PyPI - scanoss - Versions diffs - 1.31.4__py3-none-any.whl → 1.32.0__py3-none-any.whl - Mend

scanoss 1.31.4py3-none-any.whl → 1.32.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

scanoss/__init__.py +1 -1
scanoss/api/common/v2/scanoss_common_pb2.py +47 -22
scanoss/api/common/v2/scanoss_common_pb2_grpc.py +20 -0
scanoss/api/components/v2/scanoss_components_pb2.py +54 -43
scanoss/api/components/v2/scanoss_components_pb2_grpc.py +77 -16
scanoss/api/cryptography/v2/scanoss_cryptography_pb2.py +58 -47
scanoss/api/cryptography/v2/scanoss_cryptography_pb2_grpc.py +105 -24
scanoss/api/dependencies/v2/scanoss_dependencies_pb2.py +48 -37
scanoss/api/dependencies/v2/scanoss_dependencies_pb2_grpc.py +63 -12
scanoss/api/geoprovenance/v2/scanoss_geoprovenance_pb2.py +42 -31
scanoss/api/geoprovenance/v2/scanoss_geoprovenance_pb2_grpc.py +63 -12
scanoss/api/licenses/__init__.py +23 -0
scanoss/api/licenses/v2/__init__.py +23 -0
scanoss/api/licenses/v2/scanoss_licenses_pb2.py +84 -0
scanoss/api/licenses/v2/scanoss_licenses_pb2_grpc.py +302 -0
scanoss/api/scanning/v2/scanoss_scanning_pb2.py +30 -19
scanoss/api/scanning/v2/scanoss_scanning_pb2_grpc.py +49 -8
scanoss/api/semgrep/v2/scanoss_semgrep_pb2.py +34 -23
scanoss/api/semgrep/v2/scanoss_semgrep_pb2_grpc.py +49 -8
scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2.py +78 -31
scanoss/api/vulnerabilities/v2/scanoss_vulnerabilities_pb2_grpc.py +282 -18
scanoss/cli.py +8 -3
scanoss/components.py +27 -8
scanoss/data/build_date.txt +1 -1
scanoss/inspection/dependency_track/project_violation.py +9 -8
scanoss/scanner.py +3 -0
scanoss/scanossapi.py +22 -24
scanoss/scanossgrpc.py +196 -64
scanoss/services/dependency_track_service.py +1 -1
scanoss/threadeddependencies.py +19 -18
{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/METADATA +2 -1
{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/RECORD +36 -32
{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/WHEEL +0 -0
{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/entry_points.txt +0 -0
{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/licenses/LICENSE +0 -0
{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/top_level.txt +0 -0

scanoss/scanossapi.py CHANGED Viewed

@@ -22,23 +22,23 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
+import http.client as http_client
 import logging
 import os
 import sys
 import time
+import uuid
 from json.decoder import JSONDecodeError
 import requests
-import uuid
-import http.client as http_client
 import urllib3
 from pypac import PACSession
 from pypac.parser import PACFile
 from urllib3.exceptions import InsecureRequestWarning
-from .scanossbase import ScanossBase
 from . import __version__
+from .constants import DEFAULT_TIMEOUT, MIN_TIMEOUT
+from .scanossbase import ScanossBase
 DEFAULT_URL = 'https://api.osskb.org/scan/direct'  # default free service URL
 DEFAULT_URL2 = 'https://api.scanoss.com/scan/direct'  # default premium service URL
@@ -52,7 +52,7 @@ class ScanossApi(ScanossBase):
     Currently support posting scan requests to the SCANOSS streaming API
     """
-    def __init__(  # noqa: PLR0913, PLR0915
+    def __init__(  # noqa: PLR0912, PLR0913, PLR0915
         self,
         scan_format: str = None,
         flags: str = None,
@@ -61,7 +61,7 @@ class ScanossApi(ScanossBase):
         debug: bool = False,
         trace: bool = False,
         quiet: bool = False,
-        timeout: int = 180,
+        timeout: int = DEFAULT_TIMEOUT,
         ver_details: str = None,
         ignore_cert_errors: bool = False,
         proxy: str = None,
@@ -87,30 +87,28 @@ class ScanossApi(ScanossBase):
             HTTPS_PROXY='http://<ip>:<port>'
         """
         super().__init__(debug, trace, quiet)
-        self.url = url
-        self.api_key = api_key
         self.sbom = None
         self.scan_format = scan_format if scan_format else 'plain'
         self.flags = flags
-        self.timeout = timeout if timeout > 5 else 180
+        self.timeout = timeout if timeout > MIN_TIMEOUT else DEFAULT_TIMEOUT
         self.retry_limit = retry if retry >= 0 else 5
         self.ignore_cert_errors = ignore_cert_errors
         self.req_headers = req_headers if req_headers else {}
         self.headers = {}
+        # Set the correct URL/API key combination
+        self.url = url if url else SCANOSS_SCAN_URL
+        self.api_key = api_key if api_key else SCANOSS_API_KEY
+        if self.api_key and not url and not os.environ.get('SCANOSS_SCAN_URL'):
+            self.url = DEFAULT_URL2  # API key specific and no alternative URL, so use the default premium
         if ver_details:
             self.headers['x-scanoss-client'] = ver_details
         if self.api_key:
             self.headers['X-Session'] = self.api_key
             self.headers['x-api-key'] = self.api_key
-        self.headers['User-Agent'] = f'scanoss-py/{__version__}'
-        self.headers['user-agent'] = f'scanoss-py/{__version__}'
-        self.load_generic_headers()
-        self.url = url if url else SCANOSS_SCAN_URL
-        self.api_key = api_key if api_key else SCANOSS_API_KEY
-        if self.api_key and not url and not os.environ.get('SCANOSS_SCAN_URL'):
-            self.url = DEFAULT_URL2  # API key specific and no alternative URL, so use the default premium
+        user_agent = f'scanoss-py/{__version__}'
+        self.headers['User-Agent'] = user_agent
+        self.headers['user-agent'] = user_agent
+        self.load_generic_headers(url)
         if self.trace:
             logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
@@ -133,7 +131,7 @@ class ScanossApi(ScanossBase):
         if self.proxies:
             self.session.proxies = self.proxies
-    def scan(self, wfp: str, context: str = None, scan_id: int = None):
+    def scan(self, wfp: str, context: str = None, scan_id: int = None):  # noqa: PLR0912, PLR0915
         """
         Scan the specified WFP and return the JSON object
         :param wfp: WFP to scan
@@ -192,7 +190,7 @@ class ScanossApi(ScanossBase):
                     else:
                         self.print_stderr(f'Warning: No response received from {self.url}. Retrying...')
                         time.sleep(5)
-                elif r.status_code == 503:  # Service limits have most likely been reached
+                elif r.status_code == requests.codes.service_unavailable:  # Service limits most likely reached
                     self.print_stderr(
                         f'ERROR: SCANOSS API rejected the scan request ({request_id}) due to '
                         f'service limits being exceeded'
@@ -202,7 +200,7 @@ class ScanossApi(ScanossBase):
                         f'ERROR: {r.status_code} - The SCANOSS API request ({request_id}) rejected '
                         f'for {self.url} due to service limits being exceeded.'
                     )
-                elif r.status_code >= 400:
+                elif r.status_code >= requests.codes.bad_request:
                     if retry > self.retry_limit:  # No response retry_limit or more times, fail
                         self.save_bad_req_wfp(scan_files, request_id, scan_id)
                         raise Exception(
@@ -269,7 +267,7 @@ class ScanossApi(ScanossBase):
         self.sbom = sbom
         return self
-    def load_generic_headers(self):
+    def load_generic_headers(self, url):
         """
          Adds custom headers from req_headers to the headers collection.
@@ -279,7 +277,7 @@ class ScanossApi(ScanossBase):
         if self.req_headers:  # Load generic headers
             for key, value in self.req_headers.items():
                 if key == 'x-api-key': # Set premium URL if x-api-key header is set
-                    if not self.url and not os.environ.get('SCANOSS_SCAN_URL'):
+                    if not url and not os.environ.get('SCANOSS_SCAN_URL'):
                         self.url = DEFAULT_URL2  # API key specific and no alternative URL, so use the default premium
                     self.api_key = value
                 self.headers[key] = value

scanoss/scanossgrpc.py CHANGED Viewed

@@ -23,8 +23,12 @@ SPDX-License-Identifier: MIT
 """
 import concurrent.futures
+import http.client as http_client
 import json
+import logging
 import os
+import sys
+import time
 import uuid
 from dataclasses import dataclass
 from enum import IntEnum
@@ -32,15 +36,20 @@ from typing import Dict, Optional
 from urllib.parse import urlparse
 import grpc
+import requests
+import urllib3
 from google.protobuf.json_format import MessageToDict, ParseDict
+from pypac import PACSession
 from pypac.parser import PACFile
 from pypac.resolver import ProxyResolver
+from urllib3.exceptions import InsecureRequestWarning
 from scanoss.api.scanning.v2.scanoss_scanning_pb2_grpc import ScanningStub
 from scanoss.constants import DEFAULT_TIMEOUT
 from . import __version__
 from .api.common.v2.scanoss_common_pb2 import (
+    ComponentsRequest,
     EchoRequest,
     EchoResponse,
     PurlRequest,
@@ -62,7 +71,7 @@ from .api.geoprovenance.v2.scanoss_geoprovenance_pb2_grpc import GeoProvenanceSt
 from .api.scanning.v2.scanoss_scanning_pb2 import HFHRequest
 from .api.semgrep.v2.scanoss_semgrep_pb2 import SemgrepResponse
 from .api.semgrep.v2.scanoss_semgrep_pb2_grpc import SemgrepStub
-from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2 import VulnerabilityResponse
+from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2 import ComponentsVulnerabilityResponse
 from .api.vulnerabilities.v2.scanoss_vulnerabilities_pb2_grpc import VulnerabilitiesStub
 from .scanossbase import ScanossBase
@@ -70,21 +79,20 @@ DEFAULT_URL = 'https://api.osskb.org'  # default free service URL
 DEFAULT_URL2 = 'https://api.scanoss.com'  # default premium service URL
 SCANOSS_GRPC_URL = os.environ.get('SCANOSS_GRPC_URL') if os.environ.get('SCANOSS_GRPC_URL') else DEFAULT_URL
 SCANOSS_API_KEY = os.environ.get('SCANOSS_API_KEY') if os.environ.get('SCANOSS_API_KEY') else ''
+DEFAULT_URI_PREFIX = '/v2'
-MAX_CONCURRENT_REQUESTS = 5
+MAX_CONCURRENT_REQUESTS = 5 # Maximum number of concurrent requests to make
 class ScanossGrpcError(Exception):
     """
     Custom exception for SCANOSS gRPC errors
     """
     pass
 class ScanossGrpcStatusCode(IntEnum):
     """Status codes for SCANOSS gRPC responses"""
     SUCCESS = 1
     SUCCESS_WITH_WARNINGS = 2
     FAILED_WITH_WARNINGS = 3
@@ -96,7 +104,7 @@ class ScanossGrpc(ScanossBase):
     Client for gRPC functionality
     """
-    def __init__(  # noqa: PLR0913, PLR0915
+    def __init__(  # noqa: PLR0912, PLR0913, PLR0915
         self,
         url: str = None,
         debug: bool = False,
@@ -110,6 +118,8 @@ class ScanossGrpc(ScanossBase):
         grpc_proxy: str = None,
         pac: PACFile = None,
         req_headers: dict = None,
+        ignore_cert_errors: bool = False,
+        use_grpc: bool = False,
     ):
         """
@@ -127,27 +137,55 @@ class ScanossGrpc(ScanossBase):
             grpc_proxy='http://<ip>:<port>'
         """
         super().__init__(debug, trace, quiet)
-        self.url = url
         self.api_key = api_key if api_key else SCANOSS_API_KEY
         self.timeout = timeout
         self.proxy = proxy
         self.grpc_proxy = grpc_proxy
         self.pac = pac
-        self.req_headers = req_headers
         self.metadata = []
+        self.ignore_cert_errors = ignore_cert_errors
+        self.use_grpc = use_grpc
+        self.req_headers = req_headers if req_headers else {}
+        self.headers = {}
+        self.retry_limit = 2  # default retry limit
         if self.api_key:
