ossa-scanner 0.1.30__py3-none-any.whl → 0.1.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ossa_scanner/__init__.py +1 -1
- ossa_scanner/scanner.py +1 -1
- ossa_scanner/utils/package_manager.py +12 -15
- {ossa_scanner-0.1.30.dist-info → ossa_scanner-0.1.32.dist-info}/METADATA +1 -1
- {ossa_scanner-0.1.30.dist-info → ossa_scanner-0.1.32.dist-info}/RECORD +9 -9
- {ossa_scanner-0.1.30.dist-info → ossa_scanner-0.1.32.dist-info}/LICENSE +0 -0
- {ossa_scanner-0.1.30.dist-info → ossa_scanner-0.1.32.dist-info}/WHEEL +0 -0
- {ossa_scanner-0.1.30.dist-info → ossa_scanner-0.1.32.dist-info}/entry_points.txt +0 -0
- {ossa_scanner-0.1.30.dist-info → ossa_scanner-0.1.32.dist-info}/top_level.txt +0 -0
ossa_scanner/__init__.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
__version__ = "0.1.
|
|
1
|
+
__version__ = "0.1.32"
|
ossa_scanner/scanner.py
CHANGED
|
@@ -25,7 +25,7 @@ class Scanner:
|
|
|
25
25
|
def process_package(self, package):
|
|
26
26
|
try:
|
|
27
27
|
print(f"Processing package: {package}")
|
|
28
|
-
package_info = get_package_info(self.pm_type, package)
|
|
28
|
+
package_info = get_package_info(self.pm_type, package, self.temp_dir)
|
|
29
29
|
source_files = download_source(self.pm_type, package, self.temp_dir)
|
|
30
30
|
self.save_package_report(package, package_info, source_files)
|
|
31
31
|
except Exception as e:
|
|
@@ -46,7 +46,7 @@ def list_packages(package_manager):
|
|
|
46
46
|
return package_list
|
|
47
47
|
|
|
48
48
|
|
|
49
|
-
def get_package_info(package_manager, package_name):
|
|
49
|
+
def get_package_info(package_manager, package_name, output_dir):
|
|
50
50
|
if package_manager == 'apt':
|
|
51
51
|
cmd = ['apt-cache', 'show', package_name]
|
|
52
52
|
elif package_manager in ['yum', 'dnf']:
|
|
@@ -65,7 +65,7 @@ def get_package_info(package_manager, package_name):
|
|
|
65
65
|
elif package_manager in ['yum', 'dnf']:
|
|
66
66
|
return parse_yum_info(output)
|
|
67
67
|
elif package_manager == 'apt':
|
|
68
|
-
return parse_apt_info(output, package_name)
|
|
68
|
+
return parse_apt_info(output, package_name, output_dir)
|
|
69
69
|
except subprocess.CalledProcessError as e:
|
|
70
70
|
print(f"Command failed: {e}")
|
|
71
71
|
return None
|
|
@@ -129,7 +129,7 @@ def parse_yum_info(output):
|
|
|
129
129
|
info["summary"] = line.split(":", 1)[1].strip()
|
|
130
130
|
return info
|
|
131
131
|
|
|
132
|
-
def parse_apt_info(output, package_name):
|
|
132
|
+
def parse_apt_info(output, package_name, output_dir):
|
|
133
133
|
info = {}
|
|
134
134
|
lines = output.splitlines()
|
|
135
135
|
for line in lines:
|
|
@@ -141,28 +141,25 @@ def parse_apt_info(output, package_name):
|
|
|
141
141
|
info["licenses"] = line.split(":", 1)[1].strip()
|
|
142
142
|
|
|
143
143
|
if "licenses" not in info:
|
|
144
|
-
info["licenses"] = apt_get_license_from_source(package_name)
|
|
144
|
+
info["licenses"] = apt_get_license_from_source(package_name, output_dir)
|
|
145
145
|
if info["licenses"]:
|
|
146
146
|
info["licenses"] = extract_spdx_ids(info["licenses"])
|
|
147
|
-
severity = license_classificaton(info["licenses"])
|
|
147
|
+
info["severity"] = license_classificaton(info["licenses"])
|
|
148
148
|
else:
|
|
149
|
-
severity = "Informational"
|
|
150
|
-
|
|
151
|
-
print(package_name, info)
|
|
152
|
-
exit()
|
|
153
|
-
|
|
149
|
+
info["severity"] = "Informational"
|
|
150
|
+
print(package_name, output_dir, info)
