scanoss 1.40.0__py3-none-any.whl → 1.41.0__py3-none-any.whl

scanoss/inspection/{raw → summary}/match_summary.py

@@ -94,6 +94,7 @@ class MatchSummary(ScanossBase):
         self.scanoss_results_path = scanoss_results_path
         self.line_range_prefix = line_range_prefix
         self.output = output
+        self.print_debug("Initializing MatchSummary class")
 
 
     def _get_match_summary_item(self, file_name: str, result: dict) -> MatchSummaryItem:
@@ -108,11 +109,16 @@ class MatchSummary(ScanossBase):
         :param result: SCANOSS scan result dictionary containing match details
         :return: Populated match summary item with all relevant information
         """
+        self.print_trace(f"Creating match summary item for file: {file_name}, id: {result.get('id')}")
+
         if result.get('id') == "snippet":
             # Snippet match: create URL with line range anchor
             lines = scanoss_scan_results_utils.get_lines(result.get('lines'))
             end_line = lines[len(lines) - 1] if len(lines) > 1 else lines[0]
             file_url = f"{self.line_range_prefix}/{file_name}#L{lines[0]}-L{end_line}"
+
+            self.print_trace(f"Snippet match: lines {lines[0]}-{end_line}, purl: {result.get('purl')[0]}")
+
             return MatchSummaryItem(
                 file_url=file_url,
                 file=file_name,
@@ -124,6 +130,8 @@ class MatchSummary(ScanossBase):
                 lines=f"{lines[0]}-{lines[len(lines) - 1] if len(lines) > 1 else lines[0]}"
             )
         # File match: create URL without line range
+        self.print_trace(f"File match: {file_name}, purl: {result.get('purl')[0]}, version: {result.get('version')}")
+
         return MatchSummaryItem(
             file=file_name,
             file_url=f"{self.line_range_prefix}/{file_name}",
@@ -176,12 +184,19 @@ class MatchSummary(ScanossBase):
         required fields and categorizing matches into file matches and snippet matches.
         Skips invalid or incomplete results with debug messages.
         """
+        self.print_debug(f"Loading scan results from: {self.scanoss_results_path}")
+
         # Load scan results from JSON file
         scan_results = load_json_file(self.scanoss_results_path)
         gitlab_matches_summary = ComponentMatchSummary(files=[], snippet=[])
 
+        self.print_debug(f"Processing {len(scan_results)} files from scan results")
+        self.print_trace(f"Line range prefix set to: {self.line_range_prefix}")
+
         # Process each file and its results
         for file_name, results in scan_results.items():
+            self.print_trace(f"Processing file: {file_name} with {len(results)} results")
+
             for result in results:
                 # Skip non-matches
                 if result.get('id') == "none":
@@ -196,8 +211,15 @@ class MatchSummary(ScanossBase):
                 summary_item = self._get_match_summary_item(file_name, result)
                 if result.get('id') == "snippet":
                     gitlab_matches_summary.snippet.append(summary_item)
+                    self.print_trace(f"Added snippet match for {file_name}")
                 else:
                     gitlab_matches_summary.files.append(summary_item)
+                    self.print_trace(f"Added file match for {file_name}")
+
+        self.print_debug(
+            f"Match summary complete: {len(gitlab_matches_summary.files)} file matches, "
+            f"{len(gitlab_matches_summary.snippet)} snippet matches"
+        )
 
         return gitlab_matches_summary
 
@@ -212,14 +234,23 @@ class MatchSummary(ScanossBase):
         :param gitlab_matches_summary: Container with categorized file and snippet matches to format
         :return: Complete Markdown document with formatted match tables
         """
+        self.print_debug("Generating Markdown from match summaries")
 
         if len(gitlab_matches_summary.files) == 0 and len(gitlab_matches_summary.snippet) == 0:
+            self.print_debug("No matches to format - returning empty string")
             return ""
 
+        self.print_trace(
+            f"Formatting {len(gitlab_matches_summary.files)} file matches and "
+            f"{len(gitlab_matches_summary.snippet)} snippet matches"
+        )
+
         # Define table headers
         file_match_headers = ['File', 'License', 'Similarity', 'PURL', 'Version']
         snippet_match_headers = ['File', 'License', 'Similarity', 'PURL', 'Version', 'Lines']
+
         # Build file matches table
+        self.print_trace("Building file matches table")
         file_match_rows = []
         for file_match in gitlab_matches_summary.files:
             row = [
@@ -233,6 +264,7 @@ class MatchSummary(ScanossBase):
         file_match_table = generate_table(file_match_headers, file_match_rows)
 
         # Build snippet matches table
+        self.print_trace("Building snippet matches table")
         snippet_match_rows = []
         for snippet_match in gitlab_matches_summary.snippet:
             row = [
@@ -262,6 +294,8 @@ class MatchSummary(ScanossBase):
         markdown += snippet_match_table
         markdown += "\n</details>\n"
 
+        self.print_trace(f"Markdown generation complete (length: {len(markdown)} characters)")
+        self.print_debug("Match summary Markdown generation complete")
         return markdown
 
     def run(self):
@@ -275,16 +309,33 @@ class MatchSummary(ScanossBase):
         3. Generates Markdown report
         4. Outputs to file or stdout
         """
+        self.print_debug("Starting match summary generation process")
+        self.print_trace(
+            f"Configuration - Results path: {self.scanoss_results_path}, Output: {self.output}, "
+            f"Line range prefix: {self.line_range_prefix}"
+        )
+
         # Load and process scan results into categorized matches
+        self.print_trace("Loading and processing scan results")
         matches = self._get_matches_summary()
 
         # Format matches as GitLab-compatible Markdown
+        self.print_trace("Generating Markdown output")
         matches_md = self._markdown(matches)
         if matches_md == "":
+            self.print_debug("No matches found - exiting")
             self.print_stdout("No matches found.")
             return
+
         # Output to file or stdout
+        self.print_trace("Writing output")
+        if self.output:
+            self.print_debug(f"Writing match summary to file: {self.output}")
+        else:
+            self.print_debug("Writing match summary to 'stdout'")
+
         self.print_to_file_or_stdout(matches_md, self.output)
+        self.print_debug("Match summary generation complete")
 
 
 

scanoss/inspection/utils/license_utils.py

@@ -22,96 +22,90 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-from ...scanossbase import ScanossBase
+from scanoss.osadl import Osadl
 
-DEFAULT_COPYLEFT_LICENSES = {
-    'agpl-3.0-only',
-    'artistic-1.0',
-    'artistic-2.0',
-    'cc-by-sa-4.0',
-    'cddl-1.0',
-    'cddl-1.1',
-    'cecill-2.1',
-    'epl-1.0',
-    'epl-2.0',
-    'gfdl-1.1-only',
-    'gfdl-1.2-only',
-    'gfdl-1.3-only',
-    'gpl-1.0-only',
-    'gpl-2.0-only',
-    'gpl-3.0-only',
-    'lgpl-2.1-only',
-    'lgpl-3.0-only',
-    'mpl-1.1',
-    'mpl-2.0',
-    'sleepycat',
-    'watcom-1.0',
-}
+from ...scanossbase import ScanossBase
 
 
 class LicenseUtil(ScanossBase):
     """
     A utility class for handling software licenses, particularly copyleft licenses.
 
