fosslight-dependency 3.0.7__py3-none-any.whl → 4.1.30__py3-none-any.whl

fosslight_dependency/__init__.py

@@ -1 +0,0 @@
-from ._version import __version__

fosslight_dependency/_analyze_dependency.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+import logging
+import fosslight_dependency.constant as const
+from fosslight_dependency._package_manager import deduplicate_dep_items
+from fosslight_dependency.package_manager.Pypi import Pypi
+from fosslight_dependency.package_manager.Npm import Npm
+from fosslight_dependency.package_manager.Yarn import Yarn
+from fosslight_dependency.package_manager.Maven import Maven
+from fosslight_dependency.package_manager.Gradle import Gradle
+from fosslight_dependency.package_manager.Pub import Pub
+from fosslight_dependency.package_manager.Cocoapods import Cocoapods
+from fosslight_dependency.package_manager.Android import Android
+from fosslight_dependency.package_manager.Swift import Swift
+from fosslight_dependency.package_manager.Carthage import Carthage
+from fosslight_dependency.package_manager.Go import Go
+from fosslight_dependency.package_manager.Nuget import Nuget
+from fosslight_dependency.package_manager.Helm import Helm
+from fosslight_dependency.package_manager.Unity import Unity
+from fosslight_dependency.package_manager.Cargo import Cargo
+from fosslight_dependency.package_manager.Pnpm import Pnpm
+import fosslight_util.constant as constant
+
+logger = logging.getLogger(constant.LOGGER_NAME)
+
+
+def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate_cmd='', pip_deactivate_cmd='',
+                       output_custom_dir='', app_name=const.default_app_name, github_token='', manifest_file_name=[],
+                       direct=True):
+    ret = True
+    package_dep_item_list = []
+    cover_comment = ''
+    npm_fallback_to_yarn = False
+
+    if package_manager_name == const.PYPI:
+        package_manager = Pypi(input_dir, output_dir, pip_activate_cmd, pip_deactivate_cmd)
+    elif package_manager_name == const.NPM:
+        package_manager = Npm(input_dir, output_dir)
+        npm_fallback_to_yarn = True
+    elif package_manager_name == const.YARN:
+        package_manager = Yarn(input_dir, output_dir)
+    elif package_manager_name == const.MAVEN:
+        package_manager = Maven(input_dir, output_dir, output_custom_dir)
+    elif package_manager_name == const.GRADLE:
+        package_manager = Gradle(input_dir, output_dir, output_custom_dir)
+    elif package_manager_name == const.PUB:
+        package_manager = Pub(input_dir, output_dir)
+    elif package_manager_name == const.COCOAPODS:
+        package_manager = Cocoapods(input_dir, output_dir)
+    elif package_manager_name == const.ANDROID:
+        package_manager = Android(input_dir, output_dir, app_name)
+    elif package_manager_name == const.SWIFT:
+        package_manager = Swift(input_dir, output_dir, github_token)
+    elif package_manager_name == const.CARTHAGE:
+        package_manager = Carthage(input_dir, output_dir, github_token)
+    elif package_manager_name == const.GO:
+        package_manager = Go(input_dir, output_dir)
+    elif package_manager_name == const.NUGET:
+        package_manager = Nuget(input_dir, output_dir)
+    elif package_manager_name == const.HELM:
+        package_manager = Helm(input_dir, output_dir)
+    elif package_manager_name == const.UNITY:
+        package_manager = Unity(input_dir, output_dir)
+    elif package_manager_name == const.CARGO:
+        package_manager = Cargo(input_dir, output_dir)
+    elif package_manager_name == const.PNPM:
+        package_manager = Pnpm(input_dir, output_dir)
+    else:
+        logger.error(f"Not supported package manager name: {package_manager_name}")
+        ret = False
+        return ret, package_dep_item_list, cover_comment, package_manager_name
+
+    if manifest_file_name:
+        package_manager.set_manifest_file(manifest_file_name)
+
+    if direct:
+        package_manager.set_direct_dependencies(direct)
+    ret = package_manager.run_plugin()
+
+    if not ret and npm_fallback_to_yarn:
+        logger.warning("Npm analysis failed. Attempting to use Yarn as fallback...")
+        del package_manager
+        package_manager = Yarn(input_dir, output_dir)
+        package_manager_name = const.YARN
+
+        if manifest_file_name:
+            package_manager.set_manifest_file(manifest_file_name)
+        if direct:
+            package_manager.set_direct_dependencies(direct)
+
+        ret = package_manager.run_plugin()
+        if ret:
+            logger.info("Successfully switched to Yarn")
+        else:
+            logger.error("Yarn also failed")
+
+    if ret:
+        if direct:
+            package_manager.parse_direct_dependencies()
+
+        for f_name in package_manager.input_package_list_file:
+            logger.info(f"Parse oss information with file: {f_name}")
+
+            file_path = os.path.join(input_dir, f_name) if not os.path.isabs(f_name) else f_name
+            if os.path.isfile(file_path):
+                package_manager.parse_oss_information(f_name)
+                package_dep_item_list.extend(package_manager.dep_items)
+            else:
+                logger.error(f"Failed to open input file: {file_path}")
+                ret = False
+        if package_manager_name == const.PNPM:
+            logger.info("Parse oss information for pnpm")
+            package_manager.parse_oss_information_for_pnpm()
+            package_dep_item_list.extend(package_manager.dep_items)
+        if package_dep_item_list:
+            package_dep_item_list = deduplicate_dep_items(package_dep_item_list)
+    if ret:
+        logger.warning(f"### Complete to analyze: {package_manager_name}({input_dir}: {','.join(manifest_file_name)})")
+        if package_manager.cover_comment:
+            cover_comment = package_manager.cover_comment
+    else:
+        logger.error(f"### Fail to analyze: {package_manager_name}({input_dir}: {','.join(manifest_file_name)})")
+
+    del package_manager
+
+    return ret, package_dep_item_list, cover_comment, package_manager_name

fosslight_dependency/_graph_convertor.py

@@ -0,0 +1,67 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+from typing import Optional, Tuple
+import igraph as ig
+import matplotlib.pyplot as plt
+
+
+class GraphConvertor:
+    def __init__(self, dep_items: Optional[list] = None):
+        self._verticies = {}
+        self._edges = []
+        if dep_items:
+            self.init_list(dep_items)
+
+    def init_list(self, dep_items: list):
+        """
+        Initialize dep_items to self._verticies and self._edges
+
+        Args:
+            dep_items : List containing package information
+        """
+        depend_on_package_dict = {}
+        for idx, file_item in enumerate(dep_items):
+            package_name = file_item.purl
+            depend_on_packages = file_item.depends_on
+            self._verticies[package_name] = idx
+            depend_on_package_dict[package_name] = depend_on_packages
+        else:
+            for package_name, depend_on_packages in depend_on_package_dict.items():
+                if not package_name:
+                    pass
+                else:
+                    package_idx = self._verticies[package_name]
+                    for depend_on_package in depend_on_packages:
+                        if not depend_on_package:
+                            pass
+                        else:
+                            depend_on_package_idx = self._verticies[depend_on_package]
+                            self._edges.append((package_idx, depend_on_package_idx))
+
+    def save(self, path: str, size: Tuple[(int, int)]):
+        g = ig.Graph((len(self._verticies)), (self._edges), directed=True)
+
+        g["title"] = "Dependency Graph"
+        g.vs["name"] = list(self._verticies.keys())
+
+        fig, ax = plt.subplots(figsize=(tuple(map((lambda x: x / 100), size))))
+        fig.tight_layout()
+
+        ig.plot(
+            g,
+            target=ax,
+            layout="kk",
+            vertex_size=15,
+            vertex_color=["#FFD2D2"],
+            vertex_label=(g.vs["name"]),
+            vertex_label_dist=1.5,
+            vertex_label_size=7.0,
+            edge_width=0.5,
+            edge_color=["#FFD2D2"],
+            edge_arrow_size=5,
+            edge_arrow_width=5,
+        )
+
+        fig.savefig(path)

fosslight_dependency/_help.py

@@ -0,0 +1,79 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+from fosslight_util.help import PrintHelpMsg, print_package_version
+from fosslight_util.output_format import SUPPORT_FORMAT
+
+_HELP_MESSAGE_DEPENDENCY = f"""
+    Usage: fosslight_dependency [option1] <arg1> [option2] <arg2>...
+
+    FOSSLight Dependency Scanner is the tool that supports the analysis of dependencies for multiple package managers.
+    It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools.
+    Then, it generates the report file that contains OSS information of dependencies.
+
+    Currently, it supports the following package managers:
+        Gradle (Java)
+        Maven (Java)
+        NPM (Node.js)
+        PNPM (Node.js)
+        Yarn (Node.js)
+        PIP (Python)
+        Pub (Dart with flutter)
+        Cocoapods (Swift/Obj-C)
+        Swift (Swift)
+        Carthage (Swift/Obj-C)
+        Go (Go)
+        Nuget (.NET)
+        Helm (Kubernetes)
+        Unity (Unity)
+        Cargo (Rust)
+
+    Options:
+        Optional
+            -h\t\t\t\t    Print help message.
+            -v\t\t\t\t    Print the version of the script.
+            -m <package_manager>\t    Enter the package manager.
+                                        \t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage,
+                                        \t go, nuget, helm, unity, cargo, pnpm, yarn)
+            -p <input_path>\t\t    Enter the path where the script will be run.
+            -e <exclude_path>\t\t    Enter the path where the analysis will not be performed (files and directories).
+            \t\t\t\t    * IMPORTANT: Always wrap patterns in double quotes ("") to avoid shell expansion.
+            \t\t\t\t      Example) fosslight_dependency -e "test/abc.py" "*.jar"
+            -o <output_path>\t\t    Output path
+            \t\t\t\t\t(If you want to generate the specific file name, add the output path with file name.)
+            -f <format> [<format> ...]\t    Output formats
+            \t\t\t\t    \t({', '.join(SUPPORT_FORMAT)})
+            \t\t\t\t    Multiple formats can be specified separated by space.
+            --graph-path <save_path> \t    Enter the path where the graph image will be saved
+            \t\t\t\t\t(ex. /your/directory/path/filename.[pdf, jpg, png]) (recommend pdf extension)
+            --graph-size <width> <height>   Enter the size of the graph image (The size unit is pixels)
+            \t\t\t\t\t--graph-path option is required
+            --direct\t\t\t    Print the direct/transitive dependency type in comment.
+                                \t\tChoice 'True' or 'False'. (default:True)
+            -r\t\t\t\t    Recursive mode. Scan all subdirectories for manifest files.
+            --notice\t\t\t    Print the open source license notice text.
+
+        Required only for swift, carthage
+            -t <token>\t\t\t    Enter the github personal access token.
+
+        Optional only for pypi
+            -a <activate_cmd>\t\t    Virtual environment activate command(ex, 'conda activate (venv name)')
+            -d <deactivate_cmd>\t\t    Virtual environment deactivate command(ex, 'conda deactivate')
+
+        Optional only for gradle, maven
+            -c <dir_name>\t\t    Enter the customized build output directory name
+                                    \t\t-Default name : 'build' for gradle, 'target' for maven
+
+        Optional only for android
+            -n <app_name>\t\t    Enter the application directory name where the plugin output file is located(default: app)
+        """
+
+
+def print_version(pkg_name: str) -> None:
+    print_package_version(pkg_name, "FOSSLight Dependency Scanner Version:")
+
+
+def print_help_msg():
+    helpMsg = PrintHelpMsg(_HELP_MESSAGE_DEPENDENCY)
+    helpMsg.print_help_msg(True)

fosslight_dependency/_package_manager.py

@@ -0,0 +1,397 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+import logging
+import platform
+import re
+import base64
+import subprocess
+import shutil
+import stat
+from packageurl.contrib import url2purl
+from askalono import identify
+import fosslight_util.constant as constant
+import fosslight_dependency.constant as const
+
+try:
+    from github import Github
+except Exception:
+    pass
+
+logger = logging.getLogger(constant.LOGGER_NAME)
+
+gradle_config = ['runtimeClasspath', 'runtime']
+android_config = ['releaseRuntimeClasspath']
+ASKALONO_THRESHOLD = 0.7
+
+
+class PackageManager:
+    input_package_list_file = []
+    direct_dep = False
+    total_dep_list = []
+    direct_dep_list = []
+
+    def __init__(self, package_manager_name, dn_url, input_dir, output_dir):
+        self.input_package_list_file = []
+        self.direct_dep = False
+        self.total_dep_list = []
+        self.direct_dep_list = []
+        self.package_manager_name = package_manager_name
+        self.input_dir = input_dir
+        self.output_dir = output_dir
+        self.dn_url = dn_url
+        self.manifest_file_name = []
+        self.relation_tree = {}
+        self.package_name = ''
+        self.cover_comment = ''
+        self.dep_items = []
+
+        self.platform = platform.system()
+
+    def __del__(self):
+        self.input_package_list_file = []
+        self.direct_dep = False
+        self.total_dep_list = []
+        self.direct_dep_list = []
+        self.package_manager_name = ''
+        self.input_dir = ''
+        self.output_dir = ''
+        self.dn_url = ''
+        self.manifest_file_name = []
+        self.relation_tree = {}
+        self.package_name = ''
+        self.dep_items = []
+
+    def run_plugin(self):
+        ret = True
+        if self.package_manager_name == const.GRADLE or self.package_manager_name == const.ANDROID:
+            ret = self.run_gradle_task()
+        else:
+            logger.info(f"This package manager({self.package_manager_name}) skips the step to run plugin.")
