Skip to content

[ANE-2297] include the archive name in paths for vendored deps and first-party-license scans #1520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 10, 2025
Merged

[ANE-2297] include the archive name in paths for vendored deps and first-party-license scans #1520

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
354c743
include the archive name in paths for vendored deps and first-party-s…
spatten Mar 6, 2025
2aa290f
no need to import parent anymore
spatten Mar 6, 2025
26db4c6
add slash for nested archives
spatten Mar 6, 2025
bcb74ae
fix tests
spatten Mar 6, 2025
5c1882f
update the Changelog
spatten Mar 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
# FOSSA CLI Changelog
## 3.10.3

License Scanning: Added the archive name to the path for licenses found inside of archives during vendored dependency and first-party license scanning ([#1520](https://github.com/fossas/fossa-cli/pull/1520))

## 3.10.2

Expand Down
10 changes: 5 additions & 5 deletions integration-test/Analysis/LicenseScannerSpec.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,8 +102,8 @@ spec = do
Success _ us -> do
length us `shouldBe` 3
NE.sort (NE.map licenseUnitName us) `shouldBe` NE.fromList ["No_license_found", "apache-2.0", "mit"]
NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo/bar/MIT_LICENSE", "vendor/foo/bar/baz/SOMETHING_LICENSE", "vendor/foo/bar/baz/quux/QUUX_LICENSE"]
NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo/bar/bar_apache.rb", "vendor/foo/bar/baz/something.rb"]
NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/MIT_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/SOMETHING_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/quux.tar.gz/quux/QUUX_LICENSE"]
NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/bar_apache.rb", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/something.rb"]
-- matchData should exist
let matchData = concatMap NE.toList $ NE.toList (fromMaybe (NE.fromList []) . licenseUnitDataMatchData <$> licenseUnitData mitUnit)
licenseUnitMatchDataMatchString <$> matchData `shouldBe` [Just mitLicense, Just mitLicense, Just mitLicense]
Expand All @@ -125,8 +125,8 @@ spec = do
Success _ us -> do
length us `shouldBe` 3
NE.sort (NE.map licenseUnitName us) `shouldBe` NE.fromList ["No_license_found", "apache-2.0", "mit"]
NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo/bar/MIT_LICENSE", "vendor/foo/bar/baz/SOMETHING_LICENSE", "vendor/foo/bar/baz/quux/QUUX_LICENSE"]
NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo/bar/bar_apache.rb", "vendor/foo/bar/baz/something.rb"]
NE.sort (licenseUnitFiles mitUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/MIT_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/SOMETHING_LICENSE", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/quux.tar.gz/quux/QUUX_LICENSE"]
NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/bar_apache.rb", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/something.rb"]
-- We should get Contents since we're running themis with --srclib-with-full-files
licenseUnitDataContents <$> licenseUnitData mitUnit `shouldBe` NE.fromList [Just mitLicense, Just mitLicense, Just mitLicense]
-- matchData should be all Nothing
Expand All @@ -149,7 +149,7 @@ spec = do
Success _ us -> do
length us `shouldBe` 1
NE.sort (NE.map licenseUnitName us) `shouldBe` NE.fromList ["apache-2.0"]
NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo/bar/bar_apache.rb", "vendor/foo/bar/baz/something.rb"]
NE.sort (licenseUnitFiles apacheUnit) `shouldBe` NE.fromList ["vendor/foo.tar.gz/foo/bar.tar.gz/bar/bar_apache.rb", "vendor/foo.tar.gz/foo/bar.tar.gz/bar/baz.tar.gz/baz/something.rb"]
where
apacheUnit :: LicenseUnit
apacheUnit = fromMaybe emptyLicenseUnit (head' $ NE.filter (\u -> licenseUnitName u == "apache-2.0") us)
9 changes: 5 additions & 4 deletions src/App/Fossa/LicenseScanner.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ import Fossa.API.Types (
OrgId,
Organization (organizationId),
)
import Path (Abs, Dir, File, Path, SomeBase (Abs, Rel), fileExtension, parent, (</>))
import Path (Abs, Dir, File, Path, SomeBase (Abs, Rel), fileExtension, toFilePath, (</>))
import Path.Extra (SomePath (..), tryMakeRelative)
import Prettyprinter (Pretty (pretty))
import Srclib.Types (
Expand All @@ -80,6 +80,7 @@ import Srclib.Types (
LicenseUnit (..),
Locator (..),
)
import System.FilePath qualified as FP
import Types (LicenseScanPathFilters (licenseScanPathFilterFileExclude))

data LicenseScanErr
Expand Down Expand Up @@ -139,7 +140,7 @@ recursivelyScanArchives ::
recursivelyScanArchives pathPrefix licenseScanPathFilters uploadKind dir = flip walk' dir $
\_ _ files -> do
let process file unpackedDir = do
let updatedPathPrefix = pathPrefix <> getPathPrefix dir (parent file)
let updatedPathPrefix = pathPrefix <> getPathPrefix dir file
currentDirResults <- withThemisAndIndex $ themisRunner updatedPathPrefix licenseScanPathFilters uploadKind unpackedDir
recursiveResults <- recursivelyScanArchives updatedPathPrefix licenseScanPathFilters uploadKind unpackedDir
pure $ currentDirResults <> recursiveResults
Expand Down Expand Up @@ -240,7 +241,7 @@ getPathPrefix :: Path Abs Dir -> Path Abs t -> Text
getPathPrefix baseDir scanPath = do
case tryMakeRelative baseDir scanPath of
Path.Abs _ -> Text.empty
Path.Rel path -> toText path
Path.Rel path -> toText $ FP.addTrailingPathSeparator $ toFilePath path

scanArchive ::
( Has Diagnostics sig m
Expand All @@ -264,7 +265,7 @@ scanArchive baseDir licenseScanPathFilters uploadKind file = runFinally $ do
Just units -> pure units
where
pathPrefix :: Text
pathPrefix = getPathPrefix baseDir (parent $ scanFile file)
pathPrefix = getPathPrefix baseDir $ scanFile file

scanDirectory ::
( Has Exec sig m
Expand Down
Loading