From 9da956c65fe5d6a5f1d9ca594f632f9976253bf7 Mon Sep 17 00:00:00 2001 From: Rex P Date: Thu, 19 Sep 2024 15:53:52 +1000 Subject: [PATCH] Remove python as it has already been migrated (temporary) --- .../language/python/pdmlock/extractor.go | 110 --- .../language/python/pdmlock/extractor_test.go | 238 ------ .../pdmlock/testdata/dev-dependency.toml | 42 - .../python/pdmlock/testdata/empty.toml | 8 - .../pdmlock/testdata/git-dependency.toml | 17 - .../python/pdmlock/testdata/not-toml.txt | 1 - .../pdmlock/testdata/optional-dependency.toml | 42 - .../pdmlock/testdata/single-package.toml | 19 - .../python/pdmlock/testdata/two-packages.toml | 30 - .../language/python/pipfilelock/extractor.go | 111 --- .../python/pipfilelock/extractor_test.go | 236 ------ .../python/pipfilelock/testdata/empty.json | 20 - .../testdata/multiple-packages.json | 97 --- .../pipfilelock/testdata/no-version.json | 32 - .../python/pipfilelock/testdata/not-json.txt | 1 - .../pipfilelock/testdata/one-package-dev.json | 67 -- .../pipfilelock/testdata/one-package.json | 67 -- .../testdata/two-packages-alt.json | 75 -- .../pipfilelock/testdata/two-packages.json | 76 -- .../language/python/poetrylock/extractor.go | 103 --- .../python/poetrylock/extractor_test.go | 233 ------ .../python/poetrylock/testdata/empty.lock | 8 - .../python/poetrylock/testdata/not-toml.txt | 1 - .../testdata/one-package-with-metadata.lock | 20 - .../poetrylock/testdata/one-package.lock | 15 - .../poetrylock/testdata/optional-package.lock | 15 - .../poetrylock/testdata/source-git.lock | 22 - .../poetrylock/testdata/source-legacy.lock | 12 - .../poetrylock/testdata/two-packages.lock | 30 - .../python/requirementstxt/extractor.go | 272 ------- .../python/requirementstxt/extractor_test.go | 761 ------------------ .../testdata/cyclic-r-complex-1.txt | 3 - .../testdata/cyclic-r-complex-2.txt | 4 - .../testdata/cyclic-r-complex-3.txt | 4 - .../testdata/cyclic-r-self.txt | 4 - .../testdata/duplicate-r-base.txt | 1 - .../testdata/duplicate-r-dev.txt | 5 - .../testdata/duplicate-r-test.txt | 4 - .../python/requirementstxt/testdata/empty.txt | 0 .../testdata/file-format-example.txt | 24 - .../testdata/line-continuation.txt | 17 - .../multiple-packages-constrained.txt | 33 - .../testdata/multiple-packages-mixed.txt | 8 - .../testdata/non-normalized-names.txt | 9 - .../testdata/one-package-constrained.txt | 7 - .../testdata/one-package-unconstrained.txt | 1 - .../testdata/only-comments.txt | 2 - .../requirementstxt/testdata/other-file.txt | 1 - .../testdata/with-added-support.txt | 2 - .../testdata/with-bad-r-option.txt | 3 - .../testdata/with-multiple-r-options.txt | 5 - .../testdata/with-per-requirement-options.txt | 12 - 52 files changed, 2930 deletions(-) delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/extractor.go delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/extractor_test.go delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/dev-dependency.toml delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/empty.toml delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/git-dependency.toml delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/not-toml.txt delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/optional-dependency.toml delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/single-package.toml delete mode 100644 internal/lockfilescalibr/language/python/pdmlock/testdata/two-packages.toml delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/extractor.go delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/extractor_test.go delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/empty.json delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/multiple-packages.json delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/no-version.json delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/not-json.txt delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package-dev.json delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package.json delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages-alt.json delete mode 100644 internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages.json delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/extractor.go delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/extractor_test.go delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/empty.lock delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/not-toml.txt delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/one-package-with-metadata.lock delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/one-package.lock delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/optional-package.lock delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/source-git.lock delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/source-legacy.lock delete mode 100644 internal/lockfilescalibr/language/python/poetrylock/testdata/two-packages.lock delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/extractor.go delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/extractor_test.go delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-1.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-2.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-3.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-self.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-base.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-dev.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-test.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/empty.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/file-format-example.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/line-continuation.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-constrained.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-mixed.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/non-normalized-names.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-constrained.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-unconstrained.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/only-comments.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/other-file.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/with-added-support.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/with-bad-r-option.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/with-multiple-r-options.txt delete mode 100644 internal/lockfilescalibr/language/python/requirementstxt/testdata/with-per-requirement-options.txt diff --git a/internal/lockfilescalibr/language/python/pdmlock/extractor.go b/internal/lockfilescalibr/language/python/pdmlock/extractor.go deleted file mode 100644 index 15e7a3685d..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/extractor.go +++ /dev/null @@ -1,110 +0,0 @@ -package pdmlock - -import ( - "context" - "fmt" - "io/fs" - "path/filepath" - - "github.com/BurntSushi/toml" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/filesystem" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" - "github.com/google/osv-scanner/internal/lockfilescalibr/plugin" - "github.com/package-url/packageurl-go" -) - -type PdmLockPackage struct { - Name string `toml:"name"` - Version string `toml:"version"` - Groups []string `toml:"groups"` - Revision string `toml:"revision"` -} - -type PdmLockFile struct { - Version string `toml:"lock-version"` - Packages []PdmLockPackage `toml:"package"` -} - -const PDMEcosystem = "PyPI" - -type Extractor struct{} - -// Name of the extractor -func (e Extractor) Name() string { return "python/pdmlock" } - -// Version of the extractor -func (e Extractor) Version() int { return 0 } - -func (e Extractor) Requirements() *plugin.Capabilities { - return &plugin.Capabilities{} -} - -func (e Extractor) FileRequired(path string, fileInfo fs.FileInfo) bool { - return filepath.Base(path) == "pdm.lock" -} - -func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]*extractor.Inventory, error) { - var parsedLockFile *PdmLockFile - - _, err := toml.NewDecoder(input.Reader).Decode(&parsedLockFile) - if err != nil { - return []*extractor.Inventory{}, fmt.Errorf("could not extract from %s: %w", input.Path, err) - } - packages := make([]*extractor.Inventory, 0, len(parsedLockFile.Packages)) - - for _, pkg := range parsedLockFile.Packages { - details := &extractor.Inventory{ - Name: pkg.Name, - Version: pkg.Version, - Locations: []string{input.Path}, - } - - depGroups := []string{} - - var optional = true - for _, gr := range pkg.Groups { - if gr == "dev" { - depGroups = append(depGroups, "dev") - optional = false - } else if gr == "default" { - optional = false - } - } - if optional { - depGroups = append(depGroups, "optional") - } - - details.Metadata = othermetadata.DepGroupMetadata{ - DepGroupVals: depGroups, - } - - if pkg.Revision != "" { - details.SourceCode = &extractor.SourceCodeIdentifier{ - Commit: pkg.Revision, - } - } - - packages = append(packages, details) - } - - return packages, nil -} - -// ToPURL converts an inventory created by this extractor into a PURL. -func (e Extractor) ToPURL(i *extractor.Inventory) (*packageurl.PackageURL, error) { - return &packageurl.PackageURL{ - Type: packageurl.TypePyPi, - Name: i.Name, - Version: i.Version, - }, nil -} - -// ToCPEs is not applicable as this extractor does not infer CPEs from the Inventory. -func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error) { return []string{}, nil } - -func (e Extractor) Ecosystem(i *extractor.Inventory) (string, error) { - return PDMEcosystem, nil -} - -var _ filesystem.Extractor = Extractor{} diff --git a/internal/lockfilescalibr/language/python/pdmlock/extractor_test.go b/internal/lockfilescalibr/language/python/pdmlock/extractor_test.go deleted file mode 100644 index 522db2cfb8..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/extractor_test.go +++ /dev/null @@ -1,238 +0,0 @@ -package pdmlock_test - -import ( - "context" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/extracttest" - "github.com/google/osv-scanner/internal/lockfilescalibr/language/python/pdmlock" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" -) - -func TestPdmExtractor_FileRequired(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - inputPath string - want bool - }{ - { - name: "empty", - inputPath: "", - want: false, - }, - { - name: "plain", - inputPath: "pdm.lock", - want: true, - }, - { - name: "absolute", - inputPath: "/path/to/pdm.lock", - want: true, - }, - { - name: "relative", - inputPath: "../../pdm.lock", - want: true, - }, - { - name: "in-path", - inputPath: "/path/with/pdm.lock/in/middle", - want: false, - }, - { - name: "invalid-suffix", - inputPath: "pdm.lock.file", - want: false, - }, - { - name: "invalid-prefix", - inputPath: "project.name.pdm.lock", - want: false, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - e := pdmlock.Extractor{} - got := e.FileRequired(tt.inputPath, nil) - if got != tt.want { - t.Errorf("FileRequired(%s, FileInfo) got = %v, want %v", tt.inputPath, got, tt.want) - } - }) - } -} - -func TestExtractor_Extract(t *testing.T) { - t.Parallel() - - tests := []extracttest.TestTableEntry{ - { - Name: "invalid toml", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/not-toml.txt", - }, - WantInventory: []*extractor.Inventory{}, - WantErr: extracttest.ContainsErrStr{Str: "could not extract from"}, - }, - { - Name: "no packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/empty.toml", - }, - WantInventory: []*extractor.Inventory{}, - }, - { - Name: "single package", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/single-package.toml", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "toml", - Version: "0.10.2", - Locations: []string{"testdata/single-package.