!3 OAT 开源扫描配置

Merge pull request !3 from pssea/master

OAT.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (c) 2021 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+     
+     Notes:
+     This is project config file for OpenHarmony OSS Audit Tool, if you have any questions or concerns, please email chenyaxun.
+-->
+<!-- OAT(OSS Audit Tool) configuration guide:
+basedir: Root dir, the basedir + project path is the real source file location.
+licensefile: 
+1.If the project don't have "LICENSE" in root dir, please define all the license files in this project in , OAT will check license files according to this rule.
+
+tasklist(only for batch mode):
+1. task: Define oat check thread, each task will start a new thread.
+2. task name: Only an name, no practical effect.
+3. task policy: Default policy for projects under this task, this field is required and the specified policy must defined in policylist.
+4. task filter: Default filefilter for projects under this task, this field is required and the specified filefilter must defined in filefilterlist.
+5. task project: Projects to be checked, the path field define the source root dir of the project.
+
+
+policyList:
+1. policy: All policyitems will be merged to default OAT.xml rules, the name of policy doesn't affect OAT check process.
+2. policyitem: The fields type, name, path, desc is required, and the fields rule, group, filefilter is optional,the default value is:
+<policyitem type="" name="" path="" desc="" rule="may" group="defaultGroup" filefilter="defaultPolicyFilter"/>
+3. policyitem type:
+    "compatibility" is used to check license compatibility in the specified path; 
+    "license" is used to check source license header in the specified path;
+    "copyright" is used to check source copyright header in the specified path;
+    "import" is used to check source dependency in the specified path, such as import ... ,include ...
+    "filetype" is used to check file type in the specified path, supported file types: archive, binary
+    "filename" is used to check whether the specified file exists in the specified path(support projectroot in default OAT.xml), supported file names: LICENSE, README, README.OpenSource
+
+4. policyitem name: This field is used for define the license, copyright, "*" means match all, the "!" prefix means could not match this value. For example, "!GPL" means can not use GPL license. 
+5. policyitem path: This field is used for define the source file scope to apply this policyitem, the "!" prefix means exclude the files. For example, "!.*/lib/.*" means files in lib dir will be exclude while process this policyitem.
+6. policyitem rule and group: These two fields are used together to merge policy results. "may" policyitems in the same group means any one in this group passed, the result will be passed.
+7. policyitem filefilter: Used to bind filefilter which define filter rules.
+8. filefilter: Filter rules, the type filename is used to filter file name, the type filepath is used to filter file path.
+
+Note:If the text contains special characters, please escape them according to the following rules:
+" == &gt;
+& == &gt;
+' == &gt;
+< == &gt;
+> == &gt;
+-->
+<configuration>
+    <oatconfig>
+        <licensefile>docs/FTL.TXT</licensefile>
+        <policylist>
+            <policy name="projectPolicy" desc="">
+                <policyitem type="compatibility" name="FTL" path=".*" desc="The FreeType Project LICENSE"/>
+                <policyitem type="compatibility" name="The FreeType Project LICENSE" path=".*" desc="The FreeType Project LICENSE"/>
+                <policyitem type="compatibility" name="GPLStyleLicense" path="builds/unix/config.guess" desc="config file,, not license declare"/>
+                <policyitem type="compatibility" name="GPLStyleLicense" path="builds/unix/config.sub" desc="config file,, not license declare"/>
+                <policyitem type="compatibility" name="GPLStyleLicense" path="docs/LICENSE.TXT" desc="Freetype provide FTL and GPLv2 license, you can choose one of them."/>
+                <policyitem type="compatibility" name="LGPLStyleLicense" path="docs/GPLv2.TXT" desc="Freetype provide FTL and GPLv2 license, you can choose one of them."/>
+                <policyitem type="compatibility" name="zlib/libpng License" path="src/gzip/.*" desc="Zlib used by FreeType."/>
+                <policyitem type="compatibility" name="zlib-acknowledgement" path="src/gzip/zlib.h" desc="Zlib used by FreeType."/>
+            </policy>
+        </policylist>
+        <filefilterlist>
+            <filefilter name="defaultFilter" desc="Files not to check">
+                <filteritem type="filepath" name="docs/CHANGES" desc="This is chenglog file, no need license"/>
+                <filteritem type="filepath" name="docs/PROBLEMS" desc="This is a problems file, no need license"/>
+                <filteritem type="fillname" name="ChangeLog.*" desc="This is chenglog file, no need license"/>
+                <filteritem type="filepath" name="src/base/md5.h" desc="This file is free software"/>
+                <filteritem type="filepath" name="src/pcf/pcfutil.c" desc="This file is free software"/>
+                <filteritem type="filepath" name="builds/unix/pkg.m4" desc="pkg-config file"/>
+            </filefilter>
+        </filefilterlist>
+        <licensematcherlist>
+            <licensematcher name="zlib/libpng License" desc="zlib/png license">
+                <licensetext name="                  
+                     * Copyright (C) 1995-2002 Mark Adler
+                     * For conditions of distribution and use, see copyright notice in zlib.h
+                 " desc=""/>
+                <licensetext name="
+                     * Copyright (C) 1995-2002 Jean-loup Gailly.
+                     * For conditions of distribution and use, see copyright notice in zlib.h
+                 " desc=""/>
+                 <licensetext name="
+                      zlib.h -- interface of the 'zlib' general purpose compression library
+                      version 1.1.4, March 11th, 2002
+
+                      Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler
+
+                      This software is provided 'as-is', without any express or implied
+                      warranty.  In no event will the authors be held liable for any damages
+                      arising from the use of this software.
+
+                      Permission is granted to anyone to use this software for any purpose,
+                      including commercial applications, and to alter it and redistribute it
+                      freely, subject to the following restrictions:
+
+                      1. The origin of this software must not be misrepresented; you must not
+                         claim that you wrote the original software. If you use this software
+                         in a product, an acknowledgment in the product documentation would be
+                         appreciated but is not required.
+                      2. Altered source versions must be plainly marked as such, and must not be
+                         misrepresented as being the original software.
+                      3. This notice may not be removed or altered from any source distribution.
+                 " desc=""/>
+            </licensematcher>
+        </licensematcherlist>
+    </oatconfig>
+</configuration>
\ No newline at end of file