scanoss 1.25.1__py3-none-any.whl → 1.26.0__py3-none-any.whl

scanoss/inspection/policy_check.py

@@ -1,7 +1,7 @@
 """
 SPDX-License-Identifier: MIT
 
-  Copyright (c) 2024, SCANOSS
+  Copyright (c) 2025, SCANOSS
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -22,13 +22,11 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-import json
-import os.path
 from abc import abstractmethod
 from enum import Enum
 from typing import Any, Callable, Dict, List
 
-from ..scanossbase import ScanossBase
+from .inspect_base import InspectBase
 from .utils.license_utils import LicenseUtil
 
 
@@ -45,34 +43,11 @@ class PolicyStatus(Enum):
     SUCCESS = 0
     FAIL = 1
     ERROR = 2
-
-
 #
 # End of PolicyStatus Class
 #
 
-
-class ComponentID(Enum):
-    """
-    Enumeration representing different types of software components.
-
-    Attributes:
-        FILE (str): Represents a file component (value: "file").
-        SNIPPET (str): Represents a code snippet component (value: "snippet").
-        DEPENDENCY (str): Represents a dependency component (value: "dependency").
-    """
-
-    FILE = 'file'
-    SNIPPET = 'snippet'
-    DEPENDENCY = 'dependency'
-
-
-#
-# End of ComponentID Class
-#
-
-
-class PolicyCheck(ScanossBase):
+class PolicyCheck(InspectBase):
     """
     A base class for implementing various software policy checks.
 
@@ -83,27 +58,24 @@ class PolicyCheck(ScanossBase):
         VALID_FORMATS (set): A set of valid output formats ('md', 'json').
 
     Inherits from:
-        ScanossBase: A base class providing common functionality for SCANOSS-related operations.
+        InspectBase: A base class providing common functionality for SCANOSS-related operations.
     """
-
     VALID_FORMATS = {'md', 'json', 'jira_md'}
-
-    def __init__( # noqa: PLR0913
-        self,
-        debug: bool = False,
-        trace: bool = True,
-        quiet: bool = False,
-        filepath: str = None,
-        format_type: str = None,
-        status: str = None,
-        output: str = None,
-        name: str = None,
+    def __init__(  # noqa: PLR0913
+            self,
+            debug: bool = False,
+            trace: bool = True,
+            quiet: bool = False,
+            filepath: str = None,
+            format_type: str = None,
+            status: str = None,
+            output: str = None,
+            name: str = None,
     ):
-        super().__init__(debug, trace, quiet)
+        super().__init__(debug, trace, quiet, filepath, output)
         self.license_util = LicenseUtil()
         self.filepath = filepath
         self.name = name
-        self.output = output
         self.format_type = format_type
         self.status = status
         self.results = self._load_input_file()
@@ -166,147 +138,6 @@ class PolicyCheck(ScanossBase):
         """
         pass
 