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "two packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/two-packages.toml", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "toml", - Version: "0.10.2", - Locations: []string{"testdata/two-packages.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "six", - Version: "1.16.0", - Locations: []string{"testdata/two-packages.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "package with dev dependencies", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/dev-dependency.toml", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "toml", - Version: "0.10.2", - Locations: []string{"testdata/dev-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "pyroute2", - Version: "0.7.11", - Locations: []string{"testdata/dev-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"dev"}, - }, - }, - { - Name: "win-inet-pton", - Version: "1.1.0", - Locations: []string{"testdata/dev-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"dev"}, - }, - }, - }, - }, - { - Name: "package with optional dependency", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/optional-dependency.toml", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "toml", - Version: "0.10.2", - Locations: []string{"testdata/optional-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "pyroute2", - Version: "0.7.11", - Locations: []string{"testdata/optional-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"optional"}, - }, - }, - { - Name: "win-inet-pton", - Version: "1.1.0", - Locations: []string{"testdata/optional-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"optional"}, - }, - }, - }, - }, - { - Name: "package with git dependency", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/git-dependency.toml", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "toml", - Version: "0.10.2", - Locations: []string{"testdata/git-dependency.toml"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "65bab7582ce14c55cdeec2244c65ea23039c9e6f", - }, - }, - }, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.Name, func(t *testing.T) { - t.Parallel() - extr := pdmlock.Extractor{} - - scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) - defer extracttest.CloseTestScanInput(t, scanInput) - - got, err := extr.Extract(context.Background(), &scanInput) - - if diff := cmp.Diff(tt.WantErr, err, cmpopts.EquateErrors()); diff != "" { - t.Errorf("%s.Extract(%q) error diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - return - } - - if diff := cmp.Diff(tt.WantInventory, got, cmpopts.SortSlices(extracttest.InventoryCmpLess)); diff != "" { - t.Errorf("%s.Extract(%q) diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - } - }) - } -} diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/dev-dependency.toml b/internal/lockfilescalibr/language/python/pdmlock/testdata/dev-dependency.toml deleted file mode 100644 index 273b6deb66..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/dev-dependency.toml +++ /dev/null @@ -1,42 +0,0 @@ -# This file is @generated by PDM. -# It is not intended for manual editing. - -[metadata] -groups = ["default", "dev"] -strategy = ["cross_platform", "inherit_metadata"] -lock_version = "4.4.1" -content_hash = "sha256:5a543e4cbf50fa2fae6c9180c8c4b4031bbaf7e95c26484384109782ebdfd647" - -[[package]] -name = "pyroute2" -version = "0.7.11" -summary = "Python Netlink library" -groups = ["dev"] -dependencies = [ - "win-inet-pton; platform_system == \"Windows\"", -] -files = [ - {file = "pyroute2-0.7.11-py3-none-any.whl", hash = "sha256:95852e702149b3d6abc8484d3291c38c45660168e8db76e5566a60ef0e133d5b"}, -] - -[[package]] -name = "toml" -version = "0.10.2" -requires_python = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -summary = "Python Library for Tom's Obvious, Minimal Language" -groups = ["default"] -files = [ - {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, - {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, -] - -[[package]] -name = "win-inet-pton" -version = "1.1.0" -summary = "Native inet_pton and inet_ntop implementation for Python on Windows (with ctypes)." -groups = ["dev"] -marker = "platform_system == \"Windows\"" -files = [ - {file = "win_inet_pton-1.1.0-py2.py3-none-any.whl", hash = "sha256:eaf0193cbe7152ac313598a0da7313fb479f769343c0c16c5308f64887dc885b"}, - {file = "win_inet_pton-1.1.0.tar.gz", hash = "sha256:dd03d942c0d3e2b1cf8bab511844546dfa5f74cb61b241699fa379ad707dea4f"}, -] diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/empty.toml b/internal/lockfilescalibr/language/python/pdmlock/testdata/empty.toml deleted file mode 100644 index eeb277523d..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/empty.toml +++ /dev/null @@ -1,8 +0,0 @@ -# This file is @generated by PDM. -# It is not intended for manual editing. - -[metadata] -groups = ["default"] -strategy = ["cross_platform", "inherit_metadata"] -lock_version = "4.4.1" -content_hash = "sha256:ebb844511b46d2da311c9adf39499a26883e110605ef99ca9c6762905dcb3e56" diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/git-dependency.toml b/internal/lockfilescalibr/language/python/pdmlock/testdata/git-dependency.toml deleted file mode 100644 index 91bf513d14..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/git-dependency.toml +++ /dev/null @@ -1,17 +0,0 @@ -# This file is @generated by PDM. -# It is not intended for manual editing. - -[metadata] -groups = ["default"] -strategy = ["cross_platform", "inherit_metadata"] -lock_version = "4.4.1" -content_hash = "sha256:93fc3209615f0fa4a29b2bd263bb5e72c2343ebc334df8c56c5d9f2cacfc0241" - -[[package]] -name = "toml" -version = "0.10.2" -requires_python = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -git = "https://github.com/uiri/toml.git" -revision = "65bab7582ce14c55cdeec2244c65ea23039c9e6f" -summary = "Python Library for Tom's Obvious, Minimal Language" -groups = ["default"] diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/not-toml.txt b/internal/lockfilescalibr/language/python/pdmlock/testdata/not-toml.txt deleted file mode 100644 index ddd3cb93d0..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/not-toml.txt +++ /dev/null @@ -1 +0,0 @@ -this is not valid toml! (I think) diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/optional-dependency.toml b/internal/lockfilescalibr/language/python/pdmlock/testdata/optional-dependency.toml deleted file mode 100644 index e232c3cb1a..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/optional-dependency.toml +++ /dev/null @@ -1,42 +0,0 @@ -# This file is @generated by PDM. -# It is not intended for manual editing. - -[metadata] -groups = ["default", "tmp"] -strategy = ["cross_platform", "inherit_metadata"] -lock_version = "4.4.1" -content_hash = "sha256:dfa3dd060fb1217f183be92d3a42fc9b77ca2ca340a7ac15c6786de5bbced943" - -[[package]] -name = "pyroute2" -version = "0.7.11" -summary = "Python Netlink library" -groups = ["tmp"] -dependencies = [ - "win-inet-pton; platform_system == \"Windows\"", -] -files = [ - {file = "pyroute2-0.7.11-py3-none-any.whl", hash = "sha256:95852e702149b3d6abc8484d3291c38c45660168e8db76e5566a60ef0e133d5b"}, -] - -[[package]] -name = "toml" -version = "0.10.2" -requires_python = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -summary = "Python Library for Tom's Obvious, Minimal Language" -groups = ["default"] -files = [ - {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, - {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, -] - -[[package]] -name = "win-inet-pton" -version = "1.1.0" -summary = "Native inet_pton and inet_ntop implementation for Python on Windows (with ctypes)." -groups = ["tmp"] -marker = "platform_system == \"Windows\"" -files = [ - {file = "win_inet_pton-1.1.0-py2.py3-none-any.whl", hash = "sha256:eaf0193cbe7152ac313598a0da7313fb479f769343c0c16c5308f64887dc885b"}, - {file = "win_inet_pton-1.1.0.tar.gz", hash = "sha256:dd03d942c0d3e2b1cf8bab511844546dfa5f74cb61b241699fa379ad707dea4f"}, -] diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/single-package.toml b/internal/lockfilescalibr/language/python/pdmlock/testdata/single-package.toml deleted file mode 100644 index 6ce7abc744..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/single-package.toml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is @generated by PDM. -# It is not intended for manual editing. - -[metadata] -groups = ["default"] -strategy = ["cross_platform", "inherit_metadata"] -lock_version = "4.4.1" -content_hash = "sha256:0cee617a22cf58c87c4b154a4a31e08351b4e38f471f6c82edbb1ee185bda2cf" - -[[package]] -name = "toml" -version = "0.10.2" -requires_python = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -summary = "Python Library for Tom's Obvious, Minimal Language" -groups = ["default"] -files = [ - {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, - {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, -] diff --git a/internal/lockfilescalibr/language/python/pdmlock/testdata/two-packages.toml b/internal/lockfilescalibr/language/python/pdmlock/testdata/two-packages.toml deleted file mode 100644 index 18c7b563fa..0000000000 --- a/internal/lockfilescalibr/language/python/pdmlock/testdata/two-packages.toml +++ /dev/null @@ -1,30 +0,0 @@ -# This file is @generated by PDM. -# It is not intended for manual editing. - -[metadata] -groups = ["default"] -strategy = ["cross_platform", "inherit_metadata"] -lock_version = "4.4.1" -content_hash = "sha256:0acb7cdc3e805d9bec1f3347b79b69d92ba257d2cd82b5ef4355010930d46deb" - -[[package]] -name = "six" -version = "1.16.0" -requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" -summary = "Python 2 and 3 compatibility utilities" -groups = ["default"] -files = [ - {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"}, - {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"}, -] - -[[package]] -name = "toml" -version = "0.10.2" -requires_python = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -summary = "Python Library for Tom's Obvious, Minimal Language" -groups = ["default"] -files = [ - {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, - {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, -] diff --git a/internal/lockfilescalibr/language/python/pipfilelock/extractor.go b/internal/lockfilescalibr/language/python/pipfilelock/extractor.go deleted file mode 100644 index 3cc00ca278..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/extractor.go +++ /dev/null @@ -1,111 +0,0 @@ -package pipfilelock - -import ( - "context" - "encoding/json" - "fmt" - "io/fs" - "path/filepath" - - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/filesystem" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" - "github.com/google/osv-scanner/internal/lockfilescalibr/plugin" - "github.com/package-url/packageurl-go" - "golang.org/x/exp/maps" -) - -type PipenvPackage struct { - Version string `json:"version"` -} - -type PipenvLock struct { - Packages map[string]PipenvPackage `json:"default"` - PackagesDev map[string]PipenvPackage `json:"develop"` -} - -const PipenvEcosystem = "PyPI" - -type Extractor struct{} - -// Name of the extractor -func (e Extractor) Name() string { return "python/pipfilelock" } - -// Version of the extractor -func (e Extractor) Version() int { return 0 } - -func (e Extractor) Requirements() *plugin.Capabilities { - return &plugin.Capabilities{} -} - -func (e Extractor) FileRequired(path string, fileInfo fs.FileInfo) bool { - return filepath.Base(path) == "Pipfile.lock" -} - -func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]*extractor.Inventory, error) { - var parsedLockfile *PipenvLock - - err := json.NewDecoder(input.Reader).Decode(&parsedLockfile) - - if err != nil { - return []*extractor.Inventory{}, fmt.Errorf("could not extract from %s: %w", input.Path, err) - } - - details := make(map[string]*extractor.Inventory) - - addPkgDetails(details, parsedLockfile.Packages, "") - addPkgDetails(details, parsedLockfile.PackagesDev, "dev") - - for key := range details { - details[key].Locations = []string{input.Path} - } - - return maps.Values(details), nil -} - -func addPkgDetails(details map[string]*extractor.Inventory, packages map[string]PipenvPackage, group string) { - for name, pipenvPackage := range packages { - if pipenvPackage.Version == "" { - continue - } - - version := pipenvPackage.Version[2:] - - // Because in the caller, prod packages are added first, - // if it also exists in dev we don't want to add it to dev group - if _, ok := details[name+"@"+version]; !ok { - groupSlice := []string{} - if group != "" { - groupSlice = []string{group} - } - - inv := &extractor.Inventory{ - Name: name, - Version: version, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: groupSlice, - }, - } - - details[name+"@"+version] = inv - } - } -} - -// ToPURL converts an inventory created by this extractor into a PURL. -func (e Extractor) ToPURL(i *extractor.Inventory) (*packageurl.PackageURL, error) { - return &packageurl.PackageURL{ - Type: packageurl.TypePyPi, - Name: i.Name, - Version: i.Version, - }, nil -} - -// ToCPEs is not applicable as this extractor does not infer CPEs from the Inventory. -func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error) { return []string{}, nil } - -func (e Extractor) Ecosystem(i *extractor.Inventory) (string, error) { - return PipenvEcosystem, nil -} - -var _ filesystem.Extractor = Extractor{} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/extractor_test.go b/internal/lockfilescalibr/language/python/pipfilelock/extractor_test.go deleted file mode 100644 index 594ba88ef5..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/extractor_test.go +++ /dev/null @@ -1,236 +0,0 @@ -package pipfilelock_test - -import ( - "context" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/extracttest" - "github.com/google/osv-scanner/internal/lockfilescalibr/language/python/pipfilelock" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" -) - -func TestExtractor_FileRequired(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - inputPath string - want bool - }{ - { - name: "", - inputPath: "", - want: false, - }, - { - name: "", - inputPath: "Pipfile.lock", - want: true, - }, - { - name: "", - inputPath: "path/to/my/Pipfile.lock", - want: true, - }, - { - name: "", - inputPath: "path/to/my/Pipfile.lock/file", - want: false, - }, - { - name: "", - inputPath: "path/to/my/Pipfile.lock.file", - want: false, - }, - { - name: "", - inputPath: "path.to.my.Pipfile.lock", - want: false, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - e := pipfilelock.Extractor{} - got := e.FileRequired(tt.inputPath, nil) - if got != tt.want { - t.Errorf("FileRequired(%s, FileInfo) got = %v, want %v", tt.inputPath, got, tt.want) - } - }) - } -} - -func TestExtractor_Extract(t *testing.T) { - t.Parallel() - - tests := []extracttest.TestTableEntry{ - { - Name: "invalid json", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/not-json.txt", - }, - WantInventory: []*extractor.Inventory{}, - WantErr: extracttest.ContainsErrStr{Str: "could not extract from"}, - }, - { - Name: "no packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/empty.json", - }, - WantInventory: []*extractor.Inventory{}, - }, - { - Name: "one package", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/one-package.json", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "markupsafe", - Version: "2.1.1", - Locations: []string{"testdata/one-package.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "one package dev", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/one-package-dev.json", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "markupsafe", - Version: "2.1.1", - Locations: []string{"testdata/one-package-dev.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"dev"}, - }, - }, - }, - }, - { - Name: "two packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/two-packages.json", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "itsdangerous", - Version: "2.1.2", - Locations: []string{"testdata/two-packages.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "markupsafe", - Version: "2.1.1", - Locations: []string{"testdata/two-packages.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"dev"}, - }, - }, - }, - }, - { - Name: "two packages alt", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/two-packages-alt.json", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "itsdangerous", - Version: "2.1.2", - Locations: []string{"testdata/two-packages-alt.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "markupsafe", - Version: "2.1.1", - Locations: []string{"testdata/two-packages-alt.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "multiple packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/multiple-packages.json", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "itsdangerous", - Version: "2.1.2", - Locations: []string{"testdata/multiple-packages.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "pluggy", - Version: "1.0.1", - Locations: []string{"testdata/multiple-packages.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "pluggy", - Version: "1.0.0", - Locations: []string{"testdata/multiple-packages.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"dev"}, - }, - }, - { - Name: "markupsafe", - Version: "2.1.1", - Locations: []string{"testdata/multiple-packages.json"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "package without version", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/no-version.json", - }, - WantInventory: []*extractor.Inventory{}, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.Name, func(t *testing.T) { - t.Parallel() - extr := pipfilelock.Extractor{} - - scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) - defer extracttest.CloseTestScanInput(t, scanInput) - - got, err := extr.Extract(context.Background(), &scanInput) - - if diff := cmp.Diff(tt.WantErr, err, cmpopts.EquateErrors()); diff != "" { - t.Errorf("%s.Extract(%q) error diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - return - } - - if diff := cmp.Diff(tt.WantInventory, got, cmpopts.SortSlices(extracttest.InventoryCmpLess)); diff != "" { - t.Errorf("%s.Extract(%q) diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - } - }) - } -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/empty.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/empty.json deleted file mode 100644 index b12436389e..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/empty.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "7f7606f08e0544d8d012ef4d097dabdd6df6843a28793eb6551245d4b2db4242" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": {}, - "develop": {} -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/multiple-packages.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/multiple-packages.json deleted file mode 100644 index c78b3d927c..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/multiple-packages.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "3809f002b3b58ea51dc4258d4e00b7ebae6b28c46d7cb25ab8d4540a7c5f0d7b" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "itsdangerous": { - "hashes": [ - "sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44", - "sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a" - ], - "index": "pypi", - "version": "==2.1.2" - }, - "pluggy": { - "hashes": [], - "markers": "python_version >= '3.6'", - "version": "==1.0.1" - }, - "markupsafe": { - "hashes": [ - "sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003", - "sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88", - "sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5", - "sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7", - "sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a", - "sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603", - "sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1", - "sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135", - "sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247", - "sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6", - "sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601", - "sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77", - "sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02", - "sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e", - "sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63", - "sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f", - "sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980", - "sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b", - "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812", - "sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff", - "sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96", - "sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1", - "sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925", - "sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a", - "sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6", - "sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e", - "sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f", - "sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4", - "sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f", - "sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3", - "sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c", - "sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a", - "sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417", - "sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a", - "sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a", - "sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37", - "sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452", - "sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933", - "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a", - "sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7" - ], - "markers": "python_version >= '3.7'", - "version": "==2.1.1" - } - }, - "develop": { - "itsdangerous": { - "hashes": [ - "sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44", - "sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a" - ], - "index": "pypi", - "version": "==2.1.2" - }, - "pluggy": { - "hashes": [ - "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159", - "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3" - ], - "markers": "python_version >= '3.6'", - "version": "==1.0.0" - } - } -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/no-version.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/no-version.json deleted file mode 100644 index 914825266f..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/no-version.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "6689fbb19241c5123bd89c9a39c1289cfb133a8298b57731af508066a9622ec7" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "markupsafe": { - "editable": true, - "git": "https://github.com/pallets/markupsafe", - "ref": "b36054111bc1e8bbadb5d0d60158feb72926f467" - } - }, - "develop": { - "itsdangerous": { - "editable": true, - "git": "https://github.com/pallets/itsdangerous", - "ref": "de09cad488a4d7c7bbcbcdb8e1c2dfde64325f48" - } - } -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/not-json.txt b/internal/lockfilescalibr/language/python/pipfilelock/testdata/not-json.txt deleted file mode 100644 index 3ae3a213d5..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/not-json.txt +++ /dev/null @@ -1 +0,0 @@ -this is not json! diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package-dev.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package-dev.json deleted file mode 100644 index c6964695ab..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package-dev.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "3231c8267be08eae5fb3173e9569d9c42c78821d6bbd9ad91f14b50ab541280a" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": {}, - "develop": { - "markupsafe": { - "hashes": [ - "sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003", - "sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88", - "sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5", - "sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7", - "sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a", - "sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603", - "sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1", - "sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135", - "sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247", - "sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6", - "sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601", - "sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77", - "sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02", - "sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e", - "sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63", - "sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f", - "sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980", - "sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b", - "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812", - "sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff", - "sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96", - "sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1", - "sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925", - "sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a", - "sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6", - "sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e", - "sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f", - "sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4", - "sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f", - "sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3", - "sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c", - "sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a", - "sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417", - "sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a", - "sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a", - "sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37", - "sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452", - "sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933", - "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a", - "sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7" - ], - "markers": "python_version >= '3.7'", - "version": "==2.1.1" - } - } -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package.json deleted file mode 100644 index 46038c38de..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/one-package.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "3231c8267be08eae5fb3173e9569d9c42c78821d6bbd9ad91f14b50ab541280a" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "markupsafe": { - "hashes": [ - "sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003", - "sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88", - "sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5", - "sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7", - "sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a", - "sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603", - "sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1", - "sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135", - "sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247", - "sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6", - "sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601", - "sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77", - "sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02", - "sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e", - "sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63", - "sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f", - "sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980", - "sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b", - "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812", - "sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff", - "sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96", - "sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1", - "sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925", - "sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a", - "sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6", - "sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e", - "sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f", - "sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4", - "sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f", - "sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3", - "sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c", - "sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a", - "sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417", - "sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a", - "sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a", - "sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37", - "sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452", - "sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933", - "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a", - "sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7" - ], - "markers": "python_version >= '3.7'", - "version": "==2.1.1" - } - }, - "develop": {} -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages-alt.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages-alt.json deleted file mode 100644 index 92438b0dc1..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages-alt.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "3809f002b3b58ea51dc4258d4e00b7ebae6b28c46d7cb25ab8d4540a7c5f0d7b" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "itsdangerous": { - "hashes": [ - "sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44", - "sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a" - ], - "index": "pypi", - "version": "==2.1.2" - }, - "markupsafe": { - "hashes": [ - "sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003", - "sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88", - "sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5", - "sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7", - "sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a", - "sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603", - "sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1", - "sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135", - "sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247", - "sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6", - "sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601", - "sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77", - "sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02", - "sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e", - "sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63", - "sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f", - "sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980", - "sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b", - "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812", - "sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff", - "sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96", - "sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1", - "sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925", - "sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a", - "sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6", - "sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e", - "sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f", - "sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4", - "sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f", - "sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3", - "sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c", - "sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a", - "sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417", - "sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a", - "sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a", - "sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37", - "sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452", - "sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933", - "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a", - "sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7" - ], - "markers": "python_version >= '3.7'", - "version": "==2.1.1" - } - }, - "develop": {} -} diff --git a/internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages.json b/internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages.json deleted file mode 100644 index 9f0c18c702..0000000000 --- a/internal/lockfilescalibr/language/python/pipfilelock/testdata/two-packages.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "0233fe866c2c839807e391fd3b91553a8a60798c72d33a420b8edb6cbd88882a" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3.8" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "itsdangerous": { - "hashes": [ - "sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44", - "sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a" - ], - "index": "pypi", - "version": "==2.1.2" - } - }, - "develop": { - "markupsafe": { - "hashes": [ - "sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003", - "sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88", - "sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5", - "sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7", - "sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a", - "sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603", - "sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1", - "sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135", - "sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247", - "sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6", - "sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601", - "sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77", - "sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02", - "sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e", - "sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63", - "sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f", - "sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980", - "sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b", - "sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812", - "sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff", - "sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96", - "sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1", - "sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925", - "sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a", - "sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6", - "sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e", - "sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f", - "sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4", - "sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f", - "sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3", - "sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c", - "sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a", - "sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417", - "sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a", - "sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a", - "sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37", - "sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452", - "sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933", - "sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a", - "sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7" - ], - "markers": "python_version >= '3.7'", - "version": "==2.1.1" - } - } -} diff --git a/internal/lockfilescalibr/language/python/poetrylock/extractor.go b/internal/lockfilescalibr/language/python/poetrylock/extractor.go deleted file mode 100644 index 07ec7df865..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/extractor.go +++ /dev/null @@ -1,103 +0,0 @@ -package poetrylock - -import ( - "context" - "fmt" - "io/fs" - "path/filepath" - - "github.com/BurntSushi/toml" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/filesystem" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" - "github.com/google/osv-scanner/internal/lockfilescalibr/plugin" - "github.com/package-url/packageurl-go" -) - -type PoetryLockPackageSource struct { - Type string `toml:"type"` - Commit string `toml:"resolved_reference"` -} - -type PoetryLockPackage struct { - Name string `toml:"name"` - Version string `toml:"version"` - Optional bool `toml:"optional"` - Source PoetryLockPackageSource `toml:"source"` -} - -type PoetryLockFile struct { - Version int `toml:"version"` - Packages []PoetryLockPackage `toml:"package"` -} - -const PoetryEcosystem = "PyPI" - -type Extractor struct{} - -// Name of the extractor -func (e Extractor) Name() string { return "python/poetrylock" } - -// Version of the extractor -func (e Extractor) Version() int { return 0 } - -func (e Extractor) Requirements() *plugin.Capabilities { - return &plugin.Capabilities{} -} - -func (e Extractor) FileRequired(path string, fileInfo fs.FileInfo) bool { - return filepath.Base(path) == "poetry.lock" -} - -func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]*extractor.Inventory, error) { - var parsedLockfile *PoetryLockFile - - _, err := toml.NewDecoder(input.Reader).Decode(&parsedLockfile) - - if err != nil { - return []*extractor.Inventory{}, fmt.Errorf("could not extract from %s: %w", input.Path, err) - } - - packages := make([]*extractor.Inventory, 0, len(parsedLockfile.Packages)) - - for _, lockPackage := range parsedLockfile.Packages { - pkgDetails := &extractor.Inventory{ - Name: lockPackage.Name, - Version: lockPackage.Version, - Locations: []string{input.Path}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: lockPackage.Source.Commit, - }, - } - if lockPackage.Optional { - pkgDetails.Metadata = othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"optional"}, - } - } else { - pkgDetails.Metadata = othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - } - } - packages = append(packages, pkgDetails) - } - - return packages, nil -} - -// ToPURL converts an inventory created by this extractor into a PURL. -func (e Extractor) ToPURL(i *extractor.Inventory) (*packageurl.PackageURL, error) { - return &packageurl.PackageURL{ - Type: packageurl.TypePyPi, - Name: i.Name, - Version: i.Version, - }, nil -} - -// ToCPEs is not applicable as this extractor does not infer CPEs from the Inventory. -func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error) { return []string{}, nil } - -func (e Extractor) Ecosystem(i *extractor.Inventory) (string, error) { - return PoetryEcosystem, nil -} - -var _ filesystem.Extractor = Extractor{} diff --git a/internal/lockfilescalibr/language/python/poetrylock/extractor_test.go b/internal/lockfilescalibr/language/python/poetrylock/extractor_test.go deleted file mode 100644 index 9cb2b40307..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/extractor_test.go +++ /dev/null @@ -1,233 +0,0 @@ -package poetrylock_test - -import ( - "context" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/extracttest" - "github.com/google/osv-scanner/internal/lockfilescalibr/language/python/poetrylock" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" -) - -func TestExtractor_FileRequired(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - inputPath string - want bool - }{ - { - name: "", - inputPath: "", - want: false, - }, - { - name: "", - inputPath: "poetry.lock", - want: true, - }, - { - name: "", - inputPath: "path/to/my/poetry.lock", - want: true, - }, - { - name: "", - inputPath: "path/to/my/poetry.lock/file", - want: false, - }, - { - name: "", - inputPath: "path/to/my/poetry.lock.file", - want: false, - }, - { - name: "", - inputPath: "path.to.my.poetry.lock", - want: false, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - e := poetrylock.Extractor{} - got := e.FileRequired(tt.inputPath, nil) - if got != tt.want { - t.Errorf("FileRequired(%s, FileInfo) got = %v, want %v", tt.inputPath, got, tt.want) - } - }) - } -} - -func TestExtractor_Extract(t *testing.T) { - t.Parallel() - tests := []extracttest.TestTableEntry{ - { - Name: "invalid toml", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/not-toml.txt", - }, - WantInventory: []*extractor.Inventory{}, - WantErr: extracttest.ContainsErrStr{Str: "could not extract from"}, - }, - { - Name: "no packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/empty.lock", - }, - WantInventory: []*extractor.Inventory{}, - }, - { - Name: "one package", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/one-package.lock", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "numpy", - Version: "1.23.3", - Locations: []string{"testdata/one-package.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "two packages", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/two-packages.lock", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "proto-plus", - Version: "1.22.0", - Locations: []string{"testdata/two-packages.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - { - Name: "protobuf", - Version: "4.21.5", - Locations: []string{"testdata/two-packages.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "package with metadata", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/one-package-with-metadata.lock", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "emoji", - Version: "2.0.0", - Locations: []string{"testdata/one-package-with-metadata.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "package with git source", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/source-git.lock", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "ike", - Version: "0.2.0", - Locations: []string{"testdata/source-git.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "cd66602cd29f61a2d2e7fb995fef1e61708c034d", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "package with legacy source", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/source-legacy.lock", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "appdirs", - Version: "1.4.4", - Locations: []string{"testdata/source-legacy.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - }, - }, - }, - { - Name: "optional package", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/optional-package.lock", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "numpy", - Version: "1.23.3", - Locations: []string{"testdata/optional-package.lock"}, - SourceCode: &extractor.SourceCodeIdentifier{ - Commit: "", - }, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"optional"}, - }, - }, - }, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.Name, func(t *testing.T) { - t.Parallel() - extr := poetrylock.Extractor{} - - scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) - defer extracttest.CloseTestScanInput(t, scanInput) - - got, err := extr.Extract(context.Background(), &scanInput) - - if diff := cmp.Diff(tt.WantErr, err, cmpopts.EquateErrors()); diff != "" { - t.Errorf("%s.Extract(%q) error diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - return - } - - if diff := cmp.Diff(tt.WantInventory, got, cmpopts.SortSlices(extracttest.InventoryCmpLess)); diff != "" { - t.Errorf("%s.Extract(%q) diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - } - }) - } -} diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/empty.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/empty.lock deleted file mode 100644 index 5b9f72e6d2..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/empty.lock +++ /dev/null @@ -1,8 +0,0 @@ -package = [] - -[metadata] -lock-version = "1.1" -python-versions = "^3.10" -content-hash = "17ca553b0bb9298a6ed528dd21e544ca433179192dba32a9920168e1c199d74f" - -[metadata.files] diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/not-toml.txt b/internal/lockfilescalibr/language/python/poetrylock/testdata/not-toml.txt deleted file mode 100644 index ddd3cb93d0..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/not-toml.txt +++ /dev/null @@ -1 +0,0 @@ -this is not valid toml! (I think) diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/one-package-with-metadata.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/one-package-with-metadata.lock deleted file mode 100644 index 6e52c3e3b0..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/one-package-with-metadata.lock +++ /dev/null @@ -1,20 +0,0 @@ -[[package]] -name = "emoji" -version = "2.0.0" -description = "Emoji for Python" -category = "main" -optional = false -python-versions = "*" - -[package.extras] -dev = ["coverage", "coveralls", "pytest"] - -[metadata] -lock-version = "1.1" -python-versions = "^3.10" -content-hash = "6328408b05c0e1ef76705959d17b675ee889feca5f56b2351451d0bd7edf270f" - -[metadata.files] -emoji = [ - {file = "emoji-2.0.0.tar.gz", hash = "sha256:297fac7ec9e86f7b602792c28eb6f04819ba67ab88a34c56afcde52243a9a105"}, -] diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/one-package.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/one-package.lock deleted file mode 100644 index 2cb2b94e65..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/one-package.lock +++ /dev/null @@ -1,15 +0,0 @@ -[[package]] -name = "numpy" -version = "1.23.3" -description = "NumPy is the fundamental package for array computing with Python." -category = "main" -optional = false -python-versions = ">=3.8" - -[metadata] -lock-version = "1.1" -python-versions = "^3.8" -content-hash = "399777887f0c3171cbc3fc8a8e350d0fca4d882cf126657f60ec83872572ed44" - -[metadata.files] -numpy = [] diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/optional-package.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/optional-package.lock deleted file mode 100644 index c3ce31affc..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/optional-package.lock +++ /dev/null @@ -1,15 +0,0 @@ -[[package]] -name = "numpy" -version = "1.23.3" -description = "NumPy is the fundamental package for array computing with Python." -category = "main" -optional = true -python-versions = ">=3.8" - -[metadata] -lock-version = "1.1" -python-versions = "^3.8" -content-hash = "399777887f0c3171cbc3fc8a8e350d0fca4d882cf126657f60ec83872572ed44" - -[metadata.files] -numpy = [] diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/source-git.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/source-git.lock deleted file mode 100644 index aa32dc4bb9..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/source-git.lock +++ /dev/null @@ -1,22 +0,0 @@ -[[package]] -name = "ike" -version = "0.2.0" -description = "multi-purpose evil functions" -category = "main" -optional = false -python-versions = "^3.6" -develop = false - -[package.source] -type = "git" -url = "https://github.com/dzshn/ike" -reference = "main" -resolved_reference = "cd66602cd29f61a2d2e7fb995fef1e61708c034d" - -[metadata] -lock-version = "1.1" -python-versions = "^3.10" -content-hash = "caace575a3fdb485cd691c43e149955ba18518e9532e14158066ac5c0776c7c7" - -[metadata.files] -ike = [] diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/source-legacy.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/source-legacy.lock deleted file mode 100644 index 437e5522f9..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/source-legacy.lock +++ /dev/null @@ -1,12 +0,0 @@ -[[package]] -name = "appdirs" -version = "1.4.4" -description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." -category = "main" -optional = false -python-versions = "*" - -[package.source] -type = "legacy" -url = "https://piwheels.org/simple" -reference = "piwheels" diff --git a/internal/lockfilescalibr/language/python/poetrylock/testdata/two-packages.lock b/internal/lockfilescalibr/language/python/poetrylock/testdata/two-packages.lock deleted file mode 100644 index 8cc0d983f2..0000000000 --- a/internal/lockfilescalibr/language/python/poetrylock/testdata/two-packages.lock +++ /dev/null @@ -1,30 +0,0 @@ -[[package]] -name = "proto-plus" -version = "1.22.0" -description = "Beautiful, Pythonic protocol buffers." -category = "main" -optional = false -python-versions = ">=3.6" - -[package.dependencies] -protobuf = ">=3.19.0,<5.0.0dev" - -[package.extras] -testing = ["google-api-core[grpc] (>=1.31.5)"] - -[[package]] -name = "protobuf" -version = "4.21.5" -description = "" -category = "main" -optional = false -python-versions = ">=3.7" - -[metadata] -lock-version = "1.1" -python-versions = "^3.7" -content-hash = "1e6f29ae514d3dd64bd2a40ee33215bec7a7853fee7a469c9c9445f5e27bc3a3" - -[metadata.files] -proto-plus = [] -protobuf = [] diff --git a/internal/lockfilescalibr/language/python/requirementstxt/extractor.go b/internal/lockfilescalibr/language/python/requirementstxt/extractor.go deleted file mode 100644 index 3a8a249a44..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/extractor.go +++ /dev/null @@ -1,272 +0,0 @@ -package requirementstxt - -import ( - "bufio" - "context" - "fmt" - "io/fs" - "path/filepath" - "strings" - - "github.com/google/osv-scanner/internal/cachedregexp" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/filesystem" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" - "github.com/google/osv-scanner/internal/lockfilescalibr/plugin" - "github.com/package-url/packageurl-go" - "golang.org/x/exp/maps" -) - -const PipEcosystem string = "PyPI" - -// todo: expand this to support more things, e.g. -// -// https://pip.pypa.io/en/stable/reference/requirements-file-format/#example -func parseLine(line string) *extractor.Inventory { - var constraint string - name := line - - version := "0.0.0" - - if strings.Contains(line, "==") { - constraint = "==" - } - - if strings.Contains(line, ">=") { - constraint = ">=" - } - - if strings.Contains(line, "~=") { - constraint = "~=" - } - - if strings.Contains(line, "!=") { - constraint = "!=" - } - - if constraint != "" { - unprocessedName, unprocessedVersion, _ := strings.Cut(line, constraint) - name = strings.TrimSpace(unprocessedName) - - if constraint != "!=" { - version, _, _ = strings.Cut(strings.TrimSpace(unprocessedVersion), " ") - } - } - - return &extractor.Inventory{ - Name: normalizedRequirementName(name), - Version: version, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{}, - }, - } -} - -// normalizedName ensures that the package name is normalized per PEP-0503 -// and then removing "added support" syntax if present. -// -// This is done to ensure we don't miss any advisories, as while the OSV -// specification says that the normalized name should be used for advisories, -// that's not the case currently in our databases, _and_ Pip itself supports -// non-normalized names in the requirements.txt, so we need to normalize -// on both sides to ensure we don't have false negatives. -// -// It's possible that this will cause some false positives, but that is better -// than false negatives, and can be dealt with when/if it actually happens. -func normalizedRequirementName(name string) string { - // per https://www.python.org/dev/peps/pep-0503/#normalized-names - name = cachedregexp.MustCompile(`[-_.]+`).ReplaceAllString(name, "-") - name = strings.ToLower(name) - name, _, _ = strings.Cut(name, "[") - - return name -} - -func removeComments(line string) string { - var re = cachedregexp.MustCompile(`(^|\s+)#.*$`) - - return strings.TrimSpace(re.ReplaceAllString(line, "")) -} - -func isNotRequirementLine(line string) bool { - return line == "" || - // flags are not supported - strings.HasPrefix(line, "-") || - // file urls - strings.HasPrefix(line, "https://") || - strings.HasPrefix(line, "http://") || - // file paths are not supported (relative or absolute) - strings.HasPrefix(line, ".") || - strings.HasPrefix(line, "/") -} - -func isLineContinuation(line string) bool { - // checks that the line ends with an odd number of back slashes, - // meaning the last one isn't escaped - var re = cachedregexp.MustCompile(`([^\\]|^)(\\{2})*\\$`) - - return re.MatchString(line) -} - -type Extractor struct{} - -// Name of the extractor -func (e Extractor) Name() string { return "python/requirementstxt" } - -// Version of the extractor -func (e Extractor) Version() int { return 0 } - -func (e Extractor) Requirements() *plugin.Capabilities { - return &plugin.Capabilities{} -} - -func (e Extractor) FileRequired(path string, fileInfo fs.FileInfo) bool { - return filepath.Base(path) == "requirements.txt" -} - -func (e Extractor) ShouldExtract(path string) bool { - return filepath.Base(path) == "requirements.txt" -} - -func (e Extractor) Extract(ctx context.Context, input *filesystem.ScanInput) ([]*extractor.Inventory, error) { - inventories, err := parseRequirementsTxt(input, map[string]struct{}{}) - - if err != nil { - return []*extractor.Inventory{}, err - } - - // TODO: This currently matches the existing behavior - // ideally we should add the locations of the -r requirement files as well - // to the locations list - for i := range inventories { - inventories[i].Locations = []string{input.Path} - } - - return inventories, nil -} - -// ToPURL converts an inventory created by this extractor into a PURL. -func (e Extractor) ToPURL(i *extractor.Inventory) (*packageurl.PackageURL, error) { - return &packageurl.PackageURL{ - Type: packageurl.TypePyPi, - Name: i.Name, - Version: i.Version, - }, nil -} - -// ToCPEs is not applicable as this extractor does not infer CPEs from the Inventory. -func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error) { - return []string{}, nil -} - -func (e Extractor) Ecosystem(i *extractor.Inventory) (string, error) { - return PipEcosystem, nil -} - -func parseRequirementsTxt(input *filesystem.ScanInput, requiredAlready map[string]struct{}) ([]*extractor.Inventory, error) { - inventories := map[string]*extractor.Inventory{} - - group := strings.TrimSuffix(filepath.Base(input.Path), filepath.Ext(input.Path)) - hasGroup := func(groups []string) bool { - for _, g := range groups { - if g == group { - return true - } - } - - return false - } - - scanner := bufio.NewScanner(input.Reader) - for scanner.Scan() { - line := scanner.Text() - - for isLineContinuation(line) { - line = strings.TrimSuffix(line, "\\") - - if scanner.Scan() { - line += scanner.Text() - } - } - - line = removeComments(line) - if ar := strings.TrimPrefix(line, "-r "); ar != line { - fullReqPath := filepath.Join(filepath.Dir(input.Path), ar) - err := func() error { - if _, ok := requiredAlready[fullReqPath]; ok { - return nil - } - af, err := input.FS.Open(fullReqPath) - - if err != nil { - return fmt.Errorf("failed to include %s: %w", line, err) - } - - defer af.Close() - - info, err := af.Stat() - if err != nil { - return fmt.Errorf("failed to include %s: %w", line, err) - } - - requiredAlready[fullReqPath] = struct{}{} - newScanInput := filesystem.ScanInput{ - FS: input.FS, - Path: fullReqPath, - Root: input.Root, - Reader: af, - Info: info, - } - - details, err := parseRequirementsTxt(&newScanInput, requiredAlready) - - if err != nil { - return fmt.Errorf("failed to include %s: %w", line, err) - } - - for _, detail := range details { - inventories[detail.Name+"@"+detail.Version] = detail - } - - return nil - }() - - if err != nil { - return []*extractor.Inventory{}, err - } - - continue - } - - if isNotRequirementLine(line) { - continue - } - - inv := parseLine(line) - - key := inv.Name + "@" + inv.Version - if _, ok := inventories[key]; !ok { - inventories[key] = inv - } - - d := inventories[key] - - // Metadata will always be othermetadata.DepGroupMetadata, as that is what we construct at the - // start of this file - existingGroups := d.Metadata.(othermetadata.DepGroups).DepGroups() - if !hasGroup(existingGroups) { - d.Metadata = othermetadata.DepGroupMetadata{ - DepGroupVals: append(existingGroups, group), - } - inventories[key] = d - } - } - - if err := scanner.Err(); err != nil { - return []*extractor.Inventory{}, fmt.Errorf("error while scanning %s: %w", input.Path, err) - } - - return maps.Values(inventories), nil -} - -var _ filesystem.Extractor = Extractor{} diff --git a/internal/lockfilescalibr/language/python/requirementstxt/extractor_test.go b/internal/lockfilescalibr/language/python/requirementstxt/extractor_test.go deleted file mode 100644 index 73613305c2..