Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong LGPL version detection #3742

Open
stefan6419846 opened this issue Apr 18, 2024 · 0 comments
Open

Wrong LGPL version detection #3742

stefan6419846 opened this issue Apr 18, 2024 · 0 comments
Labels
bug

Comments

@stefan6419846
Copy link

Description

https://github.com/cackharot/suds-py3/blob/master/suds/xsd/sxbuiltin.py is being wrongly detected as being (LGPL-2.1-or-later AND LGPL-2.0-or-later) AND LGPL-2.0-or-later, although it explicitly states:

This program is free software; you can redistribute it and/or modify it under the terms of the (LGPL) GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.

Id est, I would expect the results to at least contain a reference to LGPL-3.0, but they do not.

How To Reproduce

  • wget https://github.com/cackharot/suds-py3/raw/1d92cc6297efee31bfd94b50b99c431505d7de21/suds/xsd/sxbuiltin.py
  • scancode -l --license-text --license-text-diagnostics --yaml error.yml sxbuiltin.py
  • cat error.yml

Result

headers:
    -   tool_name: scancode-toolkit
        tool_version: 32.1.0
        options:
            input:
                - sxbuiltin.py
            --license: yes
            --license-text: yes
            --license-text-diagnostics: yes
            --yaml: error.yml
        notice: |
            Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
            OR CONDITIONS OF ANY KIND, either express or implied. No content created from
            ScanCode should be considered or used as legal advice. Consult an Attorney
            for any legal advice.
            ScanCode is a free software code scanning tool from nexB Inc. and others.
            Visit https://github.com/nexB/scancode-toolkit/ for support and download.
        start_timestamp: '2024-04-18T074620.090531'
        end_timestamp: '2024-04-18T074622.941717'
        output_format_version: 3.1.0
        duration: '2.851198196411133'
        message:
        errors: []
        warnings: []
        extra_data:
            system_environment:
                operating_system: linux
                cpu_architecture: 64
                platform: Linux-5.14.21-150400.24.100-default-x86_64-with-glibc2.31
                platform_version: '#1 SMP PREEMPT_DYNAMIC Mon Dec 4 19:12:13 UTC 2023 (3f5cd84)'
                python_version: 3.9.18 (main, Sep 06 2023, 07:49:32) [GCC]
            spdx_license_list_version: '3.23'
            files_count: 1
license_detections:
    -   identifier: lgpl_2_0_plus-bd2014ad-7f5c-e384-8316-a0068fe42d91
        license_expression: lgpl-2.0-plus
        license_expression_spdx: LGPL-2.0-or-later
        detection_count: 1
        reference_matches:
            -   license_expression: lgpl-2.0-plus
                license_expression_spdx: LGPL-2.0-or-later
                from_file: sxbuiltin.py
                start_line: 10
                end_line: 10
                matcher: 2-aho
                score: '100.0'
                matched_length: 7
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: lgpl_3.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_3.RULE
                matched_text: '# ( http://www.gnu.org/licenses/lgpl.html ).'
                matched_text_diagnostics: http://www.gnu.org/licenses/lgpl.html ).
    -   identifier: lgpl_2_1_plus_and_lgpl_2_0_plus-1b9c5c46-437c-b63f-a2f2-53a94bce27c9
        license_expression: lgpl-2.1-plus AND lgpl-2.0-plus
        license_expression_spdx: LGPL-2.1-or-later AND LGPL-2.0-or-later
        detection_count: 1
        reference_matches:
            -   license_expression: lgpl-2.1-plus
                license_expression_spdx: LGPL-2.1-or-later
                from_file: sxbuiltin.py
                start_line: 1
                end_line: 14
                matcher: 3-seq
                score: '95.69'
                matched_length: 111
                match_coverage: '95.69'
                rule_relevance: 100
                rule_identifier: lgpl-2.1-plus_97_2.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl-2.1-plus_97_2.RULE
                matched_text: |
                    # This program is free software; you can redistribute it and/or modify
                    # it under the terms of the (LGPL) GNU Lesser General Public License as
                    # published by the Free Software Foundation; either version 3 of the
                    # License, or (at your option) any later version.
                    #
                    # This program is distributed in the hope that it will be useful,
                    # but WITHOUT ANY WARRANTY; without even the implied warranty of
                    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                    # GNU Library Lesser General Public License for more details at
                    # ( http://www.gnu.org/licenses/lgpl.html ).
                    #
                    # You should have received a copy of the GNU Lesser General Public License
                    # along with this program; if not, write to the Free Software
                    # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
                matched_text_diagnostics: |
                    is free software; you can redistribute it and/or modify
                    # it under the terms of the ([LGPL]) GNU Lesser General Public License as
                    # published by the Free Software Foundation; either version [3] of the
                    # License, or (at your option) any later version.
                    #
                    # This [program] is distributed in the hope that it will be useful,
                    # but WITHOUT ANY WARRANTY; without even the implied warranty of
                    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                    # GNU [Library] [Lesser] General Public License for more details [at]
                    # ( [http]://[www].[gnu].[org]/[licenses]/[lgpl].[html] ).
                    #
                    # You should have received a copy of the GNU Lesser General Public License
                    # along with this program; if not, write to the Free Software
                    # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
            -   license_expression: lgpl-2.0-plus
                license_expression_spdx: LGPL-2.0-or-later
                from_file: sxbuiltin.py
                start_line: 2
                end_line: 2
                matcher: 2-aho
                score: '75.0'
                matched_length: 1
                match_coverage: '100.0'
                rule_relevance: 75
                rule_identifier: lgpl_bare_single_word.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE
                matched_text: '# it under the terms of the (LGPL) GNU Lesser General Public
                    License as'
                matched_text_diagnostics: LGPL)
files:
    -   path: sxbuiltin.py
        type: file
        detected_license_expression: (lgpl-2.1-plus AND lgpl-2.0-plus) AND lgpl-2.0-plus
        detected_license_expression_spdx: (LGPL-2.1-or-later AND LGPL-2.0-or-later) AND LGPL-2.0-or-later
        license_detections:
            -   license_expression: lgpl-2.1-plus AND lgpl-2.0-plus
                license_expression_spdx: LGPL-2.1-or-later AND LGPL-2.0-or-later
                matches:
                    -   license_expression: lgpl-2.1-plus
                        spdx_license_expression: LGPL-2.1-or-later
                        from_file: sxbuiltin.py
                        start_line: 1
                        end_line: 14
                        matcher: 3-seq
                        score: '95.69'
                        matched_length: 111
                        match_coverage: '95.69'
                        rule_relevance: 100
                        rule_identifier: lgpl-2.1-plus_97_2.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl-2.1-plus_97_2.RULE
                        matched_text: |
                            # This program is free software; you can redistribute it and/or modify
                            # it under the terms of the (LGPL) GNU Lesser General Public License as
                            # published by the Free Software Foundation; either version 3 of the
                            # License, or (at your option) any later version.
                            #
                            # This program is distributed in the hope that it will be useful,
                            # but WITHOUT ANY WARRANTY; without even the implied warranty of
                            # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                            # GNU Library Lesser General Public License for more details at
                            # ( http://www.gnu.org/licenses/lgpl.html ).
                            #
                            # You should have received a copy of the GNU Lesser General Public License
                            # along with this program; if not, write to the Free Software
                            # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
                        matched_text_diagnostics: |
                            is free software; you can redistribute it and/or modify
                            # it under the terms of the ([LGPL]) GNU Lesser General Public License as
                            # published by the Free Software Foundation; either version [3] of the
                            # License, or (at your option) any later version.
                            #
                            # This [program] is distributed in the hope that it will be useful,
                            # but WITHOUT ANY WARRANTY; without even the implied warranty of
                            # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                            # GNU [Library] [Lesser] General Public License for more details [at]
                            # ( [http]://[www].[gnu].[org]/[licenses]/[lgpl].[html] ).
                            #
                            # You should have received a copy of the GNU Lesser General Public License
                            # along with this program; if not, write to the Free Software
                            # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
                    -   license_expression: lgpl-2.0-plus
                        spdx_license_expression: LGPL-2.0-or-later
                        from_file: sxbuiltin.py
                        start_line: 2
                        end_line: 2
                        matcher: 2-aho
                        score: '75.0'
                        matched_length: 1
                        match_coverage: '100.0'
                        rule_relevance: 75
                        rule_identifier: lgpl_bare_single_word.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_bare_single_word.RULE
                        matched_text: '# it under the terms of the (LGPL) GNU Lesser General
                            Public License as'
                        matched_text_diagnostics: LGPL)
                identifier: lgpl_2_1_plus_and_lgpl_2_0_plus-1b9c5c46-437c-b63f-a2f2-53a94bce27c9
            -   license_expression: lgpl-2.0-plus
                license_expression_spdx: LGPL-2.0-or-later
                matches:
                    -   license_expression: lgpl-2.0-plus
                        spdx_license_expression: LGPL-2.0-or-later
                        from_file: sxbuiltin.py
                        start_line: 10
                        end_line: 10
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 7
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: lgpl_3.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/lgpl_3.RULE
                        matched_text: '# ( http://www.gnu.org/licenses/lgpl.html ).'
                        matched_text_diagnostics: http://www.gnu.org/licenses/lgpl.html ).
                identifier: lgpl_2_0_plus-bd2014ad-7f5c-e384-8316-a0068fe42d91
        license_clues: []
        percentage_of_license_text: '16.26'
        scan_errors: []

System configuration

OpenSUSE Leap 15.4, running Python 3.9 with scancode-toolkit==32.1.0, installed from PIP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stefan6419846