             self.metadata.append(('x-api-key', api_key))  # Set API key if we have one
+            self.headers['X-Session'] = self.api_key
+            self.headers['x-api-key'] = self.api_key
         if ver_details:
             self.metadata.append(('x-scanoss-client', ver_details))
-        self.metadata.append(('user-agent', f'scanoss-py/{__version__}'))
-        self.load_generic_headers()
+            self.headers['x-scanoss-client'] = ver_details
+        user_agent = f'scanoss-py/{__version__}'
+        self.metadata.append(('user-agent', user_agent))
+        self.headers['User-Agent'] = user_agent
+        self.headers['user-agent'] = user_agent
+        self.headers['Content-Type'] = 'application/json'
+        # Set the correct URL/API key combination
         self.url = url if url else SCANOSS_GRPC_URL
         if self.api_key and not url and not os.environ.get('SCANOSS_GRPC_URL'):
             self.url = DEFAULT_URL2  # API key specific and no alternative URL, so use the default premium
+        self.load_generic_headers(url)
         self.url = self.url.lower()
-        self.orig_url = self.url  # Used for proxy lookup
+        self.orig_url = self.url.strip().rstrip('/')  # Used for proxy lookup
+        # REST setup
+        if self.trace:
+            logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
+            http_client.HTTPConnection.debuglevel = 1
+        if pac and not proxy:  # Set up a PAC session if requested (and no proxy has been explicitly set)
+            self.print_debug('Setting up PAC session...')
+            self.session = PACSession(pac=pac)
+        else:
+            self.session = requests.sessions.Session()
+        if self.ignore_cert_errors:
+            self.print_debug('Ignoring cert errors...')
+            urllib3.disable_warnings(InsecureRequestWarning)
+            self.session.verify = False
+        elif ca_cert:
+            self.session.verify = ca_cert
+        self.proxies = {'https': proxy, 'http': proxy} if proxy else None
+        if self.proxies:
+            self.session.proxies = self.proxies
         secure = True if self.url.startswith('https:') else False  # Is it a secure connection?
         if self.url.startswith('http'):
@@ -162,7 +200,7 @@ class ScanossGrpc(ScanossBase):
             cert_data = ScanossGrpc._load_cert(ca_cert)
         self.print_debug(f'Setting up (secure: {secure}) connection to {self.url}...')
         self._get_proxy_config()
-        if secure is False:  # insecure connection
+        if not secure:  # insecure connection
             self.comp_search_stub = ComponentsStub(grpc.insecure_channel(self.url))
             self.crypto_stub = CryptographyStub(grpc.insecure_channel(self.url))
             self.dependencies_stub = DependenciesStub(grpc.insecure_channel(self.url))
@@ -206,17 +244,6 @@ class ScanossGrpc(ScanossBase):
                 f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
             )
         else:
-            # self.print_stderr(f'resp: {resp} - call: {call}')
-            # response_id = ""
-            # if not call:
-            #     self.print_stderr(f'No call to leverage.')
-            # for key, value in call.trailing_metadata():
-            #     print('Greeter client received trailing metadata: key=%s value=%s' % (key, value))
-            #
-            # for key, value in call.trailing_metadata():
-            #     if key == 'x-response-id':
-            #         response_id = value
-            # self.print_stderr(f'Response ID: {response_id}. Metadata: {call.trailing_metadata()}')
             if resp:
                 return resp.message
             self.print_stderr(f'ERROR: Problem sending Echo request ({message}) to {self.url}. rqId: {request_id}')
@@ -264,54 +291,70 @@ class ScanossGrpc(ScanossBase):
         if not dependencies:
             self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         files_json = dependencies.get('files')
         if files_json is None or len(files_json) == 0:
-            self.print_stderr('ERROR: No dependency data supplied to send to gRPC service.')
