ossa-scanner 0.1.2__py3-none-any.whl → 0.1.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. ossa_scanner/__init__.py +1 -1
  2. ossa_scanner/cli.py +34 -19
  3. ossa_scanner/scanner.py +54 -44
  4. {ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/METADATA +1 -1
  5. {ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/RECORD +9 -9
  6. {ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/LICENSE +0 -0
  7. {ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/WHEEL +0 -0
  8. {ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/entry_points.txt +0 -0
  9. {ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/top_level.txt +0 -0
ossa_scanner/__init__.py CHANGED
@@ -1 +1 @@
1
- __version__ = "0.1.2"
1
+ __version__ = "0.1.3"
ossa_scanner/cli.py CHANGED
@@ -1,35 +1,50 @@
1
1
  import argparse
2
+ import os
3
+ import shutil
2
4
  from .scanner import Scanner
3
5
  from .uploader import GitHubUploader
4
6
 
5
7
  def main():
6
8
  parser = argparse.ArgumentParser(description="OSSA Scanner CLI Tool")
7
- parser.add_argument('--output-dir', type=str, required=True, help="Directory to save downloaded source")
8
- parser.add_argument('--results-file', type=str, required=True, help="Path to save the JSON results")
9
9
  parser.add_argument('--threads', type=int, default=4, help="Number of threads for parallel processing")
10
10
  parser.add_argument('--upload', action='store_true', help="Upload results to GitHub")
11
- parser.add_argument('--repo-owner', type=str, help="GitHub repository owner")
12
- parser.add_argument('--repo-name', type=str, help="GitHub repository name")
13
- parser.add_argument('--token', type=str, help="GitHub token")
14
- parser.add_argument('--repo-dir', type=str, help="Target directory in GitHub repo for results")
11
+ parser.add_argument('--repo-owner', type=str, help="GitHub repository owner (required for upload)")
12
+ parser.add_argument('--repo-name', type=str, help="GitHub repository name (required for upload)")
13
+ parser.add_argument('--token', type=str, help="GitHub token (required for upload)")
14
+ parser.add_argument('--repo-dir', type=str, help="Target directory in GitHub repo for results (required for upload)")
15
+ parser.add_argument('--retain-temp', action='store_true', help="Retain the temporary directory for downloaded and extracted packages")
15
16
  args = parser.parse_args()
16
17
 
17
- # Initialize the scanner
18
- scanner = Scanner(output_dir=args.output_dir, threads=args.threads)
19
-
20
- # Perform scanning
21
- results = scanner.scan_packages()
18
+ # Define directories
19
+ reports_dir = os.path.join(os.getcwd(), "ossa_reports")
20
+ temp_dir = "/tmp/ossa_temp"
22
21
 
23
- # Save results locally
24
- scanner.save_results(results, args.results_file)
22
+ os.makedirs(reports_dir, exist_ok=True)
23
+ os.makedirs(temp_dir, exist_ok=True)
25
24
 
26
- # Upload results to GitHub if specified
27
- if args.upload:
28
- if not (args.repo_owner and args.repo_name and args.token and args.repo_dir):
29
- raise ValueError("GitHub upload requires --repo-owner, --repo-name, --token, and --repo-dir")
25
+ try:
26
+ # Initialize the scanner
27
+ scanner = Scanner(threads=args.threads, output_dir=reports_dir, temp_dir=temp_dir)
30
28
 
31
- uploader = GitHubUploader(args.token, args.repo_owner, args.repo_name)
32
- scanner.upload_results(args.results_file, uploader, args.repo_dir)
29
+ # Perform scanning
30
+ results = scanner.scan_packages()
31
+
32
+ # Handle GitHub upload if specified
33
+ if args.upload:
34
+ if not (args.repo_owner and args.repo_name and args.token and args.repo_dir):
35
+ raise ValueError("GitHub upload requires --repo-owner, --repo-name, --token, and --repo-dir")
36
+
37
+ uploader = GitHubUploader(args.token, args.repo_owner, args.repo_name)
38
+ for report_file in os.listdir(reports_dir):
39
+ report_path = os.path.join(reports_dir, report_file)
40
+ if os.path.isfile(report_path):
41
+ uploader.upload_file(report_path, os.path.join(args.repo_dir, report_file), "Add OSSA report")
42
+
43
+ finally:
44
+ # Clean up the temporary directory unless the user opts to retain it
45
+ if not args.retain_temp:
46
+ print(f"Cleaning up temporary directory: {temp_dir}")
47
+ shutil.rmtree(temp_dir, ignore_errors=True)
33
48
 
34
49
  if __name__ == "__main__":
35
50
  main()
ossa_scanner/scanner.py CHANGED
@@ -1,18 +1,21 @@
1
1
  import os
2
2
  import json
3
+ import hashlib
4
+ from datetime import datetime
3
5
  from concurrent.futures import ThreadPoolExecutor, as_completed
4
6
  from .utils.os_detection import detect_os
5
7
  from .utils.package_manager import list_packages, get_package_info
6
8
  from .utils.downloader import download_source
7
9
  from .utils.hash_calculator import calculate_file_hash
8
10
  from .utils.swhid_calculator import calculate_swhid
9
- from .uploader import GitHubUploader
10
11
 
11
12
  class Scanner:
12
- def __init__(self, output_dir, threads=4):
13
+ def __init__(self, threads=4, output_dir="ossa_reports", temp_dir="/tmp/ossa_temp"):
13
14
  self.output_dir = output_dir
15
+ self.temp_dir = temp_dir
14
16
  self.os_type = detect_os()
15
17
  self.threads = threads
18
+ os.makedirs(self.temp_dir, exist_ok=True)
16
19
 
17
20
  def process_package(self, package):
18
21
  """
@@ -29,47 +32,35 @@ class Scanner:
29
32
  package_info = get_package_info(self.os_type, package)
30
33
  print(f"Fetched metadata for {package}")
31
34
 
32
- # Download the source code
33
- source_file = download_source(self.os_type, package, self.output_dir)
35
+ # Download the source code to temp_dir
36
+ source_file = download_source(self.os_type, package, self.temp_dir)
34
37
  print(f"Downloaded source file: {source_file}")
35
38
 
36
39
  # Calculate hash of the source file
37
40
  file_hash = calculate_file_hash(source_file)
38
41
  print(f"Hash (SHA256) for {package}: {file_hash}")
39
42
 
40
- # Extract source code directory
41
- source_dir = os.path.join(self.output_dir, package)
43
+ # Extract source code directory in temp_dir
44
+ source_dir = os.path.join(self.temp_dir, package)
42
45
  os.makedirs(source_dir, exist_ok=True)
43
46
 
44
47
  # Calculate SWHID
45
48
  swhid = calculate_swhid(source_dir)
46
49
  print(f"SWHID for {package}: {swhid}")
47
50
 
48
- return {
49
- "package": package,
50
- "info": package_info,
51
- "hash": file_hash,
52
- "swhid": swhid,
53
- }
51
+ # Save report
52
+ self.save_package_report(package, package_info, file_hash, swhid, source_file)
54
53
 
55
54
  except Exception as e:
56
55
  print(f"Error processing package {package}: {e}")
57
- return {
58
- "package": package,
59
- "error": str(e)
60
- }
61
56
 
62
57
  def scan_packages(self):
63
58
  """
64
59
  Scans all packages in the repository and processes them in parallel.
65
-
66
- Returns:
67
- list: List of results for each package.
68
60
  """
69
61
  print(f"Detected OS: {self.os_type}")
70
62
  print("Listing available packages...")
71
63
  packages = list_packages(self.os_type)
72
- results = []
73
64
  with ThreadPoolExecutor(max_workers=self.threads) as executor:
74
65
  # Submit tasks for parallel processing
75
66
  future_to_package = {
@@ -80,34 +71,53 @@ class Scanner:
80
71
  for future in as_completed(future_to_package):
81
72
  package = future_to_package[future]
82
73
  try:
83
- result = future.result()
84
- results.append(result)
74
+ future.result()
85
75
  except Exception as e:
86
76
  print(f"Exception occurred for package {package}: {e}")
87
- return results
88
-
89
- def save_results(self, results, output_file):
90
- """
91
- Save the scan results to a JSON file.
92
77
 
93
- Args:
94
- results (list): List of results for each package.
95
- output_file (str): Path to save the JSON file.
78
+ def save_package_report(self, package, package_info, file_hash, swhid, source_file):
96
79
  """
97
- with open(output_file, "w") as f:
98
- json.dump(results, f, indent=4)
99
- print(f"Results saved to {output_file}")
100
-
101
- def upload_results(self, results_file, github_uploader, repo_dir):
102
- """
103
- Uploads the results file to GitHub.
80
+ Save the report for a single package.
104
81
 
