owasp-depscan 5.4.3__tar.gz → 5.4.5__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of owasp-depscan might be problematic. Click here for more details.

Files changed (89) hide show
  1. {owasp_depscan-5.4.3/owasp_depscan.egg-info → owasp_depscan-5.4.5}/PKG-INFO +2 -2
  2. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/analysis.py +1 -1
  3. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/normalize.py +2 -2
  4. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5/owasp_depscan.egg-info}/PKG-INFO +2 -2
  5. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/owasp_depscan.egg-info/requires.txt +1 -1
  6. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/pyproject.toml +2 -2
  7. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/LICENSE +0 -0
  8. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/MANIFEST.in +0 -0
  9. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/README.md +0 -0
  10. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/__init__.py +0 -0
  11. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/cli.py +0 -0
  12. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/__init__.py +0 -0
  13. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/audit.py +0 -0
  14. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/bom.py +0 -0
  15. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/config.py +0 -0
  16. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/csaf.py +0 -0
  17. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/explainer.py +0 -0
  18. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/github.py +0 -0
  19. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/license.py +0 -0
  20. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/logger.py +0 -0
  21. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/orasclient.py +0 -0
  22. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/pkg_query.py +0 -0
  23. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/utils.py +0 -0
  24. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/owasp_depscan.egg-info/SOURCES.txt +0 -0
  25. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/owasp_depscan.egg-info/dependency_links.txt +0 -0
  26. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/owasp_depscan.egg-info/entry_points.txt +0 -0
  27. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/owasp_depscan.egg-info/top_level.txt +0 -0
  28. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/setup.cfg +0 -0
  29. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_analysis.py +0 -0
  30. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_bom.py +0 -0
  31. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_csaf.py +0 -0
  32. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_explainer.py +0 -0
  33. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_github.py +0 -0
  34. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_license.py +0 -0
  35. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_norm.py +0 -0
  36. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_pkg_query.py +0 -0
  37. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/test/test_utils.py +0 -0
  38. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/__init__.py +0 -0
  39. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_data/fields.yml +0 -0
  40. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_data/meta.yml +0 -0
  41. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_data/rules.yml +0 -0
  42. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/0bsd.txt +0 -0
  43. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/afl-3.0.txt +0 -0
  44. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/agpl-3.0.txt +0 -0
  45. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/apache-2.0.txt +0 -0
  46. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/artistic-2.0.txt +0 -0
  47. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt +0 -0
  48. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/bsd-2-clause-patent.txt +0 -0
  49. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/bsd-2-clause.txt +0 -0
  50. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt +0 -0
  51. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/bsd-3-clause.txt +0 -0
  52. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/bsd-4-clause.txt +0 -0
  53. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/bsl-1.0.txt +0 -0
  54. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cc-by-4.0.txt +0 -0
  55. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cc-by-sa-4.0.txt +0 -0
  56. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cc0-1.0.txt +0 -0
  57. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cecill-2.1.txt +0 -0
  58. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cern-ohl-p-2.0.txt +0 -0
  59. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cern-ohl-s-2.0.txt +0 -0
  60. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/cern-ohl-w-2.0.txt +0 -0
  61. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/ecl-2.0.txt +0 -0
  62. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/epl-1.0.txt +0 -0
  63. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/epl-2.0.txt +0 -0
  64. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/eupl-1.1.txt +0 -0
  65. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/eupl-1.2.txt +0 -0
