Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positives in CocoaLumberjack #2551

Closed
MarcelBochtler opened this issue Jun 14, 2021 · 4 comments
Closed

False positives in CocoaLumberjack #2551

MarcelBochtler opened this issue Jun 14, 2021 · 4 comments
Labels
bug license scan

Comments

@MarcelBochtler
Copy link
Contributor

Description

ScanCode reports GPL-1.0-or-later in multiple CocoaLumberjack files, although it declares the BSD Source Code Attribution License.

Example files:

  • Pods/CocoaLumberjack/Sources/CocoaLumberjack/DDOSLogger.m Line 6-14
  • Pods/CocoaLumberjack/Sources/CocoaLumberjack/include/CocoaLumberjack/DDLog.h Line 6-14

and more


How To Reproduce

Scan https://github.com/CocoaLumberjack/CocoaLumberjack with ScanCode.

System configuration

  • What OS are you running on? (Windows/MacOS/Linux)
    Linux
  • What version of scancode-toolkit was used to generate the scan file?
    3.2.1-rc2
  • What installation method was used to install/run scancode? (pip/source download/other)
    Bootstrapped via ORT.
@MarcelBochtler MarcelBochtler changed the title False posi False positives in CocoaLumberjack Jun 14, 2021
@pombredanne
Copy link
Member

Thank you for the report!

@pombredanne pombredanne mentioned this issue Aug 20, 2021
Closed
7 tasks
@pombredanne pombredanne mentioned this issue Mar 5, 2022
Open
@pombredanne
Copy link
Member

This is the same as #2603 that I closed as a duplicate of this.

Carrying over the notes from there:

See https://github.com/CocoaLumberjack/CocoaLumberjack/blob/e518eb6e362df327574ba5e04269cd6d29f40aec/Integration/Sources/AppDelegate.h

We detected:

      "license_expressions": [
        "bsd-new",
        "bsd-axis-nomod OR gpl-1.0-plus",
        "flex-2.5"
      ],

but the license is a subset of a bsd-new: clause 1 and 3, minus a disclaimer

// Software License Agreement (BSD License)
//
// Copyright (c) 2010-2021, Deusty, LLC
// All rights reserved.
//
// Redistribution and use of this software in source and binary forms,
// with or without modification, are permitted provided that the following conditions are met:
//
// * Redistributions of source code must retain the above copyright notice,
//   this list of conditions and the following disclaimer.
//
// * Neither the name of Deusty nor the names of its contributors may be used
//   to endorse or promote products derived from this software without specific
//   prior written permission of Deusty, LLC.

Yet otherwise the root license is a bsd-new:
https://github.com/CocoaLumberjack/CocoaLumberjack/blob/4eacc74ce77aae3282898101827f5b62731a379c/LICENSE

This is called https://scancode-licensedb.aboutcode.org/bsd-source-code.html and the missing disclaimer is not critical to make it a separate new license.

@pombredanne
Copy link
Member

Note that the latest develop branch has these results:

headers:
    -   tool_name: scancode-toolkit
        tool_version: 31.0.0b1
        options:
            input:
                - AppDelegate.h
            --license: yes
            --license-text: yes
            --license-text-diagnostics: yes
            --yaml: '-'
        notice: |
            Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
            OR CONDITIONS OF ANY KIND, either express or implied. No content created from
            ScanCode should be considered or used as legal advice. Consult an Attorney
            for any legal advice.
            ScanCode is a free software code scanning tool from nexB Inc. and others.
            Visit https://github.com/nexB/scancode-toolkit/ for support and download.
        start_timestamp: '2022-03-11T092209.470301'
        end_timestamp: '2022-03-11T092211.536748'
        output_format_version: 2.0.0
        duration: '2.06646728515625'
        message:
        errors: []
        extra_data:
            spdx_license_list_version: '3.16'
            files_count: 1
files:
    -   path: AppDelegate.h
        type: file
        licenses:
            -   key: bsd-new
                score: '99.0'
                name: BSD-3-Clause
                short_name: BSD-3-Clause
                category: Permissive
                is_exception: no
                is_unknown: no
                owner: Regents of the University of California
                homepage_url: http://www.opensource.org/licenses/BSD-3-Clause
                text_url: http://www.opensource.org/licenses/BSD-3-Clause
                reference_url: https://scancode-licensedb.aboutcode.org/bsd-new
                scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-new.LICENSE
                scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-new.yml
                spdx_license_key: BSD-3-Clause
                spdx_url: https://spdx.org/licenses/BSD-3-Clause
                start_line: 1
                end_line: 1
                matched_rule:
                    identifier: bsd-new_509.RULE
                    license_expression: bsd-new
                    licenses:
                        - bsd-new
                    referenced_filenames: []
                    is_license_text: no
                    is_license_notice: no
                    is_license_reference: yes
                    is_license_tag: no
                    is_license_intro: no
                    has_unknown: no
                    matcher: 2-aho
                    rule_length: 5
                    matched_length: 5
                    match_coverage: '100.0'
                    rule_relevance: 99
                matched_text: Software License Agreement (BSD License)
            -   key: bsd-source-code
                score: '99.0'
                name: BSD Source Code Attribution
                short_name: BSD Source Code Attribution
                category: Permissive
                is_exception: no
                is_unknown: no
                owner: TSRM
                homepage_url: https://github.com/infusion/PHP/blob/master/TSRM/LICENSE
                text_url: https://github.com/infusion/PHP/blob/master/TSRM/LICENSE
                reference_url: https://scancode-licensedb.aboutcode.org/bsd-source-code
                scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-source-code.LICENSE
                scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-source-code.yml
                spdx_license_key: BSD-Source-Code
                spdx_url: https://spdx.org/licenses/BSD-Source-Code
                start_line: 6
                end_line: 14
                matched_rule:
                    identifier: bsd-source-code_11.RULE
                    license_expression: bsd-source-code
                    licenses:
                        - bsd-source-code
                    referenced_filenames: []
                    is_license_text: yes
                    is_license_notice: no
                    is_license_reference: no
                    is_license_tag: no
                    is_license_intro: no
                    has_unknown: no
                    matcher: 2-aho
                    rule_length: 73
                    matched_length: 73
                    match_coverage: '100.0'
                    rule_relevance: 99
                matched_text: |
                    Redistribution and use of this software in source and binary forms,
                    // with or without modification, are permitted provided that the following conditions are met:
                    //
                    // * Redistributions of source code must retain the above copyright notice,
                    //   this list of conditions and the following disclaimer.
                    //
                    // * Neither the name of Deusty nor the names of its contributors may be used
                    //   to endorse or promote products derived from this software without specific
                    //   prior written permission of Deusty, LLC.
        license_expressions:
            - bsd-new
            - bsd-source-code
        percentage_of_license_text: '77.23'
        scan_errors: []

.... this is better but not prefect yet.

pombredanne added a commit that referenced this issue Mar 11, 2022
@pombredanne
Correct false positive in CocoaLumberjack
90056f2 
This project has an odd licensing with a complicated history

Reference: CocoaLumberjack/CocoaLumberjack#1116
Reference: CocoaLumberjack/CocoaLumberjack#936
Reference: CocoaLumberjack/CocoaLumberjack#696
Reference: #2551
Reference: #2603
Reported-by: Marcel Bochtler <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
@AyanSinhaMahapatra
Copy link
Member

This is fixed in the current develop, attaching scan results for CocoaLumberjack.

cocoalumberjack-ld-2551.json.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug license scan
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pombredanne @MarcelBochtler @AyanSinhaMahapatra