added scan and wfp filter options

Author: eeisegn

.github/workflows/python-local-test.yml

@@ -64,3 +64,17 @@ jobs:
             echo "Error: Scan test did not produce any results. Failing"
             exit 1
           fi
+
+      - name: Run Tests HPSM (fast winnowing)
+        run: |
+          pip install scanoss_winnowing
+          which scanoss-py
+          scanoss-py version
+          scanoss-py utils fast
+          scanoss-py scan -H tests > results.json
+          id_count=$(cat results.json | grep '"id":' | wc -l)
+          echo "ID Count: $id_count"
+          if [[ $id_count -lt 1 ]]; then
+            echo "Error: Scan test did not produce any results. Failing"
+            exit 1
+          fi

CHANGELOG.md

@@ -9,6 +9,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Upcoming changes...
 
+## [1.10.0] - 2024-02-06
+### Added
+- Added scan/wfp file filtering options
+  - Exclude file extensions `--skip-extension` (repeat as needed)
+  - Exclude folder `--skip-folder` (repeat as needed)
+  - Exclude files smaller than specified `--skip-size`
+- Added `scan_files_with_options` SDK capability
+  - Enables a programmer to supply a specific list of files to scan
+
 ## [1.9.0] - 2023-12-29
 ### Added
 - Added dependency file decoration option to scanning (`scan`) using `--dep`
@@ -281,3 +290,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.7.0]: https://github.com/scanoss/scanoss.py/compare/v1.6.3...v1.7.0
 [1.8.0]: https://github.com/scanoss/scanoss.py/compare/v1.7.0...v1.8.0
 [1.9.0]: https://github.com/scanoss/scanoss.py/compare/v1.8.0...v1.9.0
+[1.10.0]: https://github.com/scanoss/scanoss.py/compare/v1.9.0...v1.10.0

src/scanoss/__init__.py

@@ -22,4 +22,4 @@
    THE SOFTWARE.
 """
 
-__version__ = '1.9.0'
+__version__ = '1.10.0'

src/scanoss/cli.py

@@ -86,25 +86,19 @@ def setup_args() -> None:
                              '256: disable best match only, 512: hide identified files, '
                              '1024: enable download_url, 2048: enable GitHub full path, '
                              '4096: disable extended server stats)')
-    p_scan.add_argument('--skip-snippets', '-S', action='store_true', help='Skip the generation of snippets')
     p_scan.add_argument('--post-size', '-P', type=int, default=32,
                         help='Number of kilobytes to limit the post to while scanning (optional - default 32)')
     p_scan.add_argument('--timeout', '-M', type=int, default=180,
                         help='Timeout (in seconds) for API communication (optional - default 180)')
     p_scan.add_argument('--retry', '-R', type=int, default=5,
                         help='Retry limit for API communication (optional - default 5)')
     p_scan.add_argument('--no-wfp-output', action='store_true', help='Skip WFP file generation')
-    p_scan.add_argument('--all-extensions', action='store_true', help='Scan all file extensions')
-    p_scan.add_argument('--all-folders', action='store_true', help='Scan all folders')
-    p_scan.add_argument('--all-hidden', action='store_true', help='Scan all hidden files/folders')
-    p_scan.add_argument('--obfuscate', action='store_true', help='Obfuscate file paths and names')
     p_scan.add_argument('--dependencies', '-D', action='store_true', help='Add Dependency scanning')
     p_scan.add_argument('--dependencies-only', action='store_true', help='Run Dependency scanning only')
     p_scan.add_argument('--sc-command', type=str,
                         help='Scancode command and path if required (optional - default scancode).')
     p_scan.add_argument('--sc-timeout', type=int, default=600,
                         help='Timeout (in seconds) for scancode to complete (optional - default 600)')
-    p_scan.add_argument('--hpsm', '-H', action='store_true', help='Scan using High Precision Snippet Matching')
 
     # Sub-command: fingerprint
     p_wfp = subparsers.add_parser('fingerprint', aliases=['fp', 'wfp'],
@@ -116,12 +110,6 @@ def setup_args() -> None:
     p_wfp.add_argument('--stdin', '-s', metavar='STDIN-FILENAME',  type=str,
                        help='Fingerprint the file contents supplied via STDIN (optional)')
     p_wfp.add_argument('--output', '-o', type=str, help='Output result file name (optional - default stdout).')
-    p_wfp.add_argument('--obfuscate', action='store_true', help='Obfuscate fingerprints')
-    p_wfp.add_argument('--skip-snippets', '-S', action='store_true', help='Skip the generation of snippets')
-    p_wfp.add_argument('--all-extensions', action='store_true', help='Fingerprint all file extensions')
-    p_wfp.add_argument('--all-folders', action='store_true', help='Fingerprint all folders')
-    p_wfp.add_argument('--all-hidden', action='store_true', help='Fingerprint all hidden files/folders')
-    p_wfp.add_argument('--hpsm', '-H', action='store_true', help='Use High Precision Snippet Matching algorithm.')
 