-    This class provides functionality to initialize, manage, and query a set of
-    copyleft licenses. It also offers a method to generate URLs for license information.
+    Uses OSADL (Open Source Automation Development Lab) authoritative copyleft data
+    with optional include/exclude/explicit filters.
     """
 
     BASE_SPDX_ORG_URL = 'https://spdx.org/licenses'
-    BASE_OSADL_URL = 'https://www.osadl.org/fileadmin/checklists/unreflicenses'
 
     def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
         super().__init__(debug, trace, quiet)
-        self.default_copyleft_licenses = set(DEFAULT_COPYLEFT_LICENSES)
-        self.copyleft_licenses = set()
+        self.osadl = Osadl(debug=debug, trace=trace, quiet=quiet)
+        self.include_licenses = set()
+        self.exclude_licenses = set()
+        self.explicit_licenses = set()
 
     def init(self, include: str = None, exclude: str = None, explicit: str = None):
         """
-        Initialize the set of copyleft licenses based on user input.
-
-        This method allows for customization of the copyleft license set by:
-        - Setting an explicit list of licenses
-        - Including additional licenses to the default set
-        - Excluding specific licenses from the default set
+        Initialize copyleft license filters.
 
-        :param include: Comma-separated string of licenses to include
-        :param exclude: Comma-separated string of licenses to exclude
-        :param explicit: Comma-separated string of licenses to use exclusively
+        :param include: Comma-separated licenses to mark as copyleft (in addition to OSADL)
+        :param exclude: Comma-separated licenses to mark as NOT copyleft (override OSADL)
+        :param explicit: Comma-separated licenses to use exclusively (ignore OSADL)
         """
-        if self.debug:
-            self.print_stderr(f'Include Copyleft licenses: ${include}')
-            self.print_stderr(f'Exclude Copyleft licenses: ${exclude}')
-            self.print_stderr(f'Explicit Copyleft licenses: ${explicit}')
-        if explicit:
-            explicit = explicit.strip()
+        # Reset previous filters so init() can be safely called multiple times
+        self.include_licenses.clear()
+        self.exclude_licenses.clear()
+        self.explicit_licenses.clear()
+
+        # Parse explicit list (if provided, ignore OSADL completely)
         if explicit:
-            exp = [item.strip().lower() for item in explicit.split(',')]
-            self.copyleft_licenses = set(exp)
-            self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.explicit_licenses = {lic.strip().lower() for lic in explicit.split(',') if lic.strip()}
+            self.print_debug(f'Explicit copyleft licenses: {self.explicit_licenses}')
             return
-        # If no explicit licenses were set, set default ones
-        self.copyleft_licenses = self.default_copyleft_licenses.copy()
-        if include:
-            include = include.strip()
+
+        # Parse include list (mark these as copyleft in addition to OSADL)
         if include:
-            inc = [item.strip().lower() for item in include.split(',')]
-            self.copyleft_licenses.update(inc)
-        if exclude:
-            exclude = exclude.strip()
+            self.include_licenses = {lic.strip().lower() for lic in include.split(',') if lic.strip()}
+            self.print_debug(f'Include licenses: {self.include_licenses}')
+
+        # Parse exclude list (mark these as NOT copyleft, overriding OSADL)
         if exclude:
-            inc = [item.strip().lower() for item in exclude.split(',')]
-            for lic in inc:
-                self.copyleft_licenses.discard(lic)
-        self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.exclude_licenses = {lic.strip().lower() for lic in exclude.split(',') if lic.strip()}
+            self.print_debug(f'Exclude licenses: {self.exclude_licenses}')
 
     def is_copyleft(self, spdxid: str) -> bool:
         """
-        Check if a given license is considered copyleft.
+        Check if a license is copyleft.
+
+        Logic:
+        1. If explicit list provided → check if license in explicit list
+        2. If license in include list → return True
+        3. If license in exclude list → return False
+        4. Otherwise → use OSADL authoritative data
 
