ossa-scanner 0.1.11__tar.gz → 0.1.13__tar.gz

{ossa_scanner-0.1.11 → ossa_scanner-0.1.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.11
+Version: 0.1.13
 Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela
@@ -29,13 +29,30 @@ Requires-Dist: ssdeep
 Open Source Advisory Scanner (Generator)
 
 ## Centos/AL/AlmaLinux
-Install Python PyPI:
 
-> yum -y update
-> yum -y groupinstall "Development Tools"
-> yum -y install python-pip python3-devel
-> pip3 install swh-scanner
-> BUILD_LIB=1 pip install ssdeep
-> pip3 install ossa-scanner
+```
+$ yum -y update
+$ yum -y groupinstall "Development Tools"
+$ yum -y install python-pip python3-devel
+$ pip3 install swh-scanner
+$ BUILD_LIB=1 pip install ssdeep
+$ pip3 install ossa-scanner
+```
+
+## Ubuntu/Debian
+```
+$ apt-get update -y && apt-get upgrade -y
+$ apt install python3-pip -y
+$ apt remove python3-blinker python3-zipp python3-urllib3 python3-typing-extensions python3-six -y
+$ pip install swh-scanner --break-system-packages
+$ apt install ssdeep python3-ssdeep -y
+$ pip3 install ossa-scanner --break-system-packages
+```
+
+
+### *** Running in background ***
+```
 > nohup ossa_scanner &
-> pip install --upgrade --force-reinstall
+```
+> pip install --upgrade ossa_scanner
+cp -nf /home/ec2-user/* /home/ec2-user/OpenSourceAdvisoryDatabase/advisories/ && cd /home/ec2-user/OpenSourceAdvisoryDatabase/advisories/ && git add * && git commit -am 'Importing AmazonLinux OSSA' && git push

ossa_scanner-0.1.13/README.md

@@ -0,0 +1,31 @@
+# ossa_scanner
+Open Source Advisory Scanner (Generator)
+
+## Centos/AL/AlmaLinux
+
+```
+$ yum -y update
+$ yum -y groupinstall "Development Tools"
+$ yum -y install python-pip python3-devel
+$ pip3 install swh-scanner
+$ BUILD_LIB=1 pip install ssdeep
+$ pip3 install ossa-scanner
+```
+
+## Ubuntu/Debian
+```
+$ apt-get update -y && apt-get upgrade -y
+$ apt install python3-pip -y
+$ apt remove python3-blinker python3-zipp python3-urllib3 python3-typing-extensions python3-six -y
+$ pip install swh-scanner --break-system-packages
+$ apt install ssdeep python3-ssdeep -y
+$ pip3 install ossa-scanner --break-system-packages
+```
+
+
+### *** Running in background ***
+```
+> nohup ossa_scanner &
+```
+> pip install --upgrade ossa_scanner
+cp -nf /home/ec2-user/* /home/ec2-user/OpenSourceAdvisoryDatabase/advisories/ && cd /home/ec2-user/OpenSourceAdvisoryDatabase/advisories/ && git add * && git commit -am 'Importing AmazonLinux OSSA' && git push

ossa_scanner-0.1.13/ossa_scanner/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.13"

{ossa_scanner-0.1.11 → ossa_scanner-0.1.13}/ossa_scanner/utils/package_manager.py

@@ -1,5 +1,7 @@
 import subprocess
 import re
+import os
+import shutil
 
 
 def list_packages(package_manager):
@@ -38,12 +40,9 @@ def list_packages(package_manager):
             k_packages += 1
         if k_packages >= max_packages:
             break
-
     package_list = sorted(list(extracted_packages))
 
     print(f"Total unique packages: {len(package_list)}")
-    # for package in package_list:
-        # print(package)
     return package_list
 
 
@@ -65,7 +64,7 @@ def get_package_info(package_manager, package_name):
         elif package_manager in ['yum', 'dnf']:
             return parse_yum_info(output)
         elif package_manager == 'apt':
-            return parse_apt_info(output)
+            return parse_apt_info(output, package_name)
     except subprocess.CalledProcessError as e:
         print(f"Command failed: {e}")
         return None
@@ -129,29 +128,49 @@ def parse_yum_info(output):
             info["summary"] = line.split(":", 1)[1].strip()
     return info
 
-def parse_apt_info(output):
+def parse_apt_info(output, package_name):
     """Parses apt-cache show output."""
     info = {}
     lines = output.splitlines()
 
     for line in lines:
-        if line.startswith("License:") or "License" in line:
-            info["licenses"] = line.split(":", 1)[1].strip()
-        elif line.startswith("Homepage:"):
+        if line.startswith("Homepage:"):
             info["website"] = line.split(":", 1)[1].strip()
         elif "Copyright" in line:
             info["references"] = line.strip()
         info["licenses"] = extract_spdx_ids(info["licenses"])
         severity = license_classificaton(info["licenses"])
 
+    license = apt_get_license_from_source(package_name)
+
     # Ensure all keys are present even if data is missing
     return {
-        "licenses": info.get("licenses", "NOASSERTION"),
+        "licenses": license,
         "copyright": info.get("copyright", "NOASSERTION"),
         "references": info.get("references", "NOASSERTION"),
         "severity": severity,
     }
 
+def apt_get_license_from_source(package_name):
+    try:
+        subprocess.run(["apt-get", "source", package_name], check=True, capture_output=True, text=True)
+        source_dirs = [d for d in os.listdir() if d.startswith(package_name) and os.path.isdir(d)]
+        if not source_dirs:
+            return "NOASSERTION"
+        package_dir = source_dirs[0]
+        copyright_file = os.path.join(package_dir, "debian", "copyright")
+        licenses = []
+        if os.path.exists(copyright_file):
+            with open(copyright_file, "r", encoding="utf-8") as f:
+                for line in f:
+                    if re.search(r"(?i)license:", line):
+                        licenses.append(line.split(":", 1)[1].strip())
+        shutil.rmtree(package_dir, ignore_errors=True)
+        return ", ".join(set(licenses)) if licenses else "NOASSERTION"
+    except subprocess.CalledProcessError as e:
+        print(f"Error fetching source package: {e}")
+        return "NOASSERTION"
+
 def extract_spdx_ids(license_string):
     if not license_string.strip():
         return "No valid SPDX licenses found"

{ossa_scanner-0.1.11 → ossa_scanner-0.1.13}/ossa_scanner.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.11
+Version: 0.1.13
 Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela
@@ -29,13 +29,30 @@ Requires-Dist: ssdeep
 Open Source Advisory Scanner (Generator)
 
 ## Centos/AL/AlmaLinux
-Install Python PyPI:
 
-> yum -y update
-> yum -y groupinstall "Development Tools"
-> yum -y install python-pip python3-devel
-> pip3 install swh-scanner
-> BUILD_LIB=1 pip install ssdeep
-> pip3 install ossa-scanner
+```
+$ yum -y update
+$ yum -y groupinstall "Development Tools"
+$ yum -y install python-pip python3-devel
+$ pip3 install swh-scanner
+$ BUILD_LIB=1 pip install ssdeep
+$ pip3 install ossa-scanner
+```
+
+## Ubuntu/Debian
+```
+$ apt-get update -y && apt-get upgrade -y
+$ apt install python3-pip -y
+$ apt remove python3-blinker python3-zipp python3-urllib3 python3-typing-extensions python3-six -y
+$ pip install swh-scanner --break-system-packages
+$ apt install ssdeep python3-ssdeep -y
+$ pip3 install ossa-scanner --break-system-packages
+```
+
+
+### *** Running in background ***
+```
 > nohup ossa_scanner &
-> pip install --upgrade --force-reinstall
+```
+> pip install --upgrade ossa_scanner
+cp -nf /home/ec2-user/* /home/ec2-user/OpenSourceAdvisoryDatabase/advisories/ && cd /home/ec2-user/OpenSourceAdvisoryDatabase/advisories/ && git add * && git commit -am 'Importing AmazonLinux OSSA' && git push

ossa_scanner-0.1.11/README.md

@@ -1,14 +0,0 @@
-# ossa_scanner
-Open Source Advisory Scanner (Generator)
-
-## Centos/AL/AlmaLinux
-Install Python PyPI:
-
-> yum -y update
-> yum -y groupinstall "Development Tools"
-> yum -y install python-pip python3-devel
-> pip3 install swh-scanner
-> BUILD_LIB=1 pip install ssdeep
-> pip3 install ossa-scanner
-> nohup ossa_scanner &
-> pip install --upgrade --force-reinstall

ossa_scanner-0.1.11/ossa_scanner/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.1.11"