fosslight-dependency 3.15.5__py3-none-any.whl → 4.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- fosslight_dependency/_analyze_dependency.py +5 -4
- fosslight_dependency/_graph_convertor.py +67 -0
- fosslight_dependency/_help.py +4 -0
- fosslight_dependency/_package_manager.py +2 -13
- fosslight_dependency/dependency_item.py +103 -0
- fosslight_dependency/package_manager/Android.py +20 -20
- fosslight_dependency/package_manager/Carthage.py +18 -17
- fosslight_dependency/package_manager/Cocoapods.py +26 -22
- fosslight_dependency/package_manager/Go.py +37 -37
- fosslight_dependency/package_manager/Gradle.py +25 -24
- fosslight_dependency/package_manager/Helm.py +19 -18
- fosslight_dependency/package_manager/Maven.py +24 -24
- fosslight_dependency/package_manager/Npm.py +31 -26
- fosslight_dependency/package_manager/Nuget.py +31 -28
- fosslight_dependency/package_manager/Pub.py +28 -28
- fosslight_dependency/package_manager/Pypi.py +24 -21
- fosslight_dependency/package_manager/Swift.py +31 -28
- fosslight_dependency/package_manager/Unity.py +25 -24
- fosslight_dependency/run_dependency_scanner.py +44 -31
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/METADATA +4 -2
- fosslight_dependency-4.0.0.dist-info/RECORD +36 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/WHEEL +1 -1
- fosslight_dependency-3.15.5.dist-info/RECORD +0 -34
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/Apache-2.0.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/LICENSE +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/LicenseRef-3rd_party_licenses.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/MIT.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/entry_points.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/top_level.txt +0 -0
|
@@ -28,7 +28,7 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
28
28
|
output_custom_dir='', app_name=const.default_app_name, github_token='', manifest_file_name=[],
|
|
29
29
|
direct=True):
|
|
30
30
|
ret = True
|
|
31
|
-
|
|
31
|
+
package_dep_item_list = []
|
|
32
32
|
cover_comment = ''
|
|
33
33
|
|
|
34
34
|
if package_manager_name == const.PYPI:
|
|
@@ -60,7 +60,7 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
60
60
|
else:
|
|
61
61
|
logger.error(f"Not supported package manager name: {package_manager_name}")
|
|
62
62
|
ret = False
|
|
63
|
-
return ret,
|
|
63
|
+
return ret, package_dep_item_list
|
|
64
64
|
|
|
65
65
|
if manifest_file_name:
|
|
66
66
|
package_manager.set_manifest_file(manifest_file_name)
|
|
@@ -76,7 +76,8 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
76
76
|
logger.info(f"Parse oss information with file: {f_name}")
|
|
77
77
|
|
|
78
78
|
if os.path.isfile(f_name):
|
|
79
|
-
|
|
79
|
+
package_manager.parse_oss_information(f_name)
|
|
80
|
+
package_dep_item_list.extend(package_manager.dep_items)
|
|
80
81
|
else:
|
|
81
82
|
logger.error(f"Failed to open input file: {f_name}")
