Obtain install_requires via AST.

bennati · bennati · commit aa64f264f8e6 · 2023-02-16T08:47:50.000+01:00
Signed-off-by: Bennati, Stefano &lt;stefano.bennati@here.com&gt;
diff --git a/src/python_inspector/resolution.py b/src/python_inspector/resolution.py
@@ -7,6 +7,7 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import ast
 import operator
 import os
 import re
@@ -282,7 +283,7 @@ def get_requirements_from_python_manifest(
     """
     Return a list of parsed requirements from the ``sdist_location`` sdist location
     """
-    # Look in requirements file if and only if thy are refered in setup.py or setup.cfg
+    # Look in requirements file if and only if they are refered in setup.py or setup.cfg
     # And no deps have been yielded by requirements file.
     requirements = list(
         get_reqs_from_requirements_file_in_sdist(
@@ -303,13 +304,43 @@ def get_requirements_from_python_manifest(
             # Do not raise exception here as we may have a setup.py that does not
             # have any dependencies.
             with (open(setup_py_location)) as sf:
-                match = re.search(r"install_requires[\s]*=[\s]*\[([^\]]*)\]", sf.read())
-                if match is not None:
-                    install_requires = re.sub(r"\s", "", match.group(1))
-                    if install_requires != "":
-                        raise Exception(
-                            f"Unable to collect setup.py dependencies securely: {setup_py_location}"
-                        )
+                file_contents = sf.read()
+                node = ast.parse(file_contents)
+                setup_fct = [
+                    elem
+                    for elem in ast.walk(node)
+                    if (
+                        isinstance(elem, ast.Expr)
+                        and isinstance(elem.value, ast.Call)
+                        and isinstance(elem.value.func, ast.Name)
+                        and elem.value.func.id == "setup"
+                    )
+                ]
+                if len(setup_fct) == 0:
+                    raise Exception(
+                        f"Unable to collect setup.py dependencies securely: {setup_py_location}"
+                    )
+                if len(setup_fct) > 1:
+                    print(
+                        f"Warning: identified multiple definitions of 'setup()' in {setup_py_location}, defaulting to the first occurrence"
+                    )
+                setup_fct = setup_fct[0]
+                install_requires = [
+                    k.value for k in setup_fct.value.keywords if k.arg == "install_requires"
+                ]
+                if len(install_requires) == 0:
+                    raise Exception(
+                        f"Unable to collect setup.py dependencies securely: {setup_py_location}"
+                    )
+                if len(install_requires) > 1:
+                    print(
+                        f"Warning: identified multiple definitions of 'install_requires' in {setup_py_location}, defaulting to the first occurrence"
+                    )
+                install_requires = install_requires[0].elts
+                if len(install_requires) != 0:
+                    raise Exception(
+                        f"Unable to collect setup.py dependencies securely: {setup_py_location}"
+                    )
 
 
 DEFAULT_ENVIRONMENT = utils_pypi.Environment.from_pyver_and_os(
