From 9cd2e4b3dcbdbe8a4aecc9c069fc20a59f50d0f5 Mon Sep 17 00:00:00 2001 From: Jake Shadle Date: Wed, 28 Feb 2024 09:23:16 +0100 Subject: [PATCH] Add notes to rejected licenses --- deny.toml | 13 +- src/cargo-deny/check.rs | 6 + src/lib.rs | 3 + src/licenses.rs | 43 ++- src/test_utils.rs | 1 + .../licenses__accepts_exceptions.snap | 11 + .../licenses__handles_dev_dependencies.snap | 12 + .../snapshots/licenses__rejects_licenses.snap | 291 ++++++++++++++++++ 8 files changed, 366 insertions(+), 14 deletions(-) diff --git a/deny.toml b/deny.toml index fb8f8f7dc..45f3c01a8 100644 --- a/deny.toml +++ b/deny.toml @@ -52,15 +52,10 @@ allow = [ "ISC", ] exceptions = [ - { allow = [ - "Zlib", - ], crate = "tinyvec" }, - { allow = [ - "Unicode-DFS-2016", - ], crate = "unicode-ident" }, - { allow = [ - "OpenSSL", - ], crate = "ring" }, + # Use exceptions for these as they only have a single user + { allow = ["Zlib"], crate = "tinyvec" }, + { allow = ["Unicode-DFS-2016"], crate = "unicode-ident" }, + { allow = ["OpenSSL"], crate = "ring" }, ] # Sigh diff --git a/src/cargo-deny/check.rs b/src/cargo-deny/check.rs index 6ec7b57b9..68e7898d2 100644 --- a/src/cargo-deny/check.rs +++ b/src/cargo-deny/check.rs @@ -343,6 +343,8 @@ pub(crate) fn cmd( let colorize = log_ctx.format == crate::Format::Human && crate::common::should_colorize(log_ctx.color, std::io::stderr()); + let log_level = log_ctx.log_level; + rayon::scope(|s| { // Asynchronously displays messages sent from the checks s.spawn(|_| { @@ -372,6 +374,7 @@ pub(crate) fn cmd( krate_spans: &krate_spans, serialize_extra, colorize, + log_level, }; s.spawn(move |_| { @@ -421,6 +424,7 @@ pub(crate) fn cmd( krate_spans: &krate_spans, serialize_extra, colorize, + log_level, }; s.spawn(|_| { @@ -444,6 +448,7 @@ pub(crate) fn cmd( krate_spans: &krate_spans, serialize_extra, colorize, + log_level, }; s.spawn(|_| { @@ -467,6 +472,7 @@ pub(crate) fn cmd( krate_spans: &krate_spans, serialize_extra, colorize, + log_level, }; s.spawn(move |_| { diff --git a/src/lib.rs b/src/lib.rs index c57c4362d..f87fb3e89 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -445,6 +445,9 @@ pub struct CheckCtx<'ctx, T> { pub serialize_extra: bool, /// Allows for ANSI colorization of diagnostic content pub colorize: bool, + /// Log level specified by the user, may be used by checks to determine what + /// information to emit in diagnostics + pub log_level: log::LevelFilter, } /// Checks if a version satisfies the specifies the specified version requirement. diff --git a/src/licenses.rs b/src/licenses.rs index f01bd5ce9..e20da7523 100644 --- a/src/licenses.rs +++ b/src/licenses.rs @@ -34,7 +34,7 @@ struct Hits { } fn evaluate_expression( - cfg: &cfg::ValidConfig, + ctx: &crate::CheckCtx<'_, cfg::ValidConfig>, krate_lic_nfo: &KrateLicense<'_>, expr: &spdx::Expression, nfo: &LicenseExprInfo, @@ -73,6 +73,8 @@ fn evaluate_expression( let mut warnings = 0; + let cfg = &ctx.cfg; + // Check to see if the crate matches an exception, which is additional to // the general allow list let exception_ind = cfg @@ -228,7 +230,37 @@ fn evaluate_expression( ), ); - for (reason, failed_req) in reasons.into_iter().zip(expr.requirements()) { + let mut notes = Vec::new(); + + for ((reason, accepted), failed_req) in reasons.into_iter().zip(expr.requirements()) { + if accepted && ctx.log_level < log::LevelFilter::Info { + continue; + } + + if severity == Severity::Error { + if let Some(id) = failed_req.req.license.id() { + notes.push(format!("{} - {}:", id.name, id.full_name)); + + if id.is_deprecated() { + notes.push(" - **DEPRECATED**".into()); + } + + if id.is_osi_approved() { + notes.push(" - OSI approved".into()); + } + + if id.is_fsf_free_libre() { + notes.push(" - FSF Free/Libre".into()); + } + + if id.is_copyleft() { + notes.push(" - Copyleft".into()); + } + } else { + notes.push(format!("{} is not an SPDX license", failed_req.req)); + } + } + labels.push( Label::primary( nfo.file_id, @@ -237,8 +269,8 @@ fn evaluate_expression( ) .with_message(format!