fosslight-dependency 3.15.4__tar.gz → 3.15.6__tar.gz

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_dependency
-Version: 3.15.4
+Version: 3.15.6
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics

fosslight_dependency-3.15.4/src/fosslight_dependency.egg-info/requires.txt → fosslight_dependency-3.15.6/requirements.txt

@@ -4,8 +4,10 @@ lxml
 virtualenv
 pyyaml
 lastversion
-fosslight_util>=1.4.43
+fosslight_util~=1.4.47
 PyGithub
 requirements-parser
 defusedxml
 packageurl-python
+igraph
+matplotlib

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/setup.py

@@ -35,7 +35,7 @@ if __name__ == "__main__":
 
     setup(
         name=_PACKAEG_NAME,
-        version='3.15.4',
+        version='3.15.6',
         package_dir={"": "src"},
         packages=find_namespace_packages(where='src'),
         description='FOSSLight Dependency Scanner',

fosslight_dependency-3.15.6/src/fosslight_dependency/_graph_convertor.py

@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+from typing import Optional, Tuple
+import igraph as ig
+import matplotlib.pyplot as plt
+
+
+class GraphConvertor:
+    def __init__(self, package_list: Optional[list] = None):
+        self._verticies = {}
+        self._edges = []
+        if package_list:
+            self.init_list(package_list)
+
+    def init_list(self, package_list: list):
+        """
+        Initialize package_list to self._verticies and self._edges
+
+        Args:
+            package_list (list): List containing package information
+        """
+        depend_on_package_dict = {}
+        for idx, package_info in enumerate(package_list):
+            package_name = package_info[0]
+            depend_on_packages_str = package_info[-1]
+            depend_on_packages = list(map((lambda x: x.strip()), depend_on_packages_str.split(",")))
+            self._verticies[package_name] = idx
+            depend_on_package_dict[package_name] = depend_on_packages
+        else:
+            for package_name, depend_on_packages in depend_on_package_dict.items():
+                if not package_name:
+                    pass
+                else:
+                    package_idx = self._verticies[package_name]
+                    for depend_on_package in depend_on_packages:
+                        if not depend_on_package:
+                            pass
+                        else:
+                            depend_on_package_idx = self._verticies[depend_on_package]
+                            self._edges.append((package_idx, depend_on_package_idx))
+
+    def save(self, path: str, size: Tuple[(int, int)]):
+        g = ig.Graph((len(self._verticies)), (self._edges), directed=True)
+
+        g["title"] = "Dependency Graph"
+        g.vs["name"] = list(self._verticies.keys())
+
+        fig, ax = plt.subplots(figsize=(tuple(map((lambda x: x / 100), size))))
+        fig.tight_layout()
+
+        ig.plot(
+            g,
+            target=ax,
+            layout="kk",
+            vertex_size=15,
+            vertex_color=["#FFD2D2"],
+            vertex_label=(g.vs["name"]),
+            vertex_label_dist=1.5,
+            vertex_label_size=7.0,
+            edge_width=0.5,
+            edge_color=["#FFD2D2"],
+            edge_arrow_size=5,
+            edge_arrow_width=5,
+        )
+
+        fig.savefig(path)

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/src/fosslight_dependency/_help.py

@@ -30,12 +30,17 @@ _HELP_MESSAGE_DEPENDENCY = """
             -h\t\t\t\t    Print help message.
             -v\t\t\t\t    Print the version of the script.
             -m <package_manager>\t    Enter the package manager.
-                                        \t(npm, maven, gradle, pip, pub, cocoapods, android, swift, carthage, go, nuget, helm)
+                                        \t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage, go, nuget, helm)
             -p <input_path>\t\t    Enter the path where the script will be run.
             -e <exclude_path>\t\t    Enter the path where the analysis will not be performed.
             -o <output_path>\t\t    Output path
             \t\t\t\t\t(If you want to generate the specific file name, add the output path with file name.)
-            -f <format>\t\t\t    Output file format (excel, csv, opossum, yaml, spdx-tag, spdx-yaml, spdx-json, spdx-xml)
+            -f <format> [<format> ...]\t    Output formats (excel, csv, opossum, yaml, spdx-tag, spdx-yaml, spdx-json, spdx-xml)
+        \t\t\t\t    Multiple formats can be specified separated by space.
+            --graph-path <save_path> \t    Enter the path where the graph image will be saved
+            \t\t\t\t\t(ex. /your/directory/path/filename.{pdf, jpg, png}) (recommend pdf extension)
+            --graph-size <width> <height>   Enter the size of the graph image (The size unit is pixels)
+            \t\t\t\t\t--graph-path option is required
             --direct\t\t\t    Print the direct/transitive dependency type in comment.
                                 \t\tChoice 'True' or 'False'. (default:True)
             --notice\t\t\t    Print the open source license notice text.

