scanoss 1.27.1__py3-none-any.whl → 1.43.1__py3-none-any.whl

scanoss/inspection/utils/license_utils.py

@@ -22,96 +22,90 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-from ...scanossbase import ScanossBase
+from scanoss.osadl import Osadl
 
-DEFAULT_COPYLEFT_LICENSES = {
-    'agpl-3.0-only',
-    'artistic-1.0',
-    'artistic-2.0',
-    'cc-by-sa-4.0',
-    'cddl-1.0',
-    'cddl-1.1',
-    'cecill-2.1',
-    'epl-1.0',
-    'epl-2.0',
-    'gfdl-1.1-only',
-    'gfdl-1.2-only',
-    'gfdl-1.3-only',
-    'gpl-1.0-only',
-    'gpl-2.0-only',
-    'gpl-3.0-only',
-    'lgpl-2.1-only',
-    'lgpl-3.0-only',
-    'mpl-1.1',
-    'mpl-2.0',
-    'sleepycat',
-    'watcom-1.0',
-}
+from ...scanossbase import ScanossBase
 
 
 class LicenseUtil(ScanossBase):
     """
     A utility class for handling software licenses, particularly copyleft licenses.
 
-    This class provides functionality to initialize, manage, and query a set of
-    copyleft licenses. It also offers a method to generate URLs for license information.
+    Uses OSADL (Open Source Automation Development Lab) authoritative copyleft data
+    with optional include/exclude/explicit filters.
     """
 
     BASE_SPDX_ORG_URL = 'https://spdx.org/licenses'
-    BASE_OSADL_URL = 'https://www.osadl.org/fileadmin/checklists/unreflicenses'
 
     def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
         super().__init__(debug, trace, quiet)
-        self.default_copyleft_licenses = set(DEFAULT_COPYLEFT_LICENSES)
-        self.copyleft_licenses = set()
+        self.osadl = Osadl(debug=debug, trace=trace, quiet=quiet)
+        self.include_licenses = set()
+        self.exclude_licenses = set()
+        self.explicit_licenses = set()
 
     def init(self, include: str = None, exclude: str = None, explicit: str = None):
         """
-        Initialize the set of copyleft licenses based on user input.
-
-        This method allows for customization of the copyleft license set by:
-        - Setting an explicit list of licenses
-        - Including additional licenses to the default set
-        - Excluding specific licenses from the default set
+        Initialize copyleft license filters.
 
-        :param include: Comma-separated string of licenses to include
-        :param exclude: Comma-separated string of licenses to exclude
-        :param explicit: Comma-separated string of licenses to use exclusively
+        :param include: Comma-separated licenses to mark as copyleft (in addition to OSADL)
+        :param exclude: Comma-separated licenses to mark as NOT copyleft (override OSADL)
+        :param explicit: Comma-separated licenses to use exclusively (ignore OSADL)
         """
-        if self.debug:
-            self.print_stderr(f'Include Copyleft licenses: ${include}')
-            self.print_stderr(f'Exclude Copyleft licenses: ${exclude}')
-            self.print_stderr(f'Explicit Copyleft licenses: ${explicit}')
-        if explicit:
-            explicit = explicit.strip()
+        # Reset previous filters so init() can be safely called multiple times
+        self.include_licenses.clear()
+        self.exclude_licenses.clear()
+        self.explicit_licenses.clear()
+
+        # Parse explicit list (if provided, ignore OSADL completely)
         if explicit:
-            exp = [item.strip().lower() for item in explicit.split(',')]
-            self.copyleft_licenses = set(exp)
-            self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.explicit_licenses = {lic.strip().lower() for lic in explicit.split(',') if lic.strip()}
+            self.print_debug(f'Explicit copyleft licenses: {self.explicit_licenses}')
             return
-        # If no explicit licenses were set, set default ones
-        self.copyleft_licenses = self.default_copyleft_licenses.copy()
-        if include:
-            include = include.strip()
+
+        # Parse include list (mark these as copyleft in addition to OSADL)
         if include:
-            inc = [item.strip().lower() for item in include.split(',')]
-            self.copyleft_licenses.update(inc)
-        if exclude:
-            exclude = exclude.strip()
+            self.include_licenses = {lic.strip().lower() for lic in include.split(',') if lic.strip()}
+            self.print_debug(f'Include licenses: {self.include_licenses}')
+
+        # Parse exclude list (mark these as NOT copyleft, overriding OSADL)
         if exclude:
-            inc = [item.strip().lower() for item in exclude.split(',')]
-            for lic in inc:
-                self.copyleft_licenses.discard(lic)
-        self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.exclude_licenses = {lic.strip().lower() for lic in exclude.split(',') if lic.strip()}
+            self.print_debug(f'Exclude licenses: {self.exclude_licenses}')
 
     def is_copyleft(self, spdxid: str) -> bool:
         """
-        Check if a given license is considered copyleft.
+        Check if a license is copyleft.
+
+        Logic:
+        1. If explicit list provided → check if license in explicit list
+        2. If license in include list → return True
+        3. If license in exclude list → return False
+        4. Otherwise → use OSADL authoritative data
 
