owasp-depscan 5.4.1__tar.gz → 5.4.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of owasp-depscan might be problematic. Click here for more details.

Files changed (89) hide show
  1. {owasp_depscan-5.4.1/owasp_depscan.egg-info → owasp_depscan-5.4.3}/PKG-INFO +2 -2
  2. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/analysis.py +10 -0
  3. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/normalize.py +3 -0
  4. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3/owasp_depscan.egg-info}/PKG-INFO +2 -2
  5. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/owasp_depscan.egg-info/requires.txt +1 -1
  6. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/pyproject.toml +2 -2
  7. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/LICENSE +0 -0
  8. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/MANIFEST.in +0 -0
  9. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/README.md +0 -0
  10. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/__init__.py +0 -0
  11. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/cli.py +0 -0
  12. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/__init__.py +0 -0
  13. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/audit.py +0 -0
  14. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/bom.py +0 -0
  15. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/config.py +0 -0
  16. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/csaf.py +0 -0
  17. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/explainer.py +0 -0
  18. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/github.py +0 -0
  19. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/license.py +0 -0
  20. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/logger.py +0 -0
  21. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/orasclient.py +0 -0
  22. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/pkg_query.py +0 -0
  23. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/utils.py +0 -0
  24. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/owasp_depscan.egg-info/SOURCES.txt +0 -0
  25. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/owasp_depscan.egg-info/dependency_links.txt +0 -0
  26. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/owasp_depscan.egg-info/entry_points.txt +0 -0
  27. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/owasp_depscan.egg-info/top_level.txt +0 -0
  28. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/setup.cfg +0 -0
  29. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_analysis.py +0 -0
  30. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_bom.py +0 -0
  31. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_csaf.py +0 -0
  32. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_explainer.py +0 -0
  33. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_github.py +0 -0
  34. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_license.py +0 -0
  35. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_norm.py +0 -0
  36. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_pkg_query.py +0 -0
  37. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/test/test_utils.py +0 -0
  38. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/__init__.py +0 -0
  39. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_data/fields.yml +0 -0
  40. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_data/meta.yml +0 -0
  41. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_data/rules.yml +0 -0
  42. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/0bsd.txt +0 -0
  43. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/afl-3.0.txt +0 -0
  44. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/agpl-3.0.txt +0 -0
  45. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/apache-2.0.txt +0 -0
  46. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/artistic-2.0.txt +0 -0
  47. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt +0 -0
  48. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/bsd-2-clause-patent.txt +0 -0
  49. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/bsd-2-clause.txt +0 -0
  50. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt +0 -0
  51. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/bsd-3-clause.txt +0 -0
  52. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/bsd-4-clause.txt +0 -0
  53. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/bsl-1.0.txt +0 -0
  54. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cc-by-4.0.txt +0 -0
  55. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cc-by-sa-4.0.txt +0 -0
  56. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cc0-1.0.txt +0 -0
  57. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cecill-2.1.txt +0 -0
  58. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cern-ohl-p-2.0.txt +0 -0
  59. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cern-ohl-s-2.0.txt +0 -0
  60. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/cern-ohl-w-2.0.txt +0 -0
  61. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/ecl-2.0.txt +0 -0
  62. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/epl-1.0.txt +0 -0
  63. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/epl-2.0.txt +0 -0