-        :param spdxid: The SPDX identifier of the license to check
-        :return: True if the license is copyleft, False otherwise
+        :param spdxid: SPDX license identifier
+        :return: True if copyleft, False otherwise
         """
-        return spdxid.lower() in self.copyleft_licenses
+        if not spdxid:
+            self.print_debug('No license ID provided for copyleft check')
+            return False
+
+        spdxid_lc = spdxid.lower()
+
+        # Explicit mode: use only the explicit list
+        if self.explicit_licenses:
+            return spdxid_lc in self.explicit_licenses
+
+        # Include filter: if license in include list, force copyleft=True
+        if spdxid_lc in self.include_licenses:
+            return True
+
+        # Exclude filter: if license in exclude list, force copyleft=False
+        if spdxid_lc in self.exclude_licenses:
+            return False
+
+        # No filters matched, use OSADL authoritative data
+        return self.osadl.is_copyleft(spdxid)
 
     def get_spdx_url(self, spdxid: str) -> str:
         """
@@ -122,14 +116,6 @@ class LicenseUtil(ScanossBase):
         """
         return f'{self.BASE_SPDX_ORG_URL}/{spdxid}.html'
 
-    def get_osadl_url(self, spdxid: str) -> str:
-        """
-        Generate the URL for the OSADL (Open Source Automation Development Lab) page of a license.
-
-        :param spdxid: The SPDX identifier of the license
-        :return: The URL of the OSADL page for the given license
-        """
-        return f'{self.BASE_OSADL_URL}/{spdxid}.txt'
 
 
 #

scanoss/inspection/{raw/raw_base.py → utils/scan_result_processor.py}

@@ -22,11 +22,10 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-from abc import abstractmethod
 from enum import Enum
 from typing import Any, Dict, TypeVar
 
-from ..policy_check import PolicyCheck
+from ...scanossbase import ScanossBase
 from ..utils.file_utils import load_json_file
 from ..utils.license_utils import LicenseUtil
 
@@ -51,12 +50,13 @@ class ComponentID(Enum):
 #
 
 T = TypeVar('T')
-class RawBase(PolicyCheck[T]):
+class ScanResultProcessor(ScanossBase):
     """
-    A base class to perform inspections over scan results.
+    A utility class for processing and transforming scan results.
 
-    This class provides a basic for scan results inspection, including methods for
-    processing scan results components and licenses.
+    This class provides functionality for processing scan results, including methods for
+    loading, parsing, extracting, and aggregating component and license data from scan results.
+    It serves as a shared data processing layer used by both policy checks and summary generators.
 
     Inherits from:
         ScanossBase: A base class providing common functionality for SCANOSS-related operations.
@@ -67,40 +67,21 @@ class RawBase(PolicyCheck[T]):
         debug: bool = False,
         trace: bool = False,
         quiet: bool = False,
-        format_type: str = None,
-        filepath: str = None,
-        output: str = None,
-        status: str = None,
-        name: str = None,
+        result_file_path: str = None,
+        include: str = None,
+        exclude: str = None,
+        explicit: str = None,
+        license_sources: list = None,
     ):
-        super().__init__(debug, trace, quiet, format_type,status, name, output)
+        super().__init__(debug, trace, quiet)
+        self.result_file_path = result_file_path
         self.license_util = LicenseUtil()
-        self.filepath = filepath
-        self.output = output
+        self.license_util.init(include, exclude, explicit)
+        self.license_sources = license_sources
         self.results = self._load_input_file()
 
-    @abstractmethod
-    def _get_components(self):
-        """
-        Retrieve and process components from the preloaded results.
-
-        This method performs the following steps:
-        1. Checks if the results have been previously loaded (self.results).
-        2. Extracts and processes components from the loaded results.
-
-        :return: A list of processed components, or None if an error occurred during any step.
-
-        Possible reasons for returning None include:
-        - Results not loaded (self.results is None)
-        - Failure to extract components from the results
-
-        Note:
-        - This method assumes that the results have been previously loaded and stored in self.results.
-        - Implementations must extract components (e.g. via `_get_components_data`,
-          `_get_dependencies_data`, or other helpers).
-        - If `self.results` is `None`, simply return `None`.
-        """
-    pass
+    def get_results(self) -> Dict[str, Any]:
+        return self.results
 
     def _append_component(self, components: Dict[str, Any], new_component: Dict[str, Any]) -> Dict[str, Any]:
         """
@@ -183,9 +164,11 @@ class RawBase(PolicyCheck[T]):
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return
 
