attestationcheck 0.1.0__py3-none-any.whl

attestationcheck/__init__.py

@@ -0,0 +1,5 @@
+"""Entry point for python -m attestationcheck."""
+
+from attestationcheck.io.cli import cli, main
+
+_ = (cli, main)

attestationcheck/__main__.py

@@ -0,0 +1,7 @@
+"""Entry point for python -m attestationcheck."""
+
+from __future__ import annotations
+
+from attestationcheck.io.cli import cli
+
+cli()

attestationcheck/io/cli.py

@@ -0,0 +1,175 @@
+"""Output the attestations used by dependencies."""
+
+from __future__ import annotations
+
+import argparse
+from dataclasses import fields
+from pathlib import Path
+from sys import exit as sysexit
+from sys import stdin, stdout
+
+from configurator import Config
+from configurator.node import ConfigNode
+
+from attestationcheck import packageinforesolver  # ,checker
+from attestationcheck.io import fmt
+from attestationcheck.models.config import LC_Config
+from attestationcheck.models.packageinfo import PackageInfo
+
+stdout.reconfigure(encoding="utf-8")  # type: ignore[general-type-issues]
+
+
+def cli() -> None:  # pragma: no cover
+	"""Cli entry point."""
+	parser = argparse.ArgumentParser(description=__doc__, argument_default=argparse.SUPPRESS)
+
+	parser.add_argument(
+		"--format",
+		"-f",
+		help=f"Output format. one of: {', '.join(set(fmt.formatMap))}. default=simple",
+	)
+	parser.add_argument(
+		"--requirements-paths",
+		"-r",
+		help="Filenames to read from (omit for stdin if piping, else pyproject.toml)",
+		nargs="+",
+	)
+	parser.add_argument(
+		"--groups",
+		"-g",
+		help="Select groups from supported files",
+		nargs="+",
+	)
+	parser.add_argument(
+		"--extras",
+		"-e",
+		help="Select extras from supported files",
+		nargs="+",
+	)
+	parser.add_argument(
+		"--file",
+		"-o",
+		help="Filename to write output to (omit this for stdout)",
+	)
+	parser.add_argument(
+		"--skip-dependencies",
+		help="set of packages/dependencies to skip",
+		nargs="+",
+	)
+	parser.add_argument(
+		"--hide-output-parameters",
+		help="set of parameters to hide from the produced output",
+		nargs="+",
+	)
+	parser.add_argument(
+		"--show-only-failing",
+		help="Only output a set of failing packages from this lib",
+		action="store_true",
+	)
+	parser.add_argument(
+		"--pypi-api",
+		help="Specify a custom pypi api endpoint, for example if using a custom pypi server, "
+		"note this must implement the 'pypi' and 'integrity' endpoints",
+	)
+	parser.add_argument(
+		"--zero",
+		"-0",
+		help="Return non zero exit code if a package with an unverified attestation is found, ideal"
+		" for CI/CD",
+		action="store_true",
+	)
+	args = vars(parser.parse_args())
+
+	stdin_path = Path("__stdin__")
+	if not args.get("requirements_paths"):
+		if stdin.isatty():
+			args["requirements_paths"] = ["pyproject.toml"]
+		else:
+			stdin_path.write_text("\n".join(stdin.readlines()), encoding="utf-8")
+
+	config: ConfigNode = Config()
+
+	# (Parses in the following order: `pyproject.toml`,
+	# `setup.cfg`, `attestationcheck.toml`, `attestationcheck.json`,
+	# `attestationcheck.ini`, `~/attestationcheck.toml`, `~/attestationcheck.json`, `~/attestationcheck.ini`)
+	config_files = [
+		"~/attestationcheck.json",
+		"~/attestationcheck.toml",
+		"attestationcheck.json",
+		"attestationcheck.toml",
+		"setup.cfg",
+		"pyproject.toml",
+	]
+
+	for file in config_files:
+		config += Config.from_path(file, optional=True)
+
+	scopedData: ConfigNode = config.get("tool", {}).get("attestationcheck", ConfigNode())
+	attestationcheckConf: LC_Config = LC_Config.model_validate({**scopedData.data, **args})
+
+	ec = main(attestationcheckConf)
+	stdin_path.unlink(missing_ok=True)
+
+	sysexit(ec)
+
+
+def main(attestationcheckConf: LC_Config) -> int:
+	"""Test entry point."""
+	exitCode = 0
+
+	# File
+	requirements_paths = attestationcheckConf.requirements_paths or {"__stdin__"}
+	output_file = (
+		stdout
+		if attestationcheckConf.file in [None, ""]
+		else Path(attestationcheckConf.file or "").open("w", encoding="utf-8")
+	)
+
+	package_info_manager = packageinforesolver.PackageInfoManager(
+		attestationcheckConf.pypi_api or "https://pypi.org"
+	)
+
+	package_info_manager.resolve_requirements(
+		requirements_paths=requirements_paths,
+		groups=attestationcheckConf.groups,
+		extras=attestationcheckConf.extras,
+		skip_dependencies=attestationcheckConf.skip_dependencies,
+	)
+
+	all_packages: set[PackageInfo] = package_info_manager.getPackages()
+
+	incompatible = any(not x.is_attestation_verified for x in all_packages)
+
+	# Format the results
+	hide_output_parameters = attestationcheckConf.hide_output_parameters
+
+	available_params = [param.name.upper() for param in fields(PackageInfo)]
+	if not all(hop in available_params for hop in hide_output_parameters):
+		msg = (
+			f"Invalid parameter(s) in `hide_output_parameters`. "
+			f"Valid parameters are: {', '.join(available_params)}"
+		)
+		raise ValueError(msg)
+
+	format_ = attestationcheckConf.format or "simple"
+	if attestationcheckConf.format in fmt.formatMap:
+		print(
+			fmt.fmt(
+				format_,
+				sorted(all_packages),
+				hide_output_parameters,
+				show_only_failing=attestationcheckConf.show_only_failing,
+			),
+			file=output_file,
+		)
+	else:
+		exitCode = 2
+
+	# Exit code of 1 if args.zero
+	if attestationcheckConf.zero and incompatible:
+		exitCode = 1
+
+	# Cleanup + exit
+	if attestationcheckConf.file not in [None, ""]:
+		output_file.close()
+	return exitCode

attestationcheck/io/fmt.py

@@ -0,0 +1,272 @@
+"""
+The formatter is responsible for outputting the list of PackageInfo[s].
+
+The available output formats are defined as follows
+
+- ansi: Plain text output with ANSI color codes for terminal display.
+	used for simple, color-coded output on the command line.
+- plain: A basic, no-frills plain text format, used when a clean and simple
+	textual representation is needed without any additional markup or styling.
+- markdown: A lightweight markup language with plain-text formatting syntax. Ideal
+	for creating formatted documents that can be easily converted into HTML for web display.
+- html: A format suitable for rendering in web browsers. (can be styled with CSS
+	for more complex presentation.)
+- json: A structured data format. This format representing the list of PackageInfo[s]
+	as a JSON object
+- csv: A simple, comma-separated values format. widely used in spreadsheets and
+	databases for easy import/export of data.
+
+Note that these support the get_filtered_dict method, which allows users
+to hide some of the output via the `--hide-output-parameters` cli flag. In addition
+these support the show_only_failing method, which allows users
+to show only packages that are not Verified with out license via the
+`--show-only-failing` cli flag
+
+"""
+
+from __future__ import annotations
+
+import csv
+import json
+import re
+from collections import OrderedDict
+from importlib.metadata import PackageNotFoundError, version
+from io import StringIO
+from pathlib import Path
+from typing import Any
+
+import markdown as markdownlib
+from rich.console import Console
+from rich.table import Table
+
+from attestationcheck.models.packageinfo import AttestationInfo, PackageInfo
+
+THISDIR = Path(__file__).resolve().parent
+
+try:
+	VERSION = version("attestationcheck")
+except PackageNotFoundError:
+	VERSION = "dev"
+INFO = {"program": "attestationcheck", "version": VERSION, "license": "MIT LICENSE"}
+
+
+def stripAnsi(string: str) -> str:
+	"""
+	Strip ansi codes from a given string.
+
+	Args:
+	----
+		string (str): string to strip codes from
+
+	Returns:
+	-------
+		str: plaintext, utf-8 string (safe for writing to files)
+
+	"""
+	return re.compile(r"\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])").sub("", string)
+
+
+def ansi(
+	packages: list[dict[str, Any]],
+) -> str:
+	"""
+	Format to ansi.
+
+	:param License myLice: project license
+	:param list[dict[str, Any]] packages: list of PackageInfo, representes as a dict to format.
+	:return str: string to send to specified output in ansi format
+	"""
+	string = StringIO()
+
+	console = Console(file=string, color_system="truecolor", safe_box=False)
+
+	table = Table(title="\nInfo")
+	table.add_column("Item", style="cyan")
+	table.add_column("Value", style="magenta")
+	_ = [table.add_row(k, v) for k, v in INFO.items()]
+
+	console.print(table)
+
+	if len(packages) == 0:
+		return f"{string.getvalue()}\nNo packages"
+
+	errors = [x for x in packages if x.get("httpErrorCode", 0) > 0]
+	if len(errors) > 0:
+		table = Table(title="\nList Of Errors")
+		table.add_column("Package", style="magenta")
+		_ = [table.add_row(x.get("name", "?")) for x in errors]
+		console.print(table)
+
+	table = Table(title="\nList Of Packages")
+	if name_bool := "name" in packages[0]:
+		table.add_column("Package", header_style="magenta")
+	if attestation_info := "attestation_info" in packages[0]:
+		table.add_column("Attestation Info", header_style="magenta")
+
+	attestation_info_lookup = {
+		AttestationInfo.NONE: "[red]Unsupported[/]",
+		AttestationInfo.SUPPORTED: "[yellow]Supported[/]",
+		AttestationInfo.PRESENT: "[cyan]Present[/]",
+		AttestationInfo.VALID: "[green]Valid[/]",
+		AttestationInfo.VERIFIED: "[green]Verified[/]",
+	}
+	_ = [
+		table.add_row(
+			*(
+				([x.get("name")] if name_bool else [])
+				+ (
+					[attestation_info_lookup[x.get("attestation_info", AttestationInfo.NONE)]]
+					if attestation_info
+					else []
+				)
+			)
+		)
+		for x in packages
+	]
+	console.print(table)
+	return string.getvalue()
+
+
+def plainText(
+	packages: list[dict[str, Any]],
+) -> str:
+	"""
+	Format to plain text.
+
+	:param License myLice: project license
+	:param list[dict[str, Any]] packages: list of PackageInfo, representes as a dict to format.
+	:return str: string to send to specified output in plain text format
+
+	"""
+	return stripAnsi(ansi(packages))
+
+
+def markdown(
+	packages: list[dict[str, Any]],
+) -> str:
+	"""
+	Format to markdown.
+
+	:param License myLice: project license
+	:param list[dict[str, Any]] packages: list of PackageInfo, representes as a dict to format.
+	:return str: string to send to specified output in markdown format
+	"""
+	info = "\n".join(f"- {k}: {v}" for k, v in INFO.items())
+	strBuf = [f"## Info\n\n{info}\n\n"]
+
+	if len(packages) == 0:
+		return f"{strBuf[0]}\nNo packages"
+
+	strBuf.append("## Packages\n\nFind a list of packages below\n")
+	packages = sorted(packages, key=lambda i: i.get("name", "?"))
+
+	# Summary Table
+	strBuf.append("|Package|Attestation Info|\n|:--|:--|")
+	strBuf.extend([f"|{pkg.get('name')}||{pkg.get('attestation_info')}" for pkg in packages])
+
+	# Details
+	params_use_in_markdown = {
+		"author": "Author",
+		"is_attestation_verified": "Attestation Verified",
+		"is_attestation_valid": "Attestation Valid",
+		"is_attestation_present": "Attestation Present",
+		"is_supported_publisher": "Attestation Supported",
+		"size": "Size",
+	}
+	for pkg in packages:
+		pkg_ordered_dict = OrderedDict(
+			(param, pkg[param]) for param in params_use_in_markdown if param in pkg
+		)
+		strBuf.extend(
+			[
+				f"\n### {pkg.get('namever')}\n",
+				*(f"- {params_use_in_markdown[k]}: {v}" for k, v in pkg_ordered_dict.items()),
+			]
+		)
+	return "\n".join(strBuf) + "\n"
+
+
+def html(
+	packages: list[dict[str, Any]],
+) -> str:
+	"""
+	Format to html.
+
+	:param License myLice: project license
+	:param list[dict[str, Any]] packages: list of PackageInfo, representes as a dict to format.
+	:return str: string to send to specified output in html format
+	"""
+	html = markdownlib.markdown(
+		markdown(packages=packages),
+		extensions=["tables"],
+	)
+	return (THISDIR / "html.template").read_text("utf-8").replace("{html}", html)
+
+
+def raw(packages: list[dict[str, Any]]) -> str:
+	"""
+	Format to json.
+
+	:param list[dict[str, Any]] packages: list of PackageInfo, representes as a dict to format.
+	:return str: string to send to specified output in json format
+	"""
+	return json.dumps(
+		{
+			"info": INFO,
+			"packages": packages,
+		},
+		indent="\t",
+	)
+
+
+def rawCsv(
+	packages: list[dict[str, Any]],
+) -> str:
+	"""
+	Format to csv.
+
+	:param list[dict[str, Any]] packages: list of PackageInfo, representes as a dict to format.
+	:return str: string to send to specified output in csv format
+	"""
+	if len(packages) == 0:
+		return ""
+
+	string = StringIO()
+	writer = csv.DictWriter(string, fieldnames=list(packages[0]), lineterminator="\n")
+	writer.writeheader()
+	writer.writerows(packages)
+	return string.getvalue()
+
+
+def fmt(
+	format_: str,
+	packages: list[PackageInfo],
+	hide_parameters: set[str] | None = None,
+	*,
+	show_only_failing: bool = False,
+) -> str:
+	"""
+	Format to a given format by `format_`.
+
+	:param list[PackageInfo] packages: list of packages to format.
+	:param set[str] hide_parameters: set of parameters to ignore in the output.
+	:param bool show_only_failing: output only failing packages, defaults to False.
+	:return str: string to send to specified output in ansi format
+	"""
+	hide_parameters = hide_parameters or set()
+	if show_only_failing:
+		packages = [x for x in packages if not x.is_attestation_verified]
+
+	pkgs: list[dict[str, Any]] = [x.get_filtered_dict(hide_parameters) for x in packages]
+
+	return formatMap.get(format_, plainText)(pkgs)
+
+
+formatMap = {
+	"json": raw,
+	"markdown": markdown,
+	"html": html,
+	"csv": rawCsv,
+	"ansi": ansi,
+	"simple": plainText,
+}

