github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/python/parse_setup.go (about)

     1  package python
     2  
     3  import (
     4  	"bufio"
     5  	"regexp"
     6  	"strings"
     7  
     8  	"github.com/anchore/syft/internal/log"
     9  	"github.com/anchore/syft/syft/artifact"
    10  	"github.com/anchore/syft/syft/file"
    11  	"github.com/anchore/syft/syft/pkg"
    12  	"github.com/anchore/syft/syft/pkg/cataloger/generic"
    13  )
    14  
    15  // integrity check
    16  var _ generic.Parser = parseSetup
    17  
    18  // match examples:
    19  //
    20  //	'pathlib3==2.2.0;python_version<"3.6"'  --> match(name=pathlib3 version=2.2.0)
    21  //	 "mypy==v0.770",                        --> match(name=mypy version=v0.770)
    22  //	" mypy2 == v0.770", ' mypy3== v0.770',  --> match(name=mypy2 version=v0.770), match(name=mypy3, version=v0.770)
    23  var pinnedDependency = regexp.MustCompile(`['"]\W?(\w+\W?==\W?[\w.]*)`)
    24  
    25  func parseSetup(_ file.Resolver, _ *generic.Environment, reader file.LocationReadCloser) ([]pkg.Package, []artifact.Relationship, error) {
    26  	var packages []pkg.Package
    27  
    28  	scanner := bufio.NewScanner(reader)
    29  
    30  	for scanner.Scan() {
    31  		line := scanner.Text()
    32  		line = strings.TrimRight(line, "\n")
    33  
    34  		for _, match := range pinnedDependency.FindAllString(line, -1) {
    35  			parts := strings.Split(match, "==")
    36  			if len(parts) != 2 {
    37  				continue
    38  			}
    39  			name := strings.Trim(parts[0], "'\"")
    40  			name = strings.TrimSpace(name)
    41  			name = strings.Trim(name, "'\"")
    42  
    43  			version := strings.TrimSpace(parts[len(parts)-1])
    44  			version = strings.Trim(version, "'\"")
    45  
    46  			if hasTemplateDirective(name) || hasTemplateDirective(version) {
    47  				// this can happen in more dynamic setup.py where there is templating
    48  				continue
    49  			}
    50  
    51  			if name == "" || version == "" {
    52  				log.WithFields("path", reader.RealPath).Debugf("unable to parse package in setup.py line: %q", line)
    53  				continue
    54  			}
    55  
    56  			packages = append(
    57  				packages,
    58  				newPackageForIndex(
    59  					name,
    60  					version,
    61  					reader.Location.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
    62  				),
    63  			)
    64  		}
    65  	}
    66  
    67  	return packages, nil, nil
    68  }
    69  
    70  func hasTemplateDirective(s string) bool {
    71  	return strings.Contains(s, `%s`) || strings.Contains(s, `{`) || strings.Contains(s, `}`)
    72  }