Normalized Python Dist names

2026-01-14 15:53:36 +01:00 · 2017-09-21 15:41:13 -04:00
parent 7a74917b67
commit a8b740a538
2 changed files with 20 additions and 3 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
@@ -61,6 +61,11 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
     * Name of egg metadata files to analyze.
     */
    private static final String PKG_INFO = "PKG-INFO";
+    
+    /**
+     * The dependency Ecosystem
+     */
+     static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";

    /**
     * Name of wheel metadata files to analyze.
@@ -183,6 +188,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
    @Override
    protected void analyzeDependency(Dependency dependency, Engine engine)
            throws AnalysisException {
+    	
+    	    dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
        final File actualFile = dependency.getActualFile();
        if (WHL_FILTER.accept(actualFile)) {
            collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
@@ -196,7 +203,6 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
            if (metadata || PKG_INFO.equals(name)) {
                final File parent = actualFile.getParentFile();
                final String parentName = parent.getName();
-                dependency.setDisplayFileName(parentName + "/" + name);
                if (parent.isDirectory()
                        && (metadata && parentName.endsWith(".dist-info")
                        || parentName.endsWith(".egg-info") || "EGG-INFO"
@@ -298,6 +304,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
                "Version", Confidence.HIGHEST);
        addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name",
                Confidence.HIGHEST);
+        
+        dependency.setName(headers.getHeader("Name", null));
+        dependency.setVersion(headers.getHeader("Version", null));
+        
        final String url = headers.getHeader("Home-page", null);
        final EvidenceCollection vendorEvidence = dependency
                .getVendorEvidence();
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
@@ -115,8 +115,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
        final Dependency result = new Dependency(BaseTest.getResourceAsFile(
                this, "python/site-packages/Django-1.7.2.dist-info/METADATA"));
        djangoAssertions(result);
-        assertEquals("Django-1.7.2.dist-info/METADATA", result.getDisplayFileName());
-    }
+        }

    private void djangoAssertions(final Dependency result)
            throws AnalysisException {
@@ -131,6 +130,10 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
            }
        }
        assertTrue("Version 1.7.2 not found in Django dependency.", found);
+        assertEquals("1.7.2",result.getVersion());
+        assertEquals("Django",result.getName());
+        assertEquals("Django:1.7.2",result.getDisplayFileName());
+        assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
    }

    @Test
@@ -183,5 +186,9 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
            }
        }
        assertTrue("Version 0.0.1 not found in EggTest dependency.", found);
+        assertEquals("0.0.1",result.getVersion());
+        assertEquals("EggTest",result.getName());
+        assertEquals("EggTest:0.0.1",result.getDisplayFileName());
+        assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
    }
 }