scanoss 1.19.6__py3-none-any.whl → 1.20.1__py3-none-any.whl

scanoss/scanossgrpc.py

@@ -1,25 +1,25 @@
 """
- SPDX-License-Identifier: MIT
+SPDX-License-Identifier: MIT
 
-   Copyright (c) 2021, SCANOSS
+  Copyright (c) 2021, SCANOSS
 
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the "Software"), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
 
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
 
-   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
 
 import os
@@ -37,21 +37,27 @@ from .api.components.v2.scanoss_components_pb2_grpc import ComponentsStub
 from .api.cryptography.v2.scanoss_cryptography_pb2_grpc import CryptographyStub
 from .api.dependencies.v2.scanoss_dependencies_pb2_grpc import DependenciesStub
 from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2_grpc import VulnerabilitiesStub
+from .api.provenance.v2.scanoss_provenance_pb2_grpc import ProvenanceStub
 from .api.semgrep.v2.scanoss_semgrep_pb2_grpc import SemgrepStub
 from .api.cryptography.v2.scanoss_cryptography_pb2 import AlgorithmResponse
 from .api.dependencies.v2.scanoss_dependencies_pb2 import DependencyRequest, DependencyResponse
 from .api.common.v2.scanoss_common_pb2 import EchoRequest, EchoResponse, StatusResponse, StatusCode, PurlRequest
 from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2 import VulnerabilityResponse
 from .api.semgrep.v2.scanoss_semgrep_pb2 import SemgrepResponse
-from .api.components.v2.scanoss_components_pb2 import (CompSearchRequest, CompSearchResponse,
-                                                       CompVersionRequest, CompVersionResponse)
+from .api.components.v2.scanoss_components_pb2 import (
+    CompSearchRequest,
+    CompSearchResponse,
+    CompVersionRequest,
+    CompVersionResponse,
+)
+from .api.provenance.v2.scanoss_provenance_pb2 import ProvenanceResponse
 from .scanossbase import ScanossBase
 from . import __version__
 
-DEFAULT_URL = "https://api.osskb.org"  # default free service URL
-DEFAULT_URL2 = "https://api.scanoss.com"  # default premium service URL
-SCANOSS_GRPC_URL = os.environ.get("SCANOSS_GRPC_URL") if os.environ.get("SCANOSS_GRPC_URL") else DEFAULT_URL
-SCANOSS_API_KEY = os.environ.get("SCANOSS_API_KEY") if os.environ.get("SCANOSS_API_KEY") else ''
+DEFAULT_URL = 'https://api.osskb.org'  # default free service URL
+DEFAULT_URL2 = 'https://api.scanoss.com'  # default premium service URL
+SCANOSS_GRPC_URL = os.environ.get('SCANOSS_GRPC_URL') if os.environ.get('SCANOSS_GRPC_URL') else DEFAULT_URL
+SCANOSS_API_KEY = os.environ.get('SCANOSS_API_KEY') if os.environ.get('SCANOSS_API_KEY') else ''
 
 
 class ScanossGrpc(ScanossBase):
@@ -59,9 +65,20 @@ class ScanossGrpc(ScanossBase):
     Client for gRPC functionality
     """
 
-    def __init__(self, url: str = None, debug: bool = False, trace: bool = False, quiet: bool = False,
-                 ca_cert: str = None, api_key: str = None, ver_details: str = None, timeout: int = 600,
-                 proxy: str = None, grpc_proxy: str = None, pac: PACFile = None):
+    def __init__(
+        self,
+        url: str = None,
+        debug: bool = False,
+        trace: bool = False,
+        quiet: bool = False,
+        ca_cert: str = None,
+        api_key: str = None,
+        ver_details: str = None,
+        timeout: int = 600,
+        proxy: str = None,
+        grpc_proxy: str = None,
+        pac: PACFile = None,
+    ):
         """
 
         :param url:
@@ -80,7 +97,7 @@ class ScanossGrpc(ScanossBase):
         super().__init__(debug, trace, quiet)
         self.url = url if url else SCANOSS_GRPC_URL
         self.api_key = api_key if api_key else SCANOSS_API_KEY
-        if self.api_key and not url and not os.environ.get("SCANOSS_GRPC_URL"):
+        if self.api_key and not url and not os.environ.get('SCANOSS_GRPC_URL'):
             self.url = DEFAULT_URL2  # API key specific and no alternative URL, so use the default premium
         self.url = self.url.lower()
         self.orig_url = self.url  # Used for proxy lookup
@@ -113,6 +130,7 @@ class ScanossGrpc(ScanossBase):
             self.dependencies_stub = DependenciesStub(grpc.insecure_channel(self.url))
             self.semgrep_stub = SemgrepStub(grpc.insecure_channel(self.url))
             self.vuln_stub = VulnerabilitiesStub(grpc.insecure_channel(self.url))
+            self.provenance_stub = ProvenanceStub(grpc.insecure_channel(self.url))
         else:
             if ca_cert is not None:
                 credentials = grpc.ssl_channel_credentials(cert_data)  # secure with specified certificate
@@ -123,6 +141,7 @@ class ScanossGrpc(ScanossBase):
             self.dependencies_stub = DependenciesStub(grpc.secure_channel(self.url, credentials))
             self.semgrep_stub = SemgrepStub(grpc.secure_channel(self.url, credentials))
             self.vuln_stub = VulnerabilitiesStub(grpc.secure_channel(self.url, credentials))
+            self.provenance_stub = ProvenanceStub(grpc.secure_channel(self.url, credentials))
 
     @classmethod
     def _load_cert(cls, cert_file: str) -> bytes:
@@ -143,8 +162,9 @@ class ScanossGrpc(ScanossBase):
             metadata.append(('x-request-id', request_id))  # Set a Request ID
             resp = self.dependencies_stub.Echo(EchoRequest(message=message), metadata=metadata, timeout=3)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             # self.print_stderr(f'resp: {resp} - call: {call}')
             # response_id = ""
@@ -176,8 +196,9 @@ class ScanossGrpc(ScanossBase):
             metadata.append(('x-request-id', request_id))  # Set a Request ID
             resp = self.crypto_stub.Echo(EchoRequest(message=message), metadata=metadata, timeout=3)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 return resp.message
@@ -206,7 +227,7 @@ class ScanossGrpc(ScanossBase):
         request_id = str(uuid.uuid4())
         resp: DependencyResponse
         try:
-            files_json = dependencies.get("files")
+            files_json = dependencies.get('files')
             if files_json is None or len(files_json) == 0:
                 self.print_stderr(f'ERROR: No dependency data supplied to send to gRPC service.')
                 return None
@@ -217,8 +238,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending dependency data for decoration (rqId: {request_id})...')
             resp = self.dependencies_stub.GetDependencies(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -244,8 +266,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending crypto data for decoration (rqId: {request_id})...')
             resp = self.crypto_stub.GetAlgorithms(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -273,8 +296,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending crypto data for decoration (rqId: {request_id})...')
             resp = self.vuln_stub.GetVulnerabilities(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -302,8 +326,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending semgrep data for decoration (rqId: {request_id})...')
             resp = self.semgrep_stub.GetIssues(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -331,8 +356,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending component search data (rqId: {request_id})...')
             resp = self.comp_search_stub.SearchComponents(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -360,8 +386,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending component version data (rqId: {request_id})...')
             resp = self.comp_search_stub.GetComponentVersions(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -383,13 +410,15 @@ class ScanossGrpc(ScanossBase):
         self.print_debug(f'Checking response status (rqId: {request_id}): {status_response}')
         status_code: StatusCode = status_response.status
         if status_code > 1:
+            ret_val = False  # default to failed
             msg = "Unsuccessful"
             if status_code == 2:
                 msg = "Succeeded with warnings"
+                ret_val = True  # No need to fail as it succeeded with warnings
             elif status_code == 3:
-                msg = "Failed with warnings"
+                msg = 'Failed with warnings'
             self.print_stderr(f'{msg} (rqId: {request_id} - status: {status_code}): {status_response.message}')
-            return False
+            return ret_val
         return True
 
