PyPI - fosslight-util - Versions diffs - 2.1.37__tar.gz → 2.1.39__tar.gz - Mend

fosslight-util 2.1.37tar.gz → 2.1.39tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

{fosslight_util-2.1.37/src/fosslight_util.egg-info → fosslight_util-2.1.39}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_util
-Version: 2.1.37
+Version: 2.1.39
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Download-URL: https://github.com/fosslight/fosslight_util
@@ -22,7 +22,7 @@ Requires-Dist: lastversion
 Requires-Dist: coloredlogs
 Requires-Dist: beautifulsoup4
 Requires-Dist: jsonmerge
-Requires-Dist: spdx-tools==0.8.*; sys_platform == "linux"
+Requires-Dist: spdx-tools==0.8.2; sys_platform == "linux"
 Requires-Dist: setuptools>=65.5.1
 Requires-Dist: numpy
 Requires-Dist: requests

{fosslight_util-2.1.37 → fosslight_util-2.1.39}/requirements.txt RENAMED Viewed

@@ -8,7 +8,7 @@ coloredlogs
 beautifulsoup4
 jsonmerge
-spdx-tools==0.8.*;sys_platform=="linux"
+spdx-tools==0.8.2;sys_platform=="linux"
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
 numpy
 requests

{fosslight_util-2.1.37 → fosslight_util-2.1.39}/setup.py RENAMED Viewed

@@ -14,7 +14,7 @@ with open('requirements.txt', 'r', 'utf-8') as f:
 if __name__ == "__main__":
     setup(
         name='fosslight_util',
-        version='2.1.37',
+        version='2.1.39',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Util',

{fosslight_util-2.1.37 → fosslight_util-2.1.39}/src/fosslight_util/cover.py RENAMED Viewed

@@ -18,8 +18,8 @@ class CoverItem:
     PKG_NAMES = [
         "fosslight_scanner",
-        "fosslight_source",
         "fosslight_dependency",
+        "fosslight_source",
         "fosslight_binary"
     ]
@@ -48,6 +48,24 @@ class CoverItem:
     def __del__(self):
         pass
+    def get_sort_order(self):
+        for idx, pkg_name in enumerate(self.PKG_NAMES[1:], start=0):
+            if pkg_name in self.tool_name:
+                return idx
+        return 999
+    def __lt__(self, other):
+        return self.get_sort_order() < other.get_sort_order()
+    def create_merged_comment(self, cover_items):
+        if not cover_items:
+            return ""
+        sorted_items = sorted(cover_items)
+        comments = []
+        for ci in sorted_items:
+            comments.append(f'[{ci.tool_name}] {ci.comment}')
+        return '\n'.join(comments)
     def get_print_json(self):
         json_item = {}
         json_item[self.tool_name_key] = self.tool_name

{fosslight_util-2.1.37 → fosslight_util-2.1.39}/src/fosslight_util/download.py RENAMED Viewed

@@ -10,7 +10,7 @@ import zipfile
 import logging
 import argparse
 import shutil
-from git import Repo, GitCommandError, Git
+from git import Git
 import bz2
 import contextlib
 from datetime import datetime
@@ -217,7 +217,19 @@ def get_remote_refs(git_url: str):
     tags = []
     branches = []
     try:
-        cp = subprocess.run(["git", "ls-remote", "--tags", "--heads", git_url], capture_output=True, text=True, timeout=30)
+        env = os.environ.copy()
+        env["GIT_TERMINAL_PROMPT"] = "0"
+        env["GIT_ASKPASS"] = "echo"
+        env["GIT_CREDENTIAL_HELPER"] = ""
+        if "GIT_SSH_COMMAND" not in env:
+            env["GIT_SSH_COMMAND"] = "ssh -o BatchMode=yes -o StrictHostKeyChecking=no"
+        else:
+            env["GIT_SSH_COMMAND"] = env["GIT_SSH_COMMAND"] + " -o BatchMode=yes"
+        cp = subprocess.run(
+            ["git", "-c", "credential.helper=", "-c", "credential.helper=!",
+             "ls-remote", "--tags", "--heads", git_url],
+            env=env, capture_output=True, text=True, timeout=30,
+            stdin=subprocess.DEVNULL)
         if cp.returncode == 0:
             for line in cp.stdout.splitlines():
                 parts = line.split('\t')
@@ -291,32 +303,84 @@ def download_git_repository(refs_to_checkout, git_url, target_dir, tag, called_c
     logger.info(f"Download git url :{git_url}")
     env = os.environ.copy()
-    if not called_cli:
-        env["GIT_TERMINAL_PROMPT"] = "0"
+    env["GIT_TERMINAL_PROMPT"] = "0"
+    if platform.system() == "Windows":
+        env["GIT_ASKPASS"] = "echo"
+    else:
+        env["GIT_ASKPASS"] = "/bin/echo"
+    env["GIT_CREDENTIAL_HELPER"] = ""
+    # Disable credential helper via config
+    if "GIT_CONFIG_COUNT" not in env:
+        env["GIT_CONFIG_COUNT"] = "1"
+        env["GIT_CONFIG_KEY_0"] = "credential.helper"
+        env["GIT_CONFIG_VALUE_0"] = ""
+    if "GIT_SSH_COMMAND" not in env:
+        env["GIT_SSH_COMMAND"] = "ssh -o BatchMode=yes -o StrictHostKeyChecking=no"
+    else:
+        env["GIT_SSH_COMMAND"] = env["GIT_SSH_COMMAND"] + " -o BatchMode=yes"
     if refs_to_checkout:
         try:
-            # gitPython uses the branch argument the same whether you check out to a branch or a tag.
-            Repo.clone_from(git_url, target_dir, branch=refs_to_checkout, env=env)
-            if any(Path(target_dir).iterdir()):
-                success = True
-                oss_version = refs_to_checkout
-                logger.info(f"Files found in {target_dir} after clone.")
+            # For tags, we need full history. For branches, shallow clone is possible but
+            # we use full clone to ensure compatibility with all cases
+            # Use subprocess to ensure environment variables are properly passed
+            cmd = ["git", "-c", "credential.helper=", "-c", "credential.helper=!", "clone", git_url, target_dir]
+            result = subprocess.run(cmd, env=env, capture_output=True, text=True, timeout=600, stdin=subprocess.DEVNULL)
+            if result.returncode == 0:
+                # Checkout the specific branch or tag
+                checkout_cmd = ["git", "-C", target_dir, "checkout", refs_to_checkout]
+                checkout_result = subprocess.run(
+                    checkout_cmd, env=env, capture_output=True, text=True,
+                    timeout=60, stdin=subprocess.DEVNULL)
+                if checkout_result.returncode == 0:
+                    if any(Path(target_dir).iterdir()):
+                        success = True
+                        oss_version = refs_to_checkout
+                        logger.info(f"Files found in {target_dir} after clone and checkout.")
+                    else:
+                        logger.info(f"No files found in {target_dir} after clone.")
+                        success = False
+                else:
+                    logger.info(f"Git checkout error: {checkout_result.stderr}")
+                    # Clone succeeded but checkout failed (e.g. non-existent ref):
+                    # repo has default branch; treat as success with empty version
+                    if any(Path(target_dir).iterdir()):
+                        success = True
+                        oss_version = ""
+                        logger.info("Checkout failed; keeping default branch.")
             else:
-                logger.info(f"No files found in {target_dir} after clone.")
+                logger.info(f"Git clone error: {result.stderr}")
                 success = False
-        except GitCommandError as error:
-            logger.info(f"Git checkout error:{error}")
+        except subprocess.TimeoutExpired:
+            logger.info("Git clone timeout")
             success = False
         except Exception as e:
-            logger.info(f"Repo.clone_from error:{e}")
+            logger.info(f"Git clone error:{e}")
             success = False
     if not success:
-        Repo.clone_from(git_url, target_dir, env=env)
-        if any(Path(target_dir).iterdir()):
-            success = True
-        else:
-            logger.info(f"No files found in {target_dir} after clone.")
+        try:
+            # Use subprocess to ensure environment variables are properly passed
+            # No checkout needed, so shallow clone is sufficient
+            cmd = [
+                "git", "-c", "credential.helper=", "-c", "credential.helper=!",
+                "clone", "--depth", "1", git_url, target_dir
+            ]
+            result = subprocess.run(cmd, env=env, capture_output=True, text=True, timeout=600, stdin=subprocess.DEVNULL)
+            if result.returncode == 0:
+                if any(Path(target_dir).iterdir()):
+                    success = True
+                else:
+                    logger.info(f"No files found in {target_dir} after clone.")
+                    success = False
+            else:
+                logger.info(f"Git clone error: {result.stderr}")
+                success = False
+        except subprocess.TimeoutExpired:
+            logger.info("Git clone timeout")
+            success = False
+        except Exception as e:
+            logger.info(f"Git clone error:{e}")
             success = False
     return success, oss_version

{fosslight_util-2.1.37 → fosslight_util-2.1.39}/src/fosslight_util/help.py RENAMED Viewed

@@ -55,23 +55,35 @@ _HELP_MESSAGE_COMMON = f"""
 _HELP_MESSAGE_DOWNLOAD = """
-    FOSSLight Downloader is a tool to download the package via input URL
-    Usage: fosslight_download [option1] <arg1> [options2] <arg2>
-     ex) fosslight_download -s http://github.com/fosslight/fosslight -t output_dir -d log_dir
-    Required:
-        -s\t\t      URL of the package to be downloaded
-    Optional:
-        -h\t\t      Print help message
-        -t\t\t      Output path name
-        -d\t\t      Directory name to save the log file
-        -s\t\t      Source link to download
-        -t\t\t      Directory to download source code
-        -c\t\t      Checkout to branch or tag/ or version
-        -z\t\t      Unzip only compressed file
-        -o\t\t      Generate summary output file with this option"""
+    📖 Usage
+    ────────────────────────────────────────────────────────────────────
+    fosslight_download [options] <arguments>
+    📝 Description
+    ────────────────────────────────────────────────────────────────────
+    FOSSLight Downloader is a tool to download a package or source code from a given URL.
+    ⚙️  General Options
+    ────────────────────────────────────────────────────────────────────
+    -s <url>              URL of the package or source to download (required)
+    -t <path>             Output directory to save the downloaded files
+    -d <log_dir>          Directory to save the log file
+    -c <branch/tag>       Checkout to branch, tag, or version after download
+    -z                    Unzip only compressed file
+    -o                    Generate summary output file
+    -h                    Show this help message
+    💡 Examples
+    ────────────────────────────────────────────────────────────────────
+    # Download a GitHub repository to output_dir and save log
+    fosslight_download -s https://github.com/fosslight/fosslight -t output_dir -d log_dir
+    # Download and checkout to a specific branch
+    fosslight_download -s https://github.com/fosslight/fosslight -t output_dir -c develop
+    # Download and unzip a compressed file
+    fosslight_download -s https://example.com/archive.zip -z -t output_dir
+"""
 class PrintHelpMsg():

{fosslight_util-2.1.37 → fosslight_util-2.1.39}/src/fosslight_util/write_excel.py RENAMED Viewed

@@ -9,7 +9,7 @@ import logging
 import os
 import pandas as pd
 from pathlib import Path
-from fosslight_util.constant import LOGGER_NAME, SHEET_NAME_FOR_SCANNER, FOSSLIGHT_BINARY
+from fosslight_util.constant import LOGGER_NAME, SHEET_NAME_FOR_SCANNER, FOSSLIGHT_BINARY, FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SOURCE
 from jsonmerge import merge
 _HEADER = {'BIN (': ['ID', 'Binary Path', 'Source Code Path',
@@ -121,7 +121,12 @@ def write_result_to_excel(out_file_name, scan_item, extended_header={}, hide_hea
         workbook = xlsxwriter.Workbook(out_file_name)
         write_cover_sheet(workbook, scan_item.cover)
         if scan_item.file_items and len(scan_item.file_items.keys()) > 0:
-            for scanner_name, _ in scan_item.file_items.items():
+            sheet_order = [FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SOURCE, FOSSLIGHT_BINARY]
+            all_scanners = list(scan_item.file_items.keys())
+            priority = {name.lower(): idx for idx, name in enumerate(sheet_order)}
+            sorted_scanner_names = sorted(all_scanners,
+                                          key=lambda x: priority.get(x.lower(), len(priority)))
+            for scanner_name in sorted_scanner_names:
                 sheet_name = ""
                 if scanner_name.lower() in SHEET_NAME_FOR_SCANNER:
                     sheet_name = SHEET_NAME_FOR_SCANNER[scanner_name.lower()]

{fosslight_util-2.1.37 → fosslight_util-2.1.39/src/fosslight_util.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_util
-Version: 2.1.37
+Version: 2.1.39
 Summary: FOSSLight Util
 Home-page: https://github.com/fosslight/fosslight_util
 Download-URL: https://github.com/fosslight/fosslight_util
@@ -22,7 +22,7 @@ Requires-Dist: lastversion
 Requires-Dist: coloredlogs
 Requires-Dist: beautifulsoup4
 Requires-Dist: jsonmerge
-Requires-Dist: spdx-tools==0.8.*; sys_platform == "linux"
+Requires-Dist: spdx-tools==0.8.2; sys_platform == "linux"
 Requires-Dist: setuptools>=65.5.1
 Requires-Dist: numpy
 Requires-Dist: requests