feat(scan): add license source filtering and priority-based selection

isasmendiagus · isasmendiagus · commit ee2970eda1c7 · 2025-11-14T12:37:14.000+01:00
diff --git a/src/scanoss/inspection/policy_check/scanoss/copyleft.py b/src/scanoss/inspection/policy_check/scanoss/copyleft.py
@@ -96,7 +96,8 @@ def __init__( # noqa: PLR0913
             self.filepath,
             include,
             exclude,
-            explicit)
+            explicit,
+            self.license_sources)
 
     def _json(self, components: list[Component]) -> PolicyOutput:
         """
@@ -179,7 +180,7 @@ def _get_components_with_copyleft_licenses(self, components: list) -> list[Dict]
         """
         filtered_components = []
         for component in components:
-            copyleft_licenses = [lic for lic in component['licenses'] if (lic['source'] in self.license_sources or lic['source'] == 'unknown') and lic['copyleft']]
+            copyleft_licenses = [lic for lic in component['licenses'] if lic['copyleft']]
             if copyleft_licenses:
                 # Remove unused keys
                 del component['count']
diff --git a/src/scanoss/inspection/utils/scan_result_processor.py b/src/scanoss/inspection/utils/scan_result_processor.py
@@ -71,11 +71,13 @@ def __init__( # noqa: PLR0913
         include: str = None,
         exclude: str = None,
         explicit: str = None,
+        license_sources: list = None,
     ):
         super().__init__(debug, trace, quiet)
         self.result_file_path = result_file_path
         self.license_util = LicenseUtil()
         self.license_util.init(include, exclude, explicit)
+        self.license_sources = license_sources
         self.results = self._load_input_file()
 
     def get_results(self) -> Dict[str, Any]:
@@ -162,8 +164,11 @@ def _append_license_to_component(self,
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return
 
+        # Select licenses based on configuration (filtering or priority mode)
+        selected_licenses = self._select_licenses(new_component['licenses'])
+
         # Process licenses for this component
-        for license_item in new_component['licenses']:
+        for license_item in selected_licenses:
             if license_item.get('name'):
                 spdxid = license_item['name']
                 source = license_item.get('source')
@@ -308,6 +313,53 @@ def convert_components_to_list(self, components: dict):
                 component['licenses'] = []
         return results_list
 
+    def _select_licenses(self, licenses_data):
+        """
+        Select licenses based on configuration.
+
+        Two modes:
+        - Filtering mode: If license_sources specified, filter to those sources
+        - Priority mode: Otherwise, use original priority-based selection
+
+        Args:
+            licenses_data: List of license dictionaries
+
+        Returns:
+            Filtered list of licenses based on configuration
+        """
+        # Filtering mode, when license_sources is explicitly provided
+        if self.license_sources:
+            sources_to_include = set(self.license_sources) | {'unknown'}
+            return [lic for lic in licenses_data
+                    if lic.get('source') in sources_to_include or lic.get('source') is None]
+
+        # Define priority order (highest to lowest)
+        priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
+
+        # Group licenses by source
+        licenses_by_source = {}
+        for license_item in licenses_data:
+
+            source = license_item.get('source', 'unknown')
+            if source not in licenses_by_source:
+                licenses_by_source[source] = {}
+
+            license_name = license_item.get('name')
+            if license_name:
+                # Use license name as key, store full license object as value
+                # If duplicate license names exist in same source, the last one wins
+                licenses_by_source[source][license_name] = license_item
+
+        # Find the highest priority source that has licenses
+        for priority_source in priority_sources:
+            if priority_source in licenses_by_source:
+                self.print_trace(f'Choosing {priority_source} as source')
+                return list(licenses_by_source[priority_source].values())
+
+        # If no priority sources found, combine all licenses into a single list
+        self.print_debug("No priority sources found, returning all licenses as list")
+        return licenses_data
+
     def group_components_by_license(self,components):
         """
         Groups components by their unique component-license pairs.
