SP-802 Add file list option to scanning (#41)

* added file list scanning option
* updating action versions
* removing error when no files are scanned

Author: eeisegn

.github/workflows/container-local-test.yml

@@ -19,11 +19,11 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Setup and build the python package
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 
@@ -36,12 +36,12 @@ jobs:
         run: make dist
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       # Build Docker image with Buildx
       - name: Build Docker Image
         id: build-and-push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: false

.github/workflows/container-publish-ghcr.yml

@@ -22,11 +22,11 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Setup and build python package
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 
@@ -40,16 +40,16 @@ jobs:
 
         # Add support for more platforms with QEMU
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       #        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       # Login against a Docker registry except on PR
       - name: Log into registry ${{ env.REGISTRY }}
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -60,12 +60,12 @@ jobs:
         id: meta
         uses: docker/metadata-action@v4
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
 
       # Build and push Docker image with Buildx (don't push on PR)
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}

.github/workflows/python-local-test.yml

@@ -17,10 +17,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 

.github/workflows/python-publish-pypi.yml

@@ -11,10 +11,10 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 
@@ -49,7 +49,7 @@ jobs:
       - name: Publish Package - ${{ github.ref_name }}
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-#          skip_existing: true
+#          skip-existing: true
           user: __token__
           password: ${{ secrets.PYPI_API_TOKEN }}
 
@@ -65,10 +65,10 @@ jobs:
     needs: [ deploy ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 

.github/workflows/python-publish-testpypi.yml

@@ -10,10 +10,10 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 
@@ -49,21 +49,21 @@ jobs:
       - name: Publish Test Package
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          skip_existing: true
+          skip-existing: true
           user: __token__
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
-          repository_url: https://test.pypi.org/legacy/
+          repository-url: https://test.pypi.org/legacy/
 
   test:
     if: success()
     needs: [ deploy ]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10.x'
 

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.13.0] - 2024-06-05
+### Added
+- Added `scan` command option to specify a list of files (`--files`) to analyse
+
 ## [1.12.3] - 2024-05-13
 ### Fixed
 - Fixed export issue when license details are missing (SPDX/CycloneDX)
@@ -326,3 +330,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.12.1]: https://github.com/scanoss/scanoss.py/compare/v1.12.0...v1.12.1
 [1.12.2]: https://github.com/scanoss/scanoss.py/compare/v1.12.1...v1.12.2
 [1.12.3]: https://github.com/scanoss/scanoss.py/compare/v1.12.2...v1.12.3
+[1.13.0]: https://github.com/scanoss/scanoss.py/compare/v1.12.3...v1.13.0

cert_download.sh

@@ -26,7 +26,7 @@
 # Attempt to download an SSL certificate from the specified host and convert to a PEM file
 #
 
-script_name=$(basename $0)
+script_name=$(basename "$0")
 
 help()
 {
@@ -47,7 +47,7 @@ VALID_ARGUMENTS=$#
 if [ "$VALID_ARGUMENTS" -eq 0 ]; then  # No arguments supplied, print help
   help
 fi
-set -- $OPTS
+set -- "$OPTS"
 
 force=0
 while :; do

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = '1.12.3'
+__version__ = '1.13.0'

src/scanoss/cli.py

@@ -72,6 +72,7 @@ def setup_args() -> None:
                         help='Use a dependency file instead of a folder (optional)')
     p_scan.add_argument('--stdin', '-s', metavar='STDIN-FILENAME',  type=str,
                         help='Scan the file contents supplied via STDIN (optional)')
+    p_scan.add_argument('--files',    '-e', type=str, nargs="*", help='List of files to scan.')
     p_scan.add_argument('--identify', '-i', type=str, help='Scan and identify components in SBOM file')
     p_scan.add_argument('--ignore',   '-n', type=str, help='Ignore components specified in the SBOM file')
     p_scan.add_argument('--output',   '-o', type=str, help='Output result file name (optional - default stdout).')
@@ -445,8 +446,8 @@ def scan(parser, args):
         args: Namespace
             Parsed arguments
     """
-    if not args.scan_dir and not args.wfp and not args.stdin and not args.dep:
-        print_stderr('Please specify a file/folder, fingerprint (--wfp), dependency (--dep), or STDIN (--stdin)')
+    if not args.scan_dir and not args.wfp and not args.stdin and not args.dep and not args.files:
+        print_stderr('Please specify a file/folder, files (--files), fingerprint (--wfp), dependency (--dep), or STDIN (--stdin)')
         parser.parse_args([args.subparser, '-h'])
         exit(1)
     if args.pac and args.proxy:
@@ -556,6 +557,9 @@ def scan(parser, args):
         contents = sys.stdin.buffer.read()
         if not scanner.scan_contents(args.stdin, contents):
             exit(1)
+    elif args.files:
+        if not scanner.scan_files_with_options(args.files, args.dep, scanner.winnowing.file_map):
+            exit(1)
     elif args.scan_dir:
         if not os.path.exists(args.scan_dir):
             print_stderr(f'Error: File or folder specified does not exist: {args.scan_dir}.')

src/scanoss/scanner.py

@@ -522,8 +522,6 @@ def __finish_scan_threaded(self, file_map: dict = None) -> bool:
                             else:
                                 raw_output += ",\n  \"%s\":[%s]" % (file, json.dumps(dep_file, indent=2))
                     # End for loop
-        else:
-            success = False
         raw_output += "\n}"
         parsed_json = None
         try:
@@ -625,7 +623,6 @@ def scan_files(self, files: []) -> bool:
         success = True
         if not files:
             raise Exception(f"ERROR: Please provide a non-empty list of filenames to scan")
-        self.print_msg(f'Scanning {len(files)} files...')
         spinner = None
         if not self.quiet and self.isatty:
             spinner = Spinner('Fingerprinting ')
@@ -637,7 +634,23 @@ def scan_files(self, files: []) -> bool:
         file_count = 0  # count all files fingerprinted
         wfp_file_count = 0  # count number of files in each queue post
         scan_started = False
+        filtered_files = []
+        # Filter the files to remove anything we shouldn't scan
         for file in files:
+            filename = os.path.basename(file)
+            filtered_filenames = self.__filter_files([filename])
+            if not filtered_filenames or len(filtered_filenames) == 0:
+                self.print_debug(f'Skipping filtered file: {file}')
+                continue
+            paths = os.path.dirname(file).split(os.sep)
+            if len(self.__filter_dirs(paths)) == len(paths):  # Nothing found to filter
+                filtered_files.append(file)
+            else:
+                self.print_debug(f'Skipping filtered (folder) file: {file}')
+        if len(filtered_files) > 0:
+            self.print_debug(f'Scanning {len(filtered_files)} files...')
+        # Process all the requested files
+        for file in filtered_files:
             if self.threaded_scan and self.threaded_scan.stop_scanning():
                 self.print_stderr('Warning: Aborting fingerprinting as the scanning service is not available.')
                 break
@@ -697,7 +710,7 @@ def scan_files(self, files: []) -> bool:
             if self.threaded_scan:
                 success = self.__run_scan_threaded(scan_started, file_count)
         else:
-            Scanner.print_stderr(f'Warning: No files found to scan from: {files}')
+            Scanner.print_stderr(f'Warning: No files found to scan from: {filtered_files}')
         return success
 
     def scan_files_with_options(self, files: [], deps_file: str = None, file_map: dict = None) -> bool: