trustcheck 2.2.1__tar.gz → 2.2.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (238) hide show
  1. {trustcheck-2.2.1/src/trustcheck.egg-info → trustcheck-2.2.2}/PKG-INFO +1 -1
  2. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/export_homebrew_tap.py +15 -10
  3. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/_version.py +2 -2
  4. {trustcheck-2.2.1 → trustcheck-2.2.2/src/trustcheck.egg-info}/PKG-INFO +1 -1
  5. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_homebrew_tap_export.py +50 -0
  6. {trustcheck-2.2.1 → trustcheck-2.2.2}/.dockerignore +0 -0
  7. {trustcheck-2.2.1 → trustcheck-2.2.2}/.gitattributes +0 -0
  8. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/CODEOWNERS +0 -0
  9. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/ISSUE_TEMPLATE/general.yml +0 -0
  10. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/dependabot.yml +0 -0
  11. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/trustcheck-action-fail-policy.json +0 -0
  12. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/acceptance-matrix.yml +0 -0
  13. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/action-integration.yml +0 -0
  14. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/bandit.yml +0 -0
  15. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/benchmarks.yml +0 -0
  16. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/binary-security.yml +0 -0
  17. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/ci.yml +0 -0
  18. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/codeql.yml +0 -0
  19. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/docs.yml +0 -0
  20. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/fuzz.yml +0 -0
  21. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/live-integration.yml +0 -0
  22. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/mutation.yml +0 -0
  23. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/plagiarism-scan.yml +0 -0
  24. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/post-release-parity.yml +0 -0
  25. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/publish.yml +0 -0
  26. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/sarif-integration.yml +0 -0
  27. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/semgrep.yml +0 -0
  28. {trustcheck-2.2.1 → trustcheck-2.2.2}/.github/workflows/source-build.yml +0 -0
  29. {trustcheck-2.2.1 → trustcheck-2.2.2}/.gitignore +0 -0
  30. {trustcheck-2.2.1 → trustcheck-2.2.2}/.pre-commit-hooks.yaml +0 -0
  31. {trustcheck-2.2.1 → trustcheck-2.2.2}/CHANGELOG.md +0 -0
  32. {trustcheck-2.2.1 → trustcheck-2.2.2}/CONTRIBUTING.md +0 -0
  33. {trustcheck-2.2.1 → trustcheck-2.2.2}/Dockerfile +0 -0
  34. {trustcheck-2.2.1 → trustcheck-2.2.2}/LICENSE +0 -0
  35. {trustcheck-2.2.1 → trustcheck-2.2.2}/MANIFEST.in +0 -0
  36. {trustcheck-2.2.1 → trustcheck-2.2.2}/README.md +0 -0
  37. {trustcheck-2.2.1 → trustcheck-2.2.2}/SECURITY.md +0 -0
  38. {trustcheck-2.2.1 → trustcheck-2.2.2}/action.yml +0 -0
  39. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/README.md +0 -0
  40. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/benchmark_against_pip_audit.py +0 -0
  41. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/corpus.json +0 -0
  42. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/malicious-calibration.json +0 -0
  43. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/pdm.lock +0 -0
  44. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/poetry.lock +0 -0
  45. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/pylock.toml +0 -0
  46. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-hashed.txt +0 -0
  47. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-main.txt +0 -0
  48. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-malformed.txt +0 -0
  49. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-markers-extras.txt +0 -0
  50. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-private-index.txt +0 -0
  51. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-profiles.txt +0 -0
  52. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-resolution.txt +0 -0
  53. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements-vcs-editable.txt +0 -0
  54. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/requirements.txt +0 -0
  55. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/truth-public-key.pem +0 -0
  56. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/truth.json +0 -0
  57. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/truth.json.sig +0 -0
  58. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/corpus/uv.lock +0 -0
  59. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/measure_command.py +0 -0
  60. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/results/benchmark-public-key.pem +0 -0
  61. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/results/latest.json +0 -0
  62. {trustcheck-2.2.1 → trustcheck-2.2.2}/benchmarks/results/latest.json.sig +0 -0
  63. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/assets/images/logo-bg-less.png +0 -0
  64. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/assets/images/logo.png +0 -0
  65. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/assets/javascripts/disable-search-shortcut.js +0 -0
  66. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/changelog.md +0 -0
  67. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/cli/configuration.md +0 -0
  68. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/cli/exit-codes.md +0 -0
  69. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/cli/index.md +0 -0
  70. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/cli/policies.md +0 -0
  71. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/getting-started/installation.md +0 -0
  72. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/getting-started/quickstart.md +0 -0
  73. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/guides/ci-integration.md +0 -0
  74. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/index.md +0 -0
  75. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/benchmarks.md +0 -0
  76. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/compatibility.md +0 -0
  77. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/industry-formats.md +0 -0
  78. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/json-contract.md +0 -0
  79. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/malicious-package-detection.md +0 -0
  80. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/performance-extensibility.md +0 -0
  81. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/python-api.md +0 -0