     # Sub-command: dependency
     p_dep = subparsers.add_parser('dependencies', aliases=['dp', 'dep'],
@@ -260,6 +248,19 @@ def setup_args() -> None:
                        help='SCANOSS API URL (optional - default: https://osskb.org/api/scan/direct)')
         p.add_argument('--ignore-cert-errors', action='store_true', help='Ignore certificate errors')
 
+    # Global Scan/Fingerprint filter options
+    for p in [p_scan, p_wfp]:
+        p.add_argument('--obfuscate', action='store_true', help='Obfuscate fingerprints')
+        p.add_argument('--all-extensions', action='store_true', help='Fingerprint all file extensions')
+        p.add_argument('--all-folders', action='store_true', help='Fingerprint all folders')
+        p.add_argument('--all-hidden', action='store_true', help='Fingerprint all hidden files/folders')
+        p.add_argument('--hpsm', '-H', action='store_true', help='Use High Precision Snippet Matching algorithm.')
+        p.add_argument('--skip-snippets', '-S', action='store_true', help='Skip the generation of snippets')
+        p.add_argument('--skip-extension', '-E', type=str, action='append', help='File Extension to skip.')
+        p.add_argument('--skip-folder', '-O', type=str, action='append', help='Folder to skip.')
+        p.add_argument('--skip-size', '-Z', type=int, default=0,
+                       help='Minimum file size to consider for fingerprinting (optional - default 0 bytes [unlimited])')
+
     # Global Scan/GRPC options
     for p in [p_scan, c_crypto, c_vulns, c_search, c_versions, c_semgrep]:
         p.add_argument('--key', '-k', type=str,
@@ -374,8 +375,9 @@ def wfp(parser, args):
     scan_options = 0 if args.skip_snippets else ScanType.SCAN_SNIPPETS.value  # Skip snippet generation or not
     scanner = Scanner(debug=args.debug, trace=args.trace, quiet=args.quiet, obfuscate=args.obfuscate,
                       scan_options=scan_options, all_extensions=args.all_extensions,
-                      all_folders=args.all_folders, hidden_files_folders=args.all_hidden, hpsm=args.hpsm)
-
+                      all_folders=args.all_folders, hidden_files_folders=args.all_hidden, hpsm=args.hpsm,
+                      skip_size=args.skip_size, skip_extensions=args.skip_extension, skip_folders=args.skip_folder
+                      )
     if args.stdin:
         contents = sys.stdin.buffer.read()
         scanner.wfp_contents(args.stdin, contents, scan_output)
@@ -530,14 +532,15 @@ def scan(parser, args):
                       scan_options=scan_options, sc_timeout=args.sc_timeout, sc_command=args.sc_command,
                       grpc_url=args.api2url, obfuscate=args.obfuscate,
                       ignore_cert_errors=args.ignore_cert_errors, proxy=args.proxy, grpc_proxy=args.grpc_proxy,
-                      pac=pac_file, ca_cert=args.ca_cert, retry=args.retry, hpsm=args.hpsm
+                      pac=pac_file, ca_cert=args.ca_cert, retry=args.retry, hpsm=args.hpsm,
+                      skip_size=args.skip_size, skip_extensions=args.skip_extension, skip_folders=args.skip_folder
                       )
     if args.wfp:
         if not scanner.is_file_or_snippet_scan():
             print_stderr(f'Error: Cannot specify WFP scanning if file/snippet options are disabled ({scan_options})')
             exit(1)
         if scanner.is_dependency_scan() and not args.dep:
-            print_stderr(f'Error: Cannot specify WFP & Dependency scanning without a dependency file ({--dep})')
+            print_stderr(f'Error: Cannot specify WFP & Dependency scanning without a dependency file (--dep)')
             exit(1)
         scanner.scan_wfp_with_options(args.wfp, args.dep)
     elif args.stdin:

