Harden NPM repo urls handling #785

pombredanne · pombredanne · commit b0ae573c085e · 2017-10-03T17:02:05.000-07:00
* ensure that url parsing utils do not choke on empty
 * do not populate repo fields in Package if the url is not presemt

Signed-off-by: Philippe Ombredanne &lt;pombredanne@nexb.com&gt;
diff --git a/src/packagedcode/npm.py b/src/packagedcode/npm.py
@@ -323,8 +323,10 @@ def repository_mapper(repo, package):
     if isinstance(repo, basestring):
         package.vcs_repository = parse_repo_url(repo)
     elif isinstance(repo, dict):
-        package.vcs_tool = repo.get('type') or 'git'
-        package.vcs_repository = parse_repo_url(repo.get('url'))
+        repurl = parse_repo_url(repo.get('url'))
+        if repurl:
+            package.vcs_tool = repo.get('type') or 'git'
+            package.vcs_repository = repurl
     return package
 
 
diff --git a/src/packagedcode/utils.py b/src/packagedcode/utils.py
@@ -67,11 +67,18 @@ def parse_repo_url(repo_url):
         https://gitlab.com/foo/private.git
         git@gitlab.com:foo/private.git
     """
+    if not repo_url or not isinstance(repo_url, basestring):
+        return
 
+    repo_url = repo_url.strip()
+    if not repo_url:
+        return
+
+    # TODO: If we match http and https, we may should add more check in
+    # case if the url is not a repo one. For example, check the domain
+    # name in the url...
     is_vcs_url = repo_url.startswith(VCS_URLS)
     if is_vcs_url:
-        # TODO: If we match http and https, we may should add more check in case if the url is not a repo one.
-        # For example, check the domain name in the url...
         return repo_url
 
     if repo_url.startswith('git@'):
diff --git a/tests/packagedcode/data/npm/repo_url/package.json b/tests/packagedcode/data/npm/repo_url/package.json
@@ -0,0 +1,83 @@
+{
+      "name": "react-mobile-navigation-modal",
+      "version": "0.1.0-rc.3",
+      "description": "React mobile navigation modal.",
+      "author": {
+        "name": "Rostyslav Khanas",
+        "email": "rk@try.cards"
+      },
+      "repository": {
+        "type": "git"
+      },
+      "scripts": {
+        "clean": "rimraf lib",
+        "lint": "eslint src",
+        "build": "npm run lint && npm run clean && babel src --out-dir lib"
+      },
+      "files": [
+        "lib"
+      ],
+      "main": "lib/index.js",
+      "dependencies": {
+        "binary-ui-icons": "^0.1.0-rc.8",
+        "binary-ui-stack": "^0.0.1-rc.4",
+        "binary-ui-styles": "^0.1.0-rc.8",
+        "invariant": "^2.2.1",
+        "react-mobile-navigation-core": "^0.1.0-rc.3",
+        "react-mobile-navigation-engine": "^0.1.0-rc.3"
+      },
+      "peerDependencies": {
+        "react": "~15.3.2"
+      },
+      "devDependencies": {
+        "babel": "^6.3.26",
+        "babel-cli": "^6.7.7",
+        "babel-core": "^6.7.7",
+        "babel-eslint": "^6.0.3",
+        "babel-loader": "^6.2.1",
+        "babel-plugin-transform-decorators-legacy": "^1.3.4",
+        "babel-plugin-transform-object-rest-spread": "^6.5.0",
+        "babel-preset-es2015": "^6.3.13",
+        "babel-preset-es2015-allow-top-level-this": "0.0.1",
+        "babel-preset-react": "^6.3.13",
+        "eslint": "^2.5.3",
+        "eslint-config-airbnb": "^9.0.1",
+        "eslint-plugin-import": "^1.5.0",
+        "eslint-plugin-jsx-a11y": "^1.0.2",
+        "eslint-plugin-react": "^5.0.1",
+        "node-uuid": "^1.4.7",
+        "react": "~15.3.2",
+        "react-art": "^0.15.1",
+        "react-dom": "~15.3.2",
+        "react-motion": "^0.4.7",
+        "react-redux": "^4.0.6",
+        "redux": "^3.0.5",
+        "rimraf": "^2.3.4",
+        "webpack": "^1.12.15",
+        "webpack-dev-server": "^1.14.1"
+      },
+      "_id": "react-mobile-navigation-modal@0.1.0-rc.3",
+      "_shasum": "0ae0b2065295b14c9db60852215b3f60d5510a99",
+      "_from": ".",
+      "_npmVersion": "4.3.0",
+      "_nodeVersion": "7.4.0",
+      "_npmUser": {
+        "name": "rtkhanas",
+        "email": "rtkhanas@gmail.com"
+      },
+      "dist": {
+        "shasum": "0ae0b2065295b14c9db60852215b3f60d5510a99",
+        "tarball": "https://registry.npmjs.org/react-mobile-navigation-modal/-/react-mobile-navigation-modal-0.1.0-rc.3.tgz"
+      },
+      "maintainers": [
+        {
+          "name": "rtkhanas",
+          "email": "rtkhanas@gmail.com"
+        }
+      ],
+      "_npmOperationalInternal": {
+        "host": "packages-18-east.internal.npmjs.com",
+        "tmp": "tmp/react-mobile-navigation-modal-0.1.0-rc.3.tgz_1489492444412_0.4683970238547772"
+      },
+      "directories": {}
+}
diff --git a/tests/packagedcode/data/npm/repo_url/package.json.expected b/tests/packagedcode/data/npm/repo_url/package.json.expected
@@ -0,0 +1,229 @@
+{
+  "type": "npm",
+  "name": "react-mobile-navigation-modal",
+  "version": "0.1.0-rc.3",
+  "primary_language": "JavaScript",
+  "packaging": null,
+  "summary": "React mobile navigation modal.",
+  "description": null,
+  "payload_type": null,
+  "size": null,
+  "release_date": null,
+  "authors": [
+    {
+      "type": "person",
+      "name": "Rostyslav Khanas",
+      "email": "rk@try.cards",
+      "url": null
+    }
+  ],
+  "maintainers": [
+    {
+      "type": "person",
+      "name": "rtkhanas",
+      "email": "rtkhanas@gmail.com",
+      "url": null
+    }
+  ],
+  "contributors": [],
+  "owners": [],
+  "packagers": [],
+  "distributors": [],
+  "vendors": [],
+  "keywords": [],
+  "keywords_doc_url": null,
+  "metafile_locations": [
+    "package"
+  ],
+  "metafile_urls": [],
+  "homepage_url": null,
+  "notes": null,
+  "download_urls": [
+    "https://registry.npmjs.org/react-mobile-navigation-modal/-/react-mobile-navigation-modal-0.1.0-rc.3.tgz"
+  ],
+  "download_sha1": "0ae0b2065295b14c9db60852215b3f60d5510a99",
+  "download_sha256": null,
+  "download_md5": null,
+  "bug_tracking_url": null,
+  "support_contacts": [],
+  "code_view_url": null,
+  "vcs_tool": null,
+  "vcs_repository": null,
+  "vcs_revision": null,
+  "copyright_top_level": null,
+  "copyrights": [],
+  "asserted_licenses": [],
+  "legal_file_locations": [],
+  "license_expression": null,
+  "license_texts": [],
+  "notice_texts": [],
+  "dependencies": {
+    "development": [
+      {
+        "name": "babel",
+        "version": null,
+        "version_constraint": "^6.3.26"
+      },
+      {
+        "name": "babel-cli",
+        "version": null,
+        "version_constraint": "^6.7.7"
+      },
+      {
+        "name": "babel-core",
+        "version": null,
+        "version_constraint": "^6.7.7"
+      },
+      {
+        "name": "babel-eslint",
+        "version": null,
+        "version_constraint": "^6.0.3"
+      },
+      {
+        "name": "babel-loader",
+        "version": null,
+        "version_constraint": "^6.2.1"
+      },
+      {
+        "name": "babel-plugin-transform-decorators-legacy",
+        "version": null,
+        "version_constraint": "^1.3.4"
+      },
+      {
+        "name": "babel-plugin-transform-object-rest-spread",
+        "version": null,
+        "version_constraint": "^6.5.0"
+      },
+      {
+        "name": "babel-preset-es2015",
+        "version": null,
+        "version_constraint": "^6.3.13"
+      },
+      {
+        "name": "babel-preset-es2015-allow-top-level-this",
+        "version": null,
+        "version_constraint": "0.0.1"
+      },
+      {
+        "name": "babel-preset-react",
+        "version": null,
+        "version_constraint": "^6.3.13"
+      },
+      {
+        "name": "eslint",
+        "version": null,
+        "version_constraint": "^2.5.3"
+      },
+      {
+        "name": "eslint-config-airbnb",
+        "version": null,
+        "version_constraint": "^9.0.1"
+      },
+      {
+        "name": "eslint-plugin-import",
+        "version": null,
+        "version_constraint": "^1.5.0"
+      },
+      {
+        "name": "eslint-plugin-jsx-a11y",
+        "version": null,
+        "version_constraint": "^1.0.2"
+      },
+      {
+        "name": "eslint-plugin-react",
+        "version": null,
+        "version_constraint": "^5.0.1"
+      },
+      {
+        "name": "node-uuid",
+        "version": null,
+        "version_constraint": "^1.4.7"
+      },
+      {
+        "name": "react",
+        "version": null,
+        "version_constraint": "~15.3.2"
+      },
+      {
+        "name": "react-art",
+        "version": null,
+        "version_constraint": "^0.15.1"
+      },
+      {
+        "name": "react-dom",
+        "version": null,
+        "version_constraint": "~15.3.2"
+      },
+      {
+        "name": "react-motion",
+        "version": null,
+        "version_constraint": "^0.4.7"
+      },
+      {
+        "name": "react-redux",
+        "version": null,
+        "version_constraint": "^4.0.6"
+      },
+      {
+        "name": "redux",
+        "version": null,
+        "version_constraint": "^3.0.5"
+      },
+      {
+        "name": "rimraf",
+        "version": null,
+        "version_constraint": "^2.3.4"
+      },
+      {
+        "name": "webpack",
+        "version": null,
+        "version_constraint": "^1.12.15"
+      },
+      {
+        "name": "webpack-dev-server",
+        "version": null,
+        "version_constraint": "^1.14.1"
+      }
+    ],
+    "runtime": [
+      {
+        "name": "binary-ui-icons",
+        "version": null,
+        "version_constraint": "^0.1.0-rc.8"
+      },
+      {
+        "name": "binary-ui-stack",
+        "version": null,
+        "version_constraint": "^0.0.1-rc.4"
+      },
+      {
+        "name": "binary-ui-styles",
+        "version": null,
+        "version_constraint": "^0.1.0-rc.8"
+      },
+      {
+        "name": "invariant",
+        "version": null,
+        "version_constraint": "^2.2.1"
+      },
+      {
+        "name": "react-mobile-navigation-core",
+        "version": null,
+        "version_constraint": "^0.1.0-rc.3"
+      },
+      {
+        "name": "react-mobile-navigation-engine",
+        "version": null,
+        "version_constraint": "^0.1.0-rc.3"
+      }
+    ],
+    "optional": [
+      {
+        "name": "react",
+        "version": null,
+        "version_constraint": "~15.3.2"
+      }
+    ]
+  },
+  "related_packages": []
+}
diff --git a/tests/packagedcode/test_npm.py b/tests/packagedcode/test_npm.py
@@ -135,3 +135,10 @@ def test_parse_from_urls_dict_legacy_is_ignored(self):
         package = npm.parse(test_file)
         self.check_package(package, expected_loc, regen=False, fix_locations=False)
         package.validate()
+
+    def test_parse_does_not_crash_if_partial_repo_url(self):
+        test_file = self.get_test_loc('npm/repo_url/package.json')
+        expected_loc = self.get_test_loc('npm/repo_url/package.json.expected')
+        package = npm.parse(test_file)
+        self.check_package(package, expected_loc, regen=False, fix_locations=False)
+        package.validate()
diff --git a/tests/packagedcode/test_package_utils.py b/tests/packagedcode/test_package_utils.py
@@ -106,3 +106,8 @@ def test_parse_git_repo_url_without_slash_slash(self):
         test = 'git@github.com/Filirom1/npm2aur.git'
         expected = 'https://github.com/Filirom1/npm2aur.git'
         assert expected == parse_repo_url(test)
+
+    def test_parse_repo_url_does_not_fail_on_empty(self):
+        assert None == parse_repo_url(None)
+        assert None == parse_repo_url('')
+        assert None == parse_repo_url(' ')
