Claude Warren created RAT-401:
---------------------------------
Summary: Rework the IDocumentAnalyzer and RatReport into a single
component
Key: RAT-401
URL: https://issues.apache.org/jira/browse/RAT-401
Project: Apache Rat
Issue Type: New Feature
Components: core engine, reports
Affects Versions: 0.16.1, 0.17
Reporter: Claude Warren
h1. What
The idea here is to make a component framework for reporting on Document
instances.
h2. What do we have
The current system has several components
* IDocumentAnalyser which has the analyze(Document) method and update metadata
in the Document.
** DefaultPolicyAnalyser: sets the list of approved licenses in the document.
There is probably another way to do this.
**
DocumentAnalyserMultiplexer: simply runs multiple IDocumentAnalysers.
**
DocumentHeaderAnalyser: processes documents looking for licenses.
* RatReport which reports the document after the analysis.
** ConfigurationReport: Dumps some configuration info into the XML report
** ClaimAggregator: collects statistical information from the document across
the reports.
** SimpleXmlClaimReporter: Writes the XML info for a single document based on
the metadata.
** ClaimReporterMultiplexer: Runs an analyser and then a reporter on a
Document.
** LicenseAddingReport: edits the documents (Not sure this should be a report).
h2. What is the change
What I propose to do is to group the components together into ReportingModules.
Currently we have what could be considered 3 ReportingModules.
Module 1 – License reporting comprises:
* DefaultPolicyAnalyser
* DocumentHeaderAnalyser:
* SimpleXmlClaimReporter
* ClaimAggregator
Module 2 – Configuration reporting comprises:
* ConfigurationReport
Module 3-- License adding report comprises:
* LicenseAddingReport
The modules would be a pluggable component that:
* Processes a document
* potentially, writes some data to the XML output
* After all documents have been processed potentially writes statistical data
to the output.
* provides an XSD fragment to describe the data it writes.
h2. Why
So that we can get to the point where it is easy to write modules that do
things like:
* Check for the existence of specific files (either as required and not
allowed).
* Check for the contents of specific files (e.g. check the contents of the
LICENSE file and report on it).
* Check file names against a webservice that tells us if there are issues with
the package. (e.g. the mavenrepository provides CVE issues lists for jars)
We have a system that walks the build system and understands the various
exclusion files and rules. Let's use it to really do a release audit.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
