owasp-depscan 5.2.4__tar.gz → 5.2.6__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. {owasp-depscan-5.2.4/owasp_depscan.egg-info → owasp-depscan-5.2.6}/PKG-INFO +2 -2
  2. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/cli.py +11 -2
  3. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/bom.py +28 -9
  4. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6/owasp_depscan.egg-info}/PKG-INFO +2 -2
  5. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/owasp_depscan.egg-info/requires.txt +1 -1
  6. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/pyproject.toml +2 -2
  7. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/LICENSE +0 -0
  8. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/MANIFEST.in +0 -0
  9. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/README.md +0 -0
  10. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/__init__.py +0 -0
  11. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/__init__.py +0 -0
  12. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/analysis.py +0 -0
  13. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/audit.py +0 -0
  14. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/config.py +0 -0
  15. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/csaf.py +0 -0
  16. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/explainer.py +0 -0
  17. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/github.py +0 -0
  18. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/license.py +0 -0
  19. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/logger.py +0 -0
  20. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/normalize.py +0 -0
  21. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/orasclient.py +0 -0
  22. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/pkg_query.py +0 -0
  23. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/utils.py +0 -0
  24. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/owasp_depscan.egg-info/SOURCES.txt +0 -0
  25. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/owasp_depscan.egg-info/dependency_links.txt +0 -0
  26. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/owasp_depscan.egg-info/entry_points.txt +0 -0
  27. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/owasp_depscan.egg-info/top_level.txt +0 -0
  28. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/setup.cfg +0 -0
  29. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_analysis.py +0 -0
  30. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_bom.py +0 -0
  31. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_csaf.py +0 -0
  32. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_explainer.py +0 -0
  33. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_github.py +0 -0
  34. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_license.py +0 -0
  35. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_norm.py +0 -0
  36. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_pkg_query.py +0 -0
  37. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/test/test_utils.py +0 -0
  38. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/__init__.py +0 -0
  39. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_data/fields.yml +0 -0
  40. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_data/meta.yml +0 -0
  41. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_data/rules.yml +0 -0
  42. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/0bsd.txt +0 -0
  43. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/afl-3.0.txt +0 -0
  44. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/agpl-3.0.txt +0 -0
  45. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/apache-2.0.txt +0 -0
  46. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/artistic-2.0.txt +0 -0
  47. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/bsd-2-clause.txt +0 -0
  48. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt +0 -0
  49. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/bsd-3-clause.txt +0 -0
  50. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/bsd-4-clause.txt +0 -0
  51. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/bsl-1.0.txt +0 -0
  52. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cc-by-4.0.txt +0 -0
  53. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cc-by-sa-4.0.txt +0 -0
  54. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cc0-1.0.txt +0 -0
  55. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cecill-2.1.txt +0 -0
  56. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cern-ohl-p-2.0.txt +0 -0
  57. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cern-ohl-s-2.0.txt +0 -0
  58. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/cern-ohl-w-2.0.txt +0 -0
  59. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/ecl-2.0.txt +0 -0
  60. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/epl-1.0.txt +0 -0
  61. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/epl-2.0.txt +0 -0
  62. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/eupl-1.1.txt +0 -0
  63. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/eupl-1.2.txt +0 -0
  64. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/gfdl-1.3.txt +0 -0
  65. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/gpl-2.0.txt +0 -0
  66. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/gpl-3.0.txt +0 -0
  67. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/isc.txt +0 -0
  68. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/lgpl-2.1.txt +0 -0
  69. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/lgpl-3.0.txt +0 -0
  70. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/lppl-1.3c.txt +0 -0
  71. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/mit-0.txt +0 -0
  72. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/mit.txt +0 -0
  73. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/mpl-2.0.txt +0 -0
  74. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/ms-pl.txt +0 -0
  75. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/ms-rl.txt +0 -0
  76. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt +0 -0
  77. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/ncsa.txt +0 -0
  78. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/odbl-1.0.txt +0 -0
  79. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/ofl-1.1.txt +0 -0
  80. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/osl-3.0.txt +0 -0
  81. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/postgresql.txt +0 -0
  82. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/unlicense.txt +0 -0
  83. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/upl-1.0.txt +0 -0
  84. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/vim.txt +0 -0
  85. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/wtfpl.txt +0 -0
  86. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/choosealicense.com/_licenses/zlib.txt +0 -0
  87. {owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/vendor/spdx/json/licenses.json +0 -0
{owasp-depscan-5.2.4/owasp_depscan.egg-info → owasp-depscan-5.2.6}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.2.4
3
+ Version: 5.2.6
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.5.10
23
+ Requires-Dist: appthreat-vulnerability-db==5.6.1
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras==0.1.26
26
26
  Requires-Dist: PyYAML
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/cli.py RENAMED
@@ -542,12 +542,15 @@ async def run_scan():
542
542
  results = []
543
543
  db = db_lib.get()
544
544
  profile = "generic"
545
+ deep = False
545
546
  if q.get("url"):
546
547
  url = q.get("url")
547
548
  if q.get("path"):
548
549
  path = q.get("path")
549
550
  if q.get("multiProject"):
550
551
  multi_project = q.get("multiProject", "").lower() in ("true", "1")
552
+ if q.get("deep"):
553
+ deep = q.get("deep", "").lower() in ("true", "1")
551
554
  if q.get("type"):
552
555
  project_type = q.get("type")
553
556
  if q.get("profile"):
@@ -562,6 +565,11 @@ async def run_scan():
562
565
  "true",
563
566
  "1",
564
567
  )
568
+ if not deep and params.get("deep"):
569
+ deep = params.get("deep", "").lower() in (
570
+ "true",
571
+ "1",
572
+ )
565
573
  if not project_type and params.get("type"):
566
574
  project_type = params.get("type")
567
575
  if not profile and params.get("profile"):
@@ -619,7 +627,8 @@ async def run_scan():
619
627
  path = tmp_bom_file.name
620
628
 
621
629
  # Path points to a project directory
622
- if os.path.isdir(path):
630
+ # Bug# 233. Path could be a url
631
+ if url or (path and os.path.isdir(path)):
623
632
  with tempfile.NamedTemporaryFile(
624
633
  delete=False, suffix=".bom.json"
625
634
  ) as bfp:
@@ -627,7 +636,7 @@ async def run_scan():
627
636
  project_type,
628
637
  bfp.name,
629
638
  path,
630
- True,
639
+ deep,
631
640
  {
632
641
  "url": url,
633
642
  "path": path,
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/depscan/lib/bom.py RENAMED
@@ -94,7 +94,9 @@ def get_licenses(ele):
94
94
  """
95
95
  license_list = []
96
96
  namespace = "{http://cyclonedx.org/schema/bom/1.5}"
97
- for data in ele.findall(f"{namespace}licenses/{namespace}license/{namespace}id"):
97
+ for data in ele.findall(
98
+ f"{namespace}licenses/{namespace}license/{namespace}id"
99
+ ):
98
100
  license_list.append(data.text)
99
101
  if not license_list:
100
102
  for data in ele.findall(
@@ -179,9 +181,13 @@ def get_pkg_list_json(jsonfile):
179
181
  licenses.append(license_obj.get("id"))
180
182
  elif license_obj.get("name"):
181
183
  licenses.append(
182
- cleanup_license_string(license_obj.get("name"))
184
+ cleanup_license_string(
185
+ license_obj.get("name")
186
+ )
183
187
  )
184
- pkgs.append({**comp, "vendor": vendor, "licenses": licenses})
188
+ pkgs.append(
189
+ {**comp, "vendor": vendor, "licenses": licenses}
190
+ )
185
191
  except Exception:
186
192
  # Ignore json errors
187
193
  pass
@@ -225,7 +231,9 @@ def get_pkg_by_type(pkg_list, pkg_type):
225
231
  if not pkg_list:
226
232
  return []
227
233
  return [
228
- pkg for pkg in pkg_list if pkg.get("purl", "").startswith("pkg:" + pkg_type)
234
+ pkg
235
+ for pkg in pkg_list
236
+ if pkg.get("purl", "").startswith("pkg:" + pkg_type)
229
237
  ]
230
238
 
231
239
 
@@ -322,7 +330,9 @@ def create_bom(project_type, bom_file, src_dir=".", deep=False, options={}):
322
330
  project_type = "universal"
323
331
  if not src_dir and options.get("path"):
324
332
  src_dir = options.get("path")
325
- with httpx.Client(http2=True, base_url=cdxgen_server, timeout=180) as client:
333
+ with httpx.Client(
334
+ http2=True, base_url=cdxgen_server, timeout=180
335
+ ) as client:
326
336
  sbom_url = f"{cdxgen_server}/sbom"
327
337
  LOG.debug("Invoking cdxgen server at %s", sbom_url)
328
338
  try:
@@ -340,7 +350,9 @@ def create_bom(project_type, bom_file, src_dir=".", deep=False, options={}):
340
350
  try:
341
351
  json_response = r.json()
342
352
  if json_response:
343
- with open(bom_file, mode="w", encoding="utf-8") as fp:
353
+ with open(
354
+ bom_file, mode="w", encoding="utf-8"
355
+ ) as fp:
344
356
  json.dump(json_response, fp)
345
357
  return os.path.exists(bom_file)
346
358
  except Exception as je:
@@ -378,12 +390,15 @@ def create_bom(project_type, bom_file, src_dir=".", deep=False, options={}):
378
390
  args.append(options.get("profile"))
379
391
  if options.get("profile") != "generic":
380
392
  LOG.debug("BOM Profile: %s", options.get("profile"))
381
- args.append(src_dir)
393
+ # Bug #233 - Source directory could be None when working with url
394
+ if src_dir:
395
+ args.append(src_dir)
382
396
  if cdxgen_cmd:
383
397
  exec_tool(
384
398
  args,
385
399
  src_dir
386
400
  if project_type not in ("docker", "oci", "container")
401
+ and src_dir
387
402
  and os.path.isdir(src_dir)
388
403
  else None,
389
404
  )
@@ -405,10 +420,14 @@ def submit_bom(reports_dir, threatdb_params):
405
420
  if not threatdb_server.endswith("/import"):
406
421
  threatdb_server = f"{threatdb_server}/import"
407
422
  login_url = threatdb_server.replace("/import", "/login")
408
- with httpx.Client(http2=True, base_url=threatdb_server, timeout=180) as client:
423
+ with httpx.Client(
424
+ http2=True, base_url=threatdb_server, timeout=180
425
+ ) as client:
409
426
  token = threatdb_params.get("threatdb_token")
410
427
  if not token:
411
- LOG.debug("Attempting to retrieve access token from %s", login_url)
428
+ LOG.debug(
429
+ "Attempting to retrieve access token from %s", login_url
430
+ )
412
431
  r = client.post(
413
432
  login_url,
414
433
  json={
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6/owasp_depscan.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.2.4
3
+ Version: 5.2.6
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.5.10
23
+ Requires-Dist: appthreat-vulnerability-db==5.6.1
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras==0.1.26
26
26
  Requires-Dist: PyYAML
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/owasp_depscan.egg-info/requires.txt RENAMED
@@ -1,4 +1,4 @@
1
- appthreat-vulnerability-db==5.5.10
1
+ appthreat-vulnerability-db==5.6.1
2
2
  defusedxml
3
3
  oras==0.1.26
4
4
  PyYAML
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/pyproject.toml RENAMED
@@ -1,12 +1,12 @@
1
1
  [project]
2
2
  name = "owasp-depscan"
3
- version = "5.2.4"
3
+ version = "5.2.6"
4
4
  description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
5
5
  authors = [
6
6
  {name = "Team AppThreat", email = "cloud@appthreat.com"},
7
7
  ]
8
8
  dependencies = [
9
- "appthreat-vulnerability-db==5.5.10",
9
+ "appthreat-vulnerability-db==5.6.1",
10
10
  "defusedxml",
11
11
  "oras==0.1.26",
12
12
  "PyYAML",
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/LICENSE RENAMED
File without changes
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/MANIFEST.in RENAMED
File without changes
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/README.md RENAMED
File without changes
{owasp-depscan-5.2.4 → owasp-depscan-5.2.6}/setup.cfg RENAMED
File without changes