fosslight-util 2.1.10__py3-none-any.whl → 2.1.12__py3-none-any.whl

fosslight_util/correct.py

@@ -61,17 +61,15 @@ def correct_with_yaml(correct_filepath, path_to_scan, scan_item):
 
                     yaml_path_exists = True
                     exclude_fileitems.append(idx)
-
-            if not yaml_path_exists:
+            if scanner_name == FOSSLIGHT_SOURCE and not yaml_path_exists:
                 correct_item = copy.deepcopy(yaml_file_item)
                 if os.path.exists(os.path.normpath(yaml_file_item.source_name_or_path)):
                     correct_item.comment = 'Loaded from sbom-info.yaml'
                     correct_fileitems.append(correct_item)
                 else:
-                    if scanner_name == FOSSLIGHT_SOURCE:
-                        correct_item.exclude = True
-                        correct_item.comment = 'Added by sbom-info.yaml'
-                        correct_fileitems.append(correct_item)
+                    correct_item.exclude = True
+                    correct_item.comment = 'Added by sbom-info.yaml'
+                    correct_fileitems.append(correct_item)
         if correct_fileitems:
             scan_item.append_file_items(correct_fileitems, scanner_name)
             find_match = True

fosslight_util/download.py

@@ -123,8 +123,10 @@ def cli_download_and_extract(link: str, target_dir: str, log_dir: str, checkout_
             is_rubygems = src_info.get("rubygems", False)
 
             # General download (git clone, wget)
-            success_git, msg, oss_name, oss_version = download_git_clone(link, target_dir, checkout_to,
-                                                                         tag, branch, ssh_key, id, git_token)
+            success_git, msg, oss_name, oss_version = download_git_clone(link, target_dir,
+                                                                         checkout_to,
+                                                                         tag, branch,
+                                                                         ssh_key, id, git_token)
             link = change_ssh_link_to_https(link)
             if (not is_rubygems) and (not success_git):
                 if os.path.isfile(target_dir):
@@ -205,27 +207,21 @@ def get_github_token(git_url):
 def download_git_repository(refs_to_checkout, git_url, target_dir, tag):
     success = False
     oss_version = ""
-    clone_default_branch_flag = False
 
     logger.info(f"Download git url :{git_url}")
     if refs_to_checkout:
         try:
             # gitPython uses the branch argument the same whether you check out to a branch or a tag.
-            repo = Repo.clone_from(git_url, target_dir, branch=refs_to_checkout)
+            Repo.clone_from(git_url, target_dir, branch=refs_to_checkout)
             success = True
+            oss_version = refs_to_checkout
         except GitCommandError as error:
             logger.debug(f"Git checkout error:{error}")
             success = False
 
     if not success:
-        repo = Repo.clone_from(git_url, target_dir)
-        clone_default_branch_flag = True
+        Repo.clone_from(git_url, target_dir)
         success = True
-
-    if refs_to_checkout != tag or clone_default_branch_flag:
-        oss_version = repo.active_branch.name
-    else:
-        oss_version = repo.git.describe('--tags')
     return success, oss_version
 
 

fosslight_util/write_cyclonedx.py

@@ -73,7 +73,7 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         comp_type = ComponentType.LIBRARY
 
                     for oss_item in file_item.oss_items:
-                        if oss_item.name == '':
+                        if oss_item.name == '' or oss_item.name == '-':
                             if scanner_name == FOSSLIGHT_DEPENDENCY:
                                 continue
                             else:
@@ -93,7 +93,8 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         if scanner_name == FOSSLIGHT_DEPENDENCY and file_item.purl:
                             comp.purl = PackageURL.from_string(file_item.purl)
                         if scanner_name != FOSSLIGHT_DEPENDENCY:
-                            comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
+                            if file_item.checksum != '0':
+                                comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
 
                         if oss_item.download_location != '':
                             comp.external_references = [ExternalReference(url=XsUri(oss_item.download_location),

fosslight_util/write_scancodejson.py

@@ -6,7 +6,7 @@
 import logging
 import os
 import json
-from fosslight_util.constant import LOGGER_NAME
+from fosslight_util.constant import LOGGER_NAME, FOSSLIGHT_DEPENDENCY
 from fosslight_util.oss_item import ScannerItem
 from typing import List
 
@@ -20,22 +20,27 @@ def write_scancodejson(output_dir: str, output_filename: str, oss_list: List[Sca
     json_output['summary'] = {}
     json_output['license_detections'] = []
     json_output['files'] = []
+    json_output['dependencies'] = []
 
