fosslight-dependency 3.14.3__tar.gz → 3.15.1__tar.gz

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_dependency
-Version: 3.14.3
+Version: 3.15.1
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/requirements.txt

@@ -4,7 +4,7 @@ lxml
 virtualenv
 pyyaml
 lastversion
-fosslight_util>=1.4.40
+fosslight_util>=1.4.43
 PyGithub
 requirements-parser
 defusedxml

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/setup.py

@@ -35,7 +35,7 @@ if __name__ == "__main__":
 
     setup(
         name=_PACKAEG_NAME,
-        version='3.14.3',
+        version='3.15.1',
         package_dir={"": "src"},
         packages=find_namespace_packages(where='src'),
         description='FOSSLight Dependency Scanner',

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/src/fosslight_dependency/_help.py

@@ -32,6 +32,7 @@ _HELP_MESSAGE_DEPENDENCY = """
             -m <package_manager>\t    Enter the package manager.
                                         \t(npm, maven, gradle, pip, pub, cocoapods, android, swift, carthage, go, nuget, helm)
             -p <input_path>\t\t    Enter the path where the script will be run.
+            -e <exclude_path>\t\t    Enter the path where the analysis will not be performed.
             -o <output_path>\t\t    Output path
             \t\t\t\t\t(If you want to generate the specific file name, add the output path with file name.)
             -f <format>\t\t\t    Output file format (excel, csv, opossum, yaml, spdx-tag, spdx-yaml, spdx-json, spdx-xml)

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/src/fosslight_dependency/_package_manager.py

@@ -68,11 +68,12 @@ class PackageManager:
         self.package_name = ''
 
     def run_plugin(self):
+        ret = True
         if self.package_manager_name == const.GRADLE or self.package_manager_name == const.ANDROID:
-            self.run_gradle_task()
+            ret = self.run_gradle_task()
         else:
             logger.info(f"This package manager({self.package_manager_name}) skips the step to run plugin.")
-        return True
+        return ret
 
     def append_input_package_list_file(self, input_package_file):
         self.input_package_list_file.append(input_package_file)
@@ -87,35 +88,101 @@ class PackageManager:
         pass
 
     def run_gradle_task(self):
+        ret_task = True
         if os.path.isfile(const.SUPPORT_PACKAE.get(self.package_manager_name)):
             gradle_backup = f'{const.SUPPORT_PACKAE.get(self.package_manager_name)}_bk'
 
             shutil.copy(const.SUPPORT_PACKAE.get(self.package_manager_name), gradle_backup)
-            ret = self.add_allDeps_in_gradle()
-            if ret:
-                try:
-                    if os.path.isfile('gradlew') or os.path.isfile('gradlew.bat'):
-                        if self.platform == const.WINDOWS:
-                            cmd_gradle = "gradlew.bat"
-                        else:
-                            cmd_gradle = "./gradlew"
-
-                        cmd = f"{cmd_gradle} allDeps"
+            ret_alldeps = self.add_allDeps_in_gradle()
+
+            ret_plugin = False
+            if (self.package_manager_name == const.ANDROID):
+                module_build_gradle = os.path.join(self.app_name, const.SUPPORT_PACKAE.get(self.package_manager_name))
+                module_gradle_backup = f'{module_build_gradle}_bk'
+                if os.path.isfile(module_build_gradle) and (not os.path.isfile(self.input_file_name)):
+                    shutil.copy(module_build_gradle, module_gradle_backup)
+                    ret_plugin = self.add_android_plugin_in_gradle(module_build_gradle)
+
+            if os.path.isfile('gradlew') or os.path.isfile('gradlew.bat'):
+                if self.platform == const.WINDOWS:
+                    cmd_gradle = "gradlew.bat"
+                else:
+                    cmd_gradle = "./gradlew"
+            else:
+                ret_task = False
+                logger.warning('No gradlew file exists. (skip to find dependencies relationship.')
+                if ret_plugin:
+                    logger.warning('Also it cannot run android-dependency-scanning plugin.')
+            if ret_task:
+                if ret_alldeps:
+                    cmd = f"{cmd_gradle} allDeps"
+                    try:
                         ret = subprocess.check_output(cmd, shell=True, encoding='utf-8')
                         if ret != 0:
                             self.parse_dependency_tree(ret)
                         else:
                             self.set_direct_dependencies(False)
                             logger.warning("Failed to run allDeps task.")
-                except Exception as e:
-                    self.set_direct_dependencies(False)
-                    logger.error(f'Fail to run allDeps: {e}')
-                    logger.warning('It cannot print the direct/transitive dependencies relationship.')
+                    except Exception as e:
+                        self.set_direct_dependencies(False)
+                        logger.error(f'Fail to run {cmd}: {e}')
+                        logger.warning('It cannot print the direct/transitive dependencies relationship.')
+
+                if ret_plugin:
+                    cmd = f"{cmd_gradle} generateLicenseTxt"
+                    try:
+                        ret = subprocess.check_output(cmd, shell=True, encoding='utf-8')
+                        if ret == 0:
+                            ret_task = False
+                            logger.error(f'Fail to run {cmd}')
+                        if os.path.isfile(self.input_file_name):
+                            logger.info('Automatically run android-dependency-scanning plugin and generate output.')
+                            self.plugin_auto_run = True
+                        else:
+                            logger.warning('Automatically run android-dependency-scanning plugin, but fail to generate output.')
+                    except Exception as e:
+                        logger.error(f'Fail to run {cmd}: {e}')
+                        ret_task = False
 
