fosslight-dependency 3.15.5__py3-none-any.whl → 4.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- fosslight_dependency/_analyze_dependency.py +5 -4
- fosslight_dependency/_graph_convertor.py +67 -0
- fosslight_dependency/_help.py +4 -0
- fosslight_dependency/_package_manager.py +2 -13
- fosslight_dependency/dependency_item.py +103 -0
- fosslight_dependency/package_manager/Android.py +20 -20
- fosslight_dependency/package_manager/Carthage.py +18 -17
- fosslight_dependency/package_manager/Cocoapods.py +26 -22
- fosslight_dependency/package_manager/Go.py +37 -37
- fosslight_dependency/package_manager/Gradle.py +25 -24
- fosslight_dependency/package_manager/Helm.py +19 -18
- fosslight_dependency/package_manager/Maven.py +24 -24
- fosslight_dependency/package_manager/Npm.py +31 -26
- fosslight_dependency/package_manager/Nuget.py +31 -28
- fosslight_dependency/package_manager/Pub.py +28 -28
- fosslight_dependency/package_manager/Pypi.py +24 -21
- fosslight_dependency/package_manager/Swift.py +31 -28
- fosslight_dependency/package_manager/Unity.py +25 -24
- fosslight_dependency/run_dependency_scanner.py +44 -31
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/METADATA +4 -2
- fosslight_dependency-4.0.0.dist-info/RECORD +36 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/WHEEL +1 -1
- fosslight_dependency-3.15.5.dist-info/RECORD +0 -34
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/Apache-2.0.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/LICENSE +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/LicenseRef-3rd_party_licenses.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/MIT.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/entry_points.txt +0 -0
- {fosslight_dependency-3.15.5.dist-info → fosslight_dependency-4.0.0.dist-info}/top_level.txt +0 -0
|
@@ -10,6 +10,8 @@ import fosslight_util.constant as constant
|
|
|
10
10
|
import fosslight_dependency.constant as const
|
|
11
11
|
from fosslight_dependency._package_manager import PackageManager
|
|
12
12
|
from fosslight_dependency._package_manager import version_refine, get_url_to_purl
|
|
13
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
14
|
+
from fosslight_util.oss_item import OssItem
|
|
13
15
|
|
|
14
16
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
15
17
|
|
|
@@ -33,10 +35,11 @@ class Gradle(PackageManager):
|
|
|
33
35
|
with open(f_name, 'r', encoding='utf8') as json_file:
|
|
34
36
|
json_data = json.load(json_file)
|
|
35
37
|
|
|
36
|
-
|
|
38
|
+
purl_dict = {}
|
|
37
39
|
|
|
38
40
|
for d in json_data['dependencies']:
|
|
39
|
-
|
|
41
|
+
dep_item = DependencyItem()
|
|
42
|
+
oss_item = OssItem()
|
|
40
43
|
used_filename = False
|
|
41
44
|
group_id = ""
|
|
42
45
|
artifact_id = ""
|
|
@@ -50,51 +53,49 @@ class Gradle(PackageManager):
|
|
|
50
53
|
else:
|
|
51
54
|
oss_name, oss_ini_version = parse_oss_name_version_in_filename(filename)
|
|
52
55
|
used_filename = True
|
|
53
|
-
|
|
54
|
-
dep_key = f"{
|
|
56
|
+
oss_item.name = oss_name
|
|
57
|
+
dep_key = f"{oss_item.name}({oss_ini_version})"
|
|
55
58
|
if self.total_dep_list:
|
|
56
59
|
if dep_key not in self.total_dep_list:
|
|
57
60
|
continue
|
|
58
61
|
|
|
59
|
-
|
|
62
|
+
oss_item.version = version_refine(oss_ini_version)
|
|
60
63
|
|
|
61
|
-
license_names = []
|
|
62
|
-
purl = ''
|
|
63
64
|
try:
|
|
65
|
+
license_names = []
|
|
64
66
|
for licenses in d['licenses']:
|
|
65
67
|
if licenses['name'] != '':
|
|
66
68
|
license_names.append(licenses['name'].replace(",", ""))
|
|
67
|
-
|
|
69
|
+
oss_item.license = ', '.join(license_names)
|
|
68
70
|
except Exception:
|
|
69
71
|
logger.info("Cannot find the license name")
|
|
70
72
|
|
|
71
73
|
if used_filename or group_id == "":
|
|
72
|
-
|
|
73
|
-
homepage = ''
|
|
74
|
+
oss_item.download_location = 'Unknown'
|
|
74
75
|
else:
|
|
75
|
-
|
|
76
|
-
homepage = f"{self.dn_url}{group_id}/{artifact_id}"
|
|
77
|
-
purl = get_url_to_purl(
|
|
78
|
-
|
|
76
|
+
oss_item.download_location = f"{self.dn_url}{group_id}/{artifact_id}/{oss_ini_version}"
|
|
77
|
+
oss_item.homepage = f"{self.dn_url}{group_id}/{artifact_id}"
|
|
78
|
+
dep_item.purl = get_url_to_purl(oss_item.download_location, 'maven')
|
|
79
|
+
purl_dict[f'{oss_item.name}({oss_ini_version})'] = dep_item.purl
|
|
79
80
|
|
|
80
|
-
comment_list = []
|
|
81
|
-
deps_list = []
|
|
82
81
|
if self.direct_dep:
|
|
83
82
|
if len(self.direct_dep_list) > 0:
|
|
84
83
|
if dep_key in self.direct_dep_list:
|
|
85
|
-
|
|
84
|
+
oss_item.comment = 'direct'
|
|
86
85
|
else:
|
|
87
|
-
|
|
86
|
+
oss_item.comment = 'transitive'
|
|
88
87
|
try:
|
|
89
88
|
if dep_key in self.relation_tree:
|
|
90
|
-
|
|
89
|
+
dep_item.depends_on_raw = self.relation_tree[dep_key]
|
|
91
90
|
except Exception as e:
|
|
92
91
|
logger.error(f"Fail to find oss scope in dependency tree: {e}")
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
92
|
+
|
|
93
|
+
dep_item.oss_items.append(oss_item)
|
|
94
|
+
self.dep_items.append(dep_item)
|
|
95
|
+
|
|
96
|
+
if self.direct_dep:
|
|
97
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
98
|
+
return
|
|
98
99
|
|
|
99
100
|
|
|
100
101
|
def parse_oss_name_version_in_filename(name):
|
|
@@ -12,6 +12,8 @@ import fosslight_util.constant as constant
|
|
|
12
12
|
import fosslight_dependency.constant as const
|
|
13
13
|
from fosslight_dependency._package_manager import PackageManager, get_url_to_purl
|
|
14
14
|
from fosslight_util.download import extract_compressed_dir
|
|
15
|
+
from fosslight_dependency.dependency_item import DependencyItem
|
|
16
|
+
from fosslight_util.oss_item import OssItem
|
|
15
17
|
|
|
16
18
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
17
19
|
|
|
@@ -62,7 +64,6 @@ class Helm(PackageManager):
|
|
|
62
64
|
|
|
63
65
|
def parse_oss_information(self, f_name):
|
|
64
66
|
dep_item_list = []
|
|
65
|
-
sheet_list = []
|
|
66
67
|
_dependencies = 'dependencies'
|
|
67
68
|
|
|
68
69
|
with open(f_name, 'r', encoding='utf8') as yaml_fp:
|
|
@@ -73,33 +74,33 @@ class Helm(PackageManager):
|
|
|
73
74
|
for dep in dep_item_list:
|
|
74
75
|
try:
|
|
75
76
|
f_path = os.path.join(self.tmp_charts_dir, dep, f_name)
|
|
76
|
-
|
|
77
|
+
dep_item = DependencyItem()
|
|
78
|
+
oss_item = OssItem()
|
|
77
79
|
with open(f_path, 'r', encoding='utf8') as yaml_fp:
|
|
78
80
|
yaml_f = yaml.safe_load(yaml_fp)
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
if
|
|
82
|
-
|
|
81
|
+
oss_item.name = f'{self.package_manager_name}:{yaml_f["name"]}'
|
|
82
|
+
oss_item.version = yaml_f.get('version', '')
|
|
83
|
+
if oss_item.version.startswith('v'):
|
|
84
|
+
oss_item.version = oss_item.version[1:]
|
|
83
85
|
|
|
84
|
-
homepage = yaml_f.get('home', '')
|
|
85
|
-
dn_loc = ''
|
|
86
|
+
oss_item.homepage = yaml_f.get('home', '')
|
|
86
87
|
if yaml_f.get('sources', '') != '':
|
|
87
|
-
|
|
88
|
+
oss_item.download_location = yaml_f.get('sources', '')[0]
|
|
88
89
|
|
|
89
|
-
purl = get_url_to_purl(
|
|
90
|
+
dep_item.purl = get_url_to_purl(
|
|
91
|
+
oss_item.download_location if oss_item.download_location else oss_item.homepage,
|
|
92
|
+
self.package_manager_name
|
|
93
|
+
)
|
|
90
94
|
|
|
91
|
-
license_name = ''
|
|
92
95
|
if yaml_f.get('annotations', '') != '':
|
|
93
|
-
|
|
96
|
+
oss_item.license = yaml_f['annotations'].get('licenses', '')
|
|
94
97
|
|
|
95
98
|
if self.direct_dep:
|
|
96
|
-
comment = 'direct'
|
|
99
|
+
oss_item.comment = 'direct'
|
|
97
100
|
|
|
98
101
|
except Exception as e:
|
|
99
102
|
logging.warning(f"Fail to parse chart info {dep}: {e}")
|
|
100
103
|
continue
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
return sheet_list
|
|
104
|
+
dep_item.oss_items.append(oss_item)
|
|
105
|
+
self.dep_items.append(dep_item)
|
|
106
|
+
return
|
|
@@ -14,6 +14,8 @@ import fosslight_util.constant as constant
|
|
|
14
14
|
import fosslight_dependency.constant as const
|
|
15
15
|
from fosslight_dependency._package_manager import PackageManager
|
|
16
16
|
from fosslight_dependency._package_manager import version_refine, get_url_to_purl
|
|
17
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
18
|
+
from fosslight_util.oss_item import OssItem
|
|
17
19
|
|
|
18
20
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
19
21
|
|
|
@@ -212,21 +214,21 @@ class Maven(PackageManager):
|
|
|
212
214
|
|
|
213
215
|
root = tree.getroot()
|
|
214
216
|
dependencies = root.find("dependencies")
|
|
215
|
-
|
|
216
|
-
sheet_list = []
|
|
217
|
-
comment = ''
|
|
217
|
+
purl_dict = {}
|
|
218
218
|
|
|
219
219
|
for d in dependencies.iter("dependency"):
|
|
220
|
+
dep_item = DependencyItem()
|
|
221
|
+
oss_item = OssItem()
|
|
220
222
|
groupid = d.findtext("groupId")
|
|
221
223
|
artifactid = d.findtext("artifactId")
|
|
222
224
|
version = d.findtext("version")
|
|
223
|
-
|
|
225
|
+
oss_item.version = version_refine(version)
|
|
224
226
|
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
homepage = f"{self.dn_url}{groupid}/{artifactid}"
|
|
