Skip to content

fix: Fail more gracefully when pip --dry-run doesn't work #2476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Jan 18, 2023
Merged

fix: Fail more gracefully when pip --dry-run doesn't work #2476

Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
f84eb85
Update python.py
metabiswadeep Dec 29, 2022
916b12e
Update python.py
metabiswadeep Dec 29, 2022
836d75b
Update python.py
metabiswadeep Dec 30, 2022
68642bc
Update python.py
metabiswadeep Dec 30, 2022
912e1fe
Update python.py
metabiswadeep Dec 30, 2022
cbe944e
Update python.py
metabiswadeep Dec 30, 2022
6af1c7b
Update python.py
metabiswadeep Dec 30, 2022
2bd6116
Linting
metabiswadeep Dec 30, 2022
983388e
Changed error message
metabiswadeep Jan 5, 2023
dda8039
Merge branch 'main' into parser
metabiswadeep Jan 5, 2023
4904e7c
Update python.py
metabiswadeep Jan 7, 2023
9b4ab76
Added checking of pip version
metabiswadeep Jan 11, 2023
a0167d2
Merge branch 'main' into parser
metabiswadeep Jan 11, 2023
b437a16
Linting
metabiswadeep Jan 11, 2023
cb1b2e8
Update python.py
metabiswadeep Jan 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 25 additions & 11 deletions cve_bin_tool/parsers/python.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ def __init__(self, cve_db, logger):

def run_checker(self, filename):
self.filename = filename
lines = json.loads(
subprocess.check_output(
try:
output = subprocess.check_output(
[
"pip3",
"install",
Expand All @@ -28,16 +28,30 @@ def run_checker(self, filename):
"--report",
"-",
"--quiet",
]
],
stderr=subprocess.STDOUT,
)
)
for line in lines["install"]:
product = line["metadata"]["name"]
version = line["metadata"]["version"]
vendor = self.find_vendor(product, version)
if vendor is not None:
yield from vendor
self.logger.debug(f"Done scanning file: {self.filename}")
except subprocess.CalledProcessError as e:
self.logger.error(e.output)
pip_version = subprocess.check_output(["pip3", "--version"])
pip_version = float(pip_version[6:10])
if pip_version < 22.2:
self.logger.error(
f"{filename} not scanned: pip --dry-run was unable to get package versions."
)
self.logger.error(
"pip version >= 22.2 is required to scan Python requirements files."
)
else:
output = output[127:]
lines = json.loads(output)
for line in lines["install"]:
product = line["metadata"]["name"]
version = line["metadata"]["version"]
vendor = self.find_vendor(product, version)
if vendor is not None:
yield from vendor
self.logger.debug(f"Done scanning file: {self.filename}")


class PythonParser(Parser):
Expand Down