Use detected holders from package resources nexB#2972

    * If no explicit copyright was detected from Package datafiles, then we take the holder detections from those files instead

Signed-off-by: Jono Yang <jyang@nexb.com>

src/summarycode/summarizer.py

@@ -225,12 +225,12 @@ def get_origin_info_from_top_level_packages(top_level_packages, codebase):
     programming_languages = []
     copyrights = []
 
-    for package_mapping in top_level_packages:
-        package = models.Package.from_dict(package_mapping)
-        # we are only interested in key packages
-        if not is_key_package(package, codebase):
-            continue
-
+    top_level_packages = [
+        models.Package.from_dict(package_mapping)
+        for package_mapping in top_level_packages
+    ]
+    key_file_packages = [p for p in top_level_packages if is_key_package(p, codebase)]
+    for package in key_file_packages:
         license_expression = package.license_expression
         if license_expression:
             license_expressions.append(license_expression)
@@ -261,7 +261,17 @@ def get_origin_info_from_top_level_packages(top_level_packages, codebase):
     declared_holders = []
     if holders:
         declared_holders = holders
-
+    else:
+        # If the package data does not contain an explicit copyright, check the
+        # key files where the package data was detected from and see if there
+        # are any holder detections that can be used.
+        for package in key_file_packages:
+            for datafile_path in package.datafile_paths:
+                key_file_resource = codebase.get_resource(path=datafile_path)
+                if not key_file_resource:
+                    continue
+                holders = [h['holder'] for h in key_file_resource.holders]
+                declared_holders.extend(holders)
     declared_holders = unique(declared_holders)
 
     # Programming language

tests/summarycode/data/summary/multiple_package_data/multiple_package_data.expected.json

@@ -111,7 +111,7 @@
       "conflicting_license_categories": false,
       "ambiguous_compound_licensing": false
     },
-    "declared_holder": "Demo Corporation, Example Corp.",
+    "declared_holder": "Example Corp.",
     "primary_language": "Python",
     "other_license_expressions": [
       {

tests/summarycode/data/summary/use_holder_from_package_resource/codebase/README.txt

@@ -0,0 +1 @@
+Copyright (c) Example Corporation

tests/summarycode/data/summary/use_holder_from_package_resource/codebase/setup.py

@@ -0,0 +1,32 @@
+# Copyright 2020 Google LLC
+# Copyright 2021 Fraunhofer FKIE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+setup(
+    name="atheris",
+    version=__version__,
+    author="Bitshift",
+    author_email="atheris@google.com",
+    url="https://github.com/google/atheris/",
+    description="A coverage-guided fuzzer for Python and Python extensions.",
+    long_description=open("README.md", "r").read(),
+    long_description_content_type="text/markdown",
+    packages=["atheris"],
+    package_dir={"atheris": "src"},
+    py_modules=["atheris_no_libfuzzer"],
+    ext_modules=ext_modules,
+    setup_requires=["pybind11>=2.5.0"],
+    cmdclass={"build_ext": BuildExt},
+    zip_safe=False,
+)