From cdb2c2daef3f4def9f8f5894cbfe29044f262996 Mon Sep 17 00:00:00 2001 From: core software devel Date: Wed, 15 Jan 2025 15:35:56 +0000 Subject: [PATCH] fix bug with scanning test. Add -T scanning parameter. Change default snippets scanning tolerace --- inc/match_list.h | 3 ++- src/debug.c | 2 +- src/help.c | 58 ++++++++++++++++++++++++------------------------ src/main.c | 5 ++++- src/match_list.c | 12 +++++++++- src/util.c | 3 ++- 6 files changed, 49 insertions(+), 34 deletions(-) diff --git a/inc/match_list.h b/inc/match_list.h index 91b3b32..d9915e8 100644 --- a/inc/match_list.h +++ b/inc/match_list.h @@ -78,7 +78,7 @@ #define SCAN_MAX_SNIPPETS_DEFAULT 1 #define SCAN_MAX_COMPONENTS_DEFAULT 3 -#define MATCH_LIST_TOLERANCE 98.5 +#define MATCH_LIST_TOLERANCE 97.5 typedef struct match_data_t match_data_t; /* Forward declaration */ /** @@ -145,5 +145,6 @@ bool component_list_add(component_list_t * list, component_data_t * new_comp, bo void component_list_print(component_list_t * list, bool (*printer) (component_data_t * fpa), char * separator); void component_list_destroy(component_list_t *list); bool component_list_add_binary(component_list_t *list, component_data_t *new_comp, bool (*val)(component_data_t *a, component_data_t *b), bool remove_a); +void match_list_tolerance_set(float in); #endif diff --git a/src/debug.c b/src/debug.c index c6ffea5..0b1e9f8 100644 --- a/src/debug.c +++ b/src/debug.c @@ -210,7 +210,7 @@ void scan_benchmark() scan->hashes[i] = rand() % 256 + (rand() % 256) * 256 + (rand() % 256) * 256 * 256 + (rand() % 256) * 256 * 256 * 256; } scan->hash_count = total_hashes; - + scan->total_lines = 10; ldb_scan_snippets(scan); scan_data_free(scan); } diff --git a/src/help.c b/src/help.c index 8916f1a..8b15dcc 100644 --- a/src/help.c +++ b/src/help.c @@ -38,41 +38,42 @@ */ void help () { - printf ("ScanOSS Engine v%s\n", SCANOSS_VERSION); - printf ("\n\ -This program performs an OSS inventory for the given TARGET comparing against the ScanOSS Knowledgebase.\n\ -Results are printed in STDOUT in JSON format\n\ + printf ("ScanOSS Engine v%s\n", SCANOSS_VERSION); + printf ("\n\ +This program performs an OSS inventory scan of the specified TARGET by comparing it against the ScanOSS Knowledgebase.\n\ +Results are displayed in JSON format through STDOUT.\n\ \n\ Syntax: scanoss [parameters] [TARGET]\n\ \n\ Configuration:\n\ --w Treats TARGET as a .wfp file regardless of the actual file extension.\n\ --H High Precision Snippet Match mode, 'libhpsm.so' must be present in the system.\n\ --e Expect matching extensions to equal the file extension being scanned (default: off).\n\ --M NUMBER Looks for NUMBER of different components in a file (MAX 9).\n\ --s SBOM Use assets specified in JSON SBOM (CycloneDX/SPDX2.2 JSON format) as input to identification.\n\ --b SBOM Ignore matches to assets specified in JSON SBOM (CycloneDX/SPDX2.2 JSON format).\n\ --B SBOM Same than \"-b\" but forcing snippet scan.\n\ --a SBOM Displays attribution notices for provided SBOM.json.\n\ --c HINT Provide a component HINT to influence scan results.\n\ --k KEY Displays contents of file KEY from MZ sources archive.\n\ --l LICENSE Displays OSADL metadata for the provided SPDX license ID.\n\ +-w Process TARGET as a .wfp file, regardless of its actual extension.\n\ +-H Enable High Precision Snippet Match mode (requires 'libhpsm.so' in the system).\n\ +-e Match only files with identical extensions as the scanned file (default: off).\n\ +-M NUMBER Search for up to NUMBER different components in each file (maximum: 9).\n\ +-T NUMBER Set snippet scanning tolerance percentage (default: 3.5).\n\ +-s SBOM Include assets from a JSON SBOM file (CycloneDX/SPDX2.2 format) in identification.\n\ +-b SBOM Exclude matches from assets listed in JSON SBOM file (CycloneDX/SPDX2.2 format).\n\ +-B SBOM Same as \"-b\" but with forced snippet scanning.\n\ +-a SBOM Show attribution notices for the provided SBOM.json file.\n\ +-c HINT Add a component HINT to guide scan results.\n\ +-k KEY Show contents of the specified KEY file from MZ sources archive.\n\ +-l LICENSE Display OSADL metadata for the given SPDX license ID.