228
|
-
purl = get_url_to_purl(
|
|
229
|
-
|
|
227
|
+
oss_item.name = f"{groupid}:{artifactid}"
|
|
228
|
+
oss_item.download_location = f"{self.dn_url}{groupid}/{artifactid}/{version}"
|
|
229
|
+
oss_item.homepage = f"{self.dn_url}{groupid}/{artifactid}"
|
|
230
|
+
dep_item.purl = get_url_to_purl(oss_item.download_location, self.package_manager_name)
|
|
231
|
+
purl_dict[f'{oss_item.name}({oss_item.version})'] = dep_item.purl
|
|
230
232
|
|
|
231
233
|
licenses = d.find("licenses")
|
|
232
234
|
if len(licenses):
|
|
@@ -234,26 +236,24 @@ class Maven(PackageManager):
|
|
|
234
236
|
for key_license in licenses.iter("license"):
|
|
235
237
|
if key_license.findtext("name") is not None:
|
|
236
238
|
license_names.append(key_license.findtext("name").replace(",", ""))
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
license_name = ''
|
|
239
|
+
oss_item.license = ', '.join(license_names)
|
|
240
|
+
|
|
241
|
+
dep_key = f"{oss_item.name}({version})"
|
|
241
242
|
|
|
242
|
-
dep_key = f"{oss_name}({version})"
|
|
243
|
-
comment_list = []
|
|
244
|
-
deps_list = []
|
|
245
243
|
if self.direct_dep:
|
|
246
244
|
if dep_key in self.direct_dep_list:
|
|
247
|
-
|
|
245
|
+
oss_item.comment = 'direct'
|
|
248
246
|
else:
|
|
249
|
-
|
|
247
|
+
oss_item.comment = 'transitive'
|
|
250
248
|
try:
|
|
251
249
|
if dep_key in self.relation_tree:
|
|
252
|
-
|
|
250
|
+
dep_item.depends_on_raw = self.relation_tree[dep_key]
|
|
253
251
|
except Exception as e:
|
|
254
252
|
logger.error(f"Fail to find oss scope in dependency tree: {e}")
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
253
|
+
|
|
254
|
+
dep_item.oss_items.append(oss_item)
|
|
255
|
+
self.dep_items.append(dep_item)
|
|
256
|
+
|
|
257
|
+
if self.direct_dep:
|
|
258
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
259
|
+
return
|
|
@@ -12,6 +12,8 @@ import re
|
|
|
12
12
|
import fosslight_util.constant as constant
|
|
13
13
|
import fosslight_dependency.constant as const
|
|
14
14
|
from fosslight_dependency._package_manager import PackageManager, get_url_to_purl
|
|
15
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
16
|
+
from fosslight_util.oss_item import OssItem
|
|
15
17
|
|
|
16
18
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
17
19
|
node_modules = 'node_modules'
|
|
@@ -148,25 +150,25 @@ class Npm(PackageManager):
|
|
|
148
150
|
with open(f_name, 'r', encoding='utf8') as json_file:
|
|
149
151
|
json_data = json.load(json_file)
|
|
150
152
|
|
|
151
|
-
sheet_list = []
|
|
152
|
-
comment = ''
|
|
153
153
|
_licenses = 'licenses'
|
|
154
154
|
_repository = 'repository'
|
|
155
155
|
_private = 'private'
|
|
156
156
|
|
|
157
157
|
keys = [key for key in json_data]
|
|
158
|
-
|
|
158
|
+
purl_dict = {}
|
|
159
159
|
for i in range(0, len(keys)):
|
|
160
|
+
dep_item = DependencyItem()
|
|
161
|
+
oss_item = OssItem()
|
|
160
162
|
d = json_data.get(keys[i - 1])
|
|
161
163
|
oss_init_name = d['name']
|
|
162
|
-
|
|
164
|
+