-        :param spdxid: The SPDX identifier of the license to check
-        :return: True if the license is copyleft, False otherwise
+        :param spdxid: SPDX license identifier
+        :return: True if copyleft, False otherwise
         """
-        return spdxid.lower() in self.copyleft_licenses
+        if not spdxid:
+            self.print_debug('No license ID provided for copyleft check')
+            return False
+
+        spdxid_lc = spdxid.lower()
+
+        # Explicit mode: use only the explicit list
+        if self.explicit_licenses:
+            return spdxid_lc in self.explicit_licenses
+
+        # Include filter: if license in include list, force copyleft=True
+        if spdxid_lc in self.include_licenses:
+            return True
+
+        # Exclude filter: if license in exclude list, force copyleft=False
+        if spdxid_lc in self.exclude_licenses:
+            return False
+
+        # No filters matched, use OSADL authoritative data
+        return self.osadl.is_copyleft(spdxid)
 
     def get_spdx_url(self, spdxid: str) -> str:
         """
@@ -122,14 +116,6 @@ class LicenseUtil(ScanossBase):
         """
         return f'{self.BASE_SPDX_ORG_URL}/{spdxid}.html'
 
-    def get_osadl_url(self, spdxid: str) -> str:
-        """
-        Generate the URL for the OSADL (Open Source Automation Development Lab) page of a license.
-
-        :param spdxid: The SPDX identifier of the license
-        :return: The URL of the OSADL page for the given license
-        """
-        return f'{self.BASE_OSADL_URL}/{spdxid}.txt'
 
 
 #

scanoss/inspection/utils/markdown_utils.py

@@ -0,0 +1,63 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+def generate_table(headers, rows, centered_columns=None):
+    """
+    Generate a Markdown table.
+
+    :param headers: List of headers for the table.
+    :param rows: List of rows for the table.
+    :param centered_columns: List of column indices to be centered.
+    :return: A string representing the Markdown table.
+    """
+    col_sep = ' | '
+    centered_column_set = set(centered_columns or [])
+    if headers is None:
+        return None
+
+    # Decide which separator to use
+    def create_separator(index):
+        if centered_columns is None:
+            return '-'
+        return ':-:' if index in centered_column_set else '-'
+
+    # Build the row separator
+    row_separator = col_sep + col_sep.join(create_separator(index) for index, _ in enumerate(headers)) + col_sep
+    # build table rows
+    table_rows = [col_sep + col_sep.join(headers) + col_sep, row_separator]
+    table_rows.extend(col_sep + col_sep.join(row) + col_sep for row in rows)
+    return '\n'.join(table_rows)
+
+def generate_jira_table(headers, rows, centered_columns=None):
+    col_sep = '*|*'
+    if headers is None:
+        return None
+
+    table_header = '|*' + col_sep.join(headers) + '*|\n'
+    table = table_header
+    for row in rows:
+        if len(headers) == len(row):
+            table += '|' + '|'.join(row) + '|\n'
+
+    return table

scanoss/inspection/{inspect_base.py → utils/scan_result_processor.py}

@@ -22,14 +22,12 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-import json
-import os.path
-from abc import abstractmethod
 from enum import Enum
-from typing import Any, Dict
+from typing import Any, Dict, TypeVar
 
-from ..scanossbase import ScanossBase
-from .utils.license_utils import LicenseUtil
+from ...scanossbase import ScanossBase
+from ..utils.file_utils import load_json_file
+from ..utils.license_utils import LicenseUtil
 
 
 class ComponentID(Enum):
@@ -51,13 +49,14 @@ class ComponentID(Enum):
 # End of ComponentID Class
 #
 
-
-class InspectBase(ScanossBase):
+T = TypeVar('T')
+class ScanResultProcessor(ScanossBase):
     """
-    A base class to perform inspections over scan results.
+    A utility class for processing and transforming scan results.
 
