scanoss 1.25.0__tar.gz → 1.25.2__tar.gz

{scanoss-1.25.0/src/scanoss.egg-info → scanoss-1.25.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.25.0
+Version: 1.25.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.25.0 → scanoss-1.25.2}/src/scanoss/__init__.py

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-__version__ = '1.25.0'
+__version__ = '1.25.2'

scanoss-1.25.2/src/scanoss/data/build_date.txt

@@ -0,0 +1 @@
+date: 20250618150502, utime: 1750259102

{scanoss-1.25.0 → scanoss-1.25.2}/src/scanoss/inspection/copyleft.py

@@ -23,7 +23,8 @@ SPDX-License-Identifier: MIT
 """
 
 import json
-from typing import Dict, Any
+from typing import Any, Dict
+
 from .policy_check import PolicyCheck, PolicyStatus
 
 
@@ -33,7 +34,7 @@ class Copyleft(PolicyCheck):
     Inspects components for copyleft licenses
     """
 
-    def __init__(
+    def __init__( # noqa: PLR0913
         self,
         debug: bool = False,
         trace: bool = True,
@@ -158,6 +159,26 @@ class Copyleft(PolicyCheck):
         self.print_debug(f'Copyleft components: {filtered_components}')
         return filtered_components
 
+    def _get_components(self):
+        """
+        Extract and process components from results and their dependencies.
+
+        This method performs the following steps:
+        1. Validates that `self.results` is loaded. Returns `None` if not.
+        2. Extracts file, snippet, and dependency components into a dictionary.
+        3. Converts components to a list and processes their licenses.
+
+        :return: A list of processed components with license data, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+
+        components: dict = {}
+        # Extract component and license data from file and dependency results. Both helpers mutate `components`
+        self._get_components_data(self.results, components)
+        self._get_dependencies_data(self.results, components)
+        return self._convert_components_to_list(components)
+
     def run(self):
         """
         Run the copyleft license inspection process.

{scanoss-1.25.0 → scanoss-1.25.2}/src/scanoss/inspection/policy_check.py

@@ -166,6 +166,30 @@ class PolicyCheck(ScanossBase):
         """
         pass
 
+    @abstractmethod
+    def _get_components(self):
+        """
+        Retrieve and process components from the preloaded results.
+
+        This method performs the following steps:
+        1. Checks if the results have been previously loaded (self.results).
+        2. Extracts and processes components from the loaded results.
+
+        :return: A list of processed components, or None if an error occurred during any step.
+
+        Possible reasons for returning None include:
+        - Results not loaded (self.results is None)
+        - Failure to extract components from the results
+
+        Note:
+        - This method assumes that the results have been previously loaded and stored in self.results.
+        - Implementations must extract components (e.g. via `_get_components_data`,
+          `_get_dependencies_data`, or other helpers).
+        - If `self.results` is `None`, simply return `None`.
+        """
+    pass
+
+
     def _append_component(
         self, components: Dict[str, Any], new_component: Dict[str, Any], id: str, status: str
     ) -> Dict[str, Any]:
@@ -188,6 +212,10 @@ class PolicyCheck(ScanossBase):
         else:
             purl = new_component['purl']
 
+        if not purl:
+            self.print_debug(f'WARNING: _append_component: No purl found for new component: {new_component}')
+            return components
+
         component_key = f'{purl}@{new_component["version"]}'
         components[component_key] = {
             'purl': purl,
@@ -198,14 +226,21 @@ class PolicyCheck(ScanossBase):
         if not new_component.get('licenses'):
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return components
+
+
+        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
         # Process licenses for this component
-        for license_item in new_component['licenses']:
+        for license_item in licenses_order_by_source_priority:
             if license_item.get('name'):
                 spdxid = license_item['name']
+                source = license_item.get('source')
+                if not source:
+                    source = 'unknown'
                 components[component_key]['licenses'][spdxid] = {
                     'spdxid': spdxid,
                     'copyleft': self.license_util.is_copyleft(spdxid),
                     'url': self.license_util.get_spdx_url(spdxid),
+                    'source': source,
                 }
         return components
 