src/scanoss/scanner.py

@@ -58,7 +58,7 @@
 FILTERED_DIR_EXT = {  # Folder endings to skip
     ".egg-info"
 }
-FILTERED_EXT = {  # File extensions to skip
+FILTERED_EXT = [  # File extensions to skip
     ".1", ".2", ".3", ".4", ".5", ".6", ".7", ".8", ".9", ".ac", ".adoc", ".am",
     ".asciidoc", ".bmp", ".build", ".cfg", ".chm", ".class", ".cmake", ".cnf",
     ".conf", ".config", ".contributors", ".copying", ".crt", ".csproj", ".css",
@@ -78,7 +78,7 @@
     # File endings
     "-doc", "changelog", "config", "copying", "license", "authors", "news", "licenses", "notice",
     "readme", "swiftdoc", "texidoc", "todo", "version", "ignore", "manifest", "sqlite", "sqlite3"
-}
+]
 FILTERED_FILES = {  # Files to skip
     "gradlew", "gradlew.bat", "mvnw", "mvnw.cmd", "gradle-wrapper.jar", "maven-wrapper.jar",
     "thumbs.db", "babel.config.js", "license.txt", "license.md", "copying.lib", "makefile"
@@ -100,12 +100,17 @@ def __init__(self, wfp: str = None, scan_output: str = None, output_format: str
                  all_extensions: bool = False, all_folders: bool = False, hidden_files_folders: bool = False,
                  scan_options: int = 7, sc_timeout: int = 600, sc_command: str = None, grpc_url: str = None,
                  obfuscate: bool = False, ignore_cert_errors: bool = False, proxy: str = None, grpc_proxy: str = None,
-                 ca_cert: str = None, pac: PACFile = None, retry: int = 5, hpsm: bool = False
+                 ca_cert: str = None, pac: PACFile = None, retry: int = 5, hpsm: bool = False,
+                 skip_size: int = 0, skip_extensions=None, skip_folders=None
                  ):
         """
         Initialise scanning class, including Winnowing, ScanossApi and ThreadedScanning
         """
         super().__init__(debug, trace, quiet)
+        if skip_folders is None:
+            skip_folders = []
+        if skip_extensions is None:
+            skip_extensions = []
         self.wfp = wfp if wfp else "scanner_output.wfp"
         self.scan_output = scan_output
         self.output_format = output_format
@@ -117,6 +122,8 @@ def __init__(self, wfp: str = None, scan_output: str = None, output_format: str
         self.scan_options = scan_options
         self._skip_snippets = True if not scan_options & ScanType.SCAN_SNIPPETS.value else False
         self.hpsm = hpsm
+        self.skip_folders = skip_folders
+        self.skip_size = skip_size
         ver_details = Scanner.version_details()
 
         self.winnowing = Winnowing(debug=debug, quiet=quiet, skip_snippets=self._skip_snippets,
@@ -143,6 +150,9 @@ def __init__(self, wfp: str = None, scan_output: str = None, output_format: str
         self.post_file_count = post_size if post_size > 0 else 32  # Max number of files for any given POST (default 32)
         if self._skip_snippets:
             self.max_post_size = 8 * 1024  # 8k Max post size if we're skipping snippets
+        self.skip_extensions = FILTERED_EXT
+        if skip_extensions:  # Append extra file extensions to skip
+            self.skip_extensions.extend(skip_extensions)
 
     def __filter_files(self, files: list) -> list:
         """
@@ -160,8 +170,8 @@ def __filter_files(self, files: list) -> list:
                 if f_lower in FILTERED_FILES:  # Check for exact files to ignore
                     ignore = True
                 if not ignore:
-                    for ending in FILTERED_EXT:  # Check for file endings to ignore
-                        if f_lower.endswith(ending):
+                    for ending in self.skip_extensions:  # Check for file endings to ignore (static and user supplied)
+                        if ending and f_lower.endswith(ending):
                             ignore = True
                             break
             if not ignore:
@@ -181,10 +191,12 @@ def __filter_dirs(self, dirs: list) -> list:
                 ignore = True
             if not ignore and not self.all_folders:  # Skip this check if we're allowing all folders
                 d_lower = d.lower()
-                if d_lower in FILTERED_DIRS:  # Ignore specific folders
+                if d_lower in FILTERED_DIRS:  # Ignore specific folders (case insensitive)
+                    ignore = True
+                elif self.skip_folders and d in self.skip_folders:  # Ignore user-supplied folders (case sensitive)
                     ignore = True
                 if not ignore:
-                    for de in FILTERED_DIR_EXT:  # Ignore specific folder endings
+                    for de in FILTERED_DIR_EXT:  # Ignore specific folder endings (case insensitive)
                         if d_lower.endswith(de):
                             ignore = True
                             break
@@ -385,7 +397,8 @@ def scan_folder(self, scan_dir: str) -> bool:
                 except Exception as e:
                     self.print_trace(
                         f'Ignoring missing symlink file: {file} ({e})')  # Can fail if there is a broken symlink
-                if f_size > 0:  # Ignore broken links and empty files
+                # Ignore broken links and empty files or if a user-specified size limit is supplied
+                if f_size > 0 and (self.skip_size <= 0 or f_size > self.skip_size):
                     self.print_trace(f'Fingerprinting {path}...')
                     if spinner:
                         spinner.next()
@@ -598,7 +611,7 @@ def scan_file(self, file: str) -> bool:
             success = False
         return success
 
