aboutcode-org
diff --git a/‎CHANGELOG.rst
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.rst
Lines changed: 3 additions & 0 deletions
diff --git a/‎scanpipe/pipelines/match_to_purldb.py
Lines changed: 68 additions & 0 deletions b/‎scanpipe/pipelines/match_to_purldb.py
Lines changed: 68 additions & 0 deletions
diff --git a/‎scanpipe/pipes/purldb.py
Lines changed: 122 additions & 2 deletions b/‎scanpipe/pipes/purldb.py
Lines changed: 122 additions & 2 deletions
diff --git a/‎scanpipe/tests/data/purldb/match_to_purldb/codebase.json
Lines changed: 64 additions & 0 deletions b/‎scanpipe/tests/data/purldb/match_to_purldb/codebase.json
Lines changed: 64 additions & 0 deletions
diff --git a/‎scanpipe/tests/data/purldb/match_to_purldb/request_get_check_response.json
Lines changed: 17 additions & 0 deletions b/‎scanpipe/tests/data/purldb/match_to_purldb/request_get_check_response.json
Lines changed: 17 additions & 0 deletions
@@ -68,6 +68,9 @@ v33.0.0 (2024-01-16)
   include credentials such as "user:pass@domain".
   https://github.com/nexB/scancode.io/issues/998
 
+- Add a new pipeline, ``match_to_purldb``, that check CodebaseResources of a
+  Project against PurlDB for Package matches.
+
 v32.7.0 (2023-10-25)
 --------------------
 
 
@@ -0,0 +1,68 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# http://nexb.com and https://github.com/nexB/scancode.io
+# The ScanCode.io software is licensed under the Apache License version 2.0.
+# Data generated with ScanCode.io is provided as-is without warranties.
+# ScanCode is a trademark of nexB Inc.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# Data Generated with ScanCode.io is provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+# ScanCode.io should be considered or used as legal advice. Consult an Attorney
+# for any legal advice.
+#
+# ScanCode.io is a free software code scanning tool from nexB Inc. and others.
+# Visit https://github.com/nexB/scancode.io for support and download.
+
+from scanpipe.pipelines import Pipeline
+from scanpipe.pipes import purldb
+
+
+class MatchToPurlDB(Pipeline):
+    """
+    Check CodebaseResources of a Project against PurlDB for Package matches.
+
+    This involves creating a JSON scan of the Project codebase, sending it to
+    MatchCode on PurlDB, waiting for match results, creating DiscoveredPackages
+    from the match results Package data and associating the proper
+    CodebaseResources to those DiscoveredPackges.
+    """
+
+    download_inputs = False
+    is_addon = True
+
+    @classmethod
+    def steps(cls):
+        return (
+            cls.check_purldb_service_availability,
+            cls.send_project_json_to_matchcode,
+            cls.poll_matching_results,
+            cls.create_packages_from_match_results,
+        )
+
+    def check_purldb_service_availability(self):
+        """Check if the PurlDB service if configured and available."""
+        if not purldb.is_configured():
+            raise Exception("PurlDB is not configured.")
+
+        if not purldb.is_available():
+            raise Exception("PurlDB is not available.")
+
+    def send_project_json_to_matchcode(self):
+        """Create a JSON scan of the project Codebase and send it to MatchCode."""
+        self.run_url = purldb.send_project_json_to_matchcode(self.project)
+
+    def poll_matching_results(self):
+        """Wait until the match results are ready by polling the match run status."""
+        purldb.poll_until_success(self.run_url)
+
+    def create_packages_from_match_results(self):
+        """Create DiscoveredPackages from match results."""
+        match_results = purldb.get_match_results(self.run_url)
+        purldb.create_packages_from_match_results(self.project, match_results)
@@ -22,6 +22,8 @@
 
 import json
 import logging
+import time
+from collections import defaultdict
 
 from django.conf import settings
 
@@ -30,7 +32,15 @@
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
 from univers.version_range import InvalidVersionRange
 