+        return ret
+
+    def append_input_package_list_file(self, input_package_file):
+        self.input_package_list_file.append(input_package_file)
+
+    def set_manifest_file(self, manifest_file_name):
+        self.manifest_file_name = manifest_file_name
+
+    def set_direct_dependencies(self, direct):
+        self.direct_dep = direct
+
+    def parse_direct_dependencies(self):
+        pass
+
+    def run_gradle_task(self):
+        ret_task = True
+        if os.path.isfile(const.SUPPORT_PACKAE.get(self.package_manager_name)):
+            gradle_backup = f'{const.SUPPORT_PACKAE.get(self.package_manager_name)}_bk'
+
+            shutil.copy(const.SUPPORT_PACKAE.get(self.package_manager_name), gradle_backup)
+            ret_alldeps = self.add_allDeps_in_gradle()
+
+            ret_plugin = False
+            if (self.package_manager_name == const.ANDROID):
+                module_build_gradle = os.path.join(self.app_name, const.SUPPORT_PACKAE.get(self.package_manager_name))
+                module_gradle_backup = f'{module_build_gradle}_bk'
+                if os.path.isfile(module_build_gradle) and (not os.path.isfile(self.input_file_name)):
+                    shutil.copy(module_build_gradle, module_gradle_backup)
+                    ret_plugin = self.add_android_plugin_in_gradle(module_build_gradle)
+
+            if os.path.isfile('gradlew') or os.path.isfile('gradlew.bat'):
+                if self.platform == const.WINDOWS:
+                    cmd_gradle = "gradlew.bat"
+                else:
+                    cmd_gradle = "./gradlew"
+            else:
+                ret_task = False
+                self.set_direct_dependencies(False)
+                logger.warning('No gradlew file exists (Skip to find dependencies relationship.).')
+                if ret_plugin:
+                    logger.warning('Also it cannot run android-dependency-scanning plugin.')
+            if ret_task:
+                current_mode = change_file_mode(cmd_gradle)
+                if ret_alldeps:
+                    cmd = f"{cmd_gradle} allDeps"
+                    try:
+                        ret = subprocess.check_output(cmd, shell=True, encoding='utf-8')
+                        if ret != 0:
+                            self.parse_dependency_tree(ret)
+                        else:
+                            self.set_direct_dependencies(False)
+                            logger.warning(f"Fail to run {cmd}")
+                    except Exception as e:
+                        self.set_direct_dependencies(False)
+                        logger.warning(f"Cannot print 'depends on' information. (fail {cmd}: {e})")
+
+                if ret_plugin:
+                    cmd = f"{cmd_gradle} generateLicenseTxt"
+                    try:
+                        ret = subprocess.check_output(cmd, shell=True, encoding='utf-8')
+                        if ret == 0:
+                            ret_task = False
+                            logger.error(f'Fail to run {cmd}')
+                        if os.path.isfile(self.input_file_name):
+                            logger.info('Automatically run android-dependency-scanning plugin and generate output.')
+                            self.plugin_auto_run = True
+                        else:
+                            logger.warning('Automatically run android-dependency-scanning plugin, but fail to generate output.')
+                    except Exception as e:
+                        logger.error(f'Fail to run {cmd}: {e}')
+                        ret_task = False
+                change_file_mode(cmd_gradle, current_mode)
+
+            if os.path.isfile(gradle_backup):
+                os.remove(const.SUPPORT_PACKAE.get(self.package_manager_name))
+                shutil.move(gradle_backup, const.SUPPORT_PACKAE.get(self.package_manager_name))
+
+            if (self.package_manager_name == const.ANDROID):
+                if os.path.isfile(module_gradle_backup):
+                    os.remove(module_build_gradle)
+                    shutil.move(module_gradle_backup, module_build_gradle)
+        if os.path.isfile(self.input_file_name):
+            logger.info(f'Found {self.input_file_name}, skip to run plugin.')
