scanoss 1.27.1__py3-none-any.whl → 1.43.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- protoc_gen_swagger/options/annotations_pb2.py +18 -12
- protoc_gen_swagger/options/annotations_pb2.pyi +48 -0
- protoc_gen_swagger/options/annotations_pb2_grpc.py +20 -0
- protoc_gen_swagger/options/openapiv2_pb2.py +110 -99
- protoc_gen_swagger/options/openapiv2_pb2.pyi +1317 -0
- protoc_gen_swagger/options/openapiv2_pb2_grpc.py +20 -0
- scanoss/__init__.py +1 -1
- scanoss/api/common/v2/scanoss_common_pb2.py +49 -22
- scanoss/api/common/v2/scanoss_common_pb2_grpc.py +25 -0
- scanoss/api/components/v2/scanoss_components_pb2.py +68 -43
- scanoss/api/components/v2/scanoss_components_pb2_grpc.py +83 -22
- scanoss/api/cryptography/v2/scanoss_cryptography_pb2.py +136 -47
- scanoss/api/cryptography/v2/scanoss_cryptography_pb2_grpc.py +650 -33
- scanoss/api/dependencies/v2/scanoss_dependencies_pb2.py +56 -37
- scanoss/api/dependencies/v2/scanoss_dependencies_pb2_grpc.py +64 -12
- scanoss/api/geoprovenance/v2/scanoss_geoprovenance_pb2.py +74 -31
- scanoss/api/geoprovenance/v2/scanoss_geoprovenance_pb2_grpc.py +252 -13
- scanoss/api/licenses/__init__.py +23 -0
- scanoss/api/licenses/v2/__init__.py +23 -0
- scanoss/api/licenses/v2/scanoss_licenses_pb2.py +84 -0
- scanoss/api/licenses/v2/scanoss_licenses_pb2_grpc.py +302 -0
- scanoss/api/scanning/v2/scanoss_scanning_pb2.py +32 -21
- scanoss/api/scanning/v2/scanoss_scanning_pb2_grpc.py +49 -8
- scanoss/api/semgrep/v2/scanoss_semgrep_pb2.py +50 -23
- scanoss/api/semgrep/v2/scanoss_semgrep_pb2_grpc.py +151 -16
- scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py +78 -31
- scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py +282 -18
- scanoss/cli.py +1000 -186
- scanoss/components.py +80 -50
- scanoss/constants.py +7 -1
- scanoss/cryptography.py +89 -55
- scanoss/csvoutput.py +13 -7
- scanoss/cyclonedx.py +141 -9
- scanoss/data/build_date.txt +1 -1
- scanoss/data/osadl-copyleft.json +133 -0
- scanoss/delta.py +197 -0
- scanoss/export/__init__.py +23 -0
- scanoss/export/dependency_track.py +227 -0
- scanoss/file_filters.py +2 -163
- scanoss/filecount.py +37 -38
- scanoss/gitlabqualityreport.py +214 -0
- scanoss/header_filter.py +563 -0
- scanoss/inspection/policy_check/__init__.py +0 -0
- scanoss/inspection/policy_check/dependency_track/__init__.py +0 -0
- scanoss/inspection/policy_check/dependency_track/project_violation.py +479 -0
- scanoss/inspection/{policy_check.py → policy_check/policy_check.py} +65 -72
- scanoss/inspection/policy_check/scanoss/__init__.py +0 -0
- scanoss/inspection/{copyleft.py → policy_check/scanoss/copyleft.py} +89 -73
- scanoss/inspection/{undeclared_component.py → policy_check/scanoss/undeclared_component.py} +52 -46
- scanoss/inspection/summary/__init__.py +0 -0
- scanoss/inspection/summary/component_summary.py +170 -0
- scanoss/inspection/{license_summary.py → summary/license_summary.py} +62 -12
- scanoss/inspection/summary/match_summary.py +341 -0
- scanoss/inspection/utils/file_utils.py +44 -0
- scanoss/inspection/utils/license_utils.py +57 -71
- scanoss/inspection/utils/markdown_utils.py +63 -0
- scanoss/inspection/{inspect_base.py → utils/scan_result_processor.py} +53 -67
- scanoss/osadl.py +125 -0
- scanoss/scanner.py +135 -253
- scanoss/scanners/folder_hasher.py +47 -32
- scanoss/scanners/scanner_hfh.py +50 -18
- scanoss/scanoss_settings.py +33 -3
- scanoss/scanossapi.py +23 -25
- scanoss/scanossbase.py +1 -1
- scanoss/scanossgrpc.py +543 -289
- scanoss/services/dependency_track_service.py +132 -0
- scanoss/spdxlite.py +11 -4
- scanoss/threadeddependencies.py +19 -18
- scanoss/threadedscanning.py +10 -0
- scanoss/utils/scanoss_scan_results_utils.py +41 -0
- scanoss/winnowing.py +71 -19
- {scanoss-1.27.1.dist-info → scanoss-1.43.1.dist-info}/METADATA +8 -5
- scanoss-1.43.1.dist-info/RECORD +110 -0
- scanoss/inspection/component_summary.py +0 -94
- scanoss-1.27.1.dist-info/RECORD +0 -87
- {scanoss-1.27.1.dist-info → scanoss-1.43.1.dist-info}/WHEEL +0 -0
- {scanoss-1.27.1.dist-info → scanoss-1.43.1.dist-info}/entry_points.txt +0 -0
- {scanoss-1.27.1.dist-info → scanoss-1.43.1.dist-info}/licenses/LICENSE +0 -0
- {scanoss-1.27.1.dist-info → scanoss-1.43.1.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,214 @@
|
|
|
1
|
+
"""
|
|
2
|
+
SPDX-License-Identifier: MIT
|
|
3
|
+
|
|
4
|
+
Copyright (c) 2025, SCANOSS
|
|
5
|
+
|
|
6
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
7
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
8
|
+
in the Software without restriction, including without limitation the rights
|
|
9
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
10
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
11
|
+
furnished to do so, subject to the following conditions:
|
|
12
|
+
|
|
13
|
+
The above copyright notice and this permission notice shall be included in
|
|
14
|
+
all copies or substantial portions of the Software.
|
|
15
|
+
|
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
17
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
18
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
19
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
20
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
21
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
22
|
+
THE SOFTWARE.
|
|
23
|
+
"""
|
|
24
|
+
|
|
25
|
+
import json
|
|
26
|
+
import os
|
|
27
|
+
import sys
|
|
28
|
+
from dataclasses import dataclass
|
|
29
|
+
|
|
30
|
+
from .scanossbase import ScanossBase
|
|
31
|
+
from .utils import scanoss_scan_results_utils
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
@dataclass
|
|
35
|
+
class Lines:
|
|
36
|
+
begin: int
|
|
37
|
+
|
|
38
|
+
@dataclass
|
|
39
|
+
class Location:
|
|
40
|
+
path: str
|
|
41
|
+
lines: Lines
|
|
42
|
+
|
|
43
|
+
@dataclass
|
|
44
|
+
class CodeQuality:
|
|
45
|
+
description: str
|
|
46
|
+
check_name: str
|
|
47
|
+
fingerprint: str
|
|
48
|
+
severity: str
|
|
49
|
+
location: Location
|
|
50
|
+
|
|
51
|
+
def to_dict(self):
|
|
52
|
+
"""Convert to dictionary for JSON serialization."""
|
|
53
|
+
return {
|
|
54
|
+
"description": self.description,
|
|
55
|
+
"check_name": self.check_name,
|
|
56
|
+
"fingerprint": self.fingerprint,
|
|
57
|
+
"severity": self.severity,
|
|
58
|
+
"location": {
|
|
59
|
+
"path": self.location.path,
|
|
60
|
+
"lines": {
|
|
61
|
+
"begin": self.location.lines.begin
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
class GitLabQualityReport(ScanossBase):
|
|
67
|
+
"""
|
|
68
|
+
GitLabCodeQuality management class
|
|
69
|
+
Handle all interaction with GitLab Code Quality Report formatting
|
|
70
|
+
"""
|
|
71
|
+
|
|
72
|
+
def __init__(self, debug: bool = False, trace: bool = False, quiet: bool = False):
|
|
73
|
+
"""
|
|
74
|
+
Initialise the GitLabCodeQuality class
|
|
75
|
+
"""
|
|
76
|
+
super().__init__(debug, trace, quiet)
|
|
77
|
+
self.print_trace(f"GitLabQualityReport initialized with debug={debug}, trace={trace}, quiet={quiet}")
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
def _get_code_quality(self, file_name: str, result: dict) -> CodeQuality or None:
|
|
81
|
+
self.print_trace(f"_get_code_quality called for file: {file_name}")
|
|
82
|
+
self.print_trace(f"Processing result: {result}")
|
|
83
|
+
|
|
84
|
+
if not result.get('file_hash'):
|
|
85
|
+
self.print_debug(f"Warning: no hash found for result: {result}")
|
|
86
|
+
return None
|
|
87
|
+
|
|
88
|
+
if result.get('id') == 'file':
|
|
89
|
+
self.print_debug(f"Processing file match for: {file_name}")
|
|
90
|
+
description = f"File match found in: {file_name}"
|
|
91
|
+
code_quality = CodeQuality(
|
|
92
|
+
description=description,
|
|
93
|
+
check_name=file_name,
|
|
94
|
+
fingerprint=result.get('file_hash'),
|
|
95
|
+
severity="info",
|
|
96
|
+
location=Location(
|
|
97
|
+
path=file_name,
|
|
98
|
+
lines = Lines(
|
|
99
|
+
begin= 1
|
|
100
|
+
)
|
|
101
|
+
)
|
|
102
|
+
)
|
|
103
|
+
self.print_trace(f"Created file CodeQuality object: {code_quality}")
|
|
104
|
+
return code_quality
|
|
105
|
+
|
|
106
|
+
if not result.get('lines'):
|
|
107
|
+
self.print_debug(f"Warning: No lines found for result: {result}")
|
|
108
|
+
return None
|
|
109
|
+
lines = scanoss_scan_results_utils.get_lines(result.get('lines'))
|
|
110
|
+
self.print_trace(f"Extracted lines: {lines}")
|
|
111
|
+
if len(lines) == 0:
|
|
112
|
+
self.print_debug(f"Warning: empty lines for result: {result}")
|
|
113
|
+
return None
|
|
114
|
+
end_line = lines[len(lines) - 1] if len(lines) > 1 else lines[0]
|
|
115
|
+
description = f"Snippet found in: {file_name} - lines {lines[0]}-{end_line}"
|
|
116
|
+
self.print_debug(f"Processing snippet match for: {file_name}, lines: {lines[0]}-{end_line}")
|
|
117
|
+
code_quality = CodeQuality(
|
|
118
|
+
description=description,
|
|
119
|
+
check_name=file_name,
|
|
120
|
+
fingerprint=result.get('file_hash'),
|
|
121
|
+
severity="info",
|
|
122
|
+
location=Location(
|
|
123
|
+
path=file_name,
|
|
124
|
+
lines=Lines(
|
|
125
|
+
begin=lines[0]
|
|
126
|
+
)
|
|
127
|
+
)
|
|
128
|
+
)
|
|
129
|
+
self.print_trace(f"Created snippet CodeQuality object: {code_quality}")
|
|
130
|
+
return code_quality
|
|
131
|
+
|
|
132
|
+
def _write_output(self, data: list[CodeQuality], output_file: str = None) -> bool:
|
|
133
|
+
"""Write the Gitlab Code Quality Report to output."""
|
|
134
|
+
self.print_trace(f"_write_output called with {len(data)} items, output_file: {output_file}")
|
|
135
|
+
try:
|
|
136
|
+
json_data = [item.to_dict() for item in data]
|
|
137
|
+
self.print_trace(f"JSON data: {json_data}")
|
|
138
|
+
file = open(output_file, 'w') if output_file else sys.stdout
|
|
139
|
+
print(json.dumps(json_data, indent=2), file=file)
|
|
140
|
+
if output_file:
|
|
141
|
+
file.close()
|
|
142
|
+
self.print_debug(f"Wrote output to file: {output_file}")
|
|
143
|
+
else:
|
|
144
|
+
self.print_debug("Wrote output to 'stdout'")
|
|
145
|
+
return True
|
|
146
|
+
except Exception as e:
|
|
147
|
+
self.print_stderr(f'Error writing output: {str(e)}')
|
|
148
|
+
return False
|
|
149
|
+
|
|
150
|
+
def _produce_from_json(self, data: dict, output_file: str = None) -> bool:
|
|
151
|
+
self.print_trace(f"_produce_from_json called with output_file: {output_file}")
|
|
152
|
+
self.print_debug(f"Processing {len(data)} files from JSON data")
|
|
153
|
+
code_quality = []
|
|
154
|
+
for file_name, results in data.items():
|
|
155
|
+
self.print_trace(f"Processing file: {file_name} with {len(results)} results")
|
|
156
|
+
for result in results:
|
|
157
|
+
if not result.get('id'):
|
|
158
|
+
self.print_debug(f"Warning: No ID found for result: {result}")
|
|
159
|
+
continue
|
|
160
|
+
if result.get('id') != 'snippet' and result.get('id') != 'file':
|
|
161
|
+
self.print_debug(f"Skipping non-snippet/file match: {file_name}, id: '{result['id']}'")
|
|
162
|
+
continue
|
|
163
|
+
code_quality_item = self._get_code_quality(file_name, result)
|
|
164
|
+
if code_quality_item:
|
|
165
|
+
code_quality.append(code_quality_item)
|
|
166
|
+
self.print_trace(f"Added code quality item for {file_name}")
|
|
167
|
+
else:
|
|
168
|
+
self.print_debug(f"Warning: No Code Quality found for result: {result}")
|
|
169
|
+
self.print_debug(f"Generated {len(code_quality)} code quality items")
|
|
170
|
+
self._write_output(data=code_quality,output_file=output_file)
|
|
171
|
+
return True
|
|
172
|
+
|
|
173
|
+
def _produce_from_str(self, json_str: str, output_file: str = None) -> bool:
|
|
174
|
+
"""
|
|
175
|
+
Produce Gitlab Code Quality Report output from input JSON string
|
|
176
|
+
:param json_str: input JSON string
|
|
177
|
+
:param output_file: Output file (optional)
|
|
178
|
+
:return: True if successful, False otherwise
|
|
179
|
+
"""
|
|
180
|
+
self.print_trace(f"_produce_from_str called with output_file: {output_file}")
|
|
181
|
+
if not json_str:
|
|
182
|
+
self.print_stderr('ERROR: No JSON string provided to parse.')
|
|
183
|
+
return False
|
|
184
|
+
self.print_debug(f"Parsing JSON string of length: {len(json_str)}")
|
|
185
|
+
try:
|
|
186
|
+
data = json.loads(json_str)
|
|
187
|
+
self.print_debug("Successfully parsed JSON data")
|
|
188
|
+
self.print_trace(f"Parsed data structure: {type(data)}")
|
|
189
|
+
except Exception as e:
|
|
190
|
+
self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
|
|
191
|
+
return False
|
|
192
|
+
return self._produce_from_json(data, output_file)
|
|
193
|
+
|
|
194
|
+
|
|
195
|
+
def produce_from_file(self, json_file: str, output_file: str = None) -> bool:
|
|
196
|
+
"""
|
|
197
|
+
Parse plain/raw input JSON file and produce GitLab Code Quality JSON output
|
|
198
|
+
:param json_file:
|
|
199
|
+
:param output_file:
|
|
200
|
+
:return: True if successful, False otherwise
|
|
201
|
+
"""
|
|
202
|
+
self.print_trace(f"produce_from_file called with json_file: {json_file}, output_file: {output_file}")
|
|
203
|
+
self.print_debug(f"Input JSON file: {json_file}, output_file: {output_file}")
|
|
204
|
+
if not json_file:
|
|
205
|
+
self.print_stderr('ERROR: No JSON file provided to parse.')
|
|
206
|
+
return False
|
|
207
|
+
if not os.path.isfile(json_file):
|
|
208
|
+
self.print_stderr(f'ERROR: JSON file does not exist or is not a file: {json_file}')
|
|
209
|
+
return False
|
|
210
|
+
self.print_debug(f"Reading JSON file: {json_file}")
|
|
211
|
+
with open(json_file, 'r') as f:
|
|
212
|
+
json_content = f.read()
|
|
213
|
+
success = self._produce_from_str(json_content, output_file)
|
|
214
|
+
return success
|