ossa-scanner 0.1.12__py3-none-any.whl → 0.1.14__py3-none-any.whl

ossa_scanner/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.12"
+__version__ = "0.1.14"

ossa_scanner/utils/package_manager.py

@@ -1,5 +1,7 @@
 import subprocess
 import re
+import os
+import shutil
 
 
 def list_packages(package_manager):
@@ -26,7 +28,7 @@ def list_packages(package_manager):
 
     packages = result.stdout.splitlines()
     extracted_packages = set()
-    max_packages = 500000
+    max_packages = 2
     k_packages = 0
 
     for line in packages:
@@ -39,8 +41,6 @@ def list_packages(package_manager):
         if k_packages >= max_packages:
             break
     package_list = sorted(list(extracted_packages))
-    # force filter
-    package_list = [pkg for pkg in package_list if 'K' <= pkg[0].upper() <= 'Z']
 
     print(f"Total unique packages: {len(package_list)}")
     return package_list
@@ -64,7 +64,7 @@ def get_package_info(package_manager, package_name):
         elif package_manager in ['yum', 'dnf']:
             return parse_yum_info(output)
         elif package_manager == 'apt':
-            return parse_apt_info(output)
+            return parse_apt_info(output, package_name)
     except subprocess.CalledProcessError as e:
         print(f"Command failed: {e}")
         return None
@@ -128,29 +128,49 @@ def parse_yum_info(output):
             info["summary"] = line.split(":", 1)[1].strip()
     return info
 
-def parse_apt_info(output):
+def parse_apt_info(output, package_name):
     """Parses apt-cache show output."""
     info = {}
     lines = output.splitlines()
 
     for line in lines:
-        if line.startswith("License:") or "License" in line:
-            info["licenses"] = line.split(":", 1)[1].strip()
-        elif line.startswith("Homepage:"):
+        if line.startswith("Homepage:"):
             info["website"] = line.split(":", 1)[1].strip()
         elif "Copyright" in line:
             info["references"] = line.strip()
         info["licenses"] = extract_spdx_ids(info["licenses"])
         severity = license_classificaton(info["licenses"])
 
+    license = apt_get_license_from_source(package_name)
+
     # Ensure all keys are present even if data is missing
     return {
-        "licenses": info.get("licenses", "NOASSERTION"),
+        "licenses": license,
         "copyright": info.get("copyright", "NOASSERTION"),
         "references": info.get("references", "NOASSERTION"),
         "severity": severity,
     }
 
+def apt_get_license_from_source(package_name):
+    try:
+        subprocess.run(["apt-get", "source", package_name], check=True, capture_output=True, text=True)
+        source_dirs = [d for d in os.listdir() if d.startswith(package_name) and os.path.isdir(d)]
+        if not source_dirs:
+            return "NOASSERTION"
+        package_dir = source_dirs[0]
+        copyright_file = os.path.join(package_dir, "debian", "copyright")
+        licenses = []
+        if os.path.exists(copyright_file):
+            with open(copyright_file, "r", encoding="utf-8") as f:
+                for line in f:
+                    if re.search(r"(?i)license:", line):
+                        licenses.append(line.split(":", 1)[1].strip())
+        shutil.rmtree(package_dir, ignore_errors=True)
+        return ", ".join(set(licenses)) if licenses else "NOASSERTION"
+    except subprocess.CalledProcessError as e:
+        print(f"Error fetching source package: {e}")
+        return "NOASSERTION"
+
 def extract_spdx_ids(license_string):
     if not license_string.strip():
         return "No valid SPDX licenses found"

{ossa_scanner-0.1.12.dist-info → ossa_scanner-0.1.14.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.12
+Version: 0.1.14
 Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela

{ossa_scanner-0.1.12.dist-info → ossa_scanner-0.1.14.dist-info}/RECORD

@@ -1,4 +1,4 @@
-ossa_scanner/__init__.py,sha256=LcIlFjHZFfiF9Rd4UHoakmombOFkxIYk00I181frGBM,23
+ossa_scanner/__init__.py,sha256=PIBqEOI-nqKFL9oJAWQQwlHuujG9Cd7EmdxDrThNQto,23
 ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
 ossa_scanner/scanner.py,sha256=Zmk-Qr8jDoPdCXLkospp2NUgYl7Sdhx_Rhraltxd2u8,4787
 ossa_scanner/uploader.py,sha256=dPbhSLlQcDyHP-6Ugn6BzYGn_VQ1Ik6TWt2138k3REo,1837
@@ -6,11 +6,11 @@ ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
 ossa_scanner/utils/downloader.py,sha256=DRXMg33QB2RiFr3kVjsDUcFcq7RO-4Sbee-twRYeuSM,5330
 ossa_scanner/utils/hash_calculator.py,sha256=LrDKngWOPbizYJWab2sDJDLB4pD_RrI51L0cZt3VjJY,960
 ossa_scanner/utils/os_detection.py,sha256=35VbUbFklzd7aojgltKf2PxbnVFcpREA7Tri2YI5nfY,417
-ossa_scanner/utils/package_manager.py,sha256=b4njHvSQmTNNFnjyut-1uGY8qXiRidZRCyRmHN2x_f4,7219
+ossa_scanner/utils/package_manager.py,sha256=-CMETt4aJOn332zfQ3_DftvtNZaJgGMBxM4UOvcO2QU,8049
 ossa_scanner/utils/swhid_calculator.py,sha256=7-bO4RglJr-kt5SjUfnlcPZD0k0-s_dveHEjRo-zEMc,1317
-ossa_scanner-0.1.12.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
-ossa_scanner-0.1.12.dist-info/METADATA,sha256=fdkugAYWIj__48rNpCaxnbO5M14muJILo5i4mSE136c,1938
-ossa_scanner-0.1.12.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-ossa_scanner-0.1.12.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
-ossa_scanner-0.1.12.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
-ossa_scanner-0.1.12.dist-info/RECORD,,
+ossa_scanner-0.1.14.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
+ossa_scanner-0.1.14.dist-info/METADATA,sha256=1VXLCFqRfUQH9s21d2z5FY_-nEZ50KkL7LXSzcRX1g4,1938
+ossa_scanner-0.1.14.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+ossa_scanner-0.1.14.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
+ossa_scanner-0.1.14.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
+ossa_scanner-0.1.14.dist-info/RECORD,,