Universal PyPI package checker (#1199)

* Let progress bar run only for a package list

* Add universal checker for almost all python packages

Author: BreadGenie

cve_bin_tool/package_list_parser/vendor_fetch.py

@@ -23,19 +23,33 @@ def get_vendor_product_pairs(self, package_names):
         SELECT DISTINCT vendor FROM cve_range
         WHERE product=? 
         """
-        for package_name in track(
-            package_names, description="Processing the given list...."
-        ):
-            self.cursor.execute(query, [package_name["name"].lower()])
+        # For python package checkers we don't need the progress bar running
+        if type(package_names) != list:
+            package_name = package_names  # Since package names will only have the 'package name' in it
+            self.cursor.execute(query, [package_name])
             vendors = list(map(lambda x: x[0], self.cursor.fetchall()))
             for vendor in vendors:
                 if vendor != "":
                     vendor_package_pairs.append(
                         {
                             "vendor": vendor,
-                            "product": package_name["name"],
+                            "product": package_name,
                         }
                     )
+        else:
+            for package_name in track(
+                package_names, description="Processing the given list...."
+            ):
+                self.cursor.execute(query, [package_name["name"].lower()])
+                vendors = list(map(lambda x: x[0], self.cursor.fetchall()))
+                for vendor in vendors:
+                    if vendor != "":
+                        vendor_package_pairs.append(
+                            {
+                                "vendor": vendor,
+                                "product": package_name["name"],
+                            }
+                        )
         return vendor_package_pairs
 
     def __enter__(self):

cve_bin_tool/version_scanner.py

@@ -4,6 +4,7 @@
 import os
 import subprocess
 import sys
+from re import search
 
 import pkg_resources
 
@@ -12,6 +13,7 @@
 from cve_bin_tool.extractor import Extractor
 from cve_bin_tool.file import is_binary
 from cve_bin_tool.log import LOGGER
+from cve_bin_tool.package_list_parser.vendor_fetch import VendorFetch
 from cve_bin_tool.strings import Strings
 from cve_bin_tool.util import DirWalk, ProductInfo, inpath
 
@@ -145,9 +147,34 @@ def scan_file(self, filename):
             lines[0] = (
                 "--generated pattern for cve-bin-tool " + lines[0] + " " + lines[1]
             )
+            yield from self.run_python_package_checkers(filename, lines)
 
         yield from self.run_checkers(filename, lines)
 
+    def run_python_package_checkers(self, filename, lines):
+        """
+        This function runs only for python packages.
+        There are no actual checkers.
+        The ProductInfo is computed without the help of any checkers from PKG-INFO or METADATA.
+        """
+        product = search(
+            r"--generated pattern for cve-bin-tool Name: (.+?) Version:", lines[0]
+        ).group(1)
+        version = search(r"Version: (.+?)$", lines[1]).group(1)
+
+        with VendorFetch() as vendor_fetch:
+            vendor_package_pair = vendor_fetch.get_vendor_product_pairs(product)
+
+        if vendor_package_pair != []:
+            vendor = vendor_package_pair[0]["vendor"]
+            file_path = "".join(self.file_stack)
+
+            self.logger.info(f"{file_path} is {product} {version}")
+
+            yield ProductInfo(vendor, product, version), file_path
+
+        self.logger.debug(f"Done scanning file: {filename}")
+
     def run_checkers(self, filename, lines):
         # tko
         for (dummy_checker_name, checker) in self.checkers.items():