Changeset 13618

Timestamp:

04/30/2024 04:41:42 AM (10 months ago)

Author:

dd32

Message:

Plugin Directory: Readme: Validate that the license field contains a likely valid license.

This adds to the existing "no license" with two new ones:

• Warning: License appears to be not-GPL-compatible, invalid
• Note: We could not parse the license specified, unknown

Fixes #1944.

Location:

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/readme

Files:

• class-parser.php (modified) (2 diffs)
• class-validator.php (modified) (2 diffs)

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/readme/class-parser.php

@@ -342 +342 @@
             // Handle the many cases of "License: GPLv2 - http://..."
             if ( empty( $headers['license_uri'] ) && preg_match( '!(https?://\S+)!i', $headers['license'], $url ) ) {
-                $headers['license_uri'] = $url[1];
-                $headers['license']     = trim( str_replace( $url[1], '', $headers['license'] ), " -*\t\n\r\n" );
-            }
+                $headers['license_uri'] = trim( $url[1], " -*\t\n\r\n(" );
+                $headers['license']     = trim( str_replace( $url[1], '', $headers['license'] ), " -*\t\n\r\n(" );
+            }
+
             $this->license = $headers['license'];
         }
         if ( ! empty( $headers['license_uri'] ) ) {
             $this->license_uri = $headers['license_uri'];
+        }
+
+        // Validate the license specified.
+        if ( ! $this->license ) {
+            $this->warnings['license_missing'] = true;
+        } else {
+            $license_error = $this->validate_license( $this->license );
+            if ( true !== $license_error ) {
+                $this->warnings[ $license_error ] = $this->license;
+            }
         }
 
@@ -920 +931 @@
     }
 
+    /**
+     * Validate whether the license specified appears to be valid or not.
+     *
+     * NOTE: This does not require a SPDX license to be specified, but it should be a valid license nonetheless.
+     *
+     * @param string $license The specified license.
+     * @return string|bool True if it looks good, error code on failure.
+     */
+    public function validate_license( $license ) {
+        /*
+         * This is a shortlist of keywords that are expected to be found in a valid license field.
+         * See https://www.gnu.org/licenses/license-list.en.html for possible compatible licenses.
+         */
+        $probably_compatible = [
+            'GPL', 'General Public License',
+            // 'GNU 2', 'GNU Public', 'GNU Version 2' explicitely not included, as it's not a specific license.
+            'MIT',
+            'ISC',
+            'Expat',
+            'Apache 2', 'Apache License 2',
+            'X11', 'Modified BSD', 'New BSD', '3 Clause BSD', 'BSD 3',
+            'FreeBSD', 'Simplified BSD', '2 Clause BSD', 'BSD 2',
+            'MPL', 'Mozilla Public License',
+            strrev( 'LPFTW' ), strrev( 'kcuf eht tahw od' ), // To avoid some code scanners..
+            'Public Domain', 'CC0', 'Unlicense',
+            'CC BY', // Note: BY-NC & BY-ND are a no-no. See below.
+            'zlib',
+        ];
+
+        /*
+         * This is a shortlist of keywords that are likely related to a non-GPL  compatible license.
+         * See https://www.gnu.org/licenses/license-list.en.html for possible explanations.
+         */
+        $probably_incompatible = [
+            '4 Clause BSD', 'BSD 4 Clause', 
+            'Apache 1',
+            'CC BY-NC', 'CC-NC', 'NonCommercial',
+            'CC BY-ND', 'NoDerivative',
+            'EUPL',
+            'OSL',
+            'Personal use', 'without permission', 'without prior auth', 'you may not',
+            'Proprietery', 'proprietary',
+        ];
+
+        $sanitize_license = static function( $license ) {
+            $license = strtolower( $license );
+
+            // Localised or verbose licences.
+            $license = str_replace( 'licence', 'license', $license );
+            $license = str_replace( 'clauses', 'clause', $license ); // BSD
+            $license = str_replace( 'creative commons', 'cc', $license );
+
+            // If it looks like a full GPL statement, trim it back, for this function.
+            if ( 0 === stripos( $license, 'GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989' ) ) {
+                $license = 'gplv2';
+            }
+
+            // Replace 'Version 9' & v9 with '9' for simplicity.
+            $license = preg_replace( '/(version |v)([0-9])/i', '$2', $license );
+
+            // Remove unexpected characters
+            $license = preg_replace( '/(\s*[^a-z0-9. ]+\s*)/i', '', $license );
+
+            // Remove all spaces
+            $license = preg_replace( '/\s+/', '', $license );
+
+            return $license;
+        };
+
+        $probably_compatible   = array_map( $sanitize_license, $probably_compatible );
+        $probably_incompatible = array_map( $sanitize_license, $probably_incompatible );
+        $license               = $sanitize_license( $license );
+
+        // First check to see if it's most probably an incompatible license.
+        foreach ( $probably_incompatible as $match ) {
+            if ( str_contains( $license, $match ) ) {
+                return 'invalid_license';
+            }
+        }
+
+        // Check to see if it's likely compatible.
+        foreach ( $probably_compatible as $match ) {
+            if ( str_contains( $license, $match ) ) {
+                return true;
+            }
+        }
+
+        // If we've made it this far, it's neither likely incompatible, or likely compatible, so unknown.
+        return 'unknown_license';
+    }
+
 }

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/readme/class-validator.php

@@ -145 +145 @@
         }
 
-        if ( empty( $readme->license ) ) {
+        if ( ! empty( $readme->warnings['license_missing'] ) ) {
             $warnings['license_missing'] = true;
+        } elseif ( ! empty( $readme->warnings['invalid_license'] ) ) {
+            $errors['invalid_license'] = $readme->warnings['invalid_license'];
+        } elseif ( ! empty( $readme->warnings['unknown_license'] ) ) {
+            $notes['unknown_license'] = $readme->warnings['unknown_license'];
         }
 
@@ -398 +402 @@
             case 'donate_link_missing':
                 return __( 'No donate link was found', 'wporg-plugins' );
+
             case 'license_missing':
                 return sprintf(
-                    /* translators: 1: 'License' */
-                    __( 'The %1$s field is missing or invalid. A GPLv2 or later compatible license should be specified.', 'wporg-plugins' ),
-                    '<code>License</code>'
+                    /* translators: 1: 'License', 2: Link to a compatible licenses page. */
+                    __( 'The %1$s field is missing. <a href="%2$s">A GPLv2 or later compatible license</a> should be specified.', 'wporg-plugins' ),
+                    '<code>License</code>',
+                    'https://www.gnu.org/licenses/license-list.en.html'
+                );
+
+            case 'invalid_license':
+                return sprintf(
+                    /* translators: 1: 'License', 2: Link to a compatible licenses page. */
+                    __( 'The %1$s field appears to be invalid. <a href="%2$s">A GPLv2 or later compatible license</a> should be specified.', 'wporg-plugins' ),
+                    '<code>License</code>',
+                    'https://www.gnu.org/licenses/license-list.en.html'
+                );
+
+            case 'unknown_license':
+                return sprintf(
+                    /* translators: 1: 'License', 2: Link to a compatible licenses page. */
+                    __( 'The %1$s field could not be validated. <a href="%2$s">A GPLv2 or later compatible license</a> should be specified. The specified license may be compatible.', 'wporg-plugins' ),
+                    '<code>License</code>',
+                    'https://www.gnu.org/licenses/license-list.en.html'
                 );