feat: handle hashes without error (thanks to @dymart via #67) (#98)

Signed-off-by: Paul Horton <paul.horton@owasp.org>
madpah · Apr 3, 2024 · a9aafc9 · a9aafc9
1 parent 9227900
commit a9aafc9
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 1 deletion.
diff --git a/requirements/parser.py b/requirements/parser.py
@@ -62,7 +62,10 @@ def parse(reqstr: Union[str, TextIO]) -> Iterator[Requirement]:
         elif not line or line.startswith('#'):
             # comments are lines that start with # only
             continue
-        elif line.startswith('-r') or line.startswith('--requirement'):
+        elif not line or line.startswith('--hash='):
+            # hashes are lines that start with --hash=
+            continue
+        elif line.startswith(('-r', '--requirement')):
             _, new_filename = line.split()
             new_file_path = os.path.join(os.path.dirname(filename or '.'),
                                          new_filename)

diff --git a/requirements/requirement.py b/requirements/requirement.py
@@ -253,4 +253,9 @@ def parse(cls, line: str) -> 'Requirement':
             return cls.parse_editable(
                 re.sub(r'^(-e|--editable=?)\s*', '', line))
 
+        if ' --hash=' in line:
+            line = line[:line.find(' --hash=')]
+        if ' \\' in line:
+            line = line[:line.find(' \\')]
+
         return cls.parse_line(line)
diff --git a/tests/reqfiles/hash_1.expected b/tests/reqfiles/hash_1.expected
@@ -0,0 +1,44 @@
+[
+ {
+  "specifier": true,
+  "local_file": false,
+  "name": "packaging",
+  "editable": false,
+  "subdirectory": null,
+  "uri": null,
+  "extras": [],
+  "vcs": null,
+  "path": null,
+  "line":  "packaging==21.3",
+  "hash_name": null,
+  "hash": null,
+  "specs": [
+   [
+    "==",
+    "21.3"
+   ]
+  ],
+  "revision": null
+ },
+ {
+  "specifier": true,
+  "local_file": false,
+  "name": "packaging",
+  "editable": false,
+  "subdirectory": null,
+  "uri": null,
+  "extras": [],
+  "vcs": null,
+  "path": null,
+  "line":  "packaging==21.3",
+  "hash_name": null,
+  "hash": null,
+  "specs": [
+   [
+    "==",
+    "21.3"
+   ]
+  ],
+  "revision": null
+ }
+]
diff --git a/tests/reqfiles/hash_1.txt b/tests/reqfiles/hash_1.txt
@@ -0,0 +1,7 @@
+packaging==21.3 \
+    --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522 \
+    --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522
+    # testing
+packaging==21.3 \
+    --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522 \
+    --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522
diff --git a/tests/reqfiles/hash_2.expected b/tests/reqfiles/hash_2.expected
@@ -0,0 +1,23 @@
+[
+ {
+  "specifier": true,
+  "local_file": false,
+  "name": "packaging",
+  "editable": false,
+  "subdirectory": null,
+  "uri": null,
+  "extras": [],
+  "vcs": null,
+  "path": null,
+  "line":  "packaging==21.3",
+  "hash_name": null,
+  "hash": null,
+  "specs": [
+   [
+    "==",
+    "21.3"
+   ]
+  ],
+  "revision": null
+ }
+]
diff --git a/tests/reqfiles/hash_2.txt b/tests/reqfiles/hash_2.txt
@@ -0,0 +1 @@
+packaging==21.3 --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522