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/extractor_test.go +++ /dev/null @@ -1,761 +0,0 @@ -package requirementstxt_test - -import ( - "context" - "io/fs" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/osv-scanner/internal/lockfilescalibr/extractor" - "github.com/google/osv-scanner/internal/lockfilescalibr/extracttest" - "github.com/google/osv-scanner/internal/lockfilescalibr/language/python/requirementstxt" - "github.com/google/osv-scanner/internal/lockfilescalibr/othermetadata" -) - -func TestExtractor_FileRequired(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - inputPath string - want bool - }{ - { - name: "", - inputPath: "", - want: false, - }, - { - name: "", - inputPath: "requirements.txt", - want: true, - }, - { - name: "", - inputPath: "path/to/my/requirements.txt", - want: true, - }, - { - name: "", - inputPath: "path/to/my/requirements.txt/file", - want: false, - }, - { - name: "", - inputPath: "path/to/my/requirements.txt.file", - want: false, - }, - { - name: "", - inputPath: "path.to.my.requirements.txt", - want: false, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - e := requirementstxt.Extractor{} - got := e.FileRequired(tt.inputPath, nil) - if got != tt.want { - t.Errorf("FileRequired(%s, FileInfo) got = %v, want %v", tt.inputPath, got, tt.want) - } - }) - } -} - -func TestExtractor_Extract(t *testing.T) { - t.Parallel() - - tests := []extracttest.TestTableEntry{ - { - Name: "empty", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/empty.txt", - }, - WantInventory: []*extractor.Inventory{}, - }, - { - Name: "comments only", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/only-comments.txt", - }, - WantInventory: []*extractor.Inventory{}, - }, - { - Name: "one requirement unconstrained", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/one-package-unconstrained.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "flask", - Version: "0.0.0", - Locations: []string{"testdata/one-package-unconstrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"one-package-unconstrained"}, - }, - }, - }, - }, - { - Name: "one requirement constrained", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/one-package-constrained.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "django", - Version: "2.2.24", - Locations: []string{"testdata/one-package-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"one-package-constrained"}, - }, - }, - }, - }, - { - Name: "multiple requirements constrained", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/multiple-packages-constrained.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "astroid", - Version: "2.5.1", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "beautifulsoup4", - Version: "4.9.3", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "boto3", - Version: "1.17.19", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "botocore", - Version: "1.20.19", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "certifi", - Version: "2020.12.5", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "chardet", - Version: "4.0.0", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "circus", - Version: "0.17.1", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "click", - Version: "7.1.2", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "django-debug-toolbar", - Version: "3.2.1", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "django-filter", - Version: "2.4.0", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "django-nose", - Version: "1.4.7", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "django-storages", - Version: "1.11.1", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - { - Name: "django", - Version: "2.2.24", - Locations: []string{"testdata/multiple-packages-constrained.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-constrained"}, - }, - }, - }, - }, - { - Name: "multiple requirements mixed", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/multiple-packages-mixed.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "flask", - Version: "0.0.0", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "flask-cors", - Version: "0.0.0", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "pandas", - Version: "0.23.4", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "numpy", - Version: "1.16.0", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "scikit-learn", - Version: "0.20.1", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "sklearn", - Version: "0.0.0", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "requests", - Version: "0.0.0", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "gevent", - Version: "0.0.0", - Locations: []string{"testdata/multiple-packages-mixed.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - }, - }, - { - Name: "with added support", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/with-added-support.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "twisted", - Version: "20.3.0", - Locations: []string{"testdata/with-added-support.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"with-added-support"}, - }, - }, - }, - }, - { - Name: "non normalized names", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/non-normalized-names.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "zope-interface", - Version: "5.4.0", - Locations: []string{"testdata/non-normalized-names.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"non-normalized-names"}, - }, - }, - { - Name: "pillow", - Version: "1.0.0", - Locations: []string{"testdata/non-normalized-names.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"non-normalized-names"}, - }, - }, - { - Name: "twisted", - Version: "20.3.0", - Locations: []string{"testdata/non-normalized-names.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"non-normalized-names"}, - }, - }, - }, - }, - { - Name: "with per requirement options", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/with-per-requirement-options.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "boto3", - Version: "1.26.121", - Locations: []string{"testdata/with-per-requirement-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"with-per-requirement-options"}, - }, - }, - { - Name: "foo", - Version: "1.0.0", - Locations: []string{"testdata/with-per-requirement-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"with-per-requirement-options"}, - }, - }, - { - Name: "fooproject", - Version: "1.2", - Locations: []string{"testdata/with-per-requirement-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"with-per-requirement-options"}, - }, - }, - { - Name: "barproject", - Version: "1.2", - Locations: []string{"testdata/with-per-requirement-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"with-per-requirement-options"}, - }, - }, - }, - }, - { - Name: "line continuation", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/line-continuation.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "foo", - Version: "1.2.3", - Locations: []string{"testdata/line-continuation.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"line-continuation"}, - }, - }, - { - Name: "bar", - Version: "4.5\\\\", - Locations: []string{"testdata/line-continuation.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"line-continuation"}, - }, - }, - { - Name: "baz", - Version: "7.8.9", - Locations: []string{"testdata/line-continuation.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"line-continuation"}, - }, - }, - { - Name: "qux", - Version: "10.11.12", - Locations: []string{"testdata/line-continuation.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"line-continuation"}, - }, - }, - }, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.Name, func(t *testing.T) { - t.Parallel() - extr := requirementstxt.Extractor{} - - scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) - defer extracttest.CloseTestScanInput(t, scanInput) - - got, err := extr.Extract(context.Background(), &scanInput) - - if diff := cmp.Diff(tt.WantErr, err, cmpopts.EquateErrors()); diff != "" { - t.Errorf("%s.Extract(%q) error diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - return - } - - if diff := cmp.Diff(tt.WantInventory, got, cmpopts.SortSlices(extracttest.InventoryCmpLess)); diff != "" { - t.Errorf("%s.Extract(%q) diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - } - }) - } -} - -func TestExtractor_Extract_WithRequirements(t *testing.T) { - t.Parallel() - - tests := []extracttest.TestTableEntry{ - { - Name: "file format example", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/file-format-example.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "pytest", - Version: "0.0.0", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "pytest-cov", - Version: "0.0.0", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "beautifulsoup4", - Version: "0.0.0", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "docopt", - Version: "0.6.1", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "keyring", - Version: "4.1.1", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "coverage", - Version: "0.0.0", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "mopidy-dirble", - Version: "1.1", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "rejected", - Version: "0.0.0", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "green", - Version: "0.0.0", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"file-format-example"}, - }, - }, - { - Name: "django", - Version: "2.2.24", - Locations: []string{"testdata/file-format-example.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"other-file"}, - }, - }, - }, - }, - { - Name: "with multiple r options", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/with-multiple-r-options.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "flask", - Version: "0.0.0", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "flask-cors", - Version: "0.0.0", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "pandas", - Version: "0.23.4", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed", "with-multiple-r-options"}, - }, - }, - { - Name: "numpy", - Version: "1.16.0", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "scikit-learn", - Version: "0.20.1", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "sklearn", - Version: "0.0.0", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "requests", - Version: "0.0.0", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "gevent", - Version: "0.0.0", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"multiple-packages-mixed"}, - }, - }, - { - Name: "requests", - Version: "1.2.3", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"with-multiple-r-options"}, - }, - }, - { - Name: "django", - Version: "2.2.24", - Locations: []string{"testdata/with-multiple-r-options.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"one-package-constrained"}, - }, - }, - }, - }, - { - Name: "with bad r option", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/with-bad-r-option.txt", - }, - WantInventory: []*extractor.Inventory{}, - WantErr: fs.ErrNotExist}, - { - Name: "duplicate r options", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/duplicate-r-dev.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "django", - Version: "0.1.0", - Locations: []string{"testdata/duplicate-r-dev.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"duplicate-r-base"}, - }, - }, - { - Name: "pandas", - Version: "0.23.4", - Locations: []string{"testdata/duplicate-r-dev.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"duplicate-r-dev"}, - }, - }, - { - Name: "requests", - Version: "1.2.3", - Locations: []string{"testdata/duplicate-r-dev.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"duplicate-r-test", "duplicate-r-dev"}, - }, - }, - { - Name: "unittest", - Version: "1.0.0", - Locations: []string{"testdata/duplicate-r-dev.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"duplicate-r-test"}, - }, - }, - }, - }, - { - Name: "cyclic r self", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/cyclic-r-self.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "pandas", - Version: "0.23.4", - Locations: []string{"testdata/cyclic-r-self.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"cyclic-r-self"}, - }, - }, - { - Name: "requests", - Version: "1.2.3", - Locations: []string{"testdata/cyclic-r-self.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"cyclic-r-self"}, - }, - }, - }, - }, - { - Name: "cyclic r complex", - InputConfig: extracttest.ScanInputMockConfig{ - Path: "testdata/cyclic-r-complex-1.txt", - }, - WantInventory: []*extractor.Inventory{ - { - Name: "cyclic-r-complex", - Version: "1", - Locations: []string{"testdata/cyclic-r-complex-1.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"cyclic-r-complex-1"}, - }, - }, - { - Name: "cyclic-r-complex", - Version: "2", - Locations: []string{"testdata/cyclic-r-complex-1.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"cyclic-r-complex-2"}, - }, - }, - { - Name: "cyclic-r-complex", - Version: "3", - Locations: []string{"testdata/cyclic-r-complex-1.txt"}, - Metadata: othermetadata.DepGroupMetadata{ - DepGroupVals: []string{"cyclic-r-complex-3"}, - }, - }, - }, - }, - } - - for _, tt := range tests { - tt := tt - t.Run(tt.Name, func(t *testing.T) { - t.Parallel() - extr := requirementstxt.Extractor{} - - scanInput := extracttest.GenerateScanInputMock(t, tt.InputConfig) - defer extracttest.CloseTestScanInput(t, scanInput) - - got, err := extr.Extract(context.Background(), &scanInput) - - if diff := cmp.Diff(tt.WantErr, err, cmpopts.EquateErrors()); diff != "" { - t.Errorf("%s.Extract(%q) error diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - return - } - - if diff := cmp.Diff(tt.WantInventory, got, cmpopts.SortSlices(extracttest.InventoryCmpLess)); diff != "" { - t.Errorf("%s.Extract(%q) diff (-want +got):\n%s", extr.Name(), tt.InputConfig.Path, diff) - } - }) - } -} diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-1.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-1.txt deleted file mode 100644 index b0a64dd81a..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-1.txt +++ /dev/null @@ -1,3 +0,0 @@ --r ./cyclic-r-complex-2.txt - -cyclic-r-complex==1 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-2.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-2.txt deleted file mode 100644 index ca4ad61680..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-2.txt +++ /dev/null @@ -1,4 +0,0 @@ --r ./../testdata/cyclic-r-complex-1.txt --r ./cyclic-r-complex-3.txt - -cyclic-r-complex==2 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-3.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-3.txt deleted file mode 100644 index da9fa11c91..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-complex-3.txt +++ /dev/null @@ -1,4 +0,0 @@ --r ./cyclic-r-complex-1.txt --r ./cyclic-r-complex-2.txt - -cyclic-r-complex==3 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-self.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-self.txt deleted file mode 100644 index 99af87f192..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/cyclic-r-self.txt +++ /dev/null @@ -1,4 +0,0 @@ --r ./cyclic-r-self.txt - -requests==1.2.3 -pandas==0.23.4 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-base.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-base.txt deleted file mode 100644 index 123602fd69..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-base.txt +++ /dev/null @@ -1 +0,0 @@ -django==0.1.0 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-dev.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-dev.txt deleted file mode 100644 index 44645b8d45..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-dev.txt +++ /dev/null @@ -1,5 +0,0 @@ --r ./duplicate-r-base.txt --r ./duplicate-r-test.txt - -pandas==0.23.4 -requests==1.2.3 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-test.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-test.txt deleted file mode 100644 index 13d13c6584..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/duplicate-r-test.txt +++ /dev/null @@ -1,4 +0,0 @@ --r ./duplicate-r-base.txt - -requests==1.2.3 -unittest==1.0.0 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/empty.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/empty.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/file-format-example.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/file-format-example.txt deleted file mode 100644 index 5bc417fa10..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/file-format-example.txt +++ /dev/null @@ -1,24 +0,0 @@ -# taken from https://pip.pypa.io/en/stable/reference/requirements-file-format/#example -###### Requirements without Version Specifiers ###### -pytest -pytest-cov -beautifulsoup4 - -###### Requirements with Version Specifiers ###### -# See https://www.python.org/dev/peps/pep-0440/#version-specifiers -docopt == 0.6.1 # Version Matching. Must be version 0.6.1 -keyring >= 4.1.1 # Minimum version 4.1.1 -coverage != 3.5 # Version Exclusion. Anything except version 3.5 -Mopidy-Dirble ~= 1.1 # Compatible release. Same as >= 1.1, == 1.* - -###### Refer to other requirements files ###### --r other-file.txt - -###### A particular file ###### -./downloads/numpy-1.9.2-cp34-none-win32.whl -http://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl - -###### Additional Requirements without Version Specifiers ###### -# Same as 1st section, just here to show that you can put things in any order. -rejected -green diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/line-continuation.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/line-continuation.txt deleted file mode 100644 index af787792d7..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/line-continuation.txt +++ /dev/null @@ -1,17 +0,0 @@ -# unescaped -foo==\ -\ - \ - \ -1.2.3 - -# escaped, a literal backslash for some reason -bar == 4.5\\ -.6 - -# comments are stripped only after line continuations are processed -baz == 7.8.9 # \ -baz == 1.2.3 - -# continue to end -qux == 10.11.12\ diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-constrained.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-constrained.txt deleted file mode 100644 index 51edd94f4b..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-constrained.txt +++ /dev/null @@ -1,33 +0,0 @@ -astroid==2.5.1 - # via pylint -beautifulsoup4==4.9.3 - # via metadata-parser -boto3==1.17.19 - # via -r requirements.in -botocore==1.20.19 - # via - # boto3 - # s3transfer -certifi==2020.12.5 - # via requests -chardet==4.0.0 - # via requests -circus==0.17.1 - # via -r requirements.in -click==7.1.2 - # via pip-tools -django-debug-toolbar==3.2.1 - # via -r requirements.in -django-filter==2.4.0 - # via -r requirements.in -django-nose==1.4.7 - # via -r requirements.in -django-storages==1.11.1 - # via -r requirements.in -django==2.2.24 - # via - # -r requirements.in - # django-debug-toolbar - # django-filter - # django-storages - # easy-thumbnails diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-mixed.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-mixed.txt deleted file mode 100644 index ec7f5fa971..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/multiple-packages-mixed.txt +++ /dev/null @@ -1,8 +0,0 @@ -flask -flask-cors -pandas==0.23.4 -numpy==1.16.0 -scikit-learn==0.20.1 -sklearn -requests -gevent diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/non-normalized-names.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/non-normalized-names.txt deleted file mode 100644 index a0a6d8ed73..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/non-normalized-names.txt +++ /dev/null @@ -1,9 +0,0 @@ -zope.interface==5.4.0 - # via - # scrapy - # twisted - -Pillow==1.0.0 - -Twisted[http2]==20.3.0 - # via scrapy diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-constrained.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-constrained.txt deleted file mode 100644 index 70ad7493bb..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-constrained.txt +++ /dev/null @@ -1,7 +0,0 @@ -django==2.2.24 - # via - # -r requirements.in - # django-debug-toolbar - # django-filter - # django-storages - # easy-thumbnails diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-unconstrained.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-unconstrained.txt deleted file mode 100644 index 7e1060246f..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/one-package-unconstrained.txt +++ /dev/null @@ -1 +0,0 @@ -flask diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/only-comments.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/only-comments.txt deleted file mode 100644 index cfc92184ee..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/only-comments.txt +++ /dev/null @@ -1,2 +0,0 @@ -# hello, -# this is a comment! diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/other-file.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/other-file.txt deleted file mode 100644 index f44fd3316c..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/other-file.txt +++ /dev/null @@ -1 +0,0 @@ -django==2.2.24 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-added-support.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-added-support.txt deleted file mode 100644 index 8a65dbb567..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-added-support.txt +++ /dev/null @@ -1,2 +0,0 @@ -twisted[http2]==20.3.0 - # via scrapy diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-bad-r-option.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-bad-r-option.txt deleted file mode 100644 index 2662964061..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-bad-r-option.txt +++ /dev/null @@ -1,3 +0,0 @@ -requests==1.2.3 - --r ./does-not-exist.txt diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-multiple-r-options.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-multiple-r-options.txt deleted file mode 100644 index 132a3ccd48..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-multiple-r-options.txt +++ /dev/null @@ -1,5 +0,0 @@ --r ./one-package-constrained.txt --r ./multiple-packages-mixed.txt - -requests==1.2.3 -pandas==0.23.4 diff --git a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-per-requirement-options.txt b/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-per-requirement-options.txt deleted file mode 100644 index cf672f4ae6..0000000000 --- a/internal/lockfilescalibr/language/python/requirementstxt/testdata/with-per-requirement-options.txt +++ /dev/null @@ -1,12 +0,0 @@ -boto3==1.26.121 --hash=sha256:f87d694c351eba1dfd19b5bef5892a1047e7adb09c57c2c00049de209a8ab55d -foo == 1.0.0 - -# from https://pip.pypa.io/en/stable/topics/secure-installs/#hash-checking-mode - -FooProject == 1.2 \ - --hash=sha256:2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 \ - --hash=sha256:486ea46224d1bb4fb680f34f7c9ad96a8f24ec88be73ea8e5a6c65260e9cb8a7 - -# from https://pip.pypa.io/en/stable/reference/requirements-file-format/#influencing-the-build-system - -BarProject >= 1.2 --global-option="--no-user-cfg"