Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ABOUT files should be mapped when their documented resource is mapped #825

Closed
pombredanne opened this issue Jul 27, 2023 · 7 comments
Closed

ABOUT files should be mapped when their documented resource is mapped #825

pombredanne opened this issue Jul 27, 2023 · 7 comments
Assignees
@AyanSinhaMahapatra

Comments

@pombredanne
Copy link
Member

pombredanne commented Jul 27, 2023
edited by AyanSinhaMahapatra
Loading

ABOUT files should be mapped when their documented resource is mapped. They should be mapped to the same origin and license (e.g., the package documented in the ABOUT file) AND the .LICENSE and .NOTICE if any should also be mapped. All these assigned a status and should not be part of further scans
@AyanSinhaMahapatra AyanSinhaMahapatra self-assigned this Jul 27, 2023
AyanSinhaMahapatra added a commit that referenced this issue Aug 1, 2023
@AyanSinhaMahapatra
Tag about files and companions correctly #825
b67e607 
Tag about files and LICENSE/NOTICE files accompanying the ABOUT
file as "about-mapped", and ignore these files from the scanning
step.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Aug 1, 2023
@AyanSinhaMahapatra
Tag about files and companions correctly #825 (#837)
c53e69a 
Tag about files and LICENSE/NOTICE files accompanying the ABOUT
file as "about-mapped", and ignore these files from the scanning
step.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@AyanSinhaMahapatra
Copy link
Member

AyanSinhaMahapatra commented Aug 1, 2023
edited
Loading

@pombredanne I've implemented this in the commit above, but just to confirm:

All these assigned a status and should be part of further scans

Did you mean to say they should not be scanned further?

Also just detailing the changes to confirm this is what we want:

  • Files mapped by ABOUT file are now tagged with status: about-mapped
  • Companion files for the ABOUT files (License/Notice etc) and the ABOUT file itself are also tagged with status: about-mapped
  • Files with status about-mapped are skipped from the file scanning step at last

@pombredanne
Copy link
Member Author

Did you mean to say they should not be scanned further?

Yes... I fat fingered it!

Also just detailing the changes to confirm this is what we want:

  • Files mapped by ABOUT file are now tagged with status: about-mapped
  • Companion files for the ABOUT files (License/Notice etc) and the ABOUT file itself are also tagged with status: about-mapped
  • Files with status about-mapped are skipped from the file scanning step at last

Actually all files mapped through an ABOUT file should be mapped super early in the pipeline and tagged such that there is NOT ANY other step that processes them further be it for mapping, matching, scanning or anything else. Their analysis is essentially "done".

AyanSinhaMahapatra added a commit that referenced this issue Aug 3, 2023
@AyanSinhaMahapatra
Tag about files and companions correctly #825 (#837)
901e133 
Tag about files and LICENSE/NOTICE files accompanying the ABOUT
file as "about-mapped", and ignore these files from the scanning
step.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra added a commit that referenced this issue Aug 3, 2023
@AyanSinhaMahapatra
Tag about files and companions correctly #825 (#837)
3c6dcc9 
Tag about files and LICENSE/NOTICE files accompanying the ABOUT
file as "about-mapped", and ignore these files from the scanning
step.

Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
tdruez pushed a commit that referenced this issue Aug 3, 2023
@AyanSinhaMahapatra
Tag about files and companions correctly #825 (#837)
a97f40f 
Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
@tdruez
Copy link
Contributor

tdruez commented Aug 3, 2023

@AyanSinhaMahapatra ready to be closed?

@AyanSinhaMahapatra
Copy link
Member

is NOT ANY other step that processes them further be it for mapping, matching, scanning or anything else.

@pombredanne
Most other pipes in the d2d pipeline already was doing this using .no_status(). For now only map_jar_to_source and map_javascript does not have filters by status, but they have filters by extension which selects files.

I've only modified the scan_mapped_from_for_files pipe to ignore only the files which are summarized by the ABOUT files, since that was the main issue.

@tdruez everything mentioned in #825 (comment) is implemented, but should we do more based on the above comments? ^

@pombredanne
Copy link
Member Author

@AyanSinhaMahapatra I am letting find the best solution with @keshav-space and @tdruez if need be :)
And my point stands: things mapped with an ABOUT file SHOULD NOT be further analyzed... if this means changing other steps, then so be it.

@keshav-space
Copy link
Member

Ack @pombredanne , will update the map_javascript to ignore the files with about file status.

@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue Aug 9, 2023
Merged
@AyanSinhaMahapatra
Copy link
Member

Closing this issue as this is completed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AyanSinhaMahapatra AyanSinhaMahapatra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tdruez @pombredanne @AyanSinhaMahapatra @keshav-space