Skip to content
Permalink
Branch: master
Commits on May 22, 2019
  1. spdx-utils: Fix parsing license references as exceptions

    mnonnenmacher committed May 21, 2019
    This is a fixup for 91056e1 which did not acutally fix the issue.
    
    The problem was that the first part of the `REFERENCE` rule was
    optional, as a result any license reference was always put in a
    `REFERENCE` token, but never in a `LICENSEREFERENCE` token by the lexer.
    
    Fix this by making two separate rule for license references and document
    references, to prevent overlap in the rules.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 20, 2019
  1. spdx-utils: Allow parsing license references as exceptions

    mnonnenmacher committed May 20, 2019
    Scancode also uses license references for detected exceptions. These
    references could not be used, because the lexer turns them into a
    `LICENSEREFERENCE` token, which is not a valid input for the
    `licenseExceptionExpression` rule.
    
    To fix this, move the "LicenseRef-" part of `LICENSEREFERENCE`, which is
    a valid subset of `IDSTRING`, to a separate rule, and allow this in the
    `licenseExceptionExpression` rule.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. OrtResult: Fix matching path excludes in `collectLicenseFindings()`

    mnonnenmacher committed May 20, 2019
    The paths of license findings for a project are relative to the VCS that
    contains the project, not to the analyzer root. As a result matching the
    path excludes against those paths does not work, because path excludes
    are always relative to the analyzer root.
    
    To fix this convert the license finding paths to be relative to the
    analyzer root before trying to match them with a path exclude.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  3. ReportTableModelMapper: Collect the license findings only once

    mnonnenmacher committed May 20, 2019
    Collecting the license findings can take some time for large results,
    collect them only once to improve performance.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 14, 2019
  1. evaluator: Visit dependencies only once per scope in dependency rules

    mnonnenmacher committed May 10, 2019
    For projects with many scopes and repetitive dependency tress, like
    Android Gradle projects, visiting the full dependency trees can take a
    significant amount of time, with no added value for visiting the same
    dependencies several thousand times.
    
    Instead keep a list of all already visited subtrees per scope and
    make sure that each subtree is only visited once.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. evaluator: Provide the list of curations to `PackageRule`

    mnonnenmacher committed May 10, 2019
    This allows package rules to evaluate curations.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  3. evaluator: Do not fail if package cannot be found

    mnonnenmacher committed May 10, 2019
    It can happen that no package information is available for a package
    reference from the dependency tree, for example if there was an error
    during the analysis of the package. Instead of failing, log a warning
    and continue evaluating the rules.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  4. evaluator: Switch from `OrtIssue` to `RuleViolation`

    mnonnenmacher committed May 3, 2019
    Use the `RuleViolation` class as output of the evaluator script. This
    provides more fine-grained information about the violations and allows to
    improve the reports. Show the data already in the static HTML report,
    but not yet in the web app reporter.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  5. model: Add a dedicated class for rule violations

    mnonnenmacher committed May 3, 2019
    With the rules DSL introduced in 6735686 the data that can be provided
    alongside rule violations is better defined. Create a dedicated class
    for rule violations to capture this data.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  6. Move `LicenseSource` class from evaluator to model

    mnonnenmacher committed May 7, 2019
    This allows to use the class in other model classes.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 8, 2019
  1. evaluator: Add the `isExcluded()` DSL function to `LicenseRule`

    mnonnenmacher committed May 8, 2019
    The matcher can be used to check if all findings of a detected license
    are excluded by path excludes.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. evaluator: Add the `isProject()` DSL function to `PackageRule`

    mnonnenmacher committed May 8, 2019
    The matcher can be used to check if the currently evaluated package is a
    project.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on May 3, 2019
  1. evaluator: Filter relevant license findings in license rule

    mnonnenmacher committed May 2, 2019
    Before, also license findings for different licenses were passed to the
    rule.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. evaluator: Show the package ID in license rule errors

    mnonnenmacher committed May 2, 2019
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  3. evaluator: Add the DSL function `issue()`

    mnonnenmacher committed Apr 30, 2019
    Compared to the existing `hint()`, `warning()`, and `error()` the new
    function takes the severity as argument which is useful if the severity
    is dynamically determined in the rule.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  4. evaluator: Rename `errorSource()` to `issueSource()`

    mnonnenmacher committed Apr 30, 2019
    Because the helper function is used for creating issues independent of
    the severity.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  5. StaticHtmlReporter: Improve presentation of rule violations

