Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing License in License Extraction List #1245

Open
yashkohli88 opened this issue Dec 6, 2024 · 1 comment
Open

Missing License in License Extraction List #1245

yashkohli88 opened this issue Dec 6, 2024 · 1 comment

Comments

@yashkohli88
Copy link
Contributor

Issue Description

Various licenses are getting skipped and not reported because those licenses are missing in the list that helps in extracting licenses from the License URL. These licenses are excluded because the extractLicenseFromLicenseUrl function checks the _licenseUrlOverrides list in the util.js file for regular expression matches. Currently, this list does not include any entries for the below licenses.

  1. LGPL-2.1
  2. MPL-2.0
  3. MPL-1.1
  4. EPL-2.0
  5. EPL-1.0
  6. EDL-1.0
  7. CDDL1.1 or GPL-2.0-with-classpath-exception

Below are the few components where we found this issue -

Affected Component 1

  • Component: ch.qos.logback/logback-classic
  • Version: 1.5.11
  • Details: Declared License is marked as LGPL2.1 where we have LGPL2.1 and EPL in the manifest.summary.

Affected Component 2

  • Component: com.sun.xml.bind/jaxb-impl
  • Version: 2.3.5
  • Details: Declared License is NOASSERTION as the license in manifest.summary is EDL.

Steps to Reproduce

  1. Utilize the extractLicenseFromLicenseUrl function to check for licenses in the mentioned above components.
  2. Observe that the EPL is not identified due to missing entries in the _licenseUrlOverrides list and returns null which causes declared license to miss eclipse related licenses

Proposed Solution

Include a regular expression for detecting the licenses mentioned above in the _licenseUrlOverrides list within the util.js file to ensure correct license extraction.

Additional Information - Below are the license details for missing licenses

  1.                "name": [
                     "Eclipse Distribution License - v 1.0"
                   ],
                   "url": [
                     "http://www.eclipse.org/org/documents/edl-v10.php"
                   ]
                 }
    
    
  2.                "name": [
                     "Eclipse Public License - v 1.0"
                   ],
                   "url": [
                     "http://www.eclipse.org/legal/epl-v10.html"
                   ]
                 }
    
@yashkohli88
Copy link
Contributor Author

yashkohli88 commented Dec 6, 2024

Missing licenses to be added in _licenseUrlOverrides list in utils.js

Eclipse - https://clearlydefined.io/definitions/sourcearchive/mavencentral/ch.qos.logback/logback-classic/1.5.11

{
    test: /^\w*https?:\/\/(?:www\.)?eclipse\.org\/legal\/epl-v10\.html$/i,
    license: 'EPL-1.0'
}

MPL - https://repo1.maven.org/maven2/org/javassist/javassist/3.30.2-GA/javassist-3.30.2-GA.pom

  {
    test: /^\w*https?:\/\/(?:www\.)?mozilla\.org(?:\/en-US)?\/MPL\/(MPL-1\.1\.html|1\.1\/)$/i,
    license: 'MPL-1.1'
  }

Other versions of these also needs to be added. Also, Eclipse distribution license needs to be added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant