Skip to content

Commit

Permalink
fix/clean-up
Browse files Browse the repository at this point in the history
  • Loading branch information
dylanpulver committed Oct 24, 2024
1 parent bc06211 commit 8748d5b
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 64 deletions.
5 changes: 1 addition & 4 deletions pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
[build-system]
requires = ["setuptools>=42", "insecure-package"

]
requires = ["setuptools>=42"]
build-backend = "setuptools.build_meta"

54 changes: 1 addition & 53 deletions safety/scan/ecosystems/python/dependencies.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
from pathlib import Path
import sys
from typing import Generator, List, Optional
import toml
from safety_schemas.models import FileType, PythonDependency
from safety_schemas.models.package import PythonSpecification
from ..base import InspectableFile
Expand Down Expand Up @@ -270,55 +269,6 @@ def read_virtual_environment_dependencies(f: InspectableFile) -> Generator[Pytho
latest_version_without_known_vulnerabilities=None,
more_info_url=None)

def read_pyproject_toml_dependencies(file: Path) -> Generator[PythonDependency, None, None]:
data = toml.load(file)
dependencies = []

# Handle 'build-system.requires'
if 'build-system' in data and 'requires' in data['build-system']:
dependencies.extend(data['build-system']['requires'])

# Handle 'project.dependencies'
if 'project' in data and 'dependencies' in data['project']:
dependencies.extend(data['project']['dependencies'])

# Handle 'project.optional-dependencies'
if 'project' in data and 'optional-dependencies' in data['project']:
for opt_deps in data['project']['optional-dependencies'].values():
dependencies.extend(opt_deps)

# Handle 'tool.poetry.dependencies'
if 'tool' in data and 'poetry' in data['tool'] and 'dependencies' in data['tool']['poetry']:
for dep, version in data['tool']['poetry']['dependencies'].items():
if isinstance(version, str):
dependencies.append(f"{dep}=={version}")
else:
dependencies.append(dep)

# Handle 'tool.poetry.dev-dependencies'
if 'tool' in data and 'poetry' in data['tool'] and 'dev-dependencies' in data['tool']['poetry']:
for dep, version in data['tool']['poetry']['dev-dependencies'].items():
if isinstance(version, str):
dependencies.append(f"{dep}=={version}")
else:
dependencies.append(dep)

for dep in dependencies:
dep_name, dep_version = (dep.split("==") + [None])[:2]
yield PythonDependency(
name=dep_name,
version=dep_version,
specifications=[
PythonSpecification(f"{dep_name}=={dep_version}" if dep_version else dep_name, found=file)
],
found=file,
insecure_versions=[],
secure_versions=[],
latest_version=None,
latest_version_without_known_vulnerabilities=None,
more_info_url=None
)

def get_dependencies(f: InspectableFile) -> List[PythonDependency]:
"""
Gets the dependencies for the given inspectable file.
Expand All @@ -333,13 +283,11 @@ def get_dependencies(f: InspectableFile) -> List[PythonDependency]:
return []

if f.file_type in [FileType.REQUIREMENTS_TXT, FileType.POETRY_LOCK,
FileType.PIPENV_LOCK]:
FileType.PIPENV_LOCK, FileType.PYPROJECT_TOML]:
return list(read_dependencies(f.file, resolve=True))

if f.file_type == FileType.VIRTUAL_ENVIRONMENT:
return list(read_virtual_environment_dependencies(f))

if f.file_type == FileType.PYPROJECT_TOML:
return list(read_pyproject_toml_dependencies(Path(f.file.name)))

return []
7 changes: 0 additions & 7 deletions safety/scan/finder/file_finder.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,13 +150,6 @@ def process_directory(self, dir_path: str, max_deep: Optional[int] = None) -> Tu
files[file_type.value].add(inspectable_file)
break

special_files = {'pyproject.toml', 'env.yml', 'env.yaml'}
if file_name in special_files:
file_type = FileType(file_name)
inspectable_file = Path(root, file_name)
if file_type.value not in files or not files[file_type.value]:
files[file_type.value] = set()
files[file_type.value].add(inspectable_file)
level += 1


Expand Down

0 comments on commit 8748d5b

Please sign in to comment.