\n\ \n\ Options:\n\ --t Tests engine performance.\n\ --v Display version and exit.\n\ --n Specify DB name (default: oss).\n\ --h Display this help and exit.\n\ --d Save debugging information to disk (/tmp).\n\ --q Produces no JSON output. Only debugging info via STDERR.\n\ +-t Run engine performance tests.\n\ +-v Show version information and exit.\n\ +-n Set database name (default: oss).\n\ +-h Display this help information and exit.\n\ +-d Store debugging information to disk (/tmp).\n\ +-q Suppress JSON output (show only debugging info via STDERR).\n\ \n\ -Enviroment variables:\n\ -SCANOSS_MATCHMAP_MAX: define the snippet scanning match map size, %d by default.\n\ -SCANOSS_API_URL: defines the API url, %s by default.\n\ +Environment variables:\n\ +SCANOSS_MATCHMAP_MAX: Set the snippet scanning match map size (default: %d).\n\ +SCANOSS_API_URL: Define the API endpoint URL (default: %s).\n\ \n\ Engine scanning flags:\n\ -The scanning engine can be configured by passing configuration flags with the -F parameter.\n\ -Alternatively, these value can be written in %s\n\ +Configure the scanning engine using flags with the -F parameter.\n\ +These settings can also be specified in %s\n\ +-------+-------------------------------------------------------+\n\ | Flag | Setting |\n\ +-------+-------------------------------------------------------+\n\ @@ -83,7 +84,7 @@ Alternatively, these value can be written in %s\n\ | 16 | Disable copyrights (default: enabled) |\n\ | 32 | Disable vulnerabilities (default: enabled) |\n\ | 64 | Disable quality (default: enabled) |\n\ -| 128 | Disable cryptography (defalt: enabled) |\n\ +| 128 | Disable cryptography (default: enabled) |\n\ | 256 | Disable best match only (default: enabled) |\n\ | 512 | Hide identified files (default: disabled) |\n\ | 1024 | Enable download_url (default: disabled) |\n\ @@ -92,8 +93,7 @@ Alternatively, these value can be written in %s\n\ | 8192 | Disable health layer (default: enabled) |\n\ | 16384 | Enable high accuracy, slower scan (default: disabled) |\n\ +-------+-------------------------------------------------------+\n\ -Example: scanoss -F 12 DIRECTORY (scans DIRECTORY disabling license and dependency data)\n\ +Example: scanoss -F 12 DIRECTORY (scan DIRECTORY without license and dependency data)\n\ \n\ Copyright (C) 2018-2022 SCANOSS.COM\n", DEFAULT_MATCHMAP_FILES, API_URL, ENGINE_FLAGS_FILE); - } diff --git a/src/main.c b/src/main.c index 9a488aa..337a466 100644 --- a/src/main.c +++ b/src/main.c @@ -291,7 +291,7 @@ int main(int argc, char **argv) int option; bool invalid_argument = false; char * ldb_db_name = NULL; - while ((option = getopt(argc, argv, ":f:s:b:B:c:k:a:F:l:n:M:N:wtvhedqH")) != -1) + while ((option = getopt(argc, argv, ":T:s:b:B:c:k:a:F:l:n:M:N:wtvhedqH")) != -1) { /* Check valid alpha is entered */ if (optarg) @@ -355,6 +355,9 @@ int main(int argc, char **argv) case 'N': scan_max_components = atol(optarg); break; + case 'T': + match_list_tolerance_set(atof(optarg)); + break; case 'w': force_wfp = true; break; diff --git a/src/match_list.c b/src/match_list.c index ff51e68..276fa7d 100644 --- a/src/match_list.c +++ b/src/match_list.c @@ -9,6 +9,7 @@ #include "component.h" int list_size = 0; +static float match_list_tolerance = MATCH_LIST_TOLERANCE; void component_list_destroy(component_list_t *list) { @@ -210,10 +211,19 @@ bool component_list_add_binary(component_list_t *list, component_data_t *new_com return false; } +void match_list_tolerance_set(float in) +{ + if (in > 99) + in = 99; + + match_list_tolerance = 100.0-in; + scanlog("setting match list tolerance to %.1f\n", match_list_tolerance); +} + bool tolerance_eval(int a, int b) { int relative_error = (abs(a - b) * 100) / ((a + b) / 2); - if (100 - relative_error >= MATCH_LIST_TOLERANCE) + if (100 - relative_error >= match_list_tolerance) return true; else return false; diff --git a/src/util.c b/src/util.c index 4a7f1b4..cfbcb99 100644 --- a/src/util.c +++ b/src/util.c @@ -372,7 +372,8 @@ bool path_is_third_party(const char* path) "local_packages", "managed", "3rd", - "thirdparty" + "thirdparty", + "LibResources" }; // NĂºmero de patrones a verificar