From 9adb57bcb536fe3c8569814555c2188c4d47e315 Mon Sep 17 00:00:00 2001 From: Zach Hill Date: Fri, 18 Dec 2020 09:36:25 -0800 Subject: [PATCH] Adds globs for .egg-info file for python detection as well as tests (#296) * Adds globs for .egg-info file for python detection as well as tests Signed-off-by: Zach Hill * Fix lint error Signed-off-by: Dan Luhring Co-authored-by: Dan Luhring --- syft/cataloger/python/package_cataloger.go | 7 +- .../python/package_cataloger_test.go | 21 +++ .../python/test-fixtures/test.egg-info | 134 ++++++++++++++++++ 3 files changed, 159 insertions(+), 3 deletions(-) create mode 100644 syft/cataloger/python/test-fixtures/test.egg-info diff --git a/syft/cataloger/python/package_cataloger.go b/syft/cataloger/python/package_cataloger.go index 885d19dca..d33efc255 100644 --- a/syft/cataloger/python/package_cataloger.go +++ b/syft/cataloger/python/package_cataloger.go @@ -11,8 +11,9 @@ import ( ) const ( - eggMetadataGlob = "**/*egg-info/PKG-INFO" - wheelMetadataGlob = "**/*dist-info/METADATA" + eggMetadataGlob = "**/*egg-info/PKG-INFO" + eggFileMetadataGlob = "**/*.egg-info" + wheelMetadataGlob = "**/*dist-info/METADATA" ) type PackageCataloger struct{} @@ -53,7 +54,7 @@ func (c *PackageCataloger) getPackageEntries(resolver source.Resolver) ([]*packa var metadataLocations []source.Location // find all primary record paths - matches, err := resolver.FilesByGlob(eggMetadataGlob, wheelMetadataGlob) + matches, err := resolver.FilesByGlob(eggMetadataGlob, eggFileMetadataGlob, wheelMetadataGlob) if err != nil { return nil, fmt.Errorf("failed to find files by glob: %w", err) } diff --git a/syft/cataloger/python/package_cataloger_test.go b/syft/cataloger/python/package_cataloger_test.go index c94b7f564..5bb41fab7 100644 --- a/syft/cataloger/python/package_cataloger_test.go +++ b/syft/cataloger/python/package_cataloger_test.go @@ -230,6 +230,27 @@ func TestPythonPackageWheelCataloger(t *testing.T) { }, }, }, + { + MetadataFixture: "test-fixtures/test.egg-info", + ExpectedPackage: pkg.Package{ + Name: "requests", + Version: "2.22.0", + Type: pkg.PythonPkg, + Language: pkg.Python, + Licenses: []string{"Apache 2.0"}, + FoundBy: "python-package-cataloger", + MetadataType: pkg.PythonPackageMetadataType, + Metadata: pkg.PythonPackageMetadata{ + Name: "requests", + Version: "2.22.0", + License: "Apache 2.0", + Platform: "UNKNOWN", + Author: "Kenneth Reitz", + AuthorEmail: "me@kennethreitz.org", + SitePackagesRootPath: "test-fixtures", + }, + }, + }, } for _, test := range tests { diff --git a/syft/cataloger/python/test-fixtures/test.egg-info b/syft/cataloger/python/test-fixtures/test.egg-info new file mode 100644 index 000000000..a73770668 --- /dev/null +++ b/syft/cataloger/python/test-fixtures/test.egg-info @@ -0,0 +1,134 @@ +Metadata-Version: 2.1 +Name: requests +Version: 2.22.0 +Summary: Python HTTP for Humans. +Home-page: http://python-requests.org +Author: Kenneth Reitz +Author-email: me@kennethreitz.org +License: Apache 2.0 +Description: Requests: HTTP for Humans™ + ========================== + + [![image](https://img.shields.io/pypi/v/requests.svg)](https://pypi.org/project/requests/) + [![image](https://img.shields.io/pypi/l/requests.svg)](https://pypi.org/project/requests/) + [![image](https://img.shields.io/pypi/pyversions/requests.svg)](https://pypi.org/project/requests/) + [![codecov.io](https://codecov.io/github/requests/requests/coverage.svg?branch=master)](https://codecov.io/github/requests/requests) + [![image](https://img.shields.io/github/contributors/requests/requests.svg)](https://github.com/requests/requests/graphs/contributors) + [![image](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/kennethreitz) + + Requests is the only *Non-GMO* HTTP library for Python, safe for human + consumption. + + ![image](https://farm5.staticflickr.com/4317/35198386374_1939af3de6_k_d.jpg) + + Behold, the power of Requests: + + ``` {.sourceCode .python} + >>> import requests + >>> r = requests.get('https://api.github.com/user', auth=('user', 'pass')) + >>> r.status_code + 200 + >>> r.headers['content-type'] + 'application/json; charset=utf8' + >>> r.encoding + 'utf-8' + >>> r.text + u'{"type":"User"...' + >>> r.json() + {u'disk_usage': 368627, u'private_gists': 484, ...} + ``` + + See [the similar code, sans Requests](https://gist.github.com/973705). + + [![image](https://raw.githubusercontent.com/requests/requests/master/docs/_static/requests-logo-small.png)](http://docs.python-requests.org/) + + Requests allows you to send *organic, grass-fed* HTTP/1.1 requests, + without the need for manual labor. There's no need to manually add query + strings to your URLs, or to form-encode your POST data. Keep-alive and + HTTP connection pooling are 100% automatic, thanks to + [urllib3](https://github.com/shazow/urllib3). + + Besides, all the cool kids are doing it. Requests is one of the most + downloaded Python packages of all time, pulling in over 11,000,000 + downloads every month. You don't want to be left out! + + Feature Support + --------------- + + Requests is ready for today's web. + + - International Domains and URLs + - Keep-Alive & Connection Pooling + - Sessions with Cookie Persistence + - Browser-style SSL Verification + - Basic/Digest Authentication + - Elegant Key/Value Cookies + - Automatic Decompression + - Automatic Content Decoding + - Unicode Response Bodies + - Multipart File Uploads + - HTTP(S) Proxy Support + - Connection Timeouts + - Streaming Downloads + - `.netrc` Support + - Chunked Requests + + Requests officially supports Python 2.7 & 3.4–3.7, and runs great on + PyPy. + + Installation + ------------ + + To install Requests, simply use [pipenv](http://pipenv.org/) (or pip, of + course): + + ``` {.sourceCode .bash} + $ pipenv install requests + ✨🍰✨ + ``` + + Satisfaction guaranteed. + + Documentation + ------------- + + Fantastic documentation is available at + , for a limited time only. + + How to Contribute + ----------------- + + 1. Become more familiar with the project by reading our [Contributor's Guide](http://docs.python-requests.org/en/latest/dev/contributing/) and our [development philosophy](http://docs.python-requests.org/en/latest/dev/philosophy/). + 2. Check for open issues or open a fresh issue to start a discussion + around a feature idea or a bug. There is a [Contributor + Friendly](https://github.com/requests/requests/issues?direction=desc&labels=Contributor+Friendly&page=1&sort=updated&state=open) + tag for issues that should be ideal for people who are not very + familiar with the codebase yet. + 3. Fork [the repository](https://github.com/requests/requests) on + GitHub to start making your changes to the **master** branch (or + branch off of it). + 4. Write a test which shows that the bug was fixed or that the feature + works as expected. + 5. Send a pull request and bug the maintainer until it gets merged and + published. :) Make sure to add yourself to + [AUTHORS](https://github.com/requests/requests/blob/master/AUTHORS.rst). + + +Platform: UNKNOWN +Classifier: Development Status :: 5 - Production/Stable +Classifier: Intended Audience :: Developers +Classifier: Natural Language :: English +Classifier: License :: OSI Approved :: Apache Software License +Classifier: Programming Language :: Python +Classifier: Programming Language :: Python :: 2 +Classifier: Programming Language :: Python :: 2.7 +Classifier: Programming Language :: Python :: 3 +Classifier: Programming Language :: Python :: 3.5 +Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: Implementation :: CPython +Classifier: Programming Language :: Python :: Implementation :: PyPy +Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.* +Description-Content-Type: text/markdown +Provides-Extra: security +Provides-Extra: socks \ No newline at end of file