PyPI - scanoss - Versions diffs - 1.23.0__tar.gz → 1.25.0__tar.gz - Mend

scanoss 1.23.0tar.gz → 1.25.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

{scanoss-1.23.0/src/scanoss.egg-info → scanoss-1.25.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.23.0
+Version: 1.25.0
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.23.0 → scanoss-1.25.0}/src/scanoss/__init__.py RENAMED Viewed

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
-__version__ = '1.23.0'
+__version__ = '1.25.0'

{scanoss-1.23.0 → scanoss-1.25.0}/src/scanoss/cli.py RENAMED Viewed

@@ -31,6 +31,7 @@ from typing import List
 import pypac
+from scanoss.cryptography import Cryptography, create_cryptography_config_from_args
 from scanoss.scanners.container_scanner import (
     DEFAULT_SYFT_COMMAND,
     DEFAULT_SYFT_TIMEOUT,
@@ -50,6 +51,7 @@ from scanoss.scanossgrpc import (
 from . import __version__
 from .components import Components
 from .constants import (
+    DEFAULT_API_TIMEOUT,
     DEFAULT_POST_SIZE,
     DEFAULT_RETRY,
     DEFAULT_TIMEOUT,
@@ -292,15 +294,6 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         help='component sub-commands',
     )
-    # Component Sub-command: component crypto
-    c_crypto = comp_sub.add_parser(
-        'crypto',
-        aliases=['cr'],
-        description=f'Show Cryptographic algorithms: {__version__}',
-        help='Retrieve cryptographic algorithms for the given components',
-    )
-    c_crypto.set_defaults(func=comp_crypto)
     # Component Sub-command: component vulns
     c_vulns = comp_sub.add_parser(
         'vulns',
@@ -361,18 +354,76 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     c_versions.add_argument('--limit', '-l', type=int, help='Generic component search')
     c_versions.set_defaults(func=comp_versions)
+    # Sub-command: crypto
+    p_crypto = subparsers.add_parser(
+        'crypto',
+        aliases=['cr'],
+        description=f'SCANOSS Crypto commands: {__version__}',
+        help='Crypto support commands',
+    )
+    crypto_sub = p_crypto.add_subparsers(
+        title='Crypto Commands',
+        dest='subparsercmd',
+        description='crypto sub-commands',
+        help='crypto sub-commands',
+    )
+    # GetAlgorithms and GetAlgorithmsInRange gRPC APIs
+    p_crypto_algorithms = crypto_sub.add_parser(
+        'algorithms',
+        aliases=['alg'],
+        description=f'Show Cryptographic algorithms: {__version__}',
+        help='Retrieve cryptographic algorithms for the given components',
+    )
+    p_crypto_algorithms.add_argument(
+        '--with-range',
+        action='store_true',
+        help='Returns the list of versions in the specified range that contains cryptographic algorithms',
+    )
+    p_crypto_algorithms.set_defaults(func=crypto_algorithms)
+    # GetEncryptionHints and GetHintsInRange gRPC APIs
+    p_crypto_hints = crypto_sub.add_parser(
+        'hints',
+        description=f'Show Encryption hints: {__version__}',
+        help='Retrieve encryption hints for the given components',
+    )
+    p_crypto_hints.add_argument(
+        '--with-range',
+        action='store_true',
+        help='Returns the list of versions in the specified range that contains encryption hints',
+    )
+    p_crypto_hints.set_defaults(func=crypto_hints)
+    p_crypto_versions_in_range = crypto_sub.add_parser(
+        'versions-in-range',
+        aliases=['vr'],
+        description=f'Show versions in range: {__version__}',
+        help="Given a list of PURLS and version ranges, get a list of versions that do/don't contain crypto algorithms",
+    )
+    p_crypto_versions_in_range.set_defaults(func=crypto_versions_in_range)
     # Common purl Component sub-command options
-    for p in [c_crypto, c_vulns, c_semgrep, c_provenance]:
+    for p in [c_vulns, c_semgrep, c_provenance, p_crypto_algorithms, p_crypto_hints, p_crypto_versions_in_range]:
         p.add_argument('--purl', '-p', type=str, nargs='*', help='Package URL - PURL to process.')
         p.add_argument('--input', '-i', type=str, help='Input file name')
     # Common Component sub-command options
-    for p in [c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance]:
+    for p in [
+        c_vulns,
+        c_search,
+        c_versions,
+        c_semgrep,
+        c_provenance,
+        p_crypto_algorithms,
+        p_crypto_hints,
+        p_crypto_versions_in_range,
+    ]:
         p.add_argument(
             '--timeout',
             '-M',
             type=int,
-            default=600,
+            default=DEFAULT_API_TIMEOUT,
             help='Timeout (in seconds) for API communication (optional - default 600)',
         )
@@ -588,7 +639,6 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p_dep,
         p_fc,
         p_cnv,
-        c_crypto,
         c_vulns,
         c_search,
         c_versions,
@@ -597,6 +647,9 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p_c_dwnld,
         p_folder_scan,
         p_folder_hash,
+        p_crypto_algorithms,
+        p_crypto_hints,
+        p_crypto_versions_in_range,
     ]:
         p.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
@@ -674,7 +727,6 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     # Global Scan/GRPC options
     for p in [
         p_scan,
-        c_crypto,
         c_vulns,
         c_search,
         c_versions,
@@ -682,6 +734,9 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         c_provenance,
         p_folder_scan,
         p_cs,
+        p_crypto_algorithms,
+        p_crypto_hints,
+        p_crypto_versions_in_range,
     ]:
         p.add_argument(
             '--key', '-k', type=str, help='SCANOSS API Key token (optional - not required for default OSSKB URL)'
@@ -708,7 +763,19 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         )
     # Global GRPC options
-    for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep, c_provenance, p_folder_scan, p_cs]:
+    for p in [
+        p_scan,
+        c_vulns,
+        c_search,
+        c_versions,
+        c_semgrep,
+        c_provenance,
+        p_folder_scan,
+        p_cs,
+        p_crypto_algorithms,
+        p_crypto_hints,
+        p_crypto_versions_in_range,
+    ]:
         p.add_argument(
             '--api2url', type=str, help='SCANOSS gRPC API 2.0 URL (optional - default: https://api.osskb.org)'
         )
@@ -751,7 +818,6 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p_c_loc,
         p_c_dwnld,
         p_p_proxy,
-        c_crypto,
         c_vulns,
         c_search,
         c_versions,
@@ -763,6 +829,9 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p_folder_scan,
         p_folder_hash,
         p_cs,
+        p_crypto_algorithms,
+        p_crypto_hints,
+        p_crypto_versions_in_range,
     ]:
         p.add_argument('--debug', '-d', action='store_true', help='Enable debug messages')
         p.add_argument('--trace', '-t', action='store_true', help='Enable trace messages, including API posts')
@@ -775,7 +844,9 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
     if not args.subparser:
         parser.print_help()  # No sub command subcommand, print general help
         sys.exit(1)
-    elif (args.subparser in ('utils', 'ut', 'component', 'comp', 'inspect', 'insp', 'ins')) and not args.subparsercmd:
+    elif (
+        args.subparser in ('utils', 'ut', 'component', 'comp', 'inspect', 'insp', 'ins', 'crypto', 'cr')
+    ) and not args.subparsercmd:
         parser.parse_args([args.subparser, '--help'])  # Force utils helps to be displayed
         sys.exit(1)
     args.func(parser, args)  # Execute the function associated with the sub-command
@@ -1393,9 +1464,9 @@ def get_pac_file(pac: str):
     return pac_file
-def comp_crypto(parser, args):
+def crypto_algorithms(parser, args):
     """
-    Run the "component crypto" sub-command
+    Run the "crypto algorithms" sub-command
     Parameters
     ----------
         parser: ArgumentParser
@@ -1410,22 +1481,112 @@ def comp_crypto(parser, args):
     if args.ca_cert and not os.path.exists(args.ca_cert):
         print_stderr(f'Error: Certificate file does not exist: {args.ca_cert}.')
         sys.exit(1)
-    pac_file = get_pac_file(args.pac)
-    comps = Components(
-        debug=args.debug,
-        trace=args.trace,
-        quiet=args.quiet,
-        grpc_url=args.api2url,
-        api_key=args.key,
-        ca_cert=args.ca_cert,
-        proxy=args.proxy,
-        grpc_proxy=args.grpc_proxy,
-        pac=pac_file,
-        timeout=args.timeout,
-        req_headers=process_req_headers(args.header),
-    )
-    if not comps.get_crypto_details(args.input, args.purl, args.output):
+    try:
+        config = create_cryptography_config_from_args(args)
+        grpc_config = create_grpc_config_from_args(args)
+        if args.pac:
+            grpc_config.pac = get_pac_file(args.pac)
+        if args.header:
+            grpc_config.req_headers = process_req_headers(args.header)
+        client = ScanossGrpc(**asdict(grpc_config))
+        cryptography = Cryptography(config=config, client=client)
+        cryptography.get_algorithms()
+        cryptography.present(output_file=args.output)
+    except ScanossGrpcError as e:
+        print_stderr(f'API ERROR: {e}')
+        sys.exit(1)
+    except Exception as e:
+        if args.debug:
+            import traceback
+            traceback.print_exc()
+        print_stderr(f'ERROR: {e}')
+        sys.exit(1)
+def crypto_hints(parser, args):
+    """
+    Run the "crypto hints" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if (not args.purl and not args.input) or (args.purl and args.input):
+        print_stderr('Please specify an input file or purl to decorate (--purl or --input)')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        sys.exit(1)
+    if args.ca_cert and not os.path.exists(args.ca_cert):
+        print_stderr(f'Error: Certificate file does not exist: {args.ca_cert}.')
+        sys.exit(1)
+    try:
+        config = create_cryptography_config_from_args(args)
+        grpc_config = create_grpc_config_from_args(args)
+        if args.pac:
+            grpc_config.pac = get_pac_file(args.pac)
+        if args.header:
+            grpc_config.req_headers = process_req_headers(args.header)
+        client = ScanossGrpc(**asdict(grpc_config))
+        cryptography = Cryptography(config=config, client=client)
+        cryptography.get_encryption_hints()
+        cryptography.present(output_file=args.output)
+    except ScanossGrpcError as e:
+        print_stderr(f'API ERROR: {e}')
+        sys.exit(1)
+    except Exception as e:
+        if args.debug:
+            import traceback
+            traceback.print_exc()
+        print_stderr(f'ERROR: {e}')
+        sys.exit(1)
+def crypto_versions_in_range(parser, args):
+    """
+    Run the "crypto versions-in-range" sub-command
+    Parameters
+    ----------
+        parser: ArgumentParser
+            command line parser object
+        args: Namespace
+            Parsed arguments
+    """
+    if (not args.purl and not args.input) or (args.purl and args.input):
+        print_stderr('Please specify an input file or purl to decorate (--purl or --input)')
+        parser.parse_args([args.subparser, args.subparsercmd, '-h'])
+        sys.exit(1)
+    if args.ca_cert and not os.path.exists(args.ca_cert):
+        print_stderr(f'Error: Certificate file does not exist: {args.ca_cert}.')
+        sys.exit(1)
+    try:
+        config = create_cryptography_config_from_args(args)
+        grpc_config = create_grpc_config_from_args(args)
+        if args.pac:
+            grpc_config.pac = get_pac_file(args.pac)
+        if args.header:
+            grpc_config.req_headers = process_req_headers(args.header)
+        client = ScanossGrpc(**asdict(grpc_config))
+        cryptography = Cryptography(config=config, client=client)
+        cryptography.get_versions_in_range()
+        cryptography.present(output_file=args.output)
+    except ScanossGrpcError as e:
+        print_stderr(f'API ERROR: {e}')
+        sys.exit(1)
+    except Exception as e:
+        if args.debug:
+            import traceback
+            traceback.print_exc()
+        print_stderr(f'ERROR: {e}')
         sys.exit(1)

{scanoss-1.23.0 → scanoss-1.25.0}/src/scanoss/constants.py RENAMED Viewed

@@ -10,3 +10,5 @@ DEFAULT_NB_THREADS = 5
 DEFAULT_URL = 'https://api.osskb.org'  # default free service URL
 DEFAULT_URL2 = 'https://api.scanoss.com'  # default premium service URL
+DEFAULT_API_TIMEOUT = 600

scanoss-1.25.0/src/scanoss/cryptography.py ADDED Viewed

@@ -0,0 +1,274 @@
+import json
+from dataclasses import dataclass
+from typing import Dict, List, Optional
+from scanoss.scanossbase import ScanossBase
+from scanoss.scanossgrpc import ScanossGrpc
+from scanoss.utils.abstract_presenter import AbstractPresenter
+from scanoss.utils.file import validate_json_file
+class ScanossCryptographyError(Exception):
+    pass
+MIN_SPLIT_PARTS = 2
+@dataclass
+class CryptographyConfig:
+    purl: List[str]
+    input_file: Optional[str] = None
+    output_file: Optional[str] = None
+    header: Optional[str] = None
+    debug: bool = False
+    trace: bool = False
+    quiet: bool = False
+    with_range: bool = False
+    def __post_init__(self):
+        """
+        Validate that the configuration is valid.
+        """
+        if self.purl:
+            if self.with_range:
+                for purl in self.purl:
+                    parts = purl.split('@')
+                    if not (len(parts) >= MIN_SPLIT_PARTS and parts[1]):
+                        raise ScanossCryptographyError(
+                            f'Invalid PURL format: "{purl}".' f'It must include a version (e.g., pkg:type/name@version)'
+                        )
+        if self.input_file:
+            input_file_validation = validate_json_file(self.input_file)
+            if not input_file_validation.is_valid:
+                raise ScanossCryptographyError(
+                    f'There was a problem with the purl input file. {input_file_validation.error}'
+                )
+            if (
+                not isinstance(input_file_validation.data, dict)
+                or 'purls' not in input_file_validation.data
+                or not isinstance(input_file_validation.data['purls'], list)
+                or not all(isinstance(p, dict) and 'purl' in p for p in input_file_validation.data['purls'])
+            ):
+                raise ScanossCryptographyError('The supplied input file is not in the correct PurlRequest format.')
+            purls = input_file_validation.data['purls']
+            purls_with_requirement = []
+            if self.with_range:
+                if any('requirement' not in p for p in purls):
+                    raise ScanossCryptographyError(
+                        f'One or more PURLs in "{self.input_file}" are missing the "requirement" field.'
+                    )
+                else:
+                    for purl in purls:
+                        purls_with_requirement.append(f'{purl["purl"]}@{purl["requirement"]}')
+            else:
+                purls_with_requirement = purls
+            self.purl = purls_with_requirement
+def create_cryptography_config_from_args(args) -> CryptographyConfig:
+    return CryptographyConfig(
+        debug=getattr(args, 'debug', False),
+        trace=getattr(args, 'trace', False),
+        quiet=getattr(args, 'quiet', False),
+        with_range=getattr(args, 'with_range', False),
+        purl=getattr(args, 'purl', []),
+        input_file=getattr(args, 'input', None),
+        output_file=getattr(args, 'output', None),
+        header=getattr(args, 'header', None),
+    )
+class Cryptography:
+    """
+    Cryptography Class
+    This class is used to decorate purls with cryptography information.
+    """
+    def __init__(
+        self,
+        config: CryptographyConfig,
+        client: ScanossGrpc,
+    ):
+        """
+        Initialize the Cryptography.
+        Args:
+            config (CryptographyConfig): Configuration parameters for the cryptography.
+            client (ScanossGrpc): gRPC client for communicating with the scanning service.
+        """
+        self.base = ScanossBase(
+            debug=config.debug,
+            trace=config.trace,
+            quiet=config.quiet,
+        )
+        self.presenter = CryptographyPresenter(
+            self,
+            debug=config.debug,
+            trace=config.trace,
+            quiet=config.quiet,
+        )
+        self.client = client
+        self.config = config
+        self.purls_request = self._build_purls_request()
+        self.results = None
+    def get_algorithms(self) -> Optional[Dict]:
+        """
+        Get the cryptographic algorithms for the provided purl or input file.
+        Returns:
+            Optional[Dict]: The folder hash response from the gRPC client, or None if an error occurs.
+        """
+        if not self.purls_request:
+            raise ScanossCryptographyError('No PURLs supplied. Provide --purl or --input.')
+        self.base.print_stderr(
+            f'Getting cryptographic algorithms for {", ".join([p["purl"] for p in self.purls_request["purls"]])}'
+        )
+        if self.config.with_range:
+            response = self.client.get_crypto_algorithms_in_range_for_purl(self.purls_request)
+        else:
+            response = self.client.get_crypto_algorithms_for_purl(self.purls_request)
+        if response:
+            self.results = response
+        return self.results
+    def get_encryption_hints(self) -> Optional[Dict]:
+        """
+        Get the encryption hints for the provided purl or input file.
+        Returns:
+            Optional[Dict]: The encryption hints response from the gRPC client, or None if an error occurs.
+        """
+        if not self.purls_request:
+            raise ScanossCryptographyError('No PURLs supplied. Provide --purl or --input.')
+        self.base.print_stderr(
+            f'Getting encryption hints '
+            f'{"in range" if self.config.with_range else ""} '
+            f'for {", ".join([p["purl"] for p in self.purls_request["purls"]])}'
+        )
+        if self.config.with_range:
+            response = self.client.get_encryption_hints_in_range_for_purl(self.purls_request)
+        else:
+            response = self.client.get_encryption_hints_for_purl(self.purls_request)
+        if response:
+            self.results = response
+        return self.results
+    def get_versions_in_range(self) -> Optional[Dict]:
+        """
+        Given a list of PURLS and version ranges, get a list of versions that do/do not contain cryptographic algorithms
+        Returns:
+            Optional[Dict]: The versions in range response from the gRPC client, or None if an error occurs.
+        """
+        if not self.purls_request:
+            raise ScanossCryptographyError('No PURLs supplied. Provide --purl or --input.')
+        self.base.print_stderr(
+            f'Getting versions in range for {", ".join([p["purl"] for p in self.purls_request["purls"]])}'
+        )
+        response = self.client.get_versions_in_range_for_purl(self.purls_request)
+        if response:
+            self.results = response
+        return self.results
+    def _build_purls_request(
+        self,
+    ) -> Optional[dict]:
+        """
+        Load the specified purls from a JSON file or a list of PURLs and return a dictionary
+        Args:
+            json_file (Optional[str], optional): The JSON file containing the PURLs. Defaults to None.
+            purls (Optional[List[str]], optional): The list of PURLs. Defaults to None.
+        Returns:
+            Optional[dict]: The dictionary containing the PURLs
+        """
+        return {
+            'purls': [
+                {
+                    'purl': p,
+                    'requirement': self._extract_version_from_purl(p),
+                }
+                for p in self.config.purl
+            ]
+        }
+    def _extract_version_from_purl(self, purl: str) -> str:
+        """
+        Extract version from purl
+        Args:
+            purl (str): The purl string to extract the version from
+        Returns:
+            str: The extracted version
+        Raises:
+            ScanossCryptographyError: If the purl is not in the correct format
+        """
+        try:
+            return purl.split('@')[-1]
+        except IndexError:
+            raise ScanossCryptographyError(f'Invalid purl format: {purl}')
+    def present(
+        self,
+        output_format: Optional[str] = None,
+        output_file: Optional[str] = None,
+    ):
+        """Present the results in the selected format"""
+        self.presenter.present(output_format=output_format, output_file=output_file)
+class CryptographyPresenter(AbstractPresenter):
+    """
+    Cryptography presenter class
+    Handles the presentation of the cryptography results
+    """
+    def __init__(self, cryptography: Cryptography, **kwargs):
+        super().__init__(**kwargs)
+        self.cryptography = cryptography
+    def _format_json_output(self) -> str:
+        """
+        Format the scan output data into a JSON object
+        Returns:
+            str: The formatted JSON string
+        """
+        return json.dumps(self.cryptography.results, indent=2)
+    def _format_plain_output(self) -> str:
+        """
+        Format the scan output data into a plain text string
+        """
+        return (
+            json.dumps(self.cryptography.results, indent=2)
+            if isinstance(self.cryptography.results, dict)
+            else str(self.cryptography.results)
+        )
+    def _format_cyclonedx_output(self) -> str:
+        raise NotImplementedError('CycloneDX output is not implemented')
+    def _format_spdxlite_output(self) -> str:
+        raise NotImplementedError('SPDXlite output is not implemented')
+    def _format_csv_output(self) -> str:
+        raise NotImplementedError('CSV output is not implemented')
+    def _format_raw_output(self) -> str:
+        raise NotImplementedError('Raw output is not implemented')

scanoss-1.25.0/src/scanoss/data/build_date.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ date: 20250610161304, utime: 1749571984

scanoss 1.23.0__tar.gz → 1.25.0__tar.gz

scanoss 1.23.0tar.gz → 1.25.0tar.gz