+            self.print_stderr('ERROR: No dependency data supplied to send to decoration service.')
             return None
-        def process_file(file):
-            request_id = str(uuid.uuid4())
-            try:
-                file_request = {'files': [file]}
-                request = ParseDict(file_request, DependencyRequest())
-                request.depth = depth
-                metadata = self.metadata[:]
-                metadata.append(('x-request-id', request_id))
-                self.print_debug(f'Sending dependency data for decoration (rqId: {request_id})...')
-                resp = self.dependencies_stub.GetDependencies(request, metadata=metadata, timeout=self.timeout)
-                return MessageToDict(resp, preserving_proto_field_name=True)
-            except Exception as e:
-                self.print_stderr(
-                    f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
-                )
-                return None
         all_responses = []
+        # determine if we are using gRPC or REST based on the use_grpc flag
+        process_file = self._process_dep_file_grpc if self.use_grpc else self._process_dep_file_rest
+        # Process the dependency files in parallel
         with concurrent.futures.ThreadPoolExecutor(max_workers=MAX_CONCURRENT_REQUESTS) as executor:
-            future_to_file = {executor.submit(process_file, file): file for file in files_json}
+            future_to_file = {executor.submit(process_file, file, depth): file for file in files_json}
             for future in concurrent.futures.as_completed(future_to_file):
                 response = future.result()
                 if response:
                     all_responses.append(response)
-        SUCCESS_STATUS = 'SUCCESS'
-        merged_response = {'files': [], 'status': {'status': SUCCESS_STATUS, 'message': 'Success'}}
+        # End of concurrent processing
+        success_status = 'SUCCESS'
+        merged_response = {'files': [], 'status': {'status': success_status, 'message': 'Success'}}
+        # Merge the responses
         for response in all_responses:
             if response:
                 if 'files' in response and len(response['files']) > 0:
                     merged_response['files'].append(response['files'][0])
-                # Overwrite the status if the any of the responses was not successful
-                if 'status' in response and response['status']['status'] != SUCCESS_STATUS:
+                # Overwrite the status if any of the responses was not successful
+                if 'status' in response and response['status']['status'] != success_status:
                     merged_response['status'] = response['status']
         return merged_response
+    def _process_dep_file_grpc(self, file, depth: int = 1) -> dict:
+        """
+        Process a single file using gRPC
+        :param file: dependency file purls
+        :param depth: depth to search (default: 1)
+        :return: response JSON or None
+        """
+        request_id = str(uuid.uuid4())
+        try:
+            file_request = {'files': [file]}
+            request = ParseDict(file_request, DependencyRequest())
+            request.depth = depth
+            metadata = self.metadata[:]
+            metadata.append(('x-request-id', request_id))
+            self.print_debug(f'Sending dependency data via gRPC for decoration (rqId: {request_id})...')
+            resp = self.dependencies_stub.GetDependencies(request, metadata=metadata, timeout=self.timeout)
+            return MessageToDict(resp, preserving_proto_field_name=True)
+        except Exception as e:
+            self.print_stderr(
+                f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
+            )
+        return None
     def get_vulnerabilities_json(self, purls: dict) -> dict:
+        """
+        Client function to call the rpc for Vulnerability GetVulnerabilities
+        It will either use REST (default) or gRPC depending on the use_grpc flag
+        :param purls: Message to send to the service
+        :return: Server response or None
+        """
+        if self.use_grpc:
+            return self._get_vulnerabilities_grpc(purls)
+        else:
+            return self._get_vulnerabilities_rest(purls)
+    def _get_vulnerabilities_grpc(self, purls: dict) -> dict:
         """
         Client function to call the rpc for Vulnerability GetVulnerabilities
         :param purls: Message to send to the service
@@ -321,13 +364,13 @@ class ScanossGrpc(ScanossBase):
             self.print_stderr('ERROR: No message supplied to send to gRPC service.')
