scanoss 1.12.2__py3-none-any.whl → 1.43.1__py3-none-any.whl

scanoss/inspection/policy_check/scanoss/undeclared_component.py

@@ -0,0 +1,309 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+import json
+from dataclasses import dataclass
+from typing import List
+
+from ...policy_check.policy_check import PolicyCheck, PolicyOutput, PolicyStatus
+from ...utils.markdown_utils import generate_jira_table, generate_table
+from ...utils.scan_result_processor import ScanResultProcessor
+
+
+@dataclass
+class License:
+    spdxid: str
+    copyleft: bool
+    url: str
+
+@dataclass
+class Component:
+    purl: str
+    version: str
+    licenses: List[License]
+    status: str
+
+class UndeclaredComponent(PolicyCheck[Component]):
+    """
+    SCANOSS UndeclaredComponent class
+    Inspects for undeclared components
+    """
+
+    def __init__( # noqa: PLR0913
+        self,
+        debug: bool = False,
+        trace: bool = False,
+        quiet: bool = False,
+        filepath: str = None,
+        format_type: str = 'json',
+        status: str = None,
+        output: str = None,
+        sbom_format: str = 'settings'
+    ):
+        """
+        Initialize the UndeclaredComponent class.
+
+        :param debug: Enable debug mode
+        :param trace: Enable trace mode (default True)
+        :param quiet: Enable quiet mode
+        :param filepath: Path to the file containing component data
+        :param format_type: Output format ('json' or 'md')
+        :param status: Path to save status output
+        :param output: Path to save detailed output
+        :param sbom_format: Sbom format for status output (default 'settings')
+        """
+        super().__init__(
+            debug, trace, quiet, format_type, status, name='Undeclared Components Policy', output=output
+        )
+        self.filepath = filepath
+        self.output = output
+        self.status = status
+        self.sbom_format = sbom_format
+        self.results_processor = ScanResultProcessor(self.debug, self.trace, self.quiet, self.filepath)
+
+
+    def _get_undeclared_components(self, components: list[Component]) -> list or None:
+        """
+        Filter the components list to include only undeclared components.
+
+        :param components: List of all components
+        :return: List of undeclared components
+        """
+        if components is None:
+            self.print_debug('WARNING: No components provided!')
+            return None
+        undeclared_components = []
+        for component in components:
+            if component['status'] == 'pending':
+                # Remove unused keys
+                del component['count']
+                del component['declared']
+                del component['undeclared']
+                for lic in component['licenses']:
+                        lic.pop('count', None)  # None is default value if key doesn't exist
+                        lic.pop('source', None) # None is default value if key doesn't exist
+                undeclared_components.append(component)
+        # end component loop
+        return undeclared_components
+
+    def _get_jira_summary(self, components: list[Component]) -> str:
+        """
+        Get a summary of the undeclared components.
+
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+
+        """
+        Get a summary of the undeclared components.
+
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+        if len(components) > 0:
+            json_content = json.dumps(self._generate_scanoss_file(components), indent=2)
+
+            if self.sbom_format == 'settings':
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `scanoss.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
+                )
+            else:
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `sbom.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
+                )
+        return f'{len(components)} undeclared component(s) were found.\\n'
+
+    def _get_summary(self, components: list) -> str:
+        """
+        Get a summary of the undeclared components.
+
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+        summary = f'{len(components)} undeclared component(s) were found.\n'
+        if len(components) > 0:
+            if self.sbom_format == 'settings':
+                summary += (
+                    f'Add the following snippet into your `scanoss.json` file\n'
+                    f'\n```json\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n```\n'
+                )
+            else:
+                summary += (
+                    f'Add the following snippet into your `sbom.json` file\n'
+                    f'\n```json\n{json.dumps(self._generate_sbom_file(components), indent=2)}\n```\n'
+                )
+
+        return summary
+
+    def _json(self, components: list[Component]) -> PolicyOutput:
+        """
+        Format the undeclared components as JSON.
+
+        :param components: List of undeclared components
+        :return: Dictionary with formatted JSON details and summary
+        """
+        # Use component grouped by licenses to generate the summary
+        component_licenses = self.results_processor.group_components_by_license(components)
+        details = {}
+        if len(components) > 0:
+            details = {'components': components}
+        return PolicyOutput(
+            details=f'{json.dumps(details, indent=2)}\n',
+            summary=self._get_summary(component_licenses)
+        )
+
+    def _markdown(self, components: list[Component]) -> PolicyOutput:
+        """
+        Format the undeclared components as Markdown.
+
+        :param components: List of undeclared components
+        :return: Dictionary with formatted Markdown details and summary
+        """
+        headers = ['Component', 'License']
+        rows = []
+        # TODO look at using SpdxLite license name lookup method
+        component_licenses = self.results_processor.group_components_by_license(components)
+        for component in component_licenses:
+            rows.append([component.get('purl'), component.get('spdxid')])
+        return PolicyOutput(
+            details= f'### Undeclared components\n{generate_table(headers, rows)}\n',
+            summary= self._get_summary(component_licenses),
+        )
+
+    def _jira_markdown(self, components: list) -> PolicyOutput:
+        """
+        Format the undeclared components as Markdown.
+
+        :param components: List of undeclared components
+        :return: Dictionary with formatted Markdown details and summary
+        """
+        headers = ['Component', 'License']
+        rows = []
+        # TODO look at using SpdxLite license name lookup method
+        component_licenses = self.results_processor.group_components_by_license(components)
+        for component in component_licenses:
+            rows.append([component.get('purl'), component.get('spdxid')])
+        return PolicyOutput(
+            details= f'{generate_jira_table(headers, rows)}',
+            summary= self._get_jira_summary(component_licenses),
+        )
+
+    def _get_unique_components(self, components: list) -> list:
+        """
+        Generate a list of unique components.
+
+        :param components: List of undeclared components
+        :return: list of unique components
+        """
+        unique_components = {}
+        if components is None:
+            self.print_stderr('WARNING: No components provided!')
+            return []
+
+        for component in components:
+            unique_components[component['purl']] = {'purl': component['purl']}
+        return list(unique_components.values())
+
+    def _generate_scanoss_file(self, components: list) -> dict:
+        """
+        Generate a list of PURLs for the scanoss.json file.
+
+        :param components: List of undeclared components
+        :return: scanoss.json Dictionary
+        """
+        scanoss_settings = {
+            'bom': {
+                'include': self._get_unique_components(components),
+            }
+        }
+
+        return scanoss_settings
+
+    def _generate_sbom_file(self, components: list) -> dict:
+        """
+        Generate a list of PURLs for the SBOM file.
+
+        :param components: List of undeclared components
+        :return: SBOM Dictionary with components
+        """
+        sbom = {
+            'components': self._get_unique_components(components),
+        }
+
+        return sbom
+
+    def _get_components(self):
+        """
+        Extract and process components from file results only.
+
+        This method performs the following steps:
+        1. Validates if `self.results` is loaded. Returns `None` if not loaded.
+        2. Extracts file and snippet components into a dictionary.
+        3. Converts the components dictionary into a list of components.
+        4. Processes the licenses for each component by converting them into a list.
+
+        :return: A list of processed components with their licenses, or `None` if `self.results` is not set.
+        """
+        if self.results_processor.get_results() is None:
+            return None
+        components: dict = {}
+        # Extract file and snippet components
+        components = self.results_processor.get_components_data(components)
+        # Convert to list and process licenses
+        return self.results_processor.convert_components_to_list(components)
+
+    def run(self):
+        """
+        Run the undeclared component inspection process.
+
+        This method performs the following steps:
+        1. Get all components
+        2. Filter undeclared components
+        3. Format the results
+        4. Save the output to files if required
+
+        :return: Dictionary containing the inspection results
+        """
+        self._debug()
+        components = self._get_components()
+        if components is None:
+            return PolicyStatus.ERROR.value, {}
+        # Get an undeclared component summary (if any)
+        undeclared_components = self._get_undeclared_components(components)
+        if undeclared_components is None:
+            return PolicyStatus.ERROR.value, {}
+        self.print_debug(f'Undeclared components: {undeclared_components}')
+        # Format the results and save to files if required
+        return self._generate_formatter_report(undeclared_components)
+#
+# End of UndeclaredComponent Class
+#

scanoss/inspection/summary/component_summary.py

@@ -0,0 +1,170 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+import json
+from typing import Any
+
+from ...scanossbase import ScanossBase
+from ..policy_check.policy_check import T
+from ..utils.scan_result_processor import ScanResultProcessor
+
+
+class ComponentSummary(ScanossBase):
+
+    def __init__( # noqa: PLR0913
+        self,
+        debug: bool = False,
+        trace: bool = False,
+        quiet: bool = False,
+        filepath: str = None,
+        format_type: str = 'json',
+        output: str = None,
+    ):
+        """
+        Initialize the ComponentSummary class.
+
+        :param debug: Enable debug mode
+        :param trace: Enable trace mode
+        :param quiet: Enable quiet mode
+        :param filepath: Path to the file containing component data
+        :param format_type: Output format ('json' or 'md')
+        """
+        super().__init__(debug, trace, quiet)
+        self.filepath = filepath
+        self.output = output
+        self.results_processor = ScanResultProcessor(debug, trace, quiet, filepath)
+
+
+    def _json(self, data: dict[str,Any]) -> dict[str,Any]:
+        """
+        Format component summary data as JSON.
+
+        This method returns the component summary data in its original JSON structure
+        without any transformation. The data can be directly serialized to JSON format.
+
+        :param data: Dictionary containing component summary information including:
+                     - components: List of component-license pairs with status and metadata
+                     - totalComponents: Total number of unique components
+                     - undeclaredComponents: Number of components with 'pending' status
+                     - declaredComponents: Number of components with 'identified' status
+                     - totalFilesDetected: Total count of files where components were detected
+                     - totalFilesUndeclared: Count of files with undeclared components
+                     - totalFilesDeclared: Count of files with declared components
+        :return: The same data dictionary, ready for JSON serialization
+        """
+        return data
+
+    def _markdown(self, data: list[T]) -> dict[str, Any]:
+        """
+        Format component summary data as Markdown (not yet implemented).
+
+        This method is intended to convert component summary data into a human-readable
+        Markdown format with tables and formatted sections.
+
+        :param data: List of component summary items to format
+        :return: Dictionary containing formatted Markdown output
+        """
+        pass
+
+    def _jira_markdown(self, data: list[T]) -> dict[str, Any]:
+        """
+        Format component summary data as Jira-flavored Markdown (not yet implemented).
+
+        This method is intended to convert component summary data into Jira-compatible
+        Markdown format, which may include Jira-specific syntax for tables and formatting.
+
+        :param data: List of component summary items to format
+        :return: Dictionary containing Jira-formatted Markdown output
+        """
+        pass
+
+    def _get_component_summary_from_components(self, scan_components: list)-> dict:
+        """
+        Get a component summary from detected components.
