PyPI - scanoss - Versions diffs - 1.25.0__py3-none-any.whl → 1.25.2__py3-none-any.whl - Mend

scanoss 1.25.0py3-none-any.whl → 1.25.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

scanoss/__init__.py CHANGED Viewed

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
-__version__ = '1.25.0'
+__version__ = '1.25.2'

scanoss/data/build_date.txt CHANGED Viewed

	@@ -1 +1 @@
1	- date: ~~20250610161304~~, utime: ~~1749571984~~
1	+ date: 20250618150502, utime: 1750259102

scanoss/inspection/copyleft.py CHANGED Viewed

@@ -23,7 +23,8 @@ SPDX-License-Identifier: MIT
 """
 import json
-from typing import Dict, Any
+from typing import Any, Dict
 from .policy_check import PolicyCheck, PolicyStatus
@@ -33,7 +34,7 @@ class Copyleft(PolicyCheck):
     Inspects components for copyleft licenses
     """
-    def __init__(
+    def __init__( # noqa: PLR0913
         self,
         debug: bool = False,
         trace: bool = True,
@@ -158,6 +159,26 @@ class Copyleft(PolicyCheck):
         self.print_debug(f'Copyleft components: {filtered_components}')
         return filtered_components
+    def _get_components(self):
+        """
+        Extract and process components from results and their dependencies.
+        This method performs the following steps:
+        1. Validates that `self.results` is loaded. Returns `None` if not.
+        2. Extracts file, snippet, and dependency components into a dictionary.
+        3. Converts components to a list and processes their licenses.
+        :return: A list of processed components with license data, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+        components: dict = {}
+        # Extract component and license data from file and dependency results. Both helpers mutate `components`
+        self._get_components_data(self.results, components)
+        self._get_dependencies_data(self.results, components)
+        return self._convert_components_to_list(components)
     def run(self):
         """
         Run the copyleft license inspection process.

