def filter_versions(epv_list, input_stack):
"""Filter the EPVs according to following rules.
First filter fetches only EPVs that
1. has No CVEs
2. are Present in Graph
Apply additional filter based on following. That is sorted based on
3. Latest Version
4. Dependents Count in Github Manifest Data
5. Github Release Date
"""
# TODO: reduce cyclomatic complexity
pkg_dict = defaultdict(dict)
new_dict = defaultdict(dict)
filtered_comp_list = []
for epv in epv_list:
name = epv.get('pkg', {}).get('name', [''])[0]
version = epv.get('ver', {}).get('version', [''])[0]
# needed for maven version like 1.5.2.RELEASE to be converted to
# 1.5.2-RELEASE for semantic version to work'
semversion = version.replace('.', '-', 3)
semversion = semversion.replace('-', '.', 2)
if name and version:
# Select Latest Version and add to filter_list if
# latest version is > current version
latest_version = select_latest_version(
epv.get('pkg').get('libio_latest_version', [''])[0],
epv.get('pkg').get('latest_version', [''])[0])
if latest_version and latest_version == version:
try:
if sv.SpecItem('>=' + input_stack.get(name, '0.0.0')).match(
sv.Version(semversion)):
pkg_dict[name]['latest_version'] = latest_version
new_dict[name]['latest_version'] = epv.get('ver')
new_dict[name]['pkg'] = epv.get('pkg')
filtered_comp_list.append(name)
except ValueError:
pass
# Check for Dependency Count Attribute. Add Max deps count version
# if version > current version
deps_count = epv.get('ver').get('dependents_count', [-1])[0]
if deps_count > 0:
if 'deps_count' not in pkg_dict[name] or \
deps_count > pkg_dict[name].get('deps_count', {}).get('deps_count', 0):
try:
if sv.SpecItem('>=' + input_stack.get(name, '0.0.0')).match(
sv.Version(semversion)):
pkg_dict[name]['deps_count'] = {"version": version,
"deps_count": deps_count}
new_dict[name]['deps_count'] = epv.get('ver')
new_dict[name]['pkg'] = epv.get('pkg')
filtered_comp_list.append(name)
except ValueError:
pass
# Check for github release date. Add version with most recent github release date
gh_release_date = epv.get('ver').get('gh_release_date', [0])[0]
if gh_release_date > 0.0:
if 'gh_release_date' not in pkg_dict[name] or \
gh_release_date > \
pkg_dict[name].get('gh_release_date', {}).get('gh_release_date', 0):
try:
if sv.SpecItem('>=' + input_stack.get(name, '0.0.0')).match(
sv.Version(semversion)):
pkg_dict[name]['gh_release_date'] = {
"version": version,
"gh_release_date": gh_release_date}
new_dict[name]['gh_release_date'] = epv.get('ver')
new_dict[name]['pkg'] = epv.get('pkg')
filtered_comp_list.append(name)
except ValueError:
pass
new_list = []
for package, contents in new_dict.items():
if 'latest_version' in contents:
new_list.append({"pkg": contents['pkg'], "ver": contents['latest_version']})
elif 'deps_count' in contents:
new_list.append({"pkg": contents['pkg'], "ver": contents['deps_count']})
elif 'gh_release_date' in contents:
new_list.append({"pkg": contents['pkg'], "ver": contents['gh_release_date']})
return new_list, filtered_comp_list
def extract_component_details(component):
github_details = {
"dependent_projects":
component.get("package", {}).get("libio_dependents_projects", [-1])[0],
"dependent_repos": component.get("package", {}).get("libio_dependents_repos", [-1])[0],
"total_releases": component.get("package", {}).get("libio_total_releases", [-1])[0],
"latest_release_duration":
str(datetime.datetime.fromtimestamp(component.get("package", {}).get(
"libio_latest_release", [1496302486.0])[0])),
"first_release_date": "Apr 16, 2010",
"issues": {
"month": {
"opened": component.get("package", {}).get("gh_issues_last_month_opened", [-1])[0],
"closed": component.get("package", {}).get("gh_issues_last_month_closed", [-1])[0]
}, "year": {
"opened": component.get("package", {}).get("gh_issues_last_year_opened", [-1])[0],
"closed": component.get("package", {}).get("gh_issues_last_year_closed", [-1])[0]
}},
"pull_requests": {
"month": {
"opened": component.get("package", {}).get("gh_prs_last_month_opened", [-1])[0],
"closed": component.get("package", {}).get("gh_prs_last_month_closed", [-1])[0]
}, "year": {
"opened": component.get("package", {}).get("gh_prs_last_year_opened", [-1])[0],
"closed": component.get("package", {}).get("gh_prs_last_year_closed", [-1])[0]
}},
"stargazers_count": component.get("package", {}).get("gh_stargazers", [-1])[0],
"forks_count": component.get("package", {}).get("gh_forks", [-1])[0],
"open_issues_count": component.get("package", {}).get("gh_open_issues_count", [-1])[0],
"contributors": component.get("package", {}).get("gh_contributors_count", [-1])[0],
"size": "N/A"
}
used_by = component.get("package", {}).get("libio_usedby", [])
used_by_list = []
for epvs in used_by:
slc = epvs.split(':')
used_by_dict = {
'name': slc[0],
'stars': int(slc[1])
}
used_by_list.append(used_by_dict)
github_details['used_by'] = used_by_list
code_metrics = {
"code_lines": component.get("version", {}).get("cm_loc", [-1])[0],
"average_cyclomatic_complexity":
component.get("version", {}).get("cm_avg_cyclomatic_complexity", [-1])[0],
"total_files": component.get("version", {}).get("cm_num_files", [-1])[0]
}
cves = []
for cve in component.get("version", {}).get("cve_ids", []):
component_cve = {
'CVE': cve.split(':')[0],
'CVSS': cve.split(':')[1]
}
cves.append(component_cve)
licenses = component.get("version", {}).get("licenses", [])
name = component.get("version", {}).get("pname", [""])[0]
version = component.get("version", {}).get("version", [""])[0]
ecosystem = component.get("version", {}).get("pecosystem", [""])[0]
latest_version = select_latest_version(
component.get("package", {}).get("libio_latest_version", [""])[0],
component.get("package", {}).get("latest_version", [""])[0])
component_summary = {
"ecosystem": ecosystem,
"name": name,
"version": version,
"licenses": licenses,
"security": cves,
"osio_user_count": component.get("version", {}).get("osio_usage_count", 0),
"latest_version": latest_version,
"github": github_details,
"code_metrics": code_metrics
}
return component_summary