Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Apache-2.0 OR MIT" includes wrong detection of BSD-3-Clause #4088

Open
stefan6419846 opened this issue Jan 13, 2025 · 0 comments
Open

"Apache-2.0 OR MIT" includes wrong detection of BSD-3-Clause #4088

stefan6419846 opened this issue Jan 13, 2025 · 0 comments
Labels
bug

Comments

@stefan6419846
Copy link

Description

https://github.com/python-trio/outcome/blob/master/LICENSE is wrongly being detected as (BSD-3-Clause OR Apache-2.0) AND MIT, where the BSD-3-Clause does not make sense.

How To Reproduce

  • wget https://github.com/python-trio/outcome/blob/6a3192f306ead4900a33fa8c47e5af5430e37692/LICENSE
  • scancode -l --license-text --license-text-diagnostics --yaml error.yml LICENSE
  • cat error.yml

Result

headers:
    -   tool_name: scancode-toolkit
        tool_version: 32.3.0
        options:
            input:
                - LICENSE
            --license: yes
            --license-text: yes
            --license-text-diagnostics: yes
            --yaml: error.yml
        notice: |
            Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
            OR CONDITIONS OF ANY KIND, either express or implied. No content created from
            ScanCode should be considered or used as legal advice. Consult an Attorney
            for any legal advice.
            ScanCode is a free software code scanning tool from nexB Inc. and others.
            Visit https://github.com/nexB/scancode-toolkit/ for support and download.
        start_timestamp: '2025-01-13T092659.026958'
        end_timestamp: '2025-01-13T092709.107190'
        output_format_version: 4.0.0
        duration: '10.080278158187866'
        message:
        errors: []
        warnings: []
        extra_data:
            system_environment:
                operating_system: linux
                cpu_architecture: 64
                platform: Linux-6.4.0-150600.23.30-default-x86_64-with-glibc2.38
                platform_version: '#1 SMP PREEMPT_DYNAMIC Sat Dec  7 08:37:53 UTC 2024 (8c25a0a)'
                python_version: 3.11.10 (main, Sep 18 2024, 22:14:32) [GCC]
            spdx_license_list_version: '3.25'
            files_count: 1
license_detections:
    -   identifier: bsd_new_or_apache_2_0__and_mit-f96a522d-96eb-61c5-b09a-a8f02edeb25b
        license_expression: (bsd-new OR apache-2.0) AND mit
        license_expression_spdx: (BSD-3-Clause OR Apache-2.0) AND MIT
        detection_count: 1
        reference_matches:
            -   license_expression: unknown-license-reference
                license_expression_spdx: LicenseRef-scancode-unknown-license-reference
                from_file: LICENSE
                start_line: '1941'
                end_line: '1941'
                matcher: 2-aho
                score: '100.0'
                matched_length: 5
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: license-intro_62.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/license-intro_62.RULE
                matched_text: available under the terms of *
                matched_text_diagnostics: available under the terms of *
            -   license_expression: bsd-new OR apache-2.0
                license_expression_spdx: BSD-3-Clause OR Apache-2.0
                from_file: LICENSE
                start_line: '1941'
                end_line: '1941'
                matcher: 3-seq
                score: '21.21'
                matched_length: 7
                match_coverage: '21.21'
                rule_relevance: 100
                rule_identifier: bsd-new_or_apache-2.0_3.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/bsd-new_or_apache-2.0_3.RULE
                matched_text: found in LICENSE.APACHE2 or LICENSE.MIT. Contributions to
                matched_text_diagnostics: found in LICENSE.[APACHE2] or LICENSE.[MIT]. Contributions
                    to
            -   license_expression: mit
                license_expression_spdx: MIT
                from_file: LICENSE
                start_line: '1941'
                end_line: '1941'
                matcher: 2-aho
                score: '100.0'
                matched_length: 2
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: mit_30.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                matched_text: LICENSE.MIT.
                matched_text_diagnostics: LICENSE.MIT.
    -   identifier: apache_2_0_and_mit_and__apache_2_0_or_bsd_new__and__bsd_new_or_apache_2_0-afea8c79-f391-ee94-f9d2-558eb9da6c8f
        license_expression: apache-2.0 AND mit AND (apache-2.0 OR bsd-new) AND (bsd-new OR apache-2.0)
        license_expression_spdx: Apache-2.0 AND MIT AND (Apache-2.0 OR BSD-3-Clause) AND (BSD-3-Clause
            OR Apache-2.0)
        detection_count: 1
        reference_matches:
            -   license_expression: apache-2.0
                license_expression_spdx: Apache-2.0
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 2-aho
                score: '100.0'
                matched_length: 2
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: apache-2.0_98.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_98.RULE
                matched_text: LICENSE.APACHE2","
                matched_text_diagnostics: LICENSE.APACHE2","
            -   license_expression: apache-2.0
                license_expression_spdx: Apache-2.0
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 2-aho
                score: '100.0'
                matched_length: 2
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: apache-2.0_98.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_98.RULE
                matched_text: LICENSE.APACHE2","
                matched_text_diagnostics: LICENSE.APACHE2","
            -   license_expression: mit
                license_expression_spdx: MIT
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 2-aho
                score: '100.0'
                matched_length: 2
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: mit_30.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                matched_text: LICENSE.MIT","
                matched_text_diagnostics: LICENSE.MIT","
            -   license_expression: mit
                license_expression_spdx: MIT
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 2-aho
                score: '100.0'
                matched_length: 2
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: mit_30.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                matched_text: LICENSE.MIT","
                matched_text_diagnostics: LICENSE.MIT","
            -   license_expression: apache-2.0 OR bsd-new
                license_expression_spdx: Apache-2.0 OR BSD-3-Clause
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 3-seq
                score: '89.1'
                matched_length: 18
                match_coverage: '90.0'
                rule_relevance: 99
                rule_identifier: apache-2.0_or_bsd-new_8.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_or_bsd-new_8.RULE
                matched_text: |
                    This software is made available under the terms of *either* of the"
                    ,"licenses found in LICENSE.APACHE2 or LICENSE.
                matched_text_diagnostics: |
                    This software is made available under the terms of *either* of the"
                    ,"licenses found in LICENSE.[APACHE2] or LICENSE.
            -   license_expression: bsd-new OR apache-2.0
                license_expression_spdx: BSD-3-Clause OR Apache-2.0
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 3-seq
                score: '45.45'
                matched_length: 15
                match_coverage: '45.45'
                rule_relevance: 100
                rule_identifier: bsd-new_or_apache-2.0_3.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/bsd-new_or_apache-2.0_3.RULE
                matched_text: found in LICENSE.APACHE2 or LICENSE.MIT. Contributions to are","made
                    under the terms of *both* these licenses."],"
                matched_text_diagnostics: found in LICENSE.[APACHE2] or LICENSE.[MIT]. Contributions
                    to [are]","made under the terms of *both* these licenses."],"
            -   license_expression: mit
                license_expression_spdx: MIT
                from_file: LICENSE
                start_line: 1699
                end_line: 1699
                matcher: 2-aho
                score: '100.0'
                matched_length: 2
                match_coverage: '100.0'
                rule_relevance: 100
                rule_identifier: mit_30.RULE
                rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                matched_text: LICENSE.MIT.
                matched_text_diagnostics: LICENSE.MIT.
files:
    -   path: LICENSE
        type: file
        detected_license_expression: (apache-2.0 AND mit AND (apache-2.0 OR bsd-new) AND (bsd-new
            OR apache-2.0)) AND ((bsd-new OR apache-2.0) AND mit)
        detected_license_expression_spdx: (Apache-2.0 AND MIT AND (Apache-2.0 OR BSD-3-Clause)
            AND (BSD-3-Clause OR Apache-2.0)) AND ((BSD-3-Clause OR Apache-2.0) AND MIT)
        license_detections:
            -   license_expression: apache-2.0 AND mit AND (apache-2.0 OR bsd-new) AND (bsd-new
                    OR apache-2.0)
                license_expression_spdx: Apache-2.0 AND MIT AND (Apache-2.0 OR BSD-3-Clause)
                    AND (BSD-3-Clause OR Apache-2.0)
                matches:
                    -   license_expression: apache-2.0
                        license_expression_spdx: Apache-2.0
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 2
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: apache-2.0_98.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_98.RULE
                        matched_text: LICENSE.APACHE2","
                        matched_text_diagnostics: LICENSE.APACHE2","
                    -   license_expression: apache-2.0
                        license_expression_spdx: Apache-2.0
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 2
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: apache-2.0_98.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_98.RULE
                        matched_text: LICENSE.APACHE2","
                        matched_text_diagnostics: LICENSE.APACHE2","
                    -   license_expression: mit
                        license_expression_spdx: MIT
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 2
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: mit_30.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                        matched_text: LICENSE.MIT","
                        matched_text_diagnostics: LICENSE.MIT","
                    -   license_expression: mit
                        license_expression_spdx: MIT
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 2
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: mit_30.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                        matched_text: LICENSE.MIT","
