diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java index 551279eb7..3c0e2ab03 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java @@ -61,6 +61,11 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { * Name of egg metadata files to analyze. */ private static final String PKG_INFO = "PKG-INFO"; + + /** + * The dependency Ecosystem + */ + static final String DEPENDENCY_ECOSYSTEM = "Python.Dist"; /** * Name of wheel metadata files to analyze. @@ -183,6 +188,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { @Override protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException { + + dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM); final File actualFile = dependency.getActualFile(); if (WHL_FILTER.accept(actualFile)) { collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER, @@ -196,7 +203,6 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { if (metadata || PKG_INFO.equals(name)) { final File parent = actualFile.getParentFile(); final String parentName = parent.getName(); - dependency.setDisplayFileName(parentName + "/" + name); if (parent.isDirectory() && (metadata && parentName.endsWith(".dist-info") || parentName.endsWith(".egg-info") || "EGG-INFO" @@ -298,6 +304,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer { "Version", Confidence.HIGHEST); addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name", Confidence.HIGHEST); + + dependency.setName(headers.getHeader("Name", null)); + dependency.setVersion(headers.getHeader("Version", null)); + final String url = headers.getHeader("Home-page", null); final EvidenceCollection vendorEvidence = dependency .getVendorEvidence(); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java index f788b9965..f443fb04b 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java @@ -115,8 +115,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest { final Dependency result = new Dependency(BaseTest.getResourceAsFile( this, "python/site-packages/Django-1.7.2.dist-info/METADATA")); djangoAssertions(result); - assertEquals("Django-1.7.2.dist-info/METADATA", result.getDisplayFileName()); - } + } private void djangoAssertions(final Dependency result) throws AnalysisException { @@ -131,6 +130,10 @@ public class PythonDistributionAnalyzerTest extends BaseTest { } } assertTrue("Version 1.7.2 not found in Django dependency.", found); + assertEquals("1.7.2",result.getVersion()); + assertEquals("Django",result.getName()); + assertEquals("Django:1.7.2",result.getDisplayFileName()); + assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem()); } @Test @@ -183,5 +186,9 @@ public class PythonDistributionAnalyzerTest extends BaseTest { } } assertTrue("Version 0.0.1 not found in EggTest dependency.", found); + assertEquals("0.0.1",result.getVersion()); + assertEquals("EggTest",result.getName()); + assertEquals("EggTest:0.0.1",result.getDisplayFileName()); + assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem()); } }