             return None
         request_id = str(uuid.uuid4())
-        resp: VulnerabilityResponse
+        resp: ComponentsVulnerabilityResponse
         try:
-            request = ParseDict(purls, PurlRequest())  # Parse the JSON/Dict into the purl request object
+            request = ParseDict(purls, ComponentsRequest())  # Parse the JSON/Dict into the purl request object
             metadata = self.metadata[:]
             metadata.append(('x-request-id', request_id))  # Set a Request ID
             self.print_debug(f'Sending vulnerability data for decoration (rqId: {request_id})...')
-            resp = self.vuln_stub.GetVulnerabilities(request, metadata=metadata, timeout=self.timeout)
+            resp = self.vuln_stub.GetComponentsVulnerabilities(request, metadata=metadata, timeout=self.timeout)
         except Exception as e:
             self.print_stderr(
                 f'ERROR: {e.__class__.__name__} Problem encountered sending gRPC message (rqId: {request_id}): {e}'
@@ -462,14 +505,11 @@ class ScanossGrpc(ScanossBase):
             dict: The parsed gRPC response as a dictionary, or None if something went wrong
         """
         request_id = str(uuid.uuid4())
         if isinstance(request_input, dict):
             request_obj = ParseDict(request_input, request_type())
         else:
             request_obj = request_input
         metadata = self.metadata[:] + [('x-request-id', request_id)]
         self.print_debug(debug_msg.format(rqId=request_id))
         try:
             resp = rpc_method(request_obj, metadata=metadata, timeout=self.timeout)
@@ -477,7 +517,6 @@ class ScanossGrpc(ScanossBase):
             raise ScanossGrpcError(
                 f'{e.__class__.__name__} while sending gRPC message (rqId: {request_id}): {e.details()}'
             )
         if resp and not self._check_status_response(resp.status, request_id):
             return None
@@ -661,7 +700,7 @@ class ScanossGrpc(ScanossBase):
             'Sending data for cryptographic versions in range decoration (rqId: {rqId})...',
         )
-    def load_generic_headers(self):
+    def load_generic_headers(self, url):
         """
         Adds custom headers from req_headers to metadata.
@@ -671,17 +710,106 @@ class ScanossGrpc(ScanossBase):
         if self.req_headers:  # Load generic headers
             for key, value in self.req_headers.items():
                 if key == 'x-api-key':  # Set premium URL if x-api-key header is set
-                    if not self.url and not os.environ.get('SCANOSS_GRPC_URL'):
+                    if not url and not os.environ.get('SCANOSS_GRPC_URL'):
                         self.url = DEFAULT_URL2  # API key specific and no alternative URL, so use the default premium
                     self.api_key = value
                 self.metadata.append((key, value))
+                self.headers[key] = value
+    #
+    # End of gRPC Client Functions
+    #
+    # Start of REST Client Functions
+    #
+    def rest_post(self, uri: str, request_id: str, data: dict) -> dict:
+        """
+        Post the specified data to the given URI.
+        :param request_id: request id
+        :param uri: URI to post to
+        :param data: json data to post
+        :return: JSON response or None
+        """
+        if not uri:
+            self.print_stderr('Error: Missing URI. Cannot search for project.')
+            return None
+        self.print_trace(f'Sending REST POST data to {uri}...')
+        headers = self.headers
+        headers['x-request-id'] = request_id  # send a unique request id for each post
+        retry = 0  # Add some retry logic to cater for timeouts, etc.
+        while retry <= self.retry_limit:
+            retry += 1
+            try:
+                response = self.session.post(uri, headers=headers, json=data, timeout=self.timeout)
+                response.raise_for_status()  # Raises an HTTPError for bad responses
+                return response.json()
+            except requests.exceptions.RequestException as e:
+                self.print_stderr(f'Error: Problem posting data to {uri}: {e}')
+            except (requests.exceptions.SSLError, requests.exceptions.ProxyError) as e:
+                self.print_stderr(f'ERROR: Exception ({e.__class__.__name__}) POSTing data - {e}.')
