analyzer/language/python/packaging/packaging.go

package packaging

import (
	"archive/zip"
	"context"
	"io"
	"os"
	"path/filepath"
	"strings"

	"golang.org/x/xerrors"

	"github.com/aquasecurity/fanal/analyzer"
	"github.com/aquasecurity/fanal/types"
	"github.com/aquasecurity/go-dep-parser/pkg/python/packaging"
)

func init() {
	analyzer.RegisterAnalyzer(&packagingAnalyzer{})
}

const version = 1

var (
	requiredFiles = []string{
		// .egg format
		// https://setuptools.readthedocs.io/en/latest/deprecated/python_eggs.html#eggs-and-their-formats
		".egg", // zip format
		"EGG-INFO/PKG-INFO",

		// .egg-info format: .egg-info can be a file or directory
		// https://setuptools.readthedocs.io/en/latest/deprecated/python_eggs.html#eggs-and-their-formats
		".egg-info",
		".egg-info/PKG-INFO",

		// wheel
		".dist-info/METADATA",
	}
)

type packagingAnalyzer struct{}

// Analyze analyzes egg and wheel files.
func (a packagingAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {
	var r io.Reader = input.Content

	// .egg file is zip format and PKG-INFO needs to be extracted from the zip file.
	if strings.HasSuffix(input.FilePath, ".egg") {
		pkginfoInZip, err := a.analyzeEggZip(input.Content, input.Info.Size())
		if err != nil {
			return nil, xerrors.Errorf("egg analysis error: %w", err)
		}
		defer pkginfoInZip.Close()
		r = pkginfoInZip
	}

	lib, err := packaging.Parse(r)
	if err != nil {
		return nil, xerrors.Errorf("unable to parse %s: %w", input.FilePath, err)
	}

	return &analyzer.AnalysisResult{Applications: []types.Application{
		{
			Type:     types.PythonPkg,
			FilePath: input.FilePath,
			Libraries: []types.Package{
				{
					Name:     lib.Name,
					Version:  lib.Version,
					License:  lib.License,
					FilePath: input.FilePath,
				},
			},
		},
	}}, nil
}

func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (io.ReadCloser, error) {
	zr, err := zip.NewReader(r, size)
	if err != nil {
		return nil, xerrors.Errorf("zip reader error: %w", err)
	}

	for _, file := range zr.File {
		if !a.Required(file.Name, nil) {
			continue
		}

		return a.open(file)
	}

	return nil, nil
}

func (a packagingAnalyzer) open(file *zip.File) (io.ReadCloser, error) {
	f, err := file.Open()
	if err != nil {
		return nil, err
	}
	return f, nil
}

func (a packagingAnalyzer) Required(filePath string, _ os.FileInfo) bool {
	// For Windows
	filePath = filepath.ToSlash(filePath)

	for _, r := range requiredFiles {
		if strings.HasSuffix(filePath, r) {
			return true
		}
	}
	return false
}

func (a packagingAnalyzer) Type() analyzer.Type {
	return analyzer.TypePythonPkg
}

func (a packagingAnalyzer) Version() int {
	return version
}
feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`package packaging`

			`import (`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`"archive/zip"`
refactor: add ctx object to analyser (fanal#303) 2021-10-06 19:18:50 +05:30			`"context"`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`"io"`
feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`"os"`
			`"path/filepath"`
			`"strings"`

			`"golang.org/x/xerrors"`

			`"github.com/aquasecurity/fanal/analyzer"`
			`"github.com/aquasecurity/fanal/types"`
			`"github.com/aquasecurity/go-dep-parser/pkg/python/packaging"`
			`)`

			`func init() {`
			`analyzer.RegisterAnalyzer(&packagingAnalyzer{})`
			`}`

			`const version = 1`

			`var (`
			`requiredFiles = []string{`
feat(python): support egg format (fanal#266) 2021-09-13 14:14:17 +03:00			`// .egg format`
			`// https://setuptools.readthedocs.io/en/latest/deprecated/python_eggs.html#eggs-and-their-formats`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`".egg", // zip format`
feat(python): support egg format (fanal#266) 2021-09-13 14:14:17 +03:00			`"EGG-INFO/PKG-INFO",`