-    for file_items in oss_list.file_items.values():
+    for scanner, file_items in oss_list.file_items.items():
         for fi in file_items:
-            if fi.exclude:
-                continue
-            if fi.oss_items and (all(oss_item.exclude for oss_item in fi.oss_items)):
-                continue
-            if not fi.source_name_or_path:
-                fi.source_name_or_path = EMPTY_FILE_PATH
-            json_output['files'] = add_item_in_files(fi, json_output['files'])
+            if scanner == FOSSLIGHT_DEPENDENCY:
+                json_output['dependencies'] = add_item_in_deps(fi, json_output['dependencies'])
+            else:
+                if fi.exclude:
+                    continue
+                if fi.oss_items and (all(oss_item.exclude for oss_item in fi.oss_items)):
+                    continue
+                if not fi.source_name_or_path:
+                    fi.source_name_or_path = EMPTY_FILE_PATH
+                json_output['files'] = add_item_in_files(fi, json_output['files'])
 
     with open(os.path.join(output_dir, output_filename), 'w') as f:
         json.dump(json_output, f, sort_keys=False, indent=4)
 
 
-def append_oss_item_in_filesitem(oss_items, files_item):
+def get_oss_item_list(oss_items):
+    scan_oss_items = []
     for oi in oss_items:
         if oi.exclude:
             continue
@@ -46,9 +51,9 @@ def append_oss_item_in_filesitem(oss_items, files_item):
         oss_item['copyright'] = oi.copyright
         oss_item['download_location'] = oi.download_location
         oss_item['comment'] = oi.comment
-        files_item['oss'].append(oss_item)
+        scan_oss_items.append(oss_item)
 
-    return files_item
+    return scan_oss_items
 
 
 def add_item_in_files(file_item, files_list):
@@ -57,8 +62,20 @@ def add_item_in_files(file_item, files_list):
     files_item['name'] = os.path.basename(file_item.source_name_or_path)
     files_item['is_binary'] = file_item.is_binary
     files_item['base_name'], files_item['extension'] = os.path.splitext(os.path.basename(file_item.source_name_or_path))
-    files_item['oss'] = []
-    files_item = append_oss_item_in_filesitem(file_item.oss_items, files_item)
+    files_item['oss'] = get_oss_item_list(file_item.oss_items)
+
     files_list.append(files_item)
 
     return files_list
+
+
+def add_item_in_deps(file_item, deps_list):
+    deps_item = {}
+    deps_item['purl'] = file_item.purl
+    deps_item['scope'] = 'dependencies'
+    deps_item['depends_on'] = file_item.depends_on
+    deps_item['oss'] = get_oss_item_list(file_item.oss_items)
+
+    deps_list.append(deps_item)
+
+    return deps_list

{fosslight_util-2.1.10.dist-info → fosslight_util-2.1.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-util
-Version: 2.1.10
+Version: 2.1.12
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics

{fosslight_util-2.1.10.dist-info → fosslight_util-2.1.12.dist-info}/RECORD

@@ -2,9 +2,9 @@ fosslight_util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 fosslight_util/_get_downloadable_url.py,sha256=V-wjCHBNFOthOt1tMb6ZCJY7UnlrB_6JI0CFx03AARk,9310
 fosslight_util/compare_yaml.py,sha256=eLqqCLgERxRHN5vsnpQVMXIEU862Lx66mD_y4uMgQE4,2916
 fosslight_util/constant.py,sha256=Ig3ACm9_QirE4389Wt-IfxOqRkVOUjqGnX1B05z2Byo,2151
-fosslight_util/correct.py,sha256=3iUipan8ZX8sbyIIGAPtMkAGvZ4YucjeJwx1K1Bx_z4,3897
+fosslight_util/correct.py,sha256=1WEAL-9_KhjFPLucPhv0PNN3K7avm0z8mU6sTuSyeHM,3864
 fosslight_util/cover.py,sha256=qqqKzxqFwKimal764FaugRUBcHWdeKt8af6xeK0mH8E,2040
-fosslight_util/download.py,sha256=bCKvW76XJTnKMAUW5sJZxg_wBUhiybXovJuL04W4P4c,16364
+fosslight_util/download.py,sha256=5nLe0oE1pUHEawM4kLlryusPBlk6ptEvy4HtqwFmCMs,16292
 fosslight_util/exclude.py,sha256=fDmBsZJ_F7O9Oh2T-07R03XNbElo1tFaf_z01KfSAqU,2399
 fosslight_util/help.py,sha256=M3_XahUkP794US9Q0NS6ujmGvrFFnKBHsTU95Fg1KpA,2181
 fosslight_util/oss_item.py,sha256=8W2HlwqGH3l1iPPdvycrRYKsBSBpqAkqYyYtBVPgMtY,6868
@@ -14,19 +14,19 @@ fosslight_util/read_excel.py,sha256=-QvrdxaNqYOpIm1H7ZqIEh5NLvFPymZo6BAOZcQmQug,
 fosslight_util/set_log.py,sha256=Xpa94AiOyGEK8ucaYkvkAllvlen1Pq_d6UG6kPYBYBc,3780
 fosslight_util/spdx_licenses.py,sha256=GvMNe_D4v2meapTVwPu2BJXInnTo3_gIzg669eJhUu0,3691
 fosslight_util/timer_thread.py,sha256=5VbZENQPD-N0NUmzEktqGr6Am-e7vxD79K05mmr29g0,433
-fosslight_util/write_cyclonedx.py,sha256=pJnUpBz_cWH4jCSyulaiZI8h--rIUTby5ijYm7rWf8w,9576
+fosslight_util/write_cyclonedx.py,sha256=hq817j-0OM89B8jtZKgHgvVa0YEaYHlz_8R5vNpe21I,9662
 fosslight_util/write_excel.py,sha256=G0fIslbWoOtWZCJxbBGLCpUKbhmwrrqhI5PHwRw8_44,9931
 fosslight_util/write_opossum.py,sha256=ltmo6SkugKWdAYupeCqwE4-3lua0GwLpix1XqFC-tT8,11678
-fosslight_util/write_scancodejson.py,sha256=81n7cWNYoyIKE_V4Kx5YtL2CgjMPIjoKdnSU3inkpJY,2163
+fosslight_util/write_scancodejson.py,sha256=dMCjTtUnNR5BCL6gBCleDT8bTSAN5Gg2RAfimmkGXUE,2692
 fosslight_util/write_spdx.py,sha256=Ov9jBlfVrkWIymcfAxbupUxDZKfCOZZGOPZ4v-x230M,12108
 fosslight_util/write_txt.py,sha256=BEFjYBppqk1CITx-fUN4vfvKv0XCs1GXWtc2Iu-etU4,629
 fosslight_util/write_yaml.py,sha256=QlEKoIPQsEaYERfbP53TeKgnllYzhLQWm5wYjnWtVjE,3238
 fosslight_util/resources/frequentLicenselist.json,sha256=GUhzK6tu7ok10fekOnmVmUgIGRC-acGABZKTNKfDyYA,4776157
 fosslight_util/resources/frequent_license_nick_list.json,sha256=ryU2C_6ZxHbz90_sUN9OvI9GXkCMLu7oGcmd9W79YYo,5005
 fosslight_util/resources/licenses.json,sha256=mK55z-bhY7Mjpj2KsO1crKGGL-X3F6MBFQJ0zLlx010,240843
-fosslight_util-2.1.10.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-fosslight_util-2.1.10.dist-info/METADATA,sha256=hrTDUyLgUPTP6VsjzEIBqJKKAaYmGFFXuChOb_hnXWw,6500
-fosslight_util-2.1.10.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
-fosslight_util-2.1.10.dist-info/entry_points.txt,sha256=bzXX5i7HZ13V8BLKvtu_9KO3ZjtRypH-XszOXT6I3bU,69
-fosslight_util-2.1.10.dist-info/top_level.txt,sha256=2qyYWGLakgBRy4BqoBNt-I5C29tBr_e93e5e1pbuTGA,15
-fosslight_util-2.1.10.dist-info/RECORD,,
+fosslight_util-2.1.12.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+fosslight_util-2.1.12.dist-info/METADATA,sha256=MQjn_S8SMaHujkl1VVW4Mdkj4xGuC5MvaKakx9mCtLY,6500
+fosslight_util-2.1.12.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
+fosslight_util-2.1.12.dist-info/entry_points.txt,sha256=bzXX5i7HZ13V8BLKvtu_9KO3ZjtRypH-XszOXT6I3bU,69
+fosslight_util-2.1.12.dist-info/top_level.txt,sha256=2qyYWGLakgBRy4BqoBNt-I5C29tBr_e93e5e1pbuTGA,15
+fosslight_util-2.1.12.dist-info/RECORD,,