From b7964566c0bcbb7514e5b574895bb4494c7b8bf8 Mon Sep 17 00:00:00 2001 From: Christian Henkel <6976069+ct2034@users.noreply.github.com> Date: Thu, 28 Mar 2024 11:55:05 +0100 Subject: [PATCH] Bugfix/check fails with NoneType (#64) - fixes #57 --------- Signed-off-by: dependabot[bot] Signed-off-by: Christian Henkel Signed-off-by: Anton Utz Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anton Utz <96201379+ant-u@users.noreply.github.com> Co-authored-by: Anton Utz --- README.md | 23 ++ how_to_update.md | 8 + src/ros_license_toolkit/checks.py | 86 +++++++- src/ros_license_toolkit/common.py | 32 ++- src/ros_license_toolkit/main.py | 6 +- src/ros_license_toolkit/package.py | 17 +- .../test_pkg_code_has_no_license/LICENSE | 203 ++++++++++++++++++ .../code_without_license.py | 5 + .../test_pkg_code_has_no_license/package.xml | 6 + .../.hidden/LICENSE | 8 + .../.scanignore | 4 + .../test_pkg_ignore_readme_contents/LICENSE | 60 ++++++ .../test_pkg_ignore_readme_contents/README.md | 8 + .../README.txt | 8 + .../code_with_license.py | 19 ++ .../package.xml | 6 + .../test_pkg_too_many_license_files/LICENSE | 46 ++++ .../apl.LICENSE | 203 ++++++++++++++++++ .../bsd.LICENSE | 11 + .../package.xml | 6 + test/systemtest/test_all_packages.py | 3 + test/systemtest/test_separate_pkgs.py | 30 ++- 22 files changed, 771 insertions(+), 27 deletions(-) create mode 100644 test/_test_data/test_pkg_code_has_no_license/LICENSE create mode 100644 test/_test_data/test_pkg_code_has_no_license/code_without_license.py create mode 100644 test/_test_data/test_pkg_code_has_no_license/package.xml create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/.hidden/LICENSE create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/.scanignore create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/LICENSE create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/README.md create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/README.txt create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/code_with_license.py create mode 100644 test/_test_data/test_pkg_ignore_readme_contents/package.xml create mode 100644 test/_test_data/test_pkg_too_many_license_files/LICENSE create mode 100644 test/_test_data/test_pkg_too_many_license_files/apl.LICENSE create mode 100644 test/_test_data/test_pkg_too_many_license_files/bsd.LICENSE create mode 100644 test/_test_data/test_pkg_too_many_license_files/package.xml diff --git a/README.md b/README.md index ea5ea96..f0f413e 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,29 @@ options: -q, --quiet disable most output ``` +Additionally, there is an option to ignore single files, folders and types of files. +If there exists a `.scanignore` in the **top level directory** of a package, +everything in it is going to be ignored. +The file entries work similar to a `.gitignore` file, including making comments with `#`. +One Example for a custom `.scanignore` file: + +``` +.git/* # folder +README.txt # file +README.* # file pattern +``` + +Per default, ros_license_toolkit ignores the following: + +``` +.scanignore +package.xml +setup.py +setup.cfg +CMakeLists.txt +.git/* +``` + ### Using it as a GitHub action You can use `ros_license_toolkit` inside your GitHub workflow in order to check licenses in your diff --git a/how_to_update.md b/how_to_update.md index 41ec1ac..60c8752 100644 --- a/how_to_update.md +++ b/how_to_update.md @@ -1,5 +1,13 @@ # Note for me +## Requirements + +```bash +pip install bumpver build twine +``` + +## Steps + How to update the project: 1. Increment version diff --git a/src/ros_license_toolkit/checks.py b/src/ros_license_toolkit/checks.py index ee6fe92..89698ea 100644 --- a/src/ros_license_toolkit/checks.py +++ b/src/ros_license_toolkit/checks.py @@ -205,7 +205,16 @@ def _check_licenses(self, package: Package) -> None: f"License text file '{license_text_file}' is " +\ f"of license {actual_license} but tag is " +\ f"{license_tag.get_license_id()}." - self.missing_license_texts_status[license_tag] = Status.WARNING + # If Tag and File both are in SPDX but don't match -> Error + if is_license_name_in_spdx_list(license_tag.get_license_id()): + self.missing_license_texts_status[license_tag] =\ + Status.FAILURE + else: + self.missing_license_texts_status[license_tag] =\ + Status.WARNING + self.files_with_wrong_tags[license_tag] = \ + {'actual_license': actual_license, + 'license_tag': license_tag.get_license_id()} continue def _evaluate_results(self): @@ -257,6 +266,8 @@ def _check_license_files(self, package: Package) -> None: continue found_licenses_str = found_licenses[ 'detected_license_expression_spdx'] + if not found_licenses_str: + continue licenses = found_licenses_str.split(' AND ') for license_str in licenses: if license_str not in self.declared_licenses: @@ -302,14 +313,6 @@ def _evaluate_result(self, package: Package) -> None: self.files_not_matched_by_any_license_tag, package, ) - elif self.files_with_inofficial_tag: - info_str = '' - info_str += 'For the following files, please change the ' +\ - 'License Tag in the package file to SPDX format:\n' +\ - '\n'.join( - [f" '{x[0]}' is of {x[1][0]} but its Tag is {x[1][1]}." - for x in self.files_with_inofficial_tag.items()]) - self._warning(info_str) elif len(self.files_not_matched_by_any_license_tag) > 0: info_str = '' info_str += '\nThe following files contain licenses that ' +\ @@ -323,6 +326,14 @@ def _evaluate_result(self, package: Package) -> None: self.files_not_matched_by_any_license_tag, package, ) + elif self.files_with_inofficial_tag: + info_str = '' + info_str += 'For the following files, please change the ' +\ + 'License Tag in the package file to SPDX format:\n' +\ + '\n'.join( + [f" '{x[0]}' is of {x[1][0]} but its Tag is {x[1][1]}." + for x in self.files_with_inofficial_tag.items()]) + self._warning(info_str) else: self._success('All licenses found in the code are covered by a ' 'license declaration.') @@ -337,3 +348,60 @@ def _print_info(self, info_str, files_with_uncovered_licenses, lambda x: x[0] in files_with_uncovered_licenses or ( x[0] in files_not_matched_by_any_license_tag), package.found_files_w_licenses.items())))) + + +class LicenseFilesReferencedCheck(Check): + """Check if all found License file have a reference in package.xml.""" + + def _check(self, package: Package): + not_covered_texts: Dict[str, str] = {} + inofficial_covered_texts: Dict[str, List[str]] = {} + for filename, license_text in package.found_license_texts.items(): + # skipping all declarations above the package + if not is_in_package(package, filename): + continue + if 'detected_license_expression_spdx' in license_text and \ + license_text['detected_license_expression_spdx'] not in \ + package.license_tags: + spdx_expression = license_text[ + 'detected_license_expression_spdx'] + inofficial_licenses = { + lic_tag.id_from_license_text: key + for key, lic_tag in package.license_tags.items() + if lic_tag.id_from_license_text != ''} + if spdx_expression in inofficial_licenses: + inofficial_covered_texts[filename] = \ + [spdx_expression, + inofficial_licenses[spdx_expression]] + else: + not_covered_texts[filename] = \ + spdx_expression + if not_covered_texts: + info_str = '' + info_str += 'The following license files are not' +\ + ' mentioned by any tag:\n' +\ + '\n'.join( + [f" '{x[0]}' is of {x[1]}." + for x in not_covered_texts.items()]) + self._failed(info_str) + elif inofficial_covered_texts: + info_str = '' + info_str += 'The following license files are not' +\ + ' mentioned by any tag:\n' +\ + '\n'.join( + [f" '{x[0]}' is of {x[1][0]} but its tag is {x[1][1]}." + for x in inofficial_covered_texts.items()]) + self._warning(info_str) + else: + self._success("All license declaration are referenced by a tag.") + + +def is_in_package(package: Package, file: str) -> bool: + """Return TRUE if the file is underneath the absolute package path. + Return FALSE if file is located above package.""" + parent = os.path.abspath(package.abspath) + child = os.path.abspath(package.abspath + '/' + file) + + comm_parent = os.path.commonpath([parent]) + comm_child_parent = os.path.commonpath([parent, child]) + return comm_parent == comm_child_parent diff --git a/src/ros_license_toolkit/common.py b/src/ros_license_toolkit/common.py index 3f4e1e7..8784a98 100644 --- a/src/ros_license_toolkit/common.py +++ b/src/ros_license_toolkit/common.py @@ -16,10 +16,21 @@ """Common utility functions.""" -from typing import Any, Dict, Optional +import os +from typing import Any, Dict, List, Optional REQUIRED_PERCENTAGE_OF_LICENSE_TEXT = 95.0 +# files we ignore in scan results +IGNORED = [ + ".scanignore", + "package.xml", + "setup.py", + "setup.cfg", + "CMakeLists.txt", + ".git/*" +] + def get_spdx_license_name(scan_results: Dict[str, Any]) -> Optional[str]: """Get the SPDX license name from scan results.""" @@ -27,3 +38,22 @@ def get_spdx_license_name(scan_results: Dict[str, Any]) -> Optional[str]: >= REQUIRED_PERCENTAGE_OF_LICENSE_TEXT: return scan_results['detected_license_expression_spdx'] return None + + +def get_ignored_content(pkg_abspath: str) -> List[str]: + """Return all ignored patterns from '.scanignore' + and local IGNORED definition.""" + ignored_content: List[str] = [] + scanignore_path = pkg_abspath + "/.scanignore" + if os.path.exists(scanignore_path): + with open(scanignore_path, 'r', encoding="utf-8") as f: + for line in f: + line_contents = line.split('#') + ignore_pattern = line_contents[0].rstrip() + if len(ignore_pattern) > 0: + ignored_content.append(ignore_pattern) + f.close() + for pattern in IGNORED: + if pattern not in ignored_content: + ignored_content.append(pattern) + return ignored_content diff --git a/src/ros_license_toolkit/main.py b/src/ros_license_toolkit/main.py index d50367f..3911018 100644 --- a/src/ros_license_toolkit/main.py +++ b/src/ros_license_toolkit/main.py @@ -24,7 +24,8 @@ import timeit from typing import Optional, Sequence -from ros_license_toolkit.checks import (LicensesInCodeCheck, +from ros_license_toolkit.checks import (LicenseFilesReferencedCheck, + LicensesInCodeCheck, LicenseTagExistsCheck, LicenseTagIsInSpdxListCheck, LicenseTextExistsCheck, Status) @@ -134,7 +135,8 @@ def process_one_pkg(rll_print, package): LicenseTagExistsCheck(), LicenseTagIsInSpdxListCheck(), LicenseTextExistsCheck(), - LicensesInCodeCheck()] + LicensesInCodeCheck(), + LicenseFilesReferencedCheck()] for check in checks_to_perform: check.check(package) diff --git a/src/ros_license_toolkit/package.py b/src/ros_license_toolkit/package.py index 9b2e972..18925e7 100644 --- a/src/ros_license_toolkit/package.py +++ b/src/ros_license_toolkit/package.py @@ -26,20 +26,12 @@ from rospkg.common import PACKAGE_FILE from scancode.api import get_licenses -from ros_license_toolkit.common import get_spdx_license_name +from ros_license_toolkit.common import (get_ignored_content, + get_spdx_license_name) from ros_license_toolkit.copyright import get_copyright_strings_per_pkg from ros_license_toolkit.license_tag import LicenseTag from ros_license_toolkit.repo import NotARepoError, Repo -# files we ignore in scan results -IGNORED = [ - "package.xml", - "setup.py", - "setup.cfg", - "CMakeLists.txt", - ".git/*", -] - class PackageException(Exception): """Exception raised when a package is invalid.""" @@ -88,6 +80,9 @@ def __init__(self, path: str, repo: Optional[Repo] = None): # this is Optional, because it is only evaluated on the first call self._license_tags: Optional[Dict[str, LicenseTag]] = None + # All ignored files and folders + self._ignored_content: List[str] = get_ignored_content(self.abspath) + def _get_path_relative_to_pkg(self, path: str) -> str: """Get path relative to pkg root""" return os.path.relpath(path, self.abspath) @@ -121,7 +116,7 @@ def _run_scan_and_save_results(self): for (root, _, files) in os.walk(self.abspath): files_rel_to_pkg = [self._get_path_relative_to_pkg( os.path.join(root, f)) for f in files] - for pattern in IGNORED: + for pattern in self._ignored_content: matched = fnmatch.filter(files_rel_to_pkg, pattern) for m in matched: files_rel_to_pkg.remove(m) diff --git a/test/_test_data/test_pkg_code_has_no_license/LICENSE b/test/_test_data/test_pkg_code_has_no_license/LICENSE new file mode 100644 index 0000000..6b0b127 --- /dev/null +++ b/test/_test_data/test_pkg_code_has_no_license/LICENSE @@ -0,0 +1,203 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/test/_test_data/test_pkg_code_has_no_license/code_without_license.py b/test/_test_data/test_pkg_code_has_no_license/code_without_license.py new file mode 100644 index 0000000..afde420 --- /dev/null +++ b/test/_test_data/test_pkg_code_has_no_license/code_without_license.py @@ -0,0 +1,5 @@ +import sys + +if __name__ == "__main__": + print("hi") + sys.exit(0) diff --git a/test/_test_data/test_pkg_code_has_no_license/package.xml b/test/_test_data/test_pkg_code_has_no_license/package.xml new file mode 100644 index 0000000..68cc407 --- /dev/null +++ b/test/_test_data/test_pkg_code_has_no_license/package.xml @@ -0,0 +1,6 @@ + + + + test_pkg_code_has_no_license + Apache-2.0 + diff --git a/test/_test_data/test_pkg_ignore_readme_contents/.hidden/LICENSE b/test/_test_data/test_pkg_ignore_readme_contents/.hidden/LICENSE new file mode 100644 index 0000000..88a36a8 --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/.hidden/LICENSE @@ -0,0 +1,8 @@ +This is also a license mentioning text, but it should be ignored since its under the .hidden directory. + +The majority of this library is licensed under the Apache-2.0 licensed. However, certain parts are +licensed under different licenses: + - The queue used inside the communication structures is originally written by Cameron Desrochers + and is released under the BSD-2-Clause license. + - The semaphore implementation used inside the queue implementation is written by Jeff Preshing and + licensed under the zlib license \ No newline at end of file diff --git a/test/_test_data/test_pkg_ignore_readme_contents/.scanignore b/test/_test_data/test_pkg_ignore_readme_contents/.scanignore new file mode 100644 index 0000000..bd7ea7b --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/.scanignore @@ -0,0 +1,4 @@ +.hidden/* +README.md + +README.