+
+        :param scan_components: List of all components
+        :return: Dict with license summary information
+        """
+        # A component is considered unique by its combination of PURL (Package URL) and license
+        component_licenses = self.results_processor.group_components_by_license(scan_components)
+        total_components = len(component_licenses)
+        # Get undeclared components
+        undeclared_components = len([c for c in component_licenses if c['status'] == 'pending'])
+
+        components: list = []
+        total_undeclared_files = 0
+        total_files_detected = 0
+        for component in scan_components:
+            total_files_detected += component['count']
+            total_undeclared_files += component['undeclared']
+            components.append({
+                'purl': component['purl'],
+                'version': component['version'],
+                'count': component['count'],
+                'undeclared': component['undeclared'],
+                'declared': component['count'] - component['undeclared'],
+            })
+        ## End for loop components
+        return {
+            "components": component_licenses,
+            'totalComponents': total_components,
+            'undeclaredComponents': undeclared_components,
+            'declaredComponents': total_components - undeclared_components,
+            'totalFilesDetected': total_files_detected,
+            'totalFilesUndeclared': total_undeclared_files,
+            'totalFilesDeclared': total_files_detected - total_undeclared_files,
+        }
+
+    def _get_components(self):
+        """
+        Extract and process components from results and their dependencies.
+
+        This method performs the following steps:
+        1. Validates that `self.results` is loaded. Returns `None` if not.
+        2. Extracts file, snippet, and dependency components into a dictionary.
+        3. Converts components to a list and processes their licenses.
+
+        :return: A list of processed components with license data, or `None` if `self.results` is not set.
+        """
+        if self.results_processor.get_results() is None:
+            raise ValueError(f'Error: No results found in {self.filepath}')
+
+        components: dict = {}
+        # Extract component and license data from file and dependency results. Both helpers mutate `components`
+        self.results_processor.get_components_data(components)
+        return self.results_processor.convert_components_to_list(components)
+
+    def _format(self, component_summary) -> str:
+        # TODO: Implement formatter to support dynamic outputs
+        json_data = self._json(component_summary)
+        return json.dumps(json_data, indent=2)
+
+    def run(self):
+        components = self._get_components()
+        component_summary = self._get_component_summary_from_components(components)
+        output = self._format(component_summary)
+        self.print_to_file_or_stdout(output, self.output)
+        return component_summary
+#
+# End of ComponentSummary Class
+#

scanoss/inspection/summary/license_summary.py

@@ -0,0 +1,191 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+import json
+from typing import Any
+
+from ...scanossbase import ScanossBase
+from ..policy_check.policy_check import T
+from ..utils.scan_result_processor import ScanResultProcessor
+
+
+class LicenseSummary(ScanossBase):
+    """
+       SCANOSS LicenseSummary class
+       Inspects results and generates comprehensive license summaries from detected components.
+
+       This class processes component scan results to extract, validate, and aggregate license
+       information, providing detailed summaries including copyleft analysis and license statistics.
+       """
+
+    # Define required license fields as class constants
+    REQUIRED_LICENSE_FIELDS = ['spdxid', 'url', 'copyleft', 'source']
+
+    def __init__( # noqa: PLR0913
+        self,
+        debug: bool = False,
+        trace: bool = False,
+        quiet: bool = False,
+        filepath: str = None,
+        status: str = None,
+        output: str = None,
+        include: str = None,
+        exclude: str = None,
+        explicit: str = None,
+    ):
+        """
+        Initialize the LicenseSummary class.
+
+        :param debug: Enable debug mode
+        :param trace: Enable trace mode
+        :param quiet: Enable quiet mode
+        :param filepath: Path to the file containing component data
+        :param output: Path to save detailed output
+        :param include: Licenses to include in the analysis
+        :param exclude: Licenses to exclude from the analysis
+        :param explicit: Explicitly defined licenses
+        """
+        super().__init__(debug=debug, trace=trace, quiet=quiet)
+        self.results_processor = ScanResultProcessor(debug, trace, quiet, filepath, include, exclude, explicit)
+        self.filepath = filepath
+        self.output = output
+        self.status = status
+        self.include = include
+        self.exclude = exclude
+        self.explicit = explicit
+
+    def _json(self, data: dict[str,Any]) -> dict[str, Any]:
+        """
+        Format license summary data as JSON.
+
+        This method is intended to return the license summary data in JSON structure
+        for serialization. The data should include license information with copyleft
+        analysis and license statistics.
