def __init__(self, poetry_lock_contents: str) -> None:
super().__init__()
poetry_lock = load_toml(poetry_lock_contents)
for package in poetry_lock['package']:
component = Component(name=package['name'],
version=package['version'],
purl=PackageURL(type='pypi',
name=package['name'],
version=package['version']))
for file_metadata in poetry_lock['metadata']['files'][
package['name']]:
try:
component.add_external_reference(
ExternalReference(
reference_type=ExternalReferenceType.DISTRIBUTION,
url=component.get_pypi_url(),
comment=
f'Distribution file: {file_metadata["file"]}',
hashes=[
HashType.from_composite_str(
file_metadata['hash'])
]))
except UnknownHashTypeException:
# @todo add logging for this type of exception?
pass
self._components.append(component)
def __init__(self, pipenv_contents: str) -> None:
super().__init__()
pipfile_lock_contents = json.loads(pipenv_contents)
pipfile_default: Dict[str, Dict[
str, Any]] = pipfile_lock_contents.get('default') or {}
for (package_name, package_data) in pipfile_default.items():
c = Component(name=package_name,
version=str(
package_data.get('version')
or 'unknown').lstrip('='),
purl=PackageURL(type='pypi',
name=package_name,
version=str(
package_data.get('version')
or 'unknown').lstrip('=')))
if package_data.get('index') == 'pypi' and isinstance(
package_data.get('hashes'), list):
# Add download location with hashes stored in Pipfile.lock
for pip_hash in package_data['hashes']:
ext_ref = ExternalReference(
reference_type=ExternalReferenceType.DISTRIBUTION,
url=c.get_pypi_url(),
comment='Distribution available from pypi.org')
ext_ref.add_hash(HashType.from_composite_str(pip_hash))
c.add_external_reference(ext_ref)
self._components.append(c)
def _conda_packages_to_components(self) -> None:
"""
Converts the parsed `CondaPackage` instances into `Component` instances.
"""
for conda_package in self._conda_packages:
c = Component(
name=conda_package['name'], version=str(conda_package['version']),
purl=PackageURL(
type='pypi', name=conda_package['name'], version=str(conda_package['version'])
)
)
c.add_external_reference(ExternalReference(
reference_type=ExternalReferenceType.DISTRIBUTION,
url=conda_package['base_url'],
comment=f"Distribution name {conda_package['dist_name']}"
))
self._components.append(c)
def add_project(
self, project: ProjectEntry, license_name: str, version: str
) -> None:
"""Add a project to the report."""
match = self.github_url.search(project.remote_url)
if match:
component = Component(
name=project.name,
version=version,
component_type=ComponentType.LIBRARY,
purl=PackageURL(
type="github",
name=match.group("repo"),
version=version,
namespace=match.group("group"),
subpath=project.source or None,
),
)
else:
parts = self._split_url(project.remote_url)
component = Component(
name=project.name,
version=version,
component_type=ComponentType.LIBRARY,
purl=PackageURL(
type="generic",
version=version,
qualifiers=f"download_url={project.remote_url}",
namespace=parts[0],
subpath=project.source or None,
),
)
component.add_external_reference(
ExternalReference(
reference_type=ExternalReferenceType.VCS,
url=project.remote_url,
)
)
component.licenses += [LicenseChoice(license_expression=license_name)]
self._bom.add_component(component)