attestationcheck/io/html.template

@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+            color: #222;
+        }
+        h2 {
+            color: #333;
+            margin-bottom: 10px;
+        }
+        ul {
+            list-style-type: none;
+            padding: 0;
+        }
+        li {
+            margin-bottom: 5px;
+        }
+        table {
+            border-collapse: collapse;
+            width: 100%;
+        }
+        th,
+        td {
+            border: 1px solid #ddd;
+            padding: 8px;
+            text-align: left;
+        }
+        th {
+            background-color: #f2f2f2;
+        }
+        tr:nth-child(even) {
+            background-color: #f2f2f2;
+        }
+        tr:hover {
+            background-color: #ddd;
+        }
+        h3 {
+            color: #444;
+        }
+        @media (prefers-color-scheme: dark) {
+            body {
+                background-color: #222;
+                color: #eee;
+            }
+            h2 {
+                color: #ccc;
+            }
+            h3 {
+                color: #eee;
+            }
+            th {
+                background-color: #333;
+                color: #eee;
+            }
+            tr:nth-child(even) {
+                background-color: #333;
+            }
+            tr:hover {
+                background-color: #444;
+            }
+        }
+    </style>
+</head>
+<body>
+{html}
+</body>
+</html>

attestationcheck/models/attestation.py

@@ -0,0 +1,73 @@
+from pydantic import Field
+
+from attestationcheck.models.defaultonnone import DefaultOnNoneModel
+
+
+class Envelope(DefaultOnNoneModel):
+	signature: str = ""
+	statement: str = ""
+
+
+class KindVersion(DefaultOnNoneModel):
+	kind: str = ""
+	version: str = ""
+
+
+class LogId(DefaultOnNoneModel):
+	key_id: str = ""
+
+
+class InclusionPromise(DefaultOnNoneModel):
+	signed_entry_timestamp: str = ""
+
+
+class Checkpoint(DefaultOnNoneModel):
+	envelope: str = ""
+
+
+class InclusionProof(DefaultOnNoneModel):
+	checkpoint: Checkpoint = Checkpoint()
+	hashes: list[str] = Field(default_factory=list)
+	log_index: str = ""
+	root_hash: str = ""
+	tree_size: str = ""
+
+
+class TransparencyEntry(DefaultOnNoneModel):
+	canonicalizedBody: str = ""
+	inclusionPromise: InclusionPromise = InclusionPromise()
+	inclusionProof: InclusionProof = InclusionProof()
+
+	integratedTime: int = 0
+	kindVersion: KindVersion = KindVersion()
+	logId: LogId = LogId()
+	logIndex: str = ""
+
+
+class VerificationMaterial(DefaultOnNoneModel):
+	certificate: str = ""
+	transparency_entries: list[TransparencyEntry] = Field(default_factory=list)
+
+
+class Attestation(DefaultOnNoneModel):
+	envelope: Envelope = Envelope()
+	verification_material: VerificationMaterial = VerificationMaterial()
+	version: int = 0
+
+
+class Publisher(DefaultOnNoneModel):
+	claims: dict = Field(default_factory=dict)
+	environment: str = ""
+	kind: str = ""
+	repository: str = ""
+	workflow: str = ""
+
+
+class AttestationBundle(DefaultOnNoneModel):
+	attestations: list[Attestation] = Field(default_factory=list)
+	publisher: Publisher = Publisher()
+
+
+class Provenance(DefaultOnNoneModel):
+	attestation_bundles: list[AttestationBundle]
+	version: int = 1

attestationcheck/models/config.py

@@ -0,0 +1,21 @@
+from __future__ import annotations
+
+from dataclasses import field
+
+from attestationcheck.models.defaultonnone import DefaultOnNoneModel
+
+
+class LC_Config(DefaultOnNoneModel):
+	"""LC_Config type."""
+
+	file: str | None
+	format: str | None
+	pypi_api: str | None
+	show_only_failing: bool
+	zero: bool
+
+	requirements_paths: set[str] = field(default_factory=set)
+	groups: set[str] = field(default_factory=set)
+	extras: set[str] = field(default_factory=set)
+	skip_dependencies: set[str] = field(default_factory=set)
+	hide_output_parameters: set[str] = field(default_factory=set)

attestationcheck/models/defaultonnone.py

@@ -0,0 +1,22 @@
+from typing import Any
+
+from pydantic import BaseModel, model_validator
+
+
+class DefaultOnNoneModel(BaseModel):
+	@model_validator(mode="before")
+	@classmethod
+	def default_on_none(cls, values: Any) -> Any | dict[Any, Any]:
+		if not isinstance(values, dict):
+			return values
+
+		result = dict(values)
+
+		for name, field in cls.model_fields.items():
+			if name in result and result[name] is None:
+				if field.default_factory is not None:
+					result[name] = field.default_factory()
+				elif field.default is not None:
+					result[name] = field.default
+
+		return result