-        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
+        # Select licenses based on configuration (filtering or priority mode)
+        selected_licenses = self._select_licenses(new_component['licenses'])
+
         # Process licenses for this component
-        for license_item in licenses_order_by_source_priority:
+        for license_item in selected_licenses:
             if license_item.get('name'):
                 spdxid = license_item['name']
                 source = license_item.get('source')
@@ -213,7 +196,7 @@ class RawBase(PolicyCheck[T]):
         else:
             component['undeclared'] += 1
 
-    def _get_components_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
+    def get_components_data(self, components: Dict[str, Any]) -> Dict[str, Any]:
         """
            Extract and process file and snippet components from results.
 
@@ -230,11 +213,11 @@ class RawBase(PolicyCheck[T]):
              which tracks the number of occurrences of each license
 
            Args:
-               results: A dictionary containing the raw results of a component scan
+               components: A dictionary containing the raw results of a component scan
            Returns:
                Updated components dictionary with file and snippet data
            """
-        for component in results.values():
+        for component in self.results.values():
             for c in component:
                 component_id = c.get('id')
                 if not component_id:
@@ -266,15 +249,13 @@ class RawBase(PolicyCheck[T]):
         # End components loop
         return components
 
-    def _get_dependencies_data(self, results: Dict[str, Any], components: Dict[str, Any]) -> Dict[str, Any]:
+    def get_dependencies_data(self,components: Dict[str, Any]) -> Dict[str, Any]:
         """
         Extract and process dependency components from results.
-
-        :param results: A dictionary containing the raw results of a component scan
         :param components: Existing components dictionary to update
         :return: Updated components dictionary with dependency data
         """
-        for component in results.values():
+        for component in self.results.values():
             for c in component:
                 component_id = c.get('id')
                 if not component_id:
@@ -313,12 +294,12 @@ class RawBase(PolicyCheck[T]):
               Dict[str, Any]: The parsed JSON data
         """
         try:
-            return load_json_file(self.filepath)
+            return load_json_file(self.result_file_path)
         except Exception as e:
                 self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
                 return None
 
-    def _convert_components_to_list(self, components: dict):
+    def convert_components_to_list(self, components: dict):
         if components is None:
             self.print_debug(f'WARNING: Components is empty {self.results}')
             return None
@@ -332,19 +313,26 @@ class RawBase(PolicyCheck[T]):
                 component['licenses'] = []
         return results_list
 
-    def _get_licenses_order_by_source_priority(self,licenses_data):
+    def _select_licenses(self, licenses_data):
         """
-        Select licenses based on source priority:
-        1. component_declared (highest priority)
-        2. license_file
-        3. file_header
-        4. scancode (lowest priority)
+        Select licenses based on configuration.
+
+        Two modes:
+        - Filtering mode: If license_sources specified, filter to those sources
+        - Priority mode: Otherwise, use original priority-based selection
 
-        If any high-priority source is found, return only licenses from that source.
-        If none found, return all licenses.
+        Args:
+            licenses_data: List of license dictionaries
 
-        Returns: list with ordered licenses by source.
+        Returns:
+            Filtered list of licenses based on configuration
         """
+        # Filtering mode, when license_sources is explicitly provided
+        if self.license_sources:
+            sources_to_include = set(self.license_sources) | {'unknown'}
+            return [lic for lic in licenses_data
+                    if lic.get('source') in sources_to_include or lic.get('source') is None]
+
         # Define priority order (highest to lowest)
         priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']
 
@@ -372,7 +360,7 @@ class RawBase(PolicyCheck[T]):
         self.print_debug("No priority sources found, returning all licenses as list")
         return licenses_data
 
-    def _group_components_by_license(self,components):
+    def group_components_by_license(self,components):
         """
         Groups components by their unique component-license pairs.
 
