ossa-scanner 0.1.32__py3-none-any.whl → 0.1.34__py3-none-any.whl

ossa_scanner/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.32"
+__version__ = "0.1.34"

ossa_scanner/utils/package_manager.py

@@ -142,12 +142,13 @@ def parse_apt_info(output, package_name, output_dir):
 
     if "licenses" not in info:
         info["licenses"] = apt_get_license_from_source(package_name, output_dir)
-    if info["licenses"]:
+        print(package_name, info["licenses"])
+    if "licenses" in info:
         info["licenses"] = extract_spdx_ids(info["licenses"])
         info["severity"] = license_classificaton(info["licenses"])
-    else:
-        info["severity"] = "Informational"
+
     print(package_name, output_dir, info)
+
     # Ensure all keys are present even if data is missing
     return {
         "licenses": info.get("licenses", "NOASSERTION"),
@@ -157,21 +158,36 @@ def parse_apt_info(output, package_name, output_dir):
     }
 
 def apt_get_license_from_source(package_name, output_dir):
+    """Fetches source package and extracts license from debian/copyright."""
+
     try:
-        subprocess.run(["apt-get", "source", package_name, '-d', output_dir], check=True, capture_output=True, text=True)
-        source_dirs = [d for d in os.listdir(output_dir) if d.startswith(package_name) and os.path.isdir(d)]
+        # Ensure output directory exists
+        os.makedirs(output_dir, exist_ok=True)
+
+        # Run apt-get source inside output_dir
+        subprocess.run(["apt-get", "source", package_name], check=True, capture_output=True, text=True, cwd=output_dir)
+
+        # Find the extracted source directory (since apt-get source doesn't always use package_name directly)
+        source_dirs = glob.glob(os.path.join(output_dir, f"{package_name}-*"))  # Wildcard match for versioned package dirs
         if not source_dirs:
             return "NOASSERTION"
+
         package_dir = source_dirs[0]
         copyright_file = os.path.join(package_dir, "debian", "copyright")
+
+        # Extract license information
         licenses = []
         if os.path.exists(copyright_file):
             with open(copyright_file, "r", encoding="utf-8") as f:
                 for line in f:
                     if re.search(r"(?i)license:", line):
                         licenses.append(line.split(":", 1)[1].strip())
+
+        # Cleanup
         shutil.rmtree(output_dir, ignore_errors=True)
+
         return ", ".join(set(licenses)) if licenses else "NOASSERTION"
+
     except subprocess.CalledProcessError as e:
         print(f"Error fetching source package: {e}")
         return "NOASSERTION"

{ossa_scanner-0.1.32.dist-info → ossa_scanner-0.1.34.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.32
+Version: 0.1.34
 Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela

{ossa_scanner-0.1.32.dist-info → ossa_scanner-0.1.34.dist-info}/RECORD

@@ -1,4 +1,4 @@
-ossa_scanner/__init__.py,sha256=GbbcUKhE6NYfh8LsIe9sL2m1pABous_0kRd-OZzd_C8,23
+ossa_scanner/__init__.py,sha256=79r5jd-MqbhXLbIBDVBqUJvhvcucjkaId96r46KF18I,23
 ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
 ossa_scanner/scanner.py,sha256=P_pouAPLMWUq_tjiwDyBYvs6cnXDs5VHB8305ui2VHI,4802
 ossa_scanner/uploader.py,sha256=dPbhSLlQcDyHP-6Ugn6BzYGn_VQ1Ik6TWt2138k3REo,1837
@@ -6,11 +6,11 @@ ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
 ossa_scanner/utils/downloader.py,sha256=AGRhJU9YducTe6mY5-7mZ4fRTFg2tcfz1DS0Nee-wM0,5693
 ossa_scanner/utils/hash_calculator.py,sha256=LrDKngWOPbizYJWab2sDJDLB4pD_RrI51L0cZt3VjJY,960
 ossa_scanner/utils/os_detection.py,sha256=35VbUbFklzd7aojgltKf2PxbnVFcpREA7Tri2YI5nfY,417
-ossa_scanner/utils/package_manager.py,sha256=PvW6b8bjapveA7ExfJFl0FAA9YHbhSgePYiuqajncHs,8563
+ossa_scanner/utils/package_manager.py,sha256=4Nk51B7IpLuJQnM4wQD_UTJBovI07KpDU0VcZM9jBBI,8959
 ossa_scanner/utils/swhid_calculator.py,sha256=7-bO4RglJr-kt5SjUfnlcPZD0k0-s_dveHEjRo-zEMc,1317
-ossa_scanner-0.1.32.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
-ossa_scanner-0.1.32.dist-info/METADATA,sha256=0h7GrGQhP-9Bz96MLmonupnxDdiIYNFhwSTyicHCMxQ,1938
-ossa_scanner-0.1.32.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-ossa_scanner-0.1.32.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
-ossa_scanner-0.1.32.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
-ossa_scanner-0.1.32.dist-info/RECORD,,
+ossa_scanner-0.1.34.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
+ossa_scanner-0.1.34.dist-info/METADATA,sha256=7xU188NKa9NHaFeAfXfrdKC6VgyjIOgQv-rfTi4boK0,1938
+ossa_scanner-0.1.34.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+ossa_scanner-0.1.34.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
+ossa_scanner-0.1.34.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
+ossa_scanner-0.1.34.dist-info/RECORD,,