Skip to content
Permalink
Branch: master
Commits on May 22, 2019
  1. model: Use annotations to add custom (de-)serializers

    sschuberth committed May 21, 2019
    This keeps all (de-)serialization code alongside the class.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  2. Gradle: Upgrade OkHttp to version 3.14.2

    sschuberth committed May 22, 2019
    See:
    
    https://github.com/square/okhttp/blob/master/CHANGELOG.md#version-3142
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  3. Downloader: Fix an error message to make DownloaderTest pass again

    sschuberth committed May 21, 2019
    This changes the error message to like it was before eeea7ec so it again
    contains the name of the hash algorithm to make the DownloaderTest pass
    again.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  4. ScanCode: Move the error mapping funtions to the companion object

    sschuberth committed May 21, 2019
    These can be static, and this way they are defined close to their
    regexes.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  5. ScanCode: Improve a code comment position

    sschuberth committed May 21, 2019
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  6. spdx-utils: Fix parsing license references as exceptions

    mnonnenmacher committed May 21, 2019
    This is a fixup for 91056e1 which did not acutally fix the issue.
    
    The problem was that the first part of the `REFERENCE` rule was
    optional, as a result any license reference was always put in a
    `REFERENCE` token, but never in a `LICENSEREFERENCE` token by the lexer.
    
    Fix this by making two separate rule for license references and document
    references, to prevent overlap in the rules.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 20, 2019
  1. scanner: Rename getResult() to getRawResult()

    sschuberth committed May 20, 2019
    To better match the purpose and the corresponding "rawResult" property
    of the ScanResult class.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  2. LocalScanner: Document the getResult() and generateSummary() functions

    sschuberth committed May 20, 2019
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  3. ScanCode: Remove obsolete TODOs

    sschuberth committed May 20, 2019
    Converting to other formats is done via reporters / will be done by the
    documenter. The license scan results already are part of the model by
    now.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  4. ScanCode: Use textValue() for values known to be textual

    sschuberth committed May 20, 2019
    We do not need nor want any conversion to happen in this case.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  5. spdx-utils: Allow parsing license references as exceptions

    mnonnenmacher committed May 20, 2019
    Scancode also uses license references for detected exceptions. These
    references could not be used, because the lexer turns them into a
    `LICENSEREFERENCE` token, which is not a valid input for the
    `licenseExceptionExpression` rule.
    
    To fix this, move the "LicenseRef-" part of `LICENSEREFERENCE`, which is
    a valid subset of `IDSTRING`, to a separate rule, and allow this in the
    `licenseExceptionExpression` rule.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  6. Gradle: Do not refer to a (fun)testRuntime configuration

    sschuberth committed May 20, 2019
    There actually is no such configuration when using the Java Library
    Plugin, see
    
    https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_configurations_graph
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  7. Gradle: Avoid the functional test configuration to depend on the test…

    sschuberth committed May 20, 2019
    … output
    
    The functional tests are completely independent from the (unit) test
    output.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
  8. Bundle the hash algorithm and value into an object for (de-)serializa…

    sschuberth committed May 15, 2019
    …tion
    
    This serializes new files as
    
        hash:
          value: "7c4f3c474fb2c041d8028740440937705ebb473a"
          algorithm: "SHA-1"
    
    while the old format of
    
        hash: "7c4f3c474fb2c041d8028740440937705ebb473a"
        hash_algorithm: "SHA-1"
    
    can still be deserialized.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  9. OrtResult: Fix matching path excludes in `collectLicenseFindings()`

    mnonnenmacher committed May 20, 2019
    The paths of license findings for a project are relative to the VCS that
    contains the project, not to the analyzer root. As a result matching the
    path excludes against those paths does not work, because path excludes
    are always relative to the analyzer root.
    