@@ -425,5 +413,5 @@ class RawBase(PolicyCheck[T]):
 
 
 #
-# End of PolicyCheck Class
-#
+# End of ScanResultProcessor Class
+#

scanoss/osadl.py

@@ -0,0 +1,125 @@
+"""
+SPDX-License-Identifier: MIT
+
+  Copyright (c) 2025, SCANOSS
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+"""
+
+import json
+import sys
+
+import importlib_resources
+
+from scanoss.scanossbase import ScanossBase
+
+
+class Osadl(ScanossBase):
+    """
+    OSADL data accessor class.
+
+    Provides access to OSADL (Open Source Automation Development Lab) authoritative
+    checklist data for license analysis.
+
+    Data is loaded once at class level and shared across all instances for efficiency.
+
+    Data source: https://www.osadl.org/fileadmin/checklists/copyleft.json
+    License: CC-BY-4.0
+    """
+
+    _shared_copyleft_data = {}
+    _data_loaded = False
+
+    def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
+        """
+        Initialize the Osadl class.
+        Data is loaded once at class level and shared across all instances.
+        """
+        super().__init__(debug, trace, quiet)
+        self._load_copyleft_data()
+
+
+    def _load_copyleft_data(self) -> bool:
+        """
+        Load the embedded OSADL copyleft JSON file into class-level shared data.
+        Data is loaded only once and shared across all instances.
+
+        :return: True if successful, False otherwise
+        """
+        if Osadl._data_loaded:
+            return True
+
+        # OSADL copyleft license checklist from: https://www.osadl.org/Checklists
+        # Data source: https://www.osadl.org/fileadmin/checklists/copyleft.json
+        # License: CC-BY-4.0 (Creative Commons Attribution 4.0 International)
+        # Copyright: (C) 2017 - 2024 Open Source Automation Development Lab (OSADL) eG
+        try:
+            f_name = importlib_resources.files(__name__) / 'data/osadl-copyleft.json'
+            with importlib_resources.as_file(f_name) as f:
+                with open(f, 'r', encoding='utf-8') as file:
+                    data = json.load(file)
+        except Exception as e:
+            self.print_stderr(f'ERROR: Problem loading OSADL copyleft data: {e}')
+            return False
+
+        # Process copyleft data
+        copyleft = data.get('copyleft', {})
+        if not copyleft:
+            self.print_stderr('ERROR: No copyleft data found in OSADL JSON')
+            return False
+
+        # Store in class-level shared dictionary
+        for lic_id, status in copyleft.items():
+            # Normalize license ID (lowercase) for consistent lookup
+            lic_id_lc = lic_id.lower()
+            Osadl._shared_copyleft_data[lic_id_lc] = status
+
+        Osadl._data_loaded = True
+        self.print_debug(f'Loaded {len(Osadl._shared_copyleft_data)} OSADL copyleft entries')
+        return True
+
+    def is_copyleft(self, spdx_id: str) -> bool:
+        """
+        Check if a license is copyleft according to OSADL data.
+
+        Returns True for both strong copyleft ("Yes") and weak/restricted copyleft ("Yes (restricted)").
+
+        :param spdx_id: SPDX license identifier
+        :return: True if copyleft, False otherwise
+        """
+        if not spdx_id:
+            self.print_debug('No license ID provided for copyleft check')
+            return False
+
+        # Normalize lookup
+        spdx_id_lc = spdx_id.lower()
+        # Use class-level shared data
+        status = Osadl._shared_copyleft_data.get(spdx_id_lc)
+
+        if not status:
+            self.print_debug(f'No OSADL copyleft data for license: {spdx_id}')
+            return False
+
+        # Consider both "Yes" and "Yes (restricted)" as copyleft (case-insensitive)
+        return status.lower().startswith('yes')
+
+
+#
+# End of Osadl Class
+#