From a3572ba61ca537de8efd0855c774819a963cd212 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 28 Oct 2021 19:23:08 +0200 Subject: [PATCH] slacked pipenv parser Signed-off-by: Jan Kowalleck --- cyclonedx/parser/pipenv.py | 31 +++++++++++++------------- tests/fixtures/pipfile-lock-simple.txt | 2 +- tests/test_parser_pipenv.py | 1 + 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cyclonedx/parser/pipenv.py b/cyclonedx/parser/pipenv.py index a1473f89..1ecb5abc 100644 --- a/cyclonedx/parser/pipenv.py +++ b/cyclonedx/parser/pipenv.py @@ -17,6 +17,7 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. import json +from typing import Any, Dict from . import BaseParser from ..model import ExternalReference, ExternalReferenceType, HashType @@ -27,26 +28,25 @@ class PipEnvParser(BaseParser): def __init__(self, pipenv_contents: str): super().__init__() + pipfile_lock_contents = json.loads(pipenv_contents) + pipfile_default: Dict[str, Dict[str, Any]] = pipfile_lock_contents.get('default') or {} - for package_name in pipfile_lock_contents['default'].keys(): - package_data = pipfile_lock_contents['default'][package_name] + for (package_name, package_data) in pipfile_default.items(): c = Component( - name=package_name, version=str(package_data['version']).strip('='), + name=package_name, + version=str(package_data.get('version') or 'unknown').lstrip('='), ) - - if 'index' in package_data.keys() and package_data['index'] == 'pypi': + if package_data.get('index') == 'pypi' and isinstance(package_data.get('hashes'), list): # Add download location with hashes stored in Pipfile.lock - if 'hashes' in package_data.keys(): - for pip_hash in package_data['hashes']: - - ext_ref = ExternalReference( - reference_type=ExternalReferenceType.DISTRIBUTION, - url=c.get_pypi_url(), - comment='Distribution available from pypi.org' - ) - ext_ref.add_hash(HashType.from_composite_str(pip_hash)) - c.add_external_reference(ext_ref) + for pip_hash in package_data['hashes']: + ext_ref = ExternalReference( + reference_type=ExternalReferenceType.DISTRIBUTION, + url=c.get_pypi_url(), + comment='Distribution available from pypi.org' + ) + ext_ref.add_hash(HashType.from_composite_str(pip_hash)) + c.add_external_reference(ext_ref) self._components.append(c) @@ -56,4 +56,3 @@ class PipEnvFileParser(PipEnvParser): def __init__(self, pipenv_lock_filename: str): with open(pipenv_lock_filename) as r: super(PipEnvFileParser, self).__init__(pipenv_contents=r.read()) - r.close() diff --git a/tests/fixtures/pipfile-lock-simple.txt b/tests/fixtures/pipfile-lock-simple.txt index a872dfb0..c3700a41 100644 --- a/tests/fixtures/pipfile-lock-simple.txt +++ b/tests/fixtures/pipfile-lock-simple.txt @@ -26,4 +26,4 @@ } }, "develop": {} -} \ No newline at end of file +} diff --git a/tests/test_parser_pipenv.py b/tests/test_parser_pipenv.py index 953d953b..770f6575 100644 --- a/tests/test_parser_pipenv.py +++ b/tests/test_parser_pipenv.py @@ -31,6 +31,7 @@ def test_simple(self): parser = PipEnvFileParser(pipenv_lock_filename=tests_pipfile_lock) self.assertEqual(1, parser.component_count()) components = parser.get_components() + self.assertEqual('toml', components[0].get_name()) self.assertEqual('0.10.2', components[0].get_version()) self.assertEqual(len(components[0].get_external_references()), 2)