owasp-depscan 6.0.0b2__tar.gz → 6.0.0b3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of owasp-depscan might be problematic. Click here for more details.

Files changed (89) hide show
  1. {owasp_depscan-6.0.0b2/owasp_depscan.egg-info → owasp_depscan-6.0.0b3}/PKG-INFO +1 -1
  2. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/cli.py +14 -2
  3. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/bom.py +5 -1
  4. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3/owasp_depscan.egg-info}/PKG-INFO +1 -1
  5. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/pyproject.toml +1 -1
  6. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/spdx/json/licenses.json +773 -698
  7. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/LICENSE +0 -0
  8. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/MANIFEST.in +0 -0
  9. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/README.md +0 -0
  10. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/__init__.py +0 -0
  11. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/cli_options.py +0 -0
  12. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/__init__.py +0 -0
  13. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/audit.py +0 -0
  14. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/config.py +0 -0
  15. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/explainer.py +0 -0
  16. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/github.py +0 -0
  17. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/license.py +0 -0
  18. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/logger.py +0 -0
  19. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/package_query/__init__.py +0 -0
  20. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/package_query/cargo_pkg.py +0 -0
  21. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/package_query/metadata.py +0 -0
  22. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/package_query/npm_pkg.py +0 -0
  23. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/package_query/pkg_query.py +0 -0
  24. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/package_query/pypi_pkg.py +0 -0
  25. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/tomlparse.py +0 -0
  26. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/utils.py +0 -0
  27. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/owasp_depscan.egg-info/SOURCES.txt +0 -0
  28. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/owasp_depscan.egg-info/dependency_links.txt +0 -0
  29. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/owasp_depscan.egg-info/entry_points.txt +0 -0
  30. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/owasp_depscan.egg-info/requires.txt +0 -0
  31. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/owasp_depscan.egg-info/top_level.txt +0 -0
  32. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/setup.cfg +0 -0
  33. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/test/test_bom.py +0 -0
  34. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/test/test_explainer.py +0 -0
  35. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/test/test_github.py +0 -0
  36. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/test/test_license.py +0 -0
  37. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/test/test_pkg_query.py +0 -0
  38. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/test/test_utils.py +0 -0
  39. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/__init__.py +0 -0
  40. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_data/fields.yml +0 -0
  41. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_data/meta.yml +0 -0
  42. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_data/rules.yml +0 -0
  43. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/0bsd.txt +0 -0
  44. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/afl-3.0.txt +0 -0
  45. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/agpl-3.0.txt +0 -0
  46. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/apache-2.0.txt +0 -0
  47. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/artistic-2.0.txt +0 -0
  48. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/blueoak-1.0.0.txt +0 -0
  49. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/bsd-2-clause-patent.txt +0 -0
  50. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/bsd-2-clause.txt +0 -0
  51. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/bsd-3-clause-clear.txt +0 -0
  52. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/bsd-3-clause.txt +0 -0
  53. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/bsd-4-clause.txt +0 -0
  54. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/bsl-1.0.txt +0 -0
  55. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cc-by-4.0.txt +0 -0
  56. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cc-by-sa-4.0.txt +0 -0
  57. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cc0-1.0.txt +0 -0
  58. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cecill-2.1.txt +0 -0
  59. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cern-ohl-p-2.0.txt +0 -0
  60. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cern-ohl-s-2.0.txt +0 -0
  61. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/cern-ohl-w-2.0.txt +0 -0
  62. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/ecl-2.0.txt +0 -0
  63. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/epl-1.0.txt +0 -0
  64. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/epl-2.0.txt +0 -0
  65. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/eupl-1.1.txt +0 -0
  66. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/eupl-1.2.txt +0 -0
  67. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/gfdl-1.3.txt +0 -0
  68. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/gpl-2.0.txt +0 -0
  69. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/gpl-3.0.txt +0 -0
  70. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/isc.txt +0 -0
  71. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/lgpl-2.1.txt +0 -0
  72. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/lgpl-3.0.txt +0 -0
  73. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/lppl-1.3c.txt +0 -0
  74. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/mit-0.txt +0 -0
  75. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/mit.txt +0 -0
  76. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/mpl-2.0.txt +0 -0
  77. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/ms-pl.txt +0 -0
  78. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/ms-rl.txt +0 -0
  79. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/mulanpsl-2.0.txt +0 -0
  80. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/ncsa.txt +0 -0
  81. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/odbl-1.0.txt +0 -0
  82. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/ofl-1.1.txt +0 -0
  83. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/osl-3.0.txt +0 -0
  84. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/postgresql.txt +0 -0
  85. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/unlicense.txt +0 -0
  86. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/upl-1.0.txt +0 -0
  87. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/vim.txt +0 -0
  88. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/wtfpl.txt +0 -0
  89. {owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/vendor/choosealicense.com/_licenses/zlib.txt +0 -0
{owasp_depscan-6.0.0b2/owasp_depscan.egg-info → owasp_depscan-6.0.0b3}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: owasp-depscan
3
- Version: 6.0.0b2
3
+ Version: 6.0.0b3
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License-Expression: MIT
{owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/cli.py RENAMED
@@ -55,6 +55,7 @@ from depscan.lib.license import build_license_data, bulk_lookup
55
55
  from depscan.lib.logger import DEBUG, LOG, SPINNER, console, IS_CI
56
56
 
57
57
  from reporting_lib.htmlgen import ReportGenerator
58
+
58
59
  if sys.platform == "win32" and os.environ.get("PYTHONIOENCODING") is None:
59
60
  sys.stdin.reconfigure(encoding="utf-8")
60
61
  sys.stdout.reconfigure(encoding="utf-8")
@@ -101,6 +102,7 @@ def vdr_analyze_summarize(
101
102
  scoped_pkgs,
102
103
  bom_file,
103
104
  bom_dir,
105
+ reports_dir,
104
106
  pkg_list,
105
107
  reachability_analyzer,
106
108
  reachability_options,
@@ -116,6 +118,7 @@ def vdr_analyze_summarize(
116
118
  :param scoped_pkgs: Dict containing package scopes.
117
119
  :param bom_file: Single BOM file.
118
120
  :param bom_dir: Directory containining bom files.
121
+ :param reports_dir: Directory containining report files.
119
122
  :param pkg_list: Direct list of packages when the bom file is empty.
120
123
  :param reachability_analyzer: Reachability Analyzer specified.
121
124
  :param reachability_options: Reachability Analyzer options.
@@ -166,7 +169,11 @@ def vdr_analyze_summarize(
166
169
  )
167
170
  ds_version = get_version()
168
171
  vdr_result = VDRAnalyzer(vdr_options=options).process()
169
- vdr_file = bom_file.replace(".cdx.json", ".vdr.json") if bom_file else None
172
+ # Set vdr_file in report folder
173
+ vdr_file = (
174
+ os.path.join(reports_dir, os.path.basename(bom_file)) if bom_file else None
175
+ )
176
+ vdr_file = vdr_file.replace(".cdx.json", ".vdr.json") if vdr_file else None
170
177
  if not vdr_file and bom_dir:
171
178
  vdr_file = os.path.join(bom_dir, DEPSCAN_DEFAULT_VDR_FILE)
172
179
  if vdr_result.success:
@@ -931,6 +938,7 @@ def run_depscan(args):
931
938
  scoped_pkgs=scoped_pkgs,
932
939
  bom_file=bom_files[0] if len(bom_files) == 1 else None,
933
940
  bom_dir=args.bom_dir,
941
+ reports_dir=args.reports_dir,
934
942
  pkg_list=pkg_list,
935
943
  reachability_analyzer=reachability_analyzer,
936
944
  reachability_options=reachability_options,
@@ -973,7 +981,11 @@ def run_depscan(args):
973
981
  )
974
982
  console.save_text(txt_report_file, clear=False)
975
983
  # Prettify the rich html report
976
- html_report_generator = ReportGenerator(input_rich_html_path=html_report_file, report_output_path=html_report_file, raw_content=False)
984
+ html_report_generator = ReportGenerator(
985
+ input_rich_html_path=html_report_file,
986
+ report_output_path=html_report_file,
987
+ raw_content=False,
988
+ )
977
989
  html_report_generator.parse_and_generate_report()
978
990
  # This logic needs refactoring
979
991
  # render report into template if wished
{owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/depscan/lib/bom.py RENAMED
@@ -556,7 +556,11 @@ def annotate_vdr(vdr_file, txt_report_file):
556
556
  return
557
557
  vdr = json_load(vdr_file)
558
558
  metadata = vdr.get("metadata", {})
559
- tools = metadata.get("tools", {}).get("components", {})
559
+ # Some cyclonedx sbom don't containg tools.components
560
+ if "components" in metadata.get("tools"):
561
+ tools = metadata.get("tools", {}).get("components", {})
562
+ else:
563
+ tools = {}
560
564
  with open(txt_report_file, errors="ignore", encoding="utf-8") as txt_fp:
561
565
  report = txt_fp.read()
562
566
  annotations = vdr.get("annotations", []) or []
{owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3/owasp_depscan.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: owasp-depscan
3
- Version: 6.0.0b2
3
+ Version: 6.0.0b3
4
4
  Summary: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.
5
5
  Author-email: Team AppThreat <cloud@appthreat.com>
6
6
  License-Expression: MIT
{owasp_depscan-6.0.0b2 → owasp_depscan-6.0.0b3}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "owasp-depscan"
3
- version = "6.0.0b2"
3
+ version = "6.0.0b3"
4
4
  description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
5
5
  authors = [
6
6
  {name = "Team AppThreat", email = "cloud@appthreat.com"},