diff --git a/pyproject.toml b/pyproject.toml index 64e4addc..b0f07653 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,3 @@ [build-system] -requires = ["setuptools>=42", "insecure-package" - - ] +requires = ["setuptools>=42"] build-backend = "setuptools.build_meta" - diff --git a/safety/scan/ecosystems/python/dependencies.py b/safety/scan/ecosystems/python/dependencies.py index 005f846d..a8dd4372 100644 --- a/safety/scan/ecosystems/python/dependencies.py +++ b/safety/scan/ecosystems/python/dependencies.py @@ -2,7 +2,6 @@ from pathlib import Path import sys from typing import Generator, List, Optional -import toml from safety_schemas.models import FileType, PythonDependency from safety_schemas.models.package import PythonSpecification from ..base import InspectableFile @@ -270,55 +269,6 @@ def read_virtual_environment_dependencies(f: InspectableFile) -> Generator[Pytho latest_version_without_known_vulnerabilities=None, more_info_url=None) -def read_pyproject_toml_dependencies(file: Path) -> Generator[PythonDependency, None, None]: - data = toml.load(file) - dependencies = [] - - # Handle 'build-system.requires' - if 'build-system' in data and 'requires' in data['build-system']: - dependencies.extend(data['build-system']['requires']) - - # Handle 'project.dependencies' - if 'project' in data and 'dependencies' in data['project']: - dependencies.extend(data['project']['dependencies']) - - # Handle 'project.optional-dependencies' - if 'project' in data and 'optional-dependencies' in data['project']: - for opt_deps in data['project']['optional-dependencies'].values(): - dependencies.extend(opt_deps) - - # Handle 'tool.poetry.dependencies' - if 'tool' in data and 'poetry' in data['tool'] and 'dependencies' in data['tool']['poetry']: - for dep, version in data['tool']['poetry']['dependencies'].items(): - if isinstance(version, str): - dependencies.append(f"{dep}=={version}") - else: - dependencies.append(dep) - - # Handle 'tool.poetry.dev-dependencies' - if 'tool' in data and 'poetry' in data['tool'] and 'dev-dependencies' in data['tool']['poetry']: - for dep, version in data['tool']['poetry']['dev-dependencies'].items(): - if isinstance(version, str): - dependencies.append(f"{dep}=={version}") - else: - dependencies.append(dep) - - for dep in dependencies: - dep_name, dep_version = (dep.split("==") + [None])[:2] - yield PythonDependency( - name=dep_name, - version=dep_version, - specifications=[ - PythonSpecification(f"{dep_name}=={dep_version}" if dep_version else dep_name, found=file) - ], - found=file, - insecure_versions=[], - secure_versions=[], - latest_version=None, - latest_version_without_known_vulnerabilities=None, - more_info_url=None - ) - def get_dependencies(f: InspectableFile) -> List[PythonDependency]: """ Gets the dependencies for the given inspectable file. @@ -333,13 +283,11 @@ def get_dependencies(f: InspectableFile) -> List[PythonDependency]: return [] if f.file_type in [FileType.REQUIREMENTS_TXT, FileType.POETRY_LOCK, - FileType.PIPENV_LOCK]: + FileType.PIPENV_LOCK, FileType.PYPROJECT_TOML]: return list(read_dependencies(f.file, resolve=True)) if f.file_type == FileType.VIRTUAL_ENVIRONMENT: return list(read_virtual_environment_dependencies(f)) - if f.file_type == FileType.PYPROJECT_TOML: - return list(read_pyproject_toml_dependencies(Path(f.file.name))) return [] diff --git a/safety/scan/finder/file_finder.py b/safety/scan/finder/file_finder.py index c328475a..4765e348 100644 --- a/safety/scan/finder/file_finder.py +++ b/safety/scan/finder/file_finder.py @@ -150,13 +150,6 @@ def process_directory(self, dir_path: str, max_deep: Optional[int] = None) -> Tu files[file_type.value].add(inspectable_file) break - special_files = {'pyproject.toml', 'env.yml', 'env.yaml'} - if file_name in special_files: - file_type = FileType(file_name) - inspectable_file = Path(root, file_name) - if file_type.value not in files or not files[file_type.value]: - files[file_type.value] = set() - files[file_type.value].add(inspectable_file) level += 1