diff --git a/syft/pkg/cataloger/python/parse_requirements.go b/syft/pkg/cataloger/python/parse_requirements.go index 7ef49f662..38bbde3e8 100644 --- a/syft/pkg/cataloger/python/parse_requirements.go +++ b/syft/pkg/cataloger/python/parse_requirements.go @@ -26,7 +26,7 @@ const ( // --hash=sha256:e9535b8c84dc9571a48999094fda7f33e63c3f1b74f3e5f3ac0105a58405bb65 # some comment // namePattern matches: requests[security] - namePattern = `(?P\w[\w\[\],\s-_]+)` + namePattern = `(?P\w[\w\[\],\s-_\.]+)` // versionConstraintPattern matches: == 2.8.* versionConstraintPattern = `(?P([^\S\r\n]*[~=>!<]+\s*[0-9a-zA-Z.*]+[^\S\r\n]*,?)+)?(@[^\S\r\n]*(?P[^;]*))?` diff --git a/syft/pkg/cataloger/python/parse_requirements_test.go b/syft/pkg/cataloger/python/parse_requirements_test.go index ebd67549a..139b0b62a 100644 --- a/syft/pkg/cataloger/python/parse_requirements_test.go +++ b/syft/pkg/cataloger/python/parse_requirements_test.go @@ -53,6 +53,18 @@ func TestParseRequirementsTxt(t *testing.T) { Markers: "python_version < '3.8'", }, }, + { + Name: "dots-._allowed", + Version: "1.0.0", + PURL: "pkg:pypi/dots-._allowed@1.0.0", + Locations: locations, + Language: pkg.Python, + Type: pkg.PythonPkg, + Metadata: pkg.PythonRequirementsEntry{ + Name: "dots-._allowed", + VersionConstraint: "== 1.0.0", + }, + }, { Name: "argh", Version: "0.26.2", diff --git a/syft/pkg/cataloger/python/test-fixtures/requires/requirements.txt b/syft/pkg/cataloger/python/test-fixtures/requires/requirements.txt index 15d60947a..a238ccdcf 100644 --- a/syft/pkg/cataloger/python/test-fixtures/requires/requirements.txt +++ b/syft/pkg/cataloger/python/test-fixtures/requires/requirements.txt @@ -8,6 +8,7 @@ bar >= 1.0.0, <= 2.0.0, \ -r other-requirements.txt --requirements super-secretrequirements.txt SomeProject ==5.4 ; python_version < '3.8' +dots-._allowed == 1.0.0 coverage != 3.5 # Version Exclusion. Anything except version 3.5 numpyNew; sys_platform == 'win32' numpy >= 3.4.1; sys_platform == 'win32'