Add support for parsing publiccode.yml as package metadata

src/licensedcode/data/rules/ibpp_intro.RULE

@@ -0,0 +1,15 @@
+---
+license_expression: ibpp
+is_license_intro: yes
+relevance: 85
+ignorable_copyrights:
+  - (c) Copyright 2000-2006 T.I.P. Group S.A. and the IBPP Team (www.ibpp.org)
+ignorable_holders:
+  - T.I.P. Group S.A. and the IBPP Team
+ignorable_urls:
+  - http://www.ibpp.org/
+---
+IBPP License v1.1
+-----------------
+
+(C) Copyright 2000-2006 T.I.P. Group S.A. and the IBPP Team (www.ibpp.org)

src/licensedcode/data/rules/ibpp_ref.RULE

@@ -0,0 +1,6 @@
+---
+license_expression: ibpp
+is_license_reference: yes
+relevance: 90
+---
+IBPP License, see appendix

src/packagedcode/__init__.py

@@ -33,6 +33,7 @@
 from packagedcode import opam
 from packagedcode import phpcomposer
 from packagedcode import pubspec
+from packagedcode import publiccode
 from packagedcode import pypi
 from packagedcode import readme
 from packagedcode import rpm
@@ -77,6 +78,8 @@
     conda.CondaMetaYamlHandler,
     conda.CondaYamlHandler,
 
+    publiccode.PubliccodeYmlHandler,
+
     conan.ConanFileHandler,
     conan.ConanDataHandler,
 

src/packagedcode/publiccode.py

@@ -0,0 +1,133 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# ScanCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/scancode-toolkit for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+import os
+
+import saneyaml
+
+from packagedcode import models
+
+"""
+Handle publiccode.yml metadata files.
+publiccode.yml is a metadata standard for public sector open source software.
+See https://github.com/publiccodeyml/publiccode.yml
+"""
+
+TRACE = os.environ.get('SCANCODE_DEBUG_PACKAGE', False)
+
+logger = logging.getLogger(__name__)
+
+
+class PubliccodeYmlHandler(models.DatafileHandler):
+    datasource_id = 'publiccode_yml'
+    path_patterns = ('*/publiccode.yml', '*/publiccode.yaml')
+    default_package_type = 'publiccode'
+    default_primary_language = None
+    description = 'publiccode.yml metadata file'
+    documentation_url = 'https://github.com/publiccodeyml/publiccode.yml'
+
+    @classmethod
+    def parse(cls, location, package_only=False):
+        with open(location, 'rb') as f:
+            data = saneyaml.load(f.read())
+
+        if not data or not isinstance(data, dict):
+            return
+
+        # Validate: a publiccode.yml must have 'publiccodeYmlVersion'
+        if 'publiccodeYmlVersion' not in data:
+            return
+
+        name = data.get('name')
+        version = data.get('softwareVersion')
+        vcs_url = data.get('url')
+        homepage_url = data.get('landingURL') or vcs_url
+
+        # License is under legal.license (SPDX expression)
+        legal = data.get('legal') or {}
+        declared_license = legal.get('license')
+        copyright_statement = legal.get('mainCopyrightOwner') or legal.get('repoOwner')
+
+        # Description: prefer English, fall back to first available language
+        description = _get_description(data)
+
+        # Keywords from categories
+        categories = data.get('categories') or []
+        keywords = ', '.join(categories) if categories else None
+
+        # Parties from maintenance.contacts
+        parties = []
+        maintenance = data.get('maintenance') or {}
+        for contact in maintenance.get('contacts') or []:
+            contact_name = contact.get('name')
+            contact_email = contact.get('email')
+            if contact_name or contact_email:
+                parties.append(
+                    models.Party(
+                        type=models.party_person,
+                        name=contact_name,
+                        email=contact_email,
+                        role='maintainer',
+                    )
+                )
+
+        # Extra data
+        extra_data = {}
+        schema_version = data.get('publiccodeYmlVersion')
+        if schema_version:
+            extra_data['publiccodeYmlVersion'] = schema_version
+        platforms = data.get('platforms')
+        if platforms:
+            extra_data['platforms'] = platforms
+        development_status = data.get('developmentStatus')
+        if development_status:
+            extra_data['developmentStatus'] = development_status
+        software_type = data.get('softwareType')
+        if software_type:
+            extra_data['softwareType'] = software_type
+
+        yield models.PackageData(
+            datasource_id=cls.datasource_id,
+            type=cls.default_package_type,
+            name=name,
+            version=version,
+            vcs_url=vcs_url,
+            homepage_url=homepage_url,
+            description=description,
+            declared_license_expression=declared_license,
+            copyright=copyright_statement,
+            keywords=keywords,
+            parties=parties,
+            extra_data=extra_data or None,
+        )
+
+
+def _get_description(data):
+    """
+    Extract the best available description from publiccode.yml's
+    multilingual 'description' block. Prefer English, fall back to
+    any available language. Returns longDescription, else shortDescription.
+    """
+    description_block = data.get('description') or {}
+    if not description_block:
+        return
+
+    lang_data = (
+        description_block.get('en')
+        or description_block.get('eng')
+        or next(iter(description_block.values()), None)
+    )
+    if not lang_data:
+        return
+
+    long_desc = lang_data.get('longDescription', '').strip()
+    short_desc = lang_data.get('shortDescription', '').strip()
+
+    return long_desc or short_desc or None

