PyPI - guarddog - Versions diffs - 2.8.4__py3-none-any.whl → 2.9.0__py3-none-any.whl - Mend

guarddog 2.8.4py3-none-any.whl → 2.9.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

guarddog/analyzer/metadata/go/typosquatting.py CHANGED Viewed

@@ -1,12 +1,6 @@
-import json
-import logging
-import os
 from typing import Optional
 from guarddog.analyzer.metadata.typosquatting import TyposquatDetector
-from guarddog.utils.config import TOP_PACKAGES_CACHE_LOCATION
-log = logging.getLogger("guarddog")
 class GoTyposquatDetector(TyposquatDetector):
@@ -19,32 +13,21 @@ class GoTyposquatDetector(TyposquatDetector):
     """
     def _get_top_packages(self) -> set:
-        top_packages_filename = "top_go_packages.json"
-        resources_dir = TOP_PACKAGES_CACHE_LOCATION
-        if resources_dir is None:
-            resources_dir = os.path.abspath(
-                os.path.join(os.path.dirname(__file__), "..", "resources")
-            )
-        top_packages_path = os.path.join(resources_dir, top_packages_filename)
-        top_packages_information = self._get_top_packages_local(top_packages_path)
+        """
+        Gets the top Go packages from local cache.
+        Uses the base class implementation without network refresh.
+        """
+        packages = self._get_top_packages_with_refresh(
+            packages_filename="top_go_packages.json",
+            popular_packages_url=None,  # No URL = no auto-refresh
+        )
-        if top_packages_information is None:
+        if not packages:
             raise Exception(
-                f"Could not retrieve top Go packages from {top_packages_path}"
+                "Could not retrieve top Go packages from top_go_packages.json"
             )
-        return set(top_packages_information)
-    def _get_top_packages_local(self, path: str) -> list[dict] | None:
-        try:
-            with open(path, "r") as f:
-                result = json.load(f)
-                return result
-        except FileNotFoundError:
-            log.error(f"File not found: {path}")
-            return None
+        return packages
     def detect(
         self,

guarddog/analyzer/metadata/npm/direct_url_dependency.py CHANGED Viewed

@@ -10,7 +10,6 @@ from guarddog.analyzer.metadata.detector import Detector
 from urllib.parse import urlparse
 github_project_pattern = re.compile(r"^([\w\-\.]+)/([\w\-\.]+)")

guarddog/analyzer/metadata/npm/typosquatting.py CHANGED Viewed

@@ -1,14 +1,6 @@
-import json
-import logging
-import os
-from datetime import datetime, timedelta
 from typing import Optional
 from guarddog.analyzer.metadata.typosquatting import TyposquatDetector
-from guarddog.utils.config import TOP_PACKAGES_CACHE_LOCATION
-import requests
-log = logging.getLogger("guarddog")
 class NPMTyposquatDetector(TyposquatDetector):
@@ -21,65 +13,38 @@ class NPMTyposquatDetector(TyposquatDetector):
     """
     def _get_top_packages(self) -> set:
-        popular_packages_url = (
-            "https://github.com/LeoDog896/npm-rank/releases/download/latest/raw.json"
+        """
+        Gets the top 8000 most popular NPM packages.
+        Uses the base class implementation with NPM-specific parameters.
+        """
+        return self._get_top_packages_with_refresh(
+            packages_filename="top_npm_packages.json",
+            popular_packages_url="https://github.com/LeoDog896/npm-rank/releases/download/latest/raw.json",
+            refresh_days=30,
         )
-        top_packages_filename = "top_npm_packages.json"
+    def _extract_package_names(self, data: dict | list | None) -> list | None:
+        """
+        Extract package names from NPM data structure.
-        resources_dir = TOP_PACKAGES_CACHE_LOCATION
-        if resources_dir is None:
-            resources_dir = os.path.abspath(
-                os.path.join(os.path.dirname(__file__), "..", "resources")
-            )
+        Network response format: [{"name": "package-name", ...}, ...]
+        Local file format: ["package-name", "package-name", ...]
-        top_packages_path = os.path.join(resources_dir, top_packages_filename)
-        top_packages_information = self._get_top_packages_local(top_packages_path)
-        if self._file_is_expired(top_packages_path, days=30):
-            new_information = self._get_top_packages_network(popular_packages_url)
-            if new_information is not None:
-                top_packages_information = new_information
-                with open(top_packages_path, "w+") as f:
-                    json.dump(new_information, f, ensure_ascii=False, indent=4)
-        if top_packages_information is None:
-            return set()
-        return set(top_packages_information)
-    def _file_is_expired(self, path: str, days: int) -> bool:
-        try:
-            update_time = datetime.fromtimestamp(os.path.getmtime(path))
-            return datetime.now() - update_time > timedelta(days=days)
-        except FileNotFoundError:
-            return True
-    def _get_top_packages_local(self, path: str) -> list[dict] | None:
-        try:
-            with open(path, "r") as f:
-                result = json.load(f)
-                return result
-        except FileNotFoundError:
-            log.error(f"File not found: {path}")
+        This method handles both formats and limits to top 8000 packages.
+        """
+        if data is None:
             return None
-    def _get_top_packages_network(self, url: str) -> list[dict] | None:
-        try:
-            response = requests.get(url)
-            response.raise_for_status()
+        # If data is already a list of strings (local file format)
+        if isinstance(data, list) and len(data) > 0:
+            if isinstance(data[0], str):
+                return data
-            response_data = response.json()
-            result = list([i["name"] for i in response_data[0:8000]])
+            # If data is list of dicts (network response format)
+            if isinstance(data[0], dict) and "name" in data[0]:
+                return [item["name"] for item in data[0:8000]]
-            return result
-        except json.JSONDecodeError:
-            log.error(f'Couldn`t convert to json: "{response.text}"')
-            return None
-        except requests.exceptions.RequestException as e:
-            log.error(f"Network error: {e}")
-            return None
+        return None
     def detect(
         self,

guarddog/analyzer/metadata/pypi/typosquatting.py CHANGED Viewed

@@ -1,14 +1,9 @@
-import json
 import logging
-import os
-from datetime import datetime, timedelta
 from typing import Optional
-import requests
 import packaging.utils
 from guarddog.analyzer.metadata.typosquatting import TyposquatDetector
-from guarddog.utils.config import TOP_PACKAGES_CACHE_LOCATION
 log = logging.getLogger("guarddog")
@@ -25,87 +20,35 @@ class PypiTyposquatDetector(TyposquatDetector):
     def _get_top_packages(self) -> set:
         """
-        Gets the package information of the top 5000 most downloaded PyPI packages
-        Returns:
-            set: set of package data in the format:
-                {
-                    ...
-                    {
-                        download_count: ...
-                        project: <package-name>
-                    }
-                    ...
-                }
+        Gets the package information of the top 5000 most downloaded PyPI packages.
+        Uses the base class implementation with PyPI-specific parameters.
         """
-        popular_packages_url = (
-            "https://hugovk.github.io/top-pypi-packages/top-pypi-packages.min.json"
+        packages = self._get_top_packages_with_refresh(
+            packages_filename="top_pypi_packages.json",
+            popular_packages_url="https://hugovk.github.io/top-pypi-packages/top-pypi-packages.min.json",
+            refresh_days=30,
         )
-        top_packages_filename = "top_pypi_packages.json"
-        resources_dir = TOP_PACKAGES_CACHE_LOCATION
-        if resources_dir is None:
-            resources_dir = os.path.abspath(
-                os.path.join(os.path.dirname(__file__), "..", "resources")
-            )
-        top_packages_path = os.path.join(resources_dir, top_packages_filename)
-        top_packages_information = self._get_top_packages_local(top_packages_path)
-        if self._file_is_expired(top_packages_path, days=30):
-            new_information = self._get_top_packages_network(popular_packages_url)
-            if new_information is not None:
-                top_packages_information = new_information
-                with open(top_packages_path, "w+") as f:
-                    json.dump(new_information, f, ensure_ascii=False, indent=4)
-        if top_packages_information is None:
-            return set()
-        return set(map(self.get_safe_name, top_packages_information))
+        # Apply canonicalization to PyPI package names
+        return set(map(self._canonicalize_name, packages))
-    @staticmethod
-    def get_safe_name(package):
-        return packaging.utils.canonicalize_name(package["project"])
-    def _file_is_expired(self, path: str, days: int) -> bool:
-        try:
-            update_time = datetime.fromtimestamp(os.path.getmtime(path))
-            return datetime.now() - update_time > timedelta(days=days)
-        except FileNotFoundError:
-            return True
-    def _get_top_packages_local(self, path: str) -> list[dict] | None:
-        try:
-            with open(path, "r") as f:
-                result = json.load(f)
-                return self.extract_information(result)
-        except FileNotFoundError:
-            log.error(f"File not found: {path}")
+    def _extract_package_names(self, data: dict | list | None) -> list | None:
+        """
+        Extract package names from PyPI data structure.
+        PyPI data has format: {"rows": [{"project": "name", "download_count": ...}, ...]}
+        """
+        if data is None:
             return None
-    def _get_top_packages_network(self, url: str) -> list[dict] | None:
-        try:
-            response = requests.get(url)
-            response.raise_for_status()
-            response_data = response.json()
-            result = response_data
+        if isinstance(data, dict) and "rows" in data:
+            return [row["project"] for row in data["rows"]]
-            return self.extract_information(result)
-        except json.JSONDecodeError:
-            log.error(f'Couldn`t convert to json: "{response.text}"')
-            return None
-        except requests.exceptions.RequestException as e:
-            log.error(f"Network error: {e}")
-            return None
+        return None
     @staticmethod
-    def extract_information(data: dict | None) -> list[dict] | None:
-        if data is not None:
-            return data.get("rows")
-        return None
+    def _canonicalize_name(package_name: str) -> str:
+        """Canonicalize PyPI package names according to PEP 503."""
+        return packaging.utils.canonicalize_name(package_name)
     def detect(
         self,

guarddog 2.8.4__py3-none-any.whl → 2.9.0__py3-none-any.whl

guarddog 2.8.4py3-none-any.whl → 2.9.0py3-none-any.whl