			`// .egg-info format: .egg-info can be a file or directory`
			`// https://setuptools.readthedocs.io/en/latest/deprecated/python_eggs.html#eggs-and-their-formats`
feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`".egg-info",`
			`".egg-info/PKG-INFO",`

			`// wheel`
			`".dist-info/METADATA",`
			`}`
			`)`

			`type packagingAnalyzer struct{}`

			`// Analyze analyzes egg and wheel files.`
feat(java): support offline mode (fanal#349) 2021-12-24 08:26:10 +02:00			`func (a packagingAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {`
			`var r io.Reader = input.Content`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00
			`// .egg file is zip format and PKG-INFO needs to be extracted from the zip file.`
feat(java): support offline mode (fanal#349) 2021-12-24 08:26:10 +02:00			`if strings.HasSuffix(input.FilePath, ".egg") {`
			`pkginfoInZip, err := a.analyzeEggZip(input.Content, input.Info.Size())`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`if err != nil {`
			`return nil, xerrors.Errorf("egg analysis error: %w", err)`
			`}`
fix(analyzer): improve performance (fanal#314) Co-authored-by: knqyf263 <knqyf263@gmail.com> 2021-12-24 03:15:36 +09:00			`defer pkginfoInZip.Close()`
			`r = pkginfoInZip`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`}`

feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`lib, err := packaging.Parse(r)`
			`if err != nil {`
feat(java): support offline mode (fanal#349) 2021-12-24 08:26:10 +02:00			`return nil, xerrors.Errorf("unable to parse %s: %w", input.FilePath, err)`
feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`}`

			`return &analyzer.AnalysisResult{Applications: []types.Application{`
			`{`
			`Type: types.PythonPkg,`
feat(java): support offline mode (fanal#349) 2021-12-24 08:26:10 +02:00			`FilePath: input.FilePath,`
refactor(types): merge LibraryInfo into Package (fanal#302) 2021-10-06 02:20:59 +09:00			`Libraries: []types.Package{`
feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`{`
refactor(types): merge LibraryInfo into Package (fanal#302) 2021-10-06 02:20:59 +09:00			`Name: lib.Name,`
			`Version: lib.Version,`
			`License: lib.License,`
feat(java): support offline mode (fanal#349) 2021-12-24 08:26:10 +02:00			`FilePath: input.FilePath,`
feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`},`
			`},`
			`},`
			`}}, nil`
			`}`

fix(analyzer): improve performance (fanal#314) Co-authored-by: knqyf263 <knqyf263@gmail.com> 2021-12-24 03:15:36 +09:00			`func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (io.ReadCloser, error) {`
			`zr, err := zip.NewReader(r, size)`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`if err != nil {`
			`return nil, xerrors.Errorf("zip reader error: %w", err)`
			`}`

			`for _, file := range zr.File {`
			`if !a.Required(file.Name, nil) {`
			`continue`
			`}`

			`return a.open(file)`
			`}`

			`return nil, nil`
			`}`

fix(analyzer): improve performance (fanal#314) Co-authored-by: knqyf263 <knqyf263@gmail.com> 2021-12-24 03:15:36 +09:00			`func (a packagingAnalyzer) open(file *zip.File) (io.ReadCloser, error) {`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`f, err := file.Open()`
			`if err != nil {`
			`return nil, err`
			`}`
fix(analyzer): improve performance (fanal#314) Co-authored-by: knqyf263 <knqyf263@gmail.com> 2021-12-24 03:15:36 +09:00			`return f, nil`
feat(python): support egg zip (fanal#267) 2021-09-13 15:02:06 +03:00			`}`

feat(python): add egg and wheel analyzer (fanal#223) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com> 2021-08-19 16:32:24 +05:30			`func (a packagingAnalyzer) Required(filePath string, _ os.FileInfo) bool {`
			`// For Windows`
			`filePath = filepath.ToSlash(filePath)`

			`for _, r := range requiredFiles {`
			`if strings.HasSuffix(filePath, r) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

			`func (a packagingAnalyzer) Type() analyzer.Type {`
			`return analyzer.TypePythonPkg`
			`}`

			`func (a packagingAnalyzer) Version() int {`
			`return version`
			`}`