Skip to content

Pip: Add a few sanity checks when parsing license information #5319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 5, 2022
Merged

Pip: Add a few sanity checks when parsing license information #5319

merged 3 commits into from
May 5, 2022

Conversation

sschuberth
Copy link
Member

Please have a look at the individual commit messages for the details.

sschuberth added 2 commits May 4, 2022 10:00
@sschuberth
Pip: Filter out phony packages from the list of installed packages
cfff29d 
So far phony packages have only been filtered out from the dependency
tree, but they should also be removed from the list of installed
packages.

Signed-off-by: Sebastian Schuberth <[email protected]>
@sschuberth
Pip: Only accept single-line licenses
26c3bf0 
There are projects which put the full license text instead of just the
license name into a license field. Omit such texts from the list of
declared licenses by only accepting licenses that do not contain a
newline character.

Signed-off-by: Sebastian Schuberth <[email protected]>
@sschuberth sschuberth requested a review from a team as a code owner May 4, 2022 13:02
@sschuberth sschuberth mentioned this pull request May 4, 2022
Closed
@sschuberth sschuberth enabled auto-merge (rebase) May 4, 2022 13:05
mnonnenmacher
mnonnenmacher requested changes May 4, 2022
View reviewed changes
@sschuberth
Pip: Add a sanity check for a setup.py's license field length
f9ec7f1 
The field is specified to be a "short string" which is "a single line of
text, not more than 200 characters" [1]. Respect that limit, which also
filters out cases where people add full license texts to the field.

[1] https://docs.python.org/3/distutils/setupscript.html#additional-meta-data

Signed-off-by: Sebastian Schuberth <[email protected]>
@sschuberth sschuberth force-pushed the pip-filter-phony-packages-2 branch from c05cda8 to f9ec7f1 Compare May 4, 2022 13:40
@sschuberth sschuberth requested a review from mnonnenmacher May 4, 2022 13:43
@codecov
Copy link

codecov bot commented May 4, 2022

Codecov Report

Merging #5319 (f9ec7f1) into main (fed5ead) will decrease coverage by 0.00%.
The diff coverage is 50.00%.

@@             Coverage Diff              @@
##               main    #5319      +/-   ##
============================================
- Coverage     72.37%   72.37%   -0.01%     
- Complexity     1964     1966       +2     
============================================
  Files           260      260              
  Lines         13899    13900       +1     
  Branches       1960     1961       +1     
============================================
  Hits          10060    10060              
  Misses         2801     2801              
- Partials       1038     1039       +1
Impacted Files Coverage Δ
analyzer/src/main/kotlin/managers/Pip.kt 72.67% <50.00%> (-0.23%) ⬇️
downloader/src/main/kotlin/vcs/Cvs.kt 17.72% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fed5ead...f9ec7f1. Read the comment docs.

@sschuberth sschuberth merged commit 45361e7 into main May 5, 2022
@sschuberth sschuberth deleted the pip-filter-phony-packages-2 branch May 5, 2022 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mnonnenmacher mnonnenmacher mnonnenmacher approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sschuberth @mnonnenmacher