Merge pull request #153 from fosslight/package_exlcude

Exclude package dirs with directory name

Author: dd-jy

src/fosslight_binary/_binary.py

@@ -2,15 +2,18 @@
 # -*- coding: utf-8 -*-
 # Copyright (c) 2020 LG Electronics Inc.
 # SPDX-License-Identifier: Apache-2.0
-from fosslight_util.oss_item import FileItem
+import os
 import urllib.parse
 import logging
 import fosslight_util.constant as constant
+from typing import Tuple
+from fosslight_util.oss_item import FileItem
 
 EXCLUDE_TRUE_VALUE = "Exclude"
 TLSH_CHECKSUM_NULL = "0"
 MAX_EXCEL_URL_LENGTH = 255
 EXCEEDED_VUL_URL_LENGTH_COMMENT = f"Exceeded the maximum vulnerability URL length of {MAX_EXCEL_URL_LENGTH} characters."
+_PACKAGE_DIR = ["node_modules", "venv", "Pods", "Carthage"]
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 
@@ -108,3 +111,15 @@ def get_print_json(self):
             if self.comment:
                 json_item["comment"] = self.comment
         return items
+
+
+def is_package_dir(bin_with_path: str, _root_path: str) -> Tuple[bool, str]:
+    is_pkg = False
+    pkg_path = ""
+    path_parts = bin_with_path.split(os.path.sep)
+    for pkg_dir in _PACKAGE_DIR:
+        if pkg_dir in path_parts:
+            pkg_index = path_parts.index(pkg_dir)
+            pkg_path = os.path.sep.join(path_parts[:pkg_index + 1]).replace(_root_path, '', 1)
+            is_pkg = True
+    return is_pkg, pkg_path

src/fosslight_binary/_jar_analysis.py

@@ -8,7 +8,7 @@
 import os
 import sys
 import fosslight_util.constant as constant
-from ._binary import BinaryItem, VulnerabilityItem
+from ._binary import BinaryItem, VulnerabilityItem, is_package_dir
 from fosslight_util.oss_item import OssItem
 from dependency_check import run as dependency_check_run
 
@@ -87,6 +87,11 @@ def merge_binary_list(owasp_items, vulnerability_items, bin_list):
             bin_item = BinaryItem(os.path.abspath(key))
             bin_item.binary_name_without_path = os.path.basename(key)
             bin_item.source_name_or_path = key
+
+            is_pkg, _ = is_package_dir(bin_item.source_name_or_path, '')
+            if is_pkg:
+                continue
+
             bin_item.set_oss_items(oss_list)
             not_found_bin.append(bin_item)
 

src/fosslight_binary/binary_analysis.py

@@ -16,7 +16,7 @@
 import fosslight_util.constant as constant
 from fosslight_util.output_format import check_output_formats_v2, write_output_file
 from ._binary_dao import get_oss_info_from_db
-from ._binary import BinaryItem, TLSH_CHECKSUM_NULL
+from ._binary import BinaryItem, TLSH_CHECKSUM_NULL, is_package_dir
 from ._jar_analysis import analyze_jar_file, merge_binary_list
 from ._simple_mode import print_simple_mode, filter_binary, init_simple
 from fosslight_util.correct import correct_with_yaml
@@ -165,8 +165,15 @@ def get_file_list(path_to_find, abs_path_to_exclude):
             bin_with_path = os.path.join(root, file)
             bin_item = BinaryItem(bin_with_path)
             bin_item.binary_name_without_path = file
-            bin_item.source_name_or_path = bin_with_path.replace(
-                _root_path, '', 1)
+            bin_item.source_name_or_path = bin_with_path.replace(_root_path, '', 1)
+
+            is_pkg, pkg_path = is_package_dir(bin_with_path, _root_path)
+            if is_pkg:
+                bin_item.source_name_or_path = pkg_path
+                if not any(x.source_name_or_path == bin_item.source_name_or_path for x in bin_list):
+                    bin_item.exclude = True
+                    bin_list.append(bin_item)
+                continue
 
             if any(dir_name in dir_path for dir_name in _EXCLUDE_DIR):
                 bin_item.exclude = True