@@ -223,6 +258,9 @@ class PolicyCheck(ScanossBase):
                 if not component_id:
                     self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
                     continue
+                ## Skip dependency
+                if component_id == ComponentID.DEPENDENCY.value:
+                    continue
                 status = c.get('status')
                 if not status:
                     self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
@@ -234,10 +272,12 @@ class PolicyCheck(ScanossBase):
                     if len(c.get('purl')) <= 0:
                         self.print_debug(f'WARNING: Result missing purls. Skipping: {c}')
                         continue
-                    if not c.get('version'):
-                        self.print_msg(f'WARNING: Result missing version. Skipping: {c}')
-                        continue
-                    component_key = f'{c["purl"][0]}@{c["version"]}'
+                    version = c.get('version')
+                    if not version:
+                        self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
+                        version = 'unknown'
+                        c['version'] = version #If no version exists. Set 'unknown' version to current component
+                    component_key = f'{c["purl"][0]}@{version}'
                     if component_key not in components:
                         components = self._append_component(components, c, component_id, status)
             # End component loop
@@ -269,10 +309,12 @@ class PolicyCheck(ScanossBase):
                         if not dependency.get('purl'):
                             self.print_debug(f'WARNING: Dependency result missing purl. Skipping: {dependency}')
                             continue
-                        if not dependency.get('version'):
-                            self.print_msg(f'WARNING: Dependency result missing version. Skipping: {dependency}')
-                            continue
-                        component_key = f'{dependency["purl"]}@{dependency["version"]}'
+                        version = c.get('version')
+                        if not version:
+                            self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
+                            version = 'unknown'
+                            c['version'] = version  # If no version exists. Set 'unknown' version to current component
+                        component_key = f'{dependency["purl"]}@{version}'
                         if component_key not in components:
                             components = self._append_component(components, dependency, component_id, status)
                     # End dependency loop
@@ -280,33 +322,6 @@ class PolicyCheck(ScanossBase):
         # End of result loop
         return components
 
-    def _get_components_from_results(self, results: Dict[str, Any]) -> list or None:
-        """
-        Process the results dictionary to extract and format component information.
-
-        This function iterates through the results dictionary, identifying components from
-        different sources (files, snippets, and dependencies). It consolidates this information
-        into a list of unique components, each with its associated licenses and other details.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :return: A list of dictionaries, each representing a unique component with its details
-        """
-        if results is None:
-            self.print_stderr('ERROR: Results cannot be empty')
-            return None
-        
-        components = {}
-        # Extract file and snippet components
-        components = self._get_components_data(results, components)
-        # Extract dependency components
-        components = self._get_dependencies_data(results, components)
-        # Convert to list and process licenses
-        results_list = list(components.values())
-        for component in results_list:
-            component['licenses'] = list(component['licenses'].values())
-
-        return results_list
-
     def generate_table(self, headers, rows, centered_columns=None):
         """
         Generate a Markdown table.
@@ -411,28 +426,60 @@ class PolicyCheck(ScanossBase):
                 self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
         return None
 
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
+    def _convert_components_to_list(self, components: dict):
+        if components is None:
+            self.print_debug(f'WARNING: Components is empty {self.results}')
+            return None
+        results_list = list(components.values())
+        for component in results_list:
+            licenses = component.get('licenses')
+            if licenses is not None:
+                component['licenses'] = list(licenses.values())
+            else:
+                self.print_debug(f'WARNING: Licenses missing for: {component}')
+                component['licenses'] = []
+        return results_list
 
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
+    def _get_licenses_order_by_source_priority(self,licenses_data):
+        """
+        Select licenses based on source priority:
+        1. component_declared (highest priority)
+        2. license_file
+        3. file_header
+        4. scancode (lowest priority)
 
-        :return: A list of processed components, or None if an error occurred during any step.
-                 Possible reasons for returning None include:
-                 - Results not loaded (self.results is None)
-                 - Failure to extract components from the results
+        If any high-priority source is found, return only licenses from that source.
+        If none found, return all licenses.
 
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - If results is None, the method returns None without performing any further operations.
-        - The actual processing of components is delegated to the _get_components_from_results method.
+        Returns: list with ordered licenses by source.
         """
-        if self.results is None:
-            return None
-        components = self._get_components_from_results(self.results)
-        return components
+        # Define priority order (highest to lowest)
+        priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
+
+        # Group licenses by source
+        licenses_by_source = {}
+        for license_item in licenses_data:
+
+            source = license_item.get('source', 'unknown')
+            if source not in licenses_by_source:
+                licenses_by_source[source] = {}
+
+            license_name = license_item.get('name')
+            if license_name:
+                # Use license name as key, store full license object as value
+                # If duplicate license names exist in same source, the last one wins
+                licenses_by_source[source][license_name] = license_item
+
+        # Find the highest priority source that has licenses
+        for priority_source in priority_sources:
+            if priority_source in licenses_by_source:
+                self.print_trace(f'Choosing {priority_source} as source')
+                return list(licenses_by_source[priority_source].values())
+
+        # If no priority sources found, combine all licenses into a single list
+        self.print_debug("No priority sources found, returning all licenses as list")
+        return licenses_data
+
 
 #
 # End of PolicyCheck Class

{scanoss-1.25.0 → scanoss-1.25.2}/src/scanoss/inspection/undeclared_component.py

@@ -23,7 +23,8 @@ SPDX-License-Identifier: MIT
 """
 
 import json
-from typing import Dict, Any
+from typing import Any, Dict
+
 from .policy_check import PolicyCheck, PolicyStatus
 
 
@@ -33,7 +34,7 @@ class UndeclaredComponent(PolicyCheck):
     Inspects for undeclared components
     """
 
-    def __init__(
+    def __init__( # noqa: PLR0913
         self,
         debug: bool = False,
         trace: bool = True,
@@ -73,7 +74,7 @@ class UndeclaredComponent(PolicyCheck):
         :return: List of undeclared components
         """
         if components is None:
-            self.print_debug(f'WARNING: No components provided!')
+            self.print_debug('WARNING: No components provided!')
             return None
         undeclared_components = []
         for component in components:
@@ -87,25 +88,35 @@ class UndeclaredComponent(PolicyCheck):
         """
         Get a summary of the undeclared components.
 
+        :param components: List of all components
+        :return: Component summary markdown
+        """
+
+        """
+        Get a summary of the undeclared components.
+
         :param components: List of all components
         :return: Component summary markdown
         """
         if len(components) > 0:
+            json_content = json.dumps(self._generate_scanoss_file(components), indent=2)
+
             if self.sbom_format == 'settings':
-                json_str = (
-                    json.dumps(self._generate_scanoss_file(components), indent=2)
-                    .replace('\n', '\\n')
-                    .replace('"', '\\"')
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `scanoss.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
                 )
-                return f'{len(components)} undeclared component(s) were found.\nAdd the following snippet into your `scanoss.json` file\n{{code:json}}\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n{{code}}\n'
             else:
-                json_str = (
-                    json.dumps(self._generate_scanoss_file(components), indent=2)
-                    .replace('\n', '\\n')
-                    .replace('"', '\\"')
+                return (
+                    f'{len(components)} undeclared component(s) were found.\n'
+                    f'Add the following snippet into your `sbom.json` file\n'
+                    f'{{code:json}}\n'
+                    f'{json_content}\n'
+                    f'{{code}}\n'
                 )
-                return f'{len(components)} undeclared component(s) were found.\nAdd the following snippet into your `sbom.json` file\n{{code:json}}\n{json.dumps(self._generate_scanoss_file(components), indent=2)}\n{{code}}\n'
-
         return f'{len(components)} undeclared component(s) were found.\\n'
 
     def _get_summary(self, components: list) -> str:
@@ -190,7 +201,7 @@ class UndeclaredComponent(PolicyCheck):
         """
         unique_components = {}
         if components is None:
-            self.print_stderr(f'WARNING: No components provided!')
+            self.print_stderr('WARNING: No components provided!')
             return []
 
         for component in components:
@@ -225,6 +236,26 @@ class UndeclaredComponent(PolicyCheck):
 
         return sbom
 
+    def _get_components(self):
+        """
+        Extract and process components from file results only.
+
+        This method performs the following steps:
+        1. Validates if `self.results` is loaded. Returns `None` if not loaded.
+        2. Extracts file and snippet components into a dictionary.
+        3. Converts the components dictionary into a list of components.
+        4. Processes the licenses for each component by converting them into a list.
+
+        :return: A list of processed components with their licenses, or `None` if `self.results` is not set.
+        """
+        if self.results is None:
+            return None
+        components: dict = {}
+        # Extract file and snippet components
+        components = self._get_components_data(self.results, components)
+        # Convert to list and process licenses
+        return self._convert_components_to_list(components)
+
     def run(self):
         """
         Run the undeclared component inspection process.

{scanoss-1.25.0 → scanoss-1.25.2/src/scanoss.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.25.0
+Version: 1.25.2
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.25.0 → scanoss-1.25.2}/tests/test_policy_inspect.py

@@ -114,7 +114,7 @@ class MyTestCase(unittest.TestCase):
         copyleft = Copyleft(filepath=input_file_name, format_type='json', explicit='MIT')
         status, results = copyleft.run()
         details = json.loads(results['details'])
-        self.assertEqual(len(details['components']), 3)
+        self.assertEqual(len(details['components']), 2)
         self.assertEqual(status, 0)
 
     """
@@ -144,11 +144,10 @@ class MyTestCase(unittest.TestCase):
         expected_detail_output = (
             '### Copyleft licenses \n  | Component | Version | License | URL | Copyleft |\n'
             ' | - | :-: | - | - | :-: |\n'
-            '| pkg:github/scanoss/engine | 4.0.4 | MIT | https://spdx.org/licenses/MIT.html | YES | \n'
             ' | pkg:npm/%40electron/rebuild | 3.7.0 | MIT | https://spdx.org/licenses/MIT.html | YES |\n'
             '| pkg:npm/%40emotion/react | 11.13.3 | MIT | https://spdx.org/licenses/MIT.html | YES | \n'
         )
-        expected_summary_output = '3 component(s) with copyleft licenses were found.\n'
+        expected_summary_output = '2 component(s) with copyleft licenses were found.\n'
         self.assertEqual(
             re.sub(r'\s|\\(?!`)|\\(?=`)', '', results['details']),
             re.sub(r'\s|\\(?!`)|\\(?=`)', '', expected_detail_output),
@@ -179,7 +178,7 @@ class MyTestCase(unittest.TestCase):
         status, results = undeclared.run()
         details = json.loads(results['details'])
         summary = results['summary']
-        expected_summary_output = """5 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
         Add the following snippet into your `sbom.json` file 
         ```json 
         {
@@ -189,17 +188,11 @@ class MyTestCase(unittest.TestCase):
                   },
                   {
                     "purl": "pkg:github/scanoss/wfp"
-                  },
-                  {
-                    "purl": "pkg:npm/%40electron/rebuild"
-                  },
-                  {
-                    "purl": "pkg:npm/%40emotion/react"
                   }
             ]
         }```
         """
-        self.assertEqual(len(details['components']), 5)
+        self.assertEqual(len(details['components']), 3)
         self.assertEqual(
             re.sub(r'\s|\\(?!`)|\\(?=`)', '', summary), re.sub(r'\s|\\(?!`)|\\(?=`)', '', expected_summary_output)
         )
@@ -220,13 +213,11 @@ class MyTestCase(unittest.TestCase):
         expected_details_output = """ ### Undeclared components
              | Component | Version | License | 
              | - | - | - | 
-             | pkg:github/scanoss/scanner.c | 1.3.3 | BSD-2-Clause - GPL-2.0-only | 
+             | pkg:github/scanoss/scanner.c | 1.3.3 | GPL-2.0-only | 
              | pkg:github/scanoss/scanner.c | 1.1.4 | GPL-2.0-only | 
-             | pkg:github/scanoss/wfp | 6afc1f6 | Zlib - GPL-2.0-only | 
-             | pkg:npm/%40electron/rebuild | 3.7.0 | MIT | 
-             | pkg:npm/%40emotion/react | 11.13.3 | MIT | """
+             | pkg:github/scanoss/wfp | 6afc1f6 | GPL-2.0-only |  """
 