+from scanpipe.models import AbstractTaskFieldsModel
 from scanpipe.pipes import LoopProgress
+from scanpipe.pipes import flag
+from scanpipe.pipes.output import to_json
+
+
+class PurlDBException(Exception):
+    pass
+
 
 label = "PurlDB"
 logger = logging.getLogger(__name__)
@@ -100,9 +110,11 @@ def request_get(url, payload=None, timeout=DEFAULT_TIMEOUT):
         logger.debug(f"{label} [Exception] {exception}")
 
 
-def request_post(url, data, headers=None, timeout=DEFAULT_TIMEOUT):
+def request_post(url, data=None, headers=None, files=None, timeout=DEFAULT_TIMEOUT):
     try:
-        response = session.post(url, data=data, timeout=timeout, headers=headers)
+        response = session.post(
+            url, data=data, timeout=timeout, headers=headers, files=files
+        )
         response.raise_for_status()
         return response.json()
     except (requests.RequestException, ValueError, TypeError) as exception:
@@ -320,3 +332,111 @@ def populate_purldb_with_discovered_dependencies(project, logger=logger.info):
         chunk_size=10,
         logger=logger,
     )
+
+
+def send_project_json_to_matchcode(
+    project, timeout=DEFAULT_TIMEOUT, api_url=PURLDB_API_URL
+):
+    """
+    Given a `project`, create a JSON scan of the `project` CodebaseResources and
+    send it to PurlDB for matching. Return a tuple containing strings of the url
+    to the particular match run and the url to the match results.
+    """
+    scan_output_location = to_json(project)
+    with open(scan_output_location, "rb") as f:
+        files = {"upload_file": f}
+        response = request_post(
+            url=f"{api_url}matching/",
+            timeout=timeout,
+            files=files,
+        )
+    run_url = response["runs"][0]["url"]
+    return run_url
+
+
+def poll_until_success(run_url, sleep=10):
+    """
+    Given a URL to a scancode.io run instance, `run_url`, return True when the
+    run instance has completed successfully.
+
+    Raise a PurlDBException when the run instance has faield, stopped, or gone
+    stale.
+    """
+    run_status = AbstractTaskFieldsModel.Status
+    while True:
+        response = request_get(run_url)
+        if response:
+            status = response["status"]
+            if status == run_status.SUCCESS:
+                return True
+
+            if status in [
+                run_status.NOT_STARTED,
+                run_status.QUEUED,
+                run_status.RUNNING,
+            ]:
+                continue
+
+            if status in [
+                run_status.FAILURE,
+                run_status.STOPPED,
+                run_status.STALE,
+            ]:
+                log = response["log"]
+                msg = f"Matching run has stopped:\n\n{log}"
+                raise PurlDBException(msg)
+
+        time.sleep(sleep)
+
+
+def get_match_results(run_url):
+    """
+    Given the `run_url` for a pipeline running the matchcode matching pipeline,
+    return the match results for that run.
+    """
+    response = request_get(run_url)
+    project_url = response["project"]
+    # `project_url` can have params, such as "?format=json"
+    if "?" in project_url:
+        project_url, _ = project_url.split("?")
+    project_url = project_url.rstrip("/")
+    results_url = project_url + "/results/"
+    return request_get(results_url)
+
+
+def map_match_results(match_results):
+    """
+    Given `match_results`, which is a mapping of ScanCode.io codebase results,
+    return a defaultdict(list) where the keys are the package_uid of matched
+    packages and the value is a list containing the paths of Resources
+    associated with the package_uid.
+    """
+    resource_results = match_results.get("files", [])
+    resource_paths_by_package_uids = defaultdict(list)
+    for resource in resource_results:
+        for_packages = resource.get("for_packages", [])
+        for package_uid in for_packages:
+            resource_paths_by_package_uids[package_uid].append(resource["path"])
+    return resource_paths_by_package_uids
+
+
+def create_packages_from_match_results(project, match_results):
+    """
+    Given `match_results`, which is a mapping of ScanCode.io codebase results,
+    use the Package data from it to create DiscoveredPackages for `project` and
+    associate the proper Resources of `project` to the DiscoveredPackages.
+    """
+    from scanpipe.pipes.d2d import create_package_from_purldb_data
+
+    resource_paths_by_package_uids = map_match_results(match_results)
+    matched_packages = match_results.get("packages", [])
+    for matched_package in matched_packages:
+        package_uid = matched_package["package_uid"]
+        resource_paths = resource_paths_by_package_uids[package_uid]
+        resources = project.codebaseresources.filter(path__in=resource_paths)
+        create_package_from_purldb_data(
+            project,
+            resources=resources,
+            package_data=matched_package,
+            status=flag.MATCHED_TO_PURLDB_PACKAGE,
+        )
@@ -0,0 +1,64 @@
+{
+  "headers": [
+    {
+      "tool_name": "scanpipe",
+      "tool_version": "v3.0.0-241-g45d653b",
+      "other_tools": [
+        "pkg:pypi/scancode-toolkit@32.0.8"
+      ],
+      "notice": "Generated with ScanCode.io and provided on an \"AS IS\" BASIS, WITHOUT WARRANTIES\nOR CONDITIONS OF ANY KIND, either express or implied.\nNo content created from ScanCode.io should be considered or used as legal advice.\nConsult an Attorney for any legal advice.\nScanCode.io is a free software code scanning tool from nexB Inc. and others\nlicensed under the Apache License version 2.0.\nScanCode is a trademark of nexB Inc.\nVisit https://github.com/nexB/scancode.io for support and download.\n",
+      "uuid": "b47c79e8-14f1-4991-a584-717b39233750",
+      "created_date": "2024-01-09T00:59:38.649Z",
+      "notes": "",
+      "settings": {},
+      "input_sources": [
+        {
+          "filename": "test-out.json",
+          "source": "uploaded"
+        }
+      ],
+      "runs": [],
+      "extra_data": {}
+    }
+  ],
+  "packages": [],
+  "dependencies": [],
+  "files": [
+    {
+      "path": "elasticsearch-x-content-7.17.9-sources.jar",
+      "type": "file",
+      "name": "elasticsearch-x-content-7.17.9-sources.jar",
+      "status": "matched-to-purldb-package",
+      "tag": "",
+      "extension": ".jar",
+      "size": 89821,
+      "md5": "abcc7ad93deadc72f4b4369cb933e8e1",
+      "sha1": "30d21add57abe04beece3f28a079671dbc9043e4",
+      "sha256": "dc433d60ef7e43670500bd97c4f1d217a1880774a1dfb75de7132fb0b5208acd",
+      "sha512": "",
+      "mime_type": "application/zip",
+      "file_type": "Zip archive data, at least v1.0 to extract",
+      "programming_language": "",
+      "is_binary": true,
+      "is_text": false,
+      "is_archive": true,
+      "is_media": false,
+      "is_key_file": false,
+      "detected_license_expression": "",
+      "detected_license_expression_spdx": "",
+      "license_detections": [],
+      "license_clues": [],
+      "percentage_of_license_text": null,
+      "compliance_alert": "",
+      "copyrights": [],
+      "holders": [],
+      "authors": [],
+      "package_data": [],
+      "for_packages": [],
+      "emails": [],
+      "urls": [],
+      "extra_data": {}
+    }
+  ],
+  "relations": []
+}
@@ -0,0 +1,17 @@
+{
+    "url": "http://192.168.1.12/api/runs/52b2930d-6e85-4b3e-ba3e-17dd9a618650/",
+    "pipeline_name": "matching",
+    "status": "success",
+    "description": "",
+    "project": "http://192.168.1.12/api/matching/65bf1e6d-6bff-4841-9c9b-db5cf25edfa7/",
+    "uuid": "52b2930d-6e85-4b3e-ba3e-17dd9a618650",
+    "created_date": "2024-01-08T23:24:50.063864Z",
+    "scancodeio_version": "v3.0.0-241-g45d653b",
+    "task_id": "52b2930d-6e85-4b3e-ba3e-17dd9a618650",
+    "task_start_date": "2024-01-08T23:24:50.107013Z",
+    "task_end_date": "2024-01-08T23:24:53.095046Z",
+    "task_exitcode": 0,
+    "task_output": "",
+    "log": "2024-01-08 23:24:50.10 Pipeline [matching] starting\n2024-01-08 23:24:50.11 Step [get_inputs] starting\n2024-01-08 23:24:50.11 Step [get_inputs] completed in 0 seconds\n2024-01-08 23:24:50.11 Step [build_inventory_from_scans] starting\n2024-01-08 23:24:50.28 Step [build_inventory_from_scans] completed in 0 seconds\n2024-01-08 23:24:50.29 Step [flag_empty_files] starting\n2024-01-08 23:24:50.29 Step [flag_empty_files] completed in 0 seconds\n2024-01-08 23:24:50.29 Step [match_archives_to_purldb_packages] starting\n2024-01-08 23:24:50.29 Matching 1 resources in PurlDB, using SHA1\n2024-01-08 23:24:52.98 58 resources matched in PurlDB using 1 SHA1s\n2024-01-08 23:24:52.98 Step [match_archives_to_purldb_packages] completed in 3 seconds\n2024-01-08 23:24:52.99 Step [match_archives_to_purldb_resources] starting\n2024-01-08 23:24:52.99 Skipping resource matching as there are 0\n2024-01-08 23:24:52.99 0 resources matched in PurlDB using 0 SHA1s\n2024-01-08 23:24:53.00 Step [match_archives_to_purldb_resources] completed in 0 seconds\n2024-01-08 23:24:53.00 Step [fingerprint_codebase_directories] starting\n2024-01-08 23:24:53.04 Step [fingerprint_codebase_directories] completed in 0 seconds\n2024-01-08 23:24:53.04 Step [match_directories_exact_to_purldb] starting\n2024-01-08 23:24:53.04 Matching 0 directories against PurlDB\n2024-01-08 23:24:53.05 0 directories matched in PurlDB\n2024-01-08 23:24:53.05 Step [match_directories_exact_to_purldb] completed in 0 seconds\n2024-01-08 23:24:53.05 Step [match_resources_to_purldb] starting\n2024-01-08 23:24:53.05 Skipping resource matching as there are 0\n2024-01-08 23:24:53.06 0 resources matched in PurlDB using 0 SHA1s\n2024-01-08 23:24:53.06 Step [match_resources_to_purldb] completed in 0 seconds\n2024-01-08 23:24:53.06 Step [match_directories_to_purldb] starting\n2024-01-08 23:24:53.06 Matching 0 directories against PurlDB\n2024-01-08 23:24:53.07 0 directories matched in PurlDB\n2024-01-08 23:24:53.07 Step [match_directories_to_purldb] completed in 0 seconds\n2024-01-08 23:24:53.07 Step [match_purldb_resources_post_process] starting\n2024-01-08 23:24:53.07 Refining matching for 1 matched-to-purldb-resource archives.\n2024-01-08 23:24:53.08 0 resource processed\n2024-01-08 23:24:53.08 Step [match_purldb_resources_post_process] completed in 0 seconds\n2024-01-08 23:24:53.08 Step [remove_packages_without_resources] starting\n2024-01-08 23:24:53.09 Step [remove_packages_without_resources] completed in 0 seconds\n2024-01-08 23:24:53.09 Pipeline completed in 3 seconds\n",
+    "execution_time": 2
+}