infrastructure/extensions-website
4
8
Fork 10
Code Issues 20 Pull Requests 2 Projects Releases Wiki Activity

File scanning: validate wheel digests against pypi.org #199

Merged
Oleg-Komarov merged 5 commits from validate-wheels into main 2024-07-11 10:45:24 +02:00
Conversation 0 Commits 5 Files Changed 6 +16 -13
2 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c6ef475c00 - Show all commits

5
files/tasks.py
View File

@ -20,9 +20,8 @@ def scan_file(file_id: int):
logger.info('File pk=%s scanned by clamd: %s', file.pk, (clamd_scan_status, clamd_scan_found)) logger.info('File pk=%s scanned by clamd: %s', file.pk, (clamd_scan_status, clamd_scan_found))
scan_result = {'clamdscan': [clamd_scan_status, clamd_scan_found]} scan_result = {'clamdscan': [clamd_scan_status, clamd_scan_found]}
is_ok = clamd_scan_status == 'OK' is_ok = clamd_scan_status == 'OK'
if is_ok and (wheels := file.metadata.get('wheels', None)): if is_ok and (wheels := files.utils.get_wheels_from_manifest(file.metadata)):
invalid_wheels = files.utils.validate_wheels(abs_path, wheels) if invalid_wheels := files.utils.validate_wheels(abs_path, wheels):
if invalid_wheels:
logger.info('File pk=%s has invalid wheels: %s', file.pk, invalid_wheels) logger.info('File pk=%s has invalid wheels: %s', file.pk, invalid_wheels)
is_ok = False is_ok = False
scan_result['invalid_wheels'] = invalid_wheels scan_result['invalid_wheels'] = invalid_wheels

24
files/utils.py
View File

@ -171,6 +171,19 @@ def find_forbidden_filepaths(file_list):
return result return result
def get_wheels_from_manifest(manifest):
wheels = None
if (
'build' in manifest
and 'generated' in manifest['build']
and 'wheels' in manifest['build']['generated']
):
wheels = manifest['build']['generated']['wheels']
else:
wheels = manifest.get('wheels')
return wheels
def validate_file_list(toml_content, manifest_filepath, file_list): def validate_file_list(toml_content, manifest_filepath, file_list):
"""Check the files in in the archive against manifest.""" """Check the files in in the archive against manifest."""
error_codes = [] error_codes = []
@ -196,16 +209,7 @@ def validate_file_list(toml_content, manifest_filepath, file_list):
init_filepath = find_exact_path(file_list, expected_init_path) init_filepath = find_exact_path(file_list, expected_init_path)
if not init_filepath: if not init_filepath:
error_codes.append('invalid_missing_init') error_codes.append('invalid_missing_init')
wheels = None if wheels := get_wheels_from_manifest(toml_content):
if (
'build' in toml_content
and 'generated' in toml_content['build']
and 'wheels' in toml_content['build']['generated']
):
wheels = toml_content['build']['generated']['wheels']
else:
wheels = toml_content.get('wheels')
if wheels:
for wheel in wheels: for wheel in wheels:
expected_wheel_path = _canonical_path(wheel, manifest_filepath) expected_wheel_path = _canonical_path(wheel, manifest_filepath)
wheel_filepath = find_exact_path(file_list, expected_wheel_path) wheel_filepath = find_exact_path(file_list, expected_wheel_path)