added official support for cryptographic reporting

Author: eeisegn

.github/workflows/python-local-test.yml

@@ -42,7 +42,7 @@ jobs:
         run: |
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"
@@ -56,7 +56,7 @@ jobs:
           pip install scanoss_winnowing
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"

.github/workflows/python-publish-pypi.yml

@@ -36,7 +36,7 @@ jobs:
         run: |
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"
@@ -85,7 +85,7 @@ jobs:
         run: |
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"
@@ -99,7 +99,7 @@ jobs:
           pip install scanoss_winnowing
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"

.github/workflows/python-publish-testpypi.yml

@@ -79,7 +79,7 @@ jobs:
         run: |
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"
@@ -93,7 +93,7 @@ jobs:
           pip install scanoss_winnowing
           which scanoss-py
           scanoss-py version
-          scanoss-py fast
+          scanoss-py utils fast
           scanoss-py scan tests > results.json
           id_count=$(cat results.json | grep '"id":' | wc -l)
           echo "ID Count: $id_count"

CHANGELOG.md

@@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.5.0] - 2023-03-21
+### Added
+- Added support for component cryptographic reporting
+  - `scanoss-py component crypto ...`
+
 ## [1.4.2] - 2023-03-09
 ### Fixed
 - Fixed issue with custom certificate when scanning (--ca-cert)
@@ -218,3 +223,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.3.7]: https://github.com/scanoss/scanoss.py/compare/v1.3.6...v1.3.7
 [1.4.0]: https://github.com/scanoss/scanoss.py/compare/v1.3.7...v1.4.0
 [1.4.2]: https://github.com/scanoss/scanoss.py/compare/v1.4.0...v1.4.2
+[1.5.0]: https://github.com/scanoss/scanoss.py/compare/v1.4.2...v1.5.0

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = '1.4.2'
+__version__ = '1.5.0'

src/scanoss/cli.py

@@ -34,6 +34,7 @@
 from .cyclonedx import CycloneDx
 from .spdxlite import SpdxLite
 from .csvoutput import CsvOutput
+from .components import Components
 from . import __version__
 from .scanner import FAST_WINNOWING
 
@@ -173,6 +174,8 @@ def setup_args() -> None:
     c_crypto.add_argument('--purl',  '-p', type=str, nargs="*", help='Package URL - PURL to process.')
     c_crypto.add_argument('--input', '-i', type=str, help='Input file name')
     c_crypto.add_argument('--output','-o', type=str, help='Output result file name (optional - default stdout).')
+    c_crypto.add_argument('--timeout', '-M', type=int, default=600,
+                          help='Timeout (in seconds) for API communication (optional - default 600)')
 
     # Sub-command: utils
     p_util = subparsers.add_parser('utils', aliases=['ut'],
@@ -687,9 +690,6 @@ def comp_crypto(parser, args):
         args: Namespace
             Parsed arguments
     """
-    from .scanossgrpc import ScanossGrpc
-    import json
-
     if (not args.purl and not args.input) or (args.purl and args.input):
         print_stderr('Please specify an input file or purl to decorate (--purl or --input)')
         parser.parse_args([args.subparser, args.subparsercmd, '-h'])
@@ -698,43 +698,11 @@ def comp_crypto(parser, args):
         print_stderr(f'Error: Certificate file does not exist: {args.ca_cert}.')
         exit(1)
     pac_file = get_pac_file(args.pac)
-    file = sys.stdout
-    if args.output:
-        file = open(args.output, 'w')
-    success = False
-    purl_request = {}
-    if args.input:
-        if not os.path.isfile(args.input):
-            print_stderr(f'ERROR: JSON file does not exist or is not a file: {json_file}')
-            exit(1)
-        with open(args.input, 'r') as f:
-            try:
-                purl_request = json.loads(f.read())
-            except Exception as e:
-                print_stderr(f'ERROR: Problem parsing input JSON: {e}')
-    elif args.purl:
-        purls = []
-        for p in args.purl:
-            purls.append({'purl': p})
-        purl_request = {'purls': purls}
-
-    purl_count = len(purl_request.get('purls'))
-    if purl_count == 0:
-        print_stderr('No PURLs supplied to get cryptographic algorithms.')
-
-    grpc_api = ScanossGrpc(url=args.api2url, debug=args.debug, trace=args.trace, quiet=args.quiet, api_key=args.key,
-                           ca_cert=args.ca_cert, proxy=args.proxy, grpc_proxy=args.grpc_proxy, pac=pac_file
-                           )
-    resp = grpc_api.get_crypto_json(purl_request)
-    # print_stderr(f'Crypto Algo Resp: {resp}')
-    if resp:
-        print(json.dumps(resp, indent=2, sort_keys=True), file=file)
-        success = True
-    if args.output:
-        file.close()
-    if not success:
+    comps = Components(debug=args.debug, trace=args.trace, quiet=args.quiet, grpc_url=args.api2url, api_key=args.key,
+                           ca_cert=args.ca_cert, proxy=args.proxy, grpc_proxy=args.grpc_proxy, pac=pac_file,
+                       timeout=args.timeout)
+    if not comps.get_crypto_details(args.input, args.purl, args.output):
         exit(1)
-
 def main():
     """
     Run the ScanOSS CLI

src/scanoss/components.py

@@ -0,0 +1,150 @@
+"""
+ SPDX-License-Identifier: MIT
+
+   Copyright (c) 2023, SCANOSS
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+import json
+import os
+import sys
+from typing import TextIO
+
+from pypac.parser import PACFile
+
+from .scanner import Scanner
+from .scanossbase import ScanossBase
+from .scanossgrpc import ScanossGrpc
+
+
+class Components(ScanossBase):
+    """
+    Class for Component functionality
+    """
+
+    def __init__(self, debug: bool = False, trace: bool = False, quiet: bool = False,
+                 grpc_url: str = None, api_key: str = None, timeout: int = 600,
+                 proxy: str = None, grpc_proxy: str = None, ca_cert: str = None, pac: PACFile = None
+                 ):
+        """
+        Handle all component style requests
+
+        :param debug: Debug
+        :param trace: Trace
+        :param quiet: Quiet
+        :param grpc_url: gRPC URL
+        :param api_key: API Key
+        :param timeout: Timeout for requests (default 600)
+        :param proxy: Proxy to use (optional)
+        :param grpc_proxy: Specific gRPC proxy (optional)
+        :param ca_cert: TLS client certificate (optional)
+        :param pac: Proxy Auto-Config file (optional)
+        """
+        super().__init__(debug, trace, quiet)
+        ver_details = Scanner.version_details()
+        self.grpc_api = ScanossGrpc(url=grpc_url, debug=debug, quiet=quiet, trace=trace, api_key=api_key,
+                                    ver_details=ver_details, ca_cert=ca_cert, proxy=proxy, pac=pac,
+                                    grpc_proxy=grpc_proxy, timeout=timeout)
+
+    def load_purls(self, json_file: str = None, purls: [] = None) -> dict:
+        """
+        Load the specified purls and return a dictionary
+
+        :param json_file: JSON PURL file (optional)
+        :param purls: list of PURLs (optional)
+        :return: PURL Request dictionary
+        """
+        if json_file:
+            if not os.path.isfile(json_file) or not os.access(json_file, os.R_OK):
+                self.print_stderr(f'ERROR: JSON file does not exist, is not a file, or is not readable: {json_file}')
+                return None
+            with open(json_file, 'r') as f:
+                try:
+                    purl_request = json.loads(f.read())
+                except Exception as e:
+                    self.print_stderr(f'ERROR: Problem parsing input JSON: {e}')
+                    return None
+        elif purls:
+            parsed_purls = []
+            for p in purls:
+                parsed_purls.append({'purl': p})
+            purl_request = {'purls': parsed_purls}
+        else:
+            self.print_stderr('ERROR: No purls specified to process.')
+            return None
+        purl_count = len(purl_request.get('purls', []))
+        self.print_debug(f'Parsed Purls ({purl_count}): {purl_request}')
+        if purl_count == 0:
+            self.print_stderr('ERROR: No PURLs parsed from request.')
+            return None
+        return purl_request
+
+    def _open_file_or_sdtout(self, filename):
+        """
+        Open the given filename if requested, otherwise return STDOUT
+
+        :param filename:
+        :return:
+        """
+        file = sys.stdout
+        if filename:
+            try:
+                file = open(filename, 'w')
+            except OSError as e:
+                self.print_stderr(f'ERROR: Failed to open output file {filename}: {e}')
+                return None
+        return file
+
+    def _close_file(self, filename: str = None, file: TextIO = None) -> None:
+        """
+        Close the file descriptor if its defined
+
+        :param filename: filename
+        :param file: file IO object
+        :return: None
+        """
+        if filename and file:
+            self.print_trace(f'Closing file: {filename}')
+            file.close()
+
+    def get_crypto_details(self, json_file: str = None, purls: [] = None, output_file: str = None) -> bool:
+        """
+        Retrieve the cryptographic details for the supplied PURLs
+
+        :param json_file: PURL JSON request file (optional)
+        :param purls: PURL request array (optional)
+        :param output_file: output filename (optional). Default: STDOUT
+        :return: True on success, False otherwise
+        """
+        success = False
+        purls_request = self.load_purls(json_file, purls)
+        if purls_request is None or len(purls_request) == 0:
+            return False
+        file = self._open_file_or_sdtout(output_file)
+        if file is None:
+            return False
+        self.print_msg('Sending PURLs to Crypto API for decoration...')
+        response = self.grpc_api.get_crypto_json(purls_request)
+        if response:
+            print(json.dumps(response, indent=2, sort_keys=True), file=file)
+            success = True
+            if output_file:
+                self.print_msg(f'Results written to: {output_file}')
+        self._close_file(output_file, file)
+        return success