  82. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/recommendations.md +0 -0
  83. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/remediation.md +0 -0
  84. {trustcheck-2.2.1 → trustcheck-2.2.2}/docs/reference/trust-model.md +0 -0
  85. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/README.md +0 -0
  86. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/fuzz_artifacts.py +0 -0
  87. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/fuzz_exports.py +0 -0
  88. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/fuzz_indexes.py +0 -0
  89. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/fuzz_lockfiles.py +0 -0
  90. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/fuzz_provenance.py +0 -0
  91. {trustcheck-2.2.1 → trustcheck-2.2.2}/fuzz/fuzz_requirements.py +0 -0
  92. {trustcheck-2.2.1 → trustcheck-2.2.2}/mkdocs.yml +0 -0
  93. {trustcheck-2.2.1 → trustcheck-2.2.2}/pyproject.toml +0 -0
  94. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/action.lock +0 -0
  95. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/ci.in +0 -0
  96. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/ci.lock +0 -0
  97. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/fuzz.in +0 -0
  98. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/fuzz.lock +0 -0
  99. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/runtime.in +0 -0
  100. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/runtime.lock +0 -0
  101. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/semgrep.in +0 -0
  102. {trustcheck-2.2.1 → trustcheck-2.2.2}/requirements/semgrep.lock +0 -0
  103. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/acceptance_matrix.py +0 -0
  104. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/benchmark_signature.py +0 -0
  105. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/build_msix_layout.py +0 -0
  106. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/build_standalone.py +0 -0
  107. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/check_mutation_score.py +0 -0
  108. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/dependency_bounds.py +0 -0
  109. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/github_plagiarism_scan.py +0 -0
  110. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/smoke_test_distribution.py +0 -0
  111. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/trustcheck_binary.py +0 -0
  112. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/update_benchmark_table.py +0 -0
  113. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/update_coverage_badge.py +0 -0
  114. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/validate_sarif.py +0 -0
  115. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/verify_release_channels.py +0 -0
  116. {trustcheck-2.2.1 → trustcheck-2.2.2}/scripts/verify_release_version.py +0 -0
  117. {trustcheck-2.2.1 → trustcheck-2.2.2}/setup.cfg +0 -0
  118. {trustcheck-2.2.1 → trustcheck-2.2.2}/snap/README.md +0 -0
  119. {trustcheck-2.2.1 → trustcheck-2.2.2}/snap/gui/icon.png +0 -0
  120. {trustcheck-2.2.1 → trustcheck-2.2.2}/snap/snapcraft.yaml +0 -0
  121. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/__init__.py +0 -0
  122. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/__main__.py +0 -0
  123. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/_resolver_guard.py +0 -0
  124. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/advisories.py +0 -0
  125. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/artifacts.py +0 -0
  126. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/attestations.py +0 -0
  127. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cache.py +0 -0
  128. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli.py +0 -0
  129. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/__init__.py +0 -0
  130. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/context.py +0 -0
  131. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/diff.py +0 -0
  132. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/doctor.py +0 -0
  133. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/environment.py +0 -0
  134. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/impact.py +0 -0
  135. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/inspect.py +0 -0
  136. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/install.py +0 -0
  137. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/manifest.py +0 -0
  138. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_commands/scan.py +0 -0
  139. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_models.py +0 -0
  140. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_render.py +0 -0
  141. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_runtime.py +0 -0
  142. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/cli_targets.py +0 -0
  143. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/contract.py +0 -0
  144. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/diff.py +0 -0
  145. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/doctor.py +0 -0
  146. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/dynamic.py +0 -0
  147. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/export_models.py +0 -0
  148. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/export_xml.py +0 -0
  149. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/exports.py +0 -0
  150. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/github_action.py +0 -0
  151. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/impact.py +0 -0
  152. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/indexes.py +0 -0
  153. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/lockfiles.py +0 -0
  154. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/malicious.py +0 -0
  155. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/manifest.py +0 -0
  156. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/models.py +0 -0
  157. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/plugins.py +0 -0
  158. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/policy.py +0 -0
  159. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/pre_commit.py +0 -0
  160. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/provenance.py +0 -0
  161. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/py.typed +0 -0
  162. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/pypi.py +0 -0
  163. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/remediation.py +0 -0
  164. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/remediation_models.py +0 -0
  165. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/remediation_render.py +0 -0
  166. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/resolver.py +0 -0
  167. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/resume.py +0 -0
  168. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/schemas.py +0 -0
  169. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/service.py +0 -0
  170. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/service_state.py +0 -0
  171. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/service_urls.py +0 -0
  172. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/snapshots.py +0 -0
  173. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck/workspace.py +0 -0
  174. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck.egg-info/SOURCES.txt +0 -0
  175. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck.egg-info/dependency_links.txt +0 -0
  176. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck.egg-info/entry_points.txt +0 -0
  177. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck.egg-info/requires.txt +0 -0
  178. {trustcheck-2.2.1 → trustcheck-2.2.2}/src/trustcheck.egg-info/top_level.txt +0 -0
  179. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/bad-scan.toml +0 -0
  180. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/cache/5e491d79f8ba9e36d864ae50c690989677616cd509e5b99abb9272c8ad976435.json +0 -0
  181. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/config_non_object.json +0 -0
  182. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/empty-scan.toml +0 -0
  183. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/empty-scan.txt +0 -0
  184. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/invalid-scan.txt +0 -0
  185. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/policy_non_object.json +0 -0
  186. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/scan-poetry.toml +0 -0
  187. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/_tmp/scan-project.toml +0 -0
  188. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/fixtures/client_config.json +0 -0
  189. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/fixtures/policy_require_expected_repo.json +0 -0
  190. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/fixtures/requirements-vulnerable.txt +0 -0
  191. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/snapshots/contract_schema.json +0 -0
  192. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/snapshots/report_minimal.json +0 -0
  193. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/snapshots/report_verified.json +0 -0
  194. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_advisories.py +0 -0
  195. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_artifacts.py +0 -0
  196. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_attestations.py +0 -0
  197. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_benchmark_results.py +0 -0
  198. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_binary_security_workflow.py +0 -0
  199. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_ci_workflow.py +0 -0
  200. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_cli.py +0 -0
  201. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_contract.py +0 -0
  202. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_dependency_bounds.py +0 -0
  203. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_diff.py +0 -0
  204. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_docker_workflows.py +0 -0
  205. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_doctor.py +0 -0
  206. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_dynamic.py +0 -0
  207. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_edge_cases.py +0 -0
  208. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_exports.py +0 -0
  209. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_github_action.py +0 -0
  210. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_impact.py +0 -0
  211. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_indexes.py +0 -0
  212. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_install_command.py +0 -0
  213. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_integration_live.py +0 -0
  214. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_lockfiles.py +0 -0
  215. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_malicious.py +0 -0
  216. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_manifest.py +0 -0
  217. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_msix_packaging.py +0 -0
  218. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_mutation_score.py +0 -0
  219. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_performance_extensibility.py +0 -0
  220. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_plagiarism_scan.py +0 -0
  221. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_plugin_security.py +0 -0
  222. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_pre_commit.py +0 -0
  223. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_property_invariants.py +0 -0
  224. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_provenance.py +0 -0
  225. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_public_api.py +0 -0
  226. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_pypi.py +0 -0
  227. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_release_channels.py +0 -0
  228. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_release_executable.py +0 -0
  229. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_release_readiness.py +0 -0
  230. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_release_version.py +0 -0
  231. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_remediation.py +0 -0
  232. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_resolver.py +0 -0
  233. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_resolver_guard.py +0 -0
  234. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_sarif_validation.py +0 -0
  235. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_scan_profiles.py +0 -0
  236. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_service.py +0 -0
  237. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_snap_packaging.py +0 -0
  238. {trustcheck-2.2.1 → trustcheck-2.2.2}/tests/test_workspace.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: trustcheck
3
- Version: 2.2.1
3
+ Version: 2.2.2
4
4
  Summary: Package trust and provenance verification for PyPI consumers.
5
5
  License-Expression: LicenseRef-Trustcheck-Personal-Use
6
6
  Project-URL: Repository, https://github.com/Halfblood-Prince/trustcheck
@@ -1,6 +1,7 @@
1
1
  from __future__ import annotations
2
2
 
3
3
  import argparse
4
+ import http.client
4
5
  import json
5
6
  import re
6
7
  import shutil
@@ -10,8 +11,6 @@ from dataclasses import asdict, dataclass
10
11
  from pathlib import Path
11
12
  from urllib.parse import quote
12
13
 
13
- import urllib3
14
-
15
14
  PACKAGE_LINE = re.compile(
16
15
  r"^(?P<name>[A-Za-z0-9_.-]+)==(?P<version>[^\\\s;]+)(?:\s*;[^\\]+)?(?:\s*\\)?$"
17
16
  )
@@ -103,33 +102,39 @@ def parse_checksums(path: Path) -> dict[str, str]:
103
102
  def read_pypi_json(project: str, version: str) -> Mapping[str, object]:
104
103
  encoded_project = quote(project, safe="")
105
104
  encoded_version = quote(version, safe="")
106
- url = f"https://pypi.org/pypi/{encoded_project}/{encoded_version}/json"
107
- pool = urllib3.PoolManager()
105
+ path = f"/pypi/{encoded_project}/{encoded_version}/json"
108
106
  last_error: Exception | None = None
109
107
  for attempt in range(1, 7):
108
+ connection: http.client.HTTPSConnection | None = None
110
109
  try:
111
- response = pool.request(
110
+ # PyPI host is fixed, and Python 3.12+ verifies TLS certificates by default.
111
+ # nosemgrep
112
+ connection = http.client.HTTPSConnection("pypi.org", timeout=30)
113
+ connection.request(
112
114
  "GET",
113
- url,
115
+ path,
114
116
  headers={
115
117
  "Accept": "application/json",
116
118
  "User-Agent": "trustcheck-homebrew-tap-exporter",
117
119
  },
118
- retries=False,
119
- timeout=urllib3.Timeout(total=30),
120
120
  )
121
+ response = connection.getresponse()
122
+ response_data = response.read()
121
123
  if response.status >= 400:
122
124
  raise ValueError(
123
125
  f"{project}=={version}: PyPI returned HTTP {response.status}"
124
126
  )
125
- payload = json.loads(response.data)
127
+ payload = json.loads(response_data.decode("utf-8"))
126
128
  if not isinstance(payload, dict):
127
129
  raise ValueError(f"{project}=={version}: PyPI returned non-object JSON")
128
130
  return payload
129
- except (urllib3.exceptions.HTTPError, ValueError) as exc:
131
+ except (OSError, http.client.HTTPException, ValueError) as exc:
130
132
  last_error = exc
131
133
  if attempt < 6:
132
134
  time.sleep(10)
135
+ finally:
136
+ if connection is not None:
137
+ connection.close()
133
138
  raise ValueError(f"Unable to read PyPI metadata for {project}=={version}") from last_error
134
139
 
