Merge pull request #6 from blackducksoftware/dev-local

matthewb66 · web-flow · commit 1412784084a1 · 2025-06-17T22:43:53.000+01:00
ignore_archive_submatches
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# bd_sig_filter - v1.7
+# bd_sig_filter - v1.8
 BD Script to ignore components matched from Signature scan likely to be partial or invalid matches, and 
 mark components reviewed which are definitive matches (dependency or component name and version in matched path for
 signature matches).
@@ -65,7 +65,7 @@ The package can be invoked as follows:
 
     usage: bd-sig-filter [-h] [--blackduck_url BLACKDUCK_URL] [--blackduck_api_token BLACKDUCK_API_TOKEN] [--blackduck_trust_cert] [-p PROJECT] [-v VERSION] [--debug] [--logfile LOGFILE]
                          [--report_file REPORT_FILE] [--version_match_reqd] [--ignore] [--review] [--no_ignore_test] [--no_ignore_synopsys] [--no_ignore_defaults]
-                         [--ignore_no_path_matches]
+                         [--ignore_no_path_matches] [--ignore_archive_submatches]
 
     options:
       -h, --help            show this help message and exit 
@@ -94,6 +94,8 @@ The package can be invoked as follows:
                             (Use with caution)
       --report_unmatched    Report the list of components which will be left Unreviewed and why - these may need
                             to be manually reviewed.
+      --ignore_archive_submatches
+                            Process components to determine sub-matches within archives.
 
 The minimum required options are:
     
@@ -171,6 +173,11 @@ Options can be used to modify the behaviour of the script as follows:
 `--report_unmatched`:
         Create a list of Signature components which will be left UNreviewed 
 
+`--ignore_archive_submatches`:
+        Process components in the project version looking for those matched within
+        archive files, and report which can be ignored because they are sub-matches (from folders within the archive).
+        All other operations are replaced by this action.
+
 The options `--report_file` and `--logfile` can be used to output the tabular report and logging data to
 specified files.
 
diff --git a/bd_sig_filter/BOMClass.py b/bd_sig_filter/BOMClass.py
@@ -87,3 +87,5 @@ def report_unmatched(self):
                 # Writing data to a file
                 rfile.writelines(data)
 
+    def process_archives(self):
+        self.complist.process_archives()
diff --git a/bd_sig_filter/ComponentClass.py b/bd_sig_filter/ComponentClass.py
@@ -22,6 +22,7 @@ def __init__(self, name, version, data):
         self.best_sigpath = ''
         self.oriname_arr = self.get_origin_compnames()
         self.unmatched = False
+        self.archive_match = False
 
     def get_compverid(self):
         try:
@@ -233,3 +234,25 @@ def get_sigpaths(self):
             data += f"{sigentry.get_sigpath()}\n"
             count += 1
         return data
+
+    def get_archive_match(self):
+        for sigentry in self.sigentry_arr:
+            paths = sigentry.path.split('!')
+            if len(paths) == 1:
+                self.archive_match = True
+                return paths[0]
+
+    def get_top_match(self, archive_list):
+        import re
+        ver_digits = re.sub("[^0-9._-]", "", self.version)
+
+        for sigentry in self.sigentry_arr:
+            paths = sigentry.path.split('!')
+            if len(paths) == 1:
+                continue
+            for oricompname in self.oriname_arr:
+                # if oricompname in paths[0]:
+                if oricompname in paths[0] and ver_digits in paths[0]:
+                #     print(oricompname, self.version, paths[0])
+                    self.archive_match = True
+                    return
diff --git a/bd_sig_filter/ComponentListClass.py b/bd_sig_filter/ComponentListClass.py
@@ -344,4 +344,25 @@ def get_unmatched_list(self):
                 paths = comp.get_sigpaths()
                 orinames = ','.join(comp.oriname_arr)
                 data += f"Comp: {comp.name}/{comp.version} (Origin names={orinames}):\n{paths}"
-        return data
+        return data
+
+    def process_archives(self):
+        archive_list = []
+        for comp in self.components:
+            if comp.is_ignored():
+                continue
+            if comp.is_only_signature():
+                archive = comp.get_archive_match()
+                archive_list.append(archive)
+
+        for comp in self.components:
+            if not comp.is_ignored() and not comp.archive_match:
+                comp.get_top_match(archive_list)
+
+        ignored_count = 0
+        for comp in self.components:
+            if not comp.is_ignored() and not comp.archive_match:
+                comp.ignore = True
+                ignored_count += 1
+
+        logging.info(f"Found {ignored_count} archive sub-components to ignore")
diff --git a/bd_sig_filter/config.py b/bd_sig_filter/config.py
@@ -27,6 +27,7 @@
 parser.add_argument("--no_ignore_defaults", help="Do not ignore components in default folders", action='store_true')
 parser.add_argument("--ignore_no_path_matches", help="Also ignore components with no component/version match in signature path", action='store_true')
 parser.add_argument("--report_unmatched", help="Report unmatched (not reviewed or ignored) components", action='store_true')
+parser.add_argument("--ignore_archive_submatches", help="Ignore sub-components within archives", action='store_true')
 
 args = parser.parse_args()
 
@@ -104,6 +105,9 @@ def check_args():
     if args.no_ignore_defaults:
         global_values.no_ignore_defaults = True
 
+    if args.ignore_archive_submatches:
+        global_values.ignore_archive_submatches = True
+
     if args.ignore_no_path_matches:
         if not args.ignore:
             logging.warning(f"Option --ignore_no_path_matches set without --ignore")
diff --git a/bd_sig_filter/global_values.py b/bd_sig_filter/global_values.py
@@ -15,4 +15,5 @@
 ignore_no_path_matches = False
 review = False
 report_file = ''
-report_unmatched = False
+report_unmatched = False
+ignore_archive_submatches = False
diff --git a/bd_sig_filter/main.py b/bd_sig_filter/main.py
@@ -16,6 +16,12 @@ def main():
 
     logging.debug('- Getting matched file data ... ')
     bom.get_bom_files()
+    if global_values.ignore_archive_submatches:
+        logging.info("Processing components within archives ...")
+        bom.process_archives()
+        bom.update_components()
+        return
+
     bom.process()
     bom.update_components()
     bom.report_summary()
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,9 +4,9 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "bd_sig_filter"
-version = "1.7"
+version = "1.8"
 authors = [
-  { name="Matthew Brady", email="mbrad@synopsys.com" },
+  { name="Matthew Brady", email="mbrad@blackduck.com" },
 ]
 description = "BD_sig_filter - BD Script to ignore components matched from Signature scan likely to be partial or invalid matches."
 readme = "README.md"
