fosslight-dependency 4.1.7__tar.gz → 4.1.8__tar.gz

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_dependency
-Version: 4.1.7
+Version: 4.1.8
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics
@@ -164,8 +164,8 @@ Description: <!--
 Platform: UNKNOWN
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Description-Content-Type: text/markdown

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/setup.py

@@ -35,7 +35,7 @@ if __name__ == "__main__":
 
     setup(
         name=_PACKAEG_NAME,
-        version='4.1.7',
+        version='4.1.8',
         package_dir={"": "src"},
         packages=find_namespace_packages(where='src'),
         description='FOSSLight Dependency Scanner',
@@ -47,15 +47,12 @@ if __name__ == "__main__":
         download_url='https://github.com/fosslight/fosslight_dependency_scanner',
         classifiers=['License :: OSI Approved :: Apache Software License',
                      "Programming Language :: Python :: 3",
-                     "Programming Language :: Python :: 3.6",
-                     "Programming Language :: Python :: 3.7",
                      "Programming Language :: Python :: 3.8",
-                     "Programming Language :: Python :: 3.9", ],
+                     "Programming Language :: Python :: 3.9",
+                     "Programming Language :: Python :: 3.10",
+                     "Programming Language :: Python :: 3.11", ],
         install_requires=required,
-        package_data={_PACKAEG_NAME: [os.path.join('third_party', 'nomos', 'nomossa'),
-                                      os.path.join('third_party', 'askalono', 'askalono.exe'),
-                                      os.path.join('third_party', 'askalono', 'askalono_macos'),
-                                      os.path.join(_LICENSE_DIR, '*')]},
+        package_data={_PACKAEG_NAME: [os.path.join(_LICENSE_DIR, '*')]},
         include_package_data=True,
         entry_points={
             "console_scripts": [

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/_package_manager.py

@@ -4,7 +4,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
 import os
-import sys
 import logging
 import platform
 import re
@@ -12,9 +11,10 @@ import base64
 import subprocess
 import shutil
 import stat
+from packageurl.contrib import url2purl
+from askalono import identify
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
-from packageurl.contrib import url2purl
 
 try:
     from github import Github
@@ -23,13 +23,9 @@ except Exception:
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 
-# binary url to check license text
-_license_scanner_linux = os.path.join('third_party', 'nomos', 'nomossa')
-_license_scanner_macos = os.path.join('third_party', 'askalono', 'askalono_macos')
-_license_scanner_windows = os.path.join('third_party', 'askalono', 'askalono.exe')
-
 gradle_config = ['runtimeClasspath', 'runtime']
 android_config = ['releaseRuntimeClasspath']
+ASKALONO_THRESHOLD = 0.7
 
 
 class PackageManager:
@@ -54,7 +50,6 @@ class PackageManager:
         self.dep_items = []
 
         self.platform = platform.system()
-        self.license_scanner_bin = check_license_scanner(self.platform)
 
     def __del__(self):
         self.input_package_list_file = []
@@ -113,7 +108,7 @@ class PackageManager:
                     cmd_gradle = "./gradlew"
             else:
                 ret_task = False
-                logger.warning('No gradlew file exists. (skip to find dependencies relationship.')
+                logger.warning('No gradlew file exists (Skip to find dependencies relationship.).')
                 if ret_plugin:
                     logger.warning('Also it cannot run android-dependency-scanning plugin.')
             if ret_task:
@@ -126,11 +121,10 @@ class PackageManager:
                             self.parse_dependency_tree(ret)
                         else:
                             self.set_direct_dependencies(False)
-                            logger.warning("Failed to run allDeps task.")
+                            logger.warning(f"Fail to run {cmd}")
                     except Exception as e:
                         self.set_direct_dependencies(False)
-                        logger.error(f'Fail to run {cmd}: {e}')
-                        logger.warning('It cannot print the direct/transitive dependencies relationship.')
+                        logger.warning(f"Cannot print 'depends on' information. (fail {cmd}: {e})")
 
                 if ret_plugin:
                     cmd = f"{cmd_gradle} generateLicenseTxt"
@@ -157,6 +151,9 @@ class PackageManager:
                 if os.path.isfile(module_gradle_backup):
                     os.remove(module_build_gradle)
                     shutil.move(module_gradle_backup, module_build_gradle)
+        if os.path.isfile(self.input_file_name):
+            logger.info(f'Found {self.input_file_name}, skip to run plugin.')
+            ret_task = True
         return ret_task
 
     def add_android_plugin_in_gradle(self, module_build_gradle):
@@ -316,9 +313,8 @@ def connect_github(github_token):
     return g
 
