diff --git a/src/fosslight_binary/_binary.py b/src/fosslight_binary/_binary.py index 6c36fc8..b45cd7a 100755 --- a/src/fosslight_binary/_binary.py +++ b/src/fosslight_binary/_binary.py @@ -2,15 +2,18 @@ # -*- coding: utf-8 -*- # Copyright (c) 2020 LG Electronics Inc. # SPDX-License-Identifier: Apache-2.0 -from fosslight_util.oss_item import FileItem +import os import urllib.parse import logging import fosslight_util.constant as constant +from typing import Tuple +from fosslight_util.oss_item import FileItem EXCLUDE_TRUE_VALUE = "Exclude" TLSH_CHECKSUM_NULL = "0" MAX_EXCEL_URL_LENGTH = 255 EXCEEDED_VUL_URL_LENGTH_COMMENT = f"Exceeded the maximum vulnerability URL length of {MAX_EXCEL_URL_LENGTH} characters." +_PACKAGE_DIR = ["node_modules", "venv", "Pods", "Carthage"] logger = logging.getLogger(constant.LOGGER_NAME) @@ -108,3 +111,15 @@ def get_print_json(self): if self.comment: json_item["comment"] = self.comment return items + + +def is_package_dir(bin_with_path: str, _root_path: str) -> Tuple[bool, str]: + is_pkg = False + pkg_path = "" + path_parts = bin_with_path.split(os.path.sep) + for pkg_dir in _PACKAGE_DIR: + if pkg_dir in path_parts: + pkg_index = path_parts.index(pkg_dir) + pkg_path = os.path.sep.join(path_parts[:pkg_index + 1]).replace(_root_path, '', 1) + is_pkg = True + return is_pkg, pkg_path diff --git a/src/fosslight_binary/_jar_analysis.py b/src/fosslight_binary/_jar_analysis.py index 8067588..c4f2043 100644 --- a/src/fosslight_binary/_jar_analysis.py +++ b/src/fosslight_binary/_jar_analysis.py @@ -8,7 +8,7 @@ import os import sys import fosslight_util.constant as constant -from ._binary import BinaryItem, VulnerabilityItem +from ._binary import BinaryItem, VulnerabilityItem, is_package_dir from fosslight_util.oss_item import OssItem from dependency_check import run as dependency_check_run @@ -87,6 +87,11 @@ def merge_binary_list(owasp_items, vulnerability_items, bin_list): bin_item = BinaryItem(os.path.abspath(key)) bin_item.binary_name_without_path = os.path.basename(key) bin_item.source_name_or_path = key + + is_pkg, _ = is_package_dir(bin_item.source_name_or_path, '') + if is_pkg: + continue + bin_item.set_oss_items(oss_list) not_found_bin.append(bin_item) diff --git a/src/fosslight_binary/binary_analysis.py b/src/fosslight_binary/binary_analysis.py index 5374de8..9ef5f57 100755 --- a/src/fosslight_binary/binary_analysis.py +++ b/src/fosslight_binary/binary_analysis.py @@ -16,7 +16,7 @@ import fosslight_util.constant as constant from fosslight_util.output_format import check_output_formats_v2, write_output_file from ._binary_dao import get_oss_info_from_db -from ._binary import BinaryItem, TLSH_CHECKSUM_NULL +from ._binary import BinaryItem, TLSH_CHECKSUM_NULL, is_package_dir from ._jar_analysis import analyze_jar_file, merge_binary_list from ._simple_mode import print_simple_mode, filter_binary, init_simple from fosslight_util.correct import correct_with_yaml @@ -165,8 +165,15 @@ def get_file_list(path_to_find, abs_path_to_exclude): bin_with_path = os.path.join(root, file) bin_item = BinaryItem(bin_with_path) bin_item.binary_name_without_path = file - bin_item.source_name_or_path = bin_with_path.replace( - _root_path, '', 1) + bin_item.source_name_or_path = bin_with_path.replace(_root_path, '', 1) + + is_pkg, pkg_path = is_package_dir(bin_with_path, _root_path) + if is_pkg: + bin_item.source_name_or_path = pkg_path + if not any(x.source_name_or_path == bin_item.source_name_or_path for x in bin_list): + bin_item.exclude = True + bin_list.append(bin_item) + continue if any(dir_name in dir_path for dir_name in _EXCLUDE_DIR): bin_item.exclude = True