🌱 Combine hasLicenseFile and hasLicenseFileAtTopDir probes (#3955)

* delete hasLicenseFileAtTopDir probe

Signed-off-by: Spencer Schrock <[email protected]>

* increase value of having a license

the old split was 6 for having a license and 3 for having it in the expected location
but 1.5 years later, and there is still no other way we detect it. So it was effectively
worth 9 points. This change makes it actually worth 9 points.

Signed-off-by: Spencer Schrock <[email protected]>

* simplify logging and scoring

Signed-off-by: Spencer Schrock <[email protected]>

* ensure license findings have locations

Signed-off-by: Spencer Schrock <[email protected]>

* update tests to reflect new logging

Signed-off-by: Spencer Schrock <[email protected]>

* match existing detail better

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>

Author: spencerschrock

checks/evaluation/license.go

@@ -20,7 +20,6 @@ import (
 	"github.com/ossf/scorecard/v4/finding"
 	"github.com/ossf/scorecard/v4/probes/hasFSFOrOSIApprovedLicense"
 	"github.com/ossf/scorecard/v4/probes/hasLicenseFile"
-	"github.com/ossf/scorecard/v4/probes/hasLicenseFileAtTopDir"
 )
 
 // License applies the score policy for the License check.
@@ -32,7 +31,6 @@ func License(name string,
 	expectedProbes := []string{
 		hasLicenseFile.Probe,
 		hasFSFOrOSIApprovedLicense.Probe,
-		hasLicenseFileAtTopDir.Probe,
 	}
 
 	if !finding.UniqueProbesEqual(findings, expectedProbes) {
@@ -45,58 +43,20 @@ func License(name string,
 	m := make(map[string]bool)
 	for i := range findings {
 		f := &findings[i]
-		switch f.Outcome {
-		case finding.OutcomeNotApplicable:
-			dl.Info(&checker.LogMessage{
-				Type:   finding.FileTypeSource,
-				Offset: 1,
-				Text:   f.Message,
-			})
-		case finding.OutcomePositive:
+		if f.Outcome == finding.OutcomePositive {
 			switch f.Probe {
 			case hasFSFOrOSIApprovedLicense.Probe:
-				dl.Info(&checker.LogMessage{
-					Type:   finding.FileTypeSource,
-					Offset: 1,
-					Path:   f.Message,
-					Text:   "FSF or OSI recognized license",
-				})
 				score += scoreProbeOnce(f.Probe, m, 1)
-			case hasLicenseFileAtTopDir.Probe:
-				dl.Info(&checker.LogMessage{
-					Type:   finding.FileTypeSource,
-					Offset: 1,
-					Path:   f.Message,
-					Text:   "License file found in expected location",
-				})
-				score += scoreProbeOnce(f.Probe, m, 3)
 			case hasLicenseFile.Probe:
-				score += scoreProbeOnce(f.Probe, m, 6)
+				score += scoreProbeOnce(f.Probe, m, 9)
 			default:
 				e := sce.WithMessage(sce.ErrScorecardInternal, "unknown probe results")
 				return checker.CreateRuntimeErrorResult(name, e)
 			}
-		case finding.OutcomeNegative:
-			switch f.Probe {
-			case hasLicenseFileAtTopDir.Probe:
-				dl.Warn(&checker.LogMessage{
-					Type:   finding.FileTypeSource,
-					Offset: 1,
-					Path:   f.Message,
-					Text:   "License file found in unexpected location",
-				})
-			case hasFSFOrOSIApprovedLicense.Probe:
-				dl.Warn(&checker.LogMessage{
-					Type:   finding.FileTypeSource,
-					Offset: 1,
-					Path:   "",
-					Text:   f.Message,
-				})
-			}
-		default:
-			continue // for linting
 		}
 	}
+	checker.LogFindings(findings, dl)
+
 	_, defined := m[hasLicenseFile.Probe]
 	if !defined {
 		if score > 0 {

checks/evaluation/license_test.go

@@ -40,10 +40,6 @@ func TestLicense(t *testing.T) {
 					Probe:   "hasFSFOrOSIApprovedLicense",
 					Outcome: finding.OutcomePositive,
 				},
-				{
-					Probe:   "hasLicenseFileAtTopDir",
-					Outcome: finding.OutcomePositive,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        checker.MaxResultScore,
@@ -60,17 +56,13 @@ func TestLicense(t *testing.T) {
 					Probe:   "hasFSFOrOSIApprovedLicense",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "hasLicenseFileAtTopDir",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        checker.MinResultScore,
 				NumberOfWarn: 2,
 			},
 		}, {
-			name: "Has license file but not a top level or in OSI/FSF format",
+			name: "Has license file but not OSI/FSF approved",
 			findings: []finding.Finding{
 				{
 					Probe:   "hasLicenseFile",
@@ -80,14 +72,11 @@ func TestLicense(t *testing.T) {
 					Probe:   "hasFSFOrOSIApprovedLicense",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "hasLicenseFileAtTopDir",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
-				Score:        6,
-				NumberOfWarn: 2,
+				Score:        9,
+				NumberOfWarn: 1,
+				NumberOfInfo: 1,
 			},
 		}, {
 			name: "Findings missing a probe = Error",
@@ -96,10 +85,6 @@ func TestLicense(t *testing.T) {
 					Probe:   "hasLicenseFile",
 					Outcome: finding.OutcomePositive,
 				},
-				{
-					Probe:   "hasFSFOrOSIApprovedLicense",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score: -1,
@@ -116,37 +101,12 @@ func TestLicense(t *testing.T) {
 					Probe:   "hasFSFOrOSIApprovedLicense",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "hasLicenseFileAtTopDir",
-					Outcome: finding.OutcomePositive,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        9,
 				NumberOfInfo: 1,
 				NumberOfWarn: 1,
 			},
-		}, {
-			name: "Has an OSI/FSF approved license but not at top level dir",
-			findings: []finding.Finding{
-				{
-					Probe:   "hasLicenseFile",
-					Outcome: finding.OutcomePositive,
-				},
-				{
-					Probe:   "hasFSFOrOSIApprovedLicense",
-					Outcome: finding.OutcomePositive,
-				},
-				{
-					Probe:   "hasLicenseFileAtTopDir",
-					Outcome: finding.OutcomeNegative,
-				},
-			},
-			result: scut.TestReturn{
-				Score:        7,
-				NumberOfInfo: 1,
-				NumberOfWarn: 1,
-			},
 		},
 	}
 	for _, tt := range tests {

checks/license_test.go

@@ -52,10 +52,11 @@ func TestLicenseFileSubdirectory(t *testing.T) {
 			name:        "Without LICENSE",
 			inputFolder: "testdata/licensedir/withoutlicense",
 			expected: scut.TestReturn{
-				Error:        nil,
-				Score:        checker.MinResultScore,
-				NumberOfWarn: 0,
-				NumberOfInfo: 2,
+				Error:         nil,
+				Score:         checker.MinResultScore,
+				NumberOfWarn:  1,
+				NumberOfInfo:  0,
+				NumberOfDebug: 1,
 			},
 			err: nil,
 		},

probes/entries.go

@@ -32,7 +32,6 @@ import (
 	"github.com/ossf/scorecard/v4/probes/hasDangerousWorkflowUntrustedCheckout"
 	"github.com/ossf/scorecard/v4/probes/hasFSFOrOSIApprovedLicense"
 	"github.com/ossf/scorecard/v4/probes/hasLicenseFile"
-	"github.com/ossf/scorecard/v4/probes/hasLicenseFileAtTopDir"
 	"github.com/ossf/scorecard/v4/probes/hasNoGitHubWorkflowPermissionUnknown"
 	"github.com/ossf/scorecard/v4/probes/hasOSVVulnerabilities"
 	"github.com/ossf/scorecard/v4/probes/hasOpenSSFBadge"
@@ -95,7 +94,6 @@ var (
 	License = []ProbeImpl{
 		hasLicenseFile.Run,
 		hasFSFOrOSIApprovedLicense.Run,
-		hasLicenseFileAtTopDir.Run,
 	}
 	Contributors = []ProbeImpl{
 		contributorsFromOrgOrCompany.Run,

probes/hasFSFOrOSIApprovedLicense/impl.go

@@ -39,7 +39,7 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 		return nil, "", fmt.Errorf("%w: raw", uerror.ErrNil)
 	}
 
-	if raw.LicenseResults.LicenseFiles == nil || len(raw.LicenseResults.LicenseFiles) == 0 {
+	if len(raw.LicenseResults.LicenseFiles) == 0 {
 		f, err := finding.NewWith(fs, Probe,
 			"project does not have a license file", nil,
 			finding.OutcomeNotApplicable)
@@ -50,18 +50,16 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 	}
 
 	for _, licenseFile := range raw.LicenseResults.LicenseFiles {
-		if licenseFile.LicenseInformation.Approved {
-			// Store the file path in the msg
-			msg := licenseFile.File.Path
-
-			f, err := finding.NewWith(fs, Probe,
-				msg, nil,
-				finding.OutcomePositive)
-			if err != nil {
-				return nil, Probe, fmt.Errorf("create finding: %w", err)
-			}
-			return []finding.Finding{*f}, Probe, nil
+		if !licenseFile.LicenseInformation.Approved {
+			continue
 		}
+		licenseFile := licenseFile
+		loc := licenseFile.File.Location()
+		f, err := finding.NewPositive(fs, Probe, "FSF or OSI recognized license: "+licenseFile.LicenseInformation.Name, loc)
+		if err != nil {
+			return nil, Probe, fmt.Errorf("create finding: %w", err)
+		}
+		return []finding.Finding{*f}, Probe, nil
 	}
 
 	f, err := finding.NewWith(fs, Probe,

probes/hasLicenseFile/impl.go

@@ -40,17 +40,11 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 	}
 
 	var findings []finding.Finding
-	var outcome finding.Outcome
-	var msg string
 
 	licenseFiles := raw.LicenseResults.LicenseFiles
 
 	if len(licenseFiles) == 0 {
-		outcome = finding.OutcomeNegative
-		msg = "project does not have a license file"
-		f, err := finding.NewWith(fs, Probe,
-			msg, nil,
-			outcome)
+		f, err := finding.NewNegative(fs, Probe, "project does not have a license file", nil)
 		if err != nil {
 			return nil, Probe, fmt.Errorf("create finding: %w", err)
 		}
@@ -59,18 +53,8 @@ func Run(raw *checker.RawResults) ([]finding.Finding, string, error) {
 	} else {
 		for _, licenseFile := range licenseFiles {
 			licenseFile := licenseFile
-			loc := &finding.Location{
-				Type:      licenseFile.File.Type,
-				Path:      licenseFile.File.Path,
-				LineStart: &licenseFile.File.Offset,
-				LineEnd:   &licenseFile.File.EndOffset,
-				Snippet:   &licenseFile.File.Snippet,
-			}
-			msg = "project has a license file"
-			outcome = finding.OutcomePositive
-			f, err := finding.NewWith(fs, Probe,
-				msg, loc,
-				outcome)
+			loc := licenseFile.File.Location()
+			f, err := finding.NewPositive(fs, Probe, "project has a license file", loc)
 			if err != nil {
 				return nil, Probe, fmt.Errorf("create finding: %w", err)
 			}