scanoss 1.20.3__tar.gz → 1.20.5__tar.gz

{scanoss-1.20.3/src/scanoss.egg-info → scanoss-1.20.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: scanoss
-Version: 1.20.3
+Version: 1.20.5
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.20.3 → scanoss-1.20.5}/src/scanoss/__init__.py

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-__version__ = '1.20.3'
+__version__ = '1.20.5'

scanoss-1.20.5/src/scanoss/data/build_date.txt

@@ -0,0 +1 @@
+date: 20250314141411, utime: 1741961651

{scanoss-1.20.3 → scanoss-1.20.5}/src/scanoss/scanossgrpc.py

@@ -22,50 +22,58 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
+import concurrent.futures
+import json
 import os
 import uuid
+from urllib.parse import urlparse
 
 import grpc
-import json
-
 from google.protobuf.json_format import MessageToDict, ParseDict
 from pypac.parser import PACFile
 from pypac.resolver import ProxyResolver
-from urllib.parse import urlparse
 
-from .api.components.v2.scanoss_components_pb2_grpc import ComponentsStub
-from .api.cryptography.v2.scanoss_cryptography_pb2_grpc import CryptographyStub
-from .api.dependencies.v2.scanoss_dependencies_pb2_grpc import DependenciesStub
-from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2_grpc import VulnerabilitiesStub
-from .api.provenance.v2.scanoss_provenance_pb2_grpc import ProvenanceStub
-from .api.semgrep.v2.scanoss_semgrep_pb2_grpc import SemgrepStub
-from .api.cryptography.v2.scanoss_cryptography_pb2 import AlgorithmResponse
-from .api.dependencies.v2.scanoss_dependencies_pb2 import DependencyRequest, DependencyResponse
-from .api.common.v2.scanoss_common_pb2 import EchoRequest, EchoResponse, StatusResponse, StatusCode, PurlRequest
-from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2 import VulnerabilityResponse
-from .api.semgrep.v2.scanoss_semgrep_pb2 import SemgrepResponse
+from . import __version__
+from .api.common.v2.scanoss_common_pb2 import (
+    EchoRequest,
+    EchoResponse,
+    PurlRequest,
+    StatusCode,
+    StatusResponse,
+)
 from .api.components.v2.scanoss_components_pb2 import (
     CompSearchRequest,
     CompSearchResponse,
     CompVersionRequest,
     CompVersionResponse,
 )
+from .api.components.v2.scanoss_components_pb2_grpc import ComponentsStub
+from .api.cryptography.v2.scanoss_cryptography_pb2 import AlgorithmResponse
+from .api.cryptography.v2.scanoss_cryptography_pb2_grpc import CryptographyStub
+from .api.dependencies.v2.scanoss_dependencies_pb2 import DependencyRequest
+from .api.dependencies.v2.scanoss_dependencies_pb2_grpc import DependenciesStub
 from .api.provenance.v2.scanoss_provenance_pb2 import ProvenanceResponse
+from .api.provenance.v2.scanoss_provenance_pb2_grpc import ProvenanceStub
+from .api.semgrep.v2.scanoss_semgrep_pb2 import SemgrepResponse
+from .api.semgrep.v2.scanoss_semgrep_pb2_grpc import SemgrepStub
+from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2 import VulnerabilityResponse
+from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2_grpc import VulnerabilitiesStub
 from .scanossbase import ScanossBase
-from . import __version__
 
 DEFAULT_URL = 'https://api.osskb.org'  # default free service URL
 DEFAULT_URL2 = 'https://api.scanoss.com'  # default premium service URL
 SCANOSS_GRPC_URL = os.environ.get('SCANOSS_GRPC_URL') if os.environ.get('SCANOSS_GRPC_URL') else DEFAULT_URL
 SCANOSS_API_KEY = os.environ.get('SCANOSS_API_KEY') if os.environ.get('SCANOSS_API_KEY') else ''
 
+MAX_CONCURRENT_REQUESTS = 5
+
 
 class ScanossGrpc(ScanossBase):
     """
     Client for gRPC functionality
     """
 
-    def __init__(
+    def __init__(  # noqa: PLR0913
         self,
         url: str = None,
         debug: bool = False,
@@ -222,31 +230,54 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not dependencies:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
-        request_id = str(uuid.uuid4())
-        resp: DependencyResponse
-        try:
-            files_json = dependencies.get('files')
-            if files_json is None or len(files_json) == 0:
-                self.print_stderr(f'ERROR: No dependency data supplied to send to gRPC service.')
+
+        files_json = dependencies.get('files')
+
+        if files_json is None or len(files_json) == 0:
+            self.print_stderr('ERROR: No dependency data supplied to send to gRPC service.')
+            return None
+
+        def process_file(file):
+            request_id = str(uuid.uuid4())
+            try:
+                file_request = {'files': [file]}
+
+                request = ParseDict(file_request, DependencyRequest())
+                request.depth = depth
+                metadata = self.metadata[:]
+                metadata.append(('x-request-id', request_id))
+                self.print_debug(f'Sending dependency data for decoration (rqId: {request_id})...')
+                resp = self.dependencies_stub.GetDependencies(request, metadata=metadata, timeout=self.timeout)
+
+                return MessageToDict(resp, preserving_proto_field_name=True)
+            except Exception as e:
+                self.print_stderr(
+                    f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+                )
                 return None
-            request = ParseDict(dependencies, DependencyRequest())  # Parse the JSON/Dict into the dependency object
-            request.depth = depth
-            metadata = self.metadata[:]
-            metadata.append(('x-request-id', request_id))  # Set a Request ID
-            self.print_debug(f'Sending dependency data for decoration (rqId: {request_id})...')
-            resp = self.dependencies_stub.GetDependencies(request, metadata=metadata, timeout=self.timeout)
-        except Exception as e:
-            self.print_stderr(
-                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
-            )
-        else:
-            if resp:
-                if not self._check_status_response(resp.status, request_id):
-                    return None
-                return MessageToDict(resp, preserving_proto_field_name=True)  # Convert gRPC response to a dictionary
-        return None
+
+        all_responses = []
+        with concurrent.futures.ThreadPoolExecutor(max_workers=MAX_CONCURRENT_REQUESTS) as executor:
+            future_to_file = {executor.submit(process_file, file): file for file in files_json}
+
+            for future in concurrent.futures.as_completed(future_to_file):
+                response = future.result()
+                if response:
+                    all_responses.append(response)
+
+        SUCCESS_STATUS = 'SUCCESS'
+
+        merged_response = {'files': [], 'status': {'status': SUCCESS_STATUS, 'message': 'Success'}}
+        for response in all_responses:
+            if response:
+                if 'files' in response and len(response['files']) > 0:
+                    merged_response['files'].append(response['files'][0])
+                # Overwrite the status if the any of the responses was not successful
+                if 'status' in response and response['status']['status'] != SUCCESS_STATUS:
+                    merged_response['status'] = response['status']
+        return merged_response
 
     def get_crypto_json(self, purls: dict) -> dict:
         """
@@ -255,7 +286,7 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not purls:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
         resp: AlgorithmResponse
@@ -285,7 +316,7 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not purls:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
         resp: VulnerabilityResponse
@@ -315,7 +346,7 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not purls:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
         resp: SemgrepResponse
@@ -345,7 +376,7 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not search:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
         resp: CompSearchResponse
@@ -375,7 +406,7 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not search:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
         resp: CompVersionResponse
@@ -404,6 +435,10 @@ class ScanossGrpc(ScanossBase):
         :param status_response: Status Response
         :return: True if successful, False otherwise
         """
+
+        SUCCEDED_WITH_WARNINGS_STATUS_CODE = 2
+        FAILED_STATUS_CODE = 3
+
         if not status_response:
             self.print_stderr(f'Warning: No status response supplied (rqId: {request_id}). Assuming it was ok.')
             return True
@@ -411,11 +446,11 @@ class ScanossGrpc(ScanossBase):
         status_code: StatusCode = status_response.status
         if status_code > 1:
             ret_val = False  # default to failed
-            msg = "Unsuccessful"
-            if status_code == 2:
-                msg = "Succeeded with warnings"
+            msg = 'Unsuccessful'
+            if status_code == SUCCEDED_WITH_WARNINGS_STATUS_CODE:
+                msg = 'Succeeded with warnings'
                 ret_val = True  # No need to fail as it succeeded with warnings
-            elif status_code == 3:
+            elif status_code == FAILED_STATUS_CODE:
                 msg = 'Failed with warnings'
             self.print_stderr(f'{msg} (rqId: {request_id} - status: {status_code}): {status_response.message}')
             return ret_val
@@ -428,10 +463,10 @@ class ScanossGrpc(ScanossBase):
         :param self:
         """
         if self.grpc_proxy:
-            self.print_debug(f'Setting GRPC (grpc_proxy) proxy...')
+            self.print_debug('Setting GRPC (grpc_proxy) proxy...')
             os.environ['grpc_proxy'] = self.grpc_proxy
         elif self.proxy:
-            self.print_debug(f'Setting GRPC (http_proxy/https_proxy) proxies...')
+            self.print_debug('Setting GRPC (http_proxy/https_proxy) proxies...')
             os.environ['http_proxy'] = self.proxy
             os.environ['https_proxy'] = self.proxy
         elif self.pac:
@@ -450,7 +485,7 @@ class ScanossGrpc(ScanossBase):
         :return: Server response or None
         """
         if not purls:
-            self.print_stderr(f'ERROR: No message supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
         resp: ProvenanceResponse
@@ -461,8 +496,9 @@ class ScanossGrpc(ScanossBase):
             self.print_debug(f'Sending data for provenance decoration (rqId: {request_id})...')
             resp = self.provenance_stub.GetComponentProvenance(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
-            self.print_stderr(f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message '
-                              f'(rqId: {request_id}): {e}')
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
         else:
             if resp:
                 if not self._check_status_response(resp.status, request_id):
@@ -470,6 +506,8 @@ class ScanossGrpc(ScanossBase):
                 resp_dict = MessageToDict(resp, preserving_proto_field_name=True)  # Convert gRPC response to a dict
                 return resp_dict
         return None
+
+
 #
 # End of ScanossGrpc Class
 #

{scanoss-1.20.3 → scanoss-1.20.5}/src/scanoss/spdxlite.py

@@ -31,6 +31,7 @@ import re
 import sys
 
 import importlib_resources
+from packageurl import PackageURL
 
 from . import __version__
 
@@ -78,15 +79,31 @@ class SpdxLite:
         return self._process_files(data)
 
     def _process_files(self, data: json) -> dict:
-        """Process each file in the data and build summary."""
+        """
+            Process raw results and build a component summary.
+
+            Args:
+                data: JSON data containing raw results
+
+            Returns:
+                dict: The built summary dictionary
+        """
         summary = {}
         for file_path in data:
             file_details = data.get(file_path)
-            self._process_file_entries(file_path, file_details, summary)
+            # summary is passed by reference and modified inside the function
+            self._process_entries(file_path, file_details, summary)
         return summary
 
-    def _process_file_entries(self, file_path: str, file_details: list, summary: dict):
-        """Process entries for a single file."""
+    def _process_entries(self, file_path: str, file_details: list, summary: dict):
+        """
+        Process entries for a single file.
+
+        Args:
+            file_path: Path to the file being processed
+            file_details: Results of the file
+            summary: Reference to summary dictionary that will be modified in place
+        """
         for entry in file_details:
             id_details = entry.get('id')
             if not id_details or id_details == 'none':
@@ -95,10 +112,17 @@ class SpdxLite:
             if id_details == 'dependency':
                 self._process_dependency_entry(file_path, entry, summary)
             else:
-                self._process_normal_entry(file_path, entry, summary)
+                self._process_file_entry(file_path, entry, summary)
 
     def _process_dependency_entry(self, file_path: str, entry: dict, summary: dict):
-        """Process a dependency type entry."""
+        """
+        Process a dependency type entry.
+
+        Args:
+            file_path: Path to the file being processed
+            entry: The dependency entry to process
+            summary: Reference to summary dictionary that will be modified in place
+        """
         dependencies = entry.get('dependencies')
         if not dependencies:
             self.print_stderr(f'Warning: No Dependencies found for {file_path}')
@@ -108,11 +132,18 @@ class SpdxLite:
             purl = dep.get('purl')
             if not self._is_valid_purl(file_path, dep, purl, summary):
                 continue
-
+            # Modifying the summary dictionary directly as it's passed by reference
             summary[purl] = self._create_dependency_summary(dep)
 
-    def _process_normal_entry(self, file_path: str, entry: dict, summary: dict):
-        """Process a normal file type entry."""
+    def _process_file_entry(self, file_path: str, entry: dict, summary: dict):
+        """
+        Process file entry.
+
+        Args:
+            file_path: Path to the file being processed
+            entry: Process file match entry
+            summary: Reference to summary dictionary that will be modified in place
+        """
         purls = entry.get('purl')
         if not purls:
             self.print_stderr(f'Purl block missing for {file_path}')
@@ -122,10 +153,21 @@ class SpdxLite:
         if not self._is_valid_purl(file_path, entry, purl, summary):
             return
 
-        summary[purl] = self._create_normal_summary(entry)
+        summary[purl] = self._create_file_summary(entry)
 
     def _is_valid_purl(self, file_path: str, entry: dict, purl: str, summary: dict) -> bool:
-        """Check if PURL is valid and not already processed."""
+        """
+        Check if purl is valid and not already processed.
+
+        Args:
+            file_path: Path to the file being processed
+            entry: The entry containing the PURL
+            purl: The PURL to validate
+            summary: Reference to summary dictionary to check for existing entries
+
+        Returns:
+            bool: True if purl is valid and not already processed
+        """
         if not purl:
             self.print_stderr(f'Warning: No PURL found for {file_path}: {entry}')
             return False
@@ -137,15 +179,37 @@ class SpdxLite:
         return True
 
     def _create_dependency_summary(self, dep: dict) -> dict:
-        """Create summary for dependency entry."""
+        """
+        Create summary for dependency entry.
+
+        This method extracts relevant fields from a dependency entry and creates a
+        standardized summary dictionary. It handles fields like component, version,
+        and URL, with special processing for licenses.
+
+        Args:
+            dep (dict): The dependency entry containing component information
+
+        Returns:
+            dict: A new summary dictionary containing the extracted and processed fields
+        """
         summary = {}
         for field in ['component', 'version', 'url']:
             summary[field] = dep.get(field, '')
         summary['licenses'] = self._process_licenses(dep.get('licenses'))
         return summary
 
-    def _create_normal_summary(self, entry: dict) -> dict:
-        """Create summary for normal file entry."""
+    def _create_file_summary(self, entry: dict) -> dict:
+        """
+        Create summary for file entry.
+
+        This method extracts set of fields from file entry and creates a standardized summary dictionary.
+
+        Args:
+            entry (dict): The file entry containing the metadata to summarize
+
+        Returns:
+            dict: A new summary dictionary containing all extracted and processed fields
+        """
         summary = {}
         fields = ['id', 'vendor', 'component', 'version', 'latest',
                   'url', 'url_hash', 'download_url']
@@ -155,7 +219,22 @@ class SpdxLite:
         return summary
 
     def _process_licenses(self, licenses: list) -> list:
-        """Process license information and remove duplicates."""
+        """
+            Process license information and remove duplicates.
+
+            This method filters license information to include only licenses from trusted sources
+            ('component_declared' or 'license_file') and removes any duplicate license names.
+            The result is a simplified list of license dictionaries containing only the 'id' field.
+
+            Args:
+                licenses (list): A list of license dictionaries, each containing at least 'name'
+                                 and 'source' fields. Can be None or empty.
+
+            Returns:
+                list: A filtered and deduplicated list of license dictionaries, where each
+                      dictionary contains only an 'id' field matching the original license name.
+                      Returns an empty list if input is None or empty.
+            """
         if not licenses:
             return []
 
@@ -164,6 +243,9 @@ class SpdxLite:
 
         for license_info in licenses:
             name = license_info.get('name')
+            source = license_info.get('source')
+            if source not in ("component_declared", "license_file", "file_header"):
+                continue
             if name and name not in seen_names:
                 processed_licenses.append({'id': name})
                 seen_names.add(name)
@@ -205,7 +287,30 @@ class SpdxLite:
         return self._write_output(spdx_document, output_file)
 
     def _create_base_document(self, raw_data: dict) -> dict:
-        """Create the base SPDX document structure."""
+        """
+            Create the base SPDX document structure.
+
+            This method initializes a new SPDX document with standard fields required by
+            the SPDX 2.2 specification. It generates a unique document namespace using
+            a hash of the raw data and current timestamp.
+
+            Args:
+                raw_data (dict): The raw component data used to create a unique identifier
+                                for the document namespace
+
+            Returns:
+                dict: A dictionary containing the base SPDX document structure with the
+                      following fields:
+                      - spdxVersion: The SPDX specification version
+                      - dataLicense: The license for the SPDX document itself
+                      - SPDXID: The document's unique identifier
+                      - name: The name of the SBOM
+                      - creationInfo: Information about when and how the document was created
+                      - documentNamespace: A unique URI for this document
+                      - documentDescribes: List of packages described (initially empty)
+                      - hasExtractedLicensingInfos: List of licenses (initially empty)
+                      - packages: List of package information (initially empty)
+        """
         now = datetime.datetime.utcnow()
         md5hex = hashlib.md5(f'{raw_data}-{now}'.encode('utf-8')).hexdigest()
 
@@ -222,7 +327,23 @@ class SpdxLite:
         }
 
     def _create_creation_info(self, timestamp: datetime.datetime) -> dict:
-        """Create the creation info section."""
+        """
+            Create the creation info section of an SPDX document.
+
+            This method generates the creation information required by the SPDX specification,
+            including timestamps, creator information, and document type.
+
+            Args:
+                timestamp (datetime.datetime): The UTC timestamp representing when the
+                                              document was created
+
+            Returns:
+                dict: A dictionary containing creation information with the following fields:
+                      - created: ISO 8601 formatted timestamp
+                      - creators: List of entities involved in creating the document
+                        (tool, person, and organization)
+                      - comment: Additional information about the SBOM type
+        """
         return {
             'created': timestamp.strftime('%Y-%m-%dT%H:%M:%SZ'),
             'creators': [
@@ -234,7 +355,25 @@ class SpdxLite:
         }
 
     def _process_packages(self, raw_data: dict, spdx_document: dict):
-        """Process packages and add them to the SPDX document."""
+        """
+            Process packages and add them to the SPDX document.
+
+            This method iterates through the raw component data, creates package information
+            for each component, and adds them to the SPDX document. It also collects
+            license references to be processed separately.
+
+            Args:
+                raw_data (dict): Dictionary of package data indexed by PURL
+                                (Package URL identifiers)
+                spdx_document (dict): Reference to the SPDX document being built,
+                                     which will be modified in place
+
+            Note:
+                This method modifies the spdx_document dictionary in place by:
+                1. Adding package information to the 'packages' list
+                2. Adding package SPDXIDs to the 'documentDescribes' list
+                3. Indirectly populating 'hasExtractedLicensingInfos' via _process_license_refs()
+        """
         lic_refs = set()
 
