Merge branch 'buildout' into 'v3'

iseki0 · iseki0 · commit c934b90fd6d1 · 2024-12-18T19:06:36.000+08:00
fix base buildout

See merge request develop/client!7
diff --git a/go.mod b/go.mod
@@ -33,9 +33,9 @@ require (
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
 	golang.org/x/mod v0.18.0
 	golang.org/x/net v0.26.0
-	golang.org/x/sync v0.10.0
-	golang.org/x/sys v0.28.0
-	golang.org/x/text v0.21.0
+	golang.org/x/sync v0.7.0
+	golang.org/x/sys v0.24.0
+	golang.org/x/text v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -77,10 +77,11 @@ require (
 	github.com/xanzy/go-gitlab v0.93.1 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/src-d/go-git.v4 v4.13.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -213,8 +213,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -238,8 +238,8 @@ golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbht
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -258,15 +258,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -275,8 +275,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -291,6 +291,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=
 gopkg.in/src-d/go-billy.v4 v4.3.2 h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg=
diff --git a/module/python/buildout/buildout.go b/module/python/buildout/buildout.go
@@ -117,6 +117,8 @@ func InspectProject(ctx context.Context, dir string) (*model.Module, error) {
 		}
 	}
 	var comps = make(map[[2]string]struct{})
+	MetadataComps := make(map[string]string)
+	BuildoutCfgComps := make(map[string]string)
 	_ = filepath.WalkDir(dir, func(path string, d fs.DirEntry, e error) error {
 		if ctx.Err() != nil {
 			return ctx.Err()
@@ -134,9 +136,22 @@ func InspectProject(ctx context.Context, dir string) (*model.Module, error) {
 				return nil
 			}
 			comps[[2]string{n, v}] = struct{}{}
+			MetadataComps[n] = v
+		}
+		if d.Name() == "buildout.cfg" {
+			if err := base(ctx, path, BuildoutCfgComps); err != nil {
+				return err
+			}
 		}
 		return nil
 	})
+
+	for k, v := range BuildoutCfgComps {
+		if METADATAv, ok := MetadataComps[k]; !ok || METADATAv == "" {
+			comps[[2]string{k, v}] = struct{}{}
+			MetadataComps[k] = v
+		}
+	}
 	var compList = maps.Keys(comps)
 	if len(compList) == 0 {
 		return nil, nil
diff --git a/module/python/buildout/parsingFiles.go b/module/python/buildout/parsingFiles.go
@@ -0,0 +1,160 @@
+package buildout
+
+import (
+	"context"
+	"github.com/murphysecurity/murphysec/infra/logctx"
+	"go.uber.org/zap"
+	"gopkg.in/ini.v1"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+func base(ctx context.Context, path string, result map[string]string) error {
+	var log = logctx.Use(ctx).Sugar()
+	e := findVersionsFile(ctx, path, result)
+	if e == nil {
+		return nil
+	}
+	pattern := filepath.Join(filepath.Dir(path), "*.cfg")
+	files, err := filepath.Glob(pattern)
+	if err != nil {
+		log.Error("glob failed", zap.Error(e))
+		return err
+	}
+	for _, j := range files {
+		if j == "buildout.cfg" {
+			continue
+		}
+		if err := NoCurrentDirectoryCfg(ctx, filepath.Dir(j), j, result); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+func NoCurrentDirectoryCfg(ctx context.Context, NowPath string, path string, result map[string]string) error {
+	var log = logctx.Use(ctx).Sugar()
+	var e error
+	var extends = ""
+	if path == "" {
+		return nil
+	}
+	if filepath.Dir(path) == NowPath {
+		return nil
+	}
+	if strings.Contains(path, "http") {
+		resp, err := http.Get(path)
+		if err != nil {
+			log.Error("http get failed", zap.Error(err))
+			return err
+		}
+		defer resp.Body.Close()
+		by, err := io.ReadAll(resp.Body)
+		if err != nil {
+			log.Error("read body failed", zap.Error(err))
+			return err
+		}
+		extends, e = parseBuildoutBytes(ctx, by, result)
+		if e != nil {
+			return e
+		}
+	} else {
+		// 如果不是远程连接 则尝试打开读取
+		extends, e = parseBuildoutCfgFile(ctx, path, result)
+		if e != nil {
+			return e
+		}
+	}
+	if extends != "" {
+		log.Debug("find extends", zap.String("path", extends))
+		return findVersionsFile(ctx, extends, result)
+	}
+	return NoCurrentDirectoryCfg(ctx, NowPath, extends, result)
+}
+func findVersionsFile(ctx context.Context, path string, result map[string]string) error {
+	var log = logctx.Use(ctx).Sugar()
+	var extends string
+	var e error
+	// 如果事远程链接 则读取
+	if strings.Contains(path, "http") {
+		resp, err := http.Get(path)
+		if err != nil {
+			log.Error("http get failed", zap.Error(err))
+			return err
+		}
+		defer resp.Body.Close()
+		by, err := io.ReadAll(resp.Body)
+		if err != nil {
+			log.Error("read body failed", zap.Error(err))
+			return err
+		}
+		extends, e = parseBuildoutBytes(ctx, by, result)
+		if e != nil {
+			return e
+		}
+	} else {
+		// 如果不是远程连接 则尝试打开读取
+		extends, e = parseBuildoutCfgFile(ctx, path, result)
+		if e != nil {
+			return e
+		}
+	}
+	if extends != "" {
+		log.Debug("find extends", zap.String("path", extends))
+		return findVersionsFile(ctx, extends, result)
+	}
+
+	return nil
+}
+func parseBuildoutBytes(ctx context.Context, by []byte, result map[string]string) (string, error) {
+	var log = logctx.Use(ctx).Sugar()
+	cfg, err := ini.Load(by)
+	if err != nil {
+		log.Error("Fail to read file: ", zap.Error(err))
+		return "", err
+	}
+	for _, section := range cfg.Sections() {
+		if section.Name() == "version" || section.Name() == "dependencies" || section.Name() == "versions" {
+			for _, key := range section.Keys() {
+				if key.Name() != "" && key.Value() != "" {
+					result[key.Name()] = key.Value()
+				}
+			}
+		}
+	}
+	extends := cfg.Section("buildout").Key("extends").String()
+	return extends, nil
+}
+func parseBuildoutCfgFile(ctx context.Context, path string, result map[string]string) (string, error) {
+	var log = logctx.Use(ctx).Sugar()
+	by, err := os.ReadFile(path)
+	if err != nil {
+		log.Error("read file failed", zap.Error(err))
+		return "", err
+	}
+	cfg, err := ini.Load(by)
+	if err != nil {
+		log.Error("Fail to read file: ", zap.Error(err))
+		return "", err
+	}
+	for _, section := range cfg.Sections() {
+		if section.Name() == "version" || section.Name() == "dependencies" || section.Name() == "versions" {
+			for _, key := range section.Keys() {
+				if key.Name() != "" && key.Value() != "" {
+					result[key.Name()] = key.Value()
+				}
+			}
+		}
+	}
+	extends := cfg.Section("buildout").Key("extends").String()
+	if extends == "" {
+		return "", nil
+	}
+	if filepath.IsAbs(extends) {
+		return extends, nil
+	} else {
+		return filepath.Join(filepath.Dir(path), extends), nil
+	}
+}
