Description
When scanning a file with a standard GPL-2.0 header, scancode-toolkit generates two false positive detections in addition to the correct gpl-2.0 match.
The scanned file is: https://github.com/pycrate-org/pycrate/blob/master/tools/pycrate_asn1compile.py
Detection 1 (correct):
license_expression: gpl-2.0score: 100.0, lines 11–18
Detection 2 (false positive):
license_expression: gpl-2.0-plusscore: 34.21, lines 20–22- Rule:
gpl-2.0-plus_513.RULE
- The phrase "License version 2 in the
license.txt file or" is incorrectly matched as GPL-2.0-or-later. The word "or" here introduces an alternative way to obtain the license text, not a version flexibility clause.
Detection 3 (false positive):
license_expression: other-copyleftscore: 90.0, lines 22–23- Rule:
other-copyleft_fsf_address_1.RULE
- The FSF mailing address (
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA) is a standard boilerplate reference, not an independent license declaration.
Raw scancode output (relevant excerpt)
{
"license_detections": [
{
"license_expression": "gpl-2.0",
"license_expression_spdx": "GPL-2.0-only",
"from_file": "pycrate-master/tools/pycrate_asn1compile.py",
"start_line": 11,
"end_line": 18,
"matcher": "2-aho",
"score": 100.0,
"matched_length": 68,
"match_coverage": 100.0,
"rule_relevance": 100,
"rule_identifier": "gpl-2.0_121.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0_121.RULE"
},
{
"license_expression": "gpl-2.0-plus",
"license_expression_spdx": "GPL-2.0-or-later",
"from_file": "pycrate-master/tools/pycrate_asn1compile.py",
"start_line": 20,
"end_line": 22,
"matcher": "3-seq",
"score": 34.21,
"matched_length": 13,
"match_coverage": 34.21,
"rule_relevance": 100,
"rule_identifier": "gpl-2.0-plus_513.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0-plus_513.RULE"
},
{
"license_expression": "other-copyleft",
"license_expression_spdx": "LicenseRef-scancode-other-copyleft",
"from_file": "pycrate-master/tools/pycrate_asn1compile.py",
"start_line": 22,
"end_line": 23,
"matcher": "2-aho",
"score": 90.0,
"matched_length": 14,
"match_coverage": 100.0,
"rule_relevance": 90,
"rule_identifier": "other-copyleft_fsf_address_1.RULE",
"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/other-copyleft_fsf_address_1.RULE"
}
]
}The relevant lines (20–23) are:
# * You will find a copy of the terms and conditions of the GNU General Public
# * License version 2 in the "license.txt" file or
# * see http://www.gnu.org/licenses/ or write to the Free Software Foundation,
# * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
System Configuration
- OS: Windows 10
- ScanCode version: 32.5.0
- Python version: 3.14.5
Steps to Reproduce
- Clone: https://github.com/pycrate-org/pycrate
- Run:
scancode --license --copyright --json-pp result.json ./
- Inspect detections for
tools/pycrate_asn1compile.py
Expected Behavior
Only one detection: gpl-2.0 with high confidence (lines 11–18).
Description
When scanning a file with a standard GPL-2.0 header, scancode-toolkit generates two false positive detections in addition to the correct
gpl-2.0match.The scanned file is: https://github.com/pycrate-org/pycrate/blob/master/tools/pycrate_asn1compile.py
Detection 1 (correct):
license_expression:gpl-2.0score: 100.0, lines 11–18Detection 2 (false positive):
license_expression:gpl-2.0-plusscore: 34.21, lines 20–22gpl-2.0-plus_513.RULElicense.txtfile or" is incorrectly matched as GPL-2.0-or-later. The word "or" here introduces an alternative way to obtain the license text, not a version flexibility clause.Detection 3 (false positive):
license_expression:other-copyleftscore: 90.0, lines 22–23other-copyleft_fsf_address_1.RULEInc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA) is a standard boilerplate reference, not an independent license declaration.Raw scancode output (relevant excerpt)
{ "license_detections": [ { "license_expression": "gpl-2.0", "license_expression_spdx": "GPL-2.0-only", "from_file": "pycrate-master/tools/pycrate_asn1compile.py", "start_line": 11, "end_line": 18, "matcher": "2-aho", "score": 100.0, "matched_length": 68, "match_coverage": 100.0, "rule_relevance": 100, "rule_identifier": "gpl-2.0_121.RULE", "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0_121.RULE" }, { "license_expression": "gpl-2.0-plus", "license_expression_spdx": "GPL-2.0-or-later", "from_file": "pycrate-master/tools/pycrate_asn1compile.py", "start_line": 20, "end_line": 22, "matcher": "3-seq", "score": 34.21, "matched_length": 13, "match_coverage": 34.21, "rule_relevance": 100, "rule_identifier": "gpl-2.0-plus_513.RULE", "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/gpl-2.0-plus_513.RULE" }, { "license_expression": "other-copyleft", "license_expression_spdx": "LicenseRef-scancode-other-copyleft", "from_file": "pycrate-master/tools/pycrate_asn1compile.py", "start_line": 22, "end_line": 23, "matcher": "2-aho", "score": 90.0, "matched_length": 14, "match_coverage": 100.0, "rule_relevance": 90, "rule_identifier": "other-copyleft_fsf_address_1.RULE", "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/other-copyleft_fsf_address_1.RULE" } ] }The relevant lines (20–23) are:
System Configuration
Steps to Reproduce
scancode --license --copyright --json-pp result.json ./tools/pycrate_asn1compile.pyExpected Behavior
Only one detection:
gpl-2.0with high confidence (lines 11–18).