Skip to content

Commit

Permalink
🐛 fix Unlicense detection (ossf#4145)
Browse files Browse the repository at this point in the history
* fix unlicense detection

The code previously had some special logic for handling the Unlicense SPDX
identifier. While this worked for local file detection, it broke detection for
SPDX identifiers provided by the forge. This change moves the logic to the part
of the code concerned with local file detection, so both work now.

Signed-off-by: Spencer Schrock <[email protected]>

* remove part of comment which is no longer relevant

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
  • Loading branch information
mxmehl committed Jun 7, 2024
1 parent 3da6db5 commit a990ded
Showing 1 changed file with 17 additions and 26 deletions.
43 changes: 17 additions & 26 deletions checks/raw/license.go
Original file line number Diff line number Diff line change
Expand Up @@ -160,17 +160,10 @@ func License(c *checker.CheckRequest) (checker.LicenseData, error) {

// scorecard search stops at first candidate (isLicenseFile) license file found
if path != (checker.LicenseFile{}) {
//
// now it is time to "map it back" in the case of the
// Spdx Identifier for "UNLICENSE" which was mapped to "UN"
// for the regex group match and this check.
// grab what is needed before clobbering the Spdx Identifier
// Aside from 'UN', these settings (Name, Key) match GH repo API
// for when the Spdx Identifier cannot be determined.
path.LicenseInformation.Name = fsfOsiApprovedLicenseCiMap[strings.ToUpper(path.LicenseInformation.SpdxID)].Name
if strings.ToUpper(path.LicenseInformation.SpdxID) == "UN" {
path.LicenseInformation.SpdxID = "UNLICENSE"
} else if path.LicenseInformation.SpdxID == "" {
// these settings (Name, Key) match GH repo API
// for when the Spdx Identifier cannot be determined.
if path.LicenseInformation.SpdxID == "" {
path.LicenseInformation.SpdxID = "NOASSERTION"
path.LicenseInformation.Name = "Other"
}
Expand Down Expand Up @@ -226,19 +219,7 @@ func setCiMap() {
defer ciMapMutex.Unlock()
if len(fsfOsiApprovedLicenseCiMap) == 0 {
for key, entry := range fsfOsiApprovedLicenseMap {
// Special case, the unlicense, in the map is
// called 'The Unlicense' with the Spdx id 'Unlicense'.
// For the regex's 'un' will match the [pre|suf]Spdx
// regex group (just as it would match '0BSD'), but
// 'un' will not "hit" in the map with key 'Unlicense'
// so change to 'UN' for 'unlicense' for 'isLicenseFile()'
// TODO: make this general (pass a key map for changing these
// special cases). For now this is the only one.
if strings.ToUpper(key) == "UNLICENSE" {
fsfOsiApprovedLicenseCiMap["UN"] = entry
} else {
fsfOsiApprovedLicenseCiMap[strings.ToUpper(key)] = entry
}
fsfOsiApprovedLicenseCiMap[strings.ToUpper(key)] = entry
}
}
}
Expand All @@ -261,12 +242,22 @@ func getSpdxID(matches []string) string {
// value, preSpdx takes precedence.
// (e.g., 0BSD-LICENSE-GPL-2.0.txt)
// TODO: decide if that is OK or should "fail"
var id string
if matches[reGroupIdxs["preSpdx"]] != "" {
return matches[reGroupIdxs["preSpdx"]]
id = matches[reGroupIdxs["preSpdx"]]
} else if matches[reGroupIdxs["sufSpdx"]] != "" {
return matches[reGroupIdxs["sufSpdx"]]
id = matches[reGroupIdxs["sufSpdx"]]
}
return ""
// Special case, the unlicense, in the map is
// called 'The Unlicense' with the Spdx id 'Unlicense'.
// For the regex's 'un' will match the [pre|suf]Spdx
// regex group (just as it would match '0BSD'), but
// 'un' will not "hit" in the map with key 'Unlicense'
if strings.EqualFold(id, "UN") {
id = "UNLICENSE"
}

return id
}

func getExt(filename string, matches []string) string {
Expand Down

0 comments on commit a990ded

Please sign in to comment.