Incorrect license detection

[lemonshir]

Description

The license detection is not correct when we scan the file dd-trace-go.v1/LICENSE in the bundle. The text below

  This work is dual-licensed under Apache 2.0 or BSD3.

  You may select, at your option, one of the above-listed licenses.

is detected as

        "licenses": [
          {
            "key": "unknown",
            "score": 100.0,
            "name": "Unknown license detected but not recognized",
            "short_name": "unknown",
            "category": "Unstated License",
            "is_exception": false,
            "owner": "Unspecified",
            "homepage_url": null,
            "text_url": "",
            "reference_url": "https://enterprise.dejacode.com/urn/urn:dje:license:unknown",
            "spdx_license_key": null,
            "spdx_url": "",
            "start_line": 3,
            "end_line": 3,
            "matched_rule": {
              "identifier": "lead-in_unknown_30.RULE",
              "license_expression": "unknown",
              "licenses": [
                "unknown"
              ],
              "is_license_text": false,
              "is_license_notice": true,
              "is_license_reference": false,
              "is_license_tag": false,
              "matcher": "2-aho",
              "rule_length": 3,
              "matched_length": 3,
              "match_coverage": 100.0,
              "rule_relevance": 100.0
            },
            "matched_text": "This work is dual-licensed under Apache 2.0 or BSD3."
          },
          {
            "key": "apache-2.0",
            "score": 50.0,
            "name": "Apache License 2.0",
            "short_name": "Apache 2.0",
            "category": "Permissive",
            "is_exception": false,
            "owner": "Apache Software Foundation",
            "homepage_url": "http://www.apache.org/licenses/",
            "text_url": "http://www.apache.org/licenses/LICENSE-2.0",
            "reference_url": "https://enterprise.dejacode.com/urn/urn:dje:license:apache-2.0",
            "spdx_license_key": "Apache-2.0",
            "spdx_url": "https://spdx.org/licenses/Apache-2.0",
            "start_line": 3,
            "end_line": 3,
            "matched_rule": {
              "identifier": "spdx_license_id_apache-2.0_for_apache-2.0.RULE",
              "license_expression": "apache-2.0",
              "licenses": [
                "apache-2.0"
              ],
              "is_license_text": false,
              "is_license_notice": false,
              "is_license_reference": true,
              "is_license_tag": false,
              "matcher": "2-aho",
              "rule_length": 3,
              "matched_length": 3,
              "match_coverage": 100.0,
              "rule_relevance": 50.0
            },
            "matched_text": "This work is dual-licensed under Apache 2.0 or BSD3."

The expected result is Apache 2.0 or BSD3.

How To Reproduce

Tell us how to reproduce the issue.

scancode --copyright --license --info --license-diag --license-text --only-findings --is-license-text --strip-root --processes 4 --json-pp result.json

System configuration

For bug reports, it really helps us to know:

• What OS are you running on? (Windows/MacOS/Linux)
  Linux
• What version of scancode-toolkit was used to generate the scan file?
  (scancode) ➜ scancode-toolkit git:(develop) ✗ scancode --version
  ScanCode version 3.1.1
• What installation method was used to install/run scancode? (pip/source download/other)
  pip

[pombredanne]

Welcome back and thank you for the report!

[pombredanne]

FWIW, they (@gbbr DataDog) modified the original text of the Apache license to add their copyright to the template which is a rare thing https://github.com/DataDog/dd-trace-go/blame/v1/LICENSE#L211

[lemonshir]

Thanks for the quick fix, Philippe!