UNPKG

snyk-docker-plugin

Version:

Snyk CLI docker plugin

github.com/snyk/snyk-docker-plugin

snyk/snyk-docker-plugin

107 lines (96 loc) 3.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import * as semver from "semver"; import { parseExtraNames, specifierValidRange } from "./common"; import { findProvidesExtras } from "./provides-extra"; import type { PythonPackage, PythonRequirement } from "./types"; const PACKAGE_NAME = "Name: "; const PACKAGE_VERSION = "Version: "; const PACKAGE_DEPS = "Requires-Dist: "; const DEP_PARSE_REGEX = /^(?<name>[\w.-]+)((\[(?<extras>.*)\])?)(\s?\(?(?<specifier><|<=|!=|==|>=|>|~=|===)(?<version>[\w.]+)\)?)?/; export function getPackageInfo(fileContent: string): PythonPackage { const lines = fileContent.split("\n"); const providesExtras = findProvidesExtras(lines); let name = ""; let version = ""; const dependencies: PythonRequirement[] = []; for (let line of lines) { line = line.trim(); if (line.length === 0) { continue; } if (line.startsWith(PACKAGE_NAME)) { name = line.substring(PACKAGE_NAME.length); } else if (line.startsWith(PACKAGE_VERSION)) { version = line.substring(PACKAGE_VERSION.length); } else if (line.startsWith(PACKAGE_DEPS)) { const pythonPackage = parseDependency( line.substring(PACKAGE_DEPS.length), providesExtras, ); if (pythonPackage) { dependencies.push(pythonPackage); } } } const validVersion = getParseableVersion(version); return { name: name.toLowerCase(), version: validVersion, dependencies, } as PythonPackage; } // parse a line containing a dependency package name & extras and (optional) specifier + version export function parseDependency( packageDependency: string, providesExtras: string[], ): PythonRequirement | null { packageDependency = packageDependency.trim(); const parsedDep = DEP_PARSE_REGEX.exec(packageDependency); if (!parsedDep?.groups) { return null; } const { name, extras, version, specifier } = parsedDep.groups; return { name: name.toLowerCase(), version, specifier: specifierValidRange(specifier, version), extras: parseExtraNames(extras), extraEnvMarkers: parseExtraEnvMarkers(providesExtras, packageDependency), } as PythonRequirement; } // parse extra environment markers located after the quoted marker // see https://peps.python.org/pep-0508 function parseExtraEnvMarkers( providesExtras: string[], requiresDist?: string, ): string[] { const extraNames = new Set<string>(); // search string after quoted_marker ; const quotedMarker = requiresDist?.split(";"); if (quotedMarker && quotedMarker.length > 1) { for (const extra of providesExtras) { // search for extra env markers for given provides extras const re = new RegExp(`.*extra.*("|')(?<extra>${extra})("|').*`); if (re.exec(quotedMarker[1])) { extraNames.add(extra); } } } return Array.from(extraNames); } function getParseableVersion(versionString: string): string { const validVersion = semver.coerce(versionString); if (!validVersion) { throw new PythonInvalidVersionError( `version ${versionString} is not compatible with semver and cannot be compared`, ); } if ( versionString.indexOf(validVersion.version) === 0 && /^\d+(\.\d+)+$/.test(versionString) ) { return versionString; } return validVersion.version; } export class PythonInvalidVersionError extends Error {}