    mnonnenmacher committed May 3, 2019
    Do not repeat the source of the violation in the description field and
    remove the timestamp, because it is not relevant for rule violations.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Apr 30, 2019
  1. evaluator: Use the collected license findings instead of collecting a…

    mnonnenmacher committed Apr 30, 2019
    …gain
    
    Use the already collected license findings for better performance. This
    finishes 4d96777.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Apr 17, 2019
  1. evaluator: Collect the license findings only once

    mnonnenmacher authored and sschuberth committed Apr 17, 2019
    Calling `OrtResult.collectLicenseFindings()` can take over 50ms for
    large result files. Calling it for every single license rule invocation
    dramatically increases the runtime of the rules. Instead collect the
    license findings only once for each rule set.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. evaluator: Package references can also reference projects

    mnonnenmacher authored and sschuberth committed Apr 17, 2019
    If looking for the package for a package reference, also search the
    projects list for a matching identifier, because in multi module
    projects dependencies can point to other projects which do not appear in
    the packages list.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  3. evaluator: Add helper functions to access properties in extension fun…

    mnonnenmacher authored and sschuberth committed Apr 17, 2019
    …ctions
    
    The properties of `PackageRule` cannot be accessed when writing extension
    functions for its inner class `LicenseRule`. Until a better solution is
    found, add helper functions to access those properties
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  4. evaluator: Add a license view for only detected licenses

    mnonnenmacher authored and sschuberth committed Apr 17, 2019
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  5. evaluator: Import the evaluator package for the rules script

    mnonnenmacher committed Apr 17, 2019
    This allows the rules script to use the rules API without using
    fully-qualified names.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  6. evaluate: Rename `Rule.run()` to `Rule.evaluate()`

    mnonnenmacher committed Apr 17, 2019
    To use a less generic name.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  7. evaluator: Add a DSL for writing rules

    mnonnenmacher committed Apr 9, 2019
    Add a DSL for describing evaluator rules. This is the first iteration
    that likely needs more refactoring in the near future. Documentation
    will be added later, once the API reaches a stable state.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Apr 15, 2019
  1. analyzer: Remove `Yaml` from `YamlFilePackageCurationProvider`

    mnonnenmacher committed Apr 15, 2019
    Rename `YamlFilePackageCurationProvider` to `FilePackageCurationProvider`,
    because the provider can also read JSON and XML files, so the old name was
    giving the false impression that only YAML files are supported.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Apr 4, 2019
  1. dokka: Set the JDK version to 8

    mnonnenmacher committed Apr 4, 2019
    The default value is version 6, set it to 8 because otherwise links to
    classes added after version 6 do not work.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. dokka: Add links for external documentation

    mnonnenmacher committed Apr 3, 2019
    Provide the Javadoc URLs of dependencies which publish Javadoc to enable
    dokka to create external links. The versions of the linked Javadoc might
    not exactly match the versions of the dependencies, but this is still
    better than broken links.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  3. KDoc: Use links instead of plain text URLs

    mnonnenmacher committed Apr 3, 2019
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  4. KDoc: Fix a broken link

    mnonnenmacher committed Apr 3, 2019
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Apr 3, 2019
  1. PipTest: Upgrade the expected Werkzeug version to 0.15.2

    mnonnenmacher committed Apr 3, 2019
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Apr 1, 2019
  1. reporter: Show the repository configuration in the static HTML report

    mnonnenmacher committed Mar 28, 2019
    Show the used repository configuration at the bottom of the static HTML
    report. Use https://prismjs.com for syntax highlighting, which is
    published under the MIT license.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. reporter: Extract CSS of static HTML report to a file

    mnonnenmacher committed Mar 29, 2019
    This improves overview in the Kotlin file and enables syntax
    highlighting for the CSS file when opening in an IDE.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Commits on Mar 22, 2019
  1. spdx-utils: Regenerate the SPDX license and exception enums

    mnonnenmacher authored and sschuberth committed Mar 21, 2019
    This add the license CERN-OHL-1.2 and updates the license texts for NTP
    and SGI-B-1.0.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
  2. spdx-utils: Fix indentation of generated enum constructor arguments

    mnonnenmacher authored and sschuberth committed Mar 21, 2019
    This is a fixup for f78de43.
    
    Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@here.com>
Older
You can’t perform that action at this time.