Merge branch 'main' into 660-purl-next-maven

Author: JonoYang

minecode/collectors/alpine.py

@@ -0,0 +1,84 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0
+# See https://github.com/aboutcode-org/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+from packageurl import PackageURL
+from minecode import priority_router
+from minecode.miners.alpine import build_packages
+from minecode.utils import fetch_http, get_temp_file
+from minecode.utils import extract_file
+from packagedb.models import PackageContentType
+
+logger = logging.getLogger(__name__)
+handler = logging.StreamHandler()
+logger.addHandler(handler)
+logger.setLevel(logging.INFO)
+
+
+def map_apk_package(package_url, pipelines, priority=0):
+    """
+    Add a Alpine Linux ( APK ) distribution `package_url` to the PackageDB.
+    """
+    from minecode.model_utils import add_package_to_scan_queue
+    from minecode.model_utils import merge_or_create_package
+
+    name = package_url.name
+    version = package_url.version
+    arch = package_url.qualifiers.get("arch")
+    repo = package_url.qualifiers.get("repo")
+    alpine_version = package_url.qualifiers.get("alpine_version")
+
+    if not name or not version or not arch or not repo or not alpine_version:
+        return None
+
+    download_url = (
+        f"https://dl-cdn.alpinelinux.org/alpine/{alpine_version}/{repo}/{arch}/APKINDEX.tar.gz"
+    )
+    apk_download_url = (
+        f"https://dl-cdn.alpinelinux.org/alpine/{alpine_version}/{repo}/{arch}/{name}-{version}.apk"
+    )
+
+    content = fetch_http(download_url)
+    location = get_temp_file("NonPersistentHttpVisitor")
+    with open(location, "wb") as tmp:
+        tmp.write(content)
+
+    extracted_location = extract_file(location)
+
+    packages = build_packages(extracted_location, apk_download_url, package_url)
+
+    error = None
+    for package in packages:
+        package.extra_data["package_content"] = PackageContentType.SOURCE_ARCHIVE
+        db_package, _, _, error = merge_or_create_package(package, visit_level=0)
+        if error:
+            break
+
+        if db_package:
+            add_package_to_scan_queue(package=db_package, pipelines=pipelines, priority=priority)
+
+    return error
+
+
+@priority_router.route("pkg:apk/.*")
+def process_request(purl_str, **kwargs):
+    """
+    Process Alpine Linux ( APK ) Package URL (PURL).
+    """
+    from minecode.model_utils import DEFAULT_PIPELINES
+
+    addon_pipelines = kwargs.get("addon_pipelines", [])
+    pipelines = DEFAULT_PIPELINES + tuple(addon_pipelines)
+    priority = kwargs.get("priority", 0)
+
+    package_url = PackageURL.from_string(purl_str)
+    error_msg = map_apk_package(package_url, pipelines, priority)
+
+    if error_msg:
+        return error_msg

minecode/collectors/alpm.py

@@ -0,0 +1,77 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0
+# See https://github.com/aboutcode-org/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+from packageurl import PackageURL
+from minecode import priority_router
+from minecode.miners.alpm import build_packages
+from minecode.utils import fetch_http, get_temp_file
+from minecode.utils import extract_file
+from packagedb.models import PackageContentType
+
+logger = logging.getLogger(__name__)
+handler = logging.StreamHandler()
+logger.addHandler(handler)
+logger.setLevel(logging.INFO)
+
+
+def map_alpm_package(package_url, pipelines, priority=0):
+    """
+    Add a Arch Linux distribution `package_url` to the PackageDB.
+    """
+    from minecode.model_utils import add_package_to_scan_queue
+    from minecode.model_utils import merge_or_create_package
+
+    name = package_url.name
+    version = package_url.version
+    arch = package_url.qualifiers.get("arch", "any")
+    first_letter = name[0]
+
+    if not name or not version:
+        return None
+
+    download_url = f"https://archive.archlinux.org/packages/{first_letter}/{name}/{name}-{version}-{arch}.pkg.tar.zst"
+    content = fetch_http(download_url)
+    location = get_temp_file("NonPersistentHttpVisitor")
+    with open(location, "wb") as tmp:
+        tmp.write(content)
+
+    extracted_location = extract_file(location)
+
+    packages = build_packages(extracted_location, download_url, package_url)
+
+    error = None
+    for package in packages:
+        package.extra_data["package_content"] = PackageContentType.SOURCE_ARCHIVE
+        db_package, _, _, error = merge_or_create_package(package, visit_level=0)
+        if error:
+            break
+
+        if db_package:
+            add_package_to_scan_queue(package=db_package, pipelines=pipelines, priority=priority)
+
+    return error
+
+
+@priority_router.route("pkg:alpm/.*")
+def process_request(purl_str, **kwargs):
+    """
+    Process Arch Linux ( Alpm ) Package URL (PURL).
+    """
+    from minecode.model_utils import DEFAULT_PIPELINES
+
+    addon_pipelines = kwargs.get("addon_pipelines", [])
+    pipelines = DEFAULT_PIPELINES + tuple(addon_pipelines)
+    priority = kwargs.get("priority", 0)
+
+    package_url = PackageURL.from_string(purl_str)
+    error_msg = map_alpm_package(package_url, pipelines, priority)
+
+    if error_msg:
+        return error_msg

minecode/collectors/conda.py

@@ -0,0 +1,90 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0
+# See https://github.com/aboutcode-org/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+from urllib.parse import urljoin
+
+import requests
+from packageurl import PackageURL
+from minecode import priority_router
+from minecode.miners.conda import build_packages
+from minecode.utils import fetch_http, get_temp_file
+from packagedb.models import PackageContentType
+from packageurl.contrib.purl2url import build_conda_download_url
+
+logger = logging.getLogger(__name__)
+handler = logging.StreamHandler()
+logger.addHandler(handler)
+logger.setLevel(logging.INFO)
+
+
+def map_conda_package(package_url, pipelines, priority=0):
+    """
+    Add a Conda distribution `package_url` to the PackageDB.
+    """
+    from minecode.model_utils import add_package_to_scan_queue
+    from minecode.model_utils import merge_or_create_package
+
+    download_url = build_conda_download_url(str(package_url))
+    if not download_url:
+        return None
+
+    package_identifier = download_url.split("/")[-1]
+    package_indexes_url = urljoin(download_url, "./repodata.json.bz2")
+
+    content = fetch_http(package_indexes_url)
+    location = get_temp_file("NonPersistentHttpVisitor")
+    with open(location, "wb") as tmp:
+        tmp.write(content)
+
+    package_info = None
+    if package_url.namespace == "conda-forge":
+        package_info = get_package_info(package_url.name)
+    packages = build_packages(location, download_url, package_info, package_identifier, package_url)
+
+    error = None
+    for package in packages:
+        package.extra_data["package_content"] = PackageContentType.SOURCE_ARCHIVE
+        db_package, _, _, error = merge_or_create_package(package, visit_level=0)
+        if error:
+            break
+
+        if db_package:
+            add_package_to_scan_queue(package=db_package, pipelines=pipelines, priority=priority)
+
+    return error
+
+
+def get_package_info(name):
+    url = f"https://api.anaconda.org/package/conda-forge/{name}"
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.HTTPError as err:
+        logger.error(f"HTTP error occurred: {err}")
+        return None
+
+
+@priority_router.route("pkg:conda/.*")
+def process_request(purl_str, **kwargs):
+    """
+    Process Conda Package URL (PURL).
+    """
+    from minecode.model_utils import DEFAULT_PIPELINES
+
+    addon_pipelines = kwargs.get("addon_pipelines", [])
+    pipelines = DEFAULT_PIPELINES + tuple(addon_pipelines)
+    priority = kwargs.get("priority", 0)
+
+    package_url = PackageURL.from_string(purl_str)
+    error_msg = map_conda_package(package_url, pipelines, priority)
+
+    if error_msg:
+        return error_msg

minecode/collectors/hackage.py

@@ -0,0 +1,91 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+from packageurl import PackageURL
+import requests
+from minecode import priority_router
+
+from packagedb.models import PackageContentType
+from packagedcode import models as scan_models
+
+logger = logging.getLogger(__name__)
+handler = logging.StreamHandler()
+logger.addHandler(handler)
+logger.setLevel(logging.INFO)
+
+
+def get_hackage_package_json(name):
+    """
+    Return the contents of the JSON file of the package from Hackage.
+    Example: https://hackage.haskell.org/package/dplyr.json
+    """
+    url = f"https://hackage.haskell.org/package/{name}.json"
+
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.json()
+    except requests.RequestException as err:
+        logger.error(f"Error fetching package data from Hackage: {err}")
+        return None
+
+
+def map_hackage_package(package_url, pipelines, priority=0):
+    """
+    Add a hackage `package_url` to the PackageDB.
+    """
+    from minecode.model_utils import add_package_to_scan_queue, merge_or_create_package
+
+    name = package_url.name
+    version = package_url.version
+
+    versions = get_hackage_package_json(name=name)
+    if version not in versions:
+        error = f"Version {version} not found for {name} on hackage"
+        logger.error(error)
+        return error
+
+    download_url = f"https://hackage.haskell.org/package/{name}-{version}/{name}-{version}.tar.gz"
+    homepage_url = f"https://hackage.haskell.org/package/{name}-{version}"
+
+    package = scan_models.Package(
+        type="hackage",
+        name=name,
+        version=version,
+        download_url=download_url,
+        homepage_url=homepage_url,
+        primary_language="haskell",
+    )
+
+    package.extra_data["package_content"] = PackageContentType.SOURCE_ARCHIVE
+    db_package, _, _, error = merge_or_create_package(package, visit_level=0)
+
+    if db_package:
+        add_package_to_scan_queue(package=db_package, pipelines=pipelines, priority=priority)
+
+    return error
+
+
+@priority_router.route("pkg:hackage/.*")
+def process_request(purl_str, **kwargs):
+    """
+    Process Hackage Package URL (PURL).
+    """
+    from minecode.model_utils import DEFAULT_PIPELINES
+
+    addon_pipelines = kwargs.get("addon_pipelines", [])
+    pipelines = DEFAULT_PIPELINES + tuple(addon_pipelines)
+    priority = kwargs.get("priority", 0)
+
+    package_url = PackageURL.from_string(purl_str)
+    error_msg = map_hackage_package(package_url, pipelines, priority)
+
+    if error_msg:
+        return error_msg