>
>
>
V3144. This file is marked with copylef…


V3144. This file is marked with copyleft license, which requires you to open the derived source code.

The analyzer has detected a file marked with a copyleft license, which requires you to open the rest of the source code. This may be unacceptable for many commercial projects.

If you develop an open-source project, you can simply ignore this warning and turn it off.

Here is an example of a comment that will cause the analyzer to issue the warning:

/*  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

For proprietary projects

If you include a file with this type of license (GPL3 in this case) into a proprietary project, you will be required to open the rest of your source code due to the specifics of this license.

Such copyleft licenses are called "viral license" because of their tendency to affect other project files. The problem is that using at least one such file in a proprietary project automatically renders the entire source code open and compels you to distribute it along with the binary files.

This diagnostic detects the following viral licenses:

  • AGPL-3.0
  • GPL-2.0
  • GPL-3.0
  • LGPL-3.0

If you discover that your proprietary project uses files with a copyleft license, you have one of the following options:

  • Exclude this code (library) from your project;
  • Replace the library;
  • Make your project open-source.

For open-source projects

We understand that this diagnostic is irrelevant to open-source projects. The PVS-Studio team contributes to the development of open-source software by helping to fix bugs found in such software and offering free license options to open-source developers. However, our product is a B2B solution, so this diagnostic is enabled by default.

If your code is distributed under one of the copyleft licenses from the list above, you can turn this diagnostic off in one of the following ways:

  • If you're using the PVS-Studio plugin for Visual Studio, you can disable this diagnostic display in the analyzer output window by going to Options > PVS-Studio > Detectable Errors > 1.General Analysis > V3144. The downside of this method is that the error will still be written in the analyzer's log while saving it (or if the analysis was run from the command line). Therefore, when you open such a log on another machine or convert the analysis results to another format, the messages that were disabled in this way may reappear.
  • If you're not using the plugin, you want to lock the rule for the whole team or remove from the analyzer report, - you can disable the diagnostic by adding the configuration file of the analyzer diagnostic rules in a project or solution. You can do it manually or using the Visual Studio interface (choose context menu of a project\solution 'Add > New Item', then choose PVS-Studio Filters File). The file you added in the version control system will be available for the whole team. Add the following line in the file: //-V::3144. This way you'll configure the analyzer to disable this diagnostic. To learn more about using comments to disable diagnostics, see the documentation.
  • If you use the Plog Converter utility to convert analysis reports between different formats, you can disable the diagnostic by specifying the "-d" option.

Adding to the list of unsafe licenses

If you know of some other types of viral licenses that our tool does not yet detect, you can inform us about them using the feedback form so that we could add detection of those in the next release.

References