owasp-depscan 5.4.4__py3-none-any.whl → 5.4.6__py3-none-any.whl

depscan/lib/analysis.py

@@ -601,7 +601,7 @@ def prepare_vdr(options: PrepareVdrOptions):
             has_poc_count += 1
             if pkg_severity in ("CRITICAL", "HIGH"):
                 pkg_requires_attn = True
-        if clinks.get("vendor") and package_type not in config.OS_PKG_TYPES:
+        if (clinks.get("vendor") and package_type not in config.OS_PKG_TYPES) or reached_purls.get(purl):
             if reached_purls.get(purl):
                 # If it has a poc, an insight might have gotten added above
                 if not pkg_requires_attn:

depscan/lib/normalize.py

@@ -101,18 +101,6 @@ def create_pkg_variations(pkg_dict):
         vendor_aliases.add(vendor)
         vendor_aliases.add(vendor.lower())
         vendor_aliases.add(vendor.lstrip("@"))
-        if (
-            vendor.startswith("org.")
-            or vendor.startswith("io.")
-            or vendor.startswith("com.")
-            or vendor.startswith("net.")
-        ):
-            tmpA = vendor.split(".")
-            # Automatically add short vendor forms
-            # Increase to 6 to reduce false positives when the package name is core
-            if len(tmpA) > 1 and len(tmpA[1]) > 6:
-                if tmpA[1] != name:
-                    vendor_aliases.add(tmpA[1])
     # Add some common vendor aliases
     if purl.startswith("pkg:golang") and not name.startswith("go"):
         vendor_aliases.add("go")
@@ -149,7 +137,8 @@ def create_pkg_variations(pkg_dict):
             # Issue #262
             # Eg: cpe:2.3:a:microsoft:azure_storage_blobs:*:*:*:*:*:python:*:*
             # pypi name is pkg:pypi/azure-storage-blob@12.8.0
-            if not name.endswith("s"):
+            # Issue #341 - do not change colorama to coloramas
+            if not name.endswith("s") and "-" in name:
                 name_aliases.add(name.replace("-", "_") + "s")
         vendor_aliases.add("pip")
         vendor_aliases.add("pypi")

{owasp_depscan-5.4.4.dist-info → owasp_depscan-5.4.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: owasp-depscan
-Version: 5.4.4
+Version: 5.4.6
 Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
 Author-email: Team AppThreat <cloud@appthreat.com>
 License: MIT

{owasp_depscan-5.4.4.dist-info → owasp_depscan-5.4.6.dist-info}/RECORD

@@ -1,7 +1,7 @@
 depscan/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 depscan/cli.py,sha256=WQ_EbQgkwW0h1L-7otvaG8mLFqpk4r8n8YCPjHcCE1M,39240
 depscan/lib/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-depscan/lib/analysis.py,sha256=9JlHysUoE6NwbgluWJuByLH_3RHapwLOUSIEP8YV7wA,60444
+depscan/lib/analysis.py,sha256=M3xvQbsN3-__3OXCsLD2MJYOcpVzUKyjmWoO6xL1T8I,60473
 depscan/lib/audit.py,sha256=wpmIowFLaoFs0agZN3FUFxPumty5Gr6YRfcjXGsuNcI,1497
 depscan/lib/bom.py,sha256=MuHBCAt0tQ7LKwuDyMlxi0yCrMA6jI7tV81bFslU3S4,16822
 depscan/lib/config.py,sha256=5kAUh3BfH6Ngu0NY4CDVeNq0Rykk9yWaOh2sd3JWu9c,14627
@@ -10,7 +10,7 @@ depscan/lib/explainer.py,sha256=gSBNMxwyr1s_2v0GY-k3Ds5B92LMeCrqJF5P9nsW934,9966
 depscan/lib/github.py,sha256=h6e_12xLwspXJbt_7lW6vuHaqgJQgyFSRCLrfUndCH4,1697
 depscan/lib/license.py,sha256=y4-WZuD2MOunKaLd2EJGcSYP6s3Lp_dgssdzhcl9eEM,2332
 depscan/lib/logger.py,sha256=TZkxVN2a5g2g0nOlrIodJWaDhTFT6JLtR1vR4fPSMgs,1605
-depscan/lib/normalize.py,sha256=IRf_GjefuLrdR1sl5qvfNRnCS5yC4Yfs7Q76vpIdJnQ,12756
+depscan/lib/normalize.py,sha256=KoPR0o228UFO1fJbfmXXfwyTWB5T-Ylox527FEGELDk,12344
 depscan/lib/orasclient.py,sha256=l8Diieh0I2thTova4ozUkMblgyhRsttAkarnkRemsn0,4960
 depscan/lib/pkg_query.py,sha256=hOZGtWR4xXaGjoy2x8nzp3chSqywroAT6kNE8iI9Y1s,21494
 depscan/lib/utils.py,sha256=KUQPzjeQYIcjobDakCcbul93Sx74WEqTa_cINmy5620,14844
@@ -66,9 +66,9 @@ vendor/choosealicense.com/_licenses/vim.txt,sha256=d5GQjXB328L8EBkhKgxcjk344D3K7
 vendor/choosealicense.com/_licenses/wtfpl.txt,sha256=BxXeubkvQm32MDmlZsBcbzJzBpR5kWgw0JxSR9d7f3k,948
 vendor/choosealicense.com/_licenses/zlib.txt,sha256=e6dfCeLhxD3NCnIkY4cVIagRaWdRvencjNhHZ1APvpc,1678
 vendor/spdx/json/licenses.json,sha256=JFXWP7m8we70m62f5b144908LnHDGZn0A_5zjNxnyuI,300252
-owasp_depscan-5.4.4.dist-info/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
-owasp_depscan-5.4.4.dist-info/METADATA,sha256=XrYOgUFsAHR-9mj0mnRh_NZ5IacX5QuWOZtg5TISVuU,27338
-owasp_depscan-5.4.4.dist-info/WHEEL,sha256=cVxcB9AmuTcXqmwrtPhNK88dr7IR_b6qagTj0UvIEbY,91
-owasp_depscan-5.4.4.dist-info/entry_points.txt,sha256=FxQKHFWZTfKU2eBxHPFRxwhSNexntYygYhquykS8zxA,69
-owasp_depscan-5.4.4.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
-owasp_depscan-5.4.4.dist-info/RECORD,,
+owasp_depscan-5.4.6.dist-info/LICENSE,sha256=oQnCbnZtJ_NLDdOLc-rVY1D1N0RNWLHPpYXcc77xzSo,1073
+owasp_depscan-5.4.6.dist-info/METADATA,sha256=ct1jPC9ILq9xEqbEmcjd7viY98pvzyCvywdFDrBlHGQ,27338
+owasp_depscan-5.4.6.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+owasp_depscan-5.4.6.dist-info/entry_points.txt,sha256=FxQKHFWZTfKU2eBxHPFRxwhSNexntYygYhquykS8zxA,69
+owasp_depscan-5.4.6.dist-info/top_level.txt,sha256=qbHOZvNU2dXANv946hMdP2vOi0ESQB5t2ZY5ktKtXvQ,15
+owasp_depscan-5.4.6.dist-info/RECORD,,

{owasp_depscan-5.4.4.dist-info → owasp_depscan-5.4.6.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (74.1.2)
+Generator: setuptools (75.1.0)
 Root-Is-Purelib: true
 Tag: py3-none-any