ossa-scanner 0.1.3__py3-none-any.whl → 0.1.4__py3-none-any.whl

ossa_scanner/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.3"
+__version__ = "0.1.4"

ossa_scanner/scanner.py

@@ -18,25 +18,14 @@ class Scanner:
         os.makedirs(self.temp_dir, exist_ok=True)
 
     def process_package(self, package):
-        """
-        Processes a single package: downloads source, extracts, calculates hash and SWHID.
-
-        Args:
-            package (str): Package name to process.
-
-        Returns:
-            dict: Result of the processed package including hash and SWHID.
-        """
         try:
             print(f"Processing package: {package}")
             package_info = get_package_info(self.os_type, package)
             print(f"Fetched metadata for {package}")
 
-            # Download the source code to temp_dir
             source_file = download_source(self.os_type, package, self.temp_dir)
             print(f"Downloaded source file: {source_file}")
 
-            # Calculate hash of the source file
             file_hash = calculate_file_hash(source_file)
             print(f"Hash (SHA256) for {package}: {file_hash}")
 
@@ -86,16 +75,22 @@ class Scanner:
             swhid (str): Software Heritage ID of the package.
         """
         # Generate report filename
-        sha1_name = hashlib.sha1(package.encode()).hexdigest()
         date_str = datetime.now().strftime("%Y%m%d")
-        report_filename = f"ossa-{date_str}-{sha1_name}-{package}.json"
+        report_filename = f"ossa-{date_str}-{hash(package) % 10000}-{package}.json"
         report_path = os.path.join(self.output_dir, report_filename)
 
+        # This need to be moved to a different class
+        artifact_name = source_file
+        if "tmp/" in source_file:
+            artifact_name = os.path.basename(source_file)
+        if "--" in artifact_name:
+            artifact_name = artifact_name.split("--")[-1]
+
         # Create the report content
         report = {
-            "id": f"OSSA-{date_str}-{sha1_name.upper()}",
+            "id": f"OSSA-{date_str}-{hash(package) % 10000}",
             "version": "1.0.0",
-            "severity": "Informational",
+            "severity": package_info.get("severity", []),
             "title": f"Advisory for {package}",
             "package_name": package,
             "publisher": "Generated by OSSA Collector",
@@ -107,8 +102,10 @@ class Scanner:
             "affected_versions": ["*.*"],
             "artifacts": [
                 {
-                    "url": f"file://{source_file}",
-                    "hashes": {"sha256": file_hash},
+                    "url": f"file://{artifact_name}",
+                    "hashes": {
+                        "sha1": file_hash['sha1'], "sha256": file_hash['sha256'], 
+                        "ssdeep": file_hash['ssdeep'], "swhid": file_hash['swhid']},
                     "swhid": swhid
                 }
             ],

ossa_scanner/utils/hash_calculator.py

@@ -1,8 +1,35 @@
+import os
+import json
 import hashlib
+import ssdeep
 
-def calculate_file_hash(file_path, algorithm='sha256'):
-    hash_func = hashlib.new(algorithm)
-    with open(file_path, 'rb') as f:
-        while chunk := f.read(8192):
-            hash_func.update(chunk)
-    return hash_func.hexdigest()
+def calculate_file_hash(file_path):
+    file_hash = {}
+    file_hash['sha1'] = compute_sha1(file_path)
+    file_hash['sha256'] = compute_sha256(file_path)
+    file_hash['ssdeep'] = compute_fuzzy_hash(file_path)
+    file_hash['swhid'] = compute_swhid(file_path)
+    print(file_hash)
+    return file_hash
+
+def compute_sha1(file_path):
+    sha1 = hashlib.sha1()
+    with open(file_path, "rb") as f:
+        for chunk in iter(lambda: f.read(4096), b""):
+            sha1.update(chunk)
+    return sha1.hexdigest()
+
+def compute_sha256(file_path):
+    sha256 = hashlib.sha256()
+    with open(file_path, "rb") as f:
+        for chunk in iter(lambda: f.read(4096), b""):
+            sha256.update(chunk)
+    return sha256.hexdigest()
+
+def compute_fuzzy_hash(file_path):
+    return ssdeep.hash_from_file(file_path)
+
+def compute_swhid(file_path):
+    sha1_hash = compute_sha1(file_path)
+    swhid = f"swh:1:cnt:{sha1_hash}"
+    return swhid

ossa_scanner/utils/package_manager.py

@@ -25,7 +25,7 @@ def list_packages(package_manager):
 
     packages = result.stdout.splitlines()
     extracted_packages = []
-    max_packages = 5
+    max_packages = 2
     k_packages = 0
     for line in packages:
         if not line.strip() or line.startswith("==>"):
@@ -51,8 +51,6 @@ def get_package_info(package_manager, package_name):
     try:
         result = subprocess.run(cmd, capture_output=True, text=True, check=True)
         output = result.stdout
-
-        # Parse the output based on the package manager
         if package_manager == 'brew':
             return parse_brew_info(output)
         elif package_manager in ['yum', 'dnf']:
@@ -68,23 +66,21 @@ def parse_brew_info(output):
     """Parses brew info output to extract license, website, and description."""
     info = {}
     lines = output.splitlines()
-    info["license"] = "Unknown"
-    info["website"] = "Unknown"
-    info["description"] = "Unknown"
+    info["licenses"] = "NOASSERTION"
+    info["references"] = "NOASSERTION"
+    info["description"] = "NOASSERTION"
 
     for i, line in enumerate(lines):
         if i == 1:  # The description is usually on the second line
             info["description"] = line.strip()
         elif line.startswith("https://"):  # The website URL
-            info["website"] = line.strip()
+            info["references"] = line.strip()
         elif line.startswith("License:"):  # The license information
-            info["license"] = line.split(":", 1)[1].strip()
+            info["licenses"] = line.split(":", 1)[1].strip()
+    info["severity"] = license_classificaton(info["licenses"])
 
-    # Ensure all keys are present even if some fields are missing
     return info
 
-
-
 def parse_yum_info(output):
     """Parses yum repoquery --info output."""
     info = {}
@@ -92,17 +88,19 @@ def parse_yum_info(output):
 
     for line in lines:
         if line.startswith("License"):
-            info["license"] = line.split(":", 1)[1].strip()
+            info["licenses"] = line.split(":", 1)[1].strip()
         elif line.startswith("URL"):
-            info["website"] = line.split(":", 1)[1].strip()
+            info["references"] = line.split(":", 1)[1].strip()
         elif "Copyright" in line:
-            info["copyright"] = line.strip()
+            info["references"] = line.strip()
+        severity = license_classificaton(info["licenses"])
 
     # Ensure all keys are present even if data is missing
     return {
-        "license": info.get("license", "Unknown"),
-        "copyright": info.get("copyright", "Unknown"),
-        "website": info.get("website", "Unknown"),
+        "licenses": info.get("licenses", "NOASSERTION"),
+        "copyright": info.get("copyright", "NOASSERTION"),
+        "references": info.get("references", "NOASSERTION"),
+        "severity": severity,
     }
 
 
@@ -113,16 +111,25 @@ def parse_apt_info(output):
 
     for line in lines:
         if line.startswith("License:") or "License" in line:
-            info["license"] = line.split(":", 1)[1].strip()
+            info["licenses"] = line.split(":", 1)[1].strip()
         elif line.startswith("Homepage:"):
             info["website"] = line.split(":", 1)[1].strip()
         elif "Copyright" in line:
-            info["copyright"] = line.strip()
+            info["references"] = line.strip()
+        severity = license_classificaton(info["licenses"])
 
     # Ensure all keys are present even if data is missing
     return {
-        "license": info.get("license", "Unknown"),
-        "copyright": info.get("copyright", "Unknown"),
-        "website": info.get("website", "Unknown"),
+        "licenses": info.get("licenses", "NOASSERTION"),
+        "copyright": info.get("copyright", "NOASSERTION"),
+        "references": info.get("references", "NOASSERTION"),
+        "severity": severity,
     }
 
+def license_classificaton(licenses):
+    copyleft_licenses = ['GPL', 'CDDL', 'MPL']
+    severity = "Informational"
+    for cl_license in copyleft_licenses:
+        if cl_license.lower() in licenses:
+            severity = "Medium"
+    return severity

{ossa_scanner-0.1.3.dist-info → ossa_scanner-0.1.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.3
+Version: 0.1.4
 Summary: A Python library for scanning Linux packages, managing metadata, and generating SWHIDs.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela
@@ -23,6 +23,7 @@ License-File: LICENSE
 Requires-Dist: click
 Requires-Dist: swh.model
 Requires-Dist: distro
+Requires-Dist: ssdeep
 
 # ossa_scanner
 Open Source Advisory Scanner (Generator)

ossa_scanner-0.1.4.dist-info/RECORD

@@ -0,0 +1,16 @@
+ossa_scanner/__init__.py,sha256=Wzf5T3NBDfhQoTnhnRNHSlAsE0XMqbclXG-M81Vas70,22
+ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
+ossa_scanner/scanner.py,sha256=Z4Pb20RS8VaZw4aUPPaVhxRjoOMWdN7ePFOOeijlVT8,4903
+ossa_scanner/uploader.py,sha256=X8bo7GqfpBjz2NlnvSwDR_rVqNoZDRPF2pnQMaVENbc,2436
+ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+ossa_scanner/utils/downloader.py,sha256=3ccwcde9yJ_SEP0mG9TDr2O0MMdA1p-K6hpzqme-KQ4,2081
+ossa_scanner/utils/hash_calculator.py,sha256=or1HmK_vW6M5vgBWQud-GJjeDElmr64HnkR7FHwIx1Y,981
+ossa_scanner/utils/os_detection.py,sha256=QdRKQ4li4SOHgBofe1qWf8OOcw8XvhM-XWUNu0Cy0a4,315
+ossa_scanner/utils/package_manager.py,sha256=xi1bVU5CRxVz0CzdnYfrKQP6__a-qdRp9YOJ-94A6A0,4462
+ossa_scanner/utils/swhid_calculator.py,sha256=4Z0H2GmECMAJlvH6JBbUmaLXSLRNntyYEdxsS6CTEMQ,63
+ossa_scanner-0.1.4.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
+ossa_scanner-0.1.4.dist-info/METADATA,sha256=cHvocgib0KYIlF0GUasImIc9fJwPxunIgPwZNwAFs3k,1065
+ossa_scanner-0.1.4.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+ossa_scanner-0.1.4.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
+ossa_scanner-0.1.4.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
+ossa_scanner-0.1.4.dist-info/RECORD,,

ossa_scanner-0.1.3.dist-info/RECORD

@@ -1,16 +0,0 @@
-ossa_scanner/__init__.py,sha256=XEqb2aiIn8fzGE68Mph4ck1FtQqsR_am0wRWvrYPffQ,22
-ossa_scanner/cli.py,sha256=sgr8NFpf_Ut84KYFQjOKRxv8CfAMaTPhMo7DbR53lT4,2311
-ossa_scanner/scanner.py,sha256=YOYB4-7EwQyZE6KU6_dyRD09tq6ntgmYvyxX02KgB5c,4885
-ossa_scanner/uploader.py,sha256=X8bo7GqfpBjz2NlnvSwDR_rVqNoZDRPF2pnQMaVENbc,2436
-ossa_scanner/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ossa_scanner/utils/downloader.py,sha256=3ccwcde9yJ_SEP0mG9TDr2O0MMdA1p-K6hpzqme-KQ4,2081
-ossa_scanner/utils/hash_calculator.py,sha256=i47KS_HoZNiSbGyd0iP9_TcDwxWS2SrmkIcNF2MWLcA,254
-ossa_scanner/utils/os_detection.py,sha256=QdRKQ4li4SOHgBofe1qWf8OOcw8XvhM-XWUNu0Cy0a4,315
-ossa_scanner/utils/package_manager.py,sha256=tWuQwgkFQjTzeisem0Gz8uFvWw5Cxd-Tft5HM8tIQmk,4028
-ossa_scanner/utils/swhid_calculator.py,sha256=4Z0H2GmECMAJlvH6JBbUmaLXSLRNntyYEdxsS6CTEMQ,63
-ossa_scanner-0.1.3.dist-info/LICENSE,sha256=9slQ_XNiEkio28l90NwihP7a90fCL2GQ6YhcVXTBls4,1064
-ossa_scanner-0.1.3.dist-info/METADATA,sha256=22Fo5X2J06UlI-94hUZLBSGJvdzpHaK-GqKFDIDkF_Q,1043
-ossa_scanner-0.1.3.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-ossa_scanner-0.1.3.dist-info/entry_points.txt,sha256=UVoAo-wTPxT82g3cfqTs2CmQnazd57TAwhd9VwEKD1c,55
-ossa_scanner-0.1.3.dist-info/top_level.txt,sha256=uUp5CvhZfJLapXn9DyUXvgH7QK3uzF2ibH943lWN5Bs,13
-ossa_scanner-0.1.3.dist-info/RECORD,,