diff --git a/src/ac/acl/sca/check_sca.py b/src/ac/acl/sca/check_sca.py index da04991c38809f129cd8d3f30ff415023d72871c..28d5fd10feae3c1f26ae8f5608f3c44894530c26 100644 --- a/src/ac/acl/sca/check_sca.py +++ b/src/ac/acl/sca/check_sca.py @@ -17,6 +17,7 @@ import os import shutil import logging +import json from src.proxy.git_proxy import GitProxy from src.ac.framework.ac_base import BaseCheck @@ -39,50 +40,27 @@ class CheckSCA(BaseCheck): """ super(CheckSCA, self).__init__(workspace, repo, conf) - self._work_diff_dir = os.path.join(workspace, "diff") # 目标目录,保存变更了的代码 - - def copy_diff_files_to_dest(self, files): - """ - 拷贝所有diff文件到目标目录 - :param files: 文件列表 - :return: - """ - for filepath in files: - try: - shutil.copy(os.path.join(self._work_dir, filepath), self._work_diff_dir) - except IOError: - logger.exception("copy {} to {} exception".format(filepath, self._work_diff_dir)) - - def save_scanoss_result(self, html): - """ - 保存结果到本地 - :param html: scanoss 结果,html格式 - :return: - """ - with open(self._scanoss_result_output, "w") as f: - f.write(html) - def check_scanoss(self): """ - scanoss工具检查代码片段引用 - https://osskb.org - https://github.com/scanoss/scanner.py - :return: + Obtain scanoss logs and result """ - gp = GitProxy(self._work_dir) - diff_files = gp.diff_files_between_commits("HEAD~1", "HEAD~0") - logger.debug("diff files: {}".format(diff_files)) - - self.copy_diff_files_to_dest(diff_files) - - blacklist_sbom = os.path.realpath(os.path.join(os.path.realpath(__file__), "../../../../conf/deny_list.sbom")) - scan = ScanOSS(self._scanoss_api_key, self._scanoss_api_url, blacklist_sbom) - result = scan.scan(self._work_diff_dir) - + try: + with open(self._scanoss_result_output, 'r') as f: + result_dirt = json.load(f) + except IOError: + logger.error("{} not found, make sure this file exists".format(self._scanoss_result_output)) + return FAILED + # Describes the reportUrl result jenkinsJobName jenkinsBuildNum prNo repoUrl of scanoss + try: + result = result_dirt.get('result') + except KeyError: + logger.error("result key value does not exist") # 保存详细结果到web server if not result: - self.save_scanoss_result(scan.html) - logger.warning("click {} view scanoss detail".format(self._scanoss_result_repo_path)) + try: + logger.warning("click {} view scanoss detail".format(result_dirt.get('reportUrl'))) + except KeyError: + logger.error("reportUrl key value does not exist") return SUCCESS if result else FAILED @@ -97,12 +75,8 @@ class CheckSCA(BaseCheck): logger.debug("args: {}, kwargs: {}".format(args, kwargs)) scanoss_conf = kwargs.get("scanoss", {}) - self._scanoss_api_key = scanoss_conf.get("api_key", "") - self._scanoss_api_url = scanoss_conf.get("api_url", "https://osskb.org/api/scan/direct") - self._scanoss_result_output = scanoss_conf.get("output", "scanoss_result") # 保存结果到本地文件 - self._scanoss_result_repo_path = scanoss_conf.get("repo_path", "-lost linker-") # 保存结果到web server的路径 - - _ = not os.path.exists(self._work_diff_dir) and os.mkdir(self._work_diff_dir) + self._scanoss_result_output = scanoss_conf.get("output", "scanoss_result") + try: return self.start_check() finally: diff --git a/src/ac/framework/ac.py b/src/ac/framework/ac.py index 6e32ebbd1e486f6c5d53dca6c47c9f4263ae89a6..7789bca916148866996859d458c175b80a997004 100644 --- a/src/ac/framework/ac.py +++ b/src/ac/framework/ac.py @@ -202,12 +202,8 @@ def init_args(): parser.add_argument("-l", type=str, dest="trigger_link", help="job trigger link") # scanoss - parser.add_argument("--scanoss-api-key", type=str, dest="scanoss_api_key", help="scanoss api key") - parser.add_argument("--scanoss-api-url", type=str, dest="scanoss_api_url", - default="https://osskb.org/api/scan/direct", help="scanoss api url") parser.add_argument("--scanoss-output", type=str, dest="scanoss_output", default="scanoss_result", help="scanoss result output") - parser.add_argument("--scanoss-repo-path", type=str, dest="scanoss_repo", help="scanoss result repo path") parser.add_argument("--codecheck-api-url", type=str, dest="codecheck_api_url", default="http://124.71.75.234:8384/api/openlibing/codecheck/start", help="codecheck api url") @@ -289,8 +285,7 @@ if "__main__" == __name__: gp.create_tags_of_pr(args.pr, "ci_processing") # scanoss conf - scanoss = {"api_key": args.scanoss_api_key, "api_url": args.scanoss_api_url, - "output": args.scanoss_output, "repo_path": args.scanoss_repo} + scanoss = {"output": args.scanoss_output} codecheck = {"pr_url": "https://gitee.com/{}/{}/pulls/{}".format(args.community, args.repo, args.pr), "pr_number": args.pr, "codecheck_api_url": args.codecheck_api_url diff --git a/src/ac/framework/ac.yaml b/src/ac/framework/ac.yaml index b1043a401d207367d91986e7afa8bd7e42414a0e..5cabb6fe194b0abda1bc08f8bbf7676d23a1c5ba 100644 --- a/src/ac/framework/ac.yaml +++ b/src/ac/framework/ac.yaml @@ -38,7 +38,7 @@ openeuler: entry: CheckSCA allow_list: ["openeuler-jenkins", "pkgship", "stratovirt", "secGear", "isula-transform", "kunpengsecl", "release-tools"] openlibing: - hint: check_openlibing + hint: code module: openlibing.check_code entry: CheckCode allow_list: ["pkgship", "kunpengsecl", "release-tools"] diff --git a/src/requirements b/src/requirements index d3fd573f2d4135e8280d57b07b7cd8b4112a154b..7d34070afd36a0242b173d47d037f55727678ba0 100644 --- a/src/requirements +++ b/src/requirements @@ -11,4 +11,4 @@ chardet kafka-python elasticsearch retrying -scanoss-scanner +scanoss