135
140
 
@@ -18,7 +18,7 @@ version_tuple: tuple[int | str, ...]
18
18
  commit_id: str | None
19
19
  __commit_id__: str | None
20
20
 
21
- __version__ = version = 'v2.2.1'
22
- __version_tuple__ = version_tuple = (2, 2, 1)
21
+ __version__ = version = 'v2.2.2'
22
+ __version_tuple__ = version_tuple = (2, 2, 2)
23
23
 
24
24
  __commit_id__ = commit_id = None
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: trustcheck
3
- Version: 2.2.1
3
+ Version: 2.2.2
4
4
  Summary: Package trust and provenance verification for PyPI consumers.
5
5
  License-Expression: LicenseRef-Trustcheck-Personal-Use
6
6
  Project-URL: Repository, https://github.com/Halfblood-Prince/trustcheck
@@ -5,6 +5,7 @@ import tempfile
5
5
  import unittest
6
6
  from collections.abc import Mapping
7
7
  from pathlib import Path
8
+ from unittest.mock import patch
8
9
 
9
10
  from scripts import export_homebrew_tap
10
11
 
@@ -34,6 +35,55 @@ def _pypi_payload(name: str, version: str, sha256: str) -> dict[str, object]:
34
35
 
35
36
 
36
37
  class HomebrewTapExportTests(unittest.TestCase):
38
+ def test_read_pypi_json_uses_stdlib_https_connection(self) -> None:
39
+ class FakeResponse:
40
+ status = 200
41
+
42
+ def read(self) -> bytes:
43
+ return json.dumps({"urls": []}).encode("utf-8")
44
+
45
+ class FakeConnection:
46
+ instances: list[FakeConnection] = []
47
+
48
+ def __init__(self, host: str, *, timeout: int) -> None:
49
+ self.host = host
50
+ self.timeout = timeout
51
+ self.request_args: tuple[str, str] | None = None
52
+ self.request_headers: dict[str, str] | None = None
53
+ self.closed = False
54
+ self.instances.append(self)
55
+
56
+ def request(
57
+ self,
58
+ method: str,
59
+ path: str,
60
+ *,
61
+ headers: dict[str, str],
62
+ ) -> None:
63
+ self.request_args = (method, path)
64
+ self.request_headers = headers
65
+
66
+ def getresponse(self) -> FakeResponse:
67
+ return FakeResponse()
68
+
69
+ def close(self) -> None:
70
+ self.closed = True
71
+
72
+ with patch.object(
73
+ export_homebrew_tap.http.client,
74
+ "HTTPSConnection",
75
+ FakeConnection,
76
+ ):
77
+ payload = export_homebrew_tap.read_pypi_json("demo-package", "1.2.3")
78
+
79
+ self.assertEqual(payload, {"urls": []})
80
+ [connection] = FakeConnection.instances
81
+ self.assertEqual(connection.host, "pypi.org")
82
+ self.assertEqual(connection.timeout, 30)
83
+ self.assertEqual(connection.request_args, ("GET", "/pypi/demo-package/1.2.3/json"))
84
+ self.assertEqual(connection.request_headers["Accept"], "application/json")
85
+ self.assertTrue(connection.closed)
86
+
37
87
  def test_parse_lockfile_reads_pinned_packages_and_hashes(self) -> None:
38
88
  with tempfile.TemporaryDirectory() as tmpdir:
39
89
  lockfile = Path(tmpdir) / "runtime.lock"
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes