fosslight-binary 5.1.8__tar.gz → 5.1.10__tar.gz

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_binary
-Version: 5.1.8
+Version: 5.1.10
 Summary: FOSSLight Binary Scanner
 Home-page: https://github.com/fosslight/fosslight_binary_scanner
 Download-URL: https://github.com/fosslight/fosslight_binary_scanner
@@ -27,7 +27,6 @@ Requires-Dist: pytz
 Requires-Dist: XlsxWriter
 Requires-Dist: PyYAML
 Requires-Dist: fosslight_util>=2.1.13
-Requires-Dist: dependency-check
 Requires-Dist: python-magic-bin; sys_platform == "win32"
 Requires-Dist: python-magic; "darwin" in sys_platform
 Requires-Dist: python-magic; "linux" in sys_platform

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/requirements.txt

@@ -9,4 +9,3 @@ pytz
 XlsxWriter
 PyYAML
 fosslight_util>=2.1.13
-dependency-check

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/setup.py

@@ -33,7 +33,7 @@ if __name__ == "__main__":
 
     setup(
         name=_PACKAEG_NAME,
-        version='5.1.8',
+        version='5.1.10',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Binary Scanner',

fosslight_binary-5.1.10/src/fosslight_binary/__init__.py

@@ -0,0 +1,149 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2025 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+import logging
+import os
+import stat
+import subprocess
+import tempfile
+import urllib.request
+import zipfile
+import sys
+
+logger = logging.getLogger(__name__)
+DEPENDENCY_CHECK_VERSION = "12.1.7"
+
+
+def _install_dependency_check():
+    """Install OWASP dependency-check"""
+    try:
+        # Skip if explicitly disabled
+        if os.environ.get('FOSSLIGHT_SKIP_AUTO_INSTALL', '').lower() in ('1', 'true', 'yes'):
+            logger.info("Auto-install disabled by environment variable")
+            return
+
+        env_home = os.environ.get('DEPENDENCY_CHECK_HOME', '').strip()
+        install_dir = None
+        forced_env = False
+        if env_home:
+            # Normalize
+            env_home_abs = os.path.abspath(env_home)
+            # Detect if env_home already the actual extracted root (ends with dependency-check)
+            candidate_bin_win = os.path.join(env_home_abs, 'bin', 'dependency-check.bat')
+            candidate_bin_nix = os.path.join(env_home_abs, 'bin', 'dependency-check.sh')
+            if os.path.exists(candidate_bin_win) or os.path.exists(candidate_bin_nix):
+                # env points directly to dependency-check root; install_dir is its parent
+                install_dir = os.path.dirname(env_home_abs)
+                forced_env = True
+            else:
+                # Assume env_home is the base directory where we should extract dependency-check/
+                install_dir = env_home_abs
+
+        if not install_dir:
+            # Fallback hierarchy: executable dir (if frozen) -> CWD
+            candidate_base = None
+            if getattr(sys, 'frozen', False):
+                exe_dir = os.path.dirname(os.path.abspath(sys.executable))
+                candidate_base = os.path.join(exe_dir, 'fosslight_dc_bin')
+
+                if not os.access(exe_dir, os.W_OK):
+                    candidate_base = None
+                else:
+                    logger.debug(f"Using executable directory base: {candidate_base}")
+            if not candidate_base:
+                candidate_base = os.path.abspath(os.path.join(os.getcwd(), 'fosslight_dc_bin'))
+            install_dir = candidate_base
+        else:
+            logger.debug(f"Resolved install_dir: {install_dir}")
+        bin_dir = os.path.join(install_dir, 'dependency-check', 'bin')
+        if sys.platform.startswith('win'):
+            dc_path = os.path.join(bin_dir, 'dependency-check.bat')
+        else:
+            dc_path = os.path.join(bin_dir, 'dependency-check.sh')
+
+        # Check if dependency-check already exists
+        if os.path.exists(dc_path):
+            try:
+                result = subprocess.run([dc_path, '--version'], capture_output=True, text=True, timeout=10)
+                if result.returncode == 0:
+                    logger.debug("dependency-check already installed and working")
+                    # If we detected an existing root via env, retain it, else set home now.
+                    if forced_env:
+                        os.environ['DEPENDENCY_CHECK_HOME'] = env_home_abs
+                    else:
+                        os.environ['DEPENDENCY_CHECK_HOME'] = os.path.join(install_dir, 'dependency-check')
+                    os.environ['DEPENDENCY_CHECK_VERSION'] = DEPENDENCY_CHECK_VERSION
+                    return
+            except (subprocess.TimeoutExpired, FileNotFoundError) as ex:
+                logger.debug(f"Exception in dependency-check --version: {ex}")
+                pass
+
+        # Download URL
+        download_url = (f"https://github.com/dependency-check/DependencyCheck/releases/"
+                        f"download/v{DEPENDENCY_CHECK_VERSION}/"
+                        f"dependency-check-{DEPENDENCY_CHECK_VERSION}-release.zip")
+
+        os.makedirs(install_dir, exist_ok=True)
+        logger.info(f"Downloading dependency-check {DEPENDENCY_CHECK_VERSION} from {download_url} ...")
+
+        # Download and extract
+        with urllib.request.urlopen(download_url) as response:
+            content = response.read()
+
+        with tempfile.NamedTemporaryFile(suffix='.zip', delete=False) as tmp_file:
+            tmp_file.write(content)
+            tmp_zip_path = tmp_file.name
+
+        with zipfile.ZipFile(tmp_zip_path, 'r') as zip_ref:
+            zip_ref.extractall(install_dir)
+        os.unlink(tmp_file.name)
+
+        # Make shell scripts executable
+        if os.path.exists(bin_dir):
+            if sys.platform.startswith('win'):
+                # Windows: .bat files only
+                scripts = ["dependency-check.bat"]
+            else:
+                # Linux/macOS: .sh files only
+                scripts = ["dependency-check.sh", "completion-for-dependency-check.sh"]
+
+            for script in scripts:
+                script_path = os.path.join(bin_dir, script)
+                if os.path.exists(script_path):
+                    st = os.stat(script_path)
+                    os.chmod(script_path, st.st_mode | stat.S_IEXEC)
+
+        logger.info("✅ OWASP dependency-check installed successfully!")
+        logger.info(f"Installed to: {os.path.join(install_dir, 'dependency-check')}")
+
+        # Set environment variables after successful installation
+        os.environ['DEPENDENCY_CHECK_VERSION'] = DEPENDENCY_CHECK_VERSION
+        os.environ['DEPENDENCY_CHECK_HOME'] = os.path.join(install_dir, 'dependency-check')
+
+        return True
+
+    except Exception as e:
+        logger.error(f"Failed to install dependency-check: {e}")
+        logger.info("dependency-check can be installed manually from: https://github.com/dependency-check/DependencyCheck/releases")
+        return False
+
+
+def _auto_install_dependencies():
+    """Auto-install required dependencies if not present."""
+    # Only run this once per session
+    if hasattr(_auto_install_dependencies, '_already_run'):
+        return
+    _auto_install_dependencies._already_run = True
+
+    try:
+        # Install binary version
+        _install_dependency_check()
+
+        logger.info(f"✅ dependency-check setup completed with version {DEPENDENCY_CHECK_VERSION}")
+    except Exception as e:
+        logger.warning(f"Auto-install failed: {e}")
+
+
+# Auto-install on import
+_auto_install_dependencies()

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/src/fosslight_binary/_binary.py

@@ -2,14 +2,18 @@
 # -*- coding: utf-8 -*-
 # Copyright (c) 2020 LG Electronics Inc.
 # SPDX-License-Identifier: Apache-2.0
-from fosslight_util.oss_item import FileItem
+import os
 import urllib.parse
 import logging
 import fosslight_util.constant as constant
+from typing import Tuple
+from fosslight_util.oss_item import FileItem
 
 EXCLUDE_TRUE_VALUE = "Exclude"
 TLSH_CHECKSUM_NULL = "0"
 MAX_EXCEL_URL_LENGTH = 255
+EXCEEDED_VUL_URL_LENGTH_COMMENT = f"Exceeded the maximum vulnerability URL length of {MAX_EXCEL_URL_LENGTH} characters."
+_PACKAGE_DIR = ["node_modules", "venv", "Pods", "Carthage"]
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 
@@ -54,12 +58,9 @@ class BinaryItem(FileItem):
         nvd_url = ", ".join(nvd_url).strip()
 
         if nvd_url and len(nvd_url) > MAX_EXCEL_URL_LENGTH:
-            oss.comment = f"Exceeded the maximum vulnerability URL length of {MAX_EXCEL_URL_LENGTH} characters."
+            oss.comment = EXCEEDED_VUL_URL_LENGTH_COMMENT
         return nvd_url
 
-    def get_print_binary_only(self):
-        return (self.source_name_or_path + "\t" + self.checksum + "\t" + self.tlsh)
-
     def get_print_array(self):
         items = []
         if self.oss_items:
@@ -110,3 +111,15 @@ class BinaryItem(FileItem):
             if self.comment:
                 json_item["comment"] = self.comment
         return items
+
+
+def is_package_dir(bin_with_path: str, _root_path: str) -> Tuple[bool, str]:
+    is_pkg = False
+    pkg_path = ""
+    path_parts = bin_with_path.split(os.path.sep)
+    for pkg_dir in _PACKAGE_DIR:
+        if pkg_dir in path_parts:
+            pkg_index = path_parts.index(pkg_dir)
+            pkg_path = os.path.sep.join(path_parts[:pkg_index + 1]).replace(_root_path, '', 1)
+            is_pkg = True
+    return is_pkg, pkg_path

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/src/fosslight_binary/_binary_dao.py

@@ -7,8 +7,9 @@ import tlsh
 import logging
 import psycopg2
 import pandas as pd
+import socket
 from urllib.parse import urlparse
-from ._binary import TLSH_CHECKSUM_NULL
+from fosslight_binary._binary import TLSH_CHECKSUM_NULL
 from fosslight_util.oss_item import OssItem
 import fosslight_util.constant as constant
 
@@ -18,47 +19,67 @@ columns = ['filename', 'pathname', 'checksum', 'tlshchecksum', 'ossname',
 conn = ""
 cur = ""
 logger = logging.getLogger(constant.LOGGER_NAME)
+DB_URL_DEFAULT = "postgresql://bin_analysis_script_user:script_123@bat.lge.com:5432/bat"
 
 
 def get_oss_info_from_db(bin_info_list, dburl=""):
     _cnt_auto_identified = 0
-    conn_str = get_connection_string(dburl)
-    connect_to_lge_bin_db(conn_str)
-
-    if conn != "" and cur != "":
-        for item in bin_info_list:
-            bin_oss_items = []
-            tlsh_value = item.tlsh
-            checksum_value = item.checksum
-            bin_file_name = item.binary_name_without_path
-
-            df_result = get_oss_info_by_tlsh_and_filename(
-                bin_file_name, checksum_value, tlsh_value)
-            if df_result is not None and len(df_result) > 0:
-                _cnt_auto_identified += 1
-                # Initialize the saved contents at .jar analyzing only once
-                if not item.found_in_owasp and item.oss_items:
-                    item.oss_items = []
-
-                for idx, row in df_result.iterrows():
-                    if not item.found_in_owasp:
-                        oss_from_db = OssItem(row['ossname'], row['ossversion'], row['license'])
-
-                        if bin_oss_items:
-                            if not any(oss_item.name == oss_from_db.name
-                                       and oss_item.version == oss_from_db.version
-                                       and oss_item.license == oss_from_db.license
-                                       for oss_item in bin_oss_items):
+    conn_str, dbc = get_connection_string(dburl)
+    # DB URL에서 host 추출
+    try:
+        db_host = dbc.hostname
+    except Exception as ex:
+        logger.warning(f"Failed to parse DB URL for host: {ex}")
+        db_host = None
+
+    is_internal = False
+    if db_host:
+        try:
+            # DNS lookup 시도
+            socket.gethostbyname(db_host)
+            is_internal = True
+        except Exception:
+            is_internal = False
+
+    if is_internal:
+        connect_to_lge_bin_db(conn_str)
+        if conn != "" and cur != "":
+            for item in bin_info_list:
+                bin_oss_items = []
+                tlsh_value = item.tlsh
+                checksum_value = item.checksum
+                bin_file_name = item.binary_name_without_path
+
+                df_result = get_oss_info_by_tlsh_and_filename(
+                    bin_file_name, checksum_value, tlsh_value)
+                if df_result is not None and len(df_result) > 0:
+                    _cnt_auto_identified += 1
+                    # Initialize the saved contents at .jar analyzing only once
+                    if not item.found_in_owasp and item.oss_items:
+                        item.oss_items = []
+
+                    for idx, row in df_result.iterrows():
+                        if not item.found_in_owasp:
+                            oss_from_db = OssItem(row['ossname'], row['ossversion'], row['license'])
+
+                            if bin_oss_items:
+                                if not any(oss_item.name == oss_from_db.name
+                                           and oss_item.version == oss_from_db.version
+                                           and oss_item.license == oss_from_db.license
+                                           for oss_item in bin_oss_items):
+                                    bin_oss_items.append(oss_from_db)
+                            else:
                                 bin_oss_items.append(oss_from_db)
-                        else:
-                            bin_oss_items.append(oss_from_db)
-
-                if bin_oss_items:
-                    item.set_oss_items(bin_oss_items)
-                    item.comment = "Binary DB result"
-                    item.found_in_binary = True
 
-    disconnect_lge_bin_db()
+                    if bin_oss_items:
+                        item.set_oss_items(bin_oss_items)
+                        item.comment = "Binary DB result"
+                        item.found_in_binary = True
+        else:
+            logger.warning(f"Internal network detected, but DB connection to '{db_host}' failed. Skipping DB query.")
+        disconnect_lge_bin_db()
+    else:
+        logger.debug(f"Binary DB host '{db_host}' is not reachable. Skipping DB query.")
     return bin_info_list, _cnt_auto_identified
 
 
@@ -66,9 +87,10 @@ def get_connection_string(dburl):
     # dburl format : 'postgresql://username:password@host:port/database_name'
     connection_string = ""
     user_dburl = True
+    dbc = ""
     if dburl == "" or dburl is None:
         user_dburl = False
-        dburl = "postgresql://bin_analysis_script_user:script_123@bat.lge.com:5432/bat"
+        dburl = DB_URL_DEFAULT
     try:
         if user_dburl:
             logger.debug("DB URL:" + dburl)
@@ -83,7 +105,7 @@ def get_connection_string(dburl):
         if user_dburl:
             logger.warning(f"(Minor) Failed to parsing db url : {ex}")
 
-    return connection_string
+    return connection_string, dbc
 
 
 def get_oss_info_by_tlsh_and_filename(file_name, checksum_value, tlsh_value):

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/src/fosslight_binary/_jar_analysis.py

@@ -7,23 +7,26 @@ import logging
 import json
 import os
 import sys
+import subprocess
 import fosslight_util.constant as constant
-from ._binary import BinaryItem, VulnerabilityItem
+from fosslight_binary._binary import BinaryItem, VulnerabilityItem, is_package_dir
 from fosslight_util.oss_item import OssItem
-from dependency_check import run as dependency_check_run
-
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 
 
-def run_analysis(params, func):
+def run_analysis(command):
     try:
-        sys.argv = params
-        func()
-    except SystemExit:
-        pass
+        result = subprocess.run(command, text=True, timeout=600)
+        if result.returncode != 0:
+            logger.error(f"dependency-check failed with return code {result.returncode}")
+            raise Exception(f"dependency-check failed with return code {result.returncode}")
+    except subprocess.TimeoutExpired:
+        logger.error("dependency-check command timed out")
+        raise
     except Exception as ex:
         logger.error(f"Run Analysis : {ex}")
+        raise
 
 
 def get_oss_ver(version_info):
@@ -57,29 +60,42 @@ def get_oss_lic_in_jar(data):
     return license
 
 
+def merge_oss_and_vul_items(bin, key, oss_list, vulnerability_items):
+    bin.set_oss_items(oss_list)
+    if vulnerability_items and vulnerability_items.get(key):
+        bin.vulnerability_items.extend(vulnerability_items.get(key, []))
+
+
 def merge_binary_list(owasp_items, vulnerability_items, bin_list):
     not_found_bin = []
 
-    # key : file_path / value : oss_list for one binary
+    # key : file_path / value : {"oss_list": [oss], "sha1": sha1} for one binary
     for key, value in owasp_items.items():
         found = False
+        oss_list = value["oss_list"]
+        sha1 = value.get("sha1", "")
         for bin in bin_list:
             if bin.source_name_or_path == key:
-                for oss in value:
+                found = True
+                for oss in oss_list:
                     if oss.name and oss.license:
                         bin.found_in_owasp = True
                         break
-                bin.set_oss_items(value)
-                if vulnerability_items and vulnerability_items.get(key):
-                    bin.vulnerability_items.extend(vulnerability_items.get(key))
-                found = True
-                break
+                merge_oss_and_vul_items(bin, key, oss_list, vulnerability_items)
+            else:
+                if bin.checksum == sha1:
+                    merge_oss_and_vul_items(bin, key, oss_list, vulnerability_items)
 
         if not found:
             bin_item = BinaryItem(os.path.abspath(key))
             bin_item.binary_name_without_path = os.path.basename(key)
             bin_item.source_name_or_path = key
-            bin_item.set_oss_items(value)
+
+            is_pkg, _ = is_package_dir(bin_item.source_name_or_path, '')
+            if is_pkg:
+                continue
+
+            bin_item.set_oss_items(oss_list)
             not_found_bin.append(bin_item)
 
     bin_list += not_found_bin
@@ -172,12 +188,27 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
     success = True
     json_file = ""
 
-    command = ['dependency-check', '--scan', f'{path_to_find_bin}', '--out', f'{path_to_find_bin}',
+    # Use fixed install path: ./fosslight_dc_bin/dependency-check/bin/dependency-check.sh or .bat
+    if sys.platform.startswith('win'):
+        depcheck_path = os.path.abspath(os.path.join(os.getcwd(), 'fosslight_dc_bin', 'dependency-check', 'bin', 'dependency-check.bat'))
+    elif sys.platform.startswith('linux'):
+        depcheck_path = os.path.abspath(os.path.join(os.getcwd(), 'fosslight_dc_bin', 'dependency-check', 'bin', 'dependency-check.sh'))
+    elif sys.platform.startswith('darwin'):
+        depcheck_path = os.path.abspath(os.path.join(os.getcwd(), 'dependency-check'))
+
+    if not (os.path.isfile(depcheck_path) and os.access(depcheck_path, os.X_OK)):
+        logger.error(f'dependency-check script not found or not executable at {depcheck_path}')
+        success = False
+        return owasp_items, vulnerability_items, success
+
+    command = [depcheck_path, '--scan', f'{path_to_find_bin}', '--out', f'{path_to_find_bin}',
                '--disableArchive', '--disableAssembly', '--disableRetireJS', '--disableNodeJS',
                '--disableNodeAudit', '--disableNugetconf', '--disableNuspec', '--disableOpenSSL',
-               '--disableOssIndex', '--disableBundleAudit', '--cveValidForHours', '24', '-f', 'JSON']
+               '--disableOssIndex', '--disableBundleAudit', '--disableOssIndex', '--nvdValidForHours', '168',
+               '--nvdDatafeed', 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-{0}.json.gz', '-f', 'JSON']
+
     try:
-        run_analysis(command, dependency_check_run)
+        run_analysis(command)
     except Exception as ex:
         logger.info(f"Error to analyze .jar file - OSS information for .jar file isn't included in report.\n {ex}")
         success = False
@@ -192,7 +223,8 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
         success = False
         return owasp_items, vulnerability_items, success
 
-    dependencies = jar_contents.get("dependencies")
+    dependencies = jar_contents.get("dependencies", [])
+
     try:
         for val in dependencies:
             bin_with_path = ""
@@ -204,6 +236,8 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
             oss_license = get_oss_lic_in_jar(val)
             oss_name_found = False
 
+            sha1 = val.get("sha1", "")
+
             all_evidence = val.get("evidenceCollected", {})
             vulnerability = val.get("vulnerabilityIds", [])
             all_pkg_info = val.get("packages", [])
@@ -223,7 +257,22 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
             if not bin_with_path.endswith('.jar'):
                 bin_with_path = bin_with_path.split('.jar')[0] + '.jar'
 
-            file_with_path = os.path.relpath(bin_with_path, path_to_find_bin)
+            try:
+                path_to_fild_bin_abs = os.path.abspath(path_to_find_bin)
+                bin_with_path_abs = os.path.abspath(bin_with_path)
+                if os.name == 'nt':  # Windows
+                    drive_bin = os.path.splitdrive(bin_with_path_abs)[0].lower()
+                    drive_root = os.path.splitdrive(path_to_fild_bin_abs)[0].lower()
+                    # Different drive or UNC root -> fallback to basename
+                    if drive_bin and drive_root and drive_bin != drive_root:
+                        file_with_path = os.path.basename(bin_with_path_abs)
+                    else:
+                        file_with_path = os.path.relpath(bin_with_path_abs, path_to_fild_bin_abs)
+                else:
+                    file_with_path = os.path.relpath(bin_with_path_abs, path_to_fild_bin_abs)
+            except Exception as e:
+                file_with_path = os.path.basename(bin_with_path)
+                logger.error(f"relpath error: {e}; fallback basename: {file_with_path}")
 
             # First, Get OSS Name and Version info from pkg_info
             for pkg_info in all_pkg_info:
@@ -259,31 +308,26 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
             # Get Vulnerability Info.
             vulnerability_items = get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items)
 
-            if oss_name != "" or oss_ver != "" or oss_license != "" or oss_dl_url != "":
-                oss_list_for_file = owasp_items.get(file_with_path, [])
-
-                existing_oss = None
-                for item in oss_list_for_file:
-                    if item.name == oss_name and item.version == oss_ver:
-                        existing_oss = item
-                        break
-
-                if not existing_oss:
-                    oss = OssItem(oss_name, oss_ver, oss_license, oss_dl_url)
-                    oss.comment = "OWASP result"
+            if oss_name or oss_license or oss_dl_url:
+                oss = OssItem(oss_name, oss_ver, oss_license, oss_dl_url)
+                oss.comment = "OWASP result"
 
-                    if file_with_path in owasp_items:
-                        owasp_items[file_with_path].append(oss)
-                    else:
-                        owasp_items[file_with_path] = [oss]
+                if file_with_path in owasp_items:
+                    owasp_items[file_with_path]["oss_list"].append(oss)
+                    # Update sha1 if not already set or if current sha1 is empty
+                    if not owasp_items[file_with_path]["sha1"] and sha1:
+                        owasp_items[file_with_path]["sha1"] = sha1
+                else:
+                    owasp_items[file_with_path] = {
+                        "oss_list": [oss],
+                        "sha1": sha1
+                    }
     except Exception as ex:
-        logger.debug(f"Error to get depency Info in jar_contets: {ex}")
-        success = False
+        logger.debug(f"Error to get dependency Info in jar_contents: {ex}")
 
     try:
         if os.path.isfile(json_file):
             os.remove(json_file)
     except Exception as ex:
         logger.debug(f"Error - There is no .json file : {ex}")
-
     return owasp_items, vulnerability_items, success

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/src/fosslight_binary/binary_analysis.py

@@ -16,7 +16,7 @@ from fosslight_util.set_log import init_log
 import fosslight_util.constant as constant
 from fosslight_util.output_format import check_output_formats_v2, write_output_file
 from ._binary_dao import get_oss_info_from_db
-from ._binary import BinaryItem, TLSH_CHECKSUM_NULL
+from ._binary import BinaryItem, TLSH_CHECKSUM_NULL, is_package_dir
 from ._jar_analysis import analyze_jar_file, merge_binary_list
 from ._simple_mode import print_simple_mode, filter_binary, init_simple
 from fosslight_util.correct import correct_with_yaml
@@ -165,8 +165,15 @@ def get_file_list(path_to_find, abs_path_to_exclude):
             bin_with_path = os.path.join(root, file)
             bin_item = BinaryItem(bin_with_path)
             bin_item.binary_name_without_path = file
-            bin_item.source_name_or_path = bin_with_path.replace(
-                _root_path, '', 1)
+            bin_item.source_name_or_path = bin_with_path.replace(_root_path, '', 1)
+
+            is_pkg, pkg_path = is_package_dir(bin_with_path, _root_path)
+            if is_pkg:
+                bin_item.source_name_or_path = pkg_path
+                if not any(x.source_name_or_path == bin_item.source_name_or_path for x in bin_list):
+                    bin_item.exclude = True
+                    bin_list.append(bin_item)
+                continue
 
             if any(dir_name in dir_path for dir_name in _EXCLUDE_DIR):
                 bin_item.exclude = True

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/src/fosslight_binary.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_binary
-Version: 5.1.8
+Version: 5.1.10
 Summary: FOSSLight Binary Scanner
 Home-page: https://github.com/fosslight/fosslight_binary_scanner
 Download-URL: https://github.com/fosslight/fosslight_binary_scanner
@@ -27,7 +27,6 @@ Requires-Dist: pytz
 Requires-Dist: XlsxWriter
 Requires-Dist: PyYAML
 Requires-Dist: fosslight_util>=2.1.13
-Requires-Dist: dependency-check
 Requires-Dist: python-magic-bin; sys_platform == "win32"
 Requires-Dist: python-magic; "darwin" in sys_platform
 Requires-Dist: python-magic; "linux" in sys_platform

{fosslight_binary-5.1.8 → fosslight_binary-5.1.10}/src/fosslight_binary.egg-info/requires.txt

@@ -9,7 +9,6 @@ pytz
 XlsxWriter
 PyYAML
 fosslight_util>=2.1.13
-dependency-check
 
 [:"darwin" in sys_platform]
 python-magic