+            self.set_direct_dependencies(False)
+            ret_task = True
+        return ret_task
+
+    def add_android_plugin_in_gradle(self, module_build_gradle):
+        ret = False
+        build_script = '''buildscript {
+                            repositories {
+                                mavenCentral()
+                            }
+                            dependencies {
+                                //Android dependency scanning Plugin
+                                classpath 'org.fosslight:android-dependency-scanning:+'
+                            }
+                        }'''
+        apply = "apply plugin: 'org.fosslight'\n"
+        try:
+            with open(const.SUPPORT_PACKAE.get(self.package_manager_name), 'r', encoding='utf-8') as original:
+                data = original.read()
+            with open(const.SUPPORT_PACKAE.get(self.package_manager_name), 'w', encoding='utf-8') as modified:
+                modified.write(f"{build_script}\n{data}")
+            ret = True
+        except Exception as e:
+            logging.warning(f"Cannot add the buildscript task in build.gradle: {e}")
+
+        try:
+            with open(module_build_gradle, 'a', encoding='utf-8') as modified:
+                modified.write(f'\n{apply}\n')
+                ret = True
+        except Exception as e:
+            logging.warning(f"Cannot add the apply plugin in {module_build_gradle}: {e}")
+        return ret
+
+    def add_allDeps_in_gradle(self):
+        ret = False
+        config = android_config if self.package_manager_name == 'android' else gradle_config
+        configuration = ','.join([f'project.configurations.{c}' for c in config])
+
+        allDeps = f'''allprojects {{
+                   task allDeps(type: DependencyReportTask) {{
+                        doFirst{{
+                            try {{
+                                configurations = [{configuration}] as Set }}
+                            catch(UnknownConfigurationException) {{}}
+                        }}
+                    }}
+                    }}'''
+        try:
+            with open(const.SUPPORT_PACKAE.get(self.package_manager_name), 'a', encoding='utf8') as f:
+                f.write(f'\n{allDeps}\n')
+                ret = True
+        except Exception as e:
+            logging.warning(f"Cannot add the allDeps task in build.gradle: {e}")
+
+        return ret
+
+    def create_dep_stack(self, dep_line, config):
+        packages_in_config = False
+        dep_stack = []
+        cur_flag = ''
+        dep_level = -1
+        dep_level_plus = False
+        for line in dep_line.split('\n'):
+            try:
+                if not packages_in_config:
+                    filtered = next(filter(lambda c: re.findall(rf'^{c}\s\-', line), config), None)
+                    if filtered:
+                        packages_in_config = True
+                else:
+                    if line == '':
+                        packages_in_config = False
+                    prev_flag = cur_flag
+                    prev_dep_level = dep_level
+                    dep_level = line.count("|")
+
+                    re_result = re.findall(r'([\+|\\])\-\-\-\s([^\:\s]+\:[^\:\s]+)\:([^\:\s]+)', line)
+                    if re_result:
+                        cur_flag = re_result[0][0]
+                        if (prev_flag == '\\') and (prev_dep_level == dep_level):
+                            dep_level_plus = True
+                        if dep_level_plus and (prev_flag == '\\') and (prev_dep_level != dep_level):
+                            dep_level_plus = False
+                        if dep_level_plus:
+                            dep_level += 1
+                        dep_name = f'{re_result[0][1]}({re_result[0][2]})'
+                        dep_stack = dep_stack[:dep_level] + [dep_name]
+                        yield dep_stack[:dep_level], dep_name
+                    else:
+                        cur_flag = ''
+            except Exception as e:
+                logger.warning(f"Failed to parse dependency tree: {e}")
+
+    def parse_dependency_tree(self, f_name):
+        config = android_config if self.package_manager_name == 'android' else gradle_config
+        try:
+            for stack, name in self.create_dep_stack(f_name, config):
+                self.total_dep_list.append(name)
+                if len(stack) == 0:
+                    self.direct_dep_list.append(name)
+                else:
+                    if stack[-1] not in self.relation_tree:
+                        self.relation_tree[stack[-1]] = []
+                    self.relation_tree[stack[-1]].append(name)
+        except Exception as e:
+            logger.warning(f'Fail to parse gradle dependency tree:{e}')
+
+
+def get_url_to_purl(url, pkg_manager, oss_name='', oss_version=''):
+    purl_prefix = f'pkg:{pkg_manager}'
+    purl = str(url2purl.get_purl(url))
+    if not re.match(purl_prefix, purl):
+        match = re.match(constant.PKG_PATTERN.get(pkg_manager, 'not_support'), url)
+        try:
+            if match and (match != ''):
+                if pkg_manager == 'maven':
+                    purl = f'{purl_prefix}/{match.group(1)}/{match.group(2)}@{match.group(3)}'
+                elif pkg_manager == 'pub':
+                    purl = f'{purl_prefix}/{match.group(1)}@{match.group(2)}'
+                elif pkg_manager == 'cocoapods':
+                    match = re.match(r'([^\/]+)\/?([^\/]*)', oss_name)  # ex, GoogleUtilities/NSData+zlib
+                    purl = f'{purl_prefix}/{match.group(1)}@{oss_version}'
+                    if match.group(2):
+                        purl = f'{purl}#{match.group(2)}'
+                elif pkg_manager == 'go':
+                    purl = f'{purl_prefix}lang/{match.group(1)}@{match.group(2)}'
+                elif pkg_manager == 'cargo':
+                    purl = f'{purl_prefix}/{oss_name}@{oss_version}'
+            else:
+                if pkg_manager == 'swift':
+                    if oss_version:
+                        purl = f'{purl_prefix}/{oss_name}@{oss_version}'
+                    else:
+                        purl = f'{purl_prefix}/{oss_name}'
+                elif pkg_manager == 'carthage':
+                    if oss_version:
+                        purl = f'{purl}@{oss_version}'
+        except Exception:
+            logger.debug('Fail to get purl. So use the link purl({purl}).')
