fosslight-util 2.1.10__tar.gz → 2.1.18__tar.gz

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_util
-Version: 2.1.10
+Version: 2.1.18
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/setup.py

@@ -14,7 +14,7 @@ with open('requirements.txt', 'r', 'utf-8') as f:
 if __name__ == "__main__":
     setup(
         name='fosslight_util',
-        version='2.1.10',
+        version='2.1.18',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Util',

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/_get_downloadable_url.py

@@ -27,7 +27,7 @@ def extract_name_version_from_link(link):
                 origin_name = match.group(1)
                 if (key == "pypi") or (key == "pypi2"):
                     oss_name = f"pypi:{origin_name}"
-                    oss_name = re.sub(r"[-_.]+", "-", oss_name).lower()
+                    oss_name = re.sub(r"[-_.]+", "-", oss_name)
                     oss_version = match.group(2)
                 elif key == "maven":
                     artifact = match.group(2)
@@ -42,12 +42,20 @@ def extract_name_version_from_link(link):
                     oss_version = match.group(2)
                 elif key == "cocoapods":
                     oss_name = f"cocoapods:{origin_name}"
+                elif key == "go":
+                    if origin_name.endswith('/'):
+                        origin_name = origin_name[:-1]
+                    oss_name = f"go:{origin_name}"
+                    oss_version = match.group(2)
+                elif key == "cargo":
+                    oss_name = f"cargo:{origin_name}"
+                    oss_version = match.group(2)
             except Exception as ex:
                 logger.info(f"extract_name_version_from_link {key}:{ex}")
             if oss_name and (not oss_version):
-                if key in ["pypi", "maven", "npm", "npm2", "pub"]:
+                if key in ["pypi", "maven", "npm", "npm2", "pub", "go"]:
                     oss_version, link = get_latest_package_version(link, key, origin_name)
-                    logger.debug(f'Try to download with the latest version:{link}')
+                    logger.info(f'Try to download with the latest version:{link}')
             break
     return oss_name, oss_version, link, key
 
@@ -76,8 +84,13 @@ def get_latest_package_version(link, pkg_type, oss_name):
             if pub_response.status_code == 200:
                 find_version = pub_response.json().get('latest').get('version')
             link_with_version = f'https://pub.dev/packages/{oss_name}/versions/{find_version}'
+        elif pkg_type == 'go':
+            go_response = requests.get(f'https://proxy.golang.org/{oss_name}/@latest')
+            if go_response.status_code == 200:
+                find_version = go_response.json().get('Version')
+            link_with_version = f'https://pkg.go.dev/{oss_name}@{find_version}'
     except Exception as e:
-        logger.debug(f'Fail to get latest package version({link}:{e})')
+        logger.info(f'Fail to get latest package version({link}:{e})')
     return find_version, link_with_version
 
 
@@ -98,8 +111,66 @@ def get_downloadable_url(link):
         ret, result_link = get_download_location_for_npm(new_link)
     elif pkg_type == "pub":
         ret, result_link = get_download_location_for_pub(new_link)
+    elif pkg_type == "go":
+        ret, result_link = get_download_location_for_go(new_link)
+    elif pkg_type == "cargo":
+        ret, result_link = get_download_location_for_cargo(new_link)
+    return ret, result_link, oss_name, oss_version, pkg_type
+
+
+def get_download_location_for_cargo(link):
+    # get the url for downloading source file: https://crates.io/api/v1/crates/<name>/<version>/download
+    ret = False
+    new_link = ''
+    host = 'https://crates.io/api/v1/crates'
+
+    try:
+        dn_loc_re = re.findall(r'crates.io\/crates\/([^\/]+)\/?([^\/]*)', link)
+        if dn_loc_re:
+            oss_name = dn_loc_re[0][0]
+            oss_version = dn_loc_re[0][1]
 
-    return ret, result_link, oss_name, oss_version
+            new_link = f'{host}/{oss_name}/{oss_version}/download'
+            res = urlopen(new_link)
+            if res.getcode() == 200:
+                ret = True
+            else:
+                logger.warning(f'Cannot find the valid link for cargo (url:{new_link}')
+    except Exception as error:
+        ret = False
+        logger.warning(f'Cannot find the link for cargo (url:{link}({(new_link)})): {error}')
+
+    return ret, new_link
+
+
+def get_download_location_for_go(link):
+    # get the url for downloading source file: https://proxy.golang.org/<module>/@v/VERSION.zip
+    ret = False
+    new_link = ''
+    host = 'https://proxy.golang.org'
+
+    try:
+        dn_loc_re = re.findall(r'pkg.go.dev\/([^\@]+)\@?([^\/]*)', link)
+        if dn_loc_re:
+            oss_name = dn_loc_re[0][0]
+            if oss_name.endswith('/'):
+                oss_name = oss_name[:-1]
+            oss_version = dn_loc_re[0][1]
+
+            new_link = f'{host}/{oss_name}/@v/{oss_version}.zip'
+        try:
+            res = urlopen(new_link)
+            if res.getcode() == 200:
+                ret = True
+            else:
+                logger.warning(f'Cannot find the valid link for go (url:{new_link}')
+        except Exception as e:
+            logger.warning(f'Fail to find the valid link for go (url:{new_link}: {e}')
+    except Exception as error:
+        ret = False
+        logger.warning(f'Cannot find the link for go (url:{link}({(new_link)})): {error}')
+
+    return ret, new_link
 
 
 def get_download_location_for_pypi(link):
@@ -111,7 +182,7 @@ def get_download_location_for_pypi(link):
     try:
         dn_loc_re = re.findall(r'pypi.org\/project\/?([^\/]*)\/?([^\/]*)', link)
         oss_name = dn_loc_re[0][0]
-        oss_name = re.sub(r"[-_.]+", "-", oss_name).lower()
+        oss_name = re.sub(r"[-_.]+", "-", oss_name)
         oss_version = dn_loc_re[0][1]
 
         new_link = f'{host}/packages/source/{oss_name[0]}/{oss_name}/{oss_name}-{oss_version}.tar.gz'
@@ -122,7 +193,7 @@ def get_download_location_for_pypi(link):
             else:
                 logger.warning(f'Cannot find the valid link for pypi (url:{new_link}')
         except Exception:
-            oss_name = re.sub(r"[-]+", "_", oss_name).lower()
+            oss_name = re.sub(r"[-]+", "_", oss_name)
             new_link = f'{host}/packages/source/{oss_name[0]}/{oss_name}/{oss_name}-{oss_version}.tar.gz'
             res = urlopen(new_link)
             if res.getcode() == 200:

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/constant.py

@@ -35,6 +35,7 @@ SHEET_NAME_FOR_SCANNER = {
 # pub: https://pub.dev/packages/(package)/versions/(version)
 # Cocoapods : https://cocoapods.org/(package)
 # go : https://pkg.go.dev/(package_name_with_slash)@(version)
+# cargo : https://crates.io/crates/(crate_name)/(version)
 PKG_PATTERN = {
     "pypi": r'https?:\/\/pypi\.org\/project\/([^\/]+)[\/]?([^\/]*)',
     "pypi2": r'https?:\/\/files\.pythonhosted\.org\/packages\/source\/[\w]\/([^\/]+)\/[\S]+-([^\-]+)\.tar\.gz',
@@ -43,5 +44,6 @@ PKG_PATTERN = {
     "npm2": r'https?:\/\/www\.npmjs\.com\/package\/(\@[^\/]+\/[^\/]+)(?:\/v\/)?([^\/]*)',
     "pub": r'https?:\/\/pub\.dev\/packages\/([^\/]+)(?:\/versions\/)?([^\/]*)',
     "cocoapods": r'https?:\/\/cocoapods\.org\/pods\/([^\/]+)',
-    "go": r'https?:\/\/pkg.go.dev\/([^\@]+)\@?v?([^\/]*)'
+    "go": r'https?:\/\/pkg.go.dev\/([^\@]+)\@?v?([^\/]*)',
+    "cargo": r'https?:\/\/crates\.io\/crates\/([^\/]+)\/?([^\/]*)',
 }

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/correct.py

@@ -61,17 +61,15 @@ def correct_with_yaml(correct_filepath, path_to_scan, scan_item):
 
                     yaml_path_exists = True
                     exclude_fileitems.append(idx)
-
-            if not yaml_path_exists:
+            if scanner_name == FOSSLIGHT_SOURCE and not yaml_path_exists:
                 correct_item = copy.deepcopy(yaml_file_item)
                 if os.path.exists(os.path.normpath(yaml_file_item.source_name_or_path)):
                     correct_item.comment = 'Loaded from sbom-info.yaml'
                     correct_fileitems.append(correct_item)
                 else:
-                    if scanner_name == FOSSLIGHT_SOURCE:
-                        correct_item.exclude = True
-                        correct_item.comment = 'Added by sbom-info.yaml'
-                        correct_fileitems.append(correct_item)
+                    correct_item.exclude = True
+                    correct_item.comment = 'Added by sbom-info.yaml'
+                    correct_fileitems.append(correct_item)
         if correct_fileitems:
             scan_item.append_file_items(correct_fileitems, scanner_name)
             find_match = True

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/download.py

@@ -26,6 +26,7 @@ import platform
 import subprocess
 import re
 from typing import Tuple
+import urllib.parse
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 compression_extension = {".tar.bz2", ".tar.gz", ".tar.xz", ".tgz", ".tar", ".zip", ".jar", ".bz2"}
@@ -94,7 +95,8 @@ def parse_src_link(src_link):
 
 def cli_download_and_extract(link: str, target_dir: str, log_dir: str, checkout_to: str = "",
                              compressed_only: bool = False, ssh_key: str = "",
-                             id: str = "", git_token: str = "") -> Tuple[bool, str, str, str]:
+                             id: str = "", git_token: str = "",
+                             called_cli: bool = True) -> Tuple[bool, str, str, str]:
     global logger
 
     success = True
@@ -123,8 +125,11 @@ def cli_download_and_extract(link: str, target_dir: str, log_dir: str, checkout_
             is_rubygems = src_info.get("rubygems", False)
 
             # General download (git clone, wget)
-            success_git, msg, oss_name, oss_version = download_git_clone(link, target_dir, checkout_to,
-                                                                         tag, branch, ssh_key, id, git_token)
+            success_git, msg, oss_name, oss_version = download_git_clone(link, target_dir,
+                                                                         checkout_to,
+                                                                         tag, branch,
+                                                                         ssh_key, id, git_token,
+                                                                         called_cli)
             link = change_ssh_link_to_https(link)
             if (not is_rubygems) and (not success_git):
                 if os.path.isfile(target_dir):
@@ -202,34 +207,44 @@ def get_github_token(git_url):
     return github_token
 
 
-def download_git_repository(refs_to_checkout, git_url, target_dir, tag):
+def download_git_repository(refs_to_checkout, git_url, target_dir, tag, called_cli=True):
     success = False
     oss_version = ""
-    clone_default_branch_flag = False
 
     logger.info(f"Download git url :{git_url}")
+    env = os.environ.copy()
+    if not called_cli:
+        env["GIT_TERMINAL_PROMPT"] = "0"
     if refs_to_checkout:
         try:
             # gitPython uses the branch argument the same whether you check out to a branch or a tag.
-            repo = Repo.clone_from(git_url, target_dir, branch=refs_to_checkout)
-            success = True
+            Repo.clone_from(git_url, target_dir, branch=refs_to_checkout, env=env)
+            if any(Path(target_dir).iterdir()):
+                success = True
+                oss_version = refs_to_checkout
+                logger.info(f"Files found in {target_dir} after clone.")
+            else:
+                logger.info(f"No files found in {target_dir} after clone.")
+                success = False
         except GitCommandError as error:
-            logger.debug(f"Git checkout error:{error}")
+            logger.info(f"Git checkout error:{error}")
+            success = False
+        except Exception as e:
+            logger.info(f"Repo.clone_from error:{e}")
             success = False
 
     if not success:
-        repo = Repo.clone_from(git_url, target_dir)
-        clone_default_branch_flag = True
-        success = True
-
-    if refs_to_checkout != tag or clone_default_branch_flag:
-        oss_version = repo.active_branch.name
-    else:
-        oss_version = repo.git.describe('--tags')
+        Repo.clone_from(git_url, target_dir, env=env)
+        if any(Path(target_dir).iterdir()):
+            success = True
+        else:
+            logger.info(f"No files found in {target_dir} after clone.")
+            success = False
     return success, oss_version
 
 
-def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch="", ssh_key="", id="", git_token=""):
+def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch="",
+                       ssh_key="", id="", git_token="", called_cli=True):
     oss_name = get_github_ossname(git_url)
     refs_to_checkout = decide_checkout(checkout_to, tag, branch)
     msg = ""
@@ -253,17 +268,19 @@ def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch="", s
                 logger.info(f"Download git with ssh_key:{git_url}")
                 git_ssh_cmd = f'ssh -i {ssh_key}'
                 with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
-                    success, oss_version = download_git_repository(refs_to_checkout, git_url, target_dir, tag)
+                    success, oss_version = download_git_repository(refs_to_checkout, git_url, target_dir, tag, called_cli)
             else:
                 if id and git_token:
                     try:
                         m = re.match(r"^(ht|f)tp(s?)\:\/\/", git_url)
                         protocol = m.group()
                         if protocol:
-                            git_url = git_url.replace(protocol, f"{protocol}{id}:{git_token}@")
+                            encoded_git_token = urllib.parse.quote(git_token, safe='')
+                            encoded_id = urllib.parse.quote(id, safe='')
+                            git_url = git_url.replace(protocol, f"{protocol}{encoded_id}:{encoded_git_token}@")
                     except Exception as error:
                         logger.info(f"Failed to insert id, token to git url:{error}")
-                success, oss_version = download_git_repository(refs_to_checkout, git_url, target_dir, tag)
+                success, oss_version = download_git_repository(refs_to_checkout, git_url, target_dir, tag, called_cli)
 
             logger.info(f"git checkout: {oss_version}")
             refs_to_checkout = oss_version
@@ -297,7 +314,7 @@ def download_wget(link, target_dir, compressed_only):
 
         Path(target_dir).mkdir(parents=True, exist_ok=True)
 
-        ret, new_link, oss_name, oss_version = get_downloadable_url(link)
+        ret, new_link, oss_name, oss_version, pkg_type = get_downloadable_url(link)
         if ret and new_link:
             link = new_link
 
@@ -306,6 +323,9 @@ def download_wget(link, target_dir, compressed_only):
                 if link.endswith(ext):
                     success = True
                     break
+            if not success:
+                if pkg_type == 'cargo':
+                    success = True
         else:
             success = True
 
@@ -313,7 +333,11 @@ def download_wget(link, target_dir, compressed_only):
             raise Exception('Not supported compression type (link:{0})'.format(link))
 
         logger.info(f"wget: {link}")
-        downloaded_file = wget.download(link, target_dir)
+        if pkg_type == 'cargo':
+            outfile = os.path.join(target_dir, f'{oss_name}.tar.gz')
+            downloaded_file = wget.download(link, out=outfile)
+        else:
+            downloaded_file = wget.download(link, target_dir)
         if platform.system() != "Windows":
             signal.alarm(0)
         else:

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/help.py

@@ -3,7 +3,10 @@
 # Copyright (c) 2021 LG Electronics Inc.
 # SPDX-License-Identifier: Apache-2.0
 import sys
-import pkg_resources
+try:
+    from importlib.metadata import version, PackageNotFoundError
+except ImportError:
+    from importlib_metadata import version, PackageNotFoundError  # Python <3.8
 
 _HELP_MESSAGE_COMMON = """
          _______  _______  _______  _______  ___      ___           __
@@ -50,7 +53,10 @@ class PrintHelpMsg():
 def print_package_version(pkg_name: str, msg: str = "", exitopt: bool = True) -> str:
     if msg == "":
         msg = f"{pkg_name} Version:"
-    cur_version = pkg_resources.get_distribution(pkg_name).version
+    try:
+        cur_version = version(pkg_name)
+    except PackageNotFoundError:
+        cur_version = "unknown"
 
     if exitopt:
         print(f'{msg} {cur_version}')

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/set_log.py

@@ -6,7 +6,6 @@
 import logging
 import os
 from pathlib import Path
-import pkg_resources
 import sys
 import platform
 from . import constant as constant
@@ -15,6 +14,11 @@ import coloredlogs
 from typing import Tuple
 from logging import Logger
 
+try:
+    from importlib.metadata import version, PackageNotFoundError
+except ImportError:
+    from importlib_metadata import version, PackageNotFoundError  # Python <3.8
+
 
 def init_check_latest_version(pkg_version="", main_package_name=""):
 
@@ -92,9 +96,11 @@ def init_log(log_file: str, create_file: bool = True, stream_log_level: int = lo
     if main_package_name != "":
         pkg_info = main_package_name
         try:
-            pkg_version = pkg_resources.get_distribution(main_package_name).version
+            pkg_version = version(main_package_name)
             init_check_latest_version(pkg_version, main_package_name)
             pkg_info = main_package_name + " v" + pkg_version
+        except PackageNotFoundError:
+            logger.debug('Cannot check the version: Package not found')
         except Exception as error:
             logger.debug('Cannot check the version:' + str(error))
         _result_log["Tool Info"] = pkg_info

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/write_cyclonedx.py

@@ -73,7 +73,7 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         comp_type = ComponentType.LIBRARY
 
                     for oss_item in file_item.oss_items:
-                        if oss_item.name == '':
+                        if oss_item.name == '' or oss_item.name == '-':
                             if scanner_name == FOSSLIGHT_DEPENDENCY:
                                 continue
                             else:
@@ -93,7 +93,8 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         if scanner_name == FOSSLIGHT_DEPENDENCY and file_item.purl:
                             comp.purl = PackageURL.from_string(file_item.purl)
                         if scanner_name != FOSSLIGHT_DEPENDENCY:
-                            comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
+                            if file_item.checksum != '0':
+                                comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
 
                         if oss_item.download_location != '':
                             comp.external_references = [ExternalReference(url=XsUri(oss_item.download_location),

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/write_excel.py

@@ -34,6 +34,7 @@ IDX_FILE = 0
 IDX_EXCLUDE = 7
 logger = logging.getLogger(LOGGER_NAME)
 COVER_SHEET_NAME = 'Scanner Info'
+MAX_EXCEL_URL_LENGTH = 255
 
 
 def get_header_row(sheet_name, extended_header={}):
@@ -181,7 +182,10 @@ def write_result_to_sheet(worksheet, sheet_contents):
     for row_item in sheet_contents:
         worksheet.write(row, 0, row)
         for col_num, value in enumerate(row_item):
-            worksheet.write(row, col_num + 1, str(value))
+            if len(value) > MAX_EXCEL_URL_LENGTH and (value.startswith("http://") or value.startswith("https://")):
+                worksheet.write_string(row, col_num + 1, str(value))
+            else:
+                worksheet.write(row, col_num + 1, str(value))
         row += 1
 
 

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util/write_scancodejson.py

@@ -6,7 +6,7 @@
 import logging
 import os
 import json
-from fosslight_util.constant import LOGGER_NAME
+from fosslight_util.constant import LOGGER_NAME, FOSSLIGHT_DEPENDENCY
 from fosslight_util.oss_item import ScannerItem
 from typing import List
 
@@ -20,22 +20,27 @@ def write_scancodejson(output_dir: str, output_filename: str, oss_list: List[Sca
     json_output['summary'] = {}
     json_output['license_detections'] = []
     json_output['files'] = []
+    json_output['dependencies'] = []
 
-    for file_items in oss_list.file_items.values():
+    for scanner, file_items in oss_list.file_items.items():
         for fi in file_items:
-            if fi.exclude:
-                continue
-            if fi.oss_items and (all(oss_item.exclude for oss_item in fi.oss_items)):
-                continue
-            if not fi.source_name_or_path:
-                fi.source_name_or_path = EMPTY_FILE_PATH
-            json_output['files'] = add_item_in_files(fi, json_output['files'])
+            if scanner == FOSSLIGHT_DEPENDENCY:
+                json_output['dependencies'] = add_item_in_deps(fi, json_output['dependencies'])
+            else:
+                if fi.exclude:
+                    continue
+                if fi.oss_items and (all(oss_item.exclude for oss_item in fi.oss_items)):
+                    continue
+                if not fi.source_name_or_path:
+                    fi.source_name_or_path = EMPTY_FILE_PATH
+                json_output['files'] = add_item_in_files(fi, json_output['files'])
 
     with open(os.path.join(output_dir, output_filename), 'w') as f:
         json.dump(json_output, f, sort_keys=False, indent=4)
 
 
-def append_oss_item_in_filesitem(oss_items, files_item):
+def get_oss_item_list(oss_items):
+    scan_oss_items = []
     for oi in oss_items:
         if oi.exclude:
             continue
@@ -46,9 +51,9 @@ def append_oss_item_in_filesitem(oss_items, files_item):
         oss_item['copyright'] = oi.copyright
         oss_item['download_location'] = oi.download_location
         oss_item['comment'] = oi.comment
-        files_item['oss'].append(oss_item)
+        scan_oss_items.append(oss_item)
 
-    return files_item
+    return scan_oss_items
 
 
 def add_item_in_files(file_item, files_list):
@@ -57,8 +62,20 @@ def add_item_in_files(file_item, files_list):
     files_item['name'] = os.path.basename(file_item.source_name_or_path)
     files_item['is_binary'] = file_item.is_binary
     files_item['base_name'], files_item['extension'] = os.path.splitext(os.path.basename(file_item.source_name_or_path))
-    files_item['oss'] = []
-    files_item = append_oss_item_in_filesitem(file_item.oss_items, files_item)
+    files_item['oss'] = get_oss_item_list(file_item.oss_items)
+
     files_list.append(files_item)
 
     return files_list
+
+
+def add_item_in_deps(file_item, deps_list):
+    deps_item = {}
+    deps_item['purl'] = file_item.purl
+    deps_item['scope'] = 'dependencies'
+    deps_item['depends_on'] = file_item.depends_on
+    deps_item['oss'] = get_oss_item_list(file_item.oss_items)
+
+    deps_list.append(deps_item)
+
+    return deps_list

{fosslight_util-2.1.10 → fosslight_util-2.1.18}/src/fosslight_util.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-util
-Version: 2.1.10
+Version: 2.1.18
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics