelper.java#L858

An easy fix would be to add a check at the beginning of the method - something like:

    public static boolean isStandardLicenseWithinText(String text, SpdxListedLicense license) {
               if (license == null || if text == null) {
                    return false;
                 }
        // Get match status
        boolean result = false;
        int startIndex = -1;

If you want to add that to the PR, that would be great.

pmonks commented 1 year ago

@goneall I fixed the linter issue, and signed that final commit as well. I held off on rebasing all of my earlier commits to sign them, as I've been merging from master as you worked there in parallel, and didn't want to accidentally sign your interleaved commits (git makes this kind of thing way too difficult / error-prone, but I digress...).

Regardless, I assert here that all of my earlier commits were developed personally by me, and that they meet the requirements of CONTRIBUTING.md#licensing.

pmonks commented 1 year ago

@goneall Note that the "1 new bug" detected by @sonatype-lift for rev 99c365a is a false positive. license cannot be null on line 863 because of the guard on line 858.

goneall commented 1 year ago

Thanks @pmonks - I'll go ahead and merge this in.

BTW - I run into similar false positives on the linter from time to time.