False positive for LicenseRef-scancode-elastic-license-2018

[sschuberth]

Description

ScanCode 30.1.0 falsely reports a finding of LicenseRef-scancode-elastic-license-2018.

How To Reproduce

Run scancode --license --json-pp - README.md where README.md contains

Copyright (c) 2015 STMicroelectronics.

This software component is licensed by  ST under Ultimate Liberty license SLA0044, the "License". You may not use this file except in compliance with this license. You may obtain a copy of the license [here](https://www.st.com/SLA0044).

which gets you

  "path": "README.md",
  "type": "file",
  "licenses": [
    {
      "key": "elastic-license-2018",
      "score": 66.67,
      "name": "Elastic License Agreement 2018",
      "short_name": "Elastic License 2018",
      "category": "Source-available",
      "is_exception": false,
      "is_unknown": false,
      "owner": "Elastic",
      "homepage_url": "https://github.com/elastic/elasticsearch/blob/0d8aa7527e242fbda9d84867ab8bc955758eebce/licenses/ELASTIC-LICENSE.txt",
      "text_url": "https://github.com/elastic/elasticsearch/blob/0d8aa7527e242fbda9d84867ab8bc955758eebce/licenses/ELASTIC-LICENSE.txt",
      "reference_url": "https://scancode-licensedb.aboutcode.org/elastic-license-2018",
      "scancode_text_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/elastic-license-2018.LICENSE",
      "scancode_data_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/elastic-license-2018.yml",
      "spdx_license_key": "LicenseRef-scancode-elastic-license-2018",
      "spdx_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/elastic-license-2018.LICENSE",
      "start_line": 26,
      "end_line": 26,
      "matched_rule": {
        "identifier": "elastic_1.RULE",
        "license_expression": "elastic-license-2018",
        "licenses": [
          "elastic-license-2018"
        ],
        "referenced_filenames": [],
        "is_license_text": false,
        "is_license_notice": true,
        "is_license_reference": false,
        "is_license_tag": false,
        "is_license_intro": false,
        "has_unknown": false,
        "matcher": "3-seq",
        "rule_length": 18,
        "matched_length": 12,
        "match_coverage": 66.67,
        "rule_relevance": 100
      }
    }
  ]

System configuration

ScanCode 30.1.0 built from source on Ubuntu 18.04.

[pombredanne]

Thanks! the ST license needs a new rule for this notice and and the elastic rules need to have a stricter key phrases added.

[adityasangave]

I started working on this issue but scanning README.md gave different results
files": [ { "path": "README.md", "type": "file", "licenses": [ { "key": "mit", "score": 68.75, "name": "MIT License", "short_name": "MIT License", "category": "Permissive", "is_exception": false, "is_unknown": false, "owner": "MIT", "homepage_url": "http://opensource.org/licenses/mit-license.php", "text_url": "http://opensource.org/licenses/mit-license.php", "reference_url": "https://scancode-licensedb.aboutcode.org/mit", "scancode_text_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/mit.LICENSE", "scancode_data_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/mit.yml", "spdx_license_key": "MIT", "spdx_url": "https://spdx.org/licenses/MIT", "start_line": 3, "end_line": 3, "matched_rule": { "identifier": "mit_344.RULE", "license_expression": "mit", "licenses": [ "mit" ], "referenced_filenames": [], "is_license_text": false, "is_license_notice": true, "is_license_reference": false, "is_license_tag": false, "is_license_intro": false, "has_unknown": false, "matcher": "3-seq", "rule_length": 32, "matched_length": 22, "match_coverage": 68.75, "rule_relevance": 100 } } ], "license_expressions": [ "mit" ], "percentage_of_license_text": 51.16, "scan_errors": [] } ] }

[pombredanne]

@adii21-Ux I just saw your comment... can you elaborate a bit? may be pasting the --yaml output can help as this is hard to read otherwise

[sschuberth]

In any case, "MIT" would also be a false finding ;-)

[pombredanne]

The latest scancode has this right:

license_detections:
    -   identifier: st_mcd_2_0-d126c737-0aa1-309e-2663-b9248cfa8871
        license_expression: st-mcd-2.0
        detection_count: 1
files:
    -   path: es
        type: file
        detected_license_expression: st-mcd-2.0
        detected_license_expression_spdx: LicenseRef-scancode-st-mcd-2.0
        license_detections:
            -   license_expression: st-mcd-2.0
                matches:
                    -   score: '100.0'
                        start_line: 1
                        end_line: 1
                        matched_length: 39
                        match_coverage: '100.0'
                        matcher: 1-hash
                        license_expression: st-mcd-2.0
                        rule_identifier: st-mcd-2.0_12.RULE
                        rule_relevance: 100
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/st-mcd-2.0_12.RULE
                        matched_text: This software component is licensed by  ST under Ultimate
                            Liberty license SLA0044, the "License". You may not use this file
                            except in compliance with this license. You may obtain a copy of
                            the license [here](https://www.st.com/SLA0044).
                identifier: st_mcd_2_0-d126c737-0aa1-309e-2663-b9248cfa8871
        license_clues: []
        percentage_of_license_text: '100.0'
        scan_errors: []

closing this now!