feat(licenses): integrate OSADL copyleft data for improved detection

Author: isasmendiagus

CHANGELOG.md

@@ -13,12 +13,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Supports both `-ls source1 source2` and `-ls source1 -ls source2` syntax
 
 ### Changed
+- **Switched to OSADL authoritative copyleft license data**
+  - Copyleft detection now uses [OSADL (Open Source Automation Development Lab)](https://www.osadl.org/) checklist data
+  - Adds missing `-or-later` license variants (GPL-2.0-or-later, GPL-3.0-or-later, LGPL-2.1-or-later, etc.)
+  - Expands copyleft coverage from 21 to 32 licenses
+  - Custom include/exclude/explicit filters still use legacy behavior for backward compatibility
+  - Dataset attribution added to README (CC-BY-4.0 license)
+
 - Copyleft inspection now defaults to component-level licenses only (component_declared, license_file)
   - Reduces noise from file-level license detections (file_header, scancode)
   - Use `-ls` to override and check specific sources
 
 ### Fixed
-- Fixed terminal cursor disappearing after aborting scan with Ctrl+C
+- Fixed the terminal cursor disappearing after aborting scan with Ctrl+C
 
 ## [1.40.1] - 2025-10-29
 ### Changed

README.md

@@ -135,3 +135,8 @@ Details of major changes to the library can be found in [CHANGELOG.md](CHANGELOG
 
 ## Background
 Details about the Winnowing algorithm used for scanning can be found [here](WINNOWING.md).
+
+## Dataset License Notice
+This application is licensed under the MIT License. However, it includes the OSADL copyleft license dataset ([osadl-copyleft.json](src/scanoss/data/osadl-copyleft.json)) which is licensed under the [Creative Commons Attribution 4.0 International license (CC-BY-4.0)](https://creativecommons.org/licenses/by/4.0/) by the [Open Source Automation Development Lab (OSADL) eG](https://www.osadl.org/).
+
+**Attribution:** A project by the Open Source Automation Development Lab (OSADL) eG. Original source: [https://www.osadl.org/fileadmin/checklists/copyleft.json](https://www.osadl.org/fileadmin/checklists/copyleft.json)

src/scanoss/inspection/utils/license_utils.py

@@ -23,94 +23,82 @@
 """
 
 from ...scanossbase import ScanossBase
-
-DEFAULT_COPYLEFT_LICENSES = {
-    'agpl-3.0-only',
-    'artistic-1.0',
-    'artistic-2.0',
-    'cc-by-sa-4.0',
-    'cddl-1.0',
-    'cddl-1.1',
-    'cecill-2.1',
-    'epl-1.0',
-    'epl-2.0',
-    'gfdl-1.1-only',
-    'gfdl-1.2-only',
-    'gfdl-1.3-only',
-    'gpl-1.0-only',
-    'gpl-2.0-only',
-    'gpl-3.0-only',
-    'lgpl-2.1-only',
-    'lgpl-3.0-only',
-    'mpl-1.1',
-    'mpl-2.0',
-    'sleepycat',
-    'watcom-1.0',
-}
+from scanoss.osadl_copyleft import OsadlCopyleft
 
 
 class LicenseUtil(ScanossBase):
     """
     A utility class for handling software licenses, particularly copyleft licenses.
 
-    This class provides functionality to initialize, manage, and query a set of
-    copyleft licenses. It also offers a method to generate URLs for license information.
+    Uses OSADL (Open Source Automation Development Lab) authoritative copyleft data
+    with optional include/exclude/explicit filters.
     """
 
     BASE_SPDX_ORG_URL = 'https://spdx.org/licenses'
 
     def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
         super().__init__(debug, trace, quiet)
-        self.default_copyleft_licenses = set(DEFAULT_COPYLEFT_LICENSES)
-        self.copyleft_licenses = set()
+        self.osadl = OsadlCopyleft(debug=debug)
+        self.include_licenses = set()
+        self.exclude_licenses = set()
+        self.explicit_licenses = set()
 
     def init(self, include: str = None, exclude: str = None, explicit: str = None):
         """
-        Initialize the set of copyleft licenses based on user input.
-
-        This method allows for customization of the copyleft license set by:
-        - Setting an explicit list of licenses
-        - Including additional licenses to the default set
-        - Excluding specific licenses from the default set
+        Initialize copyleft license filters.
 
-        :param include: Comma-separated string of licenses to include
-        :param exclude: Comma-separated string of licenses to exclude
-        :param explicit: Comma-separated string of licenses to use exclusively
+        :param include: Comma-separated licenses to mark as copyleft (in addition to OSADL)
+        :param exclude: Comma-separated licenses to mark as NOT copyleft (override OSADL)
+        :param explicit: Comma-separated licenses to use exclusively (ignore OSADL)
         """
-        if self.debug:
-            self.print_stderr(f'Include Copyleft licenses: ${include}')
-            self.print_stderr(f'Exclude Copyleft licenses: ${exclude}')
-            self.print_stderr(f'Explicit Copyleft licenses: ${explicit}')
+        # Parse explicit list (if provided, ignore OSADL completely)
         if explicit:
-            explicit = explicit.strip()
-        if explicit:
-            exp = [item.strip().lower() for item in explicit.split(',')]
-            self.copyleft_licenses = set(exp)
-            self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.explicit_licenses = {lic.strip().lower() for lic in explicit.split(',') if lic.strip()}
+            self.print_debug(f'Explicit copyleft licenses: {self.explicit_licenses}')
             return
-        # If no explicit licenses were set, set default ones
-        self.copyleft_licenses = self.default_copyleft_licenses.copy()
-        if include:
-            include = include.strip()
+
+        # Parse include list (mark these as copyleft in addition to OSADL)
         if include:
-            inc = [item.strip().lower() for item in include.split(',')]
-            self.copyleft_licenses.update(inc)
-        if exclude:
-            exclude = exclude.strip()
+            self.include_licenses = {lic.strip().lower() for lic in include.split(',') if lic.strip()}
+            self.print_debug(f'Include licenses: {self.include_licenses}')
+
+        # Parse exclude list (mark these as NOT copyleft, overriding OSADL)
         if exclude:
-            inc = [item.strip().lower() for item in exclude.split(',')]
-            for lic in inc:
-                self.copyleft_licenses.discard(lic)
-        self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.exclude_licenses = {lic.strip().lower() for lic in exclude.split(',') if lic.strip()}
+            self.print_debug(f'Exclude licenses: {self.exclude_licenses}')
 
     def is_copyleft(self, spdxid: str) -> bool:
         """
-        Check if a given license is considered copyleft.
+        Check if a license is copyleft.
 
-        :param spdxid: The SPDX identifier of the license to check
-        :return: True if the license is copyleft, False otherwise
+        Logic:
+        1. If explicit list provided → check if license in explicit list
+        2. If license in include list → return True
+        3. If license in exclude list → return False
+        4. Otherwise → use OSADL authoritative data
+
+        :param spdxid: SPDX license identifier
+        :return: True if copyleft, False otherwise
         """
-        return spdxid.lower() in self.copyleft_licenses
+        if not spdxid:
+            return False
+
+        spdxid_lc = spdxid.lower()
+
+        # Explicit mode: use only the explicit list
+        if self.explicit_licenses:
+            return spdxid_lc in self.explicit_licenses
+
+        # Include filter: if license in include list, force copyleft=True
+        if spdxid_lc in self.include_licenses:
+            return True
+
+        # Exclude filter: if license in exclude list, force copyleft=False
+        if spdxid_lc in self.exclude_licenses:
+            return False
+
+        # No filters matched, use OSADL authoritative data
+        return self.osadl.is_copyleft(spdxid)
 
     def get_spdx_url(self, spdxid: str) -> str:
         """

src/scanoss/osadl_copyleft.py

@@ -0,0 +1,131 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+import json
+import sys
+
+import importlib_resources
+
+
+class OsadlCopyleft:
+    """
+    OSADL Copyleft license checker class.
+
+    Provides copyleft license lookup based on OSADL (Open Source Automation
+    Development Lab) authoritative checklist data.
+
+    Data is loaded once at class level and shared across all instances for efficiency.
+
+    Data source: https://www.osadl.org/fileadmin/checklists/copyleft.json
+    License: CC-BY-4.0
+    """
+
+    _shared_copyleft_data = {}
+    _data_loaded = False
+
+    def __init__(self, debug: bool = False):
+        """
+        Initialize the OsadlCopyleft class.
+        Data is loaded once at class level and shared across all instances.
+        """
+        self.debug = debug
+        self._load_copyleft_data()
+
+    @staticmethod
+    def print_stderr(*args, **kwargs):
+        """
+        Print the given message to STDERR
+        """
+        print(*args, file=sys.stderr, **kwargs)
+
+    def print_debug(self, *args, **kwargs):
+        """
+        Print debug message if enabled
+        """
+        if self.debug:
+            self.print_stderr(*args, **kwargs)
+
+    def _load_copyleft_data(self) -> bool:
+        """
+        Load the embedded OSADL copyleft JSON file into class-level shared data.
+        Data is loaded only once and shared across all instances.
+
+        :return: True if successful, False otherwise
+        """
+        if OsadlCopyleft._data_loaded:
+            return True
+
+        try:
+            f_name = importlib_resources.files(__name__) / 'data/osadl-copyleft.json'
+            with importlib_resources.as_file(f_name) as f:
+                with open(f, 'r', encoding='utf-8') as file:
+                    data = json.load(file)
+        except Exception as e:
+            self.print_stderr(f'ERROR: Problem loading OSADL copyleft data: {e}')
+            return False
+
+        # Process copyleft data
+        copyleft = data.get('copyleft', {})
+        if not copyleft:
+            self.print_stderr('ERROR: No copyleft data found in OSADL JSON')
+            return False
+
+        # Store in class-level shared dictionary
+        for lic_id, status in copyleft.items():
+            # Normalize license ID (lowercase) for consistent lookup
+            lic_id_lc = lic_id.lower()
+            OsadlCopyleft._shared_copyleft_data[lic_id_lc] = status
+
+        OsadlCopyleft._data_loaded = True
+        self.print_debug(f'Loaded {len(OsadlCopyleft._shared_copyleft_data)} OSADL copyleft entries')
+        return True
+
+    def is_copyleft(self, spdx_id: str) -> bool:
+        """
+        Check if a license is copyleft according to OSADL data.
+
+        Returns True for both strong copyleft ("Yes") and weak/restricted copyleft ("Yes (restricted)").
+
+        :param spdx_id: SPDX license identifier
+        :return: True if copyleft, False otherwise
+        """
+        if not spdx_id:
+            return False
+
+        # Normalize lookup
+        spdx_id_lc = spdx_id.lower()
+        # Use class-level shared data
+        status = OsadlCopyleft._shared_copyleft_data.get(spdx_id_lc)
+
+        if not status:
+            self.print_debug(f'No OSADL copyleft data for license: {spdx_id}')
+            return False
+
+        # Consider both "Yes" and "Yes (restricted)" as copyleft (case-insensitive)
+        return status.lower().startswith('yes')
+
+
+#
+# End of OsadlCopyleft Class
+#