scanoss 1.12.2__py3-none-any.whl → 1.43.1__py3-none-any.whl

scanoss/components.py

@@ -1,33 +1,37 @@
 """
- SPDX-License-Identifier: MIT
-
-   Copyright (c) 2023, SCANOSS
-
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the "Software"), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2023, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
+
 import json
 import os
 import sys
-from typing import TextIO
+from typing import List, Optional, TextIO
 
 from pypac.parser import PACFile
 
+from scanoss.cyclonedx import CycloneDx
+from scanoss.utils.file import validate_json_file
+
 from .scanner import Scanner
 from .scanossbase import ScanossBase
 from .scanossgrpc import ScanossGrpc
@@ -38,10 +42,22 @@ class Components(ScanossBase):
     Class for Component functionality
     """
 
-    def __init__(self, debug: bool = False, trace: bool = False, quiet: bool = False,
-                 grpc_url: str = None, api_key: str = None, timeout: int = 600,
-                 proxy: str = None, grpc_proxy: str = None, ca_cert: str = None, pac: PACFile = None
-                 ):
+    def __init__(  # noqa: PLR0913, PLR0915
+        self,
+        debug: bool = False,
+        trace: bool = False,
+        quiet: bool = False,
+        grpc_url: str = None,
+        api_key: str = None,
+        timeout: int = 600,
+        proxy: str = None,
+        grpc_proxy: str = None,
+        ca_cert: str = None,
+        pac: PACFile = None,
+        req_headers: dict = None,
+        ignore_cert_errors: bool = False,
+        use_grpc: bool = False,
+    ):
         """
         Handle all component style requests
 
@@ -55,43 +71,76 @@ class Components(ScanossBase):
         :param grpc_proxy: Specific gRPC proxy (optional)
         :param ca_cert: TLS client certificate (optional)
         :param pac: Proxy Auto-Config file (optional)
+        :param req_headers: Additional headers to send with requests (optional)
+        :param ignore_cert_errors: Ignore TLS certificate errors (optional)
+        :param use_grpc: Use gRPC instead of HTTP (optional)
         """
         super().__init__(debug, trace, quiet)
         ver_details = Scanner.version_details()
-        self.grpc_api = ScanossGrpc(url=grpc_url, debug=debug, quiet=quiet, trace=trace, api_key=api_key,
-                                    ver_details=ver_details, ca_cert=ca_cert, proxy=proxy, pac=pac,
-                                    grpc_proxy=grpc_proxy, timeout=timeout)
+        self.use_grpc = use_grpc
+        self.grpc_api = ScanossGrpc(
+            url=grpc_url,
+            debug=debug,
+            quiet=quiet,
+            trace=trace,
+            api_key=api_key,
+            ver_details=ver_details,
+            ca_cert=ca_cert,
+            proxy=proxy,
+            pac=pac,
+            grpc_proxy=grpc_proxy,
+            timeout=timeout,
+            req_headers=req_headers,
+            ignore_cert_errors=ignore_cert_errors,
+        )
+        self.cdx = CycloneDx(debug=self.debug)
 
-    def load_purls(self, json_file: str = None, purls: [] = None) -> dict:
+    def load_comps(self, json_file: Optional[str] = None, purls: Optional[List[str]] = None) -> Optional[dict]:
+        """
+        Load the specified components and return a dictionary
+
+        :param json_file: JSON Components file (optional)
+        :param purls: list pf PURLs (optional)
+        :return: Components Request dictionary or None
+        """
+        return self.load_purls(json_file, purls, 'components')
+
+    def load_purls(
+        self, json_file: Optional[str] = None, purls: Optional[List[str]] = None, field: str = 'purls'
+    ) -> Optional[dict]:
         """
         Load the specified purls and return a dictionary
 
         :param json_file: JSON PURL file (optional)
         :param purls: list of PURLs (optional)
-        :return: PURL Request dictionary
+        :param field: Name of the dictionary field to store the purls in (default: 'purls')
+        :return: PURL Request dictionary or None
         """
         if json_file:
-            if not os.path.isfile(json_file) or not os.access(json_file, os.R_OK):
-                self.print_stderr(f'ERROR: JSON file does not exist, is not a file, or is not readable: {json_file}')
+            result = validate_json_file(json_file)
+            if not result.is_valid:
+                self.print_stderr(f'ERROR: Problem parsing input JSON: {result.error}')
                 return None
-            with open(json_file, 'r') as f:
-                try:
-                    purl_request = json.loads(f.read())
-                except Exception as e:
-                    self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
-                    return None
+
+            if self.cdx.is_cyclonedx_json(json.dumps(result.data)):
+                purl_request = self.cdx.get_purls_request_from_cdx(result.data, field)
+            else:
+                purl_request = result.data
         elif purls:
+            if not all(isinstance(purl, str) for purl in purls):
+                self.print_stderr('ERROR: PURLs must be a list of strings.')
+                return None
             parsed_purls = []
             for p in purls:
                 parsed_purls.append({'purl': p})
-            purl_request = {'purls': parsed_purls}
+            purl_request = {field: parsed_purls}
         else:
             self.print_stderr('ERROR: No purls specified to process.')
             return None
-        purl_count = len(purl_request.get('purls', []))
-        self.print_debug(f'Parsed Purls ({purl_count}): {purl_request}')
+        purl_count = len(purl_request.get(field, []))
+        self.print_debug(f'Parsed {field} ({purl_count}): {purl_request}')
         if purl_count == 0:
-            self.print_stderr('ERROR: No PURLs parsed from request.')
+            self.print_stderr(f'ERROR: No {field} parsed from request.')
             return None
         return purl_request
 
@@ -117,8 +166,8 @@ class Components(ScanossBase):
         """
         Open the given filename if requested, otherwise return STDOUT
 
-        :param filename:
-        :return:
+        :param filename: filename to open or None to return STDOUT
+        :return: file descriptor or None
         """
         file = sys.stdout
         if filename:
@@ -141,32 +190,6 @@ class Components(ScanossBase):
             self.print_trace(f'Closing file: {filename}')
             file.close()
 
-    def get_crypto_details(self, json_file: str = None, purls: [] = None, output_file: str = None) -> bool:
-        """
-        Retrieve the cryptographic details for the supplied PURLs
-
-        :param json_file: PURL JSON request file (optional)
-        :param purls: PURL request array (optional)
-        :param output_file: output filename (optional). Default: STDOUT
-        :return: True on success, False otherwise
-        """
-        success = False
-        purls_request = self.load_purls(json_file, purls)
-        if purls_request is None or len(purls_request) == 0:
-            return False
-        file = self._open_file_or_sdtout(output_file)
-        if file is None:
-            return False
-        self.print_msg('Sending PURLs to Crypto API for decoration...')
-        response = self.grpc_api.get_crypto_json(purls_request)
-        if response:
-            print(json.dumps(response, indent=2, sort_keys=True), file=file)
-            success = True
-            if output_file:
-                self.print_msg(f'Results written to: {output_file}')
-        self._close_file(output_file, file)
-        return success
-
     def get_vulnerabilities(self, json_file: str = None, purls: [] = None, output_file: str = None) -> bool:
         """
         Retrieve any vulnerabilities related to the given PURLs
@@ -177,14 +200,14 @@ class Components(ScanossBase):
         :return: True on success, False otherwise
         """
         success = False
-        purls_request = self.load_purls(json_file, purls)
+        purls_request = self.load_comps(json_file, purls)
         if purls_request is None or len(purls_request) == 0:
             return False
         file = self._open_file_or_sdtout(output_file)
         if file is None:
             return False
         self.print_msg('Sending PURLs to Vulnerability API for decoration...')
-        response = self.grpc_api.get_vulnerabilities_json(purls_request)
+        response = self.grpc_api.get_vulnerabilities_json(purls_request, use_grpc=self.use_grpc)
         if response:
             print(json.dumps(response, indent=2, sort_keys=True), file=file)
             success = True
@@ -203,14 +226,14 @@ class Components(ScanossBase):
         :return: True on success, False otherwise
         """
         success = False
-        purls_request = self.load_purls(json_file, purls)
+        purls_request = self.load_comps(json_file, purls)
         if purls_request is None or len(purls_request) == 0:
             return False
         file = self._open_file_or_sdtout(output_file)
         if file is None:
             return False
         self.print_msg('Sending PURLs to Semgrep API for decoration...')
-        response = self.grpc_api.get_semgrep_json(purls_request)
+        response = self.grpc_api.get_semgrep_json(purls_request, use_grpc=self.use_grpc)
         if response:
             print(json.dumps(response, indent=2, sort_keys=True), file=file)
             success = True
@@ -219,9 +242,17 @@ class Components(ScanossBase):
         self._close_file(output_file, file)
         return success
 
-    def search_components(self, output_file: str = None, json_file: str = None,
-                          search: str = None, vendor: str = None, comp: str = None, package: str = None,
-                          limit: int = None, offset: int = None) -> bool:
+    def search_components(  # noqa: PLR0913, PLR0915
+        self,
+        output_file: str = None,
+        json_file: str = None,
+        search: str = None,
+        vendor: str = None,
+        comp: str = None,
+        package: str = None,
+        limit: int = None,
+        offset: int = None,
+    ) -> bool:
         """
         Search for a component based on the given search criteria
 
@@ -242,22 +273,17 @@ class Components(ScanossBase):
             if request is None:
                 return False
         else:  # Construct a query dictionary from parameters
-            request = {
-                "search": search,
-                "vendor": vendor,
-                "component": comp,
-                "package": package
-            }
+            request = {'search': search, 'vendor': vendor, 'component': comp, 'package': package}
             if limit is not None and limit > 0:
-                request["limit"] = limit
+                request['limit'] = limit
             if offset is not None and offset > 0:
-                request["offset"] = offset
+                request['offset'] = offset
 
         file = self._open_file_or_sdtout(output_file)
         if file is None:
             return False
         self.print_msg('Sending search data to Components API...')
-        response = self.grpc_api.search_components_json(request)
+        response = self.grpc_api.search_components_json(request, use_grpc=self.use_grpc)
         if response:
             print(json.dumps(response, indent=2, sort_keys=True), file=file)
             success = True
@@ -266,8 +292,9 @@ class Components(ScanossBase):
         self._close_file(output_file, file)
         return success
 
