Provide metadata from manifest files without dependencies

Currently if there is no direct dependencies provided in a manifest file we raise exception and don't process it anymore, but this is incorrect we should provide metadata in manifest files instead of failing altogether

Signed-off-by: Tushar Goel <[email protected]>

Author: TG1999

CHANGELOG.rst

@@ -6,7 +6,8 @@ v0.9.0
 ------
 
 - Add API function for using cleanly as a library.
-
+- Add support for setuptools.setup in live evaluation.
+- Do not fail if no direct dependencies are provided.
 
 v0.8.4
 ------

src/python_inspector/api.py

@@ -192,7 +192,7 @@ def resolver_api(
                     setup_py_file_deps = insecure_setup_py_deps
                     direct_dependencies.extend(insecure_setup_py_deps)
                 else:
-                    raise Exception("Unable to collect setup.py dependencies securely")
+                    printer("Unable to collect setup.py dependencies securely")
 
         package_data.dependencies = setup_py_file_deps
         file_package_data = [package_data.to_dict()]

src/python_inspector/resolution.py

@@ -719,4 +719,6 @@ def get_setup_dependencies(location, analyze_setup_py_insecurely=False, use_requ
         if analyze_setup_py_insecurely:
             yield from parse_reqs_from_setup_py_insecurely(setup_py=setup_py_location)
         else:
-            raise Exception("Unable to collect setup.py dependencies securely")
+            # We should not raise exception here as we may have a setup.py that does not
+            # have any dependencies. We should not fail in this case.
+            print(f"Unable to collect setup.py dependencies securely: {setup_py_location}")

tests/data/setup/no-direct-dependencies-setup.py

@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+from __future__ import absolute_import
+from __future__ import print_function
+
+import unittest
+
+from setuptools import setup
+
+
+def test_suite():
+    return unittest.TestLoader().discover("tests", pattern="test_*.py")
+
+
+setup(
+    name="spdx-tools",
+    version="0.5.4",
+    description="SPDX parser and tools.",
+    packages=["spdx", "spdx.parsers", "spdx.writers", "spdx.parsers.lexers"],
+    package_data={"spdx": ["spdx_licenselist.csv"]},
+    include_package_data=True,
+    zip_safe=False,
+    test_suite="setup.test_suite",
+    install_requires=[],
+    entry_points={
+        "console_scripts": [
+            "spdx-tv2rdf = spdx.tv_to_rdf:main",
+        ],
+    },
+    tests_require=[
+        "xmltodict",
+    ],
+    author="Ahmed H. Ismail",
+    author_email="[email protected]",
+    maintainer="Philippe Ombredanne, SPDX group at the Linux Foundation and others",
+    maintainer_email="[email protected]",
+    url="https://github.com/spdx/tools-python",
+    license="Apache-2.0",
+    classifiers=[
+        "Intended Audience :: Developers",
+        "License :: OSI Approved :: Apache Software License",
+        "Programming Language :: Python :: 2.7",
+    ],
+)

tests/data/setup/no-direct-dependencies-setup.py-expected.json

@@ -0,0 +1,85 @@
+{
+  "headers": {
+    "tool_name": "python-inspector",
+    "tool_homepageurl": "https://github.com/nexB/python-inspector",
+    "tool_version": "0.9.0",
+    "options": [
+      "--index-url https://pypi.org/simple",
+      "--python-version 27",
+      "--operating-system linux",
+      "--json <file>"
+    ],
+    "notice": "Dependency tree generated with python-inspector.\npython-inspector is a free software tool from nexB Inc. and others.\nVisit https://github.com/nexB/python-inspector/ for support and download.",
+    "warnings": [],
+    "errors": []
+  },
+  "files": [
+    {
+      "type": "file",
+      "path": "/home/tg1999/Desktop/python-inspector-1/tests/data/setup/no-direct-dependencies-setup.py",
+      "package_data": [
+        {
+          "type": "pypi",
+          "namespace": null,
+          "name": "spdx-tools",
+          "version": "0.5.4",
+          "qualifiers": {},
+          "subpath": null,
+          "primary_language": "Python",
+          "description": "SPDX parser and tools.",
+          "release_date": null,
+          "parties": [
+            {
+              "type": "person",
+              "role": "author",
+              "name": "Ahmed H. Ismail",
+              "email": "[email protected]",
+              "url": null
+            },
+            {
+              "type": "person",
+              "role": "maintainer",
+              "name": "Philippe Ombredanne, SPDX group at the Linux Foundation and others",
+              "email": "[email protected]",
+              "url": null
+            }
+          ],
+          "keywords": [
+            "Intended Audience :: Developers",
+            "Programming Language :: Python :: 2.7"
+          ],
+          "homepage_url": "https://github.com/spdx/tools-python",
+          "download_url": null,
+          "size": null,
+          "sha1": null,
+          "md5": null,
+          "sha256": null,
+          "sha512": null,
+          "bug_tracking_url": null,
+          "code_view_url": null,
+          "vcs_url": null,
+          "copyright": null,
+          "license_expression": null,
+          "declared_license": {
+            "license": "Apache-2.0",
+            "classifiers": [
+              "License :: OSI Approved :: Apache Software License"
+            ]
+          },
+          "notice_text": null,
+          "source_packages": [],
+          "file_references": [],
+          "extra_data": {},
+          "dependencies": [],
+          "repository_homepage_url": "https://pypi.org/project/spdx-tools",
+          "repository_download_url": "https://pypi.org/packages/source/s/spdx-tools/spdx-tools-0.5.4.tar.gz",
+          "api_data_url": "https://pypi.org/pypi/spdx-tools/0.5.4/json",
+          "datasource_id": "pypi_setup_py",
+          "purl": "pkg:pypi/[email protected]"
+        }
+      ]
+    }
+  ],
+  "packages": [],
+  "resolved_dependencies_graph": {}
+}

tests/test_cli.py

@@ -312,6 +312,20 @@ def test_cli_with_setup_py():
     )
 
 
+@pytest.mark.online
+def test_cli_with_setup_py_no_direct_dependencies():
+    setup_py_file = setup_test_env.get_test_loc("no-direct-dependencies-setup.py")
+    expected_file = setup_test_env.get_test_loc(
+        "no-direct-dependencies-setup.py-expected.json", must_exist=False
+    )
+    check_setup_py_resolution(
+        setup_py=setup_py_file,
+        expected_file=expected_file,
+        regen=REGEN_TEST_FIXTURES,
+        extra_options=["--python-version", "27"],
+    )
+
+
 def check_specs_resolution(
     specifier,
     expected_file,