-    def scan_files(self, files: list[str]) -> bool:
+    def scan_files(self, files: []) -> bool:
         """
         Scan the specified list of files, producing fingerprints, send to the SCANOSS API and return results
         Please note that by providing an explicit list you bypass any exclusions that may be defined on the scanner
@@ -637,7 +650,7 @@ def scan_files(self, files: list[str]) -> bool:
                     spinner.next()
                 wfp = self.winnowing.wfp_for_file(file, file)
                 if wfp is None or wfp == '':
-                        self.print_stderr(f'Warning: No WFP returned for {path}')
+                        self.print_stderr(f'Warning: No WFP returned for {file}')
                         continue
                 if save_wfps_for_print:
                         wfp_list.append(wfp)
@@ -681,12 +694,12 @@ def scan_files(self, files: list[str]) -> bool:
             if self.threaded_scan:
                 success = self.__run_scan_threaded(scan_started, file_count)
         else:
-            Scanner.print_stderr(f'Warning: No files found to scan in folder: {scan_dir}')
+            Scanner.print_stderr(f'Warning: No files found to scan from: {files}')
         return success
 
-    def scan_files_with_options(self, files: list[str], deps_file: str = None, file_map: dict = None) -> bool:
+    def scan_files_with_options(self, files: [], deps_file: str = None, file_map: dict = None) -> bool:
         """
-        Scan the given folder for whatever scaning options that have been configured
+        Scan the given list of files for whatever scaning options that have been configured
         :param files: list of files to scan
         :param deps_file: pre-parsed dependency file to decorate
         :param file_map: mapping of obfuscated files back into originals
@@ -697,7 +710,7 @@ def scan_files_with_options(self, files: list[str], deps_file: str = None, file_
             raise Exception(f"ERROR: Please specify a list of files to scan")
         if not self.is_file_or_snippet_scan():
             raise Exception(f"ERROR: file or snippet scan options have to be set to scan files: {files}")
-        if self.is_dependency_scan():
+        if self.is_dependency_scan() or deps_file:
             raise Exception(f"ERROR: The dependency scan option is currently not supported when scanning a list of files")
         if self.scan_output:
             self.print_msg(f'Writing results to {self.scan_output}...')
@@ -852,26 +865,25 @@ def scan_wfp_with_options(self, wfp: str, deps_file: str, file_map: dict = None)
             raise Exception(f"ERROR: Specified WFP file does not exist or is not a file: {wfp_file}")
 
         if not self.is_file_or_snippet_scan() and not self.is_dependency_scan():
-            raise Exception(f"ERROR: No scan options defined to scan folder: {scan_dir}")
+            raise Exception(f"ERROR: No scan options defined to scan WFP: {wfp}")
 
         if self.scan_output:
             self.print_msg(f'Writing results to {self.scan_output}...')
         if self.is_dependency_scan():
             if not self.threaded_deps.run(deps_file=deps_file, wait=False):  # Kick off a background dependency scan
                 success = False
         if self.is_file_or_snippet_scan():
-            if not self.scan_wfp_file_threaded(wfp_file, file_map):
+            if not self.scan_wfp_file_threaded(wfp_file):
                 success = False
         if self.threaded_scan:
             if not self.__finish_scan_threaded(file_map):
                 success = False
         return success
 
-    def scan_wfp_file_threaded(self, file: str = None, file_map: dict = None) -> bool:
+    def scan_wfp_file_threaded(self, file: str = None) -> bool:
         """
         Scan the contents of the specified WFP file (threaded)
         :param file: WFP file to scan (optional)
-        :param file_map: mapping of obfuscated files back into originals (optional)
         return: True if successful, False otherwise
         """
         success = True