Add rust cargo support for dep command. #121
Conversation
kezhenxu94
added
feature
enhancement
pkg/deps/cargo.go
Outdated
| if pkg.License == "" { | ||
| return fmt.Errorf("license is empty") | ||
| } |
There was a problem hiding this comment.
Should be this?
| if pkg.License == "" { | |
| return fmt.Errorf("license is empty") | |
| } | |
| if pkg.License != "" { | |
| report.Resolve(&Result{ | |
| Dependency: pkg.Name, | |
| LicenseSpdxID: pkg.License, | |
| Version: pkg.Version, | |
| }) | |
| return nil | |
| } |
If there is an explicit license ID, I think we can just use them
There was a problem hiding this comment.
I wrote it with reference to GoModResolver, which returns an error, the calling place will warn and call report.Skip
There was a problem hiding this comment.
Hi @jmjoy , I mean if pkg.License != "" we can just use pkg.License (no need to read its license file content and just return here), if pkg.License == "" we will try to find its license file and identify the license ID by the license file content
There was a problem hiding this comment.
Sorry, but the --output generated files will all be empty if so.
There was a problem hiding this comment.
@kezhenxu94 In fact, I don't need the --output parameter, but I saw that this parameter originally existed, so I implemented it.
There was a problem hiding this comment.
@jmjoy I think you might want to apply this patch
diff --git a/pkg/deps/cargo.go b/pkg/deps/cargo.go
index d1057ab..e2613d2 100644
--- a/pkg/deps/cargo.go
+++ b/pkg/deps/cargo.go
@@ -19,13 +19,13 @@ package deps
import (
"encoding/json"
- "fmt"
"os"
"os/exec"
"path/filepath"
"regexp"
"github.com/apache/skywalking-eyes/internal/logger"
+ "github.com/apache/skywalking-eyes/pkg/license"
)
type CargoMetadata struct {
@@ -114,10 +114,6 @@ var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.tx
// ResolvePackageLicense resolve the package license.
// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
- if pkg.License == "" {
- return fmt.Errorf("license is empty")
- }
-
dir := filepath.Dir(pkg.ManifestPath)
logger.Log.Debugf("Directory of %+v is %+v", pkg.Name, dir)
files, err := os.ReadDir(dir)
@@ -128,6 +124,8 @@ func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg
var licenseFilePath string
var licenseContent []byte
+ licenseID := pkg.License
+
for _, info := range files {
if !cargoPossibleLicenseFileName.MatchString(info.Name()) {
continue
@@ -142,11 +140,17 @@ func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg
break
}
+ if licenseID == "" { // If pkg.License is empty, identify the license ID from the license file content
+ if licenseID, err = license.Identify(string(licenseContent), config.Threshold); err != nil {
+ return err
+ }
+ }
+
report.Resolve(&Result{
Dependency: pkg.Name,
LicenseFilePath: licenseFilePath,
LicenseContent: string(licenseContent),
- LicenseSpdxID: pkg.License,
+ LicenseSpdxID: licenseID,
Version: pkg.Version,
})
There was a problem hiding this comment.
The basic idea to identify the license is
- Obtain from the metadata of the package, if they already have the license id, we'd just use it, otherwise
- Try to find the license file in the package, and try to identify the license id from the license file content.
There was a problem hiding this comment.
Thanks, it's better, just push the patch to my branch? Because I open the Allow edits and access to secrets by maintainers.
There was a problem hiding this comment.
Thanks, it's better, just push the patch to my branch? Because I open the
Allow edits and access to secrets by maintainers.
Yes. Feel free to just git apply my patch and push in this PR. Or if you want me to edit I can do that too.
Add rust cargo support for dep command.