fosslight / fosslight Goto Github PK
View Code? Open in Web Editor NEWFOSSLight Hub : Integrated management web-service for Open Source Compliance Process
Home Page: https://fosslight.org
License: GNU Affero General Public License v3.0
FOSSLight Hub : Integrated management web-service for Open Source Compliance Process
Home Page: https://fosslight.org
License: GNU Affero General Public License v3.0
Is your feature request related to a problem? Please describe.
If you click Project > Basic Information > Drop button, you can drop the project without writing any comments.
However, I think it will be helpful for future projects when the reason for the drop is clearly stated.
Therefore, when you click the drop button, if you have not entered a comment, a message appears asking you to enter a comment.
Describe the solution you'd like
The function currently executed when the button is clicked is as follows. Only if distributionStatus does not apply, you will be prompted for a comment if no comment is entered. Change to check whether comments are entered regardless of distributionStatus.
Describe the bug
Comment History
only shows in packaging
tab.
To Reproduce
when you click the Show Comment History
button in packaging
tab.
Expected behavior
Comment history supposed to be showed up in identification tab and packaging tab both.
The past comments has to be showed up like this.
Screenshots
Identification
tab shows none of the comments.
System Environment (please complete the following information):
Additional context
Is your feature request related to a problem? Please describe.
add deactivate flag on search oss list API.
Describe the solution you'd like
modify ApiOSSMapper getOSSInfo.
add deactivate flag as deactivate
Is your feature request related to a problem? Please describe.
When pressed button like below(in Project List > SRC tab) ,
FOSSLight recommends an oss name by checking the oss list.
If the download location is not stored in the OSS List only for the OSS Name that is an Unconfirmed Open Source Warning message, recommend the OSS Name according to the OSS Naming Rule.
Describe the solution you'd like
Fosslight 가이드에 보면 vulnerability check을 위해 NVD에서 매일 data feed를 받아와 저장한다고 되어 있습니다.
하지만 Fosslight를 직접 설치하여 사용해본 결과 그 기능이 작동하지 않는 것 같습니다.
예를 들어, vulnerability에 tomcat 검색해봐도 뜨지 않습니다.
Is your feature request related to a problem? Please describe.
indexOf
methods are used in several classes, including src/main/java/oss/fosslight/controller/AdviceController.java
.
Describe the solution you'd like
I think it is appropriate to use contains
rather than indexOf
because the method only checks for existence.
Also, I think using contains
is better in terms of readability.
Describe alternatives you've considered
I referred to this link.
Is your feature request related to a problem? Please describe.
> ./gradlew
zsh: permission denied: ./gradlew
gradlew is not execution in this project.
> ls -al gradlew
-rw-r--r-- 1 epicarts staff 5960 8 10 02:10 gradlew
gradlew hasn't x
permission.
Describe the solution you'd like
Change file permission -rw-r--r--
(644) to -rwxr-xr-x
(755).
Describe alternatives you've considered
https://start.spring.io/
The permission generated on this site is -rwxr-xr-x
https://github.com/spring-projects/spring-boot
This spring project has -rwxr-xr-x
Is your feature request related to a problem? Please describe.
fosslight_db(db) container has restart: always
option, but fosslight_web(web) hasn't.
I think fosslight_web have to restart in case of a crash.
Describe the solution you'd like
Add 'restart: always' option in fosslight_web container of docker-compose
Please insert 'x' one of the type of change.
Is your feature request related to a problem? Please describe.
Display creator/modifier by name rather than ID in OSS List and License List. (Like Project List)
Describe the bug
Warning occurs when build source code.
> Task :compileJava
/home/gradle/src/src/main/java/oss/fosslight/scheduler/SchedulerWorkerTask.java:35: warning: Field 'log' already exists.
@Slf4j
^
/home/gradle/src/src/main/java/oss/fosslight/service/NvdDataService.java:40: warning: Field 'log' already exists.
@Slf4j
To Reproduce
Expected behavior
System Environment (please complete the following information):
Is your feature request related to a problem? Please describe.
Add label:improvement to also appear as child of Feature in release draft
Describe the solution you'd like
Edit release-drafter-config.yml so that label:improvement and label:enhancement are under feature.
Is your feature request related to a problem? Please describe.
Every time I add a project, the operating system is set to be empty so that I need to choose one of the system options.
Describe the solution you'd like
It would be convenient to set the first one -Linux, in this case - as a default.
Describe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
Currently, only SRC sheets are loaded and saved. change to load and save all sheets starting with SRC
Describe the solution you'd like
In the oss_report_src api, try importing an excel file with multiple tabs starting with SRC and check that all are loaded and saved.
Is your feature request related to a problem? Please describe.
I was always confused that I saw two groups of buttons that look exactly same on the Identification page when I tried to identify my projects.
Describe the solution you'd like
They technically work same so I think it'd be better to delete one of them to clarify its function, which should be on the upper side of OSS table. Then, the number of files on the table won't be a problem.
Describe alternatives you've considered
Keep the below buttons on to be revealed out when you scroll up and down.