src/packagedcode/rubygems.py

@@ -706,6 +706,7 @@ def party_mapper(role, names=[], emails=[]):
             models.Party(type=models.party_person, email=email, role=role)
             for email in emails
         )
+    return ()
 
 
 def get_parties(gem_data):

src/packagedcode/spec.py

@@ -133,6 +133,40 @@ def get_authors(line):
 }
 
 
+def is_ruby_version_constant(value):
+    """
+    Return True if value looks like a Ruby constant expression
+    that cannot be resolved statically, such as:
+    Elasticsearch::API::VERSION or MyGem::VERSION
+
+    These are dynamic values that reference Ruby constants
+    and cannot be determined without executing the Ruby code.
+
+    For example:
+    >>> is_ruby_version_constant('Elasticsearch::API::VERSION')
+    True
+    >>> is_ruby_version_constant('MyGem::VERSION')
+    True
+    >>> is_ruby_version_constant('1.0.0')
+    False
+    >>> is_ruby_version_constant("'2.3.4'")
+    False
+    >>> is_ruby_version_constant(None)
+    False
+    """
+    if not value:
+        return False
+    # Ruby constants use :: as namespace separator
+    if '::' in value:
+        return True
+    # A bare constant starts with uppercase and has no dots/quotes
+    # e.g. VERSION (unlikely but possible)
+    stripped = value.strip('\'"')
+    if stripped and stripped[0].isupper() and '.' not in stripped:
+        return True
+    return False
+
+
 def parse_spec(location, package_type):
     """
     Return a mapping of data parsed from a podspec/gemspec/Pofile/Gemfile file
@@ -151,6 +185,10 @@ def parse_spec(location, package_type):
             parsed = parser(line=line)
             if parsed:
                 spec_data[attribute_name] = parsed
+
+    version = spec_data.get('version')
+    if is_ruby_version_constant(version):
+        spec_data['version'] = None
 
     # description can be in single or multi-lines
     # There are many different ways to write description.

tests/licensedcode/data/datadriven/lic1/ibpp.txt

@@ -0,0 +1,22 @@
+IBPP License v1.1
+-----------------
+
+(C) Copyright 2000-2006 T.I.P. Group S.A. and the IBPP Team (www.ibpp.org)
+
+Permission is hereby granted, free of charge, to any person or organization
+("You") obtaining a copy of this software and associated documentation files
+covered by this license (the "Software") to use the Software as part of another
+work; to modify it for that purpose; to publish or distribute it, modified or
+not, for that same purpose; to permit persons to whom the other work using the
+Software is furnished to do so; subject to the following conditions: the above
+copyright notice and this complete and unmodified permission notice shall be
+included in all copies or substantial portions of the Software; You will not
+misrepresent modified versions of the Software as being the original.
+
+The Software is provided "as is", without warranty of any kind, express or
+implied, including but not limited to the warranties of merchantability,
+fitness for a particular purpose and noninfringement.  In no event shall
+the authors or copyright holders be liable for any claim, damages or other
+liability, whether in an action of contract, tort or otherwise, arising from,
+out of or in connection with the software or the use of other dealings in
+the Software.

