def __init__(self, packages: List[Package], ecosystem: Ecosystem):
"""Create NormalizedPackages by removing all duplicates from packages."""
self._packages = packages
self._ecosystem = ecosystem
self._dependency_graph: Dict[Package, Set[Package]] = defaultdict(set)
for package in packages:
# clone without dependencies field
if ecosystem == "golang":
package.name = package.name.split("@")[0]
_, package.version = GolangDependencyTreeGenerator.clean_version(
package.version)
package_clone = Package(name=package.name, version=package.version)
self._dependency_graph[package_clone] = self._dependency_graph[
package_clone] or set()
for trans_package in package.dependencies or []:
trans_clone = Package(name=trans_package.name,
version=trans_package.version)
self._dependency_graph[package].add(trans_clone)
# unfold set of Package into flat set of Package
self._transtives: Set[Package] = {
d
for dep in self._dependency_graph.values() for d in dep
}
self._directs = frozenset(self._dependency_graph.keys())
self._all = self._directs.union(self._transtives)
def ca_validate_input(input_json: Dict, ecosystem: str) -> Tuple[List[Dict], List[Package]]:
"""Validate CA Input."""
logger.debug('Validating ca input data.')
if not input_json:
error_msg = "Expected JSON request"
raise BadRequest(error_msg)
if not isinstance(input_json, dict):
error_msg = "Expected list of dependencies in JSON request"
raise BadRequest(error_msg)
if not check_for_accepted_ecosystem(ecosystem):
error_msg: str = f"Ecosystem {ecosystem} is not supported for this request"
raise BadRequest(error_msg)
if not input_json.get('package_versions'):
error_msg: str = "package_versions is missing"
raise BadRequest(error_msg)
gh = GithubUtils()
packages_list = []
normalised_input_pkgs = []
for pkg in input_json.get('package_versions'):
pseudo_version = False
package = given_package = pkg.get("package")
clean_version = given_version = pkg.get("version")
if not all([package, given_version]):
error_msg = "Invalid Input: Package, Version are required."
raise BadRequest(error_msg)
if (not isinstance(given_version, str)) or (not isinstance(package, str)):
error_msg = "Package version should be string format only."
raise BadRequest(error_msg)
if not validate_version(given_version):
error_msg = "Package version should not have special characters."
raise BadRequest(error_msg)
if ecosystem == 'maven':
package = MavenCoordinates.normalize_str(package)
if ecosystem == 'pypi':
package = package.lower()
if ecosystem == 'golang':
_, clean_version = GolangDependencyTreeGenerator.clean_version(given_version)
pseudo_version = gh.is_pseudo_version(clean_version)
# Strip module appended to the package name
package = package.split('@')[0]
packages_list.append(
{"name": package, "given_name": given_package,
"version": clean_version, "given_version": given_version,
"is_pseudo_version": pseudo_version})
normalised_input_pkgs.append(normlize_packages(package, given_package, clean_version,
given_version, pseudo_version))
return packages_list, normalised_input_pkgs
def test_parse_go_string(self):
"""Test for Parse go string."""
ideal_res = {
'from': 'github.com/hashicorp/consul/[email protected]',
'package': 'github.com/hashicorp/consul/sdk',
'given_version': 'v0.1.1',
'is_semver': True,
'version': '0.1.1'
}
res = GolangDependencyTreeGenerator()._parse_string(
'github.com/hashicorp/consul/[email protected]')
assert res == ideal_res
def clean_and_get_pkgs(packages) -> Tuple[List[Package], List[str]]:
"""Clean and get golang packages."""
all_packages: List[Package] = []
all_modules: List[str] = []
gh = GithubUtils()
for direct in packages:
pkg_name, pkg_mod = get_golang_metadata(direct)
_, package_version = GolangDependencyTreeGenerator.clean_version(
direct.version)
pkg = Package(name=pkg_name, version=package_version, dependencies=[])
if gh.is_pseudo_version(package_version):
all_modules.append(pkg_mod)
for trans_pkg in direct.dependencies or []:
trans_name, trans_mod = get_golang_metadata(trans_pkg)
_, trans_version = GolangDependencyTreeGenerator.clean_version(
trans_pkg.version)
trans = Package(name=trans_name, version=trans_version)
pkg.dependencies.append(trans)
if gh.is_pseudo_version(trans_version):
all_modules.append(trans_mod)
all_packages.append(pkg)
return all_packages, all_modules
def test_parse_go_string_error(self):
"""Test for Parse go string Raise Error."""
res = GolangDependencyTreeGenerator()._parse_string
self.assertRaises(ValueError, res,
"github.com/hashicorp/consul/[email protected]@bla")
def clean_version(version):
"""Clean Version."""
# TODO: Remove caller from Component Analyses for Golang.
return GoTree.clean_version(version)