scanoss 1.15.0__tar.gz → 1.17.0__tar.gz

{scanoss-1.15.0/src/scanoss.egg-info → scanoss-1.17.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: scanoss
-Version: 1.15.0
+Version: 1.17.0
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.15.0 → scanoss-1.17.0}/src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = "1.15.0"
+__version__ = "1.17.0"

{scanoss-1.15.0 → scanoss-1.17.0}/src/scanoss/cli.py

@@ -25,15 +25,13 @@ import argparse
 import os
 from pathlib import Path
 import sys
-from array import array
-
 import pypac
-
+from scanoss.inspection.copyleft import Copyleft
+from scanoss.inspection.undeclared_component import UndeclaredComponent
 from .threadeddependencies import SCOPE
-from .scanner import Scanner
 from .scanoss_settings import ScanossSettings
 from .scancodedeps import ScancodeDeps
-from .scanner import FAST_WINNOWING, Scanner
+from .scanner import Scanner
 from .scantype import ScanType
 from .filecount import FileCount
 from .cyclonedx import CycloneDx
@@ -171,19 +169,19 @@ def setup_args() -> None:
     # Component Sub-command: component crypto
     c_crypto = comp_sub.add_parser('crypto', aliases=['cr'],
                                    description=f'Show Cryptographic algorithms: {__version__}',
-                                   help='Retreive cryptographic algorithms for the given components')
+                                   help='Retrieve cryptographic algorithms for the given components')
     c_crypto.set_defaults(func=comp_crypto)
 
     # Component Sub-command: component vulns
     c_vulns = comp_sub.add_parser('vulns', aliases=['vulnerabilities', 'vu'],
                                   description=f'Show Vulnerability details: {__version__}',
-                                  help='Retreive vulnerabilities for the given components')
+                                  help='Retrieve vulnerabilities for the given components')
     c_vulns.set_defaults(func=comp_vulns)
 
     # Component Sub-command: component semgrep
     c_semgrep = comp_sub.add_parser('semgrep', aliases=['sp'],
                                    description=f'Show Semgrep findings: {__version__}',
-                                   help='Retreive semgrep issues/findings for the given components')
+                                   help='Retrieve semgrep issues/findings for the given components')
     c_semgrep.set_defaults(func=comp_semgrep)
 
     # Component Sub-command: component search
@@ -299,6 +297,31 @@ def setup_args() -> None:
     )
     p_results.set_defaults(func=results)
 
+
+    # Sub-command: inspect
+    p_inspect = subparsers.add_parser('inspect', aliases=['insp', 'ins'],
+                                   description=f'Inspect results: {__version__}',
+                                   help='Inspect results')
+    # Sub-parser: inspect
+    p_inspect_sub = p_inspect.add_subparsers(title='Inspect Commands', dest='subparsercmd',
+                                             description='Inspect sub-commands', help='Inspect sub-commands')
+    # Inspect Sub-command: inspect copyleft
+    p_copyleft = p_inspect_sub.add_parser('copyleft', aliases=['cp'],description="Inspect for copyleft licenses", help='Inspect for copyleft licenses')
+    p_copyleft.add_argument('--include', help='List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list.')
+    p_copyleft.add_argument('--exclude', help='List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list.')
+    p_copyleft.add_argument('--explicit', help='Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list.s')
+    p_copyleft.set_defaults(func=inspect_copyleft)
+
+    # Inspect Sub-command: inspect undeclared
+    p_undeclared = p_inspect_sub.add_parser('undeclared', aliases=['un'],description="Inspect for undeclared components", help='Inspect for undeclared components')
+    p_undeclared.set_defaults(func=inspect_undeclared)
+
+    for p in [p_copyleft, p_undeclared]:
+        p.add_argument('-i', '--input', nargs='?', help='Path to results file')
+        p.add_argument('-f', '--format',required=False ,choices=['json', 'md'], default='json', help='Output format (default: json)')
+        p.add_argument('-o', '--output', type=str, help='Save details into a file')
+        p.add_argument('-s', '--status', type=str, help='Save summary data into Markdown file')
+
     # Global Scan command options
     for p in [p_scan]:
         p.add_argument('--apiurl', type=str,
@@ -344,7 +367,7 @@ def setup_args() -> None:
 
     # Help/Trace command options
     for p in [p_scan, p_wfp, p_dep, p_fc, p_cnv, p_c_loc, p_c_dwnld, p_p_proxy, c_crypto, c_vulns, c_search,
-              c_versions, c_semgrep, p_results]:
+              c_versions, c_semgrep, p_results, p_undeclared, p_copyleft]:
         p.add_argument('--debug', '-d', action='store_true', help='Enable debug messages')
         p.add_argument('--trace', '-t', action='store_true', help='Enable trace messages, including API posts')
         p.add_argument('--quiet', '-q', action='store_true', help='Enable quiet mode')
@@ -357,9 +380,10 @@ def setup_args() -> None:
         parser.print_help()  # No sub command subcommand, print general help
         exit(1)
     else:
-        if (args.subparser == 'utils' or args.subparser == 'ut' or
-            args.subparser == 'component' or args.subparser == 'comp') \
-                and not args.subparsercmd:
+        if ((args.subparser == 'utils' or args.subparser == 'ut' or
+            args.subparser == 'component' or args.subparser == 'comp' or
+            args.subparser == 'inspect' or args.subparser == 'insp' or args.subparser == 'ins')
+            and not args.subparsercmd):
             parser.parse_args([args.subparser, '--help'])  # Force utils helps to be displayed
             exit(1)
     args.func(parser, args)  # Execute the function associated with the sub-command
@@ -778,6 +802,64 @@ def convert(parser, args):
     if not success:
         exit(1)
 
+def inspect_copyleft(parser, args):
+    """
+    Run the "inspect" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if args.input is None:
+        print_stderr('Please specify an input file to inspect')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        exit(1)
+    output: str = None
+    if args.output:
+        output = args.output
+        open(output, 'w').close()
+
+    status_output: str = None
+    if args.status:
+        status_output = args.status
+        open(status_output, 'w').close()
+
+    i_copyleft = Copyleft(debug=args.debug, trace=args.trace, quiet=args.quiet, filepath=args.input,
+                          format_type=args.format, status=status_output, output=output, include=args.include,
+                         exclude=args.exclude, explicit=args.explicit)
+    status, _ = i_copyleft.run()
+    sys.exit(status)
+
+def inspect_undeclared(parser, args):
+    """
+    Run the "inspect" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if args.input is None:
+        print_stderr('Please specify an input file to inspect')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        exit(1)
+    output: str = None
+    if args.output:
+        output = args.output
+        open(output, 'w').close()
+
+    status_output: str = None
+    if args.status:
+        status_output = args.status
+        open(status_output, 'w').close()
+    i_undeclared = UndeclaredComponent(debug=args.debug, trace=args.trace, quiet=args.quiet,
+                                       filepath=args.input, format_type=args.format,
+                                       status=status_output, output=output)
+    status, _ = i_undeclared.run()
+    sys.exit(status)
 
 def utils_certloc(*_):
     """
@@ -787,7 +869,6 @@ def utils_certloc(*_):
     import certifi
     print(f'CA Cert File: {certifi.where()}')
 
-
 def utils_cert_download(_, args):
     """
     Run the "utils cert-download" sub-command
@@ -820,7 +901,7 @@ def utils_cert_download(_, args):
             else:
                 cn = cert_components.get('CN')
             if not args.quiet:
-                print_stderr(f'Centificate {index} - CN: {cn}')
+                print_stderr(f'Certificate {index} - CN: {cn}')
             if sys.version_info[0] >= 3:
                 print((crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8')).strip(), file=file)  # Print the downloaded PEM certificate
             else:

{scanoss-1.15.0 → scanoss-1.17.0}/src/scanoss/cyclonedx.py

@@ -25,6 +25,9 @@ import json
 import os.path
 import sys
 import uuid
+import datetime
+
+from . import __version__
 
 from .scanossbase import ScanossBase
 from .spdxlite import SpdxLite
@@ -186,6 +189,16 @@ class CycloneDx(ScanossBase):
             'specVersion': '1.4',
             'serialNumber': f'urn:uuid:{uuid.uuid4()}',
             'version': 1,
+            'metadata': {
+                'timestamp': datetime.datetime.now(datetime.timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
+                'tools': [
+                    {
+                        'vendor': 'SCANOSS',
+                        'name': 'scanoss-py',
+                        'version': __version__,
+                    }
+                ]
+            },
             'components': [],
             'vulnerabilities': []
         }

scanoss-1.17.0/src/scanoss/data/build_date.txt

@@ -0,0 +1 @@
+date: 20241023122954, utime: 1729686594

scanoss-1.17.0/src/scanoss/inspection/__init__.py

@@ -0,0 +1,23 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""