             if os.path.isfile(gradle_backup):
                 os.remove(const.SUPPORT_PACKAE.get(self.package_manager_name))
                 shutil.move(gradle_backup, const.SUPPORT_PACKAE.get(self.package_manager_name))
 
+            if (self.package_manager_name == const.ANDROID):
+                if os.path.isfile(module_gradle_backup):
+                    os.remove(module_build_gradle)
+                    shutil.move(module_gradle_backup, module_build_gradle)
+        return ret_task
+
+    def add_android_plugin_in_gradle(self, module_build_gradle):
+        ret = False
+        build_script = '''buildscript {
+                            repositories {
+                                mavenCentral()
+                            }
+                            dependencies {
+                                //Android dependency scanning Plugin
+                                classpath 'org.fosslight:android-dependency-scanning:+'
+                            }
+                        }'''
+        apply = "apply plugin: 'org.fosslight'\n"
+        try:
+            with open(const.SUPPORT_PACKAE.get(self.package_manager_name), 'r', encoding='utf-8') as original:
+                data = original.read()
+            with open(const.SUPPORT_PACKAE.get(self.package_manager_name), 'w', encoding='utf-8') as modified:
+                modified.write(f"{build_script}\n{data}")
+            ret = True
+        except Exception as e:
+            logging.warning(f"Cannot add the buildscript task in build.gradle: {e}")
+
+        try:
+            with open(module_build_gradle, 'a', encoding='utf-8') as modified:
+                modified.write(f'\n{apply}\n')
+                ret = True
+        except Exception as e:
+            logging.warning(f"Cannot add the apply plugin in {module_build_gradle}: {e}")
+        return ret
+
     def add_allDeps_in_gradle(self):
         ret = False
         config = android_config if self.package_manager_name == 'android' else gradle_config

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/src/fosslight_dependency/package_manager/Android.py

@@ -11,27 +11,32 @@ from fosslight_dependency._package_manager import PackageManager, get_url_to_pur
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 
-_plugin_output_file = 'android_dependency_output.txt'
-
 
 class Android(PackageManager):
     package_manager_name = const.ANDROID
 
+    plugin_output_file = 'android_dependency_output.txt'
     app_name = const.default_app_name
     input_file_name = ''
+    plugin_auto_run = False
 
     def __init__(self, input_dir, output_dir, app_name):
         super().__init__(self.package_manager_name, '', input_dir, output_dir)
         if app_name:
             self.app_name = app_name
-        self.input_file_name = self.check_input_path(self.app_name, _plugin_output_file)
+        self.input_file_name = self.check_input_path()
         self.append_input_package_list_file(self.input_file_name)
 
-    def check_input_path(self, app_name, _plugin_output_file):
-        if os.path.isfile(_plugin_output_file):
-            return _plugin_output_file
+    def __del__(self):
+        if self.plugin_auto_run:
+            if os.path.isfile(self.input_file_name):
+                os.remove(self.input_file_name)
+
+    def check_input_path(self):
+        if os.path.isfile(self.plugin_output_file):
+            return self.plugin_output_file
         else:
-            return os.path.join(app_name, _plugin_output_file)
+            return os.path.join(self.app_name, self.plugin_output_file)
 
     def parse_oss_information(self, f_name):
         with open(f_name, 'r', encoding='utf8') as input_fp:

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/src/fosslight_dependency/run_dependency_scanner.py

@@ -27,7 +27,7 @@ _PKG_NAME = "fosslight_dependency"
 logger = logging.getLogger(constant.LOGGER_NAME)
 warnings.filterwarnings("ignore", category=FutureWarning)
 _sheet_name = "DEP_FL_Dependency"
-EXTENDED_HEADER = {_sheet_name: ['ID', 'purl', 'OSS Name',
+EXTENDED_HEADER = {_sheet_name: ['ID', 'Package URL', 'OSS Name',
                                        'OSS Version', 'License', 'Download Location',
                                        'Homepage', 'Copyright Text', 'Exclude',
                                        'Comment', 'Depends On']}
@@ -37,7 +37,7 @@ CUSTOMIZED_FORMAT = {'excel': '.xlsx', 'csv': '.csv', 'opossum': '.json', 'yaml'
 _exclude_dir = ['node_moduels', 'venv']
 
 
-def find_package_manager(input_dir):
+def find_package_manager(input_dir, abs_path_to_exclude=[]):
     ret = True
     manifest_file_name = []
     for value in const.SUPPORT_PACKAE.values():
@@ -52,7 +52,14 @@ def find_package_manager(input_dir):
             continue
         if os.path.basename(parent) in _exclude_dir:
             continue
+        if os.path.abspath(parent) in abs_path_to_exclude:
+            continue
         for file in files:
+            file_path = os.path.join(parent, file)
+            file_abs_path = os.path.abspath(file_path)
+            if any(os.path.commonpath([file_abs_path, exclude_path]) == exclude_path
+                   for exclude_path in abs_path_to_exclude):
+                continue
             if file in manifest_file_name:
                 found_manifest_file.append(file)
         if len(found_manifest_file) > 0:
@@ -83,8 +90,9 @@ def find_package_manager(input_dir):
     return ret, found_package_manager, input_dir
 
 
-def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='', pip_activate_cmd='', pip_deactivate_cmd='',
-                           output_custom_dir='', app_name=const.default_app_name, github_token='', format='', direct=True):
+def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='', pip_activate_cmd='',
+                           pip_deactivate_cmd='', output_custom_dir='', app_name=const.default_app_name,
+                           github_token='', format='', direct=True, path_to_exclude=[]):
     global logger
 
     ret = True
@@ -117,7 +125,8 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
         sys.exit(1)
 
     logger, _result_log = init_log(os.path.join(output_path, "fosslight_log_dep_" + _start_time + ".txt"),
-                                   True, logging.INFO, logging.DEBUG, _PKG_NAME)
+                                   True, logging.INFO, logging.DEBUG, _PKG_NAME, "", path_to_exclude)
+    abs_path_to_exclude = [os.path.abspath(os.path.join(input_dir, path)) for path in path_to_exclude]
 
     logger.info(f"Tool Info : {_result_log['Tool Info']}")
 
@@ -151,7 +160,7 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
     found_package_manager = {}
     if autodetect:
         try:
-            ret, found_package_manager, input_dir = find_package_manager(input_dir)
+            ret, found_package_manager, input_dir = find_package_manager(input_dir, abs_path_to_exclude)
             os.chdir(input_dir)
         except Exception as e:
             logger.error(f'Fail to find package manager: {e}')
@@ -188,7 +197,8 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
             fail_pm.append(f"{pm} ({', '.join(manifest_file_name)})")
     cover = CoverItem(tool_name=_PKG_NAME,
                       start_time=_start_time,
-                      input_path=input_dir)
+                      input_path=input_dir,
+                      exclude_path=path_to_exclude)
     cover_comment_arr = []
     if len(found_package_manager.keys()) > 0:
         if len(success_pm) > 0:
@@ -231,6 +241,7 @@ def main():
     package_manager = ''
     input_dir = ''
     output_dir = ''
+    path_to_exclude = []
     pip_activate_cmd = ''
     pip_deactivate_cmd = ''
     output_custom_dir = ''
@@ -244,6 +255,7 @@ def main():
     parser.add_argument('-v', '--version', action='store_true', required=False)
     parser.add_argument('-m', '--manager', nargs=1, type=str, default='', required=False)
     parser.add_argument('-p', '--path', nargs=1, type=str, required=False)
+    parser.add_argument('-e', '--exclude', nargs='*', required=False, default=[])
     parser.add_argument('-o', '--output', nargs=1, type=str, required=False)
     parser.add_argument('-a', '--activate', nargs=1, type=str, default='', required=False)
     parser.add_argument('-d', '--deactivate', nargs=1, type=str, default='', required=False)
@@ -268,6 +280,8 @@ def main():
         package_manager = ''.join(args.manager)
     if args.path:  # -p option
         input_dir = ''.join(args.path)
+    if args.exclude:  # -e option
+        path_to_exclude = args.exclude
     if args.output:  # -o option
         output_dir = ''.join(args.output)
     if args.activate:  # -a option
@@ -301,7 +315,7 @@ def main():
         sys.exit(0)
 
     run_dependency_scanner(package_manager, input_dir, output_dir, pip_activate_cmd, pip_deactivate_cmd,
-                           output_custom_dir, app_name, github_token, format, direct)
+                           output_custom_dir, app_name, github_token, format, direct, path_to_exclude)
 
 
 if __name__ == '__main__':

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/src/fosslight_dependency.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-dependency
-Version: 3.14.3
+Version: 3.15.1
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics

{fosslight_dependency-3.14.3 → fosslight_dependency-3.15.1}/src/fosslight_dependency.egg-info/requires.txt

@@ -4,7 +4,7 @@ lxml
 virtualenv
 pyyaml
 lastversion
-fosslight_util>=1.4.40
+fosslight_util>=1.4.43
 PyGithub
 requirements-parser
 defusedxml