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/src/fosslight_dependency/package_manager/Cocoapods.py

@@ -128,7 +128,7 @@ class Cocoapods(PackageManager):
                 purl = get_url_to_purl(homepage, self.package_manager_name, pod_oss_name_origin, oss_version)
                 self.purl_dict[f'{pod_oss_name_origin}({oss_version})'] = purl
                 if pod_oss_name in external_source_list:
-                    homepage = dn_loc
+                    homepage = ''
                 if oss_name == '':
                     continue
                 if pod_oss_version != oss_version:

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/src/fosslight_dependency/run_dependency_scanner.py

@@ -17,10 +17,11 @@ from fosslight_util.set_log import init_log
 import fosslight_util.constant as constant
 from fosslight_dependency._help import print_help_msg
 from fosslight_dependency._analyze_dependency import analyze_dependency
-from fosslight_util.output_format import check_output_format, write_output_file
+from fosslight_util.output_format import check_output_formats, write_output_file
 if platform.system() != 'Windows':
     from fosslight_util.write_spdx import write_spdx
 from fosslight_util.cover import CoverItem
+from fosslight_dependency._graph_convertor import GraphConvertor
 
 # Package Name
 _PKG_NAME = "fosslight_dependency"
@@ -92,7 +93,8 @@ def find_package_manager(input_dir, abs_path_to_exclude=[]):
 
 def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='', pip_activate_cmd='',
                            pip_deactivate_cmd='', output_custom_dir='', app_name=const.default_app_name,
-                           github_token='', format='', direct=True, path_to_exclude=[]):
+                           github_token='', formats=[], direct=True, path_to_exclude=[], graph_path='',
+                           graph_size=(600, 600)):
     global logger
 
     ret = True
@@ -101,25 +103,42 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
     _json_ext = ".json"
     _start_time = datetime.now().strftime('%y%m%d_%H%M')
 
-    success, msg, output_path, output_file, output_extension = check_output_format(output_dir_file, format, CUSTOMIZED_FORMAT)
+    success, msg, output_path, output_files, output_extensions = check_output_formats(output_dir_file, formats, CUSTOMIZED_FORMAT)
     if success:
         if output_path == "":
             output_path = os.getcwd()
         else:
             output_path = os.path.abspath(output_path)
 
-        if output_file == "":
-            if format.startswith('spdx'):
-                if platform.system() != 'Windows':
-                    output_file = f"fosslight_spdx_dep_{_start_time}"
-                else:
-                    logger.error('Windows not support spdx format.')
-                    sys.exit(0)
-            else:
-                if output_extension == _json_ext:
-                    output_file = f"fosslight_opossum_dep_{_start_time}"
+        if not output_files:
+            while len(output_files) < len(output_extensions):
+                output_files.append(None)
+            to_remove = []  # elements of spdx format on windows that should be removed
+            for i, output_extension in enumerate(output_extensions):
+                if formats:
+                    if formats[i].startswith('spdx'):
+                        if platform.system() != 'Windows':
+                            output_files[i] = f"fosslight_spdx_dep_{_start_time}"
+                        else:
+                            logger.warning('spdx format is not supported on Windows. Please remove spdx from format.')
+                            to_remove.append(i)
+                    else:
+                        if output_extension == _json_ext:
+                            output_files[i] = f"fosslight_opossum_dep_{_start_time}"
+                        else:
+                            output_files[i] = f"fosslight_report_dep_{_start_time}"
                 else:
-                    output_file = f"fosslight_report_dep_{_start_time}"
+                    if output_extension == _json_ext:
+                        output_files[i] = f"fosslight_opossum_dep_{_start_time}"
+                    else:
+                        output_files[i] = f"fosslight_report_dep_{_start_time}"
+            for index in sorted(to_remove, reverse=True):
+                # remove elements of spdx format on windows
+                del output_files[index]
+                del output_extensions[index]
+                del formats[index]
+            if len(output_extensions) < 1:
+                sys.exit(0)
     else:
         logger.error(msg)
         sys.exit(1)
@@ -216,27 +235,42 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
     if cover_comment:
         cover.comment += f', {cover_comment}'
 