( "{}: {}", - if reason.1 { "accepted" } else { "rejected" }, - match reason.0 { + if accepted { "accepted" } else { "rejected" }, + match reason { Reason::Denied => "explicitly denied", Reason::IsFsfFree => "license is FSF approved https://www.gnu.org/licenses/license-list.en.html", @@ -273,6 +305,7 @@ fn evaluate_expression( diags::Code::Rejected }) .with_labels(labels) + .with_notes(notes) } pub fn check( @@ -317,7 +350,7 @@ pub fn check( match &krate_lic_nfo.lic_info { LicenseInfo::SpdxExpression { expr, nfo } => { pack.push(evaluate_expression( - &ctx.cfg, + &ctx, &krate_lic_nfo, expr, nfo, diff --git a/src/test_utils.rs b/src/test_utils.rs index a2fe25976..1e809ba50 100644 --- a/src/test_utils.rs +++ b/src/test_utils.rs @@ -276,6 +276,7 @@ where cfg, serialize_extra: true, colorize: false, + log_level: log::LevelFilter::Info, }; runner(ctx, newmap, tx, &mut files); }, diff --git a/tests/snapshots/licenses__accepts_exceptions.snap b/tests/snapshots/licenses__accepts_exceptions.snap index b477438c9..940827134 100644 --- a/tests/snapshots/licenses__accepts_exceptions.snap +++ b/tests/snapshots/licenses__accepts_exceptions.snap @@ -81,6 +81,17 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "Zlib - zlib License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre", + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" diff --git a/tests/snapshots/licenses__handles_dev_dependencies.snap b/tests/snapshots/licenses__handles_dev_dependencies.snap index 0960117af..150c72e7b 100644 --- a/tests/snapshots/licenses__handles_dev_dependencies.snap +++ b/tests/snapshots/licenses__handles_dev_dependencies.snap @@ -46,6 +46,11 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -85,6 +90,13 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "GPL-3.0 - GNU General Public License v3.0 only:", + " - **DEPRECATED**", + " - OSI approved", + " - FSF Free/Libre", + " - Copyleft" + ], "severity": "error" }, "type": "diagnostic" diff --git a/tests/snapshots/licenses__rejects_licenses.snap b/tests/snapshots/licenses__rejects_licenses.snap index 621417c0b..19cead1bc 100644 --- a/tests/snapshots/licenses__rejects_licenses.snap +++ b/tests/snapshots/licenses__rejects_licenses.snap @@ -74,6 +74,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -151,6 +159,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -226,6 +242,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -316,6 +340,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -360,6 +392,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -420,6 +460,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -505,6 +553,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -634,6 +690,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -686,6 +750,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -746,6 +818,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -798,6 +878,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -842,6 +930,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -917,6 +1013,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -994,6 +1098,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1040,6 +1152,11 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1092,6 +1209,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1174,6 +1299,17 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "Zlib - zlib License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre", + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1264,6 +1400,17 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre", + "Zlib - zlib License:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1332,6 +1479,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1400,6 +1555,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1452,6 +1615,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1521,6 +1692,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1573,6 +1752,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1617,6 +1804,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1669,6 +1864,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1729,6 +1932,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1781,6 +1992,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1841,6 +2060,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1893,6 +2120,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -1953,6 +2188,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -2005,6 +2248,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -2065,6 +2316,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -2117,6 +2376,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -2169,6 +2436,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -2229,6 +2504,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic" @@ -2281,6 +2564,14 @@ expression: diags } ], "message": "failed to satisfy license requirements", + "notes": [ + "MIT - MIT License:", + " - OSI approved", + " - FSF Free/Libre", + "Apache-2.0 - Apache License 2.0:", + " - OSI approved", + " - FSF Free/Libre" + ], "severity": "error" }, "type": "diagnostic"