|
|
154
151
|
# Ensure all keys are present even if data is missing
|
|
155
152
|
return {
|
|
156
153
|
"licenses": info.get("licenses", "NOASSERTION"),
|
|
157
154
|
"copyright": info.get("copyright", "NOASSERTION"),
|
|
158
155
|
"references": info.get("references", "NOASSERTION"),
|
|
159
|
-
"severity": severity,
|
|
156
|
+
"severity": info.get("severity", "NOASSERTION"),
|
|
160
157
|
}
|
|
161
158
|
|
|
162
|
-
def apt_get_license_from_source(package_name):
|
|
159
|
+
def apt_get_license_from_source(package_name, output_dir):
|
|
163
160
|
try:
|
|
164
|
-
subprocess.run(["apt-get", "source", package_name], check=True, capture_output=True, text=True)
|
|
165
|
-
source_dirs = [d for d in os.listdir() if d.startswith(package_name) and os.path.isdir(d)]
|
|
161
|
+
subprocess.run(["apt-get", "source", package_name, '-d', output_dir], check=True, capture_output=True, text=True)
|
|
162
|
+
source_dirs = [d for d in os.listdir(output_dir) if d.startswith(package_name) and os.path.isdir(d)]
|
|
166
163
|
if not source_dirs:
|
|
167
164
|
return "NOASSERTION"
|
|
168
165
|
package_dir = source_dirs[0]
|
|
@@ -173,7 +170,7 @@ def apt_get_license_from_source(package_name):
|
|
|
173
170
|
for line in f:
|
|
174
171
|
if re.search(r"(?i)license:", line):
|
|
175
172
|
licenses.append(line.split(":", 1)[1].strip())
|
|
176
|
-
shutil.rmtree(
|
|
173
|
+
shutil.rmtree(output_dir, ignore_errors=True)
|
|
177
174
|
return ", ".join(set(licenses)) if licenses else "NOASSERTION"
|
|
178
175
|
except subprocess.CalledProcessError as e:
|
|
179
176
|
print(f"Error fetching source package: {e}")
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
ossa_scanner/__init__.py,sha256=
|
|
1
|
+
ossa_scanner/__init__.py,sha256=GbbcUKhE6NYfh8LsIe9sL2m1pABous_0kRd-OZzd_C8,23
|
|
2
2
|
ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
|
|
3
|
-
ossa_scanner/scanner.py,sha256=
|
|
3
|
+
ossa_scanner/scanner.py,sha256=P_pouAPLMWUq_tjiwDyBYvs6cnXDs5VHB8305ui2VHI,4802
|
|
4
4
|
ossa_scanner/uploader.py,sha256=dPbhSLlQcDyHP-6Ugn6BzYGn_VQ1Ik6TWt2138k3REo,1837
|
|
5
5
|
ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
6
|
ossa_scanner/utils/downloader.py,sha256=AGRhJU9YducTe6mY5-7mZ4fRTFg2tcfz1DS0Nee-wM0,5693
|
|
7
7
|
ossa_scanner/utils/hash_calculator.py,sha256=LrDKngWOPbizYJWab2sDJDLB4pD_RrI51L0cZt3VjJY,960
|
|
8
8
|
ossa_scanner/utils/os_detection.py,sha256=35VbUbFklzd7aojgltKf2PxbnVFcpREA7Tri2YI5nfY,417
|
|
9
|
-
ossa_scanner/utils/package_manager.py,sha256=
|
|
9
|
+
ossa_scanner/utils/package_manager.py,sha256=PvW6b8bjapveA7ExfJFl0FAA9YHbhSgePYiuqajncHs,8563
|
|
10
10
|
ossa_scanner/utils/swhid_calculator.py,sha256=7-bO4RglJr-kt5SjUfnlcPZD0k0-s_dveHEjRo-zEMc,1317
|
|
11
|
-
ossa_scanner-0.1.
|
|
12
|
-
ossa_scanner-0.1.
|
|
13
|
-
ossa_scanner-0.1.
|
|
14
|
-
ossa_scanner-0.1.
|
|
15
|
-
ossa_scanner-0.1.
|
|
16
|
-
ossa_scanner-0.1.
|
|
11
|
+
ossa_scanner-0.1.32.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
|
|
12
|
+
ossa_scanner-0.1.32.dist-info/METADATA,sha256=0h7GrGQhP-9Bz96MLmonupnxDdiIYNFhwSTyicHCMxQ,1938
|
|
13
|
+
ossa_scanner-0.1.32.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
|
|
14
|
+
ossa_scanner-0.1.32.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
|
|
15
|
+
ossa_scanner-0.1.32.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
|
|
16
|
+
ossa_scanner-0.1.32.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|