+
+        :param data: List of license summary items to format
+        :return: Dictionary containing license summary information including:
+                 - licenses: List of detected licenses with SPDX IDs, URLs, and copyleft status
+                 - detectedLicenses: Total number of unique licenses
+                 - detectedLicensesWithCopyleft: Count of licenses marked as copyleft
+        """
+        return data
+
+    def _markdown(self, data: list[T]) -> dict[str, Any]:
+        """
+        Format license summary data as Markdown (not yet implemented).
+
+        This method is intended to convert license summary data into a human-readable
+        Markdown format with tables and formatted sections.
+
+        :param data: List of license summary items to format
+        :return: Dictionary containing formatted Markdown output
+        """
+        pass
+
+    def _jira_markdown(self, data: list[T]) -> dict[str, Any]:
+        """
+        Format license summary data as Jira-flavored Markdown (not yet implemented).
+
+        This method is intended to convert license summary data into Jira-compatible
+        Markdown format, which may include Jira-specific syntax for tables and formatting.
+
+        :param data: List of license summary items to format
+        :return: Dictionary containing Jira-formatted Markdown output
+        """
+        pass
+
+
+    def _get_licenses_summary_from_components(self, components: list)-> dict:
+        """
+        Get a license summary from detected components.
+
+        :param components: List of all components
+        :return: Dict with license summary information
+        """
+        # A component is considered unique by its combination of PURL (Package URL) and license
+        component_licenses = self.results_processor.group_components_by_license(components)
+        license_component_count = {}
+        # Count license per component
+        for lic in component_licenses:
+            if lic['spdxid'] not in license_component_count:
+                license_component_count[lic['spdxid']] = 1
+            else:
+                license_component_count[lic['spdxid']] += 1
+        licenses:dict = {}
+        for comp_lic in component_licenses:
+            spdxid = comp_lic.get("spdxid")
+            url = comp_lic.get("url")
+            copyleft = comp_lic.get("copyleft")
+            if spdxid not in licenses:
+                licenses[spdxid] = {
+                    'spdxid': spdxid,
+                    'url': url,
+                    'copyleft': copyleft,
+                    'componentCount': license_component_count.get(spdxid, 0), # Append component count to license
+                }
+            ## End for loop licenses
+        ## End for loop components
+        detected_licenses = list(licenses.values())
+        licenses_with_copyleft = [lic for lic in detected_licenses if lic['copyleft']]
+        return {
+                 'licenses': detected_licenses,
+                 'detectedLicenses': len(detected_licenses), # Count unique licenses. SPDXID is considered unique
+                 'detectedLicensesWithCopyleft': len(licenses_with_copyleft),
+               }
+
+
+    def _get_components(self):
+        """
+        Extract and process components from results and their dependencies.
+
+        This method performs the following steps:
+        1. Validates that `self.results` is loaded. Returns `None` if not.
+        2. Extracts file, snippet, and dependency components into a dictionary.
+        3. Converts components to a list and processes their licenses.
+
+        :return: A list of processed components with license data, or `None` if `self.results` is not set.
+        """
+        if self.results_processor.get_results() is None:
+            raise ValueError(f'Error: No results found in {self.filepath}')
+
+        components: dict = {}
+        # Extract component and license data from file and dependency results. Both helpers mutate `components`
+        self.results_processor.get_components_data(components)
+        self.results_processor.get_dependencies_data(components)
+        return self.results_processor.convert_components_to_list(components)
+
+    def _format(self, license_summary) -> str:
+        # TODO: Implement formatter to support dynamic outputs
+        json_data = self._json(license_summary)
+        return json.dumps(json_data, indent=2)
+
+    def run(self):
+        components = self._get_components()
+        license_summary = self._get_licenses_summary_from_components(components)
+        output = self._format(license_summary)
+        self.print_to_file_or_stdout(output, self.output)
+        return license_summary
+#
+# End of LicenseSummary Class
+#