From df0b7838d02c9bf87de8c50f7ed2a6a34620532d Mon Sep 17 00:00:00 2001 From: tewfik-ghariani Date: Mon, 12 Dec 2022 19:00:31 +0100 Subject: [PATCH] fix: Add support for poetry lock v2 format Signed-off-by: tewfik-ghariani --- cyclonedx_py/parser/poetry.py | 8 +++++++- tests/fixtures/poetry-lock-v2-simple.txt | 16 ++++++++++++++++ tests/test_parser_poetry.py | 12 +++++++++--- 3 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 tests/fixtures/poetry-lock-v2-simple.txt diff --git a/cyclonedx_py/parser/poetry.py b/cyclonedx_py/parser/poetry.py index bf161b20..8e54c90f 100644 --- a/cyclonedx_py/parser/poetry.py +++ b/cyclonedx_py/parser/poetry.py @@ -41,7 +41,13 @@ def __init__(self, poetry_lock_contents: str, use_purl_bom_ref: bool = False) -> purl=purl ) - for file_metadata in poetry_lock['metadata']['files'][package['name']]: + # Support poetry lock format 2.0 + try: + files_metadata = package['files'] + except KeyError: + files_metadata = poetry_lock['metadata']['files'][package['name']] + + for file_metadata in files_metadata: try: component.external_references.add(ExternalReference( reference_type=ExternalReferenceType.DISTRIBUTION, diff --git a/tests/fixtures/poetry-lock-v2-simple.txt b/tests/fixtures/poetry-lock-v2-simple.txt new file mode 100644 index 00000000..f73dc860 --- /dev/null +++ b/tests/fixtures/poetry-lock-v2-simple.txt @@ -0,0 +1,16 @@ +[[package]] +name = "toml" +version = "0.10.2" +description = "Python Library for Tom's Obvious, Minimal Language" +category = "main" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" +files = [ + {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, + {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, +] + +[metadata] +lock-version = "1.1" +python-versions = "^3.9" +content-hash = "3dc7af43729f7ff1e7cf84103a3e2c1945f233884eaa149c7e8d92cccb593984" diff --git a/tests/test_parser_poetry.py b/tests/test_parser_poetry.py index abb3655a..4df27feb 100644 --- a/tests/test_parser_poetry.py +++ b/tests/test_parser_poetry.py @@ -25,9 +25,7 @@ class TestPoetryParser(TestCase): - def test_simple(self) -> None: - tests_poetry_lock_file = os.path.join(os.path.dirname(__file__), 'fixtures/poetry-lock-simple.txt') - + def simple_lock_file(self, tests_poetry_lock_file: str) -> None: parser = PoetryFileParser(poetry_lock_filename=tests_poetry_lock_file) self.assertEqual(1, parser.component_count()) component = next(filter(lambda c: c.name == 'toml', parser.get_components()), None) @@ -37,6 +35,14 @@ def test_simple(self) -> None: self.assertEqual('0.10.2', component.version) self.assertEqual(2, len(component.external_references), f'{component.external_references}') + def test_lock_v1(self) -> None: + tests_poetry_lock_file = os.path.join(os.path.dirname(__file__), 'fixtures/poetry-lock-simple.txt') + self.simple_lock_file(tests_poetry_lock_file) + + def test_lock_v2(self) -> None: + tests_poetry_lock_file = os.path.join(os.path.dirname(__file__), 'fixtures/poetry-lock-v2-simple.txt') + self.simple_lock_file(tests_poetry_lock_file) + def test_simple_purl_bom_ref(self) -> None: tests_poetry_lock_file = os.path.join(os.path.dirname(__file__), 'fixtures/poetry-lock-simple.txt')