|
| 1 | +# |
| 2 | +# Copyright (c) nexB Inc. and others. All rights reserved. |
| 3 | +# purldb is a trademark of nexB Inc. |
| 4 | +# SPDX-License-Identifier: Apache-2.0 |
| 5 | +# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. |
| 6 | +# See https://github.com/nexB/purldb for support or download. |
| 7 | +# See https://aboutcode.org for more information about nexB OSS projects. |
| 8 | +# |
| 9 | + |
| 10 | +import logging |
| 11 | + |
| 12 | +import requests |
| 13 | +from packageurl import PackageURL |
| 14 | + |
| 15 | +from minecode import priority_router |
| 16 | +from minecode.miners.pypi import build_packages |
| 17 | + |
| 18 | +""" |
| 19 | +Collect PyPI packages from pypi registries. |
| 20 | +""" |
| 21 | + |
| 22 | +logger = logging.getLogger(__name__) |
| 23 | +handler = logging.StreamHandler() |
| 24 | +logger.addHandler(handler) |
| 25 | +logger.setLevel(logging.INFO) |
| 26 | + |
| 27 | + |
| 28 | +def get_package_json(name, version): |
| 29 | + """ |
| 30 | + Return the contents of the JSON file of the package described by the purl |
| 31 | + field arguments in a string. |
| 32 | + """ |
| 33 | + # Create URLs using purl fields |
| 34 | + url = f"https://pypi.org/pypi/{name}/{version}/json" |
| 35 | + |
| 36 | + try: |
| 37 | + response = requests.get(url) |
| 38 | + response.raise_for_status() |
| 39 | + return response.json() |
| 40 | + except requests.exceptions.HTTPError as err: |
| 41 | + logger.error(f"HTTP error occurred: {err}") |
| 42 | + |
| 43 | + |
| 44 | +def get_all_package_version(name): |
| 45 | + """ |
| 46 | + Return a list of all version numbers for the package name. |
| 47 | + """ |
| 48 | + url = f"https://pypi.org/pypi/{name}/json" |
| 49 | + try: |
| 50 | + response = requests.get(url) |
| 51 | + response.raise_for_status() |
| 52 | + data = response.json() |
| 53 | + # Get all available versions |
| 54 | + versions = list(data["releases"].keys()) |
| 55 | + return versions |
| 56 | + except requests.exceptions.HTTPError as err: |
| 57 | + logger.error(f"HTTP error occurred: {err}") |
| 58 | + |
| 59 | + |
| 60 | +def map_pypi_package(package_url, pipelines, priority=0): |
| 61 | + """ |
| 62 | + Add a pypi `package_url` to the PackageDB. |
| 63 | +
|
| 64 | + Return an error string if any errors are encountered during the process |
| 65 | + """ |
| 66 | + from minecode.model_utils import add_package_to_scan_queue |
| 67 | + from minecode.model_utils import merge_or_create_package |
| 68 | + |
| 69 | + error = "" |
| 70 | + package_json = get_package_json( |
| 71 | + name=package_url.name, |
| 72 | + version=package_url.version, |
| 73 | + ) |
| 74 | + |
| 75 | + if not package_json: |
| 76 | + error = f"Package does not exist on PyPI: {package_url}" |
| 77 | + logger.error(error) |
| 78 | + return error |
| 79 | + |
| 80 | + packages = build_packages(package_json, package_url) |
| 81 | + |
| 82 | + for package in packages: |
| 83 | + db_package, _, _, error = merge_or_create_package(package, visit_level=0) |
| 84 | + if error: |
| 85 | + break |
| 86 | + |
| 87 | + # Submit package for scanning |
| 88 | + if db_package: |
| 89 | + add_package_to_scan_queue( |
| 90 | + package=db_package, pipelines=pipelines, priority=priority |
| 91 | + ) |
| 92 | + |
| 93 | + return error |
| 94 | + |
| 95 | + |
| 96 | +@priority_router.route("pkg:pypi/.*") |
| 97 | +def process_request(purl_str, **kwargs): |
| 98 | + """ |
| 99 | + Process `priority_resource_uri` containing a pypi Package URL (PURL) as a |
| 100 | + URI. |
| 101 | +
|
| 102 | + This involves obtaining Package information for the PURL from pypi and |
| 103 | + using it to create a new PackageDB entry. The package is then added to the |
| 104 | + scan queue afterwards. |
| 105 | + """ |
| 106 | + from minecode.model_utils import DEFAULT_PIPELINES |
| 107 | + |
| 108 | + addon_pipelines = kwargs.get("addon_pipelines", []) |
| 109 | + pipelines = DEFAULT_PIPELINES + tuple(addon_pipelines) |
| 110 | + priority = kwargs.get("priority", 0) |
| 111 | + |
| 112 | + package_url = PackageURL.from_string(purl_str) |
| 113 | + |
| 114 | + if not package_url.version: |
| 115 | + versions = get_all_package_version(package_url.name) |
| 116 | + for version in versions: |
| 117 | + # package_url.version cannot be set as it will raise |
| 118 | + # AttributeError: can't set attribute |
| 119 | + # package_url.version = version |
| 120 | + purl = purl_str + "@" + version |
| 121 | + package_url = PackageURL.from_string(purl) |
| 122 | + error_msg = map_pypi_package(package_url, pipelines, priority) |
| 123 | + |
| 124 | + if error_msg: |
| 125 | + return error_msg |
| 126 | + else: |
| 127 | + error_msg = map_pypi_package(package_url, pipelines, priority) |
| 128 | + |
| 129 | + if error_msg: |
| 130 | + return error_msg |
0 commit comments