fosslight-dependency 4.1.1__tar.gz → 4.1.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/PKG-INFO +15 -10
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/README.md +14 -9
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/setup.py +1 -1
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/_analyze_dependency.py +3 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/_help.py +3 -1
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/_package_manager.py +2 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/constant.py +3 -1
- fosslight_dependency-4.1.2/src/fosslight_dependency/package_manager/Cargo.py +143 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/run_dependency_scanner.py +2 -2
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/PKG-INFO +15 -10
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/SOURCES.txt +1 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/LICENSE +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/LICENSES/Apache-2.0.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/LICENSES/LicenseRef-3rd_party_licenses.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/LICENSES/MIT.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/MANIFEST.in +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/requirements.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/setup.cfg +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/__init__.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/_graph_convertor.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/dependency_item.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Android.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Carthage.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Cocoapods.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Go.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Gradle.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Helm.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Maven.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Npm.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Nuget.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Pub.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Pypi.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Swift.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/Unity.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/package_manager/__init__.py +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/dependency_links.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/entry_points.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/requires.txt +0 -0
- {fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/top_level.txt +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: fosslight_dependency
|
|
3
|
-
Version: 4.1.
|
|
3
|
+
Version: 4.1.2
|
|
4
4
|
Summary: FOSSLight Dependency Scanner
|
|
5
5
|
Home-page: https://github.com/fosslight/fosslight_dependency_scanner
|
|
6
6
|
Author: LG Electronics
|
|
@@ -10,23 +10,22 @@ Description: <!--
|
|
|
10
10
|
Copyright (c) 2021 LG Electronics
|
|
11
11
|
SPDX-License-Identifier: Apache-2.0
|
|
12
12
|
-->
|
|
13
|
-
# FOSSLight Dependency Scanner
|
|
14
13
|
|
|
15
|
-
|
|
14
|
+
# FOSSLight Dependency Scanner
|
|
16
15
|
|
|
16
|
+
`<img src="https://img.shields.io/pypi/l/fosslight_dependency" alt="License" />` `<a href="https://pypi.org/project/fosslight-dependency/"><img src="https://img.shields.io/pypi/v/fosslight_dependency" alt="Current python package version." />``</a>` `<img src="https://img.shields.io/pypi/pyversions/fosslight_dependency" />` [](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency_scanner)
|
|
17
17
|
|
|
18
18
|
## 💡 Introduction
|
|
19
19
|
|
|
20
20
|
This is the tool that supports the analysis of dependencies for multiple package managers. It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools. Then, it generates the report file that contains OSS information of dependencies.
|
|
21
21
|
|
|
22
|
-
|
|
23
22
|
## 📖 User Guide
|
|
24
23
|
|
|
25
|
-
We describe the user guide in the [**FOSSLight Guide page**](https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html).
|
|
24
|
+
We describe the user guide in the [**FOSSLight Guide page**](https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html).
|
|
26
25
|
In this user guide, you can see how to install the FOSSLight Dependency Scanner and how to set up the prerequisite step and run it according to the package manager of your project. Also, you can check the results of the FOSSLight Dependency Scanner.
|
|
27
26
|
|
|
28
|
-
|
|
29
27
|
## 👀 Package Support Level
|
|
28
|
+
|
|
30
29
|
<table>
|
|
31
30
|
<thead>
|
|
32
31
|
<tr>
|
|
@@ -141,19 +140,25 @@ Description: <!--
|
|
|
141
140
|
<td>O</td>
|
|
142
141
|
<td>X</td>
|
|
143
142
|
</tr>
|
|
143
|
+
<tr>
|
|
144
|
+
<td>Rust</td>
|
|
145
|
+
<td>Cargo</td>
|
|
146
|
+
<td>Cargo.toml</td>
|
|
147
|
+
<td>O</td>
|
|
148
|
+
<td>O</td>
|
|
149
|
+
<td>O</td>
|
|
150
|
+
</tr>
|
|
144
151
|
</tbody>
|
|
145
152
|
</table>
|
|
146
153
|
|
|
147
|
-
|
|
148
154
|
## 👏 Contributing Guide
|
|
149
155
|
|
|
150
|
-
We always welcome your contributions.
|
|
156
|
+
We always welcome your contributions.
|
|
151
157
|
Please see the [CONTRIBUTING guide](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/CONTRIBUTING.md) for how to contribute.