oss_item.name = self.package_manager_name + ":" + oss_init_name
|
|
163
165
|
|
|
164
166
|
if d[_licenses]:
|
|
165
167
|
license_name = d[_licenses]
|
|
166
168
|
else:
|
|
167
169
|
license_name = ''
|
|
168
170
|
|
|
169
|
-
|
|
171
|
+
oss_item.version = d['version']
|
|
170
172
|
package_path = d['path']
|
|
171
173
|
|
|
172
174
|
private_pkg = False
|
|
@@ -174,45 +176,48 @@ class Npm(PackageManager):
|
|
|
174
176
|
if d[_private]:
|
|
175
177
|
private_pkg = True
|
|
176
178
|
|
|
177
|
-
homepage = self.dn_url + oss_init_name
|
|
178
|
-
dn_loc = f"{self.dn_url}{oss_init_name}/v/{
|
|
179
|
-
purl = get_url_to_purl(dn_loc, self.package_manager_name)
|
|
180
|
-
|
|
179
|
+
oss_item.homepage = self.dn_url + oss_init_name
|
|
180
|
+
dn_loc = f"{self.dn_url}{oss_init_name}/v/{oss_item.version}"
|
|
181
|
+
dep_item.purl = get_url_to_purl(dn_loc, self.package_manager_name)
|
|
182
|
+
purl_dict[f'{oss_init_name}({oss_item.version})'] = dep_item.purl
|
|
181
183
|
if d[_repository]:
|
|
182
184
|
dn_loc = d[_repository]
|
|
183
185
|
elif private_pkg:
|
|
184
186
|
dn_loc = ''
|
|
185
187
|
|
|
186
|
-
|
|
187
|
-
|
|
188
|
+
oss_item.download_location = dn_loc
|
|
189
|
+
|
|
188
190
|
if private_pkg:
|
|
189
|
-
homepage =
|
|
190
|
-
|
|
191
|
-
if self.package_name == f'{oss_init_name}({
|
|
192
|
-
|
|
191
|
+
oss_item.homepage = oss_item.download_location
|
|
192
|
+
oss_item.comment = 'private'
|
|
193
|
+
if self.package_name == f'{oss_init_name}({oss_item.version})':
|
|
194
|
+
oss_item.comment = 'root package'
|
|
193
195
|
elif self.direct_dep and len(self.relation_tree) > 0:
|
|
194
|
-
if f'{oss_init_name}({
|
|
195
|
-
|
|
196
|
+
if f'{oss_init_name}({oss_item.version})' in self.relation_tree[self.package_name]:
|
|
197
|
+
oss_item.comment = 'direct'
|
|
196
198
|
else:
|
|
197
|
-
|
|
199
|
+
oss_item.comment = 'transitive'
|
|
198
200
|
|
|
199
|
-
if f'{oss_init_name}({
|
|
200
|
-
|
|
201
|
+
if f'{oss_init_name}({oss_item.version})' in self.relation_tree:
|
|
202
|
+
dep_item.depends_on_raw = self.relation_tree[f'{oss_init_name}({oss_item.version})']
|
|
201
203
|
|
|
202
204
|
manifest_file_path = os.path.join(package_path, const.SUPPORT_PACKAE.get(self.package_manager_name))
|
|
203
205
|
multi_license, license_comment, multi_flag = check_multi_license(license_name, manifest_file_path)
|
|
204
206
|
|
|
205
|
-
comment = ','.join(comment_list)
|
|
206
207
|
if multi_flag:
|
|
207
|
-
comment =
|
|
208
|
+
oss_item.comment = license_comment
|
|
208
209
|
license_name = multi_license
|
|
209
210
|
else:
|
|
210
211
|
license_name = license_name.replace(",", "")
|
|
211
212
|
license_name = check_unknown_license(license_name, manifest_file_path)
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
213
|
+
oss_item.license = license_name
|
|
214
|
+
|
|
215
|
+
dep_item.oss_items.append(oss_item)
|
|
216
|
+
self.dep_items.append(dep_item)
|
|
217
|
+
|
|
218
|
+
if self.direct_dep:
|
|
219
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
220
|
+
return
|
|
216
221
|
|
|
217
222
|
|
|
218
223
|
def check_multi_license(license_name, manifest_file_path):
|
|
@@ -13,6 +13,8 @@ import fosslight_util.constant as constant
|
|
|
13
13
|
import fosslight_dependency.constant as const
|
|
14
14
|
from fosslight_dependency._package_manager import PackageManager
|
|
15
15
|
from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
|
|
16
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
17
|
+
from fosslight_util.oss_item import OssItem
|
|
16
18
|
|
|
17
19
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
18
20
|
|
|
@@ -37,7 +39,7 @@ class Nuget(PackageManager):
|
|
|
37
39
|
def parse_oss_information(self, f_name):
|
|
38
40
|
tmp_license_txt_file_name = 'tmp_license.txt'
|
|
39
41
|
with open(f_name, 'r', encoding='utf8') as input_fp:
|
|
40
|
-
|
|
42
|
+
purl_dict = {}
|
|
41
43
|
package_list = []
|
|
42
44
|
if self.packageReference:
|
|
43
45
|
package_list = self.get_package_info_in_packagereference(input_fp)
|
|
@@ -46,14 +48,13 @@ class Nuget(PackageManager):
|
|
|
46
48
|
|
|
47
49
|
for oss_origin_name, oss_version in package_list:
|
|
48
50
|
try:
|
|
49
|
-
|
|
51
|
+
dep_item = DependencyItem()
|
|
52
|
+
oss_item = OssItem()
|
|
53
|
+
oss_item.name = f'{self.package_manager_name}:{oss_origin_name}'
|
|
54
|
+
oss_item.version = oss_version
|
|
50
55
|
|
|
51
|
-
comment_list = []
|
|
52
|
-
dn_loc = ''
|
|
53
|
-
homepage = ''
|
|
54
56
|
license_name = ''
|
|
55
|
-
|
|
56
|
-
response = requests.get(f'{self.nuget_api_url}{oss_origin_name}/{oss_version}/{oss_origin_name}.nuspec')
|
|
57
|
+
response = requests.get(f'{self.nuget_api_url}{oss_origin_name}/{oss_item.version}/{oss_origin_name}.nuspec')
|
|
57
58
|
if response.status_code == 200:
|
|
58
59
|
root = fromstring(response.text)
|
|
59
60
|
xmlns = ''
|
|
@@ -66,7 +67,7 @@ class Nuget(PackageManager):
|
|
|
66
67
|
if license_name_id is not None:
|
|
67
68
|
license_name, license_comment = self.check_multi_license(license_name_id.text)
|
|
68
69
|
if license_comment != '':
|
|
69
|
-
|
|
70
|
+
oss_item.comment = license_comment
|
|
70
71
|
else:
|
|
71
72
|
license_url = nupkg_metadata.find(f'{xmlns}licenseUrl')
|
|
72
73
|
if license_url is not None:
|
|
@@ -82,45 +83,47 @@ class Nuget(PackageManager):
|
|
|
82
83
|
license_name = license_name_with_license_scanner
|
|
83
84
|
else:
|
|
84
85
|
license_name = license_url.text
|
|
86
|
+
oss_item.license = license_name
|
|
85
87
|
repo_id = nupkg_metadata.find(f'{xmlns}repository')
|
|
86
88
|
if repo_id is not None:
|
|
87
|
-
|
|
89
|
+
oss_item.download_location = repo_id.get("url")
|
|
88
90
|
else:
|
|
89
91
|
proj_url_id = nupkg_metadata.find(f'{xmlns}projectUrl')
|
|
90
92
|
if proj_url_id is not None:
|
|
91
|
-
|
|
92
|
-
homepage = f'{self.dn_url}{oss_origin_name}'
|
|
93
|
-
if
|
|
94
|
-
|
|
93
|
+
oss_item.download_location = proj_url_id.text
|
|
94
|
+
oss_item.homepage = f'{self.dn_url}{oss_origin_name}'
|
|
95
|
+
if oss_item.download_location == '':