-    @abstractmethod
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
-
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
-
-        :return: A list of processed components, or None if an error occurred during any step.
-
-        Possible reasons for returning None include:
-        - Results not loaded (self.results is None)
-        - Failure to extract components from the results
-
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - Implementations must extract components (e.g. via `_get_components_data`,
-          `_get_dependencies_data`, or other helpers).
-        - If `self.results` is `None`, simply return `None`.
-        """
-    pass
-
-
-    def _append_component(
-        self, components: Dict[str, Any], new_component: Dict[str, Any], id: str, status: str
-    ) -> Dict[str, Any]:
-        """
-        Append a new component to the component's dictionary.
-
-        This function creates a new entry in the components dictionary for the given component,
-        or updates an existing entry if the component already exists. It also processes the
-        licenses associated with the component.
-
-        :param components: The existing dictionary of components
-        :param new_component: The new component to be added or updated
-        :param id: The new component ID
-        :param status: The new component status
-        :return: The updated components dictionary
-        """
-        # Determine the component key and purl based on component type
-        if id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
-            purl = new_component['purl'][0]  # Take the first purl for these component types
-        else:
-            purl = new_component['purl']
-
-        component_key = f'{purl}@{new_component["version"]}'
-        components[component_key] = {
-            'purl': purl,
-            'version': new_component['version'],
-            'licenses': {},
-            'status': status,
-        }
-        if not new_component.get('licenses'):
-            self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
-            return components
-        # Process licenses for this component
-        for license_item in new_component['licenses']:
-            if license_item.get('name'):
-                spdxid = license_item['name']
-                components[component_key]['licenses'][spdxid] = {
-                    'spdxid': spdxid,
-                    'copyleft': self.license_util.is_copyleft(spdxid),
-                    'url': self.license_util.get_spdx_url(spdxid),
-                }
-        return components
-
-    def _get_components_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
-        """
-        Extract and process file and snippet components from results.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :param components: Existing components dictionary to update
-        :return: Updated components dictionary with file and snippet data
-        """
-        for component in results.values():
-            for c in component:
-                component_id = c.get('id')
-                if not component_id:
-                    self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
-                    continue
-                ## Skip dependency
-                if component_id == ComponentID.DEPENDENCY.value:
-                    continue
-                status = c.get('status')
-                if not status:
-                    self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
-                    continue
-                if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
-                    if not c.get('purl'):
-                        self.print_debug(f'WARNING: Result missing purl. Skipping: {c}')
-                        continue
-                    if len(c.get('purl')) <= 0:
-                        self.print_debug(f'WARNING: Result missing purls. Skipping: {c}')
-                        continue
-                    if not c.get('version'):
-                        self.print_msg(f'WARNING: Result missing version. Skipping: {c}')
-                        continue
-                    component_key = f'{c["purl"][0]}@{c["version"]}'
-                    if component_key not in components:
-                        components = self._append_component(components, c, component_id, status)
-            # End component loop
-        # End components loop
-        return components
-
-    def _get_dependencies_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
-        """
-        Extract and process dependency components from results.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :param components: Existing components dictionary to update
-        :return: Updated components dictionary with dependency data
-        """
-        for component in results.values():
-            for c in component:
-                component_id = c.get('id')
-                if not component_id:
-                    self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
-                    continue
-                status = c.get('status')
-                if not status:
-                    self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
-                    continue
-                if component_id == ComponentID.DEPENDENCY.value:
-                    if c.get('dependencies') is None:
-                        continue
-                    for dependency in c['dependencies']:
-                        if not dependency.get('purl'):
-                            self.print_debug(f'WARNING: Dependency result missing purl. Skipping: {dependency}')
-                            continue
-                        if not dependency.get('version'):
-                            self.print_msg(f'WARNING: Dependency result missing version. Skipping: {dependency}')
-                            continue
-                        component_key = f'{dependency["purl"]}@{dependency["version"]}'
-                        if component_key not in components:
-                            components = self._append_component(components, dependency, component_id, status)
-                    # End dependency loop
-            # End component loop
-        # End of result loop
-        return components
-
     def generate_table(self, headers, rows, centered_columns=None):
         """
         Generate a Markdown table.
@@ -393,24 +224,6 @@ class PolicyCheck(ScanossBase):
             self.print_stderr(f'ERROR: Invalid format "{self.format_type}". Valid formats are: {valid_formats_str}')
             return False
         return True
-
-    def _load_input_file(self):
-        """
-        Load the result.json file
-
-          Returns:
-              Dict[str, Any]: The parsed JSON data
-        """
-        if not os.path.exists(self.filepath):
-            self.print_stderr(f'ERROR: The file "{self.filepath}" does not exist.')
-            return None
-        with open(self.filepath, 'r') as jsonfile:
-            try:
-                return json.load(jsonfile)
-            except Exception as e:
-                self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
-        return None
-
 #
 # End of PolicyCheck Class
-#
+#

scanoss/inspection/undeclared_component.py

@@ -1,7 +1,7 @@
 """
 SPDX-License-Identifier: MIT
 
-  Copyright (c) 2024, SCANOSS
+  Copyright (c) 2025, SCANOSS
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -79,7 +79,14 @@ class UndeclaredComponent(PolicyCheck):
         undeclared_components = []
         for component in components:
             if component['status'] == 'pending':
+                # Remove unused keys
                 del component['status']
+                del component['count']
+                del component['declared']
+                del component['undeclared']
+                for lic in component['licenses']:
+                        lic.pop('count', None)  # None is default value if key doesn't exist
+                        lic.pop('source', None) # None is default value if key doesn't exist
                 undeclared_components.append(component)
         # end component loop
         return undeclared_components
@@ -148,12 +155,14 @@ class UndeclaredComponent(PolicyCheck):
         :param components: List of undeclared components
         :return: Dictionary with formatted JSON details and summary
         """
+        # Use component grouped by licenses to generate the summary
+        component_licenses = self._group_components_by_license(components)
         details = {}
         if len(components) > 0:
             details = {'components': components}
         return {
             'details': f'{json.dumps(details, indent=2)}\n',
-            'summary': self._get_summary(components),
+            'summary': self._get_summary(component_licenses),
         }
 
     def _markdown(self, components: list) -> Dict[str, Any]:
@@ -163,15 +172,15 @@ class UndeclaredComponent(PolicyCheck):
         :param components: List of undeclared components
         :return: Dictionary with formatted Markdown details and summary
         """
-        headers = ['Component', 'Version', 'License']
+        headers = ['Component', 'License']
         rows: [[]] = []
         # TODO look at using SpdxLite license name lookup method
-        for component in components:
-            licenses = ' - '.join(lic.get('spdxid', 'Unknown') for lic in component['licenses'])
-            rows.append([component['purl'], component['version'], licenses])
+        component_licenses = self._group_components_by_license(components)
+        for component in component_licenses:
+            rows.append([component.get('purl'), component.get('license')])
         return {
             'details': f'### Undeclared components\n{self.generate_table(headers, rows)}\n',
-            'summary': self._get_summary(components),
+            'summary': self._get_summary(component_licenses),
         }
 
     def _jira_markdown(self, components: list) -> Dict[str, Any]:
@@ -181,15 +190,15 @@ class UndeclaredComponent(PolicyCheck):
         :param components: List of undeclared components
         :return: Dictionary with formatted Markdown details and summary
         """
-        headers = ['Component', 'Version', 'License']
+        headers = ['Component', 'License']
         rows: [[]] = []
         # TODO look at using SpdxLite license name lookup method
-        for component in components:
-            licenses = ' - '.join(lic.get('spdxid', 'Unknown') for lic in component['licenses'])
-            rows.append([component['purl'], component['version'], licenses])
+        component_licenses = self._group_components_by_license(components)
+        for component in component_licenses:
+            rows.append([component.get('purl'), component.get('license')])
         return {
             'details': f'{self.generate_jira_table(headers, rows)}',
-            'summary': self._get_jira_summary(components),
+            'summary': self._get_jira_summary(component_licenses),
         }
 
     def _get_unique_components(self, components: list) -> list:
@@ -254,10 +263,37 @@ class UndeclaredComponent(PolicyCheck):
         # Extract file and snippet components
         components = self._get_components_data(self.results, components)
         # Convert to list and process licenses
-        results_list = list(components.values())
-        for component in results_list:
-            component['licenses'] = list(component['licenses'].values())
-        return results_list
+        return self._convert_components_to_list(components)
+
+    def _group_components_by_license(self,components):
+        """
+        Groups components by their unique component-license pairs.
+
+        This method processes a list of components and creates unique entries for each
+        component-license combination. If a component has multiple licenses, it will create
+        separate entries for each license.
+
+        Args:
+            components: A list of component dictionaries. Each component should have:
+                - purl: Package URL identifying the component
+                - licenses: List of license dictionaries, each containing:
+                    - spdxid: SPDX identifier for the license (optional)
+
+        Returns:
+            list: A list of dictionaries, each containing:
+                - purl: The component's package URL
+                - license: The SPDX identifier of the license (or 'Unknown' if not provided)
+        """
+        component_licenses: dict = {}
+        for component in components:
+            for lic in component['licenses']:
+                spdxid = lic.get('spdxid', 'Unknown')
+                key = f'{component["purl"]}-{spdxid}'
+                component_licenses[key] = {
+                    'purl': component['purl'],
+                    'license': spdxid,
+                }
+        return list(component_licenses.values())
 
     def run(self):
         """

{scanoss-1.25.1.dist-info → scanoss-1.26.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.25.1
+Version: 1.26.0
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.25.1.dist-info → scanoss-1.26.0.dist-info}/RECORD

@@ -4,8 +4,8 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=zoc5i9zIZ6i9BDBRPHBqmnNWz1ctPZAr9pCu2Pamvlg,1146
-scanoss/cli.py,sha256=SAB0xuHjEEw20YtYAPSZwrQaVf4JUsm8NRcVArMzd4U,69099
+scanoss/__init__.py,sha256=hpFJV75fvMqM81JQ_5NLWJnNyG498vCtV_hWttywCao,1146
+scanoss/cli.py,sha256=yjK4oawNzecarQYYlkElOiHFDDAZx_zKdSXf_gQvqXk,72678
 scanoss/components.py,sha256=b0R9DdKuXqyQiw5nZZwjQ6NJXBr1U9gyx1RI2FP9ozA,14511
 scanoss/constants.py,sha256=FWCZG8gQputKwV7XwvW1GuwDXL4wDLQyVRGdwygg578,320
 scanoss/cryptography.py,sha256=Q39MOCscP-OFvrnPXaPOMFFkc8OKnf3mC3SgZYEtCog,9407
@@ -57,14 +57,17 @@ scanoss/api/vulnerabilities/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSC
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSCHhIDMJT4r0,1122
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=DgM1g6ceMq5HR3AeQ6XArgq0PfNCFKqT1ujuejYzZaI,40
+scanoss/data/build_date.txt,sha256=35_MQhM0yl3QDm4UJRvKeRtlQPWALTKWb429m0XN5go,40
 scanoss/data/scanoss-settings-schema.json,sha256=ClkRYAkjAN0Sk704G8BE_Ok006oQ6YnIGmX84CF8h9w,8798
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
-scanoss/inspection/__init__.py,sha256=0hjb5ktavp7utJzFhGMPImPaZiHWgilM2HwvTp5lXJE,1122
-scanoss/inspection/copyleft.py,sha256=lOOq3-HwIvYVd0a_A0o2pG-m0rtFBHxXjEBLtHpRJto,8671
-scanoss/inspection/policy_check.py,sha256=ldUcKBXD74P4ldO417GP5PqJHE-BagDPBDOK-e3KZco,16009
-scanoss/inspection/undeclared_component.py,sha256=7WRLdDSf_XWtDMlvKRo3nvBy_041gQ2xR2zXqFCzmz0,11155
+scanoss/inspection/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
+scanoss/inspection/component_summary.py,sha256=gSLTsyGVZ4R1-Pqo7-mcb4AbdGjcNVhHs_Jm5_GdFGU,3443
+scanoss/inspection/copyleft.py,sha256=oM9xSRovDI4TPansDKg2Qa_omo09nr78-vAYcEgxyJY,8854
+scanoss/inspection/inspect_base.py,sha256=Q943VydELN1fzV4tNQQZGBlOd4T_v8chCDoOoJgHRMM,16086
+scanoss/inspection/license_summary.py,sha256=bq81K8N40b9CaZGawBku_Kxcz31lLhHW173v7NJ4S4s,6305
+scanoss/inspection/policy_check.py,sha256=NS39dvePZbpusGRnEUKN9JFiMdSyva0msFE6On6bK8Q,8329
+scanoss/inspection/undeclared_component.py,sha256=4mo1CMBho_I-58j5H0x8A-9ZGVvrGsNzBDel48LZ8Z0,12866
 scanoss/inspection/utils/license_utils.py,sha256=Zb6QLmVJb86lKCwZyBsmwakyAtY1SXa54kUyyKmWMqA,5093
 scanoss/scanners/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
 scanoss/scanners/container_scanner.py,sha256=leP4roes6B9B95F49mJ0P_F8WcKCQkvJgk9azWyJrjg,16294
@@ -76,9 +79,9 @@ scanoss/utils/abstract_presenter.py,sha256=teiDTxBj5jBMCk2T8i4l1BJPf_u4zBLWrtCTF
 scanoss/utils/crc64.py,sha256=TMrwQimSdE6imhFOUL7oAG6Kxu-8qMpGWMuMg8QpSVs,3169
 scanoss/utils/file.py,sha256=62cA9a17TU9ZvfA3FY5HY4-QOajJeSrc8S6xLA_f-3M,2980
 scanoss/utils/simhash.py,sha256=6iu8DOcecPAY36SZjCOzrrLMT9oIE7-gI6QuYwUQ7B0,5793
-scanoss-1.25.1.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.25.1.dist-info/METADATA,sha256=yIG7_hq018z-_68-M0jwt6hSb3oK5yol9Wku4k3m2V4,6060
-scanoss-1.25.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scanoss-1.25.1.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.25.1.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.25.1.dist-info/RECORD,,
+scanoss-1.26.0.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.26.0.dist-info/METADATA,sha256=cj8e2LBPd_4muBEw4dz9d-YMP9bJM9zfKD-SR_iKZmc,6060
+scanoss-1.26.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scanoss-1.26.0.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.26.0.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.26.0.dist-info/RECORD,,