Lawsun
d230cfbce0
first commit
|
1 anno fa | |
|---|---|---|
| .. | ||
| pytoml | 1 anno fa | |
| requirements | 1 anno fa | |
| README.md | 1 anno fa | |
| distPackage.py | 1 anno fa | |
| package.py | 1 anno fa | |
| pip_resolve.py | 1 anno fa | |
| pipfile.py | 1 anno fa | |
| reqPackage.py | 1 anno fa | |
| setup_file.py | 1 anno fa | |
| test_pip_resolve.py | 1 anno fa | |
| utils.py | 1 anno fa | |
README.md
pysrc
This is the Python part of the snyk-python-plugin.
Given a fully installed Python package with its dependencies (using a virtual environment), it analyzes and returns the dependency tree.
The entry point is main in pip_resolve.py.
Implementation outline
- take pkg_resources.working_set (a list of all packages available in the current environment)
- convert it to a tree
- parse the manifest (requirements.txt/Pipfile) to find the top-level deps
- select the parts of the tree that start from TLDs found in previous step
- determine actual installed versions for the packages in the tree
- convert that tree in DepTree format
The parts 1 and 5 require access to the Python environment and thus have to be implemented in Python. The part 3, for requirements.txt, leverages the existing parsing library (pip).