From d01d57d4ef3fe2c4a49a2bc221c8484cdb56d419 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Thu, 6 Jun 2024 11:01:49 -0700 Subject: [PATCH] :bug: fix Unlicense detection (#4145) * fix unlicense detection The code previously had some special logic for handling the Unlicense SPDX identifier. While this worked for local file detection, it broke detection for SPDX identifiers provided by the forge. This change moves the logic to the part of the code concerned with local file detection, so both work now. Signed-off-by: Spencer Schrock * remove part of comment which is no longer relevant Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock Signed-off-by: balteraivshay --- checks/raw/license.go | 43 +++++++++++++++++-------------------------- 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/checks/raw/license.go b/checks/raw/license.go index 3e041c7e2a4..af0f83d92fb 100644 --- a/checks/raw/license.go +++ b/checks/raw/license.go @@ -160,17 +160,10 @@ func License(c *checker.CheckRequest) (checker.LicenseData, error) { // scorecard search stops at first candidate (isLicenseFile) license file found if path != (checker.LicenseFile{}) { - // - // now it is time to "map it back" in the case of the - // Spdx Identifier for "UNLICENSE" which was mapped to "UN" - // for the regex group match and this check. - // grab what is needed before clobbering the Spdx Identifier - // Aside from 'UN', these settings (Name, Key) match GH repo API - // for when the Spdx Identifier cannot be determined. path.LicenseInformation.Name = fsfOsiApprovedLicenseCiMap[strings.ToUpper(path.LicenseInformation.SpdxID)].Name - if strings.ToUpper(path.LicenseInformation.SpdxID) == "UN" { - path.LicenseInformation.SpdxID = "UNLICENSE" - } else if path.LicenseInformation.SpdxID == "" { + // these settings (Name, Key) match GH repo API + // for when the Spdx Identifier cannot be determined. + if path.LicenseInformation.SpdxID == "" { path.LicenseInformation.SpdxID = "NOASSERTION" path.LicenseInformation.Name = "Other" } @@ -226,19 +219,7 @@ func setCiMap() { defer ciMapMutex.Unlock() if len(fsfOsiApprovedLicenseCiMap) == 0 { for key, entry := range fsfOsiApprovedLicenseMap { - // Special case, the unlicense, in the map is - // called 'The Unlicense' with the Spdx id 'Unlicense'. - // For the regex's 'un' will match the [pre|suf]Spdx - // regex group (just as it would match '0BSD'), but - // 'un' will not "hit" in the map with key 'Unlicense' - // so change to 'UN' for 'unlicense' for 'isLicenseFile()' - // TODO: make this general (pass a key map for changing these - // special cases). For now this is the only one. - if strings.ToUpper(key) == "UNLICENSE" { - fsfOsiApprovedLicenseCiMap["UN"] = entry - } else { - fsfOsiApprovedLicenseCiMap[strings.ToUpper(key)] = entry - } + fsfOsiApprovedLicenseCiMap[strings.ToUpper(key)] = entry } } } @@ -261,12 +242,22 @@ func getSpdxID(matches []string) string { // value, preSpdx takes precedence. // (e.g., 0BSD-LICENSE-GPL-2.0.txt) // TODO: decide if that is OK or should "fail" + var id string if matches[reGroupIdxs["preSpdx"]] != "" { - return matches[reGroupIdxs["preSpdx"]] + id = matches[reGroupIdxs["preSpdx"]] } else if matches[reGroupIdxs["sufSpdx"]] != "" { - return matches[reGroupIdxs["sufSpdx"]] + id = matches[reGroupIdxs["sufSpdx"]] } - return "" + // Special case, the unlicense, in the map is + // called 'The Unlicense' with the Spdx id 'Unlicense'. + // For the regex's 'un' will match the [pre|suf]Spdx + // regex group (just as it would match '0BSD'), but + // 'un' will not "hit" in the map with key 'Unlicense' + if strings.EqualFold(id, "UN") { + id = "UNLICENSE" + } + + return id } func getExt(filename string, matches []string) string {