scanoss-1.17.0/src/scanoss/inspection/copyleft.py

@@ -0,0 +1,156 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2024, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+import json
+from typing import Dict, Any
+from scanoss.inspection.policy_check import PolicyCheck, PolicyStatus
+
+class Copyleft(PolicyCheck):
+    """
+    SCANOSS Copyleft class
+    Inspects components for copyleft licenses
+    """
+
+    def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False, filepath: str = None,
+                 format_type: str = 'json', status: str = None, output: str = None, include: str = None,
+                 exclude: str = None, explicit: str = None):
+        """
+               Initialize the Copyleft class.
+
+               :param debug: Enable debug mode
+               :param trace: Enable trace mode (default True)
+               :param quiet: Enable quiet mode
+               :param filepath: Path to the file containing component data
+               :param format_type: Output format ('json' or 'md')
+               :param status: Path to save the status output
+               :param output: Path to save detailed output
+               :param include: Licenses to include in the analysis
+               :param exclude: Licenses to exclude from the analysis
+               :param explicit: Explicitly defined licenses
+        """
+        super().__init__(debug, trace, quiet, filepath, format_type, status, output, name='Copyleft Policy')
+        self.license_util.init(include, exclude, explicit)
+        self.filepath = filepath
+        self.format = format
+        self.output = output
+        self.status = status
+        self.include = include
+        self.exclude = exclude
+        self.explicit = explicit
+
+    def _json(self, components: list) -> Dict[str, Any]:
+        """
+           Format the components with copyleft licenses as JSON.
+
+           :param components: List of components with copyleft licenses
+           :return: Dictionary with formatted JSON details and summary
+        """
+        details = {}
+        if len(components) > 0:
+            details = { 'components': components }
+        return {
+            'details':  json.dumps(details, indent=2),
+            'summary': f'{len(components)} component(s) with copyleft licenses were found.'
+        }
+
+    def _markdown(self, components: list) -> Dict[str,Any]:
+        """
+        Format the components with copyleft licenses as Markdown.
+
+        :param components: List of components with copyleft licenses
+        :return: Dictionary with formatted Markdown details and summary
+        """
+        headers = ['Component', 'Version', 'License', 'URL', 'Copyleft']
+        centered_columns = [1, 4]
+        rows: [[]]= []
+        for component in components:
+            for lic in component['licenses']:
+                row = [
+                    component['purl'],
+                    component['version'],
+                    lic['spdxid'],
+                    lic['url'],
+                    'YES' if lic['copyleft'] else 'NO'
+                ]
+                rows.append(row)
+            # End license loop
+        # End component loop
+        return  {
+            'details': f'### Copyleft licenses\n{self.generate_table(headers,rows,centered_columns)}',
+            'summary' : f'{len(components)} component(s) with copyleft licenses were found.'
+        }
+
+    def _filter_components_with_copyleft_licenses(self, components: list) -> list:
+        """
+           Filter the components list to include only those with copyleft licenses.
+
+           :param components: List of all components
+           :return: List of components with copyleft licenses
+        """
+        filtered_components = []
+        for component in components:
+            copyleft_licenses = [lic for lic in component['licenses'] if lic['copyleft']]
+            if copyleft_licenses:
+                filtered_component = component
+                filtered_component['licenses'] = copyleft_licenses
+                del filtered_component['status']
+                filtered_components.append(filtered_component)
+        # End component loop
+        self.print_debug(f'Copyleft components: {filtered_components}')
+        return filtered_components
+
+    def run(self):
+        """
+        Run the copyleft license inspection process.
+
+        This method performs the following steps:
+        1. Get all components
+        2. Filter components with copyleft licenses
+        3. Format the results
+        4. Save the output to files if required
+
+        :return: Dictionary containing the inspection results
+        """
+        self._debug()
+        # Get the components from the results
+        components = self._get_components()
+        if components is None:
+            return PolicyStatus.ERROR.value, {}
+        # Get a list of copyleft components if they exist
+        copyleft_components = self._filter_components_with_copyleft_licenses(components)
+        # Get a formatter for the output results
+        formatter = self._get_formatter()
+        if formatter is None:
+            return PolicyStatus.ERROR.value, {}
+        # Format the results
+        results = formatter(copyleft_components)
+        ## Save outputs if required
+        self.print_to_file_or_stdout(results['details'], self.output)
+        self.print_to_file_or_stderr(results['summary'], self.status)
+        # Check to see if we have policy violations
+        if len(copyleft_components) <= 0:
+            return PolicyStatus.FAIL.value, results
+        return PolicyStatus.SUCCESS.value, results
+#
+# End of Copyleft Class
+#