Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: option to use an alternative python environment #543

Closed
wants to merge 1 commit into from
Closed

feat: option to use an alternative python environment #543

wants to merge 1 commit into from

Conversation

mariojonke
Copy link

fixes: #475

Changes

Adds the --env option to the environment command line to allow specifying a path to a location where packages are installed. This enables generating the BOM for an environment without the need to install cyclonedx-bom into said environment.

Usage of setuptools / pkg_resources in the EnvironmentParser was replaced with functionality provided by importlib.metadata for the following reasons:

  1. For a distribution returned by pkg_resources from an alternative environment (e.g. via an Environment with custom search_path or a WorkingSet with different entries) the metadata function from importlib.metadata will not find any data since it uses sys.path to locate distributions
  2. usage of pkg_resources is discouraged due to deprecation

Tests

For testing a stripped down virtual environment (basically only retaining the required metadata without source files) was added as fixture so that SBOM generation can be verified accordingly

Docs

Fixes some inconsistencies in docs and readme files.

@mariojonke mariojonke requested a review from a team as a code owner April 24, 2023 14:35
sonatype-lift[bot]
sonatype-lift bot reviewed Apr 24, 2023
View reviewed changes
cyclonedx_py/parser/environment.py
else:
from importlib_metadata import metadata, PackageMetadata as _MetadataReturn
from importlib_metadata import Distribution, distributions, PackageMetadata as _MetadataReturn
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3% of developers fix this issue

F401: 'importlib_metadata.PackageMetadata as _MetadataReturn' imported but unused

ℹ️ Expand to see all @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

sonatype-lift[bot]
sonatype-lift bot reviewed Apr 24, 2023
View reviewed changes
tests/test_parser_environment.py
self.assertNotEqual(c_packaging.purl.to_string(), c_packaging.bom_ref.value)
self.assertIsNotNone(c_packaging.licenses)
self.assertEqual(len(c_packaging.licenses), 2)
self.assertEqual({LicenseChoice(license=License(name="BSD License")),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

E1123: Unexpected keyword argument 'license' in constructor call

❗❗ 3 similar findings have been found in this PR

🔎 Expand here to view all instances of this finding
File Path Line Number
tests/test_parser_environment.py 80
tests/test_parser_environment.py 81
tests/test_parser_environment.py 81

Visit the Lift Web Console to find more details in your report.

ℹ️ Expand to see all @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

sonatype-lift[bot]
sonatype-lift bot reviewed Apr 24, 2023
View reviewed changes
cyclonedx_py/parser/environment.py
) -> None:
super().__init__()
debug_message('init {}', self.__class__.__name__)

debug_message('late import pkg_resources')
import pkg_resources
debug_message('processing importlib-metadata.distributions')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

12% of developers fix this issue

reportGeneralTypeIssues: Expected 2 more positional arguments

❗❗ 5 similar findings have been found in this PR

🔎 Expand here to view all instances of this finding
File Path Line Number
cyclonedx_py/parser/environment.py 82
tests/test_parser_environment.py 80
tests/test_parser_environment.py 80
tests/test_parser_environment.py 81
tests/test_parser_environment.py 81

Visit the Lift Web Console to find more details in your report.

ℹ️ Expand to see all @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

sonatype-lift[bot]
sonatype-lift bot reviewed Apr 24, 2023
View reviewed changes
tests/test_parser_environment.py
c_packaging = parser.get_components()[0]
self.assertEqual(c_packaging.name, "packaging")
self.assertEqual(c_packaging.version, "23.1")
self.assertNotEqual(c_packaging.purl.to_string(), c_packaging.bom_ref.value)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3% of developers fix this issue

reportOptionalMemberAccess: "to_string" is not a known member of "None"

ℹ️ Expand to see all @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

@jkowalleck jkowalleck added this to the 4.0.0 milestone Jul 12, 2023
@jkowalleck
Copy link
Member

probably superseded by #627

@jkowalleck jkowalleck self-assigned this Dec 25, 2023
@jkowalleck
Copy link
Member

definitely superseded by #605

@jkowalleck jkowalleck closed this Dec 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

Assignees

@jkowalleck jkowalleck

Labels
None yet
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@mariojonke @jkowalleck