|
| 1 | +# encoding: utf-8 |
| 2 | + |
| 3 | +# This file is part of CycloneDX Python Lib |
| 4 | +# |
| 5 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | +# you may not use this file except in compliance with the License. |
| 7 | +# You may obtain a copy of the License at |
| 8 | +# |
| 9 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | +# |
| 11 | +# Unless required by applicable law or agreed to in writing, software |
| 12 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | +# See the License for the specific language governing permissions and |
| 15 | +# limitations under the License. |
| 16 | +# |
| 17 | +# SPDX-License-Identifier: Apache-2.0 |
| 18 | +# Copyright (c) OWASP Foundation. All Rights Reserved. |
| 19 | +import json |
| 20 | +from json import JSONDecodeError |
| 21 | + |
| 22 | +from typing import TypedDict, Union |
| 23 | +from urllib.parse import urlparse |
| 24 | + |
| 25 | + |
| 26 | +class CondaPackage(TypedDict): |
| 27 | + """ |
| 28 | + Internal package for unifying Conda package definitions to. |
| 29 | + """ |
| 30 | + base_url: str |
| 31 | + build_number: int |
| 32 | + build_string: str |
| 33 | + channel: str |
| 34 | + dist_name: str |
| 35 | + name: str |
| 36 | + platform: str |
| 37 | + version: str |
| 38 | + md5_hash: str |
| 39 | + |
| 40 | + |
| 41 | +def parse_conda_json_to_conda_package(conda_json_str: str) -> Union[CondaPackage, None]: |
| 42 | + try: |
| 43 | + package_data = json.loads(conda_json_str) |
| 44 | + except JSONDecodeError: |
| 45 | + print(f'Failed to decode JSON: {conda_json_str}') |
| 46 | + raise ValueError(f'Invalid JSON supplied - cannot be parsed: {conda_json_str}') |
| 47 | + |
| 48 | + if 'md5_hash' not in package_data.keys(): |
| 49 | + package_data['md5_hash'] = None |
| 50 | + |
| 51 | + if isinstance(package_data, dict): |
| 52 | + return CondaPackage(**package_data) |
| 53 | + |
| 54 | + return None |
| 55 | + |
| 56 | + |
| 57 | +def parse_conda_list_str_to_conda_package(conda_list_str: str) -> Union[CondaPackage, None]: |
| 58 | + """ |
| 59 | + Helper method for parsing a line of output from `conda list --explicit` into our internal `CondaPackage` object. |
| 60 | +
|
| 61 | + Params: |
| 62 | + conda_list_str: |
| 63 | + Line of output from `conda list --explicit` |
| 64 | +
|
| 65 | + Returns: |
| 66 | + Instance of `CondaPackage` else `None`. |
| 67 | + """ |
| 68 | + |
| 69 | + line = conda_list_str.strip() |
| 70 | + |
| 71 | + if line[0:1] == '#' or line[0:1] == '@' or len(line) == 0: |
| 72 | + # Skip comments, @EXPLICT or empty lines |
| 73 | + return None |
| 74 | + |
| 75 | + # Remove any hash |
| 76 | + package_hash: str = None |
| 77 | + if '#' in line: |
| 78 | + hash_parts = line.split('#') |
| 79 | + if len(hash_parts) > 1: |
| 80 | + package_hash = hash_parts.pop() |
| 81 | + line = ''.join(hash_parts) |
| 82 | + |
| 83 | + package_parts = line.split('/') |
| 84 | + package_name_version_build_string = package_parts.pop() |
| 85 | + package_arch = package_parts.pop() |
| 86 | + package_url = urlparse('/'.join(package_parts)) |
| 87 | + |
| 88 | + try: |
| 89 | + package_nvbs_parts = package_name_version_build_string.split('-') |
| 90 | + build_number_with_opt_string = package_nvbs_parts.pop() |
| 91 | + if '.' in build_number_with_opt_string: |
| 92 | + # Remove any .conda at the end if present or other package type eg .tar.gz |
| 93 | + pos = build_number_with_opt_string.find('.') |
| 94 | + build_number_with_opt_string = build_number_with_opt_string[0:pos] |
| 95 | + |
| 96 | + if '_' in build_number_with_opt_string: |
| 97 | + bnbs_parts = build_number_with_opt_string.split('_') |
| 98 | + if len(bnbs_parts) == 2: |
| 99 | + build_number = int(bnbs_parts.pop()) |
| 100 | + build_string = build_number_with_opt_string |
| 101 | + else: |
| 102 | + raise ValueError(f'Unexpected build version string for Conda Package: {conda_list_str}') |
| 103 | + else: |
| 104 | + build_string = None |
| 105 | + build_number = int(build_number_with_opt_string) |
| 106 | + |
| 107 | + build_version = package_nvbs_parts.pop() |
| 108 | + package_name = '-'.join(package_nvbs_parts) |
| 109 | + except IndexError as e: |
| 110 | + raise ValueError(f'Error parsing {package_nvbs_parts} from {conda_list_str} IndexError: {str(e)}') |
| 111 | + |
| 112 | + return CondaPackage( |
| 113 | + base_url=package_url.geturl(), build_number=build_number, build_string=build_string, |
| 114 | + channel=package_url.path[1:], dist_name=f'{package_name}-{build_version}-{build_string}', |
| 115 | + name=package_name, platform=package_arch, version=build_version, md5_hash=package_hash |
| 116 | + ) |
0 commit comments