fosslight-util 2.1.1__tar.gz → 2.1.3__tar.gz

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_util
-Version: 2.1.1
+Version: 2.1.3
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/requirements.txt

@@ -15,3 +15,4 @@ numpy>=1.22.2; python_version >= '3.8'
 npm
 requests
 GitPython
+cyclonedx-python-lib==8.5.0

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/setup.py

@@ -14,7 +14,7 @@ with open('requirements.txt', 'r', 'utf-8') as f:
 if __name__ == "__main__":
     setup(
         name='fosslight_util',
-        version='2.1.1',
+        version='2.1.3',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Util',

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/src/fosslight_util/download.py

@@ -10,7 +10,7 @@ import zipfile
 import logging
 import argparse
 import shutil
-from git import Repo, GitCommandError
+from git import Repo, GitCommandError, Git
 import bz2
 import contextlib
 from datetime import datetime
@@ -77,7 +77,7 @@ def parse_src_link(src_link):
         if src_link.startswith("git://github.com/"):
             src_link_changed = change_src_link_to_https(src_link_split[0])
         elif src_link.startswith("git@github.com:"):
-            src_link_changed = change_ssh_link_to_https(src_link_split[0])
+            src_link_changed = src_link_split[0]
         else:
             if "rubygems.org" in src_link:
                 src_info["rubygems"] = True
@@ -92,39 +92,9 @@ def parse_src_link(src_link):
     return src_info
 
 
-def main():
-    parser = argparse.ArgumentParser(description='FOSSLight Downloader', prog='fosslight_download', add_help=False)
-    parser.add_argument('-h', '--help', help='Print help message', action='store_true', dest='help')
-    parser.add_argument('-s', '--source', help='Source link to download', type=str, dest='source')
-    parser.add_argument('-t', '--target_dir', help='Target directory', type=str, dest='target_dir', default="")
-    parser.add_argument('-d', '--log_dir', help='Directory to save log file', type=str, dest='log_dir', default="")
-
-    src_link = ""
-    target_dir = os.getcwd()
-    log_dir = os.getcwd()
-
-    try:
-        args = parser.parse_args()
-    except SystemExit:
-        sys.exit(0)
-
-    if args.help:
-        print_help_msg_download()
-    if args.source:
-        src_link = args.source
-    if args.target_dir:
-        target_dir = args.target_dir
-    if args.log_dir:
-        log_dir = args.log_dir
-
-    if not src_link:
-        print_help_msg_download()
-    else:
-        cli_download_and_extract(src_link, target_dir, log_dir)
-
-
 def cli_download_and_extract(link: str, target_dir: str, log_dir: str, checkout_to: str = "",
-                             compressed_only: bool = False) -> Tuple[bool, str, str, str]:
+                             compressed_only: bool = False, ssh_key: str = "",
+                             id: str = "", git_token: str = "") -> Tuple[bool, str, str, str]:
     global logger
 
     success = True
@@ -152,7 +122,9 @@ def cli_download_and_extract(link: str, target_dir: str, log_dir: str, checkout_
             is_rubygems = src_info.get("rubygems", False)
 
             # General download (git clone, wget)
-            success_git, msg, oss_name, oss_version = download_git_clone(link, target_dir, checkout_to, tag, branch)
+            success_git, msg, oss_name, oss_version = download_git_clone(link, target_dir, checkout_to,
+                                                                         tag, branch, ssh_key, id, git_token)
+            link = change_ssh_link_to_https(link)
             if (not is_rubygems) and (not success_git):
                 if os.path.isfile(target_dir):
                     shutil.rmtree(target_dir)
@@ -229,11 +201,38 @@ def get_github_token(git_url):
     return github_token
 
 
-def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch=""):
+def download_git_repository(refs_to_checkout, git_url, target_dir, tag):
+    success = False
+    oss_version = ""
+    clone_default_branch_flag = False
+
+    logger.info(f"Download git url :{git_url}")
+    if refs_to_checkout:
+        try:
+            # gitPython uses the branch argument the same whether you check out to a branch or a tag.
+            repo = Repo.clone_from(git_url, target_dir, branch=refs_to_checkout)
+            success = True
+        except GitCommandError as error:
+            logger.debug(f"Git checkout error:{error}")
+            success = False
+
+    if not success:
+        repo = Repo.clone_from(git_url, target_dir)
+        clone_default_branch_flag = True
+        success = True
+
+    if refs_to_checkout != tag or clone_default_branch_flag:
+        oss_version = repo.active_branch.name
+    else:
+        oss_version = repo.git.describe('--tags')
+    return success, oss_version
+
+
+def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch="", ssh_key="", id="", git_token=""):
     oss_name = get_github_ossname(git_url)
     refs_to_checkout = decide_checkout(checkout_to, tag, branch)
-    clone_default_branch_flag = False
     msg = ""
+    success = True
 
     try:
         if platform.system() != "Windows":
@@ -244,36 +243,40 @@ def download_git_clone(git_url, target_dir, checkout_to="", tag="", branch=""):
             alarm.start()
 
         Path(target_dir).mkdir(parents=True, exist_ok=True)
-        if refs_to_checkout != "":
-            try:
-                # gitPython uses the branch argument the same whether you check out to a branch or a tag.
-                repo = Repo.clone_from(git_url, target_dir, branch=refs_to_checkout)
-            except GitCommandError as error:
-                error_msg = error.args[2].decode("utf-8")
-                if "Remote branch " + refs_to_checkout + " not found in upstream origin" in error_msg:
-                    # clone default branch, when non-existent branch or tag entered
-                    repo = Repo.clone_from(git_url, target_dir)
-                    clone_default_branch_flag = True
-        else:
-            repo = Repo.clone_from(git_url, target_dir)
-            clone_default_branch_flag = True
 
-        if refs_to_checkout != tag or clone_default_branch_flag:
-            oss_version = repo.active_branch.name
-        else:
-            oss_version = repo.git.describe('--tags')
-        logger.info(f"git checkout: {oss_version}")
-
-        if platform.system() != "Windows":
-            signal.alarm(0)
+        if git_url.startswith("ssh:") and not ssh_key:
+            msg = "Private git needs ssh_key"
+            success = False
         else:
-            del alarm
+            if ssh_key:
+                logger.info(f"Download git with ssh_key:{git_url}")
+                git_ssh_cmd = f'ssh -i {ssh_key}'
+                with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
+                    success, oss_version = download_git_repository(refs_to_checkout, git_url, target_dir, tag)
+            else:
+                if id and git_token:
+                    try:
+                        m = re.match(r"^(ht|f)tp(s?)\:\/\/", git_url)
+                        protocol = m.group()
+                        if protocol:
+                            git_url = git_url.replace(protocol, f"{protocol}{id}:{git_token}@")
+                    except Exception as error:
+                        logger.info(f"Failed to insert id, token to git url:{error}")
+                success, oss_version = download_git_repository(refs_to_checkout, git_url, target_dir, tag)
+
+            logger.info(f"git checkout: {oss_version}")
+            refs_to_checkout = oss_version
+
+            if platform.system() != "Windows":
+                signal.alarm(0)
+            else:
+                del alarm
     except Exception as error:
+        success = False
         logger.warning(f"git clone - failed: {error}")
         msg = str(error)
-        return False, msg, oss_name, refs_to_checkout
 
-    return True, msg, oss_name, oss_version
+    return success, msg, oss_name, refs_to_checkout
 
 
 def download_wget(link, target_dir, compressed_only):
@@ -444,5 +447,36 @@ def gem_download(link, target_dir, checkout_to):
     return success
 
 
+def main():
+    parser = argparse.ArgumentParser(description='FOSSLight Downloader', prog='fosslight_download', add_help=False)
+    parser.add_argument('-h', '--help', help='Print help message', action='store_true', dest='help')
+    parser.add_argument('-s', '--source', help='Source link to download', type=str, dest='source')
+    parser.add_argument('-t', '--target_dir', help='Target directory', type=str, dest='target_dir', default="")
+    parser.add_argument('-d', '--log_dir', help='Directory to save log file', type=str, dest='log_dir', default="")
+
+    src_link = ""
+    target_dir = os.getcwd()
+    log_dir = os.getcwd()
+
+    try:
+        args = parser.parse_args()
+    except SystemExit:
+        sys.exit(0)
+
+    if args.help:
+        print_help_msg_download()
+    if args.source:
+        src_link = args.source
+    if args.target_dir:
+        target_dir = args.target_dir
+    if args.log_dir:
+        log_dir = args.log_dir
+
+    if not src_link:
+        print_help_msg_download()
+    else:
+        cli_download_and_extract(src_link, target_dir, log_dir)
+
+
 if __name__ == '__main__':
     main()

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/src/fosslight_util/output_format.py

@@ -8,11 +8,12 @@ from fosslight_util.write_excel import write_result_to_excel, write_result_to_cs
 from fosslight_util.write_opossum import write_opossum
 from fosslight_util.write_yaml import write_yaml
 from fosslight_util.write_spdx import write_spdx
+from fosslight_util.write_cyclonedx import write_cyclonedx
 from typing import Tuple
 
 SUPPORT_FORMAT = {'excel': '.xlsx', 'csv': '.csv', 'opossum': '.json', 'yaml': '.yaml',
                   'spdx-yaml': '.yaml', 'spdx-json': '.json', 'spdx-xml': '.xml',
-                  'spdx-tag': '.tag'}
+                  'spdx-tag': '.tag', 'cyclonedx-json': '.json', 'cyclonedx-xml': '.xml'}
 
 
 def check_output_format(output='', format='', customized_format={}):
@@ -31,7 +32,7 @@ def check_output_format(output='', format='', customized_format={}):
         format = format.lower()
         if format not in list(support_format.keys()):
             success = False
-            msg = 'Enter the supported format with -f option: ' + ', '.join(list(support_format.keys()))
+            msg = '(-f option) Enter the supported format: ' + ', '.join(list(support_format.keys()))
         else:
             output_extension = support_format[format]
 
@@ -47,11 +48,11 @@ def check_output_format(output='', format='', customized_format={}):
                 if format:
                     if output_extension != basename_extension:
                         success = False
-                        msg = f"Enter the same extension of output file(-o:'{output}') with format(-f:'{format}')."
+                        msg = f"(-o & -f option) Enter the same extension of output file(-o:'{output}') with format(-f:'{format}')."
                 else:
                     if basename_extension not in support_format.values():
                         success = False
-                        msg = 'Enter the supported file extension: ' + ', '.join(list(support_format.values()))
+                        msg = '(-o option) Enter the supported file extension: ' + ', '.join(list(support_format.values()))
                 if success:
                     output_file = basename_file
                     output_extension = basename_extension
@@ -79,7 +80,7 @@ def check_output_formats(output='', formats=[], customized_format={}):
         for format in formats:
             if format not in list(support_format.keys()):
                 success = False
-                msg = 'Enter the supported format with -f option: ' + ', '.join(list(support_format.keys()))
+                msg = '(-f option) Enter the supported format: ' + ', '.join(list(support_format.keys()))
             else:
                 output_extensions.append(support_format[format])
 
@@ -95,11 +96,11 @@ def check_output_formats(output='', formats=[], customized_format={}):
                 if formats:
                     if basename_extension not in output_extensions:
                         success = False
-                        msg = f"The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
+                        msg = f"(-o & -f option) The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
                 else:
                     if basename_extension not in support_format.values():
                         success = False
-                        msg = 'Enter the supported file extension: ' + ', '.join(list(support_format.values()))
+                        msg = '(-o option) Enter the supported file extension: ' + ', '.join(list(support_format.values()))
                     output_extensions.append(basename_extension)
                 output_files = [basename_file for _ in range(len(output_extensions))]
             else:
@@ -128,7 +129,7 @@ def check_output_formats_v2(output='', formats=[], customized_format={}):
         for format in formats:
             if format not in list(support_format.keys()):
                 success = False
-                msg = 'Enter the supported format with -f option: ' + ', '.join(list(support_format.keys()))
+                msg = '(-f option) Enter the supported format with -f option: ' + ', '.join(list(support_format.keys()))
             else:
                 output_extensions.append(support_format[format])
 
@@ -144,11 +145,11 @@ def check_output_formats_v2(output='', formats=[], customized_format={}):
                 if formats:
                     if basename_extension not in output_extensions:
                         success = False
-                        msg = f"The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
+                        msg = f"(-o & -f option) The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
                 else:
                     if basename_extension not in support_format.values():
                         success = False
-                        msg = 'Enter the supported file extension: ' + ', '.join(list(support_format.values()))
+                        msg = '(-o option) Enter the supported file extension: ' + ', '.join(list(support_format.values()))
                     output_extensions.append(basename_extension)
                 output_files = [basename_file for _ in range(len(output_extensions))]
             else:
@@ -188,6 +189,8 @@ def write_output_file(output_file_without_ext: str, file_extension: str, scan_it
                 msg = f'{platform.system()} not support spdx format.'
             else:
                 success, msg, _ = write_spdx(output_file_without_ext, file_extension, scan_item, spdx_version)
+        elif format.startswith('cyclonedx'):
+            success, msg, _ = write_cyclonedx(output_file_without_ext, file_extension, scan_item)
     else:
         if file_extension == '.xlsx':
             success, msg = write_result_to_excel(result_file, scan_item, extended_header, hide_header)
@@ -199,6 +202,6 @@ def write_output_file(output_file_without_ext: str, file_extension: str, scan_it
             success, msg, result_file = write_yaml(result_file, scan_item, False)
         else:
             success = False
-            msg = f'Not supported file extension({file_extension})'
+            msg = f'(-f option) Not supported file extension({file_extension})'
 
     return success, msg, result_file

fosslight_util-2.1.3/src/fosslight_util/write_cyclonedx.py

@@ -0,0 +1,213 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2024 LG Electronics Inc.
+# Copyright (c) OWASP Foundation.
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+import sys
+import logging
+import re
+import json
+from pathlib import Path
+from datetime import datetime
+from fosslight_util.spdx_licenses import get_spdx_licenses_json, get_license_from_nick
+from fosslight_util.constant import (LOGGER_NAME, FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SCANNER,
+                                     FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE)
+from fosslight_util.oss_item import CHECKSUM_NULL, get_checksum_sha1
+from packageurl import PackageURL
+import traceback
+from cyclonedx.builder.this import this_component as cdx_lib_component
+from cyclonedx.exception import MissingOptionalDependencyException
+from cyclonedx.factory.license import LicenseFactory
+from cyclonedx.model import XsUri, ExternalReferenceType
+from cyclonedx.model.bom import Bom
+from cyclonedx.model.component import Component, ComponentType, HashAlgorithm, HashType, ExternalReference
+from cyclonedx.model.contact import OrganizationalEntity
+from cyclonedx.output import make_outputter, BaseOutput
+from cyclonedx.output.json import JsonV1Dot6
+from cyclonedx.schema import OutputFormat, SchemaVersion
+from cyclonedx.validation import make_schemabased_validator
+from cyclonedx.validation.json import JsonStrictValidator
+from cyclonedx.output.json import Json as JsonOutputter
+from cyclonedx.output.xml import Xml as XmlOutputter
+from cyclonedx.validation.xml import XmlValidator
+
+logger = logging.getLogger(LOGGER_NAME)
+
+
+def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
+    success = True
+    error_msg = ''
+
+    bom = Bom()
+    if scan_item:
+        try:
+            cover_name = scan_item.cover.get_print_json()["Tool information"].split('(').pop(0).strip()
+            match = re.search(r"(.+) v([0-9.]+)", cover_name)
+            if match:
+                scanner_name = match.group(1)
+            else:
+                scanner_name = FOSSLIGHT_SCANNER
+        except Exception:
+            cover_name = FOSSLIGHT_SCANNER
+            scanner_name = FOSSLIGHT_SCANNER
+
+        lc_factory = LicenseFactory()
+        bom.metadata.tools.components.add(cdx_lib_component())
+        bom.metadata.tools.components.add(Component(name=scanner_name.upper(),
+                                                    type=ComponentType.APPLICATION))
+        comp_id = 0
+        bom.metadata.component = root_component = Component(name='Root Component',
+                                                            type=ComponentType.APPLICATION,
+                                                            bom_ref=str(comp_id))
+        relation_tree = {}
+        bom_ref_packages = []
+
+        output_dir = os.path.dirname(output_file_without_ext)
+        Path(output_dir).mkdir(parents=True, exist_ok=True)
+        try:
+            root_package = False
+            for scanner_name, file_items in scan_item.file_items.items():
+                for file_item in file_items:
+                    if file_item.exclude:
+                        continue
+                    if scanner_name == FOSSLIGHT_SOURCE:
+                        comp_type = ComponentType.FILE
+                    else:
+                        comp_type = ComponentType.LIBRARY
+
+                    for oss_item in file_item.oss_items:
+                        if oss_item.name == '':
+                            if scanner_name == FOSSLIGHT_DEPENDENCY:
+                                continue
+                            else:
+                                comp_name = file_item.source_name_or_path
+                        else:
+                            comp_name = oss_item.name
+
+                        comp_id += 1
+                        comp = Component(type=comp_type,
+                                         name=comp_name,
+                                         bom_ref=str(comp_id))
+
+                        if oss_item.version != '':
+                            comp.version = oss_item.version
+                        if oss_item.copyright != '':
+                            comp.copyright = oss_item.copyright
+                        if scanner_name == FOSSLIGHT_DEPENDENCY and file_item.purl:
+                            comp.purl = PackageURL.from_string(file_item.purl)
+                        if scanner_name != FOSSLIGHT_DEPENDENCY:
+                            comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
+
+                        if oss_item.download_location != '':
+                            comp.external_references = [ExternalReference(url=XsUri(oss_item.download_location),
+                                                                          type=ExternalReferenceType.WEBSITE)]
+
+                        oss_licenses = []
+                        for ol in oss_item.license:
+                            try:
+                                oss_licenses.append(lc_factory.make_from_string(ol))
+                            except Exception:
+                                logger.info(f'No spdx license name: {oi}')
+                        if oss_licenses:
+                            comp.licenses = oss_licenses
+
+                        root_package = False
+                        if scanner_name == FOSSLIGHT_DEPENDENCY:
+                            if oss_item.comment:
+                                oss_comment = oss_item.comment.split('/')
+                                for oc in oss_comment:
+                                    if oc in ['direct', 'transitive', 'root package']:
+                                        if oc == 'direct':
+                                            bom.register_dependency(root_component, [comp])
+                                        elif oc == 'root package':
+                                            root_package = True
+                                            root_component.name = comp_name
+                                            root_component.type = comp_type
+                                            comp_id -= 1
+                            else:
+                                bom.register_dependency(root_component, [comp])
+                            if len(file_item.depends_on) > 0:
+                                purl = file_item.purl
+                                relation_tree[purl] = []
+                                relation_tree[purl].extend(file_item.depends_on)
+
+                        if not root_package:
+                            bom.components.add(comp)
+
+            if len(bom.components) > 0:
+                for comp_purl in relation_tree:
+                    comp = bom.get_component_by_purl(PackageURL.from_string(comp_purl))
+                    if comp:
+                        dep_comp_list = []
+                        for dep_comp_purl in relation_tree[comp_purl]:
+                            dep_comp = bom.get_component_by_purl(PackageURL.from_string(dep_comp_purl))
+                            if dep_comp:
+                                dep_comp_list.append(dep_comp)
+                        bom.register_dependency(comp, dep_comp_list)
+
+        except Exception as e:
+            success = False
+            error_msg = f'Failed to create CycloneDX document object:{e}, {traceback.format_exc()}'
+    else:
+        success = False
+        error_msg = 'No item to write in output file.'
+
+    result_file = ''
+    if success:
+        result_file = output_file_without_ext + output_extension
+        try:
+            if output_extension == '.json':
+                write_cyclonedx_json(bom, result_file)
+            elif output_extension == '.xml':
+                write_cyclonedx_xml(bom, result_file)
+            else:
+                success = False
+                error_msg = f'Not supported output_extension({output_extension})'
+        except Exception as e:
+            success = False
+            error_msg = f'Failed to write CycloneDX document: {e}'
+            if os.path.exists(result_file):
+                os.remove(result_file)
+
+    return success, error_msg, result_file
+
+
+def write_cyclonedx_json(bom, result_file):
+    success = True
+    try:
+        my_json_outputter: 'JsonOutputter' = JsonV1Dot6(bom)
+        my_json_outputter.output_to_file(result_file)
+        serialized_json = my_json_outputter.output_as_string(indent=2)
+        my_json_validator = JsonStrictValidator(SchemaVersion.V1_6)
+        try:
+            validation_errors = my_json_validator.validate_str(serialized_json)
+            if validation_errors:
+                logger.warning(f'JSON invalid, ValidationError: {repr(validation_errors)}')
+        except MissingOptionalDependencyException as error:
+            logger.debug(f'JSON-validation was skipped due to {error}')
+    except Exception as e:
+        success = False
+    return success
+        
+
+
+def write_cyclonedx_xml(bom, result_file):
+    success = True
+    try:
+        my_xml_outputter: BaseOutput = make_outputter(bom=bom,
+                                                      output_format=OutputFormat.XML,
+                                                      schema_version=SchemaVersion.V1_6)
+        my_xml_outputter.output_to_file(filename=result_file)
+        serialized_xml = my_xml_outputter.output_as_string(indent=2)
+        my_xml_validator = XmlValidator(SchemaVersion.V1_6)
+        try:
+            validation_errors = my_xml_validator.validate_str(serialized_xml)
+            if validation_errors:
+                logger.warning(f'XML invalid, ValidationError: {repr(validation_errors)}')
+        except MissingOptionalDependencyException as error:
+            logger.debug(f'XML-validation was skipped due to {error}')
+    except Exception as e:
+        success = False
+    return success

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/src/fosslight_util.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-util
-Version: 2.1.1
+Version: 2.1.3
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Author: LG Electronics

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/src/fosslight_util.egg-info/SOURCES.txt

@@ -18,6 +18,7 @@ src/fosslight_util/read_excel.py
 src/fosslight_util/set_log.py
 src/fosslight_util/spdx_licenses.py
 src/fosslight_util/timer_thread.py
+src/fosslight_util/write_cyclonedx.py
 src/fosslight_util/write_excel.py
 src/fosslight_util/write_opossum.py
 src/fosslight_util/write_scancodejson.py

{fosslight_util-2.1.1 → fosslight_util-2.1.3}/src/fosslight_util.egg-info/requires.txt

@@ -12,6 +12,7 @@ setuptools>=65.5.1
 npm
 requests
 GitPython
+cyclonedx-python-lib==8.5.0
 
 [:python_version < "3.8"]
 numpy