fix: basic Python scanning to determine detection environment

reverse-direction-god · reverse-direction-god · commit 5551923a8224 · 2024-12-30T14:14:29.000+08:00
diff --git a/cmd/murphy/internal/internalcmd/scanner_scan.go b/cmd/murphy/internal/internalcmd/scanner_scan.go
@@ -62,6 +62,7 @@ func scannerScanRun(cmd *cobra.Command, args []string) {
 		IsNoBuild:   env.DoNotBuild,
 	}
 	ctx = model.WithScanTask(ctx, scantask)
+	ctx = context.WithValue(ctx, "is_internalcmd", true)
 	e = inspector.ManagedInspect(ctx)
 	if e != nil {
 		logger.Error(e)
diff --git a/module/python/python.go b/module/python/python.go
@@ -193,7 +193,7 @@ func collectDepsInfo(ctx context.Context, dir string) ([][2]string, error) {
 			delete(unknownVersionComps, s)
 		}
 	}
-	if len(unknownVersionComps) != 0 {
+	if is_internalcmd := ctx.Value("is_internalcmd"); is_internalcmd == nil && len(unknownVersionComps) != 0 {
 		// try to resolve version from pip list
 		m, e := getEnvPipListMap(ctx)
 		if e != nil {
diff --git a/module/python/venv.go b/module/python/venv.go
@@ -210,7 +210,11 @@ func pipdeptree(dir string, logger *zap.SugaredLogger) ([]PipdeptreeStruct, erro
 }
 func updatePackage(dir string, logger *zap.SugaredLogger, k, v string) {
 	var out bytes.Buffer
-	cmd := exec.Command("./pip", "install", k+"=="+v)
+	version := k
+	if v != "" {
+		version = version + "==" + v
+	}
+	cmd := exec.Command("./pip", "install", version)
 	cmd.Stdout = &out
 	cmd.Dir = dir
 	if err := cmd.Run(); err != nil {
@@ -246,6 +250,26 @@ func delVenv(dir string, logger *zap.SugaredLogger) {
 	}
 	logger.Debug("delete venv success ")
 }
+func directDependenceSurvival(mod *[]model.DependencyItem, nvMp map[string]string) {
+	var exist = make(map[string]string)
+	for _, i := range *mod {
+		exist[i.CompName] = exist[i.CompVersion]
+	}
+	for k, v := range nvMp {
+		if _, ok := exist[k]; !ok {
+			*mod = append(*mod, model.DependencyItem{
+				Component: model.Component{
+					CompName:    k,
+					CompVersion: v,
+					EcoRepo: model.EcoRepo{
+						Ecosystem:  "pip",
+						Repository: "",
+					},
+				},
+			})
+		}
+	}
+}
 func Run(ctx context.Context, dir string, logger *zap.SugaredLogger, nvMp map[string]string) ([]model.DependencyItem, error) {
 	var mod []model.DependencyItem
 	var venvDir = filepath.Join(dir, "virtual_venv")
@@ -297,6 +321,8 @@ func Run(ctx context.Context, dir string, logger *zap.SugaredLogger, nvMp map[st
 			mod = append(mod, buildTree(j, 0))
 		}
 	}
+	// 对于没有pip install成功的依赖 只加入pipreqs中列出的直接依赖
+	directDependenceSurvival(&mod, newRequirements)
 	defer delVenv(venvDir, logger)
 	return mod, err
 }

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ func scannerScanRun(cmd *cobra.Command, args []string) {`
`62`	`62`	`IsNoBuild: env.DoNotBuild,`
`63`	`63`	`}`
`64`	`64`	`ctx = model.WithScanTask(ctx, scantask)`
	`65`	`+ ctx = context.WithValue(ctx, "is_internalcmd", true)`
`65`	`66`	`e = inspector.ManagedInspect(ctx)`
`66`	`67`	`if e != nil {`
`67`	`68`	`logger.Error(e)`
Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ func collectDepsInfo(ctx context.Context, dir string) ([][2]string, error) {`
`193`	`193`	`delete(unknownVersionComps, s)`
`194`	`194`	`}`
`195`	`195`	`}`
`196`		`- if len(unknownVersionComps) != 0 {`
	`196`	`+ if is_internalcmd := ctx.Value("is_internalcmd"); is_internalcmd == nil && len(unknownVersionComps) != 0 {`
`197`	`197`	`// try to resolve version from pip list`
`198`	`198`	`m, e := getEnvPipListMap(ctx)`
`199`	`199`	`if e != nil {`