* # comment in any kind \ No newline at end of file diff --git a/test/_test_data/test_pkg_ignore_readme_contents/LICENSE b/test/_test_data/test_pkg_ignore_readme_contents/LICENSE new file mode 100644 index 0000000..feacae9 --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/LICENSE @@ -0,0 +1,60 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. +"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. + +"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. +3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. +4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: +(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and +(b) You must cause any modified files to carry prominent notices stating that You changed the files; and +(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and +(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. +You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. +6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. +7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. +8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. +9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + +To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/test/_test_data/test_pkg_ignore_readme_contents/README.md b/test/_test_data/test_pkg_ignore_readme_contents/README.md new file mode 100644 index 0000000..ffc2b19 --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/README.md @@ -0,0 +1,8 @@ +This readme contains some random license names that shall NOT be checked. + +The majority of this library is licensed under the Apache-2.0 licensed. However, certain parts are +licensed under different licenses: + - The queue used inside the communication structures is originally written by Cameron Desrochers + and is released under the BSD-2-Clause license. + - The semaphore implementation used inside the queue implementation is written by Jeff Preshing and + licensed under the zlib license \ No newline at end of file diff --git a/test/_test_data/test_pkg_ignore_readme_contents/README.txt b/test/_test_data/test_pkg_ignore_readme_contents/README.txt new file mode 100644 index 0000000..9cad38d --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/README.txt @@ -0,0 +1,8 @@ +This readme contains some random license names that shall NOT be checked, here as txt. + +The majority of this library is licensed under the Apache-2.0 licensed. However, certain parts are +licensed under different licenses: + - The queue used inside the communication structures is originally written by Cameron Desrochers + and is released under the BSD-2-Clause license. + - The semaphore implementation used inside the queue implementation is written by Jeff Preshing and + licensed under the zlib license \ No newline at end of file diff --git a/test/_test_data/test_pkg_ignore_readme_contents/code_with_license.py b/test/_test_data/test_pkg_ignore_readme_contents/code_with_license.py new file mode 100644 index 0000000..6d61d8a --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/code_with_license.py @@ -0,0 +1,19 @@ +# Copyright 2020 The Author + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import sys + +if __name__ == "__main__": + print("hi") + sys.exit(0) diff --git a/test/_test_data/test_pkg_ignore_readme_contents/package.xml b/test/_test_data/test_pkg_ignore_readme_contents/package.xml new file mode 100644 index 0000000..c03fd28 --- /dev/null +++ b/test/_test_data/test_pkg_ignore_readme_contents/package.xml @@ -0,0 +1,6 @@ + + + + test_pkg_ignore_readme_contents + Apache-2.0 + diff --git a/test/_test_data/test_pkg_too_many_license_files/LICENSE b/test/_test_data/test_pkg_too_many_license_files/LICENSE new file mode 100644 index 0000000..008ba30 --- /dev/null +++ b/test/_test_data/test_pkg_too_many_license_files/LICENSE @@ -0,0 +1,46 @@ +The Academic Free License + v. 2.0 + +This Academic Free License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following notice immediately following the copyright notice for the Original Work: +Licensed under the Academic Free License version 2.0 + +1) Grant of Copyright License. Licensor hereby grants You a world-wide, royalty-free, non-exclusive, perpetual, sublicenseable license to do the following: +a) to reproduce the Original Work in copies; + +b) to prepare derivative works ("Derivative Works") based upon the Original Work; + +c) to distribute copies of the Original Work and Derivative Works to the public; + +d) to perform the Original Work publicly; and + +e) to display the Original Work publicly. + +2) Grant of Patent License. Licensor hereby grants You a world-wide, royalty-free, non-exclusive, perpetual, sublicenseable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, to make, use, sell and offer for sale the Original Work and Derivative Works. + +3) Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor hereby agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work, and by publishing the address of that information repository in a notice immediately following the copyright notice that applies to the Original Work. + +4) Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior written permission of the Licensor. Nothing in this License shall be deemed to grant any rights to trademarks, copyrights, patents, trade secrets or any other intellectual property of Licensor except as expressly stated herein. No patent license is granted to make, use, sell or offer to sell embodiments of any patent claims other than the licensed claims defined in Section 2. No right is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under different terms from this License any Original Work that Licensor otherwise would have a right to license. + +5) This section intentionally omitted. + +6) Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work. + +7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately proceeding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to Original Work is granted hereunder except under this disclaimer. + +8) Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to any person for any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to liability for death or personal injury resulting from Licensor's negligence to the extent applicable law prohibits such limitation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this exclusion and limitation may not apply to You. + +9) Acceptance and Termination. If You distribute copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. Nothing else but this License (or another written agreement between Licensor and You) grants You permission to create Derivative Works based upon the Original Work or to exercise any of the rights granted in Section 1 herein, and any attempt to do so except under the terms of this License (or another written agreement between Licensor and You) is expressly prohibited by U.S. copyright law, the equivalent laws of other countries, and by international treaty. Therefore, by exercising any of the rights granted to You in Section 1 herein, You indicate Your acceptance of this License and all of its terms and conditions. + +10) Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, for patent infringement (i) against Licensor with respect to a patent applicable to software or (ii) against any entity with respect to a patent applicable to the Original Work (but excluding combinations of the Original Work with other software or hardware). + +11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of the U.S. Copyright Act, 17 U.S.C. � 101 et seq., the equivalent laws of other countries, and international treaty. This section shall survive the termination of this License. + +12) Attorneys Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License. + +13) Miscellaneous. This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. + +14) Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +15) Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You. + +This license is Copyright (C) 2003 Lawrence E. Rosen. All rights reserved. Permission is hereby granted to copy and distribute this license without modification. This license may not be modified without the express written permission of its copyright owner. \ No newline at end of file diff --git a/test/_test_data/test_pkg_too_many_license_files/apl.LICENSE b/test/_test_data/test_pkg_too_many_license_files/apl.LICENSE new file mode 100644 index 0000000..6b0b127 --- /dev/null +++ b/test/_test_data/test_pkg_too_many_license_files/apl.LICENSE @@ -0,0 +1,203 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/test/_test_data/test_pkg_too_many_license_files/bsd.LICENSE b/test/_test_data/test_pkg_too_many_license_files/bsd.LICENSE new file mode 100644 index 0000000..d97fba8 --- /dev/null +++ b/test/_test_data/test_pkg_too_many_license_files/bsd.LICENSE @@ -0,0 +1,11 @@ +Copyright 1995 Foo Bar + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/test/_test_data/test_pkg_too_many_license_files/package.xml b/test/_test_data/test_pkg_too_many_license_files/package.xml new file mode 100644 index 0000000..7524c26 --- /dev/null +++ b/test/_test_data/test_pkg_too_many_license_files/package.xml @@ -0,0 +1,6 @@ + + + + test_pkg_too_many_license_files + AFL-2.0 + diff --git a/test/systemtest/test_all_packages.py b/test/systemtest/test_all_packages.py index 90a63d5..6b75762 100644 --- a/test/systemtest/test_all_packages.py +++ b/test/systemtest/test_all_packages.py @@ -42,6 +42,7 @@ def test_all(self): self.assertIn(b"test_pkg_deep", stdout) self.assertIn(b"test_pkg_both_tags_not_spdx", stdout) self.assertIn(b"test_pkg_both_tags_not_spdx_one_file_own", stdout) + self.assertIn(b"test_pkg_code_has_no_license", stdout) self.assertIn(b"test_pkg_has_code_disjoint", stdout) self.assertIn(b"test_pkg_has_code_of_different", stdout) self.assertIn(b"test_pkg_has_code_of_different_license", stdout) @@ -49,6 +50,7 @@ def test_all(self): b"test_pkg_has_code_of_different_license_and_tag", stdout) self.assertIn( b"test_pkg_has_code_of_different_license_and_wrong_tag", stdout) + self.assertIn(b"test_pkg_ignore_readme_contents", stdout) self.assertIn(b"test_pkg_name_not_in_spdx", stdout) self.assertIn(b"test_pkg_no_file_attribute", stdout) self.assertIn(b"test_pkg_no_license", stdout) @@ -56,6 +58,7 @@ def test_all(self): self.assertIn(b"test_pkg_one_correct_one_license_file_missing", stdout) self.assertIn(b"test_pkg_spdx_name", stdout) self.assertIn(b"test_pkg_spdx_tag", stdout) + self.assertIn(b"test_pkg_too_many_license_files", stdout) self.assertIn(b"test_pkg_tag_not_spdx", stdout) self.assertIn(b"test_pkg_unknown_license", stdout) self.assertIn(b"test_pkg_unknown_license_missing_file", stdout) diff --git a/test/systemtest/test_separate_pkgs.py b/test/systemtest/test_separate_pkgs.py index a81f28f..94382ee 100644 --- a/test/systemtest/test_separate_pkgs.py +++ b/test/systemtest/test_separate_pkgs.py @@ -65,6 +65,14 @@ def test_pkg_both_tags_not_spdx_one_file_own(self): "test/_test_data/test_pkg_both_tags_not_spdx_one_file_own" ])) + def test_pkg_code_has_no_license(self): + """Test on a package that has a correct package.xml with a license + linked, but the source file is not referenced. Source file itself has + no license declaration in it.""" + process, stdout = open_subprocess("test_pkg_code_has_no_license") + self.assertEqual(os.EX_OK, process.returncode) + self.assertNotIn(b"WARNING", stdout) + def test_pkg_has_code_disjoint(self): """Test on a package with two disjoint sets of source files under a license different from the package main license.""" @@ -94,6 +102,12 @@ def test_pkg_has_code_of_different_license_and_wrong_tag(self): ["test/_test_data/" "test_pkg_has_code_of_different_license_and_wrong_tag"])) + def test_pkg_ignore_readme_contents(self): + """Test on a package with readme files. READMEs mention licenses + that are not in package and shall therefore be ignored.""" + test_result = main(["test/_test_data/test_pkg_ignore_readme_contents"]) + self.assertEqual(os.EX_OK, test_result) + def test_pkg_name_not_in_spdx(self): """Test on a package that has valid License file with BSD-3-Clause but its license tag BSD is not in SPDX format""" @@ -135,6 +149,15 @@ def test_pkg_spdx_tag(self): self.assertEqual(os.EX_OK, main( ["test/_test_data/test_pkg_spdx_tag"])) + def test_pkg_too_many_license_files(self): + """"Test on a package with multiple License files that are not + declared by any tag and could therefore be removed.""" + process, stdout = open_subprocess("test_pkg_too_many_license_files") + self.assertEqual(os.EX_DATAERR, process.returncode) + self.assertIn(b"bsd.LICENSE", stdout) + self.assertIn(b"apl.LICENSE", stdout) + self.assertNotIn(b"../../../LICENSE", stdout) + def test_pkg_tag_not_spdx(self): """Test on a package that has one linked declaration, one code file but not in SPDX tag. Tag must be gotten from declaration.""" @@ -189,10 +212,9 @@ def test_pkg_with_multiple_licenses_one_referenced_incorrect(self): def test_pkg_wrong_license_file(self): """Test on a package with a license text file that does not match - the license declared in the package.xml.""" - process, stdout = open_subprocess("test_pkg_wrong_license_file") - self.assertEqual(os.EX_OK, process.returncode) - self.assertIn(b"WARNING", stdout) + the license declared in the package.xml, both tag and file in spdx""" + self.assertEqual(os.EX_DATAERR, main( + ["test/_test_data/test_pkg_wrong_license_file"])) def open_subprocess(test_data_name: str):