-    output_file_without_ext = os.path.join(output_path, output_file)
-    if format.startswith('spdx'):
-        if platform.system() != 'Windows':
-            success_write, err_msg, result_file = write_spdx(output_file_without_ext, output_extension, sheet_list,
-                                                             _PKG_NAME, pkg_resources.get_distribution(_PKG_NAME).version,
-                                                             spdx_version=(2, 3))
+    if ret and graph_path:
+        graph_path = os.path.abspath(graph_path)
+        try:
+            converter = GraphConvertor(sheet_list[_sheet_name])
+            converter.save(graph_path, graph_size)
+            logger.info(f"Output graph image file: {graph_path}")
+        except Exception as e:
+            logger.error(f'Fail to make graph image: {e}')
+
+    combined_paths_and_files = [os.path.join(output_path, file) for file in output_files]
+    results = []
+    for i, output_extension in enumerate(output_extensions):
+        if formats:
+            if formats[i].startswith('spdx'):
+                if platform.system() != 'Windows':
+                    results.append(write_spdx(combined_paths_and_files[i], output_extension, sheet_list, _PKG_NAME,
+                                              pkg_resources.get_distribution(_PKG_NAME).version, spdx_version=(2, 3)))
+                else:
+                    logger.error('Windows not support spdx format.')
+            else:
+                results.append(write_output_file(combined_paths_and_files[i], output_extension, sheet_list, EXTENDED_HEADER,
+                                                 '', cover))
         else:
-            logger.error('Windows not support spdx format.')
-    else:
-        success_write, err_msg, result_file = write_output_file(output_file_without_ext, output_extension,
-                                                                sheet_list, EXTENDED_HEADER, '', cover)
-    if success_write:
-        if result_file:
-            logger.info(f"Output file: {result_file}")
+            results.append(write_output_file(combined_paths_and_files[i], output_extension, sheet_list, EXTENDED_HEADER,
+                                             '', cover))
+    for success_write, err_msg, result_file in results:
+        if success_write:
+            if result_file:
+                logger.info(f"Output file: {result_file}")
+            else:
+                logger.warning(f"{err_msg}")
+            for i in cover_comment_arr:
+                logger.info(i.strip())
         else:
-            logger.warning(f"{err_msg}")
-        for i in cover_comment_arr:
-            logger.info(i.strip())
-    else:
-        ret = False
-        logger.error(f"Fail to generate result file. msg:({err_msg})")
+            ret = False
+            logger.error(f"Fail to generate result file. msg:({err_msg})")
 
     logger.warning("### FINISH ###")
     return ret, sheet_list
@@ -253,6 +287,8 @@ def main():
     app_name = const.default_app_name
     github_token = ''
     format = ''
+    graph_path = ''
+    graph_size = (600, 600)
     direct = True
 
     parser = argparse.ArgumentParser(add_help=False)
@@ -267,7 +303,9 @@ def main():
     parser.add_argument('-c', '--customized', nargs=1, type=str, required=False)
     parser.add_argument('-n', '--appname', nargs=1, type=str, required=False)
     parser.add_argument('-t', '--token', nargs=1, type=str, required=False)
-    parser.add_argument('-f', '--format', nargs=1, type=str, required=False)
+    parser.add_argument('-f', '--format', nargs="*", type=str, required=False)
+    parser.add_argument('--graph-path', nargs=1, type=str, required=False)
+    parser.add_argument('--graph-size', nargs=2, type=int, metavar=("WIDTH", "HEIGHT"), required=False)
     parser.add_argument('--direct', choices=('true', 'false'), default='True', required=False)
     parser.add_argument('--notice', action='store_true', required=False)
 
@@ -300,7 +338,11 @@ def main():
     if args.token:  # -t option
         github_token = ''.join(args.token)
     if args.format:  # -f option
-        format = ''.join(args.format)
+        format = list(args.format)
+    if args.graph_path:
+        graph_path = ''.join(args.graph_path)
+    if args.graph_size:
+        graph_size = args.graph_size
     if args.direct:  # --direct option
         if args.direct == 'true':
             direct = True
@@ -320,7 +362,8 @@ def main():
         sys.exit(0)
 
     run_dependency_scanner(package_manager, input_dir, output_dir, pip_activate_cmd, pip_deactivate_cmd,
-                           output_custom_dir, app_name, github_token, format, direct, path_to_exclude)
+                           output_custom_dir, app_name, github_token, format, direct, path_to_exclude,
+                           graph_path, graph_size)
 
 
 if __name__ == '__main__':

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/src/fosslight_dependency.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-dependency
-Version: 3.15.4
+Version: 3.15.6
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics

{fosslight_dependency-3.15.4 → fosslight_dependency-3.15.6}/src/fosslight_dependency.egg-info/SOURCES.txt

@@ -9,6 +9,7 @@ LICENSES/LicenseRef-3rd_party_licenses.txt
 LICENSES/MIT.txt
 src/fosslight_dependency/__init__.py
 src/fosslight_dependency/_analyze_dependency.py
+src/fosslight_dependency/_graph_convertor.py
 src/fosslight_dependency/_help.py
 src/fosslight_dependency/_package_manager.py
 src/fosslight_dependency/constant.py

fosslight_dependency-3.15.4/requirements.txt → fosslight_dependency-3.15.6/src/fosslight_dependency.egg-info/requires.txt

@@ -4,8 +4,10 @@ lxml
 virtualenv
 pyyaml
 lastversion
-fosslight_util>=1.4.43
+fosslight_util~=1.4.47
 PyGithub
 requirements-parser
 defusedxml
-packageurl-python
+packageurl-python
+igraph
+matplotlib