Skip to content

fix: restore osslili and UPMEX integrations - v1.11.3 #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
oscarvalenzuelab merged 2 commits into from
Nov 6, 2025
Merged

fix: restore osslili and UPMEX integrations - v1.11.3 #46

oscarvalenzuelab merged 2 commits into from
Nov 6, 2025

Conversation

@oscarvalenzuelab
Copy link
Collaborator

@oscarvalenzuelab oscarvalenzuelab commented Nov 6, 2025

Summary

Restored critical osslili and UPMEX integrations that were incorrectly removed during repository cleanup in commits d6bef5c and 1ed6695.

Changes Made

Integration Restoration

  • Re-added integration modules: binarysniffer/integrations/ with all required files
  • Fixed analyzer_enhanced.py: Proper initialization and integration of both osslili and UPMEX
  • Fixed archive.py: License detection and package metadata extraction from archives
  • Added UPMEX license conversion: Converts package license data to ComponentMatch objects

Integration Functionality

  • OSLiLi Integration: Detects licenses in source code files (.py, .js, .java, .c, .cpp, etc.)
  • UPMEX Integration: Extracts package metadata from JAR, WAR, WHL, and other supported formats
  • Match Types: oslili_detection for license detection, upmex_detection for package licenses
  • Evidence Details: Proper confidence scores, detection methods, and source file attribution

Version Update

  • Version bumped: 1.11.2 → 1.11.3
  • CHANGELOG updated: Comprehensive documentation of fixes and verification

Test Results

OSLiLi License Detection

✅ Source files: MIT license detected with 90% confidence (keyword method)
✅ Match type: oslili_detection
✅ Supported extensions: .py, .js, .java, .c, .cpp, .h, .hpp, etc.

UPMEX Package Metadata

✅ JAR files: Maven coordinates extracted (org.apache.commons:commons-lang3:3.12.0)
✅ License extraction: MPL-2.0 detected with 80% confidence (reference_parsing)
✅ Match type: upmex_detection
✅ Package types: maven, pypi, npm, nuget, etc.

Component Signature Detection

✅ Binary files: OpenSSL (100%), cURL (100%), wolfSSL (100%)
✅ Archive files: OkHttp (70%), WebP (82%), GLib (70%)
✅ Evidence: Detailed pattern matching with confidence scores

Validation

  • All integrations tested across multiple file types
  • CLI output properly displays license and package information
  • Component detection working correctly with proper match types
  • Version updated and CHANGELOG documented
  • No breaking changes to existing functionality
  • Proper feature branch workflow followed

Impact

This restores critical functionality that was accidentally removed, ensuring binarysniffer provides comprehensive license detection and package metadata extraction as designed.

Resolves issues from commits d6bef5c and 1ed6695 that removed the integrations module.

@oscarvalenzuelab
fix: restore osslili and UPMEX integrations - v1.11.3
906d5bd 
- Restored critical integrations that were incorrectly removed during cleanup
- Re-added binarysniffer/integrations/ module with enhanced_oslili.py and upmex_adapter.py
- Fixed analyzer_enhanced.py to properly convert UPMEX license data to ComponentMatch objects
- OSLiLi now detects licenses in source files with oslili_detection match type
- UPMEX now extracts package metadata with upmex_detection match type
- Verified complete functionality across JAR, IPA, source, and binary files
- All integrations tested and working correctly with proper confidence scores

Resolves integration issues from commits d6bef5c and 1ed6695
@oscarvalenzuelab
resolve: merge conflicts in archive.py - clean up whitespace differences
b933c20
@github-actions
Copy link

github-actions bot commented Nov 6, 2025

License Check Report

ℹ️ No licenses detected in changed files.

@oscarvalenzuelab oscarvalenzuelab merged commit 7eae72c into main Nov 6, 2025
8 checks passed
@oscarvalenzuelab oscarvalenzuelab deleted the fix/restore-integrations-v1.11.3 branch November 6, 2025 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oscarvalenzuelab