tests/licensedcode/data/datadriven/lic1/ibpp.txt.yml

@@ -0,0 +1,2 @@
+license_expressions:
+  - ibpp

tests/licensedcode/data/datadriven/lic1/wt_ibpp_interference.md

@@ -0,0 +1,26 @@
+passwdqc
+Copyright (c) 2000-2002 by Solar Designer
+Copyright (c) 2008,2009 by Dmitry V. Levin
+Redistribution and use in source and binary forms, with or without
+modification, are permitted.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+| IBPP | Wt::Dbo Firebird backend | IBPP License, see appendix | Copyright 2000-2006 T.I.P. Group S.A. and the IBPP Team |
+
+### IBPP
+
+IBPP License v1.1
+-----------------
+
+(C) Copyright 2000-2006 T.I.P. Group S.A. and the IBPP Team (www.ibpp.org)

tests/licensedcode/data/datadriven/lic1/wt_ibpp_interference.md.yml

@@ -0,0 +1,5 @@
+notes: Minimal Wt-derived regression fixture for issue #3553, keeping the passwdqc disclaimer immediately before the IBPP reference and appendix intro.
+license_expressions:
+  - bsd-1-clause
+  - ibpp
+  - ibpp

tests/licensedcode/test_plugin_license_detection.py

@@ -374,3 +374,30 @@ def test_match_reference_license():
         must_exist=False,
     )
     check_json_scan(expected_loc, result_file, regen=REGEN_TEST_FIXTURES)
+
+
+def test_wt_ibpp_interference_is_detected_in_scan_output():
+    test_file = test_env.get_test_loc('datadriven/lic1/wt_ibpp_interference.md')
+    result_file = test_env.get_temp_file('json')
+    args = [
+        '--license',
+        '--license-text',
+        '--license-text-diagnostics',
+        '--license-diagnostics',
+        '--strip-root',
+        '--json', result_file,
+        test_file,
+    ]
+    run_scan_click(args, processes='1')
+
+    from commoncode.resource import VirtualCodebase
+
+    codebase = VirtualCodebase(result_file)
+    resource = codebase.get_resource(path='wt_ibpp_interference.md')
+
+    assert resource.detected_license_expression == 'bsd-1-clause AND ibpp'
+    assert any(
+        match['license_expression'] == 'ibpp'
+        for detection in resource.license_detections
+        for match in detection['matches']
+    )

tests/packagedcode/data/publiccode/publiccode.yml

@@ -0,0 +1,47 @@
+publiccodeYmlVersion: "0.4"
+
+name: Medusa
+url: "https://example.com/italia/medusa.git"
+landingURL: "https://example.com/medusa"
+softwareVersion: "1.0.3"
+
+platforms:
+  - web
+  - linux
+
+categories:
+  - financial-reporting
+  - accounting
+
+developmentStatus: stable
+softwareType: "standalone/desktop"
+
+description:
+  en:
+    shortDescription: >
+      A short description of this software.
+    longDescription: >
+      A very long description of this software. It explains what it does,
+      who it is for, and why you might want to use it in a public
+      administration context.
+    features:
+      - Feature one
+      - Feature two
+
+legal:
+  license: AGPL-3.0-or-later
+  mainCopyrightOwner: City of Example
+  repoOwner: City of Example
+
+maintenance:
+  type: "contract"
+  contacts:
+    - name: Francesco Rossi
+      email: f.rossi@example.com
+      affiliation: City of Example
+
+localisation:
+  localisationReady: true
+  availableLanguages:
+    - en
+    - it