-    def get_component_versions(self, output_file: str = None, json_file: str = None,
-                               purl: str = None, limit: int = None) -> bool:
+    def get_component_versions(
+        self, output_file: str = None, json_file: str = None, purl: str = None, limit: int = None
+    ) -> bool:
         """
         Search for a component versions based on the given search criteria
 
@@ -284,17 +311,83 @@ class Components(ScanossBase):
             if request is None:
                 return False
         else:  # Construct a query dictionary from parameters
-            request = {
-                "purl": purl
-            }
+            request = {'purl': purl}
             if limit is not None and limit > 0:
-                request["limit"] = limit
+                request['limit'] = limit
 
         file = self._open_file_or_sdtout(output_file)
         if file is None:
             return False
         self.print_msg('Sending PURLs to Component Versions API...')
-        response = self.grpc_api.get_component_versions_json(request)
+        response = self.grpc_api.get_component_versions_json(request, use_grpc=self.use_grpc)
+        if response:
+            print(json.dumps(response, indent=2, sort_keys=True), file=file)
+            success = True
+            if output_file:
+                self.print_msg(f'Results written to: {output_file}')
+        self._close_file(output_file, file)
+        return success
+
+    def get_provenance_details(
+        self, json_file: str = None, purls: [] = None, output_file: str = None, origin: bool = False
+    ) -> bool:
+        """
+        Retrieve the provenance details for the supplied PURLs
+
+        Args:
+            json_file (str, optional): Input JSON file. Defaults to None.
+            purls (None, optional): PURLs to retrieve provenance details for. Defaults to None.
+            output_file (str, optional): Output file. Defaults to None.
+            origin (bool, optional): Retrieve origin details. Defaults to False.
+
+        Returns:
+            bool: True on success, False otherwise
+        """
+        success = False
+        purls_request = self.load_comps(json_file, purls)
+        if purls_request is None or len(purls_request) == 0:
+            return False
+        file = self._open_file_or_sdtout(output_file)
+        if file is None:
+            return False
+        if origin:
+            self.print_msg('Sending PURLs to Geo Provenance Origin API for decoration...')
+            response = self.grpc_api.get_provenance_origin(purls_request, use_grpc=self.use_grpc)
+        else:
+            self.print_msg('Sending PURLs to Geo Provenance Declared API for decoration...')
+            response = self.grpc_api.get_provenance_json(purls_request, use_grpc=self.use_grpc)
+        if response:
+            print(json.dumps(response, indent=2, sort_keys=True), file=file)
+            success = True
+            if output_file:
+                self.print_msg(f'Results written to: {output_file}')
+        self._close_file(output_file, file)
+        return success
+
+    def get_licenses(self, json_file: str = None, purls: [] = None, output_file: str = None) -> bool:
+        """
+        Retrieve the license details for the supplied PURLs
+
+        Args:
+            json_file (str, optional): Input JSON file. Defaults to None.
+            purls (None, optional): PURLs to retrieve license details for. Defaults to None.
+            output_file (str, optional): Output file. Defaults to None.
+
+        Returns:
+            bool: True on success, False otherwise
+        """
+        success = False
+
+        purls_request = self.load_purls(json_file, purls)
+        if not purls_request:
+            return False
+        file = self._open_file_or_sdtout(output_file)
+        if file is None:
+            return False
+
+        # We'll use the new ComponentBatchRequest instead of deprecated PurlRequest for the license api
+        component_batch_request = {'components': purls_request.get('purls')}
+        response = self.grpc_api.get_licenses(component_batch_request, use_grpc=self.use_grpc)
         if response:
             print(json.dumps(response, indent=2, sort_keys=True), file=file)
             success = True

scanoss/constants.py

@@ -0,0 +1,22 @@
+DEFAULT_POST_SIZE = 32
+DEFAULT_TIMEOUT = 180
+DEFAULT_RETRY = 5
+MIN_TIMEOUT = 5
+
+PYTHON_MAJOR_VERSION = 3
+
+DEFAULT_SC_TIMEOUT = 600
+DEFAULT_NB_THREADS = 5
+
+DEFAULT_URL = 'https://api.osskb.org'  # default free service URL
+DEFAULT_URL2 = 'https://api.scanoss.com'  # default premium service URL
+
+DEFAULT_API_TIMEOUT = 600
+
+DEFAULT_HFH_RANK_THRESHOLD = 5
+DEFAULT_HFH_DEPTH = 1
+DEFAULT_HFH_RECURSIVE_THRESHOLD = 0.8
+DEFAULT_HFH_MIN_ACCEPTED_SCORE = 0.15
+
+VALID_LICENSE_SOURCES = ['component_declared', 'license_file', 'file_header', 'file_spdx_tag', 'scancode']
+DEFAULT_COPYLEFT_LICENSE_SOURCES = ['component_declared', 'license_file']