     def _get_proxy_config(self):
@@ -400,20 +429,47 @@ class ScanossGrpc(ScanossBase):
         """
         if self.grpc_proxy:
             self.print_debug(f'Setting GRPC (grpc_proxy) proxy...')
-            os.environ["grpc_proxy"] = self.grpc_proxy
+            os.environ['grpc_proxy'] = self.grpc_proxy
         elif self.proxy:
             self.print_debug(f'Setting GRPC (http_proxy/https_proxy) proxies...')
-            os.environ["http_proxy"] = self.proxy
-            os.environ["https_proxy"] = self.proxy
+            os.environ['http_proxy'] = self.proxy
+            os.environ['https_proxy'] = self.proxy
         elif self.pac:
             self.print_debug(f'Attempting to get GRPC proxy details from PAC for {self.orig_url}...')
             resolver = ProxyResolver(self.pac)
             proxies = resolver.get_proxy_for_requests(self.orig_url)
             if proxies:
                 self.print_trace(f'Setting proxies: {proxies}')
-            os.environ["http_proxy"] = proxies.get("http") or ""
-            os.environ["https_proxy"] = proxies.get("https") or ""
+            os.environ['http_proxy'] = proxies.get('http') or ''
+            os.environ['https_proxy'] = proxies.get('https') or ''
 
+    def get_provenance_json(self, purls: dict) -> dict:
+        """
+        Client function to call the rpc for GetComponentProvenance
+        :param purls: Message to send to the service
+        :return: Server response or None
+        """
+        if not purls:
+            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            return None
+        request_id = str(uuid.uuid4())
+        resp: ProvenanceResponse
+        try:
+            request = ParseDict(purls, PurlRequest())  # Parse the JSON/Dict into the purl request object
+            metadata = self.metadata[:]
+            metadata.append(('x-request-id', request_id))  # Set a Request ID
+            self.print_debug(f'Sending data for provenance decoration (rqId: {request_id})...')
+            resp = self.provenance_stub.GetComponentProvenance(request, metadata=metadata, timeout=self.timeout)
+        except Exception as e:
+            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
+                              f'(rqId: {request_id}): {e}')
+        else:
+            if resp:
+                if not self._check_status_response(resp.status, request_id):
+                    return None
+                resp_dict = MessageToDict(resp, preserving_proto_field_name=True)  # Convert gRPC response to a dict
+                return resp_dict
+        return None
 #
 # End of ScanossGrpc Class
 #

scanoss/scanpostprocessor.py

@@ -207,8 +207,9 @@ class ScanPostProcessor(ScanossBase):
 
         return result
 
-    def _should_replace_result(self, result_path: str, result: dict, to_replace_entries: List[BomEntry]
-                               ) -> Tuple[bool, str]:
+    def _should_replace_result(
+        self, result_path: str, result: dict, to_replace_entries: List[BomEntry]
+    ) -> Tuple[bool, str]:
         """
         Check if a result should be replaced based on the SCANOSS settings
 
@@ -278,14 +279,16 @@ class ScanPostProcessor(ScanossBase):
         :return:
         """
         message = (
-            f"{_get_match_type_message(result_path, bom_entry, action)} \n"
-            f"Details:\n"
-            f"  - PURLs: {', '.join(result_purls)}\n"
+            f'{_get_match_type_message(result_path, bom_entry, action)} \n'
+            f'Details:\n'
+            f'  - PURLs: {", ".join(result_purls)}\n'
             f"  - Path: '{result_path}'\n"
         )
         if action == 'Replacing':
             message += f" - {action} with '{bom_entry.get('replace_with')}'"
         self.print_debug(message)
+
+
 #
 # End of ScanPostProcessor Class
-#
+#

scanoss/scantype.py

@@ -1,25 +1,25 @@
 """
- SPDX-License-Identifier: MIT
-
-   Copyright (c) 2021, SCANOSS
-
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the "Software"), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2021, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
 """
 
 from enum import Enum
@@ -29,6 +29,7 @@ class ScanType(Enum):
     """
     Octal Enum class describing all the scanning options
     """
+
     SCAN_FILES = 1
     SCAN_SNIPPETS = 2
     SCAN_DEPENDENCIES = 4