ossa-scanner 0.1.20__py3-none-any.whl → 0.1.22__py3-none-any.whl

ossa_scanner/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.20"
+__version__ = "0.1.22"

ossa_scanner/utils/downloader.py

@@ -23,6 +23,11 @@ def download_source(package_manager, package_name, output_dir):
             print("CMD:", cmd)
             exit()
             subprocess.run(cmd, check=True)
+            source_dirs = [d for d in os.listdir() if d.startswith(package_name) and os.path.isdir(d)]
+            print('source_dirs:', source_dirs)
+            if not source_dirs:
+                print(f"Source package for {package_name} not found in {package_name}.")
+                return
         elif package_manager in ['yum', 'dnf']:
             p_hash = hash(package_name) % 10000
             output_dir = os.path.join(output_dir, str(p_hash))

ossa_scanner/utils/package_manager.py

@@ -28,7 +28,7 @@ def list_packages(package_manager):
 
     packages = result.stdout.splitlines()
     extracted_packages = set()
-    max_packages = 2
+    max_packages = 5
     k_packages = 0
 
     for line in packages:
@@ -130,7 +130,6 @@ def parse_yum_info(output):
     return info
 
 def parse_apt_info(output, package_name):
-    """Parses apt-cache show output."""
     info = {}
     lines = output.splitlines()
 
@@ -145,12 +144,15 @@ def parse_apt_info(output, package_name):
     if not info["licenses"]:
         info["licenses"] = apt_get_license_from_source(package_name)
 
-    info["licenses"] = extract_spdx_ids(info["licenses"])
-    severity = license_classificaton(info["licenses"])
+    if info["licenses"]:
+        info["licenses"] = extract_spdx_ids(info["licenses"])
+        severity = license_classificaton(info["licenses"])
+    else:
+        severity = "Informational"
 
     # Ensure all keys are present even if data is missing
     return {
-        "licenses": license,
+        "licenses": info["licenses"],
         "copyright": info.get("copyright", "NOASSERTION"),
         "references": info.get("references", "NOASSERTION"),
         "severity": severity,
@@ -158,22 +160,18 @@ def parse_apt_info(output, package_name):
 
 def apt_get_license_from_source(package_name):
     try:
-        print('downloading source for:', package_name)
         subprocess.run(["apt-get", "source", package_name], check=True, capture_output=True, text=True)
         source_dirs = [d for d in os.listdir() if d.startswith(package_name) and os.path.isdir(d)]
-        print('source_dirs for:', source_dirs)
         if not source_dirs:
             return "NOASSERTION"
         package_dir = source_dirs[0]
         copyright_file = os.path.join(package_dir, "debian", "copyright")
-        print('copyright_file:', copyright_file)
         licenses = []
         if os.path.exists(copyright_file):
             with open(copyright_file, "r", encoding="utf-8") as f:
                 for line in f:
                     if re.search(r"(?i)license:", line):
                         licenses.append(line.split(":", 1)[1].strip())
-        print('licenses:', licenses)
         shutil.rmtree(package_dir, ignore_errors=True)
         return ", ".join(set(licenses)) if licenses else "NOASSERTION"
     except subprocess.CalledProcessError as e:

{ossa_scanner-0.1.20.dist-info → ossa_scanner-0.1.22.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.20
+Version: 0.1.22
 Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela

{ossa_scanner-0.1.20.dist-info → ossa_scanner-0.1.22.dist-info}/RECORD

@@ -1,16 +1,16 @@
-ossa_scanner/__init__.py,sha256=8XalsVoLEfXslFvdtUEmkNOuYShzOzYOcFbgmOz1oSk,23
+ossa_scanner/__init__.py,sha256=zmP2TRnzKPjZJ1eiBcT-cRInsji6FW-OVD3FafQFCc4,23
 ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
 ossa_scanner/scanner.py,sha256=Zmk-Qr8jDoPdCXLkospp2NUgYl7Sdhx_Rhraltxd2u8,4787
 ossa_scanner/uploader.py,sha256=dPbhSLlQcDyHP-6Ugn6BzYGn_VQ1Ik6TWt2138k3REo,1837
 ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ossa_scanner/utils/downloader.py,sha256=kbnFquesR4L0zWF98MifGo8WWPDo7-nUSV-zygBcBNM,5380
+ossa_scanner/utils/downloader.py,sha256=s1Ef79e4VdBHMW30BsEGQD6qvc7APe7JqBCREYpf0Hw,5674
 ossa_scanner/utils/hash_calculator.py,sha256=LrDKngWOPbizYJWab2sDJDLB4pD_RrI51L0cZt3VjJY,960
 ossa_scanner/utils/os_detection.py,sha256=35VbUbFklzd7aojgltKf2PxbnVFcpREA7Tri2YI5nfY,417
-ossa_scanner/utils/package_manager.py,sha256=I0Z2FZShWetvw82DaBSu_vlc_U1LmhdKOlSgtVRHP04,8487
+ossa_scanner/utils/package_manager.py,sha256=YGfqtSfwYdBvRuW6LGK3A14G-eY3X8dyyOoNC4_ctZo,8346
 ossa_scanner/utils/swhid_calculator.py,sha256=7-bO4RglJr-kt5SjUfnlcPZD0k0-s_dveHEjRo-zEMc,1317
-ossa_scanner-0.1.20.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
-ossa_scanner-0.1.20.dist-info/METADATA,sha256=WTsppsT4rehoRDu85rrGeJCi-GWK40hYMUjT4Pq49iU,1938
-ossa_scanner-0.1.20.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-ossa_scanner-0.1.20.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
-ossa_scanner-0.1.20.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
-ossa_scanner-0.1.20.dist-info/RECORD,,
+ossa_scanner-0.1.22.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
+ossa_scanner-0.1.22.dist-info/METADATA,sha256=sRC1VcQ56ER6J9qHGN1pwBlfD4_IiKB76KkY-TfgP74,1938
+ossa_scanner-0.1.22.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+ossa_scanner-0.1.22.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
+ossa_scanner-0.1.22.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
+ossa_scanner-0.1.22.dist-info/RECORD,,