         for purl, comp in raw_data.items():
@@ -245,7 +384,36 @@ class SpdxLite:
         self._process_license_refs(lic_refs, spdx_document)
 
     def _create_package_info(self, purl: str, comp: dict, lic_refs: set) -> dict:
-        """Create package information for SPDX document."""
+        """
+            Create package information for SPDX document.
+
+            This method generates a complete package information entry following the SPDX
+            specification format. It creates a unique identifier for the package based on
+            its PURL and version, processes license information, and formats all required
+            fields for the SPDX document.
+
+            Args:
+                purl (str): Package URL identifier for the component
+                comp (dict): Component information dictionary containing metadata like
+                            component name, version, URLs, and license information
+                lic_refs (set): Reference to a set that will be populated with license
+                               references found in this package. This set is modified in place.
+
+            Returns:
+                dict: A dictionary containing all required SPDX package fields including:
+                      - name: Component name
+                      - SPDXID: Unique identifier for this package within the document
+                      - versionInfo: Component version
+                      - downloadLocation: URL where the package can be downloaded
+                      - homepage: Component homepage URL
+                      - licenseDeclared: Formatted license expression
+                      - licenseConcluded: NOASSERTION as automated conclusion isn't possible
+                      - filesAnalyzed: False as files are not individually analyzed
+                      - copyrightText: NOASSERTION as copyright text isn't available
+                      - supplier: Organization name from vendor information
+                      - externalRefs: Package URL reference for package manager integration
+                      - checksums: MD5 hash of the package if available
+        """
         lic_text = self._process_package_licenses(comp.get('licenses', []), lic_refs)
         comp_ver = comp.get('version')
         purl_ver = f'{purl}@{comp_ver}'
@@ -265,7 +433,7 @@ class SpdxLite:
             'externalRefs': [
                 {
                     'referenceCategory': 'PACKAGE-MANAGER',
-                    'referenceLocator': purl_ver,
+                    'referenceLocator': PackageURL.from_string(purl_ver).to_string(),
                     'referenceType': 'purl'
                 }
             ],
@@ -278,20 +446,47 @@ class SpdxLite:
         }
 
     def _process_package_licenses(self, licenses: list, lic_refs: set) -> str:
-        """Process licenses and return license text."""
+        """
+           Process licenses and return license text formatted for SPDX.
+
+           This method processes a list of license objects, extracts valid license IDs,
+           converts them to SPDX format, and combines them into a properly formatted
+           license expression.
+
+           Args:
+               licenses (list): List of license dictionaries, each containing at least
+                               an 'id' field
+               lic_refs (set): Reference to a set that will collect license references.
+                              This set is modified in place.
+
+           Returns:
+               str: A formatted license expression string following SPDX syntax.
+                    Returns 'NOASSERTION' if no valid licenses are found.
+        """
         if not licenses:
             return 'NOASSERTION'
 
         lic_set = set()
         for lic in licenses:
             lc_id = lic.get('id')
-            if lc_id:
-                self._process_license_id(lc_id, lic_refs, lic_set)
+            self._process_license_id(lc_id, lic_refs, lic_set)
 
         return self._format_license_text(lic_set)
 
     def _process_license_id(self, lc_id: str, lic_refs: set, lic_set: set):
-        """Process individual license ID."""
+        """
+         Process individual license ID and add to appropriate sets.
+
+         This method attempts to convert a license ID to its SPDX equivalent.
+         If not found in the SPDX license list, it's formatted as a LicenseRef
+         and added to the license references set.
+
+         Args:
+             lc_id (str): The license ID to process
+             lic_refs (set): Reference to a set that collects license references
+                            for later processing. Modified in place.
+             lic_set (set): Reference to a set collecting all license IDs for
+         """
         spdx_id = self.get_spdx_license_id(lc_id)
         if not spdx_id:
             if not lc_id.startswith('LicenseRef'):
@@ -300,7 +495,20 @@ class SpdxLite:
         lic_set.add(spdx_id if spdx_id else lc_id)
 
     def _format_license_text(self, lic_set: set) -> str:
-        """Format the license text with proper syntax."""
+        """
+            Format the license text with proper SPDX syntax.
+
+            This method combines multiple license IDs with the 'AND' operator
+            according to SPDX specification rules. If multiple licenses are present,
+            the expression is enclosed in parentheses.
+
+            Args:
+                lic_set (set): Set of license IDs to format
+
+            Returns:
+                str: A properly formatted SPDX license expression.
+                     Returns 'NOASSERTION' if the set is empty.
+        """
         if not lic_set:
             return 'NOASSERTION'
 
@@ -310,13 +518,44 @@ class SpdxLite:
         return lic_text
 
     def _process_license_refs(self, lic_refs: set, spdx_document: dict):
-        """Process and add license references to the document."""
+        """
+            Process and add license references to the SPDX document.
+
+            This method processes each license reference in the provided set
+            and adds corresponding license information to the SPDX document's
+            extracted licensing information section.
+
+            Args:
+                lic_refs (set): Set of license references to process
+                spdx_document (dict): Reference to the SPDX document being built,
+                                     which will be modified in place
+
+            Note:
+                This method modifies the spdx_document dictionary in place by adding
+                entries to the 'hasExtractedLicensingInfos' list.
+        """
         for lic_ref in lic_refs:
             license_info = self._parse_license_ref(lic_ref)
             spdx_document['hasExtractedLicensingInfos'].append(license_info)
 
     def _parse_license_ref(self, lic_ref: str) -> dict:
-        """Parse license reference and create info dictionary."""
+        """
+            Parse license reference and create info dictionary for SPDX document.
+
+            This method extracts information from a license reference identifier
+            and formats it into the structure required by the SPDX specification
+            for extracted licensing information.
+
+            Args:
+                lic_ref (str): License reference identifier to parse
+
+            Returns:
+                dict: Dictionary containing required SPDX fields for extracted license info:
+                      - licenseId: The unique identifier for this license
+                      - name: A readable name for the license
+                      - extractedText: A placeholder for the actual license text
+                      - comment: Information about how the license was detected
+        """
         source, name = self._extract_license_info(lic_ref)
         source_text = f' by {source}.' if source else '.'
 
@@ -328,7 +567,21 @@ class SpdxLite:
         }
 
     def _extract_license_info(self, lic_ref: str):
-        """Extract source and name from license reference."""
+        """
+            Extract source and name from license reference.
+
+            This method parses a license reference string to extract the source
+            (e.g., scancode, scanoss) and the actual license name using regular
+            expressions.
+
+            Args:
+                lic_ref (str): License reference identifier to parse
+
+            Returns:
+                tuple: A tuple containing (source, name) where:
+                       - source (str): The tool or system that identified the license
+                       - name (str): The actual license name
+        """
         match = re.search(r'^LicenseRef-(scancode-|scanoss-|)(\S+)$', lic_ref, re.IGNORECASE)
         if match:
             source = match.group(1).replace('-', '')
@@ -416,8 +669,6 @@ class SpdxLite:
                             self._spdx_licenses[lic_id_short] = lic_id
                     if lic_name:
                         self._spdx_lic_names[lic_name] = lic_id
-            # self.print_stderr(f'Licenses: {self._spdx_licenses}')
-            # self.print_stderr(f'Lookup: {self._spdx_lic_lookup}')
         return True
 
     def get_spdx_license_id(self, lic_name: str) -> str:

{scanoss-1.20.3 → scanoss-1.20.5/src/scanoss.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: scanoss
-Version: 1.20.3
+Version: 1.20.5
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

scanoss-1.20.3/src/scanoss/data/build_date.txt

@@ -1 +0,0 @@
-date: 20250303125404, utime: 1741006444