github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-21 08:39:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

improve python package identification

Browse Source
This commit is contained in:
bjiang
2016-04-05 16:12:14 -04:00
parent e07e892969
commit 739f595f13
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
View File

@@ -173,20 +173,22 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
final File file = dependency.getActualFile(); final File file = dependency.getActualFile();
final File parent = file.getParentFile(); final File parent = file.getParentFile();
final String parentName = parent.getName(); final String parentName = parent.getName();
boolean found = false;
if (INIT_PY_FILTER.accept(file)) { if (INIT_PY_FILTER.accept(file)) {
//by definition, the containing folder of __init__.py is considered the package, even the file is empty:
//"The __init__.py files are required to make Python treat the directories as containing packages"
//see section "6.4 Packages" from https://docs.python.org/2/tutorial/modules.html;
dependency.setDisplayFileName(parentName + "/__init__.py");
dependency.getProductEvidence().addEvidence(file.getName(),
"PackageName", parentName, Confidence.HIGHEST);
final File[] fileList = parent.listFiles(PY_FILTER); final File[] fileList = parent.listFiles(PY_FILTER);
if (fileList != null) { if (fileList != null) {
for (final File sourceFile : fileList) { for (final File sourceFile : fileList) {
found |= analyzeFileContents(dependency, sourceFile); analyzeFileContents(dependency, sourceFile);
} }
} }
} }
if (found) { else {
dependency.setDisplayFileName(parentName + "/__init__.py");
dependency.getProductEvidence().addEvidence(file.getName(),
"PackageName", parentName, Confidence.HIGH);
} else {
// copy, alter and set in case some other thread is iterating over // copy, alter and set in case some other thread is iterating over
final List<Dependency> dependencies = new ArrayList<Dependency>( final List<Dependency> dependencies = new ArrayList<Dependency>(
engine.getDependencies()); engine.getDependencies());