 
-def get_github_license(g, github_repo, platform, license_scanner_bin):
+def get_github_license(g, github_repo):
     license_name = ''
-    tmp_license_txt_file_name = 'tmp_license.txt'
 
     try:
         repository = g.get_repo(github_repo)
@@ -334,96 +330,26 @@ def get_github_license(g, github_repo, platform, license_scanner_bin):
             if license_name == "" or license_name == "NOASSERTION":
                 try:
                     license_txt_data = base64.b64decode(repository.get_license().content).decode('utf-8')
-                    tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
-                    tmp_license_txt.write(license_txt_data)
-                    tmp_license_txt.close()
-                    license_name = check_and_run_license_scanner(platform, license_scanner_bin, tmp_license_txt_file_name)
+                    license_name = check_license_name(license_txt_data)
                 except Exception:
-                    logger.info("Cannot find the license name with license scanner binary.")
-
-                if os.path.isfile(tmp_license_txt_file_name):
-                    os.remove(tmp_license_txt_file_name)
+                    logger.info("Cannot find the license name with askalono.")
         except Exception:
             logger.info("Cannot find the license name with github api.")
 
     return license_name
 
 
-def check_license_scanner(platform):
-    license_scanner_bin = ''
-
-    if platform == const.LINUX:
-        license_scanner = _license_scanner_linux
-    elif platform == const.MACOS:
-        license_scanner = _license_scanner_macos
-    elif platform == const.WINDOWS:
-        license_scanner = _license_scanner_windows
-    else:
-        logger.debug("Not supported OS to analyze license text with binary.")
-
-    if license_scanner:
-        try:
-            base_path = sys._MEIPASS
-        except Exception:
-            base_path = os.path.dirname(__file__)
-
-        data_path = os.path.join(base_path, license_scanner)
-        license_scanner_bin = data_path
-
-    return license_scanner_bin
-
-
-def check_and_run_license_scanner(platform, license_scanner_bin, file_dir):
+def check_license_name(license_txt, is_filepath=False):
     license_name = ''
+    if is_filepath:
+        with open(license_txt, 'r', encoding='utf-8') as f:
+            license_content = f.read()
+    else:
+        license_content = license_txt
 
-    if not license_scanner_bin:
-        logger.error('Not supported OS for license scanner binary.')
-
-    try:
-        tmp_output_file_name = "tmp_license_scanner_output.txt"
-
-        if file_dir == "UNKNOWN":
-            license_name = ""
-        else:
-            if platform == const.LINUX:
-                run_license_scanner = f"{license_scanner_bin} {file_dir} > {tmp_output_file_name}"
-            elif platform == const.MACOS:
-                run_license_scanner = f"{license_scanner_bin} identify {file_dir} > {tmp_output_file_name}"
-            elif platform == const.WINDOWS:
-                run_license_scanner = f"{license_scanner_bin} identify {file_dir} > {tmp_output_file_name}"
-            else:
-                run_license_scanner = ''
-
-            if run_license_scanner is None:
-                license_name = ""
-                return license_name
-            else:
-                ret = subprocess.run(run_license_scanner, shell=True, stderr=subprocess.PIPE)
-                if ret.returncode != 0 or ret.stderr:
-                    os.remove(tmp_output_file_name)
-                    return ""
-
-            fp = open(tmp_output_file_name, "r", encoding='utf8')
-            license_output = fp.read()
-            fp.close()
-
-            if platform == const.LINUX:
-                license_output_re = re.findall(r'.*contains license\(s\)\s(.*)', license_output)
-            else:
-                license_output_re = re.findall(r"License:\s{1}(\S*)\s{1}", license_output)
-
-            if len(license_output_re) == 1:
-                license_name = license_output_re[0]
-                if license_name == "No_license_found":
-                    license_name = ""
-            else:
-                license_name = ""
-            os.remove(tmp_output_file_name)
-
-    except Exception as ex:
-        logger.error(f"Failed to run license scan binary. {ex}")
-        license_name = ""
-
+    detect_askalono = identify(license_content)
+    if detect_askalono.score > ASKALONO_THRESHOLD:
+        license_name = detect_askalono.name
     return license_name
 