Describe the bug
When I click verify in Packaging, file count is displayed as 0.
If I click "File List" after verifying, the list of files in the attached compressed file is not output.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
System Environment (please complete the following information):
Is your feature request related to a problem? Please describe.
Describe the solution you'd like
Describe the bug
Packaging > Click verify after uploading the file.
fosslight_web | INFO 21-08-24 01:39:04[http-nio-8180-exec-10] [o.f.s.impl.VerificationServiceImpl:501] - VERIFY START : 14
fosslight_web | ERROR 21-08-24 01:39:04[http-nio-8180-exec-10] [o.f.s.impl.VerificationServiceImpl:1041] - Cannot run program "/service/verify/verify": error=13, Permission denied
To Reproduce
Run the FOSSLight using docker.
Expected behavior
Verify the packaging file without error.
System Environment (please complete the following information):
Describe the bug
When I sign in fosslight system as an Admin, Admin can administrate user in [System>User management] tab. But Admin can't create divsion. So Admin cannot set user's division. Is there any way to create division?
To Reproduce
Expected behavior
When someone signed in as an Admin, Admin can create divsion in [System>User management] tab.
Describe the bug
The 'Uncaught TypeError:Cannot read property 'replace' of undefined
error on the license details page is caused by an invalid conditional expression in code located at /src/main/webapp/WEB-INF/views/admin/license/view-js.jsp
It occurs due to If data.detail.restriction
does not exist, undefined
type is entered as a conditional expression. Therefore, in the current conditional expression, undefined
is not ''
, so the condition is true and the replace property that the undefined
type does not have is accessed and an error occurs.
if(data.detail.restriction != ''){
$('#restriction').append(data.detail.restriction.replace(/,/gi, ", "));
}
To Reproduce
(User) → License List → License Search → Click License → License Details Page
(It occurs only when there is no restriction information such as Academic Free License v1.2, Apache License 1.1.)
Screenshots
System Environment
Additional context
I suggest the following code modifications:
if(data.detail.restriction){
$('#restriction').append(data.detail.restriction.replace(/,/gi, ", "));
}
If we use a conditional expression like the code above, it returns false successfully when restriction
is undefined
or ''
. So we avoid calling the replace
property when restriction
is undefined
or ''
and avoid Uncaught TypeError.
Is your feature request related to a problem? Please describe.
OSS details (tab that appears when you click OSS name in OSS List) > Click delete > Display a progress bar with a light gray background to prevent clicking other buttons on the screen until deletion is complete.
Is your feature request related to a problem? Please describe.
Clicking the restriction icon action
Restriction icon location
Is your feature request related to a problem? Please describe.
Describe the solution you'd like
Is your feature request related to a problem? Please describe.
Hover over creator, reviewer in Project List to show ID.
Describe the bug
FOSSLight uses 6 open source package repositories (GitHub, Maven, PyPI, npm, Pub, CocoaPods) to check various information of open source. However, only 4 open source package repositories are specified in fosslight_create.sql, OssServiceImpl::checkOssName function, and OssServiceImpl::saveOssCheckName function.
switch(urlSearchSeq) {
case 0: // github
p = Pattern.compile("((http|https)://github.com/([^/]+)/([^/]+))");
break;
case 1: // npm
p = Pattern.compile("((http|https)://www.npmjs.com/package/([^/]+))");
break;
case 2: // pypi
p = Pattern.compile("((http|https)://pypi.org/project/([^/]+))");
break;
case 3: // maven
p = Pattern.compile("((http|https)://mvnrepository.com/artifact/([^/]+)/([^/]+))");
break;
default:
break;
}
switch(urlSearchSeq) {
case 0: // github
p = Pattern.compile("((http|https)://github.com/([^/]+)/([^/]+))");
break;
case 1: // npm
p = Pattern.compile("((http|https)://www.npmjs.com/package/([^/]+))");
break;
case 2: // pypi
p = Pattern.compile("((http|https)://pypi.org/project/([^/]+))");
break;
case 3: // maven
p = Pattern.compile("((http|https)://mvnrepository.com/artifact/([^/]+)/([^/]+))");
break;
default:
break;
}
To Reproduce
Added 2 open source package repository information (Pub, CocoaPods) to the source code.
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Describe the bug
When I upload a packaging file in Windows, ProcessBuilder cannot find the file.
To Reproduce
1.Project List-> Packaging column
2. Upload OSS Package
Expected behavior
a file is uploaded normally.
System Environment (please complete the following information):
Additional context
I looked up the problem and found that /bin/bash doesn't exist on Windows.
I try replaced /bin/bash with cmd.exe, and replacing the switch -c with /c.
However, modifications do not solve the problem.
Is your feature request related to a problem? Please describe.
3rd Party List > 3rd party reviewer was b_admin, but admin a_admin changed the reviewer to c_admin.
Reference. In the case of a project, an email is sent to TO-BE when the reviewer is changed.
Describe the bug
The Demo site returned 504 Gateway Timeout ,23:48 JST 5th June
To Reproduce
Steps to reproduce the behavior: Try to access the Demo site by using Firefox on macOS
Expected behavior
The fosslight's sign up screen are shown.
System Environment (please complete the following information):
Additional context
Is your feature request related to a problem? Please describe.
Currently, if reviewer wants to change project status to "Reopen/Complete", reviewer must comments.
Describe the solution you'd like
In the Project List > change status button, when the reviewer clicks the Reopen/Complete button, it can be OK even if nothing is written in the comment.
Describe the bug
First of all, it is not a critical bug in the system. However, this makes debugging difficult. The reason for this error is that the receiveMessage
method executes the JSON.parse
method once more for the data, which is a javascript object. To explain in more detail, whenever the method addEventListener
existing in ../resources/basic/js/basic.js
is called, receiveMessage
is also called. At this time, the receiveMessage
method is a callback method and an event
object is entered as a parameter. In the function, an appropriate function is performed according to the event.data
value. In the current system, the type of event.data
may be object
or string
. However, in the previous code, the error occurred because the object type data was once again tried to be a javascript object using the JSON.parse
method.
To Reproduce
This is a problem that applies to all parts of the current FOSSLight service that are the scope of the call target of addEventListener.
Expected behavior
It is expected that all error messages that occur will be removed.
System Environment (please complete the following information):
Additional context
I suggest the code below.
function receiveMessage(event) {
var data = event.data;
if (typeof data === 'object') {
}
else if (typeof data === 'string') {
data = JSON.parse(event.data);
}
switch(data.action){
case 'create':
createTab(data.tabData[0], data.tabData[1]);
console.log(data.tabData[0] + data.tabData[1]);
break;
...
current code
function receiveMessage(event) {
var data = event.data;
switch(data.action){
case 'create':
createTab(data.tabData[0], data.tabData[1]);
console.log(data.tabData[0] + data.tabData[1]);
break;
...
Is your feature request related to a problem? Please describe.
We plan to save the log after executing docker-compose --build -d in the github action and display it after the github actions are finished.
Describe alternatives you've considered
It will probably save and display docker-compose logs.
Please insert 'x' one of the type of change.
Describe the bug
When we excute docker-compose for starting this project,
docker-compose automatically generate db folder(for mariadb) and web-data folder(for web) .
That folders are unreleated to project because They are personal data.
So we have to ignore that folders.
To Reproduce
Add folders name to .gitignore
Is your feature request related to a problem? Please describe.
I think it would be useful if the vulnerability discovered notification contains a CVE detail link.
Describe the solution you'd like
Modify a mail body with text and associated links in the CVE ID column.
Describe alternatives you've considered
An alternative is to add a separate link column.
Additional context
Is your feature request related to a problem? Please describe.
AS-IS : When saving comments, a window appears to select the destination to send mail, and you send mail to the selected target.
TO-BE : When saving comments, set the sending target to all and send an email when saving comments
Is your feature request related to a problem? Please describe.
Drop added to the status condition when searching for a project
Describe the solution you'd like
Adds a drop state to the Project Search Status.
Is your feature request related to a problem? Please describe.
I found the typo "encordedFilename" in a DownloadProcController.java
Describe the solution you'd like
change value name "encordedFilename" to "encodedFilename"
Is your feature request related to a problem? Please describe.
Edit the alert entry in https://lgtm.com/projects/g/fosslight/fosslight/?mode=list
When the user wants to know the details of the detected license in the OSS Details tab, a separate link is not provided, which makes it difficult for the user to check the details.
Displays the Detected License as a link and opens the detailed information tab of the license when clicked.
Is your feature request related to a problem? Please describe.
Korean and English are now being mixed up in comments, which may cause misunderstandings of source code to developers.
Describe the solution you'd like
Needs to translate all the comments written in Korean to English for a clear description for global contribution.
Describe alternatives you've considered
Switching back to Korean(?)
Additional context
Related code: https://github.com/fosslight/fosslight/blob/develop/src/main/java/oss/fosslight/domain/CoMailManager.java
-> Think this needs to be labeled as 'chore' or 'documentation'.
Nickname on the SRC/BIN tab is renamed to OSS name unintentionally even if checked by admin on the BOM tab.
the row checked by admin on BOM tab. (you can see it on the far right)
change OSS name of the row on SRC tab to 'cairo456', another registered OSS name I registered.
but, when try to save, you can see the popup suggesting that you rename it to 'cairo', original OSS name.
then, when click ok button, it renamed to 'cairo' unintentionally.
Is your feature request related to a problem? Please describe.
Add license information display when clicking the Restriction icon
Describe the solution you'd like
Click the Restriction icon to pop up the license information.
The picture below shows the license information when you click the license icon.
I found the typo "donwloadId" in a few classes.
src/main/java/oss/fosslight/controller/ExcelDownloadController.java
src/main/java/oss/fosslight/controller/OssController.java
src/main/java/oss/fosslight/util/ExcelDownLoadUtil.java
I think we should change donwloadId to downloadId.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.