|
|
82
83
|
ret = False
|
|
@@ -90,4 +91,4 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
90
91
|
|
|
91
92
|
del package_manager
|
|
92
93
|
|
|
93
|
-
return ret,
|
|
94
|
+
return ret, package_dep_item_list, cover_comment
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
#!/usr/bin/env python
|
|
2
|
+
# -*- coding: utf-8 -*-
|
|
3
|
+
# Copyright (c) 2021 LG Electronics Inc.
|
|
4
|
+
# SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
from typing import Optional, Tuple
|
|
6
|
+
import igraph as ig
|
|
7
|
+
import matplotlib.pyplot as plt
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
class GraphConvertor:
|
|
11
|
+
def __init__(self, dep_items: Optional[list] = None):
|
|
12
|
+
self._verticies = {}
|
|
13
|
+
self._edges = []
|
|
14
|
+
if dep_items:
|
|
15
|
+
self.init_list(dep_items)
|
|
16
|
+
|
|
17
|
+
def init_list(self, dep_items: list):
|
|
18
|
+
"""
|
|
19
|
+
Initialize dep_items to self._verticies and self._edges
|
|
20
|
+
|
|
21
|
+
Args:
|
|
22
|
+
dep_items : List containing package information
|
|
23
|
+
"""
|
|
24
|
+
depend_on_package_dict = {}
|
|
25
|
+
for idx, file_item in enumerate(dep_items):
|
|
26
|
+
package_name = file_item.purl
|
|
27
|
+
depend_on_packages = file_item.depends_on
|
|
28
|
+
self._verticies[package_name] = idx
|
|
29
|
+
depend_on_package_dict[package_name] = depend_on_packages
|
|
30
|
+
else:
|
|
31
|
+
for package_name, depend_on_packages in depend_on_package_dict.items():
|
|
32
|
+
if not package_name:
|
|
33
|
+
pass
|
|
34
|
+
else:
|
|
35
|
+
package_idx = self._verticies[package_name]
|
|
36
|
+
for depend_on_package in depend_on_packages:
|
|
37
|
+
if not depend_on_package:
|
|
38
|
+
pass
|
|
39
|
+
else:
|
|
40
|
+
depend_on_package_idx = self._verticies[depend_on_package]
|
|
41
|
+
self._edges.append((package_idx, depend_on_package_idx))
|
|
42
|
+
|
|
43
|
+
def save(self, path: str, size: Tuple[(int, int)]):
|
|
44
|
+
g = ig.Graph((len(self._verticies)), (self._edges), directed=True)
|
|
45
|
+
|
|
46
|
+
g["title"] = "Dependency Graph"
|
|
47
|
+
g.vs["name"] = list(self._verticies.keys())
|
|
48
|
+
|
|
49
|
+
fig, ax = plt.subplots(figsize=(tuple(map((lambda x: x / 100), size))))
|
|
50
|
+
fig.tight_layout()
|
|
51
|
+
|
|
52
|
+
ig.plot(
|
|
53
|
+
g,
|
|
54
|
+
target=ax,
|
|
55
|
+
layout="kk",
|
|
56
|
+
vertex_size=15,
|
|
57
|
+
vertex_color=["#FFD2D2"],
|
|
58
|
+
vertex_label=(g.vs["name"]),
|
|
59
|
+
vertex_label_dist=1.5,
|
|
60
|
+
vertex_label_size=7.0,
|
|
61
|
+
edge_width=0.5,
|
|
62
|
+
edge_color=["#FFD2D2"],
|
|
63
|
+
edge_arrow_size=5,
|
|
64
|
+
edge_arrow_width=5,
|
|
65
|
+
)
|
|
66
|
+
|
|
67
|
+
fig.savefig(path)
|
fosslight_dependency/_help.py
CHANGED
|
@@ -37,6 +37,10 @@ _HELP_MESSAGE_DEPENDENCY = """
|
|
|
37
37
|
\t\t\t\t\t(If you want to generate the specific file name, add the output path with file name.)
|
|
38
38
|
-f <format> [<format> ...]\t Output formats (excel, csv, opossum, yaml, spdx-tag, spdx-yaml, spdx-json, spdx-xml)
|
|
39
39
|
\t\t\t\t Multiple formats can be specified separated by space.
|
|
40
|
+
--graph-path <save_path> \t Enter the path where the graph image will be saved
|
|
41
|
+
\t\t\t\t\t(ex. /your/directory/path/filename.{pdf, jpg, png}) (recommend pdf extension)
|
|
42
|
+
--graph-size <width> <height> Enter the size of the graph image (The size unit is pixels)
|
|
43
|
+
\t\t\t\t\t--graph-path option is required
|
|
40
44
|
--direct\t\t\t Print the direct/transitive dependency type in comment.
|
|
41
45
|
\t\tChoice 'True' or 'False'. (default:True)
|
|
42
46
|
--notice\t\t\t Print the open source license notice text.
|
|
@@ -49,8 +49,8 @@ class PackageManager:
|
|
|
49
49
|
self.manifest_file_name = []
|
|
50
50
|
self.relation_tree = {}
|
|
51
51
|
self.package_name = ''
|
|
52
|
-
self.purl_dict = {}
|
|
53
52
|
self.cover_comment = ''
|
|
53
|
+
self.dep_items = []
|
|
54
54
|
|
|
55
55
|
self.platform = platform.system()
|
|
56
56
|
self.license_scanner_bin = check_license_scanner(self.platform)
|
|
@@ -67,6 +67,7 @@ class PackageManager:
|
|
|
67
67
|
self.manifest_file_name = []
|
|
68
68
|
self.relation_tree = {}
|
|
69
69
|
self.package_name = ''
|
|
70
|
+
self.dep_items = []
|
|
70
71
|
|
|
71
72
|
def run_plugin(self):
|
|
72
73
|
ret = True
|
|
@@ -257,18 +258,6 @@ class PackageManager:
|
|
|
257
258
|
except Exception as e:
|
|
258
259
|
logger.warning(f'Fail to parse gradle dependency tree:{e}')
|
|
259
260
|
|
|
260
|
-
def change_dep_to_purl(self, sheet_list):
|
|
261
|
-
for oss_item in sheet_list:
|
|
262
|
-
try:
|
|
263
|
-
if len(oss_item) < 10:
|
|
264
|
-
break
|
|
265
|
-
deps_list = oss_item[9]
|
|
266
|
-
deps_purl = list(filter(None, map(lambda x: self.purl_dict.get(x, ''), deps_list)))
|
|
267
|
-
oss_item[9] = ','.join(deps_purl)
|
|
268
|
-
except Exception as e:
|
|
269
|
-
logger.warning(f'Fail to change depend_on to purl:{e}')
|
|
270
|
-
return sheet_list
|
|
271
|
-
|
|
272
261
|
|
|
273
262
|
def get_url_to_purl(url, pkg_manager, oss_name='', oss_version=''):
|
|
274
263
|
purl_prefix = f'pkg:{pkg_manager}'
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
#!/usr/bin/env python
|
|
2
|
+
# -*- coding: utf-8 -*-
|
|
3
|
+
# Copyright (c) 2024 LG Electronics Inc.
|
|
4
|
+
# SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
|
|
6
|
+
import logging
|
|
7
|
+
from fosslight_util.constant import LOGGER_NAME
|
|
8
|
+
from fosslight_util.oss_item import FileItem
|
|
9
|
+
|
|
10
|
+
_logger = logging.getLogger(LOGGER_NAME)
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
class DependencyItem(FileItem):
|
|
14
|
+
def __init__(self):
|
|
15
|
+
super().__init__("")
|
|
16
|
+
|
|
17
|
+
self._depends_on_raw = [] # name(version) format
|
|
18
|
+
self._depends_on = [] # purl format
|
|
19
|
+
self.purl = ""
|
|
20
|
+
|
|
21
|
+
def __del__(self):
|
|
22
|
+
pass
|
|
23
|
+
|
|
24
|
+
@property
|
|
25
|
+
def depends_on(self):
|
|
26
|
+
return self._depends_on
|
|
27
|
+
|
|
28
|
+
@depends_on.setter
|
|
29
|
+
def depends_on(self, value):
|
|
30
|
+
if not value:
|
|
31
|
+
self._depends_on = []
|
|
32
|
+
else:
|
|
33
|
+
if not isinstance(value, list):
|
|
34
|
+
value = value.split(",")
|
|
35
|
+
self._depends_on.extend(value)
|
|
36
|
+
self._depends_on = [item.strip() for item in self._depends_on]
|
|
37
|
+
self._depends_on = list(set(self._depends_on))
|
|
38
|
+
|
|
39
|
+
@property
|
|
40
|
+
def depends_on_raw(self):
|
|
41
|
+
return self._depends_on_raw
|
|
42
|
+
|
|
43
|
+
@depends_on_raw.setter
|
|
44
|
+
def depends_on_raw(self, value):
|
|
45
|
+
if not value:
|
|
46
|
+
self._depends_on_raw = []
|
|
47
|
+
else:
|
|
48
|
+
if not isinstance(value, list):
|
|
49
|
+
value = value.split(",")
|
|
50
|
+
self._depends_on_raw.extend(value)
|
|
51
|
+
self._depends_on_raw = [item.strip() for item in self._depends_on_raw]
|
|
52
|
+
self._depends_on_raw = list(set(self._depends_on_raw))
|
|
53
|
+
|
|
54
|
+
def get_print_array(self):
|
|
55
|
+
items = []
|
|
56
|
+
for oss in self.oss_items:
|
|
57
|
+
exclude = "Exclude" if self.exclude or oss.exclude else ""