 

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/package_manager/Carthage.py

@@ -9,8 +9,8 @@ import os
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import connect_github, get_github_license, check_and_run_license_scanner
-from fosslight_dependency._package_manager import get_url_to_purl
+from fosslight_dependency._package_manager import connect_github, get_github_license
+from fosslight_dependency._package_manager import get_url_to_purl, check_license_name
 from fosslight_dependency.dependency_item import DependencyItem
 from fosslight_util.oss_item import OssItem
 
@@ -79,9 +79,7 @@ class Carthage(PackageManager):
                                 for license_file_reg in license_file_regs:
                                     match_result = re.match(license_file_reg, filename_in_dir.lower())
                                     if match_result is not None:
-                                        license_name = check_and_run_license_scanner(self.platform,
-                                                                                     self.license_scanner_bin,
-                                                                                     filename_with_checkout_path)
+                                        license_name = check_license_name(filename_with_checkout_path, True)
                                         find_license = True
                                         break
                     if license_name == '':
@@ -89,7 +87,7 @@ class Carthage(PackageManager):
                             try:
                                 if not g:
                                     g = connect_github(self.github_token)
-                                license_name = get_github_license(g, oss_path, self.platform, self.license_scanner_bin)
+                                license_name = get_github_license(g, oss_path)
                             except Exception as e:
                                 logger.warning(f"Failed to get license with github api: {e}")
                                 license_name == ''

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/package_manager/Nuget.py

@@ -12,7 +12,7 @@ import requests
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
+from fosslight_dependency._package_manager import check_license_name, get_url_to_purl
 from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
 from fosslight_util.oss_item import OssItem
 
@@ -54,7 +54,8 @@ class Nuget(PackageManager):
                 oss_item.version = oss_version
 
                 license_name = ''
-                response = requests.get(f'{self.nuget_api_url}{oss_origin_name}/{oss_item.version}/{oss_origin_name}.nuspec')
+                response = requests.get(f'{self.nuget_api_url.lower()}{oss_origin_name.lower()}/ \
+                                        {oss_item.version.lower()}/{oss_origin_name.lower()}.nuspec')
                 if response.status_code == 200:
                     root = fromstring(response.text)
                     xmlns = ''
@@ -73,14 +74,9 @@ class Nuget(PackageManager):
                         if license_url is not None:
                             url_res = requests.get(license_url.text)
                             if url_res.status_code == 200:
-                                tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
-                                tmp_license_txt.write(url_res.text)
-                                tmp_license_txt.close()
-                                license_name_with_license_scanner = check_and_run_license_scanner(self.platform,
-                                                                                                  self.license_scanner_bin,
-                                                                                                  tmp_license_txt_file_name)
-                                if license_name_with_license_scanner != "":
-                                    license_name = license_name_with_license_scanner
+                                license_name_with_scanner = check_license_name(url_res.text)
+                                if license_name_with_scanner != "":
+                                    license_name = license_name_with_scanner
                                 else:
                                     license_name = license_url.text
                     oss_item.license = license_name

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/package_manager/Pub.py

@@ -10,11 +10,10 @@ import re
 import shutil
 import yaml
 import subprocess
-from askalono import identify
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import get_url_to_purl
+from fosslight_dependency._package_manager import get_url_to_purl, check_license_name
 from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
 from fosslight_util.oss_item import OssItem
 
@@ -135,9 +134,7 @@ class Pub(PackageManager):
                 purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
                 license_txt = json_data['license']
                 if license_txt is not None:
-                    detect_askalono = identify(license_txt)
-                    if detect_askalono.score > 0.7:
-                        oss_item.license = detect_askalono.name
+                    oss_item.license = check_license_name(license_txt)
 
                 if self.direct_dep:
                     if oss_origin_name not in self.total_dep_list:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/package_manager/Pypi.py

