Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle ScanCode findings that are actually references to other files #8190

Closed
bennati opened this issue Jan 29, 2024 · 4 comments
Closed

Handle ScanCode findings that are actually references to other files #8190

bennati opened this issue Jan 29, 2024 · 4 comments
Assignees
@sschuberth
Labels
scanner About the scanner tool

Comments

@bennati
Copy link
Contributor

bennati commented Jan 29, 2024

Scanning a gitrepo project with the following manifest

<?xml version='1.0' encoding='UTF-8'?>
<manifest>
  <remote name="origin" fetch="../../../"/>
  <default revision="master" remote="origin" sync-c="true" sync-j="8"/>

  <project name="external/xz"/>
</manifest>

where folder external/xz contains only four files, named COPYING, COPYING.GPLv2, COPYING.GPLv3 and COPYING.LGPLv2.1 (see
copying.zip )

ORT detects the following:

{
          "license" : "LGPL-2.1-only",
          "location" : {
            "path" : "COPYING",
            "start_line" : 1,
            "end_line" : 502
          }

And note that file 'COPYING' has 66 lines only, while 'COPYING.LGPLv2.1` has 502 lines

Here the scan-results file
copying.json
@sschuberth sschuberth added scanner About the scanner tool needs info An issue where further information is required labels Jan 29, 2024
@sschuberth
Copy link
Member

@bennati please check whether the issue is also reproducible with ScanCode alone.

@bennati
Copy link
Contributor Author

bennati commented Jan 30, 2024

It's indeed an issue with scancode 32 aboutcode-org/scancode-toolkit#3648
thanks!

@sschuberth sschuberth closed this as not planned Won't fix, can't repro, duplicate, stale Jan 30, 2024
@bennati
Copy link
Contributor Author

bennati commented Feb 1, 2024

Scancode team says the detection is correct and it's a new feature that was recently instroduced to reference files (see linked P)
So ORT should adapt and parse the report correctly, or ignore the report.

@bennati bennati mentioned this issue Feb 1, 2024
Closed
@sschuberth sschuberth changed the title ORT confuses files with similar names Handle ScanCode findings that are actually references to other files Feb 1, 2024
@sschuberth sschuberth reopened this Feb 1, 2024
@sschuberth sschuberth removed the needs info An issue where further information is required label Feb 1, 2024
@sschuberth
Copy link
Member

This can be solved once #8457 is done by then interpreting the new from_file field.

sschuberth added a commit that referenced this issue Mar 28, 2024
@sschuberth
fix(scancode): Filter out non-originary findings that are just refere…
a1396c1 
…nces

Fixes #8190.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth added a commit that referenced this issue Mar 28, 2024
@sschuberth
fix(scancode): Filter out non-originary findings that are just refere…
ac064fa 
…nces

Fixes #8190.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth sschuberth self-assigned this Mar 28, 2024
sschuberth added a commit that referenced this issue Mar 28, 2024
@sschuberth
fix(scancode): Filter out non-originary findings that are just refere…
228aa73 
…nces

Fixes #8190.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth added a commit that referenced this issue Apr 2, 2024
@sschuberth
fix(scancode): Filter out non-originary findings that are just refere…
af5037f 
…nces

Fixes #8190.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth added a commit that referenced this issue Apr 2, 2024
@sschuberth
fix(scancode): Filter out non-originary findings that are just refere…
d690060 
…nces

License findings that are references to license findings in other files
are now ignored, because they already appear as findings for those other
files. Fixes #8190.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
sschuberth added a commit that referenced this issue Apr 2, 2024
@sschuberth
fix(scancode): Filter out non-originary findings that are just refere…
8a19a58 
…nces

License findings that are references to license findings in other files
are now ignored, because they already appear as findings for those other
files.

Fixes #8190.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth sschuberth mentioned this issue Apr 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sschuberth sschuberth

Labels
scanner About the scanner tool
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sschuberth @bennati