|
|
58
|
+
lic = ",".join(oss.license)
|
|
59
|
+
depends_on = ",".join(self.depends_on) if len(self.depends_on) > 0 else ""
|
|
60
|
+
|
|
61
|
+
oss_item = [self.purl, oss.name, oss.version, lic, oss.download_location, oss.homepage,
|
|
62
|
+
oss.copyright, exclude, oss.comment, depends_on]
|
|
63
|
+
items.append(oss_item)
|
|
64
|
+
|
|
65
|
+
return items
|
|
66
|
+
|
|
67
|
+
def get_print_json(self):
|
|
68
|
+
items = []
|
|
69
|
+
for oss in self.oss_items:
|
|
70
|
+
json_item = {}
|
|
71
|
+
json_item["name"] = oss.name
|
|
72
|
+
json_item["version"] = oss.version
|
|
73
|
+
|
|
74
|
+
if self.purl != "":
|
|
75
|
+
json_item["package url"] = self.purl
|
|
76
|
+
if len(oss.license) > 0:
|
|
77
|
+
json_item["license"] = oss.license
|
|
78
|
+
if oss.download_location != "":
|
|
79
|
+
json_item["download location"] = oss.download_location
|
|
80
|
+
if oss.homepage != "":
|
|
81
|
+
json_item["homepage"] = oss.homepage
|
|
82
|
+
if oss.copyright != "":
|
|
83
|
+
json_item["copyright text"] = oss.copyright
|
|
84
|
+
if self.exclude or oss.exclude:
|
|
85
|
+
json_item["exclude"] = True
|
|
86
|
+
if oss.comment != "":
|
|
87
|
+
json_item["comment"] = oss.comment
|
|
88
|
+
if len(self.depends_on) > 0:
|
|
89
|
+
json_item["depends on"] = self.depends_on
|
|
90
|
+
|
|
91
|
+
items.append(json_item)
|
|
92
|
+
|
|
93
|
+
return items
|
|
94
|
+
|
|
95
|
+
|
|
96
|
+
def change_dependson_to_purl(purl_dict, dep_items):
|
|
97
|
+
for dep_item in dep_items:
|
|
98
|
+
try:
|
|
99
|
+
dep_item.depends_on = list(filter(None, map(lambda x: purl_dict.get(x, ''), dep_item.depends_on_raw)))
|
|
100
|
+
|
|
101
|
+
except Exception as e:
|
|
102
|
+
_logger.warning(f'Fail to change depend_on to purl:{e}')
|
|
103
|
+
return dep_items
|
|
@@ -8,6 +8,8 @@ import logging
|
|
|
8
8
|
import fosslight_util.constant as constant
|
|
9
9
|
import fosslight_dependency.constant as const
|
|
10
10
|
from fosslight_dependency._package_manager import PackageManager, get_url_to_purl
|
|
11
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
12
|
+
from fosslight_util.oss_item import OssItem
|
|
11
13
|
|
|
12
14
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
13
15
|
|
|
@@ -40,43 +42,41 @@ class Android(PackageManager):
|
|
|
40
42
|
|
|
41
43
|
def parse_oss_information(self, f_name):
|
|
42
44
|
with open(f_name, 'r', encoding='utf8') as input_fp:
|
|
43
|
-
|
|
44
|
-
|
|
45
|
+
purl_dict = {}
|
|
45
46
|
for i, line in enumerate(input_fp.readlines()):
|
|
46
|
-
|
|
47
|
+
dep_item = DependencyItem()
|
|
48
|
+
oss_item = OssItem()
|
|
47
49
|
split_str = line.strip().split("\t")
|
|
48
50
|
if i < 2:
|
|
49
51
|
continue
|
|
50
52
|
|
|
51
|
-
if len(split_str) == 9:
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
idx, manifest_file, oss_name, oss_version, license_name, dn_loc, homepage = split_str
|
|
53
|
+
if len(split_str) == 9 or len(split_str) == 7:
|
|
54
|
+
_, _, oss_item.name, oss_item.version, oss_item.license, \
|
|
55
|
+
oss_item.download_location, oss_item.homepage = split_str[:7]
|
|
55
56
|
else:
|
|
56
57
|
continue
|
|
57
|
-
purl = get_url_to_purl(
|
|
58
|
-
|
|
58
|
+
dep_item.purl = get_url_to_purl(oss_item.download_location, 'maven')
|
|
59
|
+
purl_dict[f'{oss_item.name}({oss_item.version})'] = dep_item.purl
|
|
59
60
|
|
|
60
|
-
comment_list = []
|
|
61
|
-
deps_list = []
|
|
62
61
|
if self.direct_dep:
|
|
63
|
-
dep_key = f"{
|
|
62
|
+
dep_key = f"{oss_item.name}({oss_item.version})"
|
|
64
63
|
if self.total_dep_list:
|
|
65
64
|
if dep_key not in self.total_dep_list:
|
|
66
65
|
continue
|
|
67
66
|
if dep_key in self.direct_dep_list:
|
|
68
|
-
|
|
67
|
+
oss_item.comment = 'direct'
|
|
69
68
|
else:
|
|
70
|
-
|
|
69
|
+
oss_item.comment = 'transitive'
|
|
71
70
|
try:
|
|
72
71
|
if dep_key in self.relation_tree:
|
|
73
|
-
|
|
72
|
+
dep_item.depends_on_raw = self.relation_tree[dep_key]
|
|
74
73
|
except Exception as e:
|
|
75
74
|
logger.error(f"Fail to find oss scope in dependency tree: {e}")
|
|
76
|
-
comment = ','.join(comment_list)
|
|
77
75
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
76
|
+
dep_item.oss_items.append(oss_item)
|
|
77
|
+
self.dep_items.append(dep_item)
|
|
78
|
+
|
|
79
|
+
if self.direct_dep:
|
|
80
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
81
81
|
|
|
82
|
-
return
|
|
82
|
+
return
|
|
@@ -11,6 +11,8 @@ import fosslight_dependency.constant as const
|
|
|
11
11
|
from fosslight_dependency._package_manager import PackageManager
|
|
12
12
|
from fosslight_dependency._package_manager import connect_github, get_github_license, check_and_run_license_scanner
|
|
13
13
|
from fosslight_dependency._package_manager import get_url_to_purl
|
|
14
|
+
from fosslight_dependency.dependency_item import DependencyItem
|
|
15
|
+
from fosslight_util.oss_item import OssItem
|
|
14
16
|
|
|
15
17
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
16
18
|
|
|
@@ -35,9 +37,8 @@ class Carthage(PackageManager):
|
|
|
35
37
|
def parse_oss_information(self, f_name):
|
|
36
38
|
github = "github"
|
|
37
39
|
checkout_dir_list = get_checkout_dirname()
|
|
38
|
-
|
|
40
|
+
|
|
39
41
|
with open(f_name, 'r', encoding='utf8') as input_fp:
|
|
40
|
-
sheet_list = []
|
|
41
42
|
g = ''
|
|
42
43
|
if not checkout_dir_list:
|
|
43
44
|
g = connect_github(self.github_token)
|
|
@@ -47,21 +48,24 @@ class Carthage(PackageManager):
|
|
|
47
48
|
# Ref. https://github.com/Carthage/Carthage/blob/master/Documentation/Artifacts.md
|
|
48
49
|
re_result = re.findall(r'(github|git)[\s]\"(\S*)\"[\s]\"(\S*)\"', line)
|
|
49
50
|
try:
|
|
51
|
+
dep_item = DependencyItem()
|
|
52
|
+
oss_item = OssItem()
|
|
50
53
|
repo = re_result[0][0]
|
|
51
54
|
oss_path = re_result[0][1]
|
|
52
55
|
if oss_path.endswith('.git'):
|
|
53
56
|
oss_path = oss_path[:-4]
|
|
54
57
|
oss_origin_name = oss_path.split('/')[-1]
|
|
55
|
-
|
|
58
|
+
oss_item.name = self.package_manager_name + ":" + oss_origin_name
|
|
56
59
|
|
|
57
60
|
if repo == github:
|
|
58
|
-
homepage = self.dn_url + oss_path
|
|
61
|
+
oss_item.homepage = self.dn_url + oss_path
|
|
59
62
|
else:
|
|
60
|
-
homepage = oss_path
|
|
61
|
-
|
|
62
|
-
|
|
63
|
+
oss_item.homepage = oss_path
|
|
64
|
+
oss_item.download_location = oss_item.homepage
|
|
65
|
+
oss_item.version = re_result[0][2]
|
|
63
66
|
|
|
64
|
-
purl = get_url_to_purl(homepage, self.package_manager_name,
|
|
67
|
+
dep_item.purl = get_url_to_purl(oss_item.homepage, self.package_manager_name,
|
|
68
|
+
oss_origin_name, oss_item.version)
|
|
65
69
|
|
|
66
70
|
license_name = ''
|
|
67
71
|
find_license = False
|
|
@@ -89,20 +93,17 @@ class Carthage(PackageManager):
|
|
|
89
93
|
except Exception as e:
|
|
90
94
|
logger.warning(f"Failed to get license with github api: {e}")
|
|
91
95
|
license_name == ''
|
|
92
|
-
|
|
96
|
+
oss_item.license = license_name
|
|
93
97
|
if self.direct_dep_list:
|
|
94
98
|
if oss_origin_name in self.direct_dep_list:
|
|
95
|
-
comment = 'direct'
|
|
99
|
+
oss_item.comment = 'direct'
|
|
96
100
|
else:
|
|
97
|
-
comment = 'transitive'
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
'', '', comment, ''])
|
|
101
|
-
|
|
101
|
+
oss_item.comment = 'transitive'
|
|
102
|
+
dep_item.oss_items.append(oss_item)
|
|
103
|
+
self.dep_items.append(dep_item)
|
|
102
104
|
except Exception as e:
|
|
103
105
|
logger.warning(f"Failed to parse oss information: {e}")
|
|
104
|
-
|
|
105
|
-
return sheet_list
|
|
106
|
+
return
|
|
106
107
|
|
|
107
108
|
def parse_direct_dependencies(self):
|
|
108
109
|
self.direct_dep = True
|
|
@@ -11,6 +11,8 @@ import re
|
|
|
11
11
|
import fosslight_util.constant as constant
|
|
12
12
|
import fosslight_dependency.constant as const
|
|
13
13
|
from fosslight_dependency._package_manager import PackageManager, get_url_to_purl
|
|
14
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
15
|
+
from fosslight_util.oss_item import OssItem
|
|
14
16
|
|
|
15
17
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
16
18
|
|
|
@@ -36,7 +38,6 @@ class Cocoapods(PackageManager):
|
|
|
36
38
|
|
|
37
39
|
spec_repo_list = []
|
|
38
40
|
external_source_list = []
|
|
39
|
-
comment = ''
|
|
40
41
|
|
|
41
42
|
if _spec_repos in podfile_yaml:
|
|
42
43
|
for spec_item_key in podfile_yaml[_spec_repos]:
|
|
@@ -81,26 +82,26 @@ class Cocoapods(PackageManager):
|
|
|
81
82
|
if rel_key in self.relation_tree:
|
|
82
83
|
self.relation_tree[rel_key] = []
|
|
83
84
|
|
|
84
|
-
|
|
85
|
+
purl_dict = {}
|
|
85
86
|
for pod_oss_name_origin, pod_oss_version in pod_item_list.items():
|
|
87
|
+
dep_item = DependencyItem()
|
|
88
|
+
oss_item = OssItem()
|
|
86
89
|
try:
|
|
87
|
-
comment_list = []
|
|
88
|
-
deps_list = []
|
|
89
90
|
if self.direct_dep and (len(self.direct_dep_list) > 0):
|
|
90
91
|
if pod_oss_name_origin in self.direct_dep_list:
|
|
91
|
-
|
|
92
|
+
oss_item.comment = 'direct'
|
|
92
93
|
else:
|
|
93
|
-
|
|
94
|
-
if f'{pod_oss_name_origin}({
|
|
95
|
-
|
|
96
|
-
comment = ','.join(comment_list)
|
|
94
|
+
oss_item.comment = 'transitive'
|
|
95
|
+
if f'{pod_oss_name_origin}({pod_oss_version})' in self.relation_tree:
|
|
96
|
+
dep_item.depends_on_raw = self.relation_tree[f'{pod_oss_name_origin}({pod_oss_version})']
|
|
97
97
|
|
|
98
|
-
|
|
98
|
+
oss_item.name = f'{self.package_manager_name}:{pod_oss_name_origin}'
|
|
99
99
|
pod_oss_name = pod_oss_name_origin
|
|
100
|
+
oss_item.version = pod_oss_version
|
|
100
101
|
if '/' in pod_oss_name_origin:
|
|
101
102
|
pod_oss_name = pod_oss_name_origin.split('/')[0]
|
|
102
103
|
if pod_oss_name in external_source_list:
|
|
103
|
-
|
|
104
|
+
oss_item.name = pod_oss_name_origin
|
|
104
105
|
podspec_filename = pod_oss_name + '.podspec.json'
|
|
105
106
|
spec_file_path = os.path.join("Pods", "Local Podspecs", podspec_filename)
|
|
106
107
|
else:
|
|
@@ -122,24 +123,27 @@ class Cocoapods(PackageManager):
|
|
|
122
123
|
file_path_without_version = os.path.join(os.sep, *file_path[:-2])
|
|
123
124
|
else:
|
|
124
125
|
file_path_without_version = os.path.join(*file_path[:-2])
|
|
125
|
-
spec_file_path = os.path.join(file_path_without_version,
|
|
126
|
+
spec_file_path = os.path.join(file_path_without_version, oss_item.version, file_path[-1])
|
|
126
127
|
|
|
127
|
-
oss_name, oss_version,
|
|
128
|
-
|
|
129
|
-
self.
|
|
128
|
+
oss_name, oss_version, oss_item.license, oss_item.download_location, \
|
|
129
|
+
oss_item.homepage = self.get_oss_in_podspec(spec_file_path)
|
|
130
|
+
dep_item.purl = get_url_to_purl(oss_item.homepage, self.package_manager_name, pod_oss_name_origin, oss_version)
|
|
131
|
+
purl_dict[f'{pod_oss_name_origin}({oss_version})'] = dep_item.purl
|
|
130
132
|
if pod_oss_name in external_source_list:
|
|
131
|
-
homepage =
|
|
133
|
+
oss_item.homepage = ''
|
|
132
134
|
if oss_name == '':
|
|
133
135
|
continue
|
|
134
|
-
if
|
|
135
|
-
logger.warning(f'{pod_oss_name_origin} has different version({
|
|
136
|
+
if oss_item.version != oss_version:
|
|
137
|
+
logger.warning(f'{pod_oss_name_origin} has different version({oss_item.version})\
|
|
136
138
|
with spec version({oss_version})')
|
|
137
|
-
|
|
138
|
-
|
|
139
|
+
dep_item.oss_items.append(oss_item)
|
|
140
|
+
self.dep_items.append(dep_item)
|
|
139
141
|
except Exception as e:
|
|
140
142
|
logger.warning(f"Fail to get {pod_oss_name_origin}:{e}")
|
|
141
|
-
|
|
142
|
-
|
|
143
|
+
if self.direct_dep:
|
|
144
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
145
|
+
|
|
146
|
+
return
|
|
143
147
|
|
|
144
148
|
def get_oss_in_podspec(self, spec_file_path):
|
|
145
149
|
oss_name = ''
|
|
@@ -14,6 +14,8 @@ import shutil
|
|
|
14
14
|
import fosslight_util.constant as constant
|
|
15
15
|
import fosslight_dependency.constant as const
|
|
16
16
|
from fosslight_dependency._package_manager import PackageManager, get_url_to_purl
|
|
17
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
18
|
+
from fosslight_util.oss_item import OssItem
|
|
17
19
|
|
|
18
20
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
19
21
|
|
|
@@ -78,7 +80,7 @@ class Go(PackageManager):
|
|
|
78
80
|
|
|
79
81
|
def parse_oss_information(self, f_name):
|
|
80
82
|
indirect = 'Indirect'
|
|
81
|
-
|
|
83
|
+
purl_dict = {}
|
|
82
84
|
json_list = []
|
|
83
85
|
with open(f_name, 'r', encoding='utf8') as input_fp:
|
|
84
86
|
json_data_raw = ''
|
|
@@ -88,52 +90,51 @@ class Go(PackageManager):
|
|
|
88
90
|
json_list.append(json.loads(json_data_raw))
|
|
89
91
|
json_data_raw = ''
|
|
90
92
|
|
|
91
|
-
for
|
|
93
|
+
for dep_i in json_list:
|
|
94
|
+
dep_item = DependencyItem()
|
|
95
|
+
oss_item = OssItem()
|
|
92
96
|
try:
|
|
93
|
-
if 'Main' in
|
|
94
|
-
if
|
|
97
|
+
if 'Main' in dep_i:
|
|
98
|
+
if dep_i['Main']:
|
|
95
99
|
continue
|
|
96
|
-
package_path =
|
|
97
|
-
|
|
98
|
-
oss_origin_version =
|
|
100
|
+
package_path = dep_i['Path']
|
|
101
|
+
oss_item.name = f"{self.package_manager_name}:{package_path}"
|
|
102
|
+
oss_origin_version = dep_i['Version']
|
|
99
103
|
if oss_origin_version.startswith('v'):
|
|
100
|
-
|
|
104
|
+
oss_item.version = oss_origin_version[1:]
|
|
105
|
+
else:
|
|
106
|
+
oss_item.version = oss_origin_version
|
|
101
107
|
|
|
102
|
-
comment_list = []
|
|