@@ -13,7 +13,7 @@ import re
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
+from fosslight_dependency._package_manager import check_license_name, get_url_to_purl
 from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
 from fosslight_util.oss_item import OssItem
 
@@ -111,7 +111,7 @@ class Pypi(PackageManager):
             install_cmd = cmd_separator.join(install_cmd_list)
         else:
             logger.error(const.SUPPORT_PACKAE[self.package_manager_name])
-            logger.error('Cannot create virtualenv becuase it cannot find: '
+            logger.error('Cannot create virtualenv because it cannot find: '
                          + ', '.join(const.SUPPORT_PACKAE[self.package_manager_name]))
             logger.error("Please run with '-a' and '-d' option.")
             return False
@@ -302,12 +302,7 @@ class Pypi(PackageManager):
                 if license_name is not None:
                     license_name = license_name.replace(';', ',')
                 else:
-                    license_file_dir = d['LicenseFile']
-                    license_name_with_lic_scanner = check_and_run_license_scanner(self.platform,
-                                                                                  self.license_scanner_bin,
-                                                                                  license_file_dir)
-                    if license_name_with_lic_scanner != "":
-                        license_name = license_name_with_lic_scanner
+                    license_name = check_license_name(d['LicenseFile'], True)
                 oss_item.license = license_name
 
                 if oss_init_name == self.package_name:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/package_manager/Swift.py

@@ -140,7 +140,7 @@ class Swift(PackageManager):
             github_repo = "/".join(oss_item.homepage.split('/')[-2:])
             dep_item.purl = get_url_to_purl(oss_item.download_location, self.package_manager_name, github_repo, oss_item.version)
             purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
-            oss_item.license = get_github_license(g, github_repo, self.platform, self.license_scanner_bin)
+            oss_item.license = get_github_license(g, github_repo)
 
             if self.direct_dep and len(self.direct_dep_list) > 0:
                 if oss_origin_name in self.direct_dep_list:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/package_manager/Unity.py

@@ -11,13 +11,12 @@ import requests
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
+from fosslight_dependency._package_manager import check_license_name, get_url_to_purl
 from fosslight_dependency.dependency_item import DependencyItem
 from fosslight_util.oss_item import OssItem
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 proprietary_license = 'Proprietary License'
-unclassifed_license = 'UnclassifiedLicense'
 license_md = 'LICENSE.md'
 third_party_md = 'Third Party Notices.md'
 
@@ -50,10 +49,8 @@ class Unity(PackageManager):
                 oss_packagecache_dir = os.path.join(self.packageCache_dir, f'{oss_item.name}@{oss_item.version}')
                 license_f = os.path.join(oss_packagecache_dir, license_md)
                 if os.path.isfile(license_f):
-                    license_name = check_and_run_license_scanner(self.platform,
-                                                                 self.license_scanner_bin,
-                                                                 license_f)
-                    if license_name == unclassifed_license or license_name == '':
+                    license_name = check_license_name(license_f, True)
+                    if license_name == '':
                         with open(license_f, 'r', encoding='utf-8') as f:
                             for line in f:
                                 matched_l = re.search(r'Unity\s[\s\w]*\sLicense', line)

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency/run_dependency_scanner.py

@@ -51,17 +51,17 @@ def paginate_file(file_path):
             input("Press Enter to see the next page...")
 
 
-def find_package_manager(input_dir, abs_path_to_exclude=[]):
+def find_package_manager(input_dir, abs_path_to_exclude=[], manifest_file_name=[]):
     ret = True
-    manifest_file_name = []
-    for value in const.SUPPORT_PACKAE.values():
-        if isinstance(value, list):
-            manifest_file_name.extend(value)
-        else:
-            manifest_file_name.append(value)
+    if not manifest_file_name:
+        for value in const.SUPPORT_PACKAE.values():
+            if isinstance(value, list):
+                manifest_file_name.extend(value)
+            else:
+                manifest_file_name.append(value)
 
     found_manifest_file = []
-    for (parent, _, files) in os.walk(input_dir):
+    for parent, dirs, files in os.walk(input_dir):
         if len(files) < 1:
             continue
         if os.path.basename(parent) in _exclude_dir:
@@ -76,6 +76,13 @@ def find_package_manager(input_dir, abs_path_to_exclude=[]):
                 continue
             if file in manifest_file_name:
                 found_manifest_file.append(file)
+        for dir in dirs:
+            for manifest_f in manifest_file_name:
+                manifest_l = manifest_f.split(os.path.sep)
+                if len(manifest_l) > 1:
+                    if manifest_l[0] == dir:
+                        if os.path.exists(os.path.join(parent, manifest_f)):
+                            found_manifest_file.append(manifest_f)
         if len(found_manifest_file) > 0:
             input_dir = parent
             break
@@ -99,7 +106,7 @@ def find_package_manager(input_dir, abs_path_to_exclude=[]):
         logger.warning(f"### Set Package Manager = {', '.join(found_package_manager.keys())}")
     else:
         ret = False
-        logger.info("It cannot find the manifest file.")
+        logger.info("Cannot find the manifest file.")
 
     return ret, found_package_manager, input_dir
 
@@ -168,17 +175,6 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
         logger.error(msg)
         return False, scan_item
 
-    autodetect = True
-    if package_manager:
-        autodetect = False
-        support_packagemanager = list(const.SUPPORT_PACKAE.keys())
-
-        if package_manager not in support_packagemanager:
-            logger.error(f"(-m option) You entered the unsupported package manager({package_manager}).")
-            logger.error("Please enter the supported package manager({0}) with '-m' option."
-                         .format(", ".join(support_packagemanager)))
-            return False, scan_item
-
     if input_dir:
         if os.path.isdir(input_dir):
             os.chdir(input_dir)
@@ -192,20 +188,44 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
         os.chdir(input_dir)
     scan_item.set_cover_pathinfo(input_dir, path_to_exclude)
 
+    autodetect = True
     found_package_manager = {}
-    if autodetect:
-        try:
-            ret, found_package_manager, input_dir = find_package_manager(input_dir, abs_path_to_exclude)
+    if package_manager:
+        autodetect = False
+        support_packagemanager = list(const.SUPPORT_PACKAE.keys())
+
+        if package_manager not in support_packagemanager:
+            logger.error(f"(-m option) You entered the unsupported package manager({package_manager}).")
+            logger.error("Please enter the supported package manager({0}) with '-m' option."
+                         .format(", ".join(support_packagemanager)))
+            return False, scan_item
+        manifest_file_name = []
+        value = const.SUPPORT_PACKAE[package_manager]
+        if isinstance(value, list):
+            manifest_file_name.extend(value)
+        else:
+            manifest_file_name.append(value)
+        scan_item.set_cover_comment(f"Manual detect mode (-m {package_manager})")
+    else:
+        manifest_file_name = []
+
+    try:
+        ret, found_package_manager, input_dir = find_package_manager(input_dir, abs_path_to_exclude, manifest_file_name)
+        if ret:
             os.chdir(input_dir)
-        except Exception as e:
+    except Exception as e:
+        if autodetect:
             logger.error(f'Fail to find package manager: {e}')
             ret = False
-        finally:
-            if not ret:
-                logger.warning("Dependency scanning terminated because the package manager was not found.")
+    finally:
+        if not ret:
+            if not autodetect:
+                logger.info('Try to analyze dependency without manifest file. (Manual mode)')
+                found_package_manager[package_manager] = []
+            else:
+                logger.error("Terminated: package manager could not be found.")
                 ret = False
-    else:
-        found_package_manager[package_manager] = ["manual detect ('-m option')"]
+                return False, scan_item
 
     pass_key = 'PASS'
     success_pm = []
@@ -242,7 +262,8 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
                        'and https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html#-prerequisite.'
             scan_item.set_cover_comment(f"Analysis failed Package manager: {', '.join(fail_pm)} ({info_msg})")
     else:
-        scan_item.set_cover_comment("No Package manager detected.")
+        if autodetect:
+            scan_item.set_cover_comment("No Package manager detected.")
 
     if ret and graph_path:
         graph_path = os.path.abspath(graph_path)

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.8}/src/fosslight_dependency.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-dependency
-Version: 4.1.7
+Version: 4.1.8
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics
@@ -164,8 +164,8 @@ Description: <!--
 Platform: UNKNOWN
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Description-Content-Type: text/markdown