scanoss 1.25.2__py3-none-any.whl → 1.26.1__py3-none-any.whl

scanoss/inspection/policy_check.py

@@ -1,7 +1,7 @@
 """
 SPDX-License-Identifier: MIT
 
-  Copyright (c) 2024, SCANOSS
+  Copyright (c) 2025, SCANOSS
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -22,13 +22,11 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-import json
-import os.path
 from abc import abstractmethod
 from enum import Enum
 from typing import Any, Callable, Dict, List
 
-from ..scanossbase import ScanossBase
+from .inspect_base import InspectBase
 from .utils.license_utils import LicenseUtil
 
 
@@ -45,34 +43,11 @@ class PolicyStatus(Enum):
     SUCCESS = 0
     FAIL = 1
     ERROR = 2
-
-
 #
 # End of PolicyStatus Class
 #
 
-
-class ComponentID(Enum):
-    """
-    Enumeration representing different types of software components.
-
-    Attributes:
-        FILE (str): Represents a file component (value: "file").
-        SNIPPET (str): Represents a code snippet component (value: "snippet").
-        DEPENDENCY (str): Represents a dependency component (value: "dependency").
-    """
-
-    FILE = 'file'
-    SNIPPET = 'snippet'
-    DEPENDENCY = 'dependency'
-
-
-#
-# End of ComponentID Class
-#
-
-
-class PolicyCheck(ScanossBase):
+class PolicyCheck(InspectBase):
     """
     A base class for implementing various software policy checks.
 
@@ -83,27 +58,24 @@ class PolicyCheck(ScanossBase):
         VALID_FORMATS (set): A set of valid output formats ('md', 'json').
 
     Inherits from:
-        ScanossBase: A base class providing common functionality for SCANOSS-related operations.
+        InspectBase: A base class providing common functionality for SCANOSS-related operations.
     """
-
     VALID_FORMATS = {'md', 'json', 'jira_md'}
-
-    def __init__( # noqa: PLR0913
-        self,
-        debug: bool = False,
-        trace: bool = True,
-        quiet: bool = False,
-        filepath: str = None,
-        format_type: str = None,
-        status: str = None,
-        output: str = None,
-        name: str = None,
+    def __init__(  # noqa: PLR0913
+            self,
+            debug: bool = False,
+            trace: bool = True,
+            quiet: bool = False,
+            filepath: str = None,
+            format_type: str = None,
+            status: str = None,
+            output: str = None,
+            name: str = None,
     ):
-        super().__init__(debug, trace, quiet)
+        super().__init__(debug, trace, quiet, filepath, output)
         self.license_util = LicenseUtil()
         self.filepath = filepath
         self.name = name
-        self.output = output
         self.format_type = format_type
         self.status = status
         self.results = self._load_input_file()
@@ -166,162 +138,6 @@ class PolicyCheck(ScanossBase):
         """
         pass
 
-    @abstractmethod
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
-
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
-
-        :return: A list of processed components, or None if an error occurred during any step.
-
-        Possible reasons for returning None include:
-        - Results not loaded (self.results is None)
-        - Failure to extract components from the results
-
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - Implementations must extract components (e.g. via `_get_components_data`,
-          `_get_dependencies_data`, or other helpers).
-        - If `self.results` is `None`, simply return `None`.
-        """
-    pass
-
-
-    def _append_component(
-        self, components: Dict[str, Any], new_component: Dict[str, Any], id: str, status: str
-    ) -> Dict[str, Any]:
-        """
-        Append a new component to the component's dictionary.
-
-        This function creates a new entry in the components dictionary for the given component,
-        or updates an existing entry if the component already exists. It also processes the
-        licenses associated with the component.
-
-        :param components: The existing dictionary of components
-        :param new_component: The new component to be added or updated
-        :param id: The new component ID
-        :param status: The new component status
-        :return: The updated components dictionary
-        """
-        # Determine the component key and purl based on component type
-        if id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
-            purl = new_component['purl'][0]  # Take the first purl for these component types
-        else:
-            purl = new_component['purl']
-
-        if not purl:
-            self.print_debug(f'WARNING: _append_component: No purl found for new component: {new_component}')
-            return components
-
-        component_key = f'{purl}@{new_component["version"]}'
-        components[component_key] = {
-            'purl': purl,
-            'version': new_component['version'],
-            'licenses': {},
-            'status': status,
-        }
-        if not new_component.get('licenses'):
-            self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
-            return components
-
-
-        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
-        # Process licenses for this component
-        for license_item in licenses_order_by_source_priority:
-            if license_item.get('name'):
-                spdxid = license_item['name']
-                source = license_item.get('source')
-                if not source:
-                    source = 'unknown'
-                components[component_key]['licenses'][spdxid] = {
-                    'spdxid': spdxid,
-                    'copyleft': self.license_util.is_copyleft(spdxid),
-                    'url': self.license_util.get_spdx_url(spdxid),
-                    'source': source,
-                }
-        return components
-
-    def _get_components_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
-        """
-        Extract and process file and snippet components from results.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :param components: Existing components dictionary to update
-        :return: Updated components dictionary with file and snippet data
-        """
-        for component in results.values():
-            for c in component:
-                component_id = c.get('id')
-                if not component_id:
-                    self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
-                    continue
-                ## Skip dependency
-                if component_id == ComponentID.DEPENDENCY.value:
-                    continue
-                status = c.get('status')
-                if not status:
-                    self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
-                    continue
-                if component_id in [ComponentID.FILE.value, ComponentID.SNIPPET.value]:
-                    if not c.get('purl'):
-                        self.print_debug(f'WARNING: Result missing purl. Skipping: {c}')
-                        continue
-                    if len(c.get('purl')) <= 0:
-                        self.print_debug(f'WARNING: Result missing purls. Skipping: {c}')
-                        continue
-                    version = c.get('version')
-                    if not version:
-                        self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
-                        version = 'unknown'
-                        c['version'] = version #If no version exists. Set 'unknown' version to current component
-                    component_key = f'{c["purl"][0]}@{version}'
-                    if component_key not in components:
-                        components = self._append_component(components, c, component_id, status)
-            # End component loop
-        # End components loop
-        return components
-
-    def _get_dependencies_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
-        """
-        Extract and process dependency components from results.
-
-        :param results: A dictionary containing the raw results of a component scan
-        :param components: Existing components dictionary to update
-        :return: Updated components dictionary with dependency data
-        """
-        for component in results.values():
-            for c in component:
-                component_id = c.get('id')
-                if not component_id:
-                    self.print_debug(f'WARNING: Result missing id. Skipping: {c}')
-                    continue
-                status = c.get('status')
-                if not status:
-                    self.print_debug(f'WARNING: Result missing status. Skipping: {c}')
-                    continue
-                if component_id == ComponentID.DEPENDENCY.value:
-                    if c.get('dependencies') is None:
-                        continue
-                    for dependency in c['dependencies']:
-                        if not dependency.get('purl'):
-                            self.print_debug(f'WARNING: Dependency result missing purl. Skipping: {dependency}')
-                            continue
-                        version = c.get('version')
-                        if not version:
-                            self.print_debug(f'WARNING: Result missing version. Setting it to unknown: {c}')
-                            version = 'unknown'
-                            c['version'] = version  # If no version exists. Set 'unknown' version to current component
-                        component_key = f'{dependency["purl"]}@{version}'
-                        if component_key not in components:
-                            components = self._append_component(components, dependency, component_id, status)
-                    # End dependency loop
-            # End component loop
-        # End of result loop
-        return components
-
     def generate_table(self, headers, rows, centered_columns=None):
         """
         Generate a Markdown table.
@@ -408,79 +224,6 @@ class PolicyCheck(ScanossBase):
             self.print_stderr(f'ERROR: Invalid format "{self.format_type}". Valid formats are: {valid_formats_str}')
             return False
         return True
-
-    def _load_input_file(self):
-        """
-        Load the result.json file
-
-          Returns:
-              Dict[str, Any]: The parsed JSON data
-        """
-        if not os.path.exists(self.filepath):
-            self.print_stderr(f'ERROR: The file "{self.filepath}" does not exist.')
-            return None
-        with open(self.filepath, 'r') as jsonfile:
-            try:
-                return json.load(jsonfile)
-            except Exception as e:
-                self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
-        return None
-
-    def _convert_components_to_list(self, components: dict):
-        if components is None:
-            self.print_debug(f'WARNING: Components is empty {self.results}')
-            return None
-        results_list = list(components.values())
-        for component in results_list:
-            licenses = component.get('licenses')
-            if licenses is not None:
-                component['licenses'] = list(licenses.values())
-            else:
-                self.print_debug(f'WARNING: Licenses missing for: {component}')
-                component['licenses'] = []
-        return results_list
-
-    def _get_licenses_order_by_source_priority(self,licenses_data):
-        """
-        Select licenses based on source priority:
-        1. component_declared (highest priority)
-        2. license_file
-        3. file_header
-        4. scancode (lowest priority)
-
-        If any high-priority source is found, return only licenses from that source.
-        If none found, return all licenses.
-
-        Returns: list with ordered licenses by source.
-        """
-        # Define priority order (highest to lowest)
-        priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
-
-        # Group licenses by source
-        licenses_by_source = {}
-        for license_item in licenses_data:
-
-            source = license_item.get('source', 'unknown')
-            if source not in licenses_by_source:
-                licenses_by_source[source] = {}
-
-            license_name = license_item.get('name')
-            if license_name:
-                # Use license name as key, store full license object as value
-                # If duplicate license names exist in same source, the last one wins
-                licenses_by_source[source][license_name] = license_item
-
-        # Find the highest priority source that has licenses
-        for priority_source in priority_sources:
-            if priority_source in licenses_by_source:
-                self.print_trace(f'Choosing {priority_source} as source')
-                return list(licenses_by_source[priority_source].values())
-
-        # If no priority sources found, combine all licenses into a single list
-        self.print_debug("No priority sources found, returning all licenses as list")
-        return licenses_data
-
-
 #
 # End of PolicyCheck Class
-#
+#

