A file wilth Apache 2.0 + LZMA SDK license is identified as containing a proprietary license #3543
Description
Description
License notice for Nuget.Client
-------------------------------
Copyright (c) .NET Foundation. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
these files except in compliance with the License. You may obtain a copy of the
License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
License notice for LZMA SDK
---------------------------
http://7-zip.org/sdk.html
LZMA SDK is placed in the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or distribute the
original LZMA SDK code, either in source code form or as a compiled binary,
for any purpose, commercial or non-commercial, and by any means.
(A larger version of a this file is at https://github.com/dotnet/dotnet/blob/1969cbaff9ff993fc93357f482ce8dedbc307f06/src/installer/THIRD-PARTY-NOTICES)
If we scan it with scancode, it identifies this file as containing a proprietary license.
Trimming the file to just the second license makes scancode correctly identify it as the LZMA SDK license.
How To Reproduce
Save the text above as the file two-licenses.txt.
$ ./scancode --json-pp - --license --unknown-licenses --license-references two-licenses.txt
Setup plugins...
Collect file inventory...
Scan files for: licenses with 1 process(es)...
[####################] 2
{
"headers": [
{
"tool_name": "scancode-toolkit",
"tool_version": "32.0.7",
"options": {
"input": [
"two-licenses.txt"
],
"--json-pp": "-",
"--license": true,
"--license-references": true,
"--unknown-licenses": true
},
"notice": "Generated with ScanCode and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied. No cont
ent created from\nScanCode should be considered or used as legal advice. Consult an Attorney\nfor any legal advice.\nScanCode is a free software code scanning
tool from nexB Inc. and others.\nVisit https://github.com/nexB/scancode-toolkit/ for support and download.",
"start_timestamp": "2023-10-06T203008.934397",
"end_timestamp": "2023-10-06T203011.062866",
"output_format_version": "3.0.0",
"duration": 2.128478765487671,
"message": null,
"errors": [],
"warnings": [],
"extra_data": {
"system_environment": {
"operating_system": "linux",
"cpu_architecture": "64",
"platform": "Linux-6.4.14-200.fc38.x86_64-x86_64-with-glibc2.37",
"platform_version": "#1 SMP PREEMPT_DYNAMIC Sat Sep 2 16:36:06 UTC 2023",
"python_version": "3.11.5 (main, Aug 28 2023, 00:00:00) [GCC 13.2.1 20230728 (Red Hat 13.2.1-1)]"
},
"spdx_license_list_version": "3.21",
"files_count": 1
}
}
...
{
"license_expression": "public-domain AND unknown AND proprietary-license",
"matches": [
{
"score": 100.0,
"start_line": 23,
"end_line": 23,
"matched_length": 5,
"match_coverage": 100.0,
"matcher": "2-aho",
"license_expression": "public-domain",
"rule_identifier": "public-domain_45.RULE",
"rule_relevance": 100,
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/public-domain_45.RULE"
},
{
"score": 90.32,
"start_line": 25,
"end_line": 27,
"matched_length": 28,
"match_coverage": 100.0,
"matcher": "6-unknown",
"license_expression": "unknown",
"rule_identifier": "license-detection-unknown-c4c22190c6bc4b84ed6fa61817c19ec9be730da3",
"rule_relevance": 100,
"rule_url": null
},
{
"score": 100.0,
"start_line": 27,
"end_line": 27,
"matched_length": 2,
"match_coverage": 100.0,
"matcher": "2-aho",
"license_expression": "proprietary-license",
"rule_identifier": "proprietary-license_544.RULE",
"rule_relevance": 100,
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/proprietary-license_544.RULE"
}
System configuration
- What OS are you running on? Linux
- What version of scancode-toolkit was used to generate the scan file? 32.0.
- What installation method was used to install/run scancode? pip