103
|
-
deps_list = []
|
|
104
108
|
if self.direct_dep:
|
|
105
|
-
if indirect in
|
|
106
|
-
if
|
|
107
|
-
|
|
109
|
+
if indirect in dep_i:
|
|
110
|
+
if dep_i[indirect]:
|
|
111
|
+
oss_item.comment = 'transitive'
|
|
108
112
|
else:
|
|
109
|
-
|
|
113
|
+
oss_item.comment = 'direct'
|
|
110
114
|
else:
|
|
111
|
-
|
|
115
|
+
oss_item.comment = 'direct'
|
|
112
116
|
|
|
113
|
-
if f'{package_path}({
|
|
114
|
-
|
|
117
|
+
if f'{package_path}({oss_item.version})' in self.relation_tree:
|
|
118
|
+
dep_item.depends_on_raw = self.relation_tree[f'{package_path}({oss_item.version})']
|
|
115
119
|
|
|
116
120
|
homepage_set = []
|
|
117
|
-
homepage = self.dn_url + package_path
|
|
118
|
-
purl = get_url_to_purl(f"{homepage}@{
|
|
119
|
-
|
|
121
|
+
oss_item.homepage = self.dn_url + package_path
|
|
122
|
+
dep_item.purl = get_url_to_purl(f"{oss_item.homepage}@{oss_item.version}", self.package_manager_name)
|
|
123
|
+
purl_dict[f'{package_path}({oss_item.version})'] = dep_item.purl
|
|
120
124
|
|
|
121
125
|
if oss_origin_version:
|
|
122
|
-
tmp_homepage = f"{homepage}@{oss_origin_version}"
|
|
126
|
+
tmp_homepage = f"{oss_item.homepage}@{oss_origin_version}"
|
|
123
127
|
homepage_set.append(tmp_homepage)
|
|
124
|
-
homepage_set.append(homepage)
|
|
125
|
-
|
|
126
|
-
license_name = ''
|
|
127
|
-
dn_loc = ''
|
|
128
|
+
homepage_set.append(oss_item.homepage)
|
|
128
129
|
|
|
129
130
|
for homepage_i in homepage_set:
|
|
130
131
|
try:
|
|
131
132
|
res = urllib.request.urlopen(homepage_i)
|
|
132
133
|
if res.getcode() == 200:
|
|
133
134
|
urlopen_success = True
|
|
134
|
-
if homepage_i == homepage:
|
|
135
|
-
if
|
|
136
|
-
|
|
135
|
+
if homepage_i == oss_item.homepage:
|
|
136
|
+
if oss_item.version:
|
|
137
|
+
oss_item.comment = f'Cannot connect {tmp_homepage}, get info from the latest version.'
|
|
137
138
|
break
|
|
138
139
|
except Exception:
|
|
139
140
|
continue
|
|
@@ -144,20 +145,19 @@ class Go(PackageManager):
|
|
|
144
145
|
|
|
145
146
|
license_data = bs_obj.find('a', {'data-test-id': 'UnitHeader-license'})
|
|
146
147
|
if license_data:
|
|
147
|
-
|
|
148
|
+
oss_item.license = license_data.text
|
|
148
149
|
|
|
149
150
|
repository_data = bs_obj.find('div', {'class': 'UnitMeta-repo'})
|
|
150
151
|
if repository_data:
|
|
151
|
-
|
|
152
|
+
oss_item.download_location = repository_data.find('a')['href']
|
|
152
153
|
else:
|
|
153
|
-
|
|
154
|
+
oss_item.download_location = oss_item.homepage
|
|
154
155
|
|
|
155
156
|
except Exception as e:
|
|
156
157
|
logging.warning(f"Fail to parse {package_path} in go mod : {e}")
|
|
157
158
|
continue
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
return sheet_list
|
|
159
|
+
dep_item.oss_items.append(oss_item)
|
|
160
|
+
self.dep_items.append(dep_item)
|
|
161
|
+
if self.direct_dep:
|
|
162
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
163
|
+
return
|