    To fix this convert the license finding paths to be relative to the
    analyzer root before trying to match them with a path exclude.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  10. ReportTableModelMapper: Collect the license findings only once

    mnonnenmacher committed May 20, 2019
    Collecting the license findings can take some time for large results,
    collect them only once to improve performance.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 17, 2019
  1. Gradle: Upgrade Jackson to version 2.9.9

    sschuberth committed May 17, 2019
    See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
Commits on May 15, 2019
  1. PipTest: Upgrade the expected Werkzeug version to 0.15.4

    sschuberth authored and mnonnenmacher committed May 15, 2019
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  2. Also capture the Java version ORT is running on

    sschuberth authored and mnonnenmacher committed May 13, 2019
    This can be helpful to debug issues.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
Commits on May 14, 2019
  1. evaluator: Visit dependencies only once per scope in dependency rules

    mnonnenmacher committed May 10, 2019
    For projects with many scopes and repetitive dependency tress, like
    Android Gradle projects, visiting the full dependency trees can take a
    significant amount of time, with no added value for visiting the same
    dependencies several thousand times.
    
    Instead keep a list of all already visited subtrees per scope and
    make sure that each subtree is only visited once.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. evaluator: Provide the list of curations to `PackageRule`

    mnonnenmacher committed May 10, 2019
    This allows package rules to evaluate curations.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  3. evaluator: Do not fail if package cannot be found

    mnonnenmacher committed May 10, 2019
    It can happen that no package information is available for a package
    reference from the dependency tree, for example if there was an error
    during the analysis of the package. Instead of failing, log a warning
    and continue evaluating the rules.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  4. evaluator: Switch from `OrtIssue` to `RuleViolation`

    mnonnenmacher committed May 3, 2019
    Use the `RuleViolation` class as output of the evaluator script. This
    provides more fine-grained information about the violations and allows to
    improve the reports. Show the data already in the static HTML report,
    but not yet in the web app reporter.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  5. model: Add a dedicated class for rule violations

    mnonnenmacher committed May 3, 2019
    With the rules DSL introduced in 6735686 the data that can be provided
    alongside rule violations is better defined. Create a dedicated class
    for rule violations to capture this data.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  6. Move `LicenseSource` class from evaluator to model

    mnonnenmacher committed May 7, 2019
    This allows to use the class in other model classes.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 13, 2019
  1. cli: Bump the go-dep version to 0.5.1-1 in the Dockerfile

    sschuberth committed May 13, 2019
    To make it build again as the old version 0.5.0-1+B10 is gone from
    upstream.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  2. Gradle: Upgrade the Docker plugins to version 4.8.1

    sschuberth committed May 13, 2019
    See https://bmuschko.github.io/gradle-docker-plugin/#v4_8_1_may_11_2019.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
Commits on May 10, 2019
  1. DotNet/NuGet: Decode SRI hashes

    sschuberth committed May 9, 2019
    The NuGet hashes are in fact SRI-style hashes that are Base64-encoded,
    so decode them.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
Commits on May 9, 2019
  1. Hash: Remove a duplicate blank line

    sschuberth committed May 8, 2019
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  2. Main: Write out "OSS Review Toolkit" in the CLI header

    sschuberth committed May 9, 2019
    We should have it spelled out here for visibility (and in case some one
    cannot read our nice ASCII art logo). This also aligns with the recently
    added header in the static HTML report.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  3. Add the ORT version and the creation time to the static HTML report

    sschuberth committed May 9, 2019
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  4. static-html-reporter.css: Do not hard-code the font-weight for the wh…

    sschuberth committed May 9, 2019
    …ole body
    
    This breaks using tags like <strong>, and removing this does not seem to
    have any impact on the visual appearance of the report.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
Commits on May 8, 2019
  1. init.gradle: Only pass required arguments for DependencyImpl in one m…

    sschuberth committed May 8, 2019
    …ore case
    
    Many arguments just match the custom default values here, so only pass
    the required arguments by name.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  2. init.gradle: Avoid using @immutable

    sschuberth committed May 8, 2019
    At least with Groovy 2.5 (which is used since Gradle 5.0), the
    map-constructor generated by @immutable behaves unexpectedly: Member
    variables for which no argument is passed do not maintain a custom value
    they are initialized with, but they are initialized with the default
    value for their type, which is null in most cases.
    
    Signed-off-by: Sebastian Schuberth <sebastian.schuberth@here.com>
  3. evaluator: Add the `isExcluded()` DSL function to `LicenseRule`

    mnonnenmacher committed May 8, 2019
    The matcher can be used to check if all findings of a detected license
    are excluded by path excludes.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Older
You can’t perform that action at this time.