Uploaded image for project: 'Apache Rat'
  1. Apache Rat
  2. RAT-401

Rework the IDocumentAnalyzer and RatReport into a single component

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.17, 0.16.1
    • None
    • core engine, reports
    • None

    Description

      What

      The idea here is to make a component framework for reporting on Document instances.

      What do  we have

      The current system has several components

      • IDocumentAnalyser which has the analyze(Document) method and update metadata in the Document.
        • DefaultPolicyAnalyser:  sets the list of approved licenses in the document.  There is probably another way to do this.
        •  

      DocumentAnalyserMultiplexer: simply runs multiple IDocumentAnalysers.

        •  

      DocumentHeaderAnalyser: processes documents looking for licenses.

      • RatReport which reports the document after the analysis.
        • ConfigurationReport: Dumps some configuration info into the XML report
        • ClaimAggregator: collects statistical information from the document across the reports.
        • SimpleXmlClaimReporter: Writes the XML info for a single document based on the metadata.
        • ClaimReporterMultiplexer: Runs an analyser and then a reporter on a Document.
        • LicenseAddingReport: edits the documents (Not sure this should be a report).

      What is the change

      What I propose to do is to group the components together into ReportingModules.  Currently we have what could be considered 3 ReportingModules.

      Module 1 – License reporting comprises:

      • DefaultPolicyAnalyser
      • DocumentHeaderAnalyser:
      • SimpleXmlClaimReporter
      • ClaimAggregator

       

      Module 2 – Configuration reporting comprises:

      • ConfigurationReport

      Module 3-- License adding report comprises:

      • LicenseAddingReport

       

      The modules would be a pluggable component that:

      • Processes a document
      • potentially, writes some data to the XML output
      • After all documents have been processed potentially writes statistical data to the output.
      • provides an XSD fragment to describe the data it writes.

      Why

      So that we can get to the point where it is easy to write modules that do things like:

      • Check for the existence of specific files (either as required and not allowed).
      • Check for the contents of specific files (e.g. check the contents of the LICENSE file and report on it).
      • Check file names against a webservice that tells us if there are issues with the package. (e.g. the mavenrepository provides CVE issues lists for jars)

       

       

      We have a system that walks the build system and understands the various exclusion files and rules.  Let's use it to really do a release audit.

       

       

       

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            claude Claude Warren
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: