aboutcode-org
diff --git a/‎minecode/collectors/cargo.py‎
Lines changed: 98 additions & 0 deletions b/‎minecode/collectors/cargo.py‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎minecode/miners/cargo.py‎
Lines changed: 91 additions & 0 deletions b/‎minecode/miners/cargo.py‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎minecode/tests/collectors/test_cargo.py‎
Lines changed: 57 additions & 0 deletions b/‎minecode/tests/collectors/test_cargo.py‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎minecode/tests/miners/test_cargo.py‎
Lines changed: 44 additions & 0 deletions b/‎minecode/tests/miners/test_cargo.py‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎minecode/tests/testfiles/cargo/expected-sam-0.3.1.json‎
Lines changed: 69 additions & 0 deletions b/‎minecode/tests/testfiles/cargo/expected-sam-0.3.1.json‎
Lines changed: 69 additions & 0 deletions
@@ -0,0 +1,98 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+
+import requests
+from packageurl import PackageURL
+
+from minecode import priority_router
+from minecode.miners.cargo import build_packages
+from packagedb.models import PackageContentType
+
+"""
+Collect Cargo packages from cargo registries.
+"""
+
+logger = logging.getLogger(__name__)
+handler = logging.StreamHandler()
+logger.addHandler(handler)
+logger.setLevel(logging.INFO)
+
+
+def get_package_json(name):
+    """
+    Return the contents of the JSON file of the package.
+    """
+    # Create URLs using purl fields
+    url = f"https://crates.io/api/v1/crates/{name}"
+
+    try:
+        response = requests.get(url)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.HTTPError as err:
+        logger.error(f"HTTP error occurred: {err}")
+
+
+def map_cargo_package(package_url, pipelines, priority=0):
+    """
+    Add a cargo `package_url` to the PackageDB.
+
+    Return an error string if any errors are encountered during the process
+    """
+    from minecode.model_utils import add_package_to_scan_queue
+    from minecode.model_utils import merge_or_create_package
+
+    package_json = get_package_json(name=package_url.name)
+
+    if not package_json:
+        error = f"Package does not exist on crates.io: {package_url}"
+        logger.error(error)
+        return error
+
+    packages = build_packages(package_json, package_url)
+
+    for package in packages:
+        package.extra_data["package_content"] = PackageContentType.SOURCE_ARCHIVE
+        db_package, _, _, error = merge_or_create_package(package, visit_level=0)
+        if error:
+            break
+
+        # Submit package for scanning
+        if db_package:
+            add_package_to_scan_queue(
+                package=db_package, pipelines=pipelines, priority=priority
+            )
+
+    return error
+
+
+@priority_router.route("pkg:cargo/.*")
+def process_request(purl_str, **kwargs):
+    """
+    Process `priority_resource_uri` containing a cargo Package URL (PURL) as a
+    URI.
+
+    This involves obtaining Package information for the PURL from cargo and
+    using it to create a new PackageDB entry. The package is then added to the
+    scan queue afterwards.
+    """
+    from minecode.model_utils import DEFAULT_PIPELINES
+
+    addon_pipelines = kwargs.get("addon_pipelines", [])
+    pipelines = DEFAULT_PIPELINES + tuple(addon_pipelines)
+    priority = kwargs.get("priority", 0)
+
+    package_url = PackageURL.from_string(purl_str)
+
+    error_msg = map_cargo_package(package_url, pipelines, priority)
+
+    if error_msg:
+        return error_msg
@@ -0,0 +1,91 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import requests
+from packagedcode import models as scan_models
+
+
+def build_packages(metadata_dict, purl):
+    """
+    Yield ScannedPackage built from crates.io.
+
+    The metadata_dict is a dictionary. It consists of four primary
+    components: crate, version, keywords, and categories. Among these, the
+    version is the key focus, while the other three provide a summary of
+    the package.
+
+    purl: String value of the package url of the ResourceURI object
+    """
+    purl_version = purl.version
+    versions = metadata_dict["versions"]
+    for version_info in versions:
+        version = version_info["num"]
+        if purl_version and not purl_version == version:
+            continue
+        description = version_info["description"]
+        name = version_info["crate"]
+        homepage_url = version_info["homepage"]
+        repository_homepage_url = version_info["repository"]
+
+        extracted_license_statement = []
+        lic = version_info["license"]
+        if lic and lic != "UNKNOWN":
+            extracted_license_statement.append(lic)
+
+        kw = metadata_dict["crate"]["keywords"]
+
+        # mapping of information that are common to all the downloads of a
+        # version
+        common_data = dict(
+            name=name,
+            version=version,
+            description=description,
+            homepage_url=homepage_url,
+            repository_homepage_url=repository_homepage_url,
+            extracted_license_statement=extracted_license_statement,
+            keywords=kw,
+        )
+
+        if version_info["published_by"]:
+            if version_info["published_by"]["name"]:
+                author = version_info["published_by"]["name"]
+            else:
+                author = version_info["published_by"]["login"]
+
+            if author:
+                parties = common_data.get("parties")
+                if not parties:
+                    common_data["parties"] = []
+                common_data["parties"].append(
+                    scan_models.Party(name=author, role="author")
+                )
+
+        download_path = version_info["dl_path"]
+        if download_path:
+            # As the  consistently ends with "/download" (e.g.,
+            # "/api/v1/crates/purl/0.1.5/download"), we need to obtain the
+            # redirected URL to ensure the filename is not simply
+            # "download."
+            download_url = "https://crates.io/" + download_path
+            response = requests.head(download_url, allow_redirects=True)
+            download_url = response.url
+
+            download_data = dict(
+                datasource_id="cargo_pkginfo",
+                type="cargo",
+                download_url=download_url,
+                size=version_info["crate_size"],
+                sha256=version_info["checksum"],
+            )
+            download_data.update(common_data)
+            package = scan_models.PackageData.from_data(download_data)
+
+            package.datasource_id = "cargo_api_metadata"
+            package.set_purl(purl)
+            yield package
@@ -0,0 +1,57 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import json
+import os
+
+from django.test import TestCase as DjangoTestCase
+
+from packageurl import PackageURL
+
+import packagedb
+from minecode.collectors import cargo
+from minecode.utils_test import JsonBasedTesting
+
+
+class CargoPriorityQueueTests(JsonBasedTesting, DjangoTestCase):
+    test_data_dir = os.path.join(
+        os.path.dirname(os.path.dirname(__file__)), "testfiles"
+    )
+
+    def setUp(self):
+        super().setUp()
+        self.expected_json_loc = self.get_test_loc("cargo/sam.json")
+        with open(self.expected_json_loc) as f:
+            self.expected_json_contents = json.load(f)
+
+    def test_get_package_json(self):
+        # As certain fields, such as "downloads," "recent_downloads," and
+        # "num_versions," may vary over time when executing
+        # "cargo.get_package_json(name="sam")", we cannot rely on
+        # "assertEqual" for comparison. Instead, we will verify that the
+        # response includes four primary components: crate, version,
+        # keywords, and categories, and the the "id" under crate is "sam"
+        expected_list = ["crate", "versions", "keywords", "categories"]
+        json_contents = cargo.get_package_json(name="sam")
+        keys = json_contents.keys()
+        self.assertListEqual(list(keys), expected_list)
+        self.assertEqual(json_contents["crate"]["id"], "sam")
+
+    def test_map_npm_package(self):
+        package_count = packagedb.models.Package.objects.all().count()
+        self.assertEqual(0, package_count)
+        package_url = PackageURL.from_string("pkg:cargo/[email protected]")
+        cargo.map_cargo_package(package_url, ("test_pipeline"))
+        package_count = packagedb.models.Package.objects.all().count()
+        self.assertEqual(1, package_count)
+        package = packagedb.models.Package.objects.all().first()
+        expected_purl_str = "pkg:cargo/[email protected]"
+        expected_download_url = "https://static.crates.io/crates/sam/sam-0.3.1.crate"
+        self.assertEqual(expected_purl_str, package.purl)
+        self.assertEqual(expected_download_url, package.download_url)
@@ -0,0 +1,44 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# purldb is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/purldb for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+
+import json
+import os
+
+from django.test import TestCase as DjangoTestCase
+
+from packageurl import PackageURL
+
+from minecode import miners
+from minecode.tests import FIXTURES_REGEN
+from minecode.utils_test import JsonBasedTesting
+
+
+class TestCargoMap(JsonBasedTesting, DjangoTestCase):
+    test_data_dir = os.path.join(
+        os.path.dirname(os.path.dirname(__file__)), "testfiles"
+    )
+
+    def test_build_packages_with_no_version(self):
+        with open(self.get_test_loc("cargo/sam.json")) as cargo_meta:
+            metadata = json.load(cargo_meta)
+        package_url = PackageURL.from_string("pkg:cargo/sam")
+        packages = miners.cargo.build_packages(metadata, package_url)
+        packages = [p.to_dict() for p in packages]
+        expected_loc = self.get_test_loc("cargo/expected-sam.json")
+        self.check_expected_results(packages, expected_loc, regen=FIXTURES_REGEN)
+
+    def test_build_packages_with_version(self):
+        with open(self.get_test_loc("cargo/sam.json")) as cargo_meta:
+            metadata = json.load(cargo_meta)
+        package_url = PackageURL.from_string("pkg:cargo/[email protected]")
+        packages = miners.cargo.build_packages(metadata, package_url)
+        packages = [p.to_dict() for p in packages]
+        expected_loc = self.get_test_loc("cargo/expected-sam-0.3.1.json")
+        self.check_expected_results(packages, expected_loc, regen=FIXTURES_REGEN)
@@ -0,0 +1,69 @@
+[
+  {
+    "type": "cargo",
+    "namespace": null,
+    "name": "sam",
+    "version": "0.3.1",
+    "qualifiers": {},
+    "subpath": null,
+    "primary_language": null,
+    "description": "A compile time instruction assembler.",
+    "release_date": null,
+    "parties": [],
+    "keywords": [],
+    "homepage_url": null,
+    "download_url": "https://static.crates.io/crates/sam/sam-0.3.1.crate",
+    "size": 3769,
+    "sha1": null,
+    "md5": null,
+    "sha256": "5fe15167489125b7403c9730d2c1a4c163466a327f7672444643259e8ad22178",
+    "sha512": null,
+    "bug_tracking_url": null,
+    "code_view_url": null,
+    "vcs_url": null,
+    "copyright": null,
+    "holder": null,
+    "declared_license_expression": "mit",
+    "declared_license_expression_spdx": "MIT",
+    "license_detections": [
+      {
+        "license_expression": "mit",
+        "license_expression_spdx": "MIT",
+        "matches": [
+          {
+            "license_expression": "mit",
+            "license_expression_spdx": "MIT",
+            "from_file": null,
+            "start_line": 1,
+            "end_line": 1,
+            "matcher": "1-spdx-id",
+            "score": 100,
+            "matched_length": 1,
+            "match_coverage": 100,
+            "rule_relevance": 100,
+            "rule_identifier": "spdx-license-identifier-mit-5da48780aba670b0860c46d899ed42a0f243ff06",
+            "rule_url": null,
+            "matched_text": "MIT"
+          }
+        ],
+        "identifier": "mit-a822f434-d61f-f2b1-c792-8b8cb9e7b9bf"
+      }
+    ],
+    "other_license_expression": null,
+    "other_license_expression_spdx": null,
+    "other_license_detections": [],
+    "extracted_license_statement": "- MIT\n",
+    "notice_text": null,
+    "source_packages": [],
+    "file_references": [],
+    "is_private": false,
+    "is_virtual": false,
+    "extra_data": {},
+    "dependencies": [],
+    "repository_homepage_url": "https://github.com/ioncodes/sam",
+    "repository_download_url": null,
+    "api_data_url": null,
+    "datasource_id": "cargo_api_metadata",
+    "purl": "pkg:cargo/[email protected]"
+  }
+]