dependabot-python 0.118.16 → 0.119.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f32f30287d89c4e9feea3c96f08635f5fdc5c9cda92458efa006bc14d46c61cb
-  data.tar.gz: 5e8a2987acc7d43995d0a57992b6521f0414737f681a43d7ea491ba9a5c3a45f
+  metadata.gz: 0c443c75018adfd2cf364c97de4ef952789b4b1d279c9ef325ee181e8f46cd56
+  data.tar.gz: 3ef40c7a0ac388eea5b3a2ea5b70ca5019a0110088fae84e5913c2584d37eb8d
 SHA512:
-  metadata.gz: '0354009fde048506e68a3d83987b9e082488987c8b64ca55589593504d29268e09015c528c1dbbfd166de90f8b0543f2146b546a4cc8fe52fe754f68f2547aea'
-  data.tar.gz: 1534109379dd95e8f28cb539851cad8176366501f9bbbb5ad9206ddae44c6e8606e4b8bffd0105f38b322c05a841e73fe749eb1eae45c733aabbab601f00e184
+  metadata.gz: 13bcdc6647e905be59181cac53a5e79073531940e291684b9431b68bbb16702871d56c964ea4ba4cdee736ec74f050db09b94bd0ba2b370813e5c4ae9cf7e144
+  data.tar.gz: 8f7113e04bf9c2c2fd727ecba7c7240d1f7f518237f4c8361531370e3fa86fb712d22544bbfe5751fee6296749c3dfc179c786bdd41a3db241d164a5cd5fb6ca

data/helpers/install-dir/python/lib/hasher.py

@@ -0,0 +1,24 @@
+import hashin
+import json
+import pipfile
+from poetry.poetry import Poetry
+from poetry.factory import Factory
+
+def get_dependency_hash(dependency_name, dependency_version, algorithm):
+    hashes = hashin.get_package_hashes(
+        dependency_name,
+        version=dependency_version,
+        algorithm=algorithm
+    )
+
+    return json.dumps({ "result": hashes["hashes"] })
+
+def get_pipfile_hash(directory):
+    p = pipfile.load(directory + '/Pipfile')
+
+    return json.dumps({ "result": p.hash })
+
+def get_pyproject_hash(directory):
+    p = Factory().create_poetry(directory)
+
+    return json.dumps({ "result": p.locker._get_content_hash() })

data/helpers/install-dir/python/lib/parser.py

@@ -0,0 +1,138 @@
+from itertools import chain
+import glob
+import io
+import json
+import optparse
+import os.path
+import re
+
+import setuptools
+import pip._internal.req.req_file
+from pip._internal.network.session import PipSession
+from pip._internal.models.format_control import FormatControl
+from pip._internal.req.constructors import (
+        install_req_from_line,
+        install_req_from_parsed_requirement,
+)
+
+def parse_requirements(directory):
+    # Parse the requirements.txt
+    requirement_packages = []
+    requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
+                        + glob.glob(os.path.join(directory, '**', '*.txt'))
+
+    pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
+                        + glob.glob(os.path.join(directory, '**', '*.in'))
+
+    def version_from_install_req(install_req):
+        if install_req.is_pinned:
+            return next(iter(install_req.specifier)).version
+
+    for reqs_file in requirement_files + pip_compile_files:
+        try:
+            requirements = pip._internal.req.req_file.parse_requirements(
+                reqs_file,
+                session=PipSession()
+            )
+            for parsed_req in requirements:
+                install_req = install_req_from_parsed_requirement(parsed_req)
+                if install_req.original_link:
+                    continue
+
+                pattern = r"-[cr] (.*) \(line \d+\)"
+                abs_path = re.search(pattern, install_req.comes_from).group(1)
+                rel_path = os.path.relpath(abs_path, directory)
+
+                requirement_packages.append({
+                    "name": install_req.req.name,
+                    "version": version_from_install_req(install_req),
+                    "markers": str(install_req.markers) or None,
+                    "file": rel_path,
+                    "requirement": str(install_req.specifier) or None,
+                    "extras": sorted(list(install_req.extras))
+                })
+        except Exception as e:
+            print(json.dumps({ "error": repr(e) }))
+            exit(1)
+
+    return json.dumps({ "result": requirement_packages })
+
+def parse_setup(directory):
+    # Parse the setup.py
+    setup_packages = []
+    if os.path.isfile(directory + '/setup.py'):
+        def version_from_install_req(install_req):
+            if install_req.is_pinned:
+                return next(iter(install_req.specifier)).version
+
+        def parse_requirement(req, req_type):
+            install_req = install_req_from_line(req)
+            if install_req.original_link:
+                return
+
+            setup_packages.append({
+                "name": install_req.req.name,
+                "version": version_from_install_req(install_req),
+                "markers": str(install_req.markers) or None,
+                "file": "setup.py",
+                "requirement": str(install_req.specifier) or None,
+                "requirement_type": req_type,
+                "extras": sorted(list(install_req.extras))
+            })
+
+        def setup(*args, **kwargs):
+            for arg in ['setup_requires', 'install_requires', 'tests_require']:
+                if not kwargs.get(arg):
+                    continue
+                for req in kwargs.get(arg):
+                    parse_requirement(req, arg)
+            extras_require_dict = kwargs.get('extras_require', {})
+            for key in extras_require_dict:
+                for req in extras_require_dict[key]:
+                    parse_requirement(req, 'extras_require:{}'.format(key))
+        setuptools.setup = setup
+
+        def noop(*args, **kwargs):
+            pass
+
+        def fake_parse(*args, **kwargs):
+            return []
+
+        global fake_open
+        def fake_open(*args, **kwargs):
+            content = ("VERSION = ('0', '0', '1+dependabot')\n"
+                       "__version__ = '0.0.1+dependabot'\n"
+                       "__author__ = 'someone'\n"
+                       "__title__ = 'something'\n"
+                       "__description__ = 'something'\n"
+                       "__author_email__ = 'something'\n"
+                       "__license__ = 'something'\n"
+                       "__url__ = 'something'\n")
+            return io.StringIO(content)
+
+        content = open(directory + '/setup.py', 'r').read()
+
+        # Remove `print`, `open`, `log` and import statements
+        content = re.sub(r"print\s*\(", "noop(", content)
+        content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
+        content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
+        content = content.replace("parse_requirements(", "fake_parse(")
+        version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
+        content = re.sub(version_re, "", content)
+
+        # Set variables likely to be imported
+        __version__ = '0.0.1+dependabot'
+        __author__ = 'someone'
+        __title__ = 'something'
+        __description__ = 'something'
+        __author_email__ = 'something'
+        __license__ = 'something'
+        __url__ = 'something'
+
+        # Run as main (since setup.py is a script)
+        __name__ = '__main__'
+
+        # Exec the setup.py
+        exec(content) in globals(), locals()
+
+    return json.dumps({ "result": setup_packages })

data/helpers/install-dir/python/requirements.txt

@@ -0,0 +1,9 @@
+pip==20.1.1
+pip-tools==5.3.0
+hashin==0.15.0
+pipenv==2018.11.26
+pipfile==0.0.2
+poetry==1.0.10
+
+# Some dependencies will only install if Cython is present
+Cython==0.29.21

data/helpers/install-dir/python/run.py

@@ -0,0 +1,18 @@
+import sys
+import json
+
+from lib import parser, hasher
+
+if __name__ == "__main__":
+    args = json.loads(sys.stdin.read())
+
+    if args["function"] == "parse_requirements":
+        print(parser.parse_requirements(args["args"][0]))
+    if args["function"] == "parse_setup":
+        print(parser.parse_setup(args["args"][0]))
+    elif args["function"] == "get_dependency_hash":
+        print(hasher.get_dependency_hash(*args["args"]))
+    elif args["function"] == "get_pipfile_hash":
+        print(hasher.get_pipfile_hash(*args["args"]))
+    elif args["function"] == "get_pyproject_hash":
+        print(hasher.get_pyproject_hash(*args["args"]))

metadata

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-python
 version: !ruby/object:Gem::Version
-  version: 0.118.16
+  version: 0.119.0.beta1
 platform: ruby
 authors:
 - Dependabot
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
 date: 2020-08-20 00:00:00.000000000 Z
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.16
+        version: 0.119.0.beta1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.16
+        version: 0.119.0.beta1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -144,6 +144,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/build
+- helpers/install-dir/python/lib/__init__.py
+- helpers/install-dir/python/lib/hasher.py
+- helpers/install-dir/python/lib/parser.py
+- helpers/install-dir/python/requirements.txt
+- helpers/install-dir/python/run.py
 - helpers/lib/__init__.py
 - helpers/lib/hasher.py
 - helpers/lib/parser.py
@@ -186,7 +191,7 @@ homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -201,8 +206,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Python support for dependabot
 test_files: []