scanoss/inspection/policy_check.py CHANGED Viewed

@@ -166,6 +166,30 @@ class PolicyCheck(ScanossBase):
         """
         pass
+    @abstractmethod
+    def _get_components(self):
+        """
+        Retrieve and process components from the preloaded results.
+        This method performs the following steps:
+        1. Checks if the results have been previously loaded (self.results).
+        2. Extracts and processes components from the loaded results.
+        :return: A list of processed components, or None if an error occurred during any step.
+        Possible reasons for returning None include:
+        - Results not loaded (self.results is None)
+        - Failure to extract components from the results
+        Note:
+        - This method assumes that the results have been previously loaded and stored in self.results.
+        - Implementations must extract components (e.g. via `_get_components_data`,
+          `_get_dependencies_data`, or other helpers).
+        - If `self.results` is `None`, simply return `None`.
+        """
+    pass
     def _append_component(
         self, components: Dict[str, Any], new_component: Dict[str, Any], id: str, status: str
     ) -> Dict[str, Any]:
@@ -188,6 +212,10 @@ class PolicyCheck(ScanossBase):
         else:
             purl = new_component['purl']
+        if not purl:
+            self.print_debug(f'WARNING: _append_component: No purl found for new component: {new_component}')
+            return components
         component_key = f'{purl}@{new_component["version"]}'
         components[component_key] = {
             'purl': purl,
@@ -198,14 +226,21 @@ class PolicyCheck(ScanossBase):
         if not new_component.get('licenses'):
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return components
+        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
         # Process licenses for this component
-        for license_item in new_component['licenses']:
+        for license_item in licenses_order_by_source_priority:
             if license_item.get('name'):
                 spdxid = license_item['name']
+                source = license_item.get('source')
+                if not source:
+                    source = 'unknown'
                 components[component_key]['licenses'][spdxid] = {
                     'spdxid': spdxid,
                     'copyleft': self.license_util.is_copyleft(spdxid),
                     'url': self.license_util.get_spdx_url(spdxid),
+                    'source': source,
                 }
         return components
@@ -223,6 +258,9 @@ class PolicyCheck(ScanossBase):
                 if not component_id:
                     self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
                     continue
+                ## Skip dependency
+                if component_id == ComponentID.DEPENDENCY.value:
+                    continue
                 status = c.get('status')
                 if not status:
                     self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
@@ -234,10 +272,12 @@ class PolicyCheck(ScanossBase):
                     if len(c.get('purl')) <= 0:
                         self.print_debug(f'WARNING: Result missing purls. Skipping: {c}')
                         continue
-                    if not c.get('version'):
-                        self.print_msg(f'WARNING: Result missing version. Skipping: {c}')
-                        continue
-                    component_key = f'{c["purl"][0]}@{c["version"]}'
+                    version = c.get('version')
+                    if not version:
+                        self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
+                        version = 'unknown'
+                        c['version'] = version #If no version exists. Set 'unknown' version to current component
+                    component_key = f'{c["purl"][0]}@{version}'
                     if component_key not in components:
                         components = self._append_component(components, c, component_id, status)
             # End component loop
@@ -269,10 +309,12 @@ class PolicyCheck(ScanossBase):
                         if not dependency.get('purl'):
                             self.print_debug(f'WARNING: Dependency result missing purl. Skipping: {dependency}')
                             continue
-                        if not dependency.get('version'):
-                            self.print_msg(f'WARNING: Dependency result missing version. Skipping: {dependency}')
-                            continue
-                        component_key = f'{dependency["purl"]}@{dependency["version"]}'
+                        version = c.get('version')
+                        if not version:
+                            self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
+                            version = 'unknown'
+                            c['version'] = version  # If no version exists. Set 'unknown' version to current component
+                        component_key = f'{dependency["purl"]}@{version}'
                         if component_key not in components:
                             components = self._append_component(components, dependency, component_id, status)
                     # End dependency loop
@@ -280,33 +322,6 @@ class PolicyCheck(ScanossBase):
         # End of result loop
         return components
-    def _get_components_from_results(self, results: Dict[str, Any]) -> list or None:
-        """
-        Process the results dictionary to extract and format component information.
-        This function iterates through the results dictionary, identifying components from
-        different sources (files, snippets, and dependencies). It consolidates this information
-        into a list of unique components, each with its associated licenses and other details.
-        :param results: A dictionary containing the raw results of a component scan
-        :return: A list of dictionaries, each representing a unique component with its details
-        """
-        if results is None:
-            self.print_stderr('ERROR: Results cannot be empty')
-            return None
-        components = {}
-        # Extract file and snippet components
-        components = self._get_components_data(results, components)
-        # Extract dependency components
-        components = self._get_dependencies_data(results, components)
-        # Convert to list and process licenses
-        results_list = list(components.values())
-        for component in results_list:
-            component['licenses'] = list(component['licenses'].values())
-        return results_list
     def generate_table(self, headers, rows, centered_columns=None):
         """
         Generate a Markdown table.
@@ -411,28 +426,60 @@ class PolicyCheck(ScanossBase):
                 self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
         return None
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
+    def _convert_components_to_list(self, components: dict):
+        if components is None:
+            self.print_debug(f'WARNING: Components is empty {self.results}')
+            return None
+        results_list = list(components.values())
+        for component in results_list:
+            licenses = component.get('licenses')
+            if licenses is not None:
+                component['licenses'] = list(licenses.values())
+            else:
+                self.print_debug(f'WARNING: Licenses missing for: {component}')
+                component['licenses'] = []
+        return results_list
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
+    def _get_licenses_order_by_source_priority(self,licenses_data):
+        """
+        Select licenses based on source priority:
+        1. component_declared (highest priority)
+        2. license_file
+        3. file_header
+        4. scancode (lowest priority)
-        :return: A list of processed components, or None if an error occurred during any step.
-                 Possible reasons for returning None include:
-                 - Results not loaded (self.results is None)
-                 - Failure to extract components from the results
+        If any high-priority source is found, return only licenses from that source.
+        If none found, return all licenses.
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - If results is None, the method returns None without performing any further operations.
-        - The actual processing of components is delegated to the _get_components_from_results method.
+        Returns: list with ordered licenses by source.
         """
-        if self.results is None:
-            return None
-        components = self._get_components_from_results(self.results)
-        return components
+        # Define priority order (highest to lowest)
+        priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
+        # Group licenses by source
+        licenses_by_source = {}
+        for license_item in licenses_data:
+            source = license_item.get('source', 'unknown')
+            if source not in licenses_by_source:
+                licenses_by_source[source] = {}
+            license_name = license_item.get('name')
+            if license_name:
+                # Use license name as key, store full license object as value
+                # If duplicate license names exist in same source, the last one wins
+                licenses_by_source[source][license_name] = license_item
+        # Find the highest priority source that has licenses
+        for priority_source in priority_sources:
+            if priority_source in licenses_by_source:
+                self.print_trace(f'Choosing {priority_source} as source')
+                return list(licenses_by_source[priority_source].values())
+        # If no priority sources found, combine all licenses into a single list
+        self.print_debug("No priority sources found, returning all licenses as list")
+        return licenses_data
 #
 # End of PolicyCheck Class