                        matched_text_diagnostics: LICENSE.MIT","
                    -   license_expression: apache-2.0 OR bsd-new
                        license_expression_spdx: Apache-2.0 OR BSD-3-Clause
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 3-seq
                        score: '89.1'
                        matched_length: 18
                        match_coverage: '90.0'
                        rule_relevance: 99
                        rule_identifier: apache-2.0_or_bsd-new_8.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_or_bsd-new_8.RULE
                        matched_text: |
                            This software is made available under the terms of *either* of the"
                            ,"licenses found in LICENSE.APACHE2 or LICENSE.
                        matched_text_diagnostics: |
                            This software is made available under the terms of *either* of the"
                            ,"licenses found in LICENSE.[APACHE2] or LICENSE.
                    -   license_expression: bsd-new OR apache-2.0
                        license_expression_spdx: BSD-3-Clause OR Apache-2.0
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 3-seq
                        score: '45.45'
                        matched_length: 15
                        match_coverage: '45.45'
                        rule_relevance: 100
                        rule_identifier: bsd-new_or_apache-2.0_3.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/bsd-new_or_apache-2.0_3.RULE
                        matched_text: found in LICENSE.APACHE2 or LICENSE.MIT. Contributions
                            to are","made under the terms of *both* these licenses."],"
                        matched_text_diagnostics: found in LICENSE.[APACHE2] or LICENSE.[MIT].
                            Contributions to [are]","made under the terms of *both* these licenses."],"
                    -   license_expression: mit
                        license_expression_spdx: MIT
                        from_file: LICENSE
                        start_line: 1699
                        end_line: 1699
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 2
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: mit_30.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                        matched_text: LICENSE.MIT.
                        matched_text_diagnostics: LICENSE.MIT.
                identifier: apache_2_0_and_mit_and__apache_2_0_or_bsd_new__and__bsd_new_or_apache_2_0-afea8c79-f391-ee94-f9d2-558eb9da6c8f
            -   license_expression: (bsd-new OR apache-2.0) AND mit
                license_expression_spdx: (BSD-3-Clause OR Apache-2.0) AND MIT
                matches:
                    -   license_expression: unknown-license-reference
                        license_expression_spdx: LicenseRef-scancode-unknown-license-reference
                        from_file: LICENSE
                        start_line: '1941'
                        end_line: '1941'
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 5
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: license-intro_62.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/license-intro_62.RULE
                        matched_text: available under the terms of *
                        matched_text_diagnostics: available under the terms of *
                    -   license_expression: bsd-new OR apache-2.0
                        license_expression_spdx: BSD-3-Clause OR Apache-2.0
                        from_file: LICENSE
                        start_line: '1941'
                        end_line: '1941'
                        matcher: 3-seq
                        score: '21.21'
                        matched_length: 7
                        match_coverage: '21.21'
                        rule_relevance: 100
                        rule_identifier: bsd-new_or_apache-2.0_3.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/bsd-new_or_apache-2.0_3.RULE
                        matched_text: found in LICENSE.APACHE2 or LICENSE.MIT. Contributions
                            to
                        matched_text_diagnostics: found in LICENSE.[APACHE2] or LICENSE.[MIT].
                            Contributions to
                    -   license_expression: mit
                        license_expression_spdx: MIT
                        from_file: LICENSE
                        start_line: '1941'
                        end_line: '1941'
                        matcher: 2-aho
                        score: '100.0'
                        matched_length: 2
                        match_coverage: '100.0'
                        rule_relevance: 100
                        rule_identifier: mit_30.RULE
                        rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/mit_30.RULE
                        matched_text: LICENSE.MIT.
                        matched_text_diagnostics: LICENSE.MIT.
                identifier: bsd_new_or_apache_2_0__and_mit-f96a522d-96eb-61c5-b09a-a8f02edeb25b
        license_clues: []
        percentage_of_license_text: '0.13'
        scan_errors: []

System configuration

  • What OS are you running on? Linux
  • What version of scancode-toolkit was used to generate the scan file? 32.3.0
  • What installation method was used to install/run scancode? pip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stefan6419846