|
|
152
158
|
|
|
153
|
-
|
|
154
159
|
## 📄 License
|
|
155
160
|
|
|
156
|
-
Copyright (c) 2020 LG Electronics, Inc.
|
|
161
|
+
Copyright (c) 2020 LG Electronics, Inc.
|
|
157
162
|
FOSSLight Dependency Scanner is licensed under Apache-2.0, as found in the [LICENSE](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/LICENSE) file.
|
|
158
163
|
|
|
159
164
|
Platform: UNKNOWN
|
|
@@ -2,23 +2,22 @@
|
|
|
2
2
|
Copyright (c) 2021 LG Electronics
|
|
3
3
|
SPDX-License-Identifier: Apache-2.0
|
|
4
4
|
-->
|
|
5
|
-
# FOSSLight Dependency Scanner
|
|
6
5
|
|
|
7
|
-
|
|
6
|
+
# FOSSLight Dependency Scanner
|
|
8
7
|
|
|
8
|
+
`<img src="https://img.shields.io/pypi/l/fosslight_dependency" alt="License" />` `<a href="https://pypi.org/project/fosslight-dependency/"><img src="https://img.shields.io/pypi/v/fosslight_dependency" alt="Current python package version." />``</a>` `<img src="https://img.shields.io/pypi/pyversions/fosslight_dependency" />` [](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency_scanner)
|
|
9
9
|
|
|
10
10
|
## 💡 Introduction
|
|
11
11
|
|
|
12
12
|
This is the tool that supports the analysis of dependencies for multiple package managers. It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools. Then, it generates the report file that contains OSS information of dependencies.
|
|
13
13
|
|
|
14
|
-
|
|
15
14
|
## 📖 User Guide
|
|
16
15
|
|
|
17
|
-
We describe the user guide in the [**FOSSLight Guide page**](https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html).
|
|
16
|
+
We describe the user guide in the [**FOSSLight Guide page**](https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html).
|
|
18
17
|
In this user guide, you can see how to install the FOSSLight Dependency Scanner and how to set up the prerequisite step and run it according to the package manager of your project. Also, you can check the results of the FOSSLight Dependency Scanner.
|
|
19
18
|
|
|
20
|
-
|
|
21
19
|
## 👀 Package Support Level
|
|
20
|
+
|
|
22
21
|
<table>
|
|
23
22
|
<thead>
|
|
24
23
|
<tr>
|
|
@@ -133,17 +132,23 @@ In this user guide, you can see how to install the FOSSLight Dependency Scanner
|
|
|
133
132
|
<td>O</td>
|
|
134
133
|
<td>X</td>
|
|
135
134
|
</tr>
|
|
135
|
+
<tr>
|
|
136
|
+
<td>Rust</td>
|
|
137
|
+
<td>Cargo</td>
|
|
138
|
+
<td>Cargo.toml</td>
|
|
139
|
+
<td>O</td>
|
|
140
|
+
<td>O</td>
|
|
141
|
+
<td>O</td>
|
|
142
|
+
</tr>
|
|
136
143
|
</tbody>
|
|
137
144
|
</table>
|
|
138
145
|
|
|
139
|
-
|
|
140
146
|
## 👏 Contributing Guide
|
|
141
147
|
|
|
142
|
-
We always welcome your contributions.
|
|
148
|
+
We always welcome your contributions.
|
|
143
149
|
Please see the [CONTRIBUTING guide](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/CONTRIBUTING.md) for how to contribute.
|
|
144
150
|
|
|
145
|
-
|
|
146
151
|
## 📄 License
|
|
147
152
|
|
|
148
|
-
Copyright (c) 2020 LG Electronics, Inc.
|
|
153
|
+
Copyright (c) 2020 LG Electronics, Inc.
|
|
149
154
|
FOSSLight Dependency Scanner is licensed under Apache-2.0, as found in the [LICENSE](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/LICENSE) file.