scanoss/inspection/undeclared_component.py CHANGED Viewed

@@ -23,7 +23,8 @@ SPDX-License-Identifier: MIT
 """
 import json
-from typing import Dict, Any
+from typing import Any, Dict
 from .policy_check import PolicyCheck, PolicyStatus
@@ -33,7 +34,7 @@ class UndeclaredComponent(PolicyCheck):
     Inspects for undeclared components
     """
-    def __init__(
+    def __init__( # noqa: PLR0913
         self,
         debug: bool = False,
         trace: bool = True,
@@ -73,7 +74,7 @@ class UndeclaredComponent(PolicyCheck):
         :return: List of undeclared components
         """
         if components is None:
-            self.print_debug(f'WARNING: No components provided!')
+            self.print_debug('WARNING: No components provided!')
             return None
         undeclared_components = []
         for component in components:
@@ -87,25 +88,35 @@ class UndeclaredComponent(PolicyCheck):
         """
         Get a summary of the undeclared components.
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+        """
+        Get a summary of the undeclared components.
         :param components: List of all components
         :return: Component summary markdown
         """
         if len(components) > 0:
+            json_content = json.dumps(self._generate_scanoss_file(components), indent=2)
             if self.sbom_format == 'settings':
-                json_str = (
-                    json.dumps(self._generate_scanoss_file(components), indent=2)
-                    .replace('\n', '\\n')
-                    .replace('"', '\\"')
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `scanoss.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
                 )
-                return f'{len(components)} undeclared component(s) were found.\nAdd the following snippet into your `scanoss.json` file\n{{code:json}}\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n{{code}}\n'
             else:
-                json_str = (
-                    json.dumps(self._generate_scanoss_file(components), indent=2)
-                    .replace('\n', '\\n')
-                    .replace('"', '\\"')
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `sbom.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
                 )
-                return f'{len(components)} undeclared component(s) were found.\nAdd the following snippet into your `sbom.json` file\n{{code:json}}\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n{{code}}\n'
         return f'{len(components)} undeclared component(s) were found.\\n'
     def _get_summary(self, components: list) -> str:
@@ -190,7 +201,7 @@ class UndeclaredComponent(PolicyCheck):
         """
         unique_components = {}
         if components is None:
-            self.print_stderr(f'WARNING: No components provided!')
+            self.print_stderr('WARNING: No components provided!')
             return []
         for component in components:
@@ -225,6 +236,26 @@ class UndeclaredComponent(PolicyCheck):
         return sbom
+    def _get_components(self):
+        """
+        Extract and process components from file results only.
+        This method performs the following steps:
+        1. Validates if `self.results` is loaded. Returns `None` if not loaded.
+        2. Extracts file and snippet components into a dictionary.
+        3. Converts the components dictionary into a list of components.
+        4. Processes the licenses for each component by converting them into a list.
+        :return: A list of processed components with their licenses, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+        components: dict = {}
+        # Extract file and snippet components
+        components = self._get_components_data(self.results, components)
+        # Convert to list and process licenses
+        return self._convert_components_to_list(components)
     def run(self):
         """
         Run the undeclared component inspection process.