|
|
96
|
+
oss_item.download_location = f'{oss_item.homepage}/{oss_item.version}'
|
|
95
97
|
else:
|
|
96
|
-
if
|
|
97
|
-
|
|
98
|
-
purl = get_url_to_purl(f'{homepage}/{
|
|
98
|
+
if oss_item.download_location.endswith('.git'):
|
|
99
|
+
oss_item.download_location = oss_item.download_location[:-4]
|
|
100
|
+
dep_item.purl = get_url_to_purl(f'{oss_item.homepage}/{oss_item.version}', self.package_manager_name)
|
|
99
101
|
else:
|
|
100
|
-
|
|
101
|
-
purl = f'pkg:nuget/{oss_origin_name}@{
|
|
102
|
-
|
|
102
|
+
oss_item.comment = 'Fail to response for nuget api'
|
|
103
|
+
dep_item.purl = f'pkg:nuget/{oss_origin_name}@{oss_item.version}'
|
|
104
|
+
purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
|
|
103
105
|
|
|
104
|
-
deps_list = []
|
|
105
106
|
if self.direct_dep and self.packageReference:
|
|
106
107
|
if oss_origin_name in self.direct_dep_list:
|
|
107
|
-
|
|
108
|
+
oss_item.comment = 'direct'
|
|
108
109
|
else:
|
|
109
|
-
|
|
110
|
+
oss_item.comment = 'transitive'
|
|
110
111
|
|
|
111
|
-
if f'{oss_origin_name}({
|
|
112
|
-
|
|
112
|
+
if f'{oss_origin_name}({oss_item.version})' in self.relation_tree:
|
|
113
|
+
dep_item.depends_on_raw = self.relation_tree[f'{oss_origin_name}({oss_item.version})']
|
|
113
114
|
|
|
114
|
-
|
|
115
|
-
|
|
115
|
+
dep_item.oss_items.append(oss_item)
|
|
116
|
+
self.dep_items.append(dep_item)
|
|
116
117
|
|
|
117
118
|
except Exception as e:
|
|
118
119
|
logger.warning(f"Failed to parse oss information: {e}")
|
|
119
|
-
|
|
120
|
+
if self.direct_dep:
|
|
121
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
122
|
+
|
|
120
123
|
if os.path.isfile(tmp_license_txt_file_name):
|
|
121
124
|
os.remove(tmp_license_txt_file_name)
|
|
122
125
|
|
|
123
|
-
return
|
|
126
|
+
return
|
|
124
127
|
|
|
125
128
|
def get_package_list_in_packages_config(self, input_fp):
|
|
126
129
|
package_list = []
|
|
@@ -14,6 +14,8 @@ import fosslight_util.constant as constant
|
|
|
14
14
|
import fosslight_dependency.constant as const
|
|
15
15
|
from fosslight_dependency._package_manager import PackageManager
|
|
16
16
|
from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
|
|
17
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
18
|
+
from fosslight_util.oss_item import OssItem
|
|
17
19
|
|
|
18
20
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
19
21
|
|
|
@@ -104,28 +106,29 @@ class Pub(PackageManager):
|
|
|
104
106
|
def parse_oss_information(self, f_name):
|
|
105
107
|
tmp_license_txt_file_name = 'tmp_license.txt'
|
|
106
108
|
json_data = ''
|
|
107
|
-
comment = ''
|
|
108
109
|
|
|
109
110
|
with open(f_name, 'r', encoding='utf8') as pub_file:
|
|
110
111
|
json_f = json.load(pub_file)
|
|
111
112
|
|
|
112
113
|
try:
|
|
113
|
-
|
|
114
|
+
purl_dict = {}
|
|
114
115
|
|
|
115
116
|
for json_data in json_f:
|
|
117
|
+
dep_item = DependencyItem()
|
|
118
|
+
oss_item = OssItem()
|
|
116
119
|
oss_origin_name = json_data['name']
|
|
117
120
|
if oss_origin_name not in self.total_dep_list:
|
|
118
121
|
continue
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
homepage = json_data['homepage']
|
|
122
|
-
if homepage is None:
|
|
123
|
-
homepage = json_data['repository']
|
|
124
|
-
if homepage is None:
|
|
125
|
-
homepage = ''
|
|
126
|
-
|
|
127
|
-
purl = get_url_to_purl(
|
|
128
|
-
|
|
122
|
+
oss_item.name = f"{self.package_manager_name}:{oss_origin_name}"
|
|
123
|
+
oss_item.version = json_data['version']
|
|
124
|
+
oss_item.homepage = json_data['homepage']
|
|
125
|
+
if oss_item.homepage is None:
|
|
126
|
+
oss_item.homepage = json_data['repository']
|
|
127
|
+
if oss_item.homepage is None:
|
|
128
|
+
oss_item.homepage = ''
|
|
129
|
+
oss_item.download_location = f"{self.dn_url}{oss_origin_name}/versions/{oss_item.version}"
|
|
130
|
+
dep_item.purl = get_url_to_purl(oss_item.download_location, self.package_manager_name)
|
|
131
|
+
purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
|
|
129
132
|
license_txt = json_data['license']
|
|
130
133
|
|
|
131
134
|
tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
|
|
@@ -137,36 +140,33 @@ class Pub(PackageManager):
|
|
|
137
140
|
tmp_license_txt_file_name)
|
|
138
141
|
|
|
139
142
|
if license_name_with_license_scanner != "":
|
|
140
|
-
|
|
141
|
-
else:
|
|
142
|
-
license_name = ''
|
|
143
|
+
oss_item.license = license_name_with_license_scanner
|
|
143
144
|
|
|
144
|
-
comment_list = []
|
|
145
|
-
deps_list = []
|
|
146
145
|
if self.direct_dep:
|
|
147
146
|
if oss_origin_name not in self.total_dep_list:
|
|
148
147
|
continue
|
|
149
|
-
if self.package_name == f'{oss_origin_name}({
|
|
150
|
-
|
|
148
|
+
if self.package_name == f'{oss_origin_name}({oss_item.version})':
|
|
149
|
+
oss_item.comment = 'root package'
|
|
151
150
|
else:
|
|
152
151
|
if json_data['isDirectDependency']:
|
|
153
|
-
|
|
152
|
+
oss_item.comment = 'direct'
|
|
154
153
|
else:
|
|
155
|
-
|
|
154
|
+
oss_item.comment = 'transitive'
|
|
155
|
+
|
|
156
|
+
if f'{oss_origin_name}({oss_item.version})' in self.relation_tree:
|
|
157
|
+
dep_item.depends_on_raw = self.relation_tree[f'{oss_origin_name}({oss_item.version})']
|
|
156
158
|
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
comment = ','.join(comment_list)
|
|
160
|
-
sheet_list.append([purl, oss_name, oss_version, license_name, dn_loc, homepage,
|
|
161
|
-
'', '', comment, deps_list])
|
|
159
|
+
dep_item.oss_items.append(oss_item)
|
|
160
|
+
self.dep_items.append(dep_item)
|
|
162
161
|
except Exception as e:
|
|
163
162
|
logger.error(f"Fail to parse pub oss information: {e}")
|
|
164
|
-
|
|
163
|
+
if self.direct_dep:
|
|
164
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
165
165
|
|
|
166
166
|
if os.path.isfile(tmp_license_txt_file_name):
|
|
167
167
|
os.remove(tmp_license_txt_file_name)
|
|
168
168
|
|
|
169
|
-
return
|
|
169
|
+
return
|
|
170
170
|
|
|
171
171
|
def parse_no_dev_command_file(self, pub_deps):
|
|
172
172
|
for line in pub_deps.split('\n'):
|