+                raise Exception(f'ERROR: The SCANOSS Decoration API request failed for {uri}') from e
+            except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e:
+                if retry > self.retry_limit:  # Timed out retry_limit or more times, fail
+                    self.print_stderr(f'ERROR: {e.__class__.__name__} POSTing decoration data ({request_id}): {e}')
+                    raise Exception(
+                        f'ERROR: The SCANOSS Decoration API request timed out ({e.__class__.__name__}) for {uri}'
+                    ) from e
+                else:
+                    self.print_stderr(f'Warning: {e.__class__.__name__} communicating with {self.url}. Retrying...')
+                    time.sleep(5)
+            except Exception as e:
+                self.print_stderr(
+                    f'ERROR: Exception ({e.__class__.__name__}) POSTing data ({request_id}) to {uri}: {e}'
+                )
+                raise Exception(f'ERROR: The SCANOSS Decoration API request failed for {uri}') from e
+        return None
+    def _get_vulnerabilities_rest(self, purls: dict):
+        """
+        Get the vulnerabilities for the given purls using REST API
+        :param purls: Purl Request dictionary
+        :return: Vulnerability Response, or None if the request was unsuccessful
+        """
+        if not purls:
+            self.print_stderr('ERROR: No message supplied to send to REST decoration service.')
+            return None
+        request_id = str(uuid.uuid4())
+        self.print_debug(f'Sending data for Vulnerabilities via REST (request id: {request_id})...')
+        response = self.rest_post(f'{self.orig_url}{DEFAULT_URI_PREFIX}/vulnerabilities/components', request_id, purls)
+        self.print_trace(f'Received response for Vulnerabilities via REST (request id: {request_id}): {response}')
+        if response:
+            # Parse the JSON/Dict into the purl response
+            resp_obj = ParseDict(response, ComponentsVulnerabilityResponse(), True)
+            if resp_obj:
+                self.print_debug(f'Vulnerability Response: {resp_obj}')
+                if not self._check_status_response(resp_obj.status, request_id):
+                    return None
+            del response['status']
+            return response
+        return None
+    def _process_dep_file_rest(self, file, depth: int = 1) -> dict:
+        """
+        Porcess a single dependency file using REST
+        :param file: dependency file purls
+        :param depth: depth to search (default: 1)
+        :return: response JSON or None
+        """
+        request_id = str(uuid.uuid4())
+        self.print_debug(f'Sending data for Dependencies via REST (request id: {request_id})...')
+        file_request = {'files': [file], 'depth': depth}
+        response = self.rest_post(f'{self.orig_url}{DEFAULT_URI_PREFIX}/dependencies/dependencies',
+                                  request_id, file_request
+                                  )
+        self.print_trace(f'Received response for Dependencies via REST (request id: {request_id}): {response}')
+        if response:
+            return response
+        return None
 #
 # End of ScanossGrpc Class
 #
 @dataclass
 class GrpcConfig:
     url: str = DEFAULT_URL
@@ -711,3 +839,7 @@ def create_grpc_config_from_args(args) -> GrpcConfig:
         proxy=getattr(args, 'proxy', None),
         grpc_proxy=getattr(args, 'grpc_proxy', None),
     )
+#
+# End of GrpcConfig class
+#

scanoss/services/dependency_track_service.py CHANGED Viewed

@@ -41,7 +41,7 @@ class DependencyTrackService(ScanossBase):
         super().__init__(debug=debug, trace=trace, quiet=quiet)
         if not url:
             raise ValueError("Error: Dependency Track URL is required")
-        self.url = url.rstrip('/')
+        self.url = url.strip().rstrip('/')
         if not api_key:
             raise ValueError("Error: Dependency Track API key is required")
         self.api_key = api_key

scanoss/threadeddependencies.py CHANGED Viewed

@@ -22,12 +22,12 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
-import threading
-import queue
 import json
-from enum import Enum
-from typing import Dict, Optional, Set
+import queue
+import threading
 from dataclasses import dataclass
+from enum import Enum
+from typing import Dict
 from .scancodedeps import ScancodeDeps
 from .scanossbase import ScanossBase
@@ -63,7 +63,7 @@ class ThreadedDependencies(ScanossBase):
     inputs: queue.Queue = queue.Queue()
     output: queue.Queue = queue.Queue()
-    def __init__(
+    def __init__(  # noqa: PLR0913
         self,
         sc_deps: ScancodeDeps,
         grpc_api: ScanossGrpc,
@@ -180,13 +180,15 @@ class ThreadedDependencies(ScanossBase):
             return self.filter_dependencies(
                 deps, lambda purl: (exclude and purl not in exclude) or (not exclude and purl in include)
             )
+        return None
-    def scan_dependencies(
+    def scan_dependencies(  # noqa: PLR0912
         self, dep_scope: SCOPE = None, dep_scope_include: str = None, dep_scope_exclude: str = None
     ) -> None:
         """
         Scan for dependencies from the given file/dir or from an input file (from the input queue).
         """
+        # TODO refactor to simplify branches based on PLR0912
         current_thread = threading.get_ident()
         self.print_trace(f'Starting dependency worker {current_thread}...')
         try:
@@ -194,18 +196,17 @@ class ThreadedDependencies(ScanossBase):
             deps = None
             if what_to_scan.startswith(DEP_FILE_PREFIX):  # We have a pre-parsed dependency file, load it
                 deps = self.sc_deps.load_from_file(what_to_scan.strip(DEP_FILE_PREFIX))
-            else:  # Search the file/folder for dependency files to parse
-                if not self.sc_deps.run_scan(what_to_scan=what_to_scan):
-                    self._errors = True
-                else:
-                    deps = self.sc_deps.produce_from_file()
-                    if dep_scope is not None:
-                        self.print_debug(f'Filtering {dep_scope.name} dependencies')
-                    if dep_scope_include is not None:
-                        self.print_debug(f"Including dependencies with '{dep_scope_include.split(',')}' scopes")
-                    if dep_scope_exclude is not None:
-                        self.print_debug(f"Excluding dependencies with '{dep_scope_exclude.split(',')}' scopes")
-                    deps = self.filter_dependencies_by_scopes(deps, dep_scope, dep_scope_include, dep_scope_exclude)
+            elif not self.sc_deps.run_scan(what_to_scan=what_to_scan):
+                self._errors = True
+            else:
+                deps = self.sc_deps.produce_from_file()
+                if dep_scope is not None:
+                    self.print_debug(f'Filtering {dep_scope.name} dependencies')
+                if dep_scope_include is not None:
+                    self.print_debug(f"Including dependencies with '{dep_scope_include.split(',')}' scopes")
+                if dep_scope_exclude is not None:
+                    self.print_debug(f"Excluding dependencies with '{dep_scope_exclude.split(',')}' scopes")
+                deps = self.filter_dependencies_by_scopes(deps, dep_scope, dep_scope_include, dep_scope_exclude)
             if not self._errors:
                 if deps is None:

{scanoss-1.31.4.dist-info → scanoss-1.32.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scanoss
-Version: 1.31.4
+Version: 1.32.0
 Summary: Simple Python library to leverage the SCANOSS APIs
 Home-page: https://scanoss.com
 Author: SCANOSS
@@ -30,6 +30,7 @@ Requires-Dist: packageurl-python
 Requires-Dist: pathspec
 Requires-Dist: jsonschema
 Requires-Dist: crc
+Requires-Dist: protoc-gen-openapiv2
 Requires-Dist: cyclonedx-python-lib[validation]
 Provides-Extra: fast-winnowing
 Requires-Dist: scanoss_winnowing>=0.5.0; extra == "fast-winnowing"

scanoss 1.31.4__py3-none-any.whl → 1.32.0__py3-none-any.whl

scanoss 1.31.4py3-none-any.whl → 1.32.0py3-none-any.whl