From edd8155d39005bc40892f2cf191579ed8dbdc5a2 Mon Sep 17 00:00:00 2001 From: Jaekwon Bang Date: Tue, 20 Jan 2026 14:53:26 +0900 Subject: [PATCH 1/5] Remove unnecessary abspath --- src/fosslight_binary/binary_analysis.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/src/fosslight_binary/binary_analysis.py b/src/fosslight_binary/binary_analysis.py index ceb45e6..4a1bd92 100755 --- a/src/fosslight_binary/binary_analysis.py +++ b/src/fosslight_binary/binary_analysis.py @@ -131,19 +131,18 @@ def init(path_to_find_bin, output_file_name, formats, path_to_exclude=[]): return _result_log, combined_paths_and_files, output_extensions, formats -def get_file_list(path_to_find, abs_path_to_exclude): +def get_file_list(path_to_find, excluded_files): bin_list = [] file_cnt = 0 found_jar = False for root, dirs, files in os.walk(path_to_find): - if os.path.abspath(root) in abs_path_to_exclude: + if os.path.abspath(root) in excluded_files: continue for file in files: file_path = os.path.join(root, file) - file_abs_path = os.path.abspath(file_path) - if any(os.path.commonpath([file_abs_path, exclude_path]) == exclude_path - for exclude_path in abs_path_to_exclude): + if any(os.path.commonpath([file_path, exclude_path]) == exclude_path + for exclude_path in excluded_files): continue file_lower_case = file.lower() extension = os.path.splitext(file_lower_case)[1][1:].strip() @@ -203,8 +202,6 @@ def find_binaries(path_to_find_bin, output_dir, formats, dburl="", simple_mode=F excluded_path_with_default_exclusion, excluded_path_without_dot, excluded_files, cnt_file_except_skipped \ = get_excluded_paths(path_to_find_bin, path_to_exclude) - abs_path_to_exclude = [os.path.abspath(os.path.join(path_to_find_bin, path)) for path in excluded_files] - if not os.path.isdir(path_to_find_bin): error_occured(error_msg=f"(-p option) Can't find the directory: {path_to_find_bin}", result_log=_result_log, @@ -213,7 +210,7 @@ def find_binaries(path_to_find_bin, output_dir, formats, dburl="", simple_mode=F if not correct_filepath: correct_filepath = path_to_find_bin try: - total_file_cnt, file_list, found_jar = get_file_list(path_to_find_bin, abs_path_to_exclude) + total_file_cnt, file_list, found_jar = get_file_list(path_to_find_bin, excluded_files) return_list = list(return_bin_only(file_list)) except Exception as ex: error_occured(error_msg=f"Failed to check whether it is binary or not : {ex}", @@ -245,7 +242,7 @@ def find_binaries(path_to_find_bin, output_dir, formats, dburl="", simple_mode=F logger.warning(f"Java version {java_ver} detected (<11). FOSSLight Binary Scanner requires Java 11+ to analyze .jar files.") else: logger.info("Run OWASP Dependency-check to analyze .jar file") - owasp_items, vulnerability_items, success = analyze_jar_file(path_to_find_bin, abs_path_to_exclude) + owasp_items, vulnerability_items, success = analyze_jar_file(path_to_find_bin, excluded_files) if success: return_list = merge_binary_list(owasp_items, vulnerability_items, return_list) else: @@ -263,8 +260,6 @@ def find_binaries(path_to_find_bin, output_dir, formats, dburl="", simple_mode=F logger.info("Success to correct with yaml.") scan_item.set_cover_comment(f"Detected binaries: {len(return_list)} (Scanned Files : {cnt_file_except_skipped})") - if total_bin_cnt == 0: - scan_item.set_cover_comment("(No binary detected.) ") for combined_path_and_file, output_extension, output_format in zip(result_reports, output_extensions, formats): results.append(write_output_file(combined_path_and_file, output_extension, scan_item, From 66026b921d80bbb9a2e0fea8a460d107ff793956 Mon Sep 17 00:00:00 2001 From: Jaekwon Bang Date: Tue, 20 Jan 2026 18:25:17 +0900 Subject: [PATCH 2/5] Delete is_package_dir function --- src/fosslight_binary/_binary.py | 13 ------------- src/fosslight_binary/_jar_analysis.py | 7 ++----- src/fosslight_binary/binary_analysis.py | 10 +--------- 