scanoss/inspection/undeclared_component.py

@@ -1,7 +1,7 @@
 """
 SPDX-License-Identifier: MIT
 
-  Copyright (c) 2024, SCANOSS
+  Copyright (c) 2025, SCANOSS
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
@@ -79,7 +79,13 @@ class UndeclaredComponent(PolicyCheck):
         undeclared_components = []
         for component in components:
             if component['status'] == 'pending':
-                del component['status']
+                # Remove unused keys
+                del component['count']
+                del component['declared']
+                del component['undeclared']
+                for lic in component['licenses']:
+                        lic.pop('count', None)  # None is default value if key doesn't exist
+                        lic.pop('source', None) # None is default value if key doesn't exist
                 undeclared_components.append(component)
         # end component loop
         return undeclared_components
@@ -148,12 +154,14 @@ class UndeclaredComponent(PolicyCheck):
         :param components: List of undeclared components
         :return: Dictionary with formatted JSON details and summary
         """
+        # Use component grouped by licenses to generate the summary
+        component_licenses = self._group_components_by_license(components)
         details = {}
         if len(components) > 0:
             details = {'components': components}
         return {
             'details': f'{json.dumps(details, indent=2)}\n',
-            'summary': self._get_summary(components),
+            'summary': self._get_summary(component_licenses),
         }
 
     def _markdown(self, components: list) -> Dict[str, Any]:
@@ -163,15 +171,15 @@ class UndeclaredComponent(PolicyCheck):
         :param components: List of undeclared components
         :return: Dictionary with formatted Markdown details and summary
         """
-        headers = ['Component', 'Version', 'License']
+        headers = ['Component', 'License']
         rows: [[]] = []
         # TODO look at using SpdxLite license name lookup method
-        for component in components:
-            licenses = ' - '.join(lic.get('spdxid', 'Unknown') for lic in component['licenses'])
-            rows.append([component['purl'], component['version'], licenses])
+        component_licenses = self._group_components_by_license(components)
+        for component in component_licenses:
+            rows.append([component.get('purl'), component.get('spdxid')])
         return {
             'details': f'### Undeclared components\n{self.generate_table(headers, rows)}\n',
-            'summary': self._get_summary(components),
+            'summary': self._get_summary(component_licenses),
         }
 
     def _jira_markdown(self, components: list) -> Dict[str, Any]:
@@ -181,15 +189,15 @@ class UndeclaredComponent(PolicyCheck):
         :param components: List of undeclared components
         :return: Dictionary with formatted Markdown details and summary
         """
-        headers = ['Component', 'Version', 'License']
+        headers = ['Component', 'License']
         rows: [[]] = []
         # TODO look at using SpdxLite license name lookup method
-        for component in components:
-            licenses = ' - '.join(lic.get('spdxid', 'Unknown') for lic in component['licenses'])
-            rows.append([component['purl'], component['version'], licenses])
+        component_licenses = self._group_components_by_license(components)
+        for component in component_licenses:
+            rows.append([component.get('purl'), component.get('spdxid')])
         return {
             'details': f'{self.generate_jira_table(headers, rows)}',
-            'summary': self._get_jira_summary(components),
+            'summary': self._get_jira_summary(component_licenses),
         }
 
     def _get_unique_components(self, components: list) -> list:

{scanoss-1.25.2.dist-info → scanoss-1.26.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.25.2
+Version: 1.26.1
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS

{scanoss-1.25.2.dist-info → scanoss-1.26.1.dist-info}/RECORD

@@ -4,8 +4,8 @@ protoc_gen_swagger/options/annotations_pb2.py,sha256=b25EDD6gssUWnFby9gxgcpLIROT
 protoc_gen_swagger/options/annotations_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
 protoc_gen_swagger/options/openapiv2_pb2.py,sha256=vYElGp8E1vGHszvWqX97zNG9GFJ7u2QcdK9ouq0XdyI,14939
 protoc_gen_swagger/options/openapiv2_pb2_grpc.py,sha256=1oboBPFxaTEXt9Aw7EAj8gXHDCNMhZD2VXqocC9l_gk,159
-scanoss/__init__.py,sha256=9K1SKldg4taEpZ7t4H-Z45hI8SIqMlSmjp6TFz3Km2w,1146
-scanoss/cli.py,sha256=SAB0xuHjEEw20YtYAPSZwrQaVf4JUsm8NRcVArMzd4U,69099
+scanoss/__init__.py,sha256=qgYL2puYvasR_9Z1kUia9Cf_aPv7lHwJ923ZunoX9tc,1146
+scanoss/cli.py,sha256=yjK4oawNzecarQYYlkElOiHFDDAZx_zKdSXf_gQvqXk,72678
 scanoss/components.py,sha256=b0R9DdKuXqyQiw5nZZwjQ6NJXBr1U9gyx1RI2FP9ozA,14511
 scanoss/constants.py,sha256=FWCZG8gQputKwV7XwvW1GuwDXL4wDLQyVRGdwygg578,320
 scanoss/cryptography.py,sha256=Q39MOCscP-OFvrnPXaPOMFFkc8OKnf3mC3SgZYEtCog,9407
@@ -57,14 +57,17 @@ scanoss/api/vulnerabilities/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSC
 scanoss/api/vulnerabilities/v2/__init__.py,sha256=IFrDk_DTJgKSZmmU-nuLXuq_s8sQZlrSCHhIDMJT4r0,1122
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py,sha256=CFhF80av8tenGvn9AIsGEtRJPuV2dC_syA5JLZb2lDw,5464
 scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py,sha256=HlS4k4Zmx6RIAqaO9I96jD-eyF5yU6Xx04pVm7pdqOg,6864
-scanoss/data/build_date.txt,sha256=3-u7TU-KPaW2lJLuHTSTYQJlq8aqKlVQv7MRd_B-xvQ,40