{scanoss-1.25.0.dist-info → scanoss-1.25.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.25.0
+Version: 1.25.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.25.0.dist-info → scanoss-1.25.2.dist-info}/RECORD RENAMED Viewed

@@ -4,7 +4,7 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=T3J1XVw8Hyutct8ClOLn1tqQ_NnHlMfxUSVYfLSuVJg,1146
+scanoss/__init__.py,sha256=9K1SKldg4taEpZ7t4H-Z45hI8SIqMlSmjp6TFz3Km2w,1146
 scanoss/cli.py,sha256=SAB0xuHjEEw20YtYAPSZwrQaVf4JUsm8NRcVArMzd4U,69099
 scanoss/components.py,sha256=b0R9DdKuXqyQiw5nZZwjQ6NJXBr1U9gyx1RI2FP9ozA,14511
 scanoss/constants.py,sha256=FWCZG8gQputKwV7XwvW1GuwDXL4wDLQyVRGdwygg578,320
@@ -57,14 +57,14 @@ scanoss/api/vulnerabilities/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSC
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSCHhIDMJT4r0,1122
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=3dG3QmOR7re5yDaUAaCa2noLbeaUxqlhd4ZYGn2-eo0,40
+scanoss/data/build_date.txt,sha256=3-u7TU-KPaW2lJLuHTSTYQJlq8aqKlVQv7MRd_B-xvQ,40
 scanoss/data/scanoss-settings-schema.json,sha256=ClkRYAkjAN0Sk704G8BE_Ok006oQ6YnIGmX84CF8h9w,8798
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
 scanoss/inspection/__init__.py,sha256=0hjb5ktavp7utJzFhGMPImPaZiHWgilM2HwvTp5lXJE,1122
-scanoss/inspection/copyleft.py,sha256=VynluuCUVxR7uQUz026sp4_yE0Eh3dwpPK0YJ6FNFFw,7579
-scanoss/inspection/policy_check.py,sha256=wUUQD2WTBibjf3MOPXKOmB8jFGIX0cd1K3flU0pjTjc,17295
-scanoss/inspection/undeclared_component.py,sha256=0YEiWQ4Q1xu7j4YHLPsS3b5Mf9fplHJdHRXgUoQyF2w,10102
+scanoss/inspection/copyleft.py,sha256=MqkixiGnOs7IEfhSmX5zRkJmmouHc76q8LP2Rqdu4AQ,8495
+scanoss/inspection/policy_check.py,sha256=k8v7ei3oZBERt4l8S3AWEVn-qA2TsGkfYJT_i21M0s4,19076
+scanoss/inspection/undeclared_component.py,sha256=my-KPEeFx7P2VG2dsYm5-7y83DDMGzf0MnBQdPExIHk,11026
 scanoss/inspection/utils/license_utils.py,sha256=Zb6QLmVJb86lKCwZyBsmwakyAtY1SXa54kUyyKmWMqA,5093
 scanoss/scanners/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
 scanoss/scanners/container_scanner.py,sha256=leP4roes6B9B95F49mJ0P_F8WcKCQkvJgk9azWyJrjg,16294
@@ -76,9 +76,9 @@ scanoss/utils/abstract_presenter.py,sha256=teiDTxBj5jBMCk2T8i4l1BJPf_u4zBLWrtCTF
 scanoss/utils/crc64.py,sha256=TMrwQimSdE6imhFOUL7oAG6Kxu-8qMpGWMuMg8QpSVs,3169
 scanoss/utils/file.py,sha256=62cA9a17TU9ZvfA3FY5HY4-QOajJeSrc8S6xLA_f-3M,2980
 scanoss/utils/simhash.py,sha256=6iu8DOcecPAY36SZjCOzrrLMT9oIE7-gI6QuYwUQ7B0,5793
-scanoss-1.25.0.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.25.0.dist-info/METADATA,sha256=mvajvjxQSlBpII6nFUq44pp7-Kedgf9hXGblfCjqjWU,6060
-scanoss-1.25.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scanoss-1.25.0.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.25.0.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.25.0.dist-info/RECORD,,
+scanoss-1.25.2.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.25.2.dist-info/METADATA,sha256=tLuNgHCCKBeUfqk0EWRkr5iv35GBIybi0nMBSBi1huw,6060
+scanoss-1.25.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scanoss-1.25.2.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.25.2.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.25.2.dist-info/RECORD,,

{scanoss-1.25.0.dist-info → scanoss-1.25.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{scanoss-1.25.0.dist-info → scanoss-1.25.2.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{scanoss-1.25.0.dist-info → scanoss-1.25.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{scanoss-1.25.0.dist-info → scanoss-1.25.2.dist-info}/top_level.txt RENAMED Viewed

File without changes

scanoss 1.25.0__py3-none-any.whl → 1.25.2__py3-none-any.whl

scanoss 1.25.0py3-none-any.whl → 1.25.2py3-none-any.whl