ossa-scanner 0.1.3__tar.gz → 0.1.6__tar.gz

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.3
-Summary: A Python library for scanning Linux packages, managing metadata, and generating SWHIDs.
+Version: 0.1.6
+Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela
 Author-email: oscar.valenzuela.b@gmail.com
 License: MIT
-Keywords: linux packages SWHID open-source compliance
+Keywords: linux packages SWHID open-source compliance ossa advisory
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: MIT License
@@ -23,6 +23,7 @@ License-File: LICENSE
 Requires-Dist: click
 Requires-Dist: swh.model
 Requires-Dist: distro
+Requires-Dist: ssdeep
 
 # ossa_scanner
 Open Source Advisory Scanner (Generator)

ossa_scanner-0.1.6/ossa_scanner/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.6"

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/ossa_scanner/scanner.py

@@ -1,9 +1,13 @@
 import os
+import re
 import json
+import glob
+import shutil
+import subprocess
 import hashlib
 from datetime import datetime
 from concurrent.futures import ThreadPoolExecutor, as_completed
-from .utils.os_detection import detect_os
+from .utils.os_detection import detect_os, detect_pm
 from .utils.package_manager import list_packages, get_package_info
 from .utils.downloader import download_source
 from .utils.hash_calculator import calculate_file_hash
@@ -14,43 +18,16 @@ class Scanner:
         self.output_dir = output_dir
         self.temp_dir = temp_dir
         self.os_type = detect_os()
+        self.pm_type = detect_pm()
         self.threads = threads
         os.makedirs(self.temp_dir, exist_ok=True)
 
     def process_package(self, package):
-        """
-        Processes a single package: downloads source, extracts, calculates hash and SWHID.
-
-        Args:
-            package (str): Package name to process.
-
-        Returns:
-            dict: Result of the processed package including hash and SWHID.
-        """
         try:
             print(f"Processing package: {package}")
-            package_info = get_package_info(self.os_type, package)
-            print(f"Fetched metadata for {package}")
-
-            # Download the source code to temp_dir
-            source_file = download_source(self.os_type, package, self.temp_dir)
-            print(f"Downloaded source file: {source_file}")
-
-            # Calculate hash of the source file
-            file_hash = calculate_file_hash(source_file)
-            print(f"Hash (SHA256) for {package}: {file_hash}")
-
-            # Extract source code directory in temp_dir
-            source_dir = os.path.join(self.temp_dir, package)
-            os.makedirs(source_dir, exist_ok=True)
-
-            # Calculate SWHID
-            swhid = calculate_swhid(source_dir)
-            print(f"SWHID for {package}: {swhid}")
-
-            # Save report
-            self.save_package_report(package, package_info, file_hash, swhid, source_file)
-
+            package_info = get_package_info(self.pm_type, package)
+            source_files = download_source(self.pm_type, package, self.temp_dir)
+            self.save_package_report(package, package_info, source_files)
         except Exception as e:
             print(f"Error processing package {package}: {e}")
 
@@ -58,9 +35,9 @@ class Scanner:
         """
         Scans all packages in the repository and processes them in parallel.
         """
-        print(f"Detected OS: {self.os_type}")
+        print(f"Detected Package Manager: {self.pm_type}")
         print("Listing available packages...")
-        packages = list_packages(self.os_type)
+        packages = list_packages(self.pm_type)
         with ThreadPoolExecutor(max_workers=self.threads) as executor:
             # Submit tasks for parallel processing
             future_to_package = {
@@ -75,43 +52,59 @@ class Scanner:
                 except Exception as e:
                     print(f"Exception occurred for package {package}: {e}")
 
-    def save_package_report(self, package, package_info, file_hash, swhid, source_file):
-        """
-        Save the report for a single package.
-
-        Args:
-            package (str): Package name.
-            package_info (dict): Information about the package.
-            file_hash (str): SHA256 hash of the downloaded source.
-            swhid (str): Software Heritage ID of the package.
-        """
+    def save_package_report(self, package, package_info, source_files):
         # Generate report filename
-        sha1_name = hashlib.sha1(package.encode()).hexdigest()
+        purl_name = package_info.get("name")
+        purl_version = package_info.get("version")
+        pkg_type = "deb" if self.pm_type == "apt" else "rpm" if self.pm_type == "yum" else self.pm_type
+        os_type =  self.os_type
         date_str = datetime.now().strftime("%Y%m%d")
-        report_filename = f"ossa-{date_str}-{sha1_name}-{package}.json"
+        report_filename = f"ossa-{date_str}-{hash(package) % 10000}-{purl_name}.json"
         report_path = os.path.join(self.output_dir, report_filename)
 
+        if package_info.get("version") != "*":
+            affected_versions = ["*.*", package_info.get("version")]
+        else:
+            affected_versions = ["*.*"]
+
+        artifacts = []
+        for source_file in source_files:
+            artifact = {}
+
+            # Clean up the artifact name
+            artifact_name = os.path.basename(source_file)
+            if "--" in artifact_name:
+                artifact_name = artifact_name.split("--")[-1]
+            artifact['url'] = "file://" + artifact_name
+
+            file_hash = calculate_file_hash(source_file)
+            artifact['hashes'] = file_hash
+
+            # Extract source code directory in temp_dir
+            # Only required if calculating SWHID
+            source_dir = os.path.join(self.temp_dir, package)
+            os.makedirs(source_dir, exist_ok=True)
+            swhid = calculate_swhid(source_dir, source_file)
+            artifact['swhid'] = swhid
+
+            artifacts.append(artifact)
+
         # Create the report content
         report = {
-            "id": f"OSSA-{date_str}-{sha1_name.upper()}",
+            "id": f"OSSA-{date_str}-{hash(purl_name) % 10000}",
             "version": "1.0.0",
-            "severity": "Informational",
-            "title": f"Advisory for {package}",
-            "package_name": package,
+            "severity": package_info.get("severity", []),
+            "description": package_info.get("rason", []),
+            "title": f"Advisory for {purl_name}",
+            "package_name": purl_name,
             "publisher": "Generated by OSSA Collector",
             "last_updated": datetime.now().isoformat(),
             "approvals": [{"consumption": True, "externalization": True}],
-            "description": f"Automatically generated OSSA for the package {package}.",
-            "purls": [f"pkg:{self.os_type}/{package}"],
-            "regex": [f"^pkg:{self.os_type}/{package}.*"],
-            "affected_versions": ["*.*"],
-            "artifacts": [
-                {
-                    "url": f"file://{source_file}",
-                    "hashes": {"sha256": file_hash},
-                    "swhid": swhid
-                }
-            ],
+            "description": package_info.get("summary", []),
+            "purls": [f"pkg:{pkg_type}/{os_type}/{purl_name}@{purl_version}"],
+            "regex": [f"^pkg:{pkg_type}/{os_type}/{purl_name}.*"],
+            "affected_versions": affected_versions,
+            "artifacts": artifacts,
             "licenses": package_info.get("licenses", []),
             "aliases": package_info.get("aliases", []),
             "references": package_info.get("references", [])

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/ossa_scanner/uploader.py

@@ -12,15 +12,6 @@ class GitHubUploader:
         self.base_url = "api.github.com"
 
     def upload_file(self, file_path, repo_path, commit_message="Add scanner results"):
-        """
-        Uploads a file to a GitHub repository.
-        
-        Args:
-            file_path (str): Local file path to upload.
-            repo_path (str): Path in the GitHub repository.
-            commit_message (str): Commit message for the upload.
-        """
-        # Read the file and encode it in base64
         with open(file_path, "rb") as f:
             content = f.read()
         encoded_content = base64.b64encode(content).decode("utf-8")
@@ -54,13 +45,6 @@ class GitHubUploader:
             raise Exception(f"GitHub API Error: {response.status}")
 
     def upload_results(self, results_dir, repo_dir):
-        """
-        Uploads all files in a directory to a specified path in the GitHub repo.
-        
-        Args:
-            results_dir (str): Local directory containing results to upload.
-            repo_dir (str): Target directory in the GitHub repository.
-        """
         for root, _, files in os.walk(results_dir):
             for file_name in files:
                 local_path = os.path.join(root, file_name)

ossa_scanner-0.1.6/ossa_scanner/utils/downloader.py

@@ -0,0 +1,119 @@
+import subprocess
+import os
+import shutil
+import glob
+
+def cleanup_extracted_files(folder_path):
+    """Recursively clean up files and directories in the specified folder."""
+    try:
+        for file_path in glob.glob(f"{folder_path}/*"):
+            if os.path.isdir(file_path):
+                shutil.rmtree(file_path)  # Recursively delete directories
+                print(f"Deleted directory: {file_path}")
+            else:
+                os.remove(file_path)  # Delete files
+                print(f"Deleted file: {file_path}")
+    except Exception as e:
+        print(f"Failed to clean up {folder_path}: {e}")
+
+def download_source(package_manager, package_name, output_dir):
+    try:
+        if package_manager == 'apt':
+            cmd = ['apt-get', 'source', package_name, '-d', output_dir]
+            subprocess.run(cmd, check=True)
+        elif package_manager in ['yum', 'dnf']:
+            p_hash = hash(package_name) % 10000
+            output_dir = os.path.join(output_dir, str(p_hash))
+            os.makedirs(output_dir, exist_ok=True)
+            source_path = get_rpm_source_package(package_name, output_dir)
+            if not source_path:
+                print(f"Source package for {package_name} not found in {package_name}.")
+                return
+            spec_file = extract_rpm_spec_file(source_path, output_dir)
+            project_url, source_url = (None, None)
+            if spec_file:
+                project_url, source_url, license = extract_rpm_info_from_spec(spec_file)
+            tarballs = extract_rpm_tarballs(source_path, output_dir)
+            return tarballs
+        elif package_manager == 'brew':
+            # Fetch the source tarball
+            cmd = ['brew', 'fetch', '--build-from-source', package_name]
+            subprocess.run(cmd, check=True, capture_output=True, text=True)
+            cache_dir = subprocess.run(
+                ['brew', '--cache', package_name],
+                capture_output=True,
+                text=True,
+                check=True
+            ).stdout.strip()
+            prefixes_to_remove = ['aarch64-elf-', 'arm-none-eabi-', 'other-prefix-']
+            stripped_package_name = package_name
+            for prefix in prefixes_to_remove:
+                if package_name.startswith(prefix):
+                    stripped_package_name = package_name[len(prefix):]
+                    break
+            cache_folder = os.path.dirname(cache_dir)
+            tarball_pattern = os.path.join(cache_folder, f"*{stripped_package_name}*")
+            matching_files = glob.glob(tarball_pattern)
+            if not matching_files:
+                raise FileNotFoundError(f"Tarball not found for {package_name} in {cache_folder}")
+            tarball_path = matching_files[0]
+            os.makedirs(output_dir, exist_ok=True)
+            target_path = os.path.join(output_dir, os.path.basename(tarball_path))
+            shutil.move(tarball_path, target_path)
+            return [target_path]
+        else:
+            raise ValueError("Unsupported package manager")
+    except subprocess.CalledProcessError as e:
+        print(f"Command failed: {e}")
+        return None
+    except Exception as e:
+        print(f"Error: {e}")
+        return None
+
+def get_rpm_source_package(package_name, dest_dir="./source_packages"):
+    os.makedirs(dest_dir, exist_ok=True)
+    command = ["yumdownloader", "--source", "--destdir", dest_dir, package_name]
+    result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+    if result.returncode == 0:
+        for file in os.listdir(dest_dir):
+            if file.endswith(".src.rpm"):
+                return os.path.join(dest_dir, file)
+    return None
+
+def extract_rpm_spec_file(srpm_path, dest_dir="./extracted_specs"):
+    os.makedirs(dest_dir, exist_ok=True)
+    try:
+        command = f"rpm2cpio {srpm_path} | cpio -idmv -D {dest_dir} > /tmp/ossa_gen.log"
+        subprocess.run(command, shell=True, check=True)
+        spec_files = [os.path.join(dest_dir, f) for f in os.listdir(dest_dir) if f.endswith(".spec")]
+        if spec_files:
+            return spec_files[0]
+    except subprocess.CalledProcessError as e:
+        print(f"Failed to extract spec file from {srpm_path}: {e}")
+    return None
+
+def extract_rpm_tarballs(srpm_path, dest_dir="./extracted_sources"):
+    os.makedirs(dest_dir, exist_ok=True)
+    try:
+        tarballs = [os.path.join(dest_dir, f) for f in os.listdir(dest_dir) if f.endswith((".tar.gz", ".tar.bz2", ".tar.xz", ".tgz"))]
+        return tarballs
+    except subprocess.CalledProcessError as e:
+        print(f"Failed to extract tarballs from {srpm_path}: {e}")
+    return []
+
+def extract_rpm_info_from_spec(spec_file_path):
+    project_url = None
+    source_url = None
+    license = None
+    try:
+        with open(spec_file_path, "r") as spec_file:
+            for line in spec_file:
+                if line.startswith("URL:"):
+                    project_url = line.split(":", 1)[1].strip()
+                elif line.startswith("Source0:"):
+                    source_url = line.split(":", 1)[1].strip()
+                elif line.startswith("License:"):
+                    license = line.split(":", 1)[1].strip()
+    except FileNotFoundError:
+        print(f"Spec file not found: {spec_file_path}")
+    return project_url, source_url, license

ossa_scanner-0.1.6/ossa_scanner/utils/hash_calculator.py

@@ -0,0 +1,34 @@
+import os
+import json
+import hashlib
+import ssdeep
+
+def calculate_file_hash(file_path):
+    file_hash = {}
+    file_hash['sha1'] = compute_sha1(file_path)
+    file_hash['sha256'] = compute_sha256(file_path)
+    file_hash['ssdeep'] = compute_fuzzy_hash(file_path)
+    file_hash['swhid'] = compute_swhid(file_path)
+    return file_hash
+
+def compute_sha1(file_path):
+    sha1 = hashlib.sha1()
+    with open(file_path, "rb") as f:
+        for chunk in iter(lambda: f.read(4096), b""):
+            sha1.update(chunk)
+    return sha1.hexdigest()
+
+def compute_sha256(file_path):
+    sha256 = hashlib.sha256()
+    with open(file_path, "rb") as f:
+        for chunk in iter(lambda: f.read(4096), b""):
+            sha256.update(chunk)
+    return sha256.hexdigest()
+
+def compute_fuzzy_hash(file_path):
+    return ssdeep.hash_from_file(file_path)
+
+def compute_swhid(file_path):
+    sha1_hash = compute_sha1(file_path)
+    swhid = f"swh:1:cnt:{sha1_hash}"
+    return swhid

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/ossa_scanner/utils/os_detection.py

@@ -1,6 +1,12 @@
+import os
 import distro
+import subprocess
 
 def detect_os():
+    dist = distro.id()
+    return dist
+
+def detect_pm():
     dist = distro.id()
     if 'ubuntu' in dist or 'debian' in dist:
         return 'apt'
@@ -10,4 +16,3 @@ def detect_os():
         return 'brew'
     else:
         raise ValueError("Unsupported OS")
-

ossa_scanner-0.1.6/ossa_scanner/utils/package_manager.py

@@ -0,0 +1,180 @@
+import subprocess
+import re
+
+
+def list_packages(package_manager):
+    if package_manager == 'apt':
+        result = subprocess.run(
+            ['apt-cache', 'search', '.'],
+            capture_output=True,
+            text=True
+        )
+    elif package_manager in ['yum', 'dnf']:
+        result = subprocess.run(
+            ['repoquery', '--all'],
+            capture_output=True,
+            text=True
+        )
+    elif package_manager == 'brew':
+        result = subprocess.run(
+            ['brew', 'search', '.'],
+            capture_output=True,
+            text=True
+        )
+    else:
+        raise ValueError("ER1: Unsupported package manager for search")
+
+    packages = result.stdout.splitlines()
+    extracted_packages = []
+    max_packages = 500000
+    k_packages = 0
+    for line in packages:
+        if not line.strip() or line.startswith("==>"):
+            continue
+        extracted_packages.append(line.split()[0])
+        if k_packages >= max_packages:
+            break
+        k_packages += 1
+
+    return extracted_packages
+
+
+def get_package_info(package_manager, package_name):
+    if package_manager == 'apt':
+        cmd = ['apt-cache', 'show', package_name]
+    elif package_manager in ['yum', 'dnf']:
+        cmd = ['repoquery', '--info', package_name]
+    elif package_manager == 'brew':
+        cmd = ['brew', 'info', package_name]
+    else:
+        raise ValueError("ER: Unsupported package manager for info")
+
+    try:
+        result = subprocess.run(cmd, capture_output=True, text=True, check=True)
+        output = result.stdout
+        if package_manager == 'brew':
+            return parse_brew_info(output)
+        elif package_manager in ['yum', 'dnf']:
+            return parse_yum_info(output)
+        elif package_manager == 'apt':
+            return parse_apt_info(output)
+    except subprocess.CalledProcessError as e:
+        print(f"Command failed: {e}")
+        return None
+
+
+def parse_brew_info(output):
+    """Parses brew info output to extract license, website, and description."""
+    info = {}
+    info["name"] = "NOASSERTION"
+    info["version"] = "NOASSERTION"
+    info["licenses"] = "NOASSERTION"
+    info["severity"] = "NOASSERTION"
+    info["references"] = "NOASSERTION"
+    info["summary"] = "NOASSERTION"
+    lines = output.splitlines()
+
+    for i, line in enumerate(lines):
+        if line.startswith("==>") and ":" in line:
+            new_line = line.lstrip("==>").strip()
+            match1 = re.match(r"([^:]+):.*?([\d\.a-zA-Z]+)\s*\(", new_line)
+            match2 = re.match(r"([^:]+):", new_line)
+            if match1:
+                pname = match1.group(1).strip()
+                version = match1.group(2).strip()
+            elif match2:
+                pname = match2.group(1).strip()
+                version = "*"
+            info["name"] = pname
+            info["version"] = version
+        elif i == 1:
+            info["summary"] = line.strip()
+        elif line.startswith("https://"):  # The website URL
+            info["references"] = line.strip()
+        elif line.startswith("License:"):  # The license information
+            info["licenses"] = line.split(":", 1)[1].strip()
+            info["licenses"] = extract_spdx_ids(info["licenses"])
+    info["severity"], info["rason"] = license_classificaton(info["licenses"])
+    return info
+
+def parse_yum_info(output):
+    info = {}
+    info["name"] = "NOASSERTION"
+    info["version"] = "NOASSERTION"
+    info["licenses"] = "NOASSERTION"
+    info["severity"] = "NOASSERTION"
+    info["references"] = "NOASSERTION"
+    info["summary"] = "NOASSERTION"
+    lines = output.splitlines()
+    for line in lines:
+        if line.startswith("License"):
+            info["licenses"] = line.split(":", 1)[1].strip()
+            info["licenses"] = extract_spdx_ids(info["licenses"])
+            info["severity"], info["rason"] = license_classificaton(info["licenses"])
+        elif line.startswith("URL"):
+            info["references"] = line.split(":", 1)[1].strip()
+        elif line.startswith("Name"):
+            info["name"] = line.split(":", 1)[1].strip()
+        elif line.startswith("Version"):
+            info["version"] = line.split(":", 1)[1].strip()
+        elif line.startswith("Summary"):
+            info["summary"] = line.split(":", 1)[1].strip()
+    return info
+
+def parse_apt_info(output):
+    """Parses apt-cache show output."""
+    info = {}
+    lines = output.splitlines()
+
+    for line in lines:
+        if line.startswith("License:") or "License" in line:
+            info["licenses"] = line.split(":", 1)[1].strip()
+        elif line.startswith("Homepage:"):
+            info["website"] = line.split(":", 1)[1].strip()
+        elif "Copyright" in line:
+            info["references"] = line.strip()
+        info["licenses"] = extract_spdx_ids(info["licenses"])
+        severity = license_classificaton(info["licenses"])
+
+    # Ensure all keys are present even if data is missing
+    return {
+        "licenses": info.get("licenses", "NOASSERTION"),
+        "copyright": info.get("copyright", "NOASSERTION"),
+        "references": info.get("references", "NOASSERTION"),
+        "severity": severity,
+    }
+
+def extract_spdx_ids(license_string):
+    if not license_string.strip():
+        return "No valid SPDX licenses found"
+    raw_ids = re.split(r'(?i)\sAND\s|\sOR\s|\(|\)', license_string)
+    cleaned_ids = [spdx.strip() for spdx in raw_ids if spdx.strip()]
+    unique_spdx_ids = sorted(set(cleaned_ids))
+    return ", ".join(unique_spdx_ids) if unique_spdx_ids else "No valid SPDX licenses found"
+
+def license_classificaton(licenses):
+    license_categories = {
+        "copyleft": ["GPL", "AGPL"],
+        "weak_copyleft": ["LGPL", "MPL", "EPL", "CDDL"],
+        "permissive": ["MIT", "BSD", "Apache"]
+    }
+    # Priority levels for each category
+    priority = {"copyleft": 1, "weak_copyleft": 2, "permissive": 3}
+    severity_map = {
+        "copyleft": ("High", "This package contains copyleft licenses, which impose strong obligations."),
+        "weak_copyleft": ("Medium", "This package contains weak copyleft licenses, which impose moderate obligations."),
+        "permissive": ("Informational", "This package contains permissive licenses, which impose minimal obligations."),
+    }
+    # Split multiple licenses and normalize them
+    license_list = [l.strip() for l in licenses.split(",")]
+    current_priority = float("inf")
+    selected_severity = "Informational"
+    selected_reason = "PURL identification for OSSBOMER"
+    for license in license_list:
+        for category, patterns in license_categories.items():
+            if any(license.upper().startswith(pattern.upper()) for pattern in patterns):
+                if priority[category] < current_priority:
+                    current_priority = priority[category]
+                    selected_severity, selected_reason = severity_map[category]
+    
+    return selected_severity, selected_reason

ossa_scanner-0.1.6/ossa_scanner/utils/swhid_calculator.py

@@ -0,0 +1,35 @@
+import os
+import glob
+import shutil
+import subprocess
+
+def calculate_swhid(directory_path, file_path):
+    os.makedirs(directory_path, exist_ok=True)
+    try:
+        command = f"tar -xf {file_path} -C {directory_path}"
+        subprocess.run(command, shell=True, check=True)
+        command = ["swh.identify", directory_path]
+        result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+        if result.returncode == 0:
+            for line in result.stdout.strip().split("\n"):
+                if line.startswith("swh:1:dir:"):
+                    swhid = line.split("\t")[0]
+                    cleanup_extracted_files(directory_path)
+                    return swhid
+        else:
+            print(f"Failed to compute folder SWHID: {result.stderr}")
+    except subprocess.CalledProcessError as e:
+        print(f"Failed to process tarball {file_path}: {e}")
+    finally:
+        cleanup_extracted_files(directory_path)
+    return None
+
+def cleanup_extracted_files(directory_path):
+    try:
+        for file_path in glob.glob(f"{directory_path}/*"):
+            if os.path.isdir(file_path):
+                shutil.rmtree(file_path)
+            else:
+                os.remove(file_path)
+    except Exception as e:
+        print(f"Failed to clean up {directory_path}: {e}")

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/ossa_scanner.egg-info/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.1
 Name: ossa_scanner
-Version: 0.1.3
-Summary: A Python library for scanning Linux packages, managing metadata, and generating SWHIDs.
+Version: 0.1.6
+Summary: Open Source Software Advisory generator for Core and Base Linux Packages.
 Home-page: https://github.com/oscarvalenzuelab/ossa_scanner
 Author: Oscar Valenzuela
 Author-email: oscar.valenzuela.b@gmail.com
 License: MIT
-Keywords: linux packages SWHID open-source compliance
+Keywords: linux packages SWHID open-source compliance ossa advisory
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: MIT License
@@ -23,6 +23,7 @@ License-File: LICENSE
 Requires-Dist: click
 Requires-Dist: swh.model
 Requires-Dist: distro
+Requires-Dist: ssdeep
 
 # ossa_scanner
 Open Source Advisory Scanner (Generator)

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/ossa_scanner.egg-info/requires.txt

@@ -1,3 +1,4 @@
 click
 swh.model
 distro
+ssdeep

{ossa_scanner-0.1.3 → ossa_scanner-0.1.6}/setup.py

@@ -20,7 +20,7 @@ with open("README.md", "r", encoding="utf-8") as fh:
 setup(
     name="ossa_scanner",
     version=get_version(),
-    description="A Python library for scanning Linux packages, managing metadata, and generating SWHIDs.",
+    description="Open Source Software Advisory generator for Core and Base Linux Packages.",
     long_description=long_description,
     long_description_content_type='text/markdown',
     author="Oscar Valenzuela",
@@ -32,6 +32,7 @@ setup(
         "click",
         "swh.model",
         "distro",
+        "ssdeep",
     ],
     entry_points={
         "console_scripts": [
@@ -51,5 +52,5 @@ setup(
         "Programming Language :: Python :: 3.10",
         "Operating System :: POSIX :: Linux",
     ],
-    keywords="linux packages SWHID open-source compliance",
+    keywords="linux packages SWHID open-source compliance ossa advisory",
 )

ossa_scanner-0.1.3/ossa_scanner/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.1.3"

ossa_scanner-0.1.3/ossa_scanner/utils/downloader.py

@@ -1,47 +0,0 @@
-import subprocess
-import os
-import shutil
-import glob
-
-def download_source(package_manager, package_name, output_dir):
-    try:
-        if package_manager == 'apt':
-            cmd = ['apt-get', 'source', package_name, '-d', output_dir]
-            subprocess.run(cmd, check=True)
-        elif package_manager in ['yum', 'dnf']:
-            cmd = ['dnf', 'download', '--source', package_name, '--downloaddir', output_dir]
-            subprocess.run(cmd, check=True)
-        elif package_manager == 'brew':
-            # Fetch the source tarball
-            cmd = ['brew', 'fetch', '--build-from-source', package_name]
-            subprocess.run(cmd, check=True, capture_output=True, text=True)
-            cache_dir = subprocess.run(
-                ['brew', '--cache', package_name],
-                capture_output=True,
-                text=True,
-                check=True
-            ).stdout.strip()
-            prefixes_to_remove = ['aarch64-elf-', 'arm-none-eabi-', 'other-prefix-']
-            stripped_package_name = package_name
-            for prefix in prefixes_to_remove:
-                if package_name.startswith(prefix):
-                    stripped_package_name = package_name[len(prefix):]
-                    break
-            cache_folder = os.path.dirname(cache_dir)
-            tarball_pattern = os.path.join(cache_folder, f"*{stripped_package_name}*")
-            matching_files = glob.glob(tarball_pattern)
-            if not matching_files:
-                raise FileNotFoundError(f"Tarball not found for {package_name} in {cache_folder}")
-            tarball_path = matching_files[0]
-            os.makedirs(output_dir, exist_ok=True)
-            target_path = os.path.join(output_dir, os.path.basename(tarball_path))
-            shutil.move(tarball_path, target_path)
-            return target_path
-        else:
-            raise ValueError("Unsupported package manager")
-    except subprocess.CalledProcessError as e:
-        print(f"Command failed: {e}")
-        return None
-    except Exception as e:
-        print(f"Error: {e}")
-        return None

ossa_scanner-0.1.3/ossa_scanner/utils/hash_calculator.py

@@ -1,8 +0,0 @@
-import hashlib
-
-def calculate_file_hash(file_path, algorithm='sha256'):
-    hash_func = hashlib.new(algorithm)
-    with open(file_path, 'rb') as f:
-        while chunk := f.read(8192):
-            hash_func.update(chunk)
-    return hash_func.hexdigest()

ossa_scanner-0.1.3/ossa_scanner/utils/package_manager.py

@@ -1,128 +0,0 @@
-import subprocess
-
-
-def list_packages(package_manager):
-    if package_manager == 'apt':
-        result = subprocess.run(
-            ['apt-cache', 'search', '.'],
-            capture_output=True,
-            text=True
-        )
-    elif package_manager in ['yum', 'dnf']:
-        result = subprocess.run(
-            ['repoquery', '--all'],
-            capture_output=True,
-            text=True
-        )
-    elif package_manager == 'brew':
-        result = subprocess.run(
-            ['brew', 'search', '.'],
-            capture_output=True,
-            text=True
-        )
-    else:
-        raise ValueError("ER1: Unsupported package manager for search")
-
-    packages = result.stdout.splitlines()
-    extracted_packages = []
-    max_packages = 5
-    k_packages = 0
-    for line in packages:
-        if not line.strip() or line.startswith("==>"):
-            continue
-        extracted_packages.append(line.split()[0])
-        if k_packages >= max_packages:
-            break
-        k_packages += 1
-
-    return extracted_packages
-
-
-def get_package_info(package_manager, package_name):
-    if package_manager == 'apt':
-        cmd = ['apt-cache', 'show', package_name]
-    elif package_manager in ['yum', 'dnf']:
-        cmd = ['repoquery', '--info', package_name]
-    elif package_manager == 'brew':
-        cmd = ['brew', 'info', package_name]
-    else:
-        raise ValueError("ER: Unsupported package manager for info")
-
-    try:
-        result = subprocess.run(cmd, capture_output=True, text=True, check=True)
-        output = result.stdout
-
-        # Parse the output based on the package manager
-        if package_manager == 'brew':
-            return parse_brew_info(output)
-        elif package_manager in ['yum', 'dnf']:
-            return parse_yum_info(output)
-        elif package_manager == 'apt':
-            return parse_apt_info(output)
-    except subprocess.CalledProcessError as e:
-        print(f"Command failed: {e}")
-        return None
-
-
-def parse_brew_info(output):
-    """Parses brew info output to extract license, website, and description."""
-    info = {}
-    lines = output.splitlines()
-    info["license"] = "Unknown"
-    info["website"] = "Unknown"
-    info["description"] = "Unknown"
-
-    for i, line in enumerate(lines):
-        if i == 1:  # The description is usually on the second line
-            info["description"] = line.strip()
-        elif line.startswith("https://"):  # The website URL
-            info["website"] = line.strip()
-        elif line.startswith("License:"):  # The license information
-            info["license"] = line.split(":", 1)[1].strip()
-
-    # Ensure all keys are present even if some fields are missing
-    return info
-
-
-
-def parse_yum_info(output):
-    """Parses yum repoquery --info output."""
-    info = {}
-    lines = output.splitlines()
-
-    for line in lines:
-        if line.startswith("License"):
-            info["license"] = line.split(":", 1)[1].strip()
-        elif line.startswith("URL"):
-            info["website"] = line.split(":", 1)[1].strip()
-        elif "Copyright" in line:
-            info["copyright"] = line.strip()
-
-    # Ensure all keys are present even if data is missing
-    return {
-        "license": info.get("license", "Unknown"),
-        "copyright": info.get("copyright", "Unknown"),
-        "website": info.get("website", "Unknown"),
-    }
-
-
-def parse_apt_info(output):
-    """Parses apt-cache show output."""
-    info = {}
-    lines = output.splitlines()
-
-    for line in lines:
-        if line.startswith("License:") or "License" in line:
-            info["license"] = line.split(":", 1)[1].strip()
-        elif line.startswith("Homepage:"):
-            info["website"] = line.split(":", 1)[1].strip()
-        elif "Copyright" in line:
-            info["copyright"] = line.strip()
-
-    # Ensure all keys are present even if data is missing
-    return {
-        "license": info.get("license", "Unknown"),
-        "copyright": info.get("copyright", "Unknown"),
-        "website": info.get("website", "Unknown"),
-    }
-

ossa_scanner-0.1.3/ossa_scanner/utils/swhid_calculator.py

@@ -1,3 +0,0 @@
-
-def calculate_swhid(directory_path):
-    return directory_path