  66. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/gfdl-1.3.txt +0 -0
  67. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/gpl-2.0.txt +0 -0
  68. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/gpl-3.0.txt +0 -0
  69. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/isc.txt +0 -0
  70. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/lgpl-2.1.txt +0 -0
  71. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/lgpl-3.0.txt +0 -0
  72. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/lppl-1.3c.txt +0 -0
  73. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/mit-0.txt +0 -0
  74. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/mit.txt +0 -0
  75. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/mpl-2.0.txt +0 -0
  76. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/ms-pl.txt +0 -0
  77. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/ms-rl.txt +0 -0
  78. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt +0 -0
  79. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/ncsa.txt +0 -0
  80. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/odbl-1.0.txt +0 -0
  81. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/ofl-1.1.txt +0 -0
  82. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/osl-3.0.txt +0 -0
  83. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/postgresql.txt +0 -0
  84. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/unlicense.txt +0 -0
  85. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/upl-1.0.txt +0 -0
  86. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/vim.txt +0 -0
  87. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/wtfpl.txt +0 -0
  88. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/choosealicense.com/_licenses/zlib.txt +0 -0
  89. {owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/vendor/spdx/json/licenses.json +0 -0
{owasp_depscan-5.4.3/owasp_depscan.egg-info → owasp_depscan-5.4.5}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.4.3
3
+ Version: 5.4.5
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.7.3
23
+ Requires-Dist: appthreat-vulnerability-db==5.7.5
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras~=0.1.26
26
26
  Requires-Dist: PyYAML
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/analysis.py RENAMED
@@ -601,7 +601,7 @@ def prepare_vdr(options: PrepareVdrOptions):
601
601
  has_poc_count += 1
602
602
  if pkg_severity in ("CRITICAL", "HIGH"):
603
603
  pkg_requires_attn = True
604
- if clinks.get("vendor") and package_type not in config.OS_PKG_TYPES:
604
+ if (clinks.get("vendor") and package_type not in config.OS_PKG_TYPES) or reached_purls.get(purl):
605
605
  if reached_purls.get(purl):
606
606
  # If it has a poc, an insight might have gotten added above
607
607
  if not pkg_requires_attn:
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/depscan/lib/normalize.py RENAMED
@@ -149,13 +149,13 @@ def create_pkg_variations(pkg_dict):
149
149
  # Issue #262
150
150
  # Eg: cpe:2.3:a:microsoft:azure_storage_blobs:*:*:*:*:*:python:*:*
151
151
  # pypi name is pkg:pypi/azure-storage-blob@12.8.0
152
- if not name.endswith("s"):
152
+ # Issue #341 - do not change colorama to coloramas
153
+ if not name.endswith("s") and "-" in name:
153
154
  name_aliases.add(name.replace("-", "_") + "s")
154
155
  vendor_aliases.add("pip")
155
156
  vendor_aliases.add("pypi")
156
157
  vendor_aliases.add("python")
157
158
  vendor_aliases.add("python-" + name)
158
- vendor_aliases.add(name + "project")
159
159
  elif purl.startswith("pkg:npm"):
160
160
  # pg-promise CVE is filed as pg
161
161
  if name.endswith("-promise"):
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5/owasp_depscan.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: owasp-depscan
3
- Version: 5.4.3
3
+ Version: 5.4.5
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License: MIT
@@ -20,7 +20,7 @@ Classifier: Topic :: Utilities
20
20
  Requires-Python: >=3.8
21
21
  Description-Content-Type: text/markdown
22
22
  License-File: LICENSE
23
- Requires-Dist: appthreat-vulnerability-db==5.7.3
23
+ Requires-Dist: appthreat-vulnerability-db==5.7.5
24
24
  Requires-Dist: defusedxml
25
25
  Requires-Dist: oras~=0.1.26
26
26
  Requires-Dist: PyYAML
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/owasp_depscan.egg-info/requires.txt RENAMED
@@ -1,4 +1,4 @@
1
- appthreat-vulnerability-db==5.7.3
1
+ appthreat-vulnerability-db==5.7.5
2
2
  defusedxml
3
3
  oras~=0.1.26
4
4
  PyYAML
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/pyproject.toml RENAMED
@@ -1,12 +1,12 @@
1
1
  [project]
2
2
  name = "owasp-depscan"
3
- version = "5.4.3"
3
+ version = "5.4.5"
4
4
  description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
5
5
  authors = [
6
6
  {name = "Team AppThreat", email = "cloud@appthreat.com"},
7
7
  ]
8
8
  dependencies = [
9
- "appthreat-vulnerability-db==5.7.3",
9
+ "appthreat-vulnerability-db==5.7.5",
10
10
  "defusedxml",
11
11
  "oras~=0.1.26",
12
12
  "PyYAML",
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/LICENSE RENAMED
File without changes
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/MANIFEST.in RENAMED
File without changes
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/README.md RENAMED
File without changes
{owasp_depscan-5.4.3 → owasp_depscan-5.4.5}/setup.cfg RENAMED
File without changes