Korbit review changes

Author: spoorcc

dfetch/commands/report.py

@@ -20,7 +20,7 @@
 
 logger = get_logger(__name__)
 
-# Minimum confidence to accept a license guess
+# Only accept license guesses with below or higher confidence to avoid false positives
 LICENSE_PROBABILITY_THRESHOLD = 0.80
 
 

dfetch/reporting/reporter.py

@@ -13,13 +13,18 @@ class Reporter(ABC):
 
     name: str = "abstract"
 
-    @abstractmethod
     def __init__(self, manifest: Manifest) -> None:
         """Create the reporter.
 
         Args:
             manifest (Manifest): The manifest to report on
         """
+        self._manifest = manifest
+
+    @property
+    def manifest(self) -> Manifest:
+        """Get the manifest."""
+        return self._manifest
 
     @abstractmethod
     def add_project(

dfetch/reporting/sbom_reporter.py

@@ -102,7 +102,7 @@ class SbomReporter(Reporter):
 
     def __init__(self, manifest: Manifest) -> None:
         """Start the report."""
-        self._manifest = manifest
+        super().__init__(manifest)
         self._bom = Bom()
         self._bom.metadata.tools.components.add(self.dfetch_tool)
         self._bom.metadata.tools.components.add(cdx_lib_component())
@@ -120,7 +120,7 @@ def add_project(
 
         name = project.name if purl.type == "generic" else purl.name
 
-        location = self._manifest.find_name_in_manifest(project.name)
+        location = self.manifest.find_name_in_manifest(project.name)
 
         component = Component(
             name=name,
@@ -131,7 +131,7 @@ def add_project(
             evidence=ComponentEvidence(
                 occurrences=[
                     Occurrence(
-                        location=self._manifest.relative_path,
+                        location=self.manifest.relative_path,
                         line=location.line_number,
                         offset=location.start,
                     )

dfetch/reporting/stdout_reporter.py

@@ -7,7 +7,6 @@
 from typing import List
 
 from dfetch.log import get_logger
-from dfetch.manifest.manifest import Manifest
 from dfetch.manifest.project import ProjectEntry
 from dfetch.project.metadata import Metadata
 from dfetch.reporting.reporter import Reporter
@@ -21,10 +20,6 @@ class StdoutReporter(Reporter):
 
     name = "stdout"
 
-    def __init__(self, manifest: Manifest) -> None:
-        """Initialize the reporter."""
-        del manifest
-
     def add_project(
         self,
         project: ProjectEntry,

dfetch/util/license.py

@@ -7,8 +7,8 @@
 import infer_license
 from infer_license.types import License as InferredLicense
 
-# Limit the max size of alicense file to parse
-MAX_LICENSE_FILE_SIZE = 1024 * 1024
+# Limit license file size to below number of bytes to prevent memory issues with large files
+MAX_LICENSE_FILE_SIZE = 1024 * 1024  # 1 MB
 
 
 @dataclass
@@ -50,6 +50,9 @@ def guess_license_in_file(
 ) -> Optional[License]:
     """Attempt to identify the license of a given file.
 
+    Tries UTF-8 encoding first, falling back to Latin-1 for legacy license files.
+    If the file cannot be read or no license is detected, returns None.
+
     Args:
         filename (Union[str, os.PathLike[str]]): Path to the file to analyze
 
@@ -63,11 +66,7 @@ def guess_license_in_file(
             license_text = file_bytes.decode("utf-8")
         except UnicodeDecodeError:
             license_text = file_bytes.decode("latin-1")
-    except (FileNotFoundError, PermissionError, IsADirectoryError):
-        # Return None for file access issues
-        return None
-    except OSError:
-        # Handle other OS-level file errors
+    except (FileNotFoundError, PermissionError, IsADirectoryError, OSError):
         return None
 
     probable_licenses = infer_license.api.probabilities(license_text)