feat(python): add support for requirements.txt (fanal#219)

Author: AndreyLevchenko

analyzer/all/import.go

@@ -10,6 +10,7 @@ import (
 	_ "github.com/aquasecurity/fanal/analyzer/library/jar"
 	_ "github.com/aquasecurity/fanal/analyzer/library/npm"
 	_ "github.com/aquasecurity/fanal/analyzer/library/nuget"
+	_ "github.com/aquasecurity/fanal/analyzer/library/pip"
 	_ "github.com/aquasecurity/fanal/analyzer/library/pipenv"
 	_ "github.com/aquasecurity/fanal/analyzer/library/poetry"
 	_ "github.com/aquasecurity/fanal/analyzer/library/yarn"

analyzer/analyzer_test.go

@@ -507,6 +507,7 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) {
 				"nuget":    1,
 				"oracle":   1,
 				"photon":   1,
+				"pip":      1,
 				"pipenv":   1,
 				"poetry":   1,
 				"redhat":   1,
@@ -537,6 +538,7 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) {
 				"nuget":    1,
 				"oracle":   1,
 				"photon":   1,
+				"pip":      1,
 				"pipenv":   1,
 				"poetry":   1,
 				"redhat":   1,

analyzer/const.go

@@ -28,6 +28,7 @@ const (
 	TypeNpm      Type = "npm"
 	TypeNuget    Type = "nuget"
 	TypePipenv   Type = "pipenv"
+	TypePip      Type = "pip"
 	TypePoetry   Type = "poetry"
 	TypeYarn     Type = "yarn"
 	TypeGoBinary Type = "gobinary"

analyzer/library/pip/pip.go

@@ -0,0 +1,43 @@
+package pip
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/analyzer/library"
+	"github.com/aquasecurity/fanal/types"
+	"github.com/aquasecurity/go-dep-parser/pkg/pip"
+	"golang.org/x/xerrors"
+)
+
+func init() {
+	analyzer.RegisterAnalyzer(&pipLibraryAnalyzer{})
+}
+
+const version = 1
+
+var requiredFile = "requirements.txt"
+
+type pipLibraryAnalyzer struct{}
+
+func (a pipLibraryAnalyzer) Analyze(target analyzer.AnalysisTarget) (*analyzer.AnalysisResult, error) {
+	res, err := library.Analyze(types.Pip, target.FilePath, target.Content, pip.Parse)
+	if err != nil {
+		return nil, xerrors.Errorf("unable to parse requirements.txt: %w", err)
+	}
+	return res, nil
+}
+
+func (a pipLibraryAnalyzer) Required(filePath string, _ os.FileInfo) bool {
+	fileName := filepath.Base(filePath)
+	return fileName == requiredFile
+}
+
+func (a pipLibraryAnalyzer) Type() analyzer.Type {
+	return analyzer.TypePip
+}
+
+func (a pipLibraryAnalyzer) Version() int {
+	return version
+}

analyzer/library/pip/pip_test.go

@@ -0,0 +1,90 @@
+package pip
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/types"
+	godeptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
+)
+
+func Test_pipAnalyzer_Analyze(t *testing.T) {
+	tests := []struct {
+		name      string
+		inputFile string
+		want      *analyzer.AnalysisResult
+		wantErr   string
+	}{
+		{
+			name:      "happy path",
+			inputFile: "testdata/requirements.txt",
+			want: &analyzer.AnalysisResult{
+				Applications: []types.Application{
+					{
+						Type:     types.Pip,
+						FilePath: "testdata/requirements.txt",
+						Libraries: []types.LibraryInfo{
+							{Library: godeptypes.Library{Name: "click", Version: "8.0.0"}},
+							{Library: godeptypes.Library{Name: "Flask", Version: "2.0.0"}},
+							{Library: godeptypes.Library{Name: "itsdangerous", Version: "2.0.0"}},
+						},
+					},
+				},
+			},
+		}, {
+			name:      "happy path with not related filename",
+			inputFile: "testdata/not-related.txt",
+			want:      nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			b, err := os.ReadFile(tt.inputFile)
+			require.NoError(t, err)
+
+			a := pipLibraryAnalyzer{}
+			got, err := a.Analyze(analyzer.AnalysisTarget{
+				FilePath: tt.inputFile,
+				Content:  b,
+			})
+
+			if tt.wantErr != "" {
+				require.NotNil(t, err)
+				assert.Contains(t, err.Error(), tt.wantErr)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_pipAnalyzer_Required(t *testing.T) {
+	tests := []struct {
+		name     string
+		filePath string
+		want     bool
+	}{
+		{
+			name:     "happy",
+			filePath: "test/requirements.txt",
+			want:     true,
+		},
+		{
+			name:     "sad",
+			filePath: "a/b/c/d/test.sum",
+			want:     false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := pipLibraryAnalyzer{}
+			got := a.Required(tt.filePath, nil)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}

analyzer/library/pip/testdata/not-related.txt

@@ -0,0 +1,6 @@
+click==8.0.0
+Flask==2.0.0
+itsdangerous==2.0.0
+Jinja2<3.0.0
+MarkupSafe>2.0.0
+Werkzeug