  64. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/eupl-1.1.txt +0 -0
  65. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/eupl-1.2.txt +0 -0
  66. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/gfdl-1.3.txt +0 -0
  67. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/gpl-2.0.txt +0 -0
  68. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/gpl-3.0.txt +0 -0
  69. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/isc.txt +0 -0
  70. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/lgpl-2.1.txt +0 -0
  71. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/lgpl-3.0.txt +0 -0
  72. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/lppl-1.3c.txt +0 -0
  73. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/mit-0.txt +0 -0
  74. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/mit.txt +0 -0
  75. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/mpl-2.0.txt +0 -0
  76. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/ms-pl.txt +0 -0
  77. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/ms-rl.txt +0 -0
  78. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt +0 -0
  79. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/ncsa.txt +0 -0
  80. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/odbl-1.0.txt +0 -0
  81. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/ofl-1.1.txt +0 -0
  82. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/osl-3.0.txt +0 -0
  83. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/postgresql.txt +0 -0
  84. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/unlicense.txt +0 -0
  85. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/upl-1.0.txt +0 -0
  86. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/vim.txt +0 -0
  87. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/wtfpl.txt +0 -0
  88. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/choosealicense.com/_licenses/zlib.txt +0 -0
  89. {owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/vendor/spdx/json/licenses.json +0 -0
{owasp_depscan-5.4.1/owasp_depscan.egg-info → owasp_depscan-5.4.3}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.4.1
3
+ Version: 5.4.3
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.7.1
23
+ Requires-Dist: appthreat-vulnerability-db==5.7.3
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras~=0.1.26
26
26
  Requires-Dist: PyYAML
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/analysis.py RENAMED
@@ -398,8 +398,18 @@ def prepare_vdr(options: PrepareVdrOptions):
398
398
  if not is_os_target_sw(package_issue):
399
399
  fp_count += 1
400
400
  continue
401
+ # Issue #320 - Malware matches without purl are false positives
402
+ if vid.startswith("MAL-"):
403
+ fp_count += 1
404
+ malicious_count -= 1
405
+ continue
401
406
  else:
402
407
  purl_obj = parse_purl(purl)
408
+ # Issue #320 - Malware matches without purl are false positives
409
+ if not purl_obj and vid.startswith("MAL-"):
410
+ fp_count += 1
411
+ malicious_count -= 1
412
+ continue
403
413
  if purl_obj:
404
414
  version_used = purl_obj.get("version")
405
415
  package_type = purl_obj.get("type")
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/depscan/lib/normalize.py RENAMED
@@ -54,6 +54,9 @@ def create_pkg_variations(pkg_dict):
54
54
  if purl_obj:
55
55
  pkg_type = purl_obj.get("type")
56
56
  qualifiers = purl_obj.get("qualifiers", {})
57
+ # Issue #320. Mandate version number for generic packages to reduce FPs
58
+ if pkg_type in ("generic",) and not purl_obj.get("version"):
59
+ return None
57
60
  if pkg_type in ("npm",):
58
61
  # vendorless package could have npm as the vendor name from sources such as osv
59
62
  # So we need 1 more alias
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3/owasp_depscan.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.4.1
3
+ Version: 5.4.3
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.7.1
23
+ Requires-Dist: appthreat-vulnerability-db==5.7.3
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras~=0.1.26
26
26
  Requires-Dist: PyYAML
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/owasp_depscan.egg-info/requires.txt RENAMED
@@ -1,4 +1,4 @@
1
- appthreat-vulnerability-db==5.7.1
1
+ appthreat-vulnerability-db==5.7.3
2
2
  defusedxml
3
3
  oras~=0.1.26
4
4
  PyYAML
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/pyproject.toml RENAMED
@@ -1,12 +1,12 @@
1
1
  [project]
2
2
  name = "owasp-depscan"
3
- version = "5.4.1"
3
+ version = "5.4.3"
4
4
  description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
5
5
  authors = [
6
6
  {name = "Team AppThreat", email = "cloud@appthreat.com"},
7
7
  ]
8
8
  dependencies = [
9
- "appthreat-vulnerability-db==5.7.1",
9
+ "appthreat-vulnerability-db==5.7.3",
10
10
  "defusedxml",
11
11
  "oras~=0.1.26",
12
12
  "PyYAML",
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/LICENSE RENAMED
File without changes
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/MANIFEST.in RENAMED
File without changes
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/README.md RENAMED
File without changes
{owasp_depscan-5.4.1 → owasp_depscan-5.4.3}/setup.cfg RENAMED
File without changes