105
82
  Args:
106
- results_file (str): Local results file path to upload.
107
- github_uploader (GitHubUploader): Instance of the GitHubUploader class.
108
- repo_dir (str): Path in the GitHub repository where the results will be uploaded.
83
+ package (str): Package name.
84
+ package_info (dict): Information about the package.
85
+ file_hash (str): SHA256 hash of the downloaded source.
86
+ swhid (str): Software Heritage ID of the package.
109
87
  """
110
- print(f"Uploading results to GitHub: {repo_dir}")
111
- repo_path = os.path.join(repo_dir, os.path.basename(results_file))
112
- github_uploader.upload_file(results_file, repo_path, "Add scanning results")
113
-
88
+ # Generate report filename
89
+ sha1_name = hashlib.sha1(package.encode()).hexdigest()
90
+ date_str = datetime.now().strftime("%Y%m%d")
91
+ report_filename = f"ossa-{date_str}-{sha1_name}-{package}.json"
92
+ report_path = os.path.join(self.output_dir, report_filename)
93
+
94
+ # Create the report content
95
+ report = {
96
+ "id": f"OSSA-{date_str}-{sha1_name.upper()}",
97
+ "version": "1.0.0",
98
+ "severity": "Informational",
99
+ "title": f"Advisory for {package}",
100
+ "package_name": package,
101
+ "publisher": "Generated by OSSA Collector",
102
+ "last_updated": datetime.now().isoformat(),
103
+ "approvals": [{"consumption": True, "externalization": True}],
104
+ "description": f"Automatically generated OSSA for the package {package}.",
105
+ "purls": [f"pkg:{self.os_type}/{package}"],
106
+ "regex": [f"^pkg:{self.os_type}/{package}.*"],
107
+ "affected_versions": ["*.*"],
108
+ "artifacts": [
109
+ {
110
+ "url": f"file://{source_file}",
111
+ "hashes": {"sha256": file_hash},
112
+ "swhid": swhid
113
+ }
114
+ ],
115
+ "licenses": package_info.get("licenses", []),
116
+ "aliases": package_info.get("aliases", []),
117
+ "references": package_info.get("references", [])
118
+ }
119
+
120
+ # Save the report to the output directory
121
+ with open(report_path, "w") as f:
122
+ json.dump(report, f, indent=4)
123
+ print(f"Report saved: {report_path}")
{ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: ossa_scanner
3
- Version: 0.1.2
3
+ Version: 0.1.3
4
4
  Summary: A Python library for scanning Linux packages, managing metadata, and generating SWHIDs.
5
5
  Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
6
6
  Author: Oscar Valenzuela
{ossa_scanner-0.1.2.dist-info → ossa_scanner-0.1.3.dist-info}/RECORD RENAMED
@@ -1,6 +1,6 @@
1
- ossa_scanner/__init__.py,sha256=YvuYzWnKtqBb-IqG8HAu-nhIYAsgj9Vmc_b9o7vO-js,22
2
- ossa_scanner/cli.py,sha256=hyRUOgp9kcwFtQrIeyth5vTxeK7eOlxfn5R9E7HX5sA,1640
3
- ossa_scanner/scanner.py,sha256=SAkiBLjAuO3dklbHPgXs0p047buO6Pp51RROq6G7Yq8,4082
1
+ ossa_scanner/__init__.py,sha256=XEqb2aiIn8fzGE68Mph4ck1FtQqsR_am0wRWvrYPffQ,22
2
+ ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
3
+ ossa_scanner/scanner.py,sha256=YOYB4-7EwQyZE6KU6_dyRD09tq6ntgmYvyxX02KgB5c,4885
4
4
  ossa_scanner/uploader.py,sha256=X8bo7GqfpBjz2NlnvSwDR_rVqNoZDRPF2pnQMaVENbc,2436
5
5
  ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
6
6
  ossa_scanner/utils/downloader.py,sha256=3ccwcde9yJ_SEP0mG9TDr2O0MMdA1p-K6hpzqme-KQ4,2081
@@ -8,9 +8,9 @@ ossa_scanner/utils/hash_calculator.py,sha256=i47KS_HoZNiSbGyd0iP9_TcDwxWS2SrmkIc
8
8
  ossa_scanner/utils/os_detection.py,sha256=QdRKQ4li4SOHgBofe1qWf8OOcw8XvhM-XWUNu0Cy0a4,315
9
9
  ossa_scanner/utils/package_manager.py,sha256=tWuQwgkFQjTzeisem0Gz8uFvWw5Cxd-Tft5HM8tIQmk,4028
10
10
  ossa_scanner/utils/swhid_calculator.py,sha256=4Z0H2GmECMAJlvH6JBbUmaLXSLRNntyYEdxsS6CTEMQ,63
11
- ossa_scanner-0.1.2.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
12
- ossa_scanner-0.1.2.dist-info/METADATA,sha256=dWWsJKRvqN1vdal81dAseom9Cb1OwLjuOZAllrfOoMs,1043
13
- ossa_scanner-0.1.2.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
14
- ossa_scanner-0.1.2.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
15
- ossa_scanner-0.1.2.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
16
- ossa_scanner-0.1.2.dist-info/RECORD,,
11
+ ossa_scanner-0.1.3.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
12
+ ossa_scanner-0.1.3.dist-info/METADATA,sha256=22Fo5X2J06UlI-94hUZLBSGJvdzpHaK-GqKFDIDkF_Q,1043
13
+ ossa_scanner-0.1.3.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
14
+ ossa_scanner-0.1.3.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
15
+ ossa_scanner-0.1.3.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
16
+ ossa_scanner-0.1.3.dist-info/RECORD,,