+    return purl
+
+
+def version_refine(oss_version):
+    version_cmp = oss_version.upper()
+
+    if version_cmp.find(".RELEASE") != -1:
+        oss_version = version_cmp.rstrip(".RELEASE")
+    elif version_cmp.find(".FINAL") != -1:
+        oss_version = version_cmp.rstrip(".FINAL")
+
+    return oss_version
+
+
+def connect_github(github_token):
+    if len(github_token) > 0:
+        g = Github(github_token)
+    else:
+        g = Github()
+
+    return g
+
+
+def get_github_license(g, github_repo):
+    license_name = ''
+
+    try:
+        repository = g.get_repo(github_repo)
+    except Exception:
+        logger.info("It cannot find the license name. Please use '-t' option with github token.")
+        logger.info("{0}{1}".format("refer:https://docs.github.com/en/github/authenticating-to-github/",
+                    "keeping-your-account-and-data-secure/creating-a-personal-access-token"))
+        repository = ''
+
+    if repository != '':
+        try:
+            license_name = repository.get_license().license.spdx_id
+            if license_name == "" or license_name == "NOASSERTION":
+                try:
+                    license_txt_data = base64.b64decode(repository.get_license().content).decode('utf-8')
+                    license_name = check_license_name(license_txt_data)
+                except Exception:
+                    logger.info("Cannot find the license name with askalono.")
+        except Exception:
+            logger.info("Cannot find the license name with github api.")
+
+    return license_name
+
+
+def check_license_name(license_txt, is_filepath=False):
+    license_name = ''
+    if is_filepath:
+        with open(license_txt, 'r', encoding='utf-8') as f:
+            license_content = f.read()
+    else:
+        license_content = license_txt
+
+    detect_askalono = identify(license_content)
+    if detect_askalono.score > ASKALONO_THRESHOLD:
+        license_name = detect_askalono.name
+    return license_name
+
+
+def change_file_mode(filepath, mode=''):
+    current_mode = ''
+
+    if not os.path.exists(filepath):
+        logger.debug(f"The file{filepath} does not exist.")
+    else:
+        current_mode = os.stat(filepath).st_mode
+        if not mode:
+            new_mode = current_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH
+        else:
+            new_mode = mode
+        os.chmod(filepath, new_mode)
+        logger.debug(f"File mode of {filepath} has been changed to {oct(new_mode)}.")
+    return current_mode
+
+
+def deduplicate_dep_items(dep_items):
+    if not dep_items:
+        return dep_items
+
+    unique_items = []
+    seen = set()
+
+    for item in dep_items:
+        first_oss = item.oss_items[0] if getattr(item, "oss_items", None) else None
+        oss_name = getattr(first_oss, "name", None) if first_oss else None
+        oss_ver = getattr(first_oss, "version", None) if first_oss else None
+        comment = getattr(first_oss, "comment", None) if first_oss else None
+
+        depends_on = None
+        if getattr(item, "depends_on", None):
+            depends_on = tuple(sorted(item.depends_on))
+
+        key = (getattr(item, "purl", None), oss_name, oss_ver, comment, depends_on)
+        if key in seen:
+            continue
+        seen.add(key)
+        unique_items.append(item)
+
+    return unique_items