+scanoss/data/build_date.txt,sha256=T_n0TdmNDPNRIny3af0dDhOvzk8oLLMPv0gC4sFQngs,40
 scanoss/data/scanoss-settings-schema.json,sha256=ClkRYAkjAN0Sk704G8BE_Ok006oQ6YnIGmX84CF8h9w,8798
 scanoss/data/spdx-exceptions.json,sha256=s7UTYxC7jqQXr11YBlIWYCNwN6lRDFTR33Y8rpN_dA4,17953
 scanoss/data/spdx-licenses.json,sha256=A6Z0q82gaTLtnopBfzeIVZjJFxkdRW1g2TuumQc-lII,228794
-scanoss/inspection/__init__.py,sha256=0hjb5ktavp7utJzFhGMPImPaZiHWgilM2HwvTp5lXJE,1122
-scanoss/inspection/copyleft.py,sha256=MqkixiGnOs7IEfhSmX5zRkJmmouHc76q8LP2Rqdu4AQ,8495
-scanoss/inspection/policy_check.py,sha256=k8v7ei3oZBERt4l8S3AWEVn-qA2TsGkfYJT_i21M0s4,19076
-scanoss/inspection/undeclared_component.py,sha256=my-KPEeFx7P2VG2dsYm5-7y83DDMGzf0MnBQdPExIHk,11026
+scanoss/inspection/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
+scanoss/inspection/component_summary.py,sha256=h1l3rF6NnoK0wMkS4ib6rDfcza2aqunyoMDbN2lw2G4,4049
+scanoss/inspection/copyleft.py,sha256=iCArNWZo5TOX7K68e-YD_6mQNRDOE9V35UoSMs23_qY,9236
+scanoss/inspection/inspect_base.py,sha256=KEyYSkAhx4lBjZk-NeGivj2UCToxdcJc1OmGSbk0MZc,17638
+scanoss/inspection/license_summary.py,sha256=T3I8E6ljqYF0ngIcY3Ke2WaNeCzrdpN0RQ02RG_3Thk,5763
+scanoss/inspection/policy_check.py,sha256=NS39dvePZbpusGRnEUKN9JFiMdSyva0msFE6On6bK8Q,8329
+scanoss/inspection/undeclared_component.py,sha256=qjc30agrIXU_07CJCgLvvFT-sQvJa1Hb0lS1UjM6aj8,11495
 scanoss/inspection/utils/license_utils.py,sha256=Zb6QLmVJb86lKCwZyBsmwakyAtY1SXa54kUyyKmWMqA,5093
 scanoss/scanners/__init__.py,sha256=D4C0lWLuNp8k_BjQZEc07WZcUgAvriVwQWOk063b0ZU,1122
 scanoss/scanners/container_scanner.py,sha256=leP4roes6B9B95F49mJ0P_F8WcKCQkvJgk9azWyJrjg,16294
@@ -76,9 +79,9 @@ scanoss/utils/abstract_presenter.py,sha256=teiDTxBj5jBMCk2T8i4l1BJPf_u4zBLWrtCTF
 scanoss/utils/crc64.py,sha256=TMrwQimSdE6imhFOUL7oAG6Kxu-8qMpGWMuMg8QpSVs,3169
 scanoss/utils/file.py,sha256=62cA9a17TU9ZvfA3FY5HY4-QOajJeSrc8S6xLA_f-3M,2980
 scanoss/utils/simhash.py,sha256=6iu8DOcecPAY36SZjCOzrrLMT9oIE7-gI6QuYwUQ7B0,5793
-scanoss-1.25.2.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
-scanoss-1.25.2.dist-info/METADATA,sha256=tLuNgHCCKBeUfqk0EWRkr5iv35GBIybi0nMBSBi1huw,6060
-scanoss-1.25.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scanoss-1.25.2.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
-scanoss-1.25.2.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
-scanoss-1.25.2.dist-info/RECORD,,
+scanoss-1.26.1.dist-info/licenses/LICENSE,sha256=LLUaXoiyOroIbr5ubAyrxBOwSRLTm35ETO2FmLpy8QQ,1074
+scanoss-1.26.1.dist-info/METADATA,sha256=55vVk3xfgQlKqi7B7WnaUJCbhmbyBmf1zrQ2YzBsVmo,6060
+scanoss-1.26.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scanoss-1.26.1.dist-info/entry_points.txt,sha256=Uy28xnaDL5KQ7V77sZD5VLDXPNxYYzSr5tsqtiXVzAs,48
+scanoss-1.26.1.dist-info/top_level.txt,sha256=V11PrQ6Pnrc-nDF9xnisnJ8e6-i7HqSIKVNqduRWcL8,27
+scanoss-1.26.1.dist-info/RECORD,,