3 files changed, 3 insertions(+), 27 deletions(-) diff --git a/src/fosslight_binary/_binary.py b/src/fosslight_binary/_binary.py index b45cd7a..7d1f217 100755 --- a/src/fosslight_binary/_binary.py +++ b/src/fosslight_binary/_binary.py @@ -13,7 +13,6 @@ TLSH_CHECKSUM_NULL = "0" MAX_EXCEL_URL_LENGTH = 255 EXCEEDED_VUL_URL_LENGTH_COMMENT = f"Exceeded the maximum vulnerability URL length of {MAX_EXCEL_URL_LENGTH} characters." -_PACKAGE_DIR = ["node_modules", "venv", "Pods", "Carthage"] logger = logging.getLogger(constant.LOGGER_NAME) @@ -111,15 +110,3 @@ def get_print_json(self): if self.comment: json_item["comment"] = self.comment return items - - -def is_package_dir(bin_with_path: str, _root_path: str) -> Tuple[bool, str]: - is_pkg = False - pkg_path = "" - path_parts = bin_with_path.split(os.path.sep) - for pkg_dir in _PACKAGE_DIR: - if pkg_dir in path_parts: - pkg_index = path_parts.index(pkg_dir) - pkg_path = os.path.sep.join(path_parts[:pkg_index + 1]).replace(_root_path, '', 1) - is_pkg = True - return is_pkg, pkg_path diff --git a/src/fosslight_binary/_jar_analysis.py b/src/fosslight_binary/_jar_analysis.py index 588ef1a..ecf5ce0 100644 --- a/src/fosslight_binary/_jar_analysis.py +++ b/src/fosslight_binary/_jar_analysis.py @@ -9,7 +9,7 @@ import subprocess from fosslight_binary import get_dependency_check_script import fosslight_util.constant as constant -from fosslight_binary._binary import BinaryItem, VulnerabilityItem, is_package_dir +from fosslight_binary._binary import BinaryItem, VulnerabilityItem from fosslight_util.oss_item import OssItem logger = logging.getLogger(constant.LOGGER_NAME) @@ -91,10 +91,6 @@ def merge_binary_list(owasp_items, vulnerability_items, bin_list): bin_item.binary_name_without_path = os.path.basename(key) bin_item.source_name_or_path = key - is_pkg, _ = is_package_dir(bin_item.source_name_or_path, '') - if is_pkg: - continue - bin_item.set_oss_items(oss_list) not_found_bin.append(bin_item) @@ -305,6 +301,7 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude): # Get Vulnerability Info. vulnerability_items = get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items) + print(f"oss_name: {oss_name}, oss_ver: {oss_ver}, oss_license: {oss_license}, oss_dl_url: {oss_dl_url}") if oss_name or oss_license or oss_dl_url: oss = OssItem(oss_name, oss_ver, oss_license, oss_dl_url) oss.comment = "OWASP result" diff --git a/src/fosslight_binary/binary_analysis.py b/src/fosslight_binary/binary_analysis.py index 4a1bd92..e685ca9 100755 --- a/src/fosslight_binary/binary_analysis.py +++ b/src/fosslight_binary/binary_analysis.py @@ -16,7 +16,7 @@ import fosslight_util.constant as constant from fosslight_util.output_format import check_output_formats_v2, write_output_file from ._binary_dao import get_oss_info_from_db -from ._binary import BinaryItem, TLSH_CHECKSUM_NULL, is_package_dir +from ._binary import BinaryItem, TLSH_CHECKSUM_NULL from ._jar_analysis import analyze_jar_file, merge_binary_list from ._simple_mode import print_simple_mode, filter_binary, init_simple from fosslight_util.correct import correct_with_yaml @@ -159,14 +159,6 @@ def get_file_list(path_to_find, excluded_files): bin_item.binary_name_without_path = file bin_item.source_name_or_path = bin_with_path.replace(_root_path, '', 1) - is_pkg, pkg_path = is_package_dir(bin_with_path, _root_path) - if is_pkg: - bin_item.source_name_or_path = pkg_path - if not any(x.source_name_or_path == bin_item.source_name_or_path for x in bin_list): - bin_item.exclude = True - bin_list.append(bin_item) - continue - bin_list.append(bin_item) file_cnt += 1 return file_cnt, bin_list, found_jar From 4638ceb2ebd6f36f3ca111d6b3025eb75d7dd96a Mon Sep 17 00:00:00 2001 From: Jaekwon Bang Date: Wed, 21 Jan 2026 09:33:07 +0900 Subject: [PATCH 3/5] Change abspath to relpath for excluding --- src/fosslight_binary/_binary.py | 2 -- src/fosslight_binary/_jar_analysis.py | 25 +++++-------------------- src/fosslight_binary/binary_analysis.py | 9 +++------ 3 files changed, 8 insertions(+), 28 deletions(-) diff --git a/src/fosslight_binary/_binary.py b/src/fosslight_binary/_binary.py index 7d1f217..073c1af 100755 --- a/src/fosslight_binary/_binary.py +++ b/src/fosslight_binary/_binary.py @@ -2,11 +2,9 @@ # -*- coding: utf-8 -*- # Copyright (c) 2020 LG Electronics Inc. # SPDX-License-Identifier: Apache-2.0 -import os import urllib.parse import logging import fosslight_util.constant as constant -from typing import Tuple from fosslight_util.oss_item import FileItem EXCLUDE_TRUE_VALUE = "Exclude" diff --git a/src/fosslight_binary/_jar_analysis.py b/src/fosslight_binary/_jar_analysis.py index ecf5ce0..65439a3 100644 --- a/src/fosslight_binary/_jar_analysis.py +++ b/src/fosslight_binary/_jar_analysis.py @@ -242,30 +242,16 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude): # Even if the oss info is from pom.xml in jar file, the file name will be .jar file. # But the oss info from pom.xml could be different from .jar file. bin_with_path = val.get("filePath") - - if any(os.path.commonpath([bin_with_path, exclude_path]) == exclude_path - for exclude_path in path_to_exclude): + # Convert absolute path to relative path (same as binary_analysis.py) + bin_with_path = os.path.relpath(bin_with_path, path_to_find_bin).replace('\\', '/') + # Check if bin_with_path should be excluded (compare relative paths) + if bin_with_path in path_to_exclude: continue if not bin_with_path.endswith('.jar'): bin_with_path = bin_with_path.split('.jar')[0] + '.jar' - try: - path_to_fild_bin_abs = os.path.abspath(path_to_find_bin) - bin_with_path_abs = os.path.abspath(bin_with_path) - if os.name == 'nt': # Windows - drive_bin = os.path.splitdrive(bin_with_path_abs)[0].lower() - drive_root = os.path.splitdrive(path_to_fild_bin_abs)[0].lower() - # Different drive or UNC root -> fallback to basename - if drive_bin and drive_root and drive_bin != drive_root: - file_with_path = os.path.basename(bin_with_path_abs) - else: - file_with_path = os.path.relpath(bin_with_path_abs, path_to_fild_bin_abs) - else: - file_with_path = os.path.relpath(bin_with_path_abs, path_to_fild_bin_abs) - except Exception as e: - file_with_path = os.path.basename(bin_with_path) - logger.error(f"relpath error: {e}; fallback basename: {file_with_path}") + file_with_path = bin_with_path # First, Get OSS Name and Version info from pkg_info for pkg_info in all_pkg_info: @@ -301,7 +287,6 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude): # Get Vulnerability Info. vulnerability_items = get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items) - print(f"oss_name: {oss_name}, oss_ver: {oss_ver}, oss_license: {oss_license}, oss_dl_url: {oss_dl_url}") if oss_name or oss_license or oss_dl_url: oss = OssItem(oss_name, oss_ver, oss_license, oss_dl_url) oss.comment = "OWASP result" diff --git a/src/fosslight_binary/binary_analysis.py b/src/fosslight_binary/binary_analysis.py index e685ca9..b3d60c6 100755 --- a/src/fosslight_binary/binary_analysis.py +++ b/src/fosslight_binary/binary_analysis.py @@ -137,12 +137,10 @@ def get_file_list(path_to_find, excluded_files): found_jar = False for root, dirs, files in os.walk(path_to_find): - if os.path.abspath(root) in excluded_files: - continue for file in files: - file_path = os.path.join(root, file) - if any(os.path.commonpath([file_path, exclude_path]) == exclude_path - for exclude_path in excluded_files): + bin_with_path = os.path.join(root, file) + rel_path_file = os.path.relpath(bin_with_path, path_to_find).replace('\\', '/') + if rel_path_file in excluded_files: continue file_lower_case = file.lower() extension = os.path.splitext(file_lower_case)[1][1:].strip() @@ -154,7 +152,6 @@ def get_file_list(path_to_find, excluded_files): dir_path = directory.replace(_root_path, '', 1).lower() dir_path = os.path.sep + dir_path + os.path.sep - bin_with_path = os.path.join(root, file) bin_item = BinaryItem(bin_with_path) bin_item.binary_name_without_path = file bin_item.source_name_or_path = bin_with_path.replace(_root_path, '', 1) From 6254f0201068f9a93715fb6406ba332d523f72be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=84=9D=EC=A7=80=EC=98=81/=EC=B1=85=EC=9E=84=EC=97=B0?= =?UTF-8?q?=EA=B5=AC=EC=9B=90/SW=EA=B3=B5=ED=95=99=28=EC=97=B0=29Open=20So?= =?UTF-8?q?urce=20TP?= Date: Thu, 22 Jan 2026 16:54:58 +0900 Subject: [PATCH 4/5] Add all_scanner_exclude_mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 석지영/책임연구원/SW공학(연)Open Source TP --- src/fosslight_binary/binary_analysis.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/fosslight_binary/binary_analysis.py b/src/fosslight_binary/binary_analysis.py index b3d60c6..ccb73fe 100755 --- a/src/fosslight_binary/binary_analysis.py +++ b/src/fosslight_binary/binary_analysis.py @@ -162,7 +162,8 @@ def get_file_list(path_to_find, excluded_files): def find_binaries(path_to_find_bin, output_dir, formats, dburl="", simple_mode=False, - correct_mode=True, correct_filepath="", path_to_exclude=[]): + correct_mode=True, correct_filepath="", path_to_exclude=[], + all_exclude_mode=()): global start_time, _root_path, _result_log mode = "Normal Mode" @@ -188,8 +189,12 @@ def find_binaries(path_to_find_bin, output_dir, formats, dburl="", simple_mode=F bin_list = [] scan_item = ScannerItem(PKG_NAME, "") - excluded_path_with_default_exclusion, excluded_path_without_dot, excluded_files, cnt_file_except_skipped \ - = get_excluded_paths(path_to_find_bin, path_to_exclude) + if all_exclude_mode and len(all_exclude_mode) == 4: + excluded_path_with_default_exclusion, excluded_path_without_dot, excluded_files, cnt_file_except_skipped = all_exclude_mode + else: + excluded_path_with_default_exclusion, excluded_path_without_dot, excluded_files, cnt_file_except_skipped \ + = get_excluded_paths(path_to_find_bin, path_to_exclude) + logger.debug(f"Skipped paths: {excluded_path_with_default_exclusion}") if not os.path.isdir(path_to_find_bin): error_occured(error_msg=f"(-p option) Can't find the directory: {path_to_find_bin}", From af99fbabbcd81a278cf0fa80c32e8bcf258c6dcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=B0=A9=EC=9E=AC=EA=B6=8C/=EC=84=A0=EC=9E=84=EC=97=B0?= =?UTF-8?q?=EA=B5=AC=EC=9B=90/SW=EA=B3=B5=ED=95=99=28=EC=97=B0=29Open=20So?= =?UTF-8?q?urce=20Task?= Date: Fri, 23 Jan 2026 11:22:24 +0900 Subject: [PATCH 5/5] Remove unnecessary code --- src/fosslight_binary/_jar_analysis.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/fosslight_binary/_jar_analysis.py b/src/fosslight_binary/_jar_analysis.py index 65439a3..2d89941 100644 --- a/src/fosslight_binary/_jar_analysis.py +++ b/src/fosslight_binary/_jar_analysis.py @@ -242,16 +242,15 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude): # Even if the oss info is from pom.xml in jar file, the file name will be .jar file. # But the oss info from pom.xml could be different from .jar file. bin_with_path = val.get("filePath") - # Convert absolute path to relative path (same as binary_analysis.py) - bin_with_path = os.path.relpath(bin_with_path, path_to_find_bin).replace('\\', '/') + bin_with_path_rel = os.path.relpath(bin_with_path, path_to_find_bin) # Check if bin_with_path should be excluded (compare relative paths) - if bin_with_path in path_to_exclude: + if bin_with_path_rel in path_to_exclude: continue - if not bin_with_path.endswith('.jar'): - bin_with_path = bin_with_path.split('.jar')[0] + '.jar' + if not bin_with_path_rel.endswith('.jar'): + bin_with_path_rel = bin_with_path_rel.split('.jar')[0] + '.jar' - file_with_path = bin_with_path + file_with_path = bin_with_path_rel # First, Get OSS Name and Version info from pkg_info for pkg_info in all_pkg_info: