-
Notifications
You must be signed in to change notification settings - Fork 589
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: scan local go mod cache for licenses of golang packages (#1645)
Signed-off-by: Avi Deitcher <avi@deitcher.net> Co-authored-by: Keith Zantow <kzantow@gmail.com>
- Loading branch information
Showing
22 changed files
with
775 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package config | ||
|
||
import "github.com/spf13/viper" | ||
|
||
type golang struct { | ||
SearchLocalModCacheLicenses bool `json:"search-local-mod-cache-licenses" yaml:"search-local-mod-cache-licenses" mapstructure:"search-local-mod-cache-licenses"` | ||
LocalModCacheDir string `json:"local-mod-cache-dir" yaml:"local-mod-cache-dir" mapstructure:"local-mod-cache-dir"` | ||
} | ||
|
||
func (cfg golang) loadDefaultValues(v *viper.Viper) { | ||
v.SetDefault("golang.search-local-mod-cache-licenses", false) | ||
v.SetDefault("golang.local-mod-cache-dir", "") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package licenses | ||
|
||
import "github.com/anchore/syft/internal" | ||
|
||
// all of these taken from https://github.com/golang/pkgsite/blob/8996ff632abee854aef1b764ca0501f262f8f523/internal/licenses/licenses.go#L338 | ||
// which unfortunately is not exported. But fortunately is under BSD-style license. | ||
|
||
var ( | ||
FileNames = []string{ | ||
"COPYING", | ||
"COPYING.md", | ||
"COPYING.markdown", | ||
"COPYING.txt", | ||
"LICENCE", | ||
"LICENCE.md", | ||
"LICENCE.markdown", | ||
"LICENCE.txt", | ||
"LICENSE", | ||
"LICENSE.md", | ||
"LICENSE.markdown", | ||
"LICENSE.txt", | ||
"LICENSE-2.0.txt", | ||
"LICENCE-2.0.txt", | ||
"LICENSE-APACHE", | ||
"LICENCE-APACHE", | ||
"LICENSE-APACHE-2.0.txt", | ||
"LICENCE-APACHE-2.0.txt", | ||
"LICENSE-MIT", | ||
"LICENCE-MIT", | ||
"LICENSE.MIT", | ||
"LICENCE.MIT", | ||
"LICENSE.code", | ||
"LICENCE.code", | ||
"LICENSE.docs", | ||
"LICENCE.docs", | ||
"LICENSE.rst", | ||
"LICENCE.rst", | ||
"MIT-LICENSE", | ||
"MIT-LICENCE", | ||
"MIT-LICENSE.md", | ||
"MIT-LICENCE.md", | ||
"MIT-LICENSE.markdown", | ||
"MIT-LICENCE.markdown", | ||
"MIT-LICENSE.txt", | ||
"MIT-LICENCE.txt", | ||
"MIT_LICENSE", | ||
"MIT_LICENCE", | ||
"UNLICENSE", | ||
"UNLICENCE", | ||
} | ||
|
||
FileNameSet = internal.NewStringSet(FileNames...) | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package licenses | ||
|
||
import ( | ||
"io" | ||
|
||
"github.com/google/licensecheck" | ||
"golang.org/x/exp/slices" | ||
) | ||
|
||
const ( | ||
coverageThreshold = 75 | ||
unknownLicenseType = "UNKNOWN" | ||
) | ||
|
||
// Parse scans the contents of a license file to attempt to determine the type of license it is | ||
func Parse(reader io.Reader) (licenses []string, err error) { | ||
contents, err := io.ReadAll(reader) | ||
if err != nil { | ||
return nil, err | ||
} | ||
cov := licensecheck.Scan(contents) | ||
|
||
if cov.Percent < float64(coverageThreshold) { | ||
licenses = append(licenses, unknownLicenseType) | ||
} | ||
for _, m := range cov.Match { | ||
if slices.Contains(licenses, m.ID) { | ||
continue | ||
} | ||
licenses = append(licenses, m.ID) | ||
} | ||
return | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.