|
|
@@ -19,6 +19,7 @@ from fosslight_dependency.package_manager.Go import Go
|
|
|
19
19
|
from fosslight_dependency.package_manager.Nuget import Nuget
|
|
20
20
|
from fosslight_dependency.package_manager.Helm import Helm
|
|
21
21
|
from fosslight_dependency.package_manager.Unity import Unity
|
|
22
|
+
from fosslight_dependency.package_manager.Cargo import Cargo
|
|
22
23
|
import fosslight_util.constant as constant
|
|
23
24
|
|
|
24
25
|
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
@@ -57,6 +58,8 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
57
58
|
package_manager = Helm(input_dir, output_dir)
|
|
58
59
|
elif package_manager_name == const.UNITY:
|
|
59
60
|
package_manager = Unity(input_dir, output_dir)
|
|
61
|
+
elif package_manager_name == const.CARGO:
|
|
62
|
+
package_manager = Cargo(input_dir, output_dir)
|
|
60
63
|
else:
|
|
61
64
|
logger.error(f"Not supported package manager name: {package_manager_name}")
|
|
62
65
|
ret = False
|
|
@@ -24,13 +24,15 @@ _HELP_MESSAGE_DEPENDENCY = """
|
|
|
24
24
|
Nuget (.NET)
|
|
25
25
|
Helm (Kubernetes)
|
|
26
26
|
Unity (Unity)
|
|
27
|
+
Cargo (Rust)
|
|
27
28
|
|
|
28
29
|
Options:
|
|
29
30
|
Optional
|
|
30
31
|
-h\t\t\t\t Print help message.
|
|
31
32
|
-v\t\t\t\t Print the version of the script.
|
|
32
33
|
-m <package_manager>\t Enter the package manager.
|
|
33
|
-
\t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage,
|
|
34
|
+
\t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage,
|
|
35
|
+
\t go, nuget, helm, unity, cargo)
|
|
34
36
|
-p <input_path>\t\t Enter the path where the script will be run.
|
|
35
37
|
-e <exclude_path>\t\t Enter the path where the analysis will not be performed.
|
|
36
38
|
-o <output_path>\t\t Output path
|
|
@@ -286,6 +286,8 @@ def get_url_to_purl(url, pkg_manager, oss_name='', oss_version=''):
|
|
|
286
286
|
elif pkg_manager == 'carthage':
|
|
287
287
|
if oss_version:
|
|
288
288
|
purl = f'{purl}@{oss_version}'
|
|
289
|
+
elif pkg_manager == 'cargo':
|
|
290
|
+
purl = f'{purl_prefix}/{oss_name}@{oss_version}'
|
|
289
291
|
except Exception:
|
|
290
292
|
logger.debug('Fail to get purl. So use the link purl({purl}).')
|
|
291
293
|
return purl
|
{fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/constant.py
RENAMED
|
@@ -23,6 +23,7 @@ GO = 'go'
|
|
|
23
23
|
NUGET = 'nuget'
|
|
24
24
|
HELM = 'helm'
|
|
25
25
|
UNITY = 'unity'
|
|
26
|
+
CARGO = 'cargo'
|
|
26
27
|
|
|
27
28
|
# Supported package name and manifest file
|
|
28
29
|
SUPPORT_PACKAE = {
|
|
@@ -38,7 +39,8 @@ SUPPORT_PACKAE = {
|
|
|
38
39
|
GO: 'go.mod',
|
|
39
40
|
NUGET: ['packages.config', os.path.join('obj', 'project.assets.json')],
|
|
40
41
|
HELM: 'Chart.yaml',
|
|
41
|
-
UNITY: os.path.join('Library', 'PackageManager', 'ProjectCache')
|
|
42
|
+
UNITY: os.path.join('Library', 'PackageManager', 'ProjectCache'),
|
|
43
|
+
CARGO: 'Cargo.toml'
|
|
42
44
|
}
|
|
43
45
|
|
|
44
46
|
# default android app name
|
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
#!/usr/bin/env python
|
|
2
|
+
# -*- coding: utf-8 -*-
|
|
3
|
+
# Copyright (c) 2021 LG Electronics Inc.
|
|
4
|
+
# SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
|
|
6
|
+
import os
|
|
7
|
+
import logging
|
|
8
|
+
import json
|
|
9
|
+
import re
|
|
10
|
+
import subprocess
|
|
11
|
+
import fosslight_util.constant as constant
|
|
12
|
+
import fosslight_dependency.constant as const
|
|
13
|
+
from fosslight_dependency._package_manager import PackageManager
|
|
14
|
+
from fosslight_dependency._package_manager import get_url_to_purl
|
|
15
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
16
|
+
from fosslight_util.oss_item import OssItem
|
|
17
|
+
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
class Cargo(PackageManager):
|
|
21
|
+
package_manager_name = const.CARGO
|
|
22
|
+
|
|
23
|
+
dn_url = 'https://crates.io/crates/'
|
|
24
|
+
input_file_name = 'tmp_cargo_fosslight_output.json'
|
|
25
|
+
tmp_input_file_flag = False
|
|
26
|
+
cur_path = ''
|
|
27
|
+
cargo_lock_f = 'Cargo.lock'
|
|
28
|
+
|
|
29
|
+
def __init__(self, input_dir, output_dir):
|
|
30
|
+
super().__init__(self.package_manager_name, self.dn_url, input_dir, output_dir)
|
|
31
|
+
self.append_input_package_list_file(self.input_file_name)
|
|
32
|
+
|
|
33
|
+
def __del__(self):
|
|
34
|
+
if self.tmp_input_file_flag:
|
|
35
|
+
os.remove(self.input_file_name)
|
|
36
|
+
|
|
37
|
+
def run_plugin(self):
|
|
38
|
+
if os.path.exists(self.input_file_name):
|
|
39
|
+
logger.info(f"Found {self.input_file_name}, skip the flutter cmd to analyze dependency.")
|
|
40
|
+
return True
|
|
41
|
+
|
|
42
|
+
if not os.path.exists(const.SUPPORT_PACKAE.get(self.package_manager_name)):
|
|
43
|
+
logger.error(f"Cannot find the file({const.SUPPORT_PACKAE.get(self.package_manager_name)})")
|
|
44
|
+
return False
|
|
45
|
+
|
|
46
|
+
if os.path.exists(self.cargo_lock_f):
|
|
47
|
+
cmd = f'cargo metadata --locked --format-version 1 > {self.input_file_name}'
|
|
48
|
+
else:
|
|
49
|
+
cmd = f'cargo metadata --format-version 1 > {self.input_file_name}'
|
|
50
|
+
ret = subprocess.call(cmd, shell=True)
|
|
51
|
+
if ret != 0:
|
|
52
|
+
logger.error(f"Failed to run: {cmd}")
|
|
53
|
+
os.chdir(self.cur_path)
|
|
54
|
+
return False
|
|
55
|
+
self.tmp_input_file_flag = True
|
|
56
|
+
return True
|
|
57
|
+
|
|
58
|
+
def parse_oss_information(self, f_name):
|
|
59
|
+
json_data = ''
|
|
60
|
+
|
|
61
|
+
with open(f_name, 'r', encoding='utf8') as cargo_file:
|
|
62
|
+
json_f = json.load(cargo_file)
|
|
63
|
+
try:
|
|
64
|
+
purl_dict = {}
|
|
65
|
+
workspace_members_key = 'workspace_members'
|
|
66
|
+
resolve_key = 'resolve'
|
|
67
|
+
root_key = 'root'
|
|
68
|
+
nodes_key = 'nodes'
|
|
69
|
+
workspace_members = []
|
|
70
|
+
root = ''
|
|
71
|
+
resolve_node = []
|
|
72
|
+
|
|
73
|
+
if workspace_members_key in json_f:
|
|
74
|
+
workspace_members = json_f[workspace_members_key]
|
|
75
|
+
|
|
76
|
+
if resolve_key in json_f:
|
|
77
|
+
if root_key in json_f[resolve_key]:
|
|
78
|
+
root = json_f[resolve_key][root_key]
|
|
79
|
+
if nodes_key in json_f[resolve_key]:
|
|
80
|
+
resolve_node = json_f[resolve_key][nodes_key]
|
|
81
|
+
if root and resolve_node:
|
|
82
|
+
self.direct_dep_list.extend(get_matched_dependencies(root, resolve_node))
|
|
83
|
+
else:
|
|
84
|
+
self.direct_dep = False
|
|
85
|
+
logger.info('Cannot find dependencies relationship (no resolve nodes.)')
|
|
86
|
+
|
|
87
|
+
for json_data in json_f['packages']:
|
|
88
|
+
dep_item = DependencyItem()
|
|
89
|
+
oss_item = OssItem()
|
|
90
|
+
pkg_id = json_data['id']
|
|
91
|
+
oss_origin_name = json_data['name']
|
|
92
|
+
|
|
93
|
+
oss_item.name = f"{self.package_manager_name}:{oss_origin_name}"
|
|
94
|
+
oss_item.version = json_data['version']
|
|
95
|
+
oss_item.homepage = f"{self.dn_url}{oss_origin_name}"
|
|
96
|
+
oss_item.download_location = json_data['repository']
|
|
97
|
+
if oss_item.download_location is None:
|
|
98
|
+
oss_item.download_location = oss_item.homepage
|
|
99
|
+
dep_item.purl = get_url_to_purl(oss_item.homepage, self.package_manager_name, oss_origin_name, oss_item.version)
|
|
100
|
+
purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
|
|
101
|
+
if json_data['license'] is not None:
|
|
102
|
+
oss_item.license = json_data['license']
|
|
103
|
+
|
|
104
|
+
if self.direct_dep:
|
|
105
|
+
if pkg_id == root:
|
|
106
|
+
oss_item.comment = 'root package'
|
|
107
|
+
if pkg_id in workspace_members:
|
|
108
|
+
oss_item.comment = 'local package'
|
|
109
|
+
if len(self.direct_dep_list) > 0:
|
|
110
|
+
if pkg_id != root:
|
|
111
|
+
if f'{oss_origin_name}({oss_item.version})' in self.direct_dep_list:
|
|
112
|
+
oss_item.comment = 'direct'
|
|
113
|
+
else:
|
|
114
|
+
oss_item.comment = 'transitive'
|
|
115
|
+
dep_item.depends_on_raw.extend(get_matched_dependencies(pkg_id, resolve_node))
|
|
116
|
+
|
|
117
|
+
dep_item.oss_items.append(oss_item)
|
|
118
|
+
self.dep_items.append(dep_item)
|
|
119
|
+
except Exception as e:
|
|
120
|
+
logger.error(f"Fail to parse pub oss information: {e}")
|
|
121
|
+
if self.direct_dep:
|
|
122
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
123
|
+
|
|
124
|
+
return
|
|
125
|
+
|
|
126
|
+
|
|
127
|
+
def get_matched_dependencies(match_id, resolve_node):
|
|
128
|
+
dependencies_list = []
|
|
129
|
+
for node in resolve_node:
|
|
130
|
+
if match_id == node['id']:
|
|
131
|
+
for dep_pkg in node['dependencies']:
|
|
132
|
+
try:
|
|
133
|
+
match = re.findall(r'^.*#(\S*)@(\S*)', dep_pkg)
|
|
134
|
+
dependencies_list.append(f'{match[0][0]}({match[0][1]})')
|
|
135
|
+
except:
|
|
136
|
+
try:
|
|
137
|
+
match = re.findall(r'^(\S*)\s(\S*)\s', dep_pkg)
|
|
138
|
+
dependencies_list.append(f'{match[0][0]}({match[0][1]})')
|
|
139
|
+
except:
|
|
140
|
+
logger.info(f'cannot find name and version for dependencies: {match_id}')
|
|
141
|
+
pass
|
|
142
|
+
break
|
|
143
|
+
return dependencies_list
|
|
@@ -156,7 +156,7 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
|
|
|
156
156
|
support_packagemanager = list(const.SUPPORT_PACKAE.keys())
|
|
157
157
|
|
|
158
158
|
if package_manager not in support_packagemanager:
|
|
159
|
-
logger.error(f"You entered the unsupported package manager({package_manager}).")
|
|
159
|
+
logger.error(f"(-m option) You entered the unsupported package manager({package_manager}).")
|
|
160
160
|
logger.error("Please enter the supported package manager({0}) with '-m' option."
|
|
161
161
|
.format(", ".join(support_packagemanager)))
|
|
162
162
|
return False, scan_item
|
|
@@ -166,7 +166,7 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
|
|
|
166
166
|
os.chdir(input_dir)
|
|
167
167
|
input_dir = os.getcwd()
|
|
168
168
|
else:
|
|
169
|
-
logger.error(f"You entered the wrong input path({input_dir}) to run the script.")
|
|
169
|
+
logger.error(f"(-p option) You entered the wrong input path({input_dir}) to run the script.")
|
|
170
170
|
logger.error("Please enter the existed input path with '-p' option.")
|
|
171
171
|
return False, scan_item
|
|
172
172
|
else:
|
{fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency.egg-info/PKG-INFO
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: fosslight-dependency
|
|
3
|
-
Version: 4.1.
|
|
3
|
+
Version: 4.1.2
|
|
4
4
|
Summary: FOSSLight Dependency Scanner
|
|
5
5
|
Home-page: https://github.com/fosslight/fosslight_dependency_scanner
|
|
6
6
|
Author: LG Electronics
|
|
@@ -10,23 +10,22 @@ Description: <!--
|
|
|
10
10
|
Copyright (c) 2021 LG Electronics
|
|
11
11
|
SPDX-License-Identifier: Apache-2.0
|
|
12
12
|
-->
|
|
13
|
-
# FOSSLight Dependency Scanner
|
|
14
13
|
|
|
15
|
-
|
|
14
|
+
# FOSSLight Dependency Scanner
|
|
16
15
|
|
|
16
|
+
`<img src="https://img.shields.io/pypi/l/fosslight_dependency" alt="License" />` `<a href="https://pypi.org/project/fosslight-dependency/"><img src="https://img.shields.io/pypi/v/fosslight_dependency" alt="Current python package version." />``</a>` `<img src="https://img.shields.io/pypi/pyversions/fosslight_dependency" />` [](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency_scanner)
|
|
17
17
|
|
|
18
18
|
## 💡 Introduction
|
|
19
19
|
|
|
20
20
|
This is the tool that supports the analysis of dependencies for multiple package managers. It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools. Then, it generates the report file that contains OSS information of dependencies.
|
|
21
21
|
|
|
22
|
-
|
|
23
22
|
## 📖 User Guide
|
|
24
23
|
|
|
25
|
-
We describe the user guide in the [**FOSSLight Guide page**](https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html).
|
|
24
|
+
We describe the user guide in the [**FOSSLight Guide page**](https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html).
|
|
26
25
|
In this user guide, you can see how to install the FOSSLight Dependency Scanner and how to set up the prerequisite step and run it according to the package manager of your project. Also, you can check the results of the FOSSLight Dependency Scanner.
|
|
27
26
|
|
|
28
|
-
|
|
29
27
|
## 👀 Package Support Level
|
|
28
|
+
|
|
30
29
|
<table>
|
|
31
30
|
<thead>
|
|
32
31
|
<tr>
|
|
@@ -141,19 +140,25 @@ Description: <!--
|
|
|
141
140
|
<td>O</td>
|
|
142
141
|
<td>X</td>
|
|
143
142
|
</tr>
|
|
143
|
+
<tr>
|
|
144
|
+
<td>Rust</td>
|
|
145
|
+
<td>Cargo</td>
|
|
146
|
+
<td>Cargo.toml</td>
|
|
147
|
+
<td>O</td>
|
|
148
|
+
<td>O</td>
|
|
149
|
+
<td>O</td>
|
|
150
|
+
</tr>
|
|
144
151
|
</tbody>
|
|
145
152
|
</table>
|
|
146
153
|
|
|
147
|
-
|
|
148
154
|
## 👏 Contributing Guide
|
|
149
155
|
|
|
150
|
-
We always welcome your contributions.
|
|
156
|
+
We always welcome your contributions.
|
|
151
157
|
Please see the [CONTRIBUTING guide](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/CONTRIBUTING.md) for how to contribute.
|
|
152
158
|
|
|
153
|
-
|
|
154
159
|
## 📄 License
|
|
155
160
|
|
|
156
|
-
Copyright (c) 2020 LG Electronics, Inc.
|
|
161
|
+
Copyright (c) 2020 LG Electronics, Inc.
|
|
157
162
|
FOSSLight Dependency Scanner is licensed under Apache-2.0, as found in the [LICENSE](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/LICENSE) file.
|
|
158
163
|
|
|
159
164
|
Platform: UNKNOWN
|
|
@@ -22,6 +22,7 @@ src/fosslight_dependency.egg-info/entry_points.txt
|
|
|
22
22
|
src/fosslight_dependency.egg-info/requires.txt
|
|
23
23
|
src/fosslight_dependency.egg-info/top_level.txt
|
|
24
24
|
src/fosslight_dependency/package_manager/Android.py
|
|
25
|
+
src/fosslight_dependency/package_manager/Cargo.py
|
|
25
26
|
src/fosslight_dependency/package_manager/Carthage.py
|
|
26
27
|
src/fosslight_dependency/package_manager/Cocoapods.py
|
|
27
28
|
src/fosslight_dependency/package_manager/Go.py
|
|
File without changes
|
|
File without changes
|
{fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/LICENSES/LicenseRef-3rd_party_licenses.txt
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{fosslight_dependency-4.1.1 → fosslight_dependency-4.1.2}/src/fosslight_dependency/__init__.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|