-        expected_summary_output = """5 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
            Add the following snippet into your `sbom.json` file 
            ```json 
                {
@@ -236,13 +227,7 @@ class MyTestCase(unittest.TestCase):
                   },
                   {
                     "purl": "pkg:github/scanoss/wfp"
-                  },
-                  {
-                    "purl": "pkg:npm/%40electron/rebuild"
-                  },
-                  {
-                    "purl": "pkg:npm/%40emotion/react"
-                  }           
+                  }         
                 ]             
                }```
            """
@@ -271,13 +256,11 @@ class MyTestCase(unittest.TestCase):
         expected_details_output = """ ### Undeclared components
                | Component | Version | License | 
                | - | - | - | 
-               | pkg:github/scanoss/scanner.c | 1.3.3 | BSD-2-Clause - GPL-2.0-only | 
+               | pkg:github/scanoss/scanner.c | 1.3.3 | GPL-2.0-only | 
                | pkg:github/scanoss/scanner.c | 1.1.4 | GPL-2.0-only | 
-               | pkg:github/scanoss/wfp | 6afc1f6 | Zlib - GPL-2.0-only | 
-               | pkg:npm/%40electron/rebuild | 3.7.0 | MIT | 
-               | pkg:npm/%40emotion/react | 11.13.3 | MIT | """
+               | pkg:github/scanoss/wfp | 6afc1f6 | GPL-2.0-only | """
 
-        expected_summary_output = """5 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
             Add the following snippet into your `scanoss.json` file
             
             ```json
@@ -289,12 +272,6 @@ class MyTestCase(unittest.TestCase):
                   },
                   {
                     "purl": "pkg:github/scanoss/wfp"
-                  },
-                  {
-                    "purl": "pkg:npm/%40electron/rebuild"
-                  },
-                  {
-                    "purl": "pkg:npm/%40emotion/react"
                   }
                 ]
               }
@@ -322,7 +299,7 @@ class MyTestCase(unittest.TestCase):
         status, results = undeclared.run()
         details = json.loads(results['details'])
         summary = results['summary']
-        expected_summary_output = """5 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
                 Add the following snippet into your `scanoss.json` file
 
                 ```json
@@ -334,19 +311,13 @@ class MyTestCase(unittest.TestCase):
                       },
                       {
                         "purl": "pkg:github/scanoss/wfp"
-                      },
-                      {
-                        "purl": "pkg:npm/%40electron/rebuild"
-                      },
-                      {
-                        "purl": "pkg:npm/%40emotion/react"
                       }
                     ]
                   }
                 }
                 ```"""
         self.assertEqual(status, 0)
-        self.assertEqual(len(details['components']), 5)
+        self.assertEqual(len(details['components']), 3)
         self.assertEqual(
             re.sub(r'\s|\\(?!`)|\\(?=`)', '', summary), re.sub(r'\s|\\(?!`)|\\(?=`)', '', expected_summary_output)
         )
@@ -360,13 +331,11 @@ class MyTestCase(unittest.TestCase):
         details = results['details']
         summary = results['summary']
         expected_details_output = """|*Component*|*Version*|*License*|
-|pkg:github/scanoss/scanner.c|1.3.3|BSD-2-Clause - GPL-2.0-only|
+|pkg:github/scanoss/scanner.c|1.3.3|GPL-2.0-only|
 |pkg:github/scanoss/scanner.c|1.1.4|GPL-2.0-only|
-|pkg:github/scanoss/wfp|6afc1f6|Zlib - GPL-2.0-only|
-|pkg:npm/%40electron/rebuild|3.7.0|MIT|
-|pkg:npm/%40emotion/react|11.13.3|MIT|
+|pkg:github/scanoss/wfp|6afc1f6|GPL-2.0-only|
 """
-        expected_summary_output = """5 undeclared component(s) were found.
+        expected_summary_output = """3 undeclared component(s) were found.
 Add the following snippet into your `scanoss.json` file
 {code:json}
 {
@@ -377,12 +346,6 @@ Add the following snippet into your `scanoss.json` file
       },
       {
         "purl": "pkg:github/scanoss/wfp"
-      },
-      {
-        "purl": "pkg:npm/%40electron/rebuild"
-      },
-      {
-        "purl": "pkg:npm/%40emotion/react"
       }
     ]
   }

scanoss-1.25.0/src/scanoss/data/build_date.txt

@@ -1 +0,0 @@
-date: 20250610161304, utime: 1749571984