github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 09:31:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Normalized Python Dist names

Browse Source
This commit is contained in:
brianf
2017-09-21 15:41:13 -04:00
parent 7a74917b67
commit a8b740a538
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.java
View File

@@ -61,6 +61,11 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
* Name of egg metadata files to analyze. * Name of egg metadata files to analyze.
*/ */
private static final String PKG_INFO = "PKG-INFO"; private static final String PKG_INFO = "PKG-INFO";
/**
* The dependency Ecosystem
*/
static final String DEPENDENCY_ECOSYSTEM = "Python.Dist";
/** /**
* Name of wheel metadata files to analyze. * Name of wheel metadata files to analyze.
@@ -183,6 +188,8 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
@Override @Override
protected void analyzeDependency(Dependency dependency, Engine engine) protected void analyzeDependency(Dependency dependency, Engine engine)
throws AnalysisException { throws AnalysisException {
dependency.setDependencyEcosystem(DEPENDENCY_ECOSYSTEM);
final File actualFile = dependency.getActualFile(); final File actualFile = dependency.getActualFile();
if (WHL_FILTER.accept(actualFile)) { if (WHL_FILTER.accept(actualFile)) {
collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER, collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
@@ -196,7 +203,6 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
if (metadata || PKG_INFO.equals(name)) { if (metadata || PKG_INFO.equals(name)) {
final File parent = actualFile.getParentFile(); final File parent = actualFile.getParentFile();
final String parentName = parent.getName(); final String parentName = parent.getName();
dependency.setDisplayFileName(parentName + "/" + name);
if (parent.isDirectory() if (parent.isDirectory()
&& (metadata && parentName.endsWith(".dist-info") && (metadata && parentName.endsWith(".dist-info")
|| parentName.endsWith(".egg-info") || "EGG-INFO" || parentName.endsWith(".egg-info") || "EGG-INFO"
@@ -298,6 +304,10 @@ public class PythonDistributionAnalyzer extends AbstractFileTypeAnalyzer {
"Version", Confidence.HIGHEST); "Version", Confidence.HIGHEST);
addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name", addPropertyToEvidence(headers, dependency.getProductEvidence(), "Name",
Confidence.HIGHEST); Confidence.HIGHEST);
dependency.setName(headers.getHeader("Name", null));
dependency.setVersion(headers.getHeader("Version", null));
final String url = headers.getHeader("Home-page", null); final String url = headers.getHeader("Home-page", null);
final EvidenceCollection vendorEvidence = dependency final EvidenceCollection vendorEvidence = dependency
.getVendorEvidence(); .getVendorEvidence();

11
dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzerTest.java
View File

@@ -115,8 +115,7 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
final Dependency result = new Dependency(BaseTest.getResourceAsFile( final Dependency result = new Dependency(BaseTest.getResourceAsFile(
this, "python/site-packages/Django-1.7.2.dist-info/METADATA")); this, "python/site-packages/Django-1.7.2.dist-info/METADATA"));
djangoAssertions(result); djangoAssertions(result);
assertEquals("Django-1.7.2.dist-info/METADATA", result.getDisplayFileName()); }
}
private void djangoAssertions(final Dependency result) private void djangoAssertions(final Dependency result)
throws AnalysisException { throws AnalysisException {
@@ -131,6 +130,10 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
} }
} }
assertTrue("Version 1.7.2 not found in Django dependency.", found); assertTrue("Version 1.7.2 not found in Django dependency.", found);
assertEquals("1.7.2",result.getVersion());
assertEquals("Django",result.getName());
assertEquals("Django:1.7.2",result.getDisplayFileName());
assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
} }
@Test @Test
@@ -183,5 +186,9 @@ public class PythonDistributionAnalyzerTest extends BaseTest {
} }
} }
assertTrue("Version 0.0.1 not found in EggTest dependency.", found); assertTrue("Version 0.0.1 not found in EggTest dependency.", found);
assertEquals("0.0.1",result.getVersion());
assertEquals("EggTest",result.getName());
assertEquals("EggTest:0.0.1",result.getDisplayFileName());
assertEquals(PythonDistributionAnalyzer.DEPENDENCY_ECOSYSTEM,result.getDependencyEcosystem());
} }
} }