owasp-depscan 5.3.1__tar.gz → 5.3.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of owasp-depscan might be problematic. Click here for more details.

Files changed (87) hide show
  1. {owasp-depscan-5.3.1/owasp_depscan.egg-info → owasp-depscan-5.3.2}/PKG-INFO +1 -1
  2. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/cli.py +7 -1
  3. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/bom.py +3 -0
  4. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/utils.py +7 -9
  5. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2/owasp_depscan.egg-info}/PKG-INFO +1 -1
  6. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/pyproject.toml +1 -1
  7. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/LICENSE +0 -0
  8. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/MANIFEST.in +0 -0
  9. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/README.md +0 -0
  10. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/__init__.py +0 -0
  11. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/__init__.py +0 -0
  12. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/analysis.py +0 -0
  13. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/audit.py +0 -0
  14. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/config.py +0 -0
  15. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/csaf.py +0 -0
  16. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/explainer.py +0 -0
  17. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/github.py +0 -0
  18. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/license.py +0 -0
  19. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/logger.py +0 -0
  20. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/normalize.py +0 -0
  21. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/orasclient.py +0 -0
  22. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/pkg_query.py +0 -0
  23. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/owasp_depscan.egg-info/SOURCES.txt +0 -0
  24. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/owasp_depscan.egg-info/dependency_links.txt +0 -0
  25. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/owasp_depscan.egg-info/entry_points.txt +0 -0
  26. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/owasp_depscan.egg-info/requires.txt +0 -0
  27. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/owasp_depscan.egg-info/top_level.txt +0 -0
  28. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/setup.cfg +0 -0
  29. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_analysis.py +0 -0
  30. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_bom.py +0 -0
  31. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_csaf.py +0 -0
  32. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_explainer.py +0 -0
  33. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_github.py +0 -0
  34. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_license.py +0 -0
  35. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_norm.py +0 -0
  36. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_pkg_query.py +0 -0
  37. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/test/test_utils.py +0 -0
  38. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/__init__.py +0 -0
  39. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_data/fields.yml +0 -0
  40. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_data/meta.yml +0 -0
  41. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_data/rules.yml +0 -0
  42. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/0bsd.txt +0 -0
  43. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/afl-3.0.txt +0 -0
  44. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/agpl-3.0.txt +0 -0
  45. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/apache-2.0.txt +0 -0
  46. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/artistic-2.0.txt +0 -0
  47. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/bsd-2-clause.txt +0 -0
  48. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt +0 -0
  49. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/bsd-3-clause.txt +0 -0
  50. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/bsd-4-clause.txt +0 -0
  51. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/bsl-1.0.txt +0 -0
  52. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cc-by-4.0.txt +0 -0
  53. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cc-by-sa-4.0.txt +0 -0
  54. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cc0-1.0.txt +0 -0
  55. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cecill-2.1.txt +0 -0
  56. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cern-ohl-p-2.0.txt +0 -0
  57. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cern-ohl-s-2.0.txt +0 -0
  58. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/cern-ohl-w-2.0.txt +0 -0
  59. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/ecl-2.0.txt +0 -0
  60. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/epl-1.0.txt +0 -0
  61. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/epl-2.0.txt +0 -0
  62. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/eupl-1.1.txt +0 -0
  63. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/eupl-1.2.txt +0 -0
  64. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/gfdl-1.3.txt +0 -0
  65. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/gpl-2.0.txt +0 -0
  66. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/gpl-3.0.txt +0 -0
  67. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/isc.txt +0 -0
  68. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/lgpl-2.1.txt +0 -0
  69. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/lgpl-3.0.txt +0 -0
  70. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/lppl-1.3c.txt +0 -0
  71. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/mit-0.txt +0 -0
  72. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/mit.txt +0 -0
  73. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/mpl-2.0.txt +0 -0
  74. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/ms-pl.txt +0 -0
  75. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/ms-rl.txt +0 -0
  76. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt +0 -0
  77. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/ncsa.txt +0 -0
  78. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/odbl-1.0.txt +0 -0
  79. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/ofl-1.1.txt +0 -0
  80. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/osl-3.0.txt +0 -0
  81. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/postgresql.txt +0 -0
  82. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/unlicense.txt +0 -0
  83. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/upl-1.0.txt +0 -0
  84. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/vim.txt +0 -0
  85. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/wtfpl.txt +0 -0
  86. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/choosealicense.com/_licenses/zlib.txt +0 -0
  87. {owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/vendor/spdx/json/licenses.json +0 -0
{owasp-depscan-5.3.1/owasp_depscan.egg-info → owasp-depscan-5.3.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.3.1
3
+ Version: 5.3.2
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/cli.py RENAMED
@@ -133,6 +133,12 @@ def build_args():
133
133
  dest="risk_audit",
134
134
  help="Perform package risk audit (slow operation). Npm only.",
135
135
  )
136
+ parser.add_argument(
137
+ "--cdxgen-args",
138
+ default=os.getenv("CDXGEN_ARGS"),
139
+ dest="cdxgen_args",
140
+ help="Additional arguments to pass to cdxgen"
141
+ )
136
142
  parser.add_argument(
137
143
  "--private-ns",
138
144
  dest="private_ns",
@@ -864,7 +870,7 @@ def main():
864
870
  bom_file,
865
871
  src_dir,
866
872
  args.deep_scan,
867
- {"cdxgen_server": args.cdxgen_server, "profile": args.profile},
873
+ {"cdxgen_server": args.cdxgen_server, "profile": args.profile, "cdxgen_args": args.cdxgen_args},
868
874
  )
869
875
  if not creation_status:
870
876
  LOG.debug("Bom file %s was not created successfully", bom_file)
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/bom.py RENAMED
@@ -1,5 +1,6 @@
1
1
  import json
2
2
  import os
3
+ import shlex
3
4
  import shutil
4
5
  import subprocess
5
6
  import sys
@@ -390,6 +391,8 @@ def create_bom(project_type, bom_file, src_dir=".", deep=False, options={}):
390
391
  args.append(options.get("profile"))
391
392
  if options.get("profile") != "generic":
392
393
  LOG.debug("BOM Profile: %s", options.get("profile"))
394
+ if options.get("cdxgen_args"):
395
+ args += shlex.split(options.get("cdxgen_args"))
393
396
  # Bug #233 - Source directory could be None when working with url
394
397
  if src_dir:
395
398
  args.append(src_dir)
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/depscan/lib/utils.py RENAMED
@@ -232,23 +232,21 @@ def search_pkgs(db, project_type, pkg_list):
232
232
  vendor, name = get_pkg_vendor_name(pkg)
233
233
  version = pkg.get("version")
234
234
  if pkg.get("purl"):
235
+ ppurl = pkg.get("purl")
235
236
  purl_aliases[pkg.get("purl")] = pkg.get("purl")
236
- purl_aliases[
237
- f"{vendor.lower()}:{name.lower()}:{version}"
238
- ] = pkg.get("purl")
237
+ purl_aliases[f"{vendor.lower()}:{name.lower()}:{version}"] = ppurl
238
+ if ppurl.startswith("pkg:npm"):
239
+ purl_aliases[f"npm:{vendor.lower()}/{name.lower()}:{version}"] = ppurl
239
240
  if not purl_aliases.get(f"{vendor.lower()}:{name.lower()}"):
240
- purl_aliases[f"{vendor.lower()}:{name.lower()}"] = pkg.get(
241
- "purl"
242
- )
241
+ purl_aliases[f"{vendor.lower()}:{name.lower()}"] = ppurl
243
242
  if variations:
244
243
  for vari in variations:
245
244
  vari_full_pkg = f"""{vari.get("vendor")}:{vari.get("name")}"""
246
245
  pkg_aliases[
247
246
  f"{vendor.lower()}:{name.lower()}:{version}"
248
247
  ].append(vari_full_pkg)
249
- purl_aliases[f"{vari_full_pkg.lower()}:{version}"] = pkg.get(
250
- "purl"
251
- )
248
+ if pkg.get("purl"):
249
+ purl_aliases[f"{vari_full_pkg.lower()}:{version}"] = pkg.get("purl")
252
250
  quick_res = db_lib.bulk_index_search(expanded_list)
253
251
  raw_results = db_lib.pkg_bulk_search(db, quick_res)
254
252
  raw_results = normalize.dedup(project_type, raw_results)
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2/owasp_depscan.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.3.1
3
+ Version: 5.3.2
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "owasp-depscan"
3
- version = "5.3.1"
3
+ version = "5.3.2"
4
4
  description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
5
5
  authors = [
6
6
  {name = "Team AppThreat", email = "cloud@appthreat.com"},
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/LICENSE RENAMED
File without changes
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/MANIFEST.in RENAMED
File without changes
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/README.md RENAMED
File without changes
{owasp-depscan-5.3.1 → owasp-depscan-5.3.2}/setup.cfg RENAMED
File without changes