feat(dpkg): license parser added#461
feat(dpkg): license parser added#461DmitriyLewen wants to merge 10 commits intoaquasecurity:mainfrom
Conversation
analyzer/pkg/dpkg/copyright.go
Outdated
| var licenses []string | ||
| var buf bytes.Buffer | ||
|
|
||
| tee := io.TeeReader(content, &buf) // Save stream in buffer for re-read with 'licenseclassifier' |
There was a problem hiding this comment.
seems scanner instance is available within func (a dpkgAnalyzer) Analyze(...)
There was a problem hiding this comment.
Used this scanner, thanks!
There was a problem hiding this comment.
Used this scanner, thanks!
analyzer/pkg/dpkg/copyright.go
Outdated
| licenses = append(licenses, l) | ||
| } | ||
| continue | ||
| } |
analyzer/pkg/dpkg/copyright.go
Outdated
| var ( | ||
| cl, _ = classifier.DefaultClassifier() | ||
| copyrightFileRegexp = regexp.MustCompile(`^usr/share/doc/([0-9A-Za-z_.-]+)/copyright$`) | ||
| commonLicensesRegexp = regexp.MustCompile(`/?usr/share/common-licenses/([0-9A-Za-z_.+-]+[0-9A-Za-z+])`) |
There was a problem hiding this comment.
commonLicenseReferenceRegexp as it for lines reference one of common licenses
analyzer/pkg/dpkg/copyright.go
Outdated
| // "License: *" pattern is used | ||
| if strings.HasPrefix(line, "License:") { | ||
| l := strings.TrimSpace(line[8:]) | ||
| if !utils.StringInSlice(l, licenses) { |
There was a problem hiding this comment.
As Alim suggested let's use build in Go 18 method https://pkg.go.dev/golang.org/x/exp/slices#Contains
hook/dpkg/licenseadder.go
Outdated
|
|
||
| type dpkgLicenseHook struct{} | ||
|
|
||
| // Hook add licenses to dpkg files |
hook/dpkg/licenseadder.go
Outdated
| for _, pkg := range pkgInfo.Packages { | ||
| license, ok := licenses[pkg.Name] | ||
| if ok { | ||
| pkg.License = license |
There was a problem hiding this comment.
just modify existing package through index
pkgInfo.Packages[i].License = license
There was a problem hiding this comment.
Used this, thanks!
There was a problem hiding this comment.
Used this, thanks!
|
@DmitriyLewen Can you resolve conflicts? |
3 participants
Description
Debian based system hasn't requirement to write license information.
But almost every package in Debian contains a copyright file in
/usr/share/doc/<packagename>/copyright.More information here.
Added parser for copyright files and hook for adding licenses to dpkgs.
For parsing copyright files are used:
License: *pattern.