-    This class provides a basic for scan results inspection, including methods for
-    processing scan results components and licenses.
+    This class provides functionality for processing scan results, including methods for
+    loading, parsing, extracting, and aggregating component and license data from scan results.
+    It serves as a shared data processing layer used by both policy checks and summary generators.
 
     Inherits from:
         ScanossBase: A base class providing common functionality for SCANOSS-related operations.
@@ -68,37 +67,21 @@ class InspectBase(ScanossBase):
         debug: bool = False,
         trace: bool = False,
         quiet: bool = False,
-        filepath: str = None,
-        output: str = None,
+        result_file_path: str = None,
+        include: str = None,
+        exclude: str = None,
+        explicit: str = None,
+        license_sources: list = None,
     ):
         super().__init__(debug, trace, quiet)
+        self.result_file_path = result_file_path
         self.license_util = LicenseUtil()
-        self.filepath = filepath
-        self.output = output
+        self.license_util.init(include, exclude, explicit)
+        self.license_sources = license_sources
         self.results = self._load_input_file()
 
-    @abstractmethod
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
-
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
-
-        :return: A list of processed components, or None if an error occurred during any step.
-
-        Possible reasons for returning None include:
-        - Results not loaded (self.results is None)
-        - Failure to extract components from the results
-
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - Implementations must extract components (e.g. via `_get_components_data`,
-          `_get_dependencies_data`, or other helpers).
-        - If `self.results` is `None`, simply return `None`.
-        """
-    pass
+    def get_results(self) -> Dict[str, Any]:
+        return self.results
 
     def _append_component(self, components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
         """
@@ -181,9 +164,11 @@ class InspectBase(ScanossBase):
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return
 
-        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
+        # Select licenses based on configuration (filtering or priority mode)
+        selected_licenses = self._select_licenses(new_component['licenses'])
+
         # Process licenses for this component
-        for license_item in licenses_order_by_source_priority:
+        for license_item in selected_licenses:
             if license_item.get('name'):
                 spdxid = license_item['name']
                 source = license_item.get('source')
@@ -211,7 +196,7 @@ class InspectBase(ScanossBase):
         else:
             component['undeclared'] += 1
 
-    def _get_components_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
+    def get_components_data(self, components: Dict[str, Any]) -> Dict[str, Any]:
         """
            Extract and process file and snippet components from results.
 
@@ -228,11 +213,11 @@ class InspectBase(ScanossBase):
              which tracks the number of occurrences of each license
 
            Args:
-               results: A dictionary containing the raw results of a component scan
+               components: A dictionary containing the raw results of a component scan
            Returns:
                Updated components dictionary with file and snippet data
            """
-        for component in results.values():
+        for component in self.results.values():
             for c in component:
                 component_id = c.get('id')
                 if not component_id:
@@ -264,15 +249,13 @@ class InspectBase(ScanossBase):
         # End components loop
         return components
 
-    def _get_dependencies_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
+    def get_dependencies_data(self,components: Dict[str, Any]) -> Dict[str, Any]:
         """
         Extract and process dependency components from results.
-
-        :param results: A dictionary containing the raw results of a component scan
         :param components: Existing components dictionary to update
         :return: Updated components dictionary with dependency data
         """
-        for component in results.values():
+        for component in self.results.values():
             for c in component:
                 component_id = c.get('id')
                 if not component_id:
@@ -310,17 +293,13 @@ class InspectBase(ScanossBase):
           Returns:
               Dict[str, Any]: The parsed JSON data
         """
-        if not os.path.exists(self.filepath):
-            self.print_stderr(f'ERROR: The file "{self.filepath}" does not exist.')
-            return None
-        with open(self.filepath, 'r') as jsonfile:
-            try:
-                return json.load(jsonfile)
-            except Exception as e:
+        try:
+            return load_json_file(self.result_file_path)
+        except Exception as e:
                 self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
-        return None
+                return None
 
-    def _convert_components_to_list(self, components: dict):
+    def convert_components_to_list(self, components: dict):
         if components is None:
             self.print_debug(f'WARNING: Components is empty {self.results}')
             return None
@@ -334,19 +313,26 @@ class InspectBase(ScanossBase):
                 component['licenses'] = []
         return results_list
 
-    def _get_licenses_order_by_source_priority(self,licenses_data):
+    def _select_licenses(self, licenses_data):
         """
-        Select licenses based on source priority:
-        1. component_declared (highest priority)
-        2. license_file
-        3. file_header
-        4. scancode (lowest priority)
+        Select licenses based on configuration.
 
-        If any high-priority source is found, return only licenses from that source.
-        If none found, return all licenses.
+        Two modes:
+        - Filtering mode: If license_sources specified, filter to those sources
+        - Priority mode: Otherwise, use original priority-based selection
+
+        Args:
+            licenses_data: List of license dictionaries
 
-        Returns: list with ordered licenses by source.
+        Returns:
+            Filtered list of licenses based on configuration
         """
+        # Filtering mode, when license_sources is explicitly provided
+        if self.license_sources:
+            sources_to_include = set(self.license_sources) | {'unknown'}
+            return [lic for lic in licenses_data
+                    if lic.get('source') in sources_to_include or lic.get('source') is None]
+
         # Define priority order (highest to lowest)
         priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
 
@@ -374,7 +360,7 @@ class InspectBase(ScanossBase):
         self.print_debug("No priority sources found, returning all licenses as list")
         return licenses_data
 
-    def _group_components_by_license(self,components):
+    def group_components_by_license(self,components):
         """
         Groups components by their unique component-license pairs.
 
@@ -427,5 +413,5 @@ class InspectBase(ScanossBase):
 
 
 #
-# End of PolicyCheck Class
-#
+# End of ScanResultProcessor Class
+#

scanoss/osadl.py

@@ -0,0 +1,125 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+import json
+import sys
+
+import importlib_resources
+
+from scanoss.scanossbase import ScanossBase
+
+
+class Osadl(ScanossBase):
+    """
+    OSADL data accessor class.
+
+    Provides access to OSADL (Open Source Automation Development Lab) authoritative
+    checklist data for license analysis.
+
+    Data is loaded once at class level and shared across all instances for efficiency.
+
+    Data source: https://www.osadl.org/fileadmin/checklists/copyleft.json
+    License: CC-BY-4.0
+    """
+
+    _shared_copyleft_data = {}
+    _data_loaded = False
+
+    def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
+        """
+        Initialize the Osadl class.
+        Data is loaded once at class level and shared across all instances.
+        """
+        super().__init__(debug, trace, quiet)
+        self._load_copyleft_data()
+
+
+    def _load_copyleft_data(self) -> bool:
+        """
+        Load the embedded OSADL copyleft JSON file into class-level shared data.
+        Data is loaded only once and shared across all instances.
+
+        :return: True if successful, False otherwise
+        """
+        if Osadl._data_loaded:
+            return True
+
+        # OSADL copyleft license checklist from: https://www.osadl.org/Checklists
+        # Data source: https://www.osadl.org/fileadmin/checklists/copyleft.json
+        # License: CC-BY-4.0 (Creative Commons Attribution 4.0 International)
+        # Copyright: (C) 2017 - 2024 Open Source Automation Development Lab (OSADL) eG
+        try:
+            f_name = importlib_resources.files(__name__) / 'data/osadl-copyleft.json'
+            with importlib_resources.as_file(f_name) as f:
+                with open(f, 'r', encoding='utf-8') as file:
+                    data = json.load(file)
+        except Exception as e:
+            self.print_stderr(f'ERROR: Problem loading OSADL copyleft data: {e}')
+            return False
+
+        # Process copyleft data
+        copyleft = data.get('copyleft', {})
+        if not copyleft:
+            self.print_stderr('ERROR: No copyleft data found in OSADL JSON')
+            return False
+
+        # Store in class-level shared dictionary
+        for lic_id, status in copyleft.items():
+            # Normalize license ID (lowercase) for consistent lookup
+            lic_id_lc = lic_id.lower()
+            Osadl._shared_copyleft_data[lic_id_lc] = status
+
+        Osadl._data_loaded = True
+        self.print_debug(f'Loaded {len(Osadl._shared_copyleft_data)} OSADL copyleft entries')
+        return True
+
+    def is_copyleft(self, spdx_id: str) -> bool:
+        """
+        Check if a license is copyleft according to OSADL data.
+
+        Returns True for both strong copyleft ("Yes") and weak/restricted copyleft ("Yes (restricted)").
+
+        :param spdx_id: SPDX license identifier
+        :return: True if copyleft, False otherwise
+        """
+        if not spdx_id:
+            self.print_debug('No license ID provided for copyleft check')
+            return False
+
+        # Normalize lookup
+        spdx_id_lc = spdx_id.lower()
+        # Use class-level shared data
+        status = Osadl._shared_copyleft_data.get(spdx_id_lc)
+
+        if not status:
+            self.print_debug(f'No OSADL copyleft data for license: {spdx_id}')
+            return False
+
+        # Consider both "Yes" and "Yes (restricted)" as copyleft (case-insensitive)
+        return status.lower().startswith('yes')
+
+
+#
+# End of Osadl Class
+#