зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1659575 - Delete `mach python-safety` r=ahal
There are zero uses of this `mach` command over the past 90 days according to our telemetry. There are no external references to `mach python-safety` in-tree, and indeed if you track the history of the originating bug 1468394, it appears that once the `mach` command was created, none of the follow-up work that was discussed (i.e. running this in CI and triaging failures to appropriate owners) was done over the following 2 years. If this ever does appear to be useful in the future, we can just resurrect this code from source control. Differential Revision: https://phabricator.services.mozilla.com/D87351
This commit is contained in:
Родитель
44ae0cd57e
Коммит
1218762d08
|
@ -56,7 +56,6 @@ MACH_MODULES = [
|
|||
'python/mozbuild/mozbuild/mach_commands.py',
|
||||
'python/mozperftest/mozperftest/mach_commands.py',
|
||||
'python/mozrelease/mozrelease/mach_commands.py',
|
||||
'python/safety/mach_commands.py',
|
||||
'remote/mach_commands.py',
|
||||
'taskcluster/mach_commands.py',
|
||||
'testing/awsy/mach_commands.py',
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
[[source]]
|
||||
url = "https://pypi.org/simple"
|
||||
verify_ssl = true
|
||||
name = "pypi"
|
||||
|
||||
[dev-packages]
|
||||
|
||||
[packages]
|
||||
safety = "*"
|
||||
|
||||
[requires]
|
||||
python_version = "2.7"
|
|
@ -1,115 +0,0 @@
|
|||
{
|
||||
"_meta": {
|
||||
"hash": {
|
||||
"sha256": "73bfcb0c2aa29e65a2e01fad022c231093ce599e7a213f7780d1b8f3f37ca5c9"
|
||||
},
|
||||
"pipfile-spec": 6,
|
||||
"requires": {
|
||||
"python_version": "2.7"
|
||||
},
|
||||
"sources": [
|
||||
{
|
||||
"name": "pypi",
|
||||
"url": "https://pypi.org/simple",
|
||||
"verify_ssl": true
|
||||
}
|
||||
]
|
||||
},
|
||||
"default": {
|
||||
"certifi": {
|
||||
"hashes": [
|
||||
"sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
|
||||
"sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
|
||||
],
|
||||
"version": "==2019.11.28"
|
||||
},
|
||||
"chardet": {
|
||||
"hashes": [
|
||||
"sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
|
||||
"sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
|
||||
],
|
||||
"version": "==3.0.4"
|
||||
},
|
||||
"click": {
|
||||
"hashes": [
|
||||
"sha256:2335065e6395b9e67ca716de5f7526736bfa6ceead690adf616d925bdc622b13",
|
||||
"sha256:5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7"
|
||||
],
|
||||
"version": "==7.0"
|
||||
},
|
||||
"dparse": {
|
||||
"hashes": [
|
||||
"sha256:00a5fdfa900629e5159bf3600d44905b333f4059a3366f28e0dbd13eeab17b19",
|
||||
"sha256:cef95156fa0adedaf042cd42f9990974bec76f25dfeca4dc01f381a243d5aa5b"
|
||||
],
|
||||
"version": "==0.4.1"
|
||||
},
|
||||
"idna": {
|
||||
"hashes": [
|
||||
"sha256:7588d1c14ae4c77d74036e8c22ff447b26d0fde8f007354fd48a7814db15b7cb",
|
||||
"sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa"
|
||||
],
|
||||
"version": "==2.9"
|
||||
},
|
||||
"packaging": {
|
||||
"hashes": [
|
||||
"sha256:170748228214b70b672c581a3dd610ee51f733018650740e98c7df862a583f73",
|
||||
"sha256:e665345f9eef0c621aa0bf2f8d78cf6d21904eef16a93f020240b704a57f1334"
|
||||
],
|
||||
"version": "==20.1"
|
||||
},
|
||||
"pyparsing": {
|
||||
"hashes": [
|
||||
"sha256:4c830582a84fb022400b85429791bc551f1f4871c33f23e44f353119e92f969f",
|
||||
"sha256:c342dccb5250c08d45fd6f8b4a559613ca603b57498511740e65cd11a2e7dcec"
|
||||
],
|
||||
"version": "==2.4.6"
|
||||
},
|
||||
"pyyaml": {
|
||||
"hashes": [
|
||||
"sha256:059b2ee3194d718896c0ad077dd8c043e5e909d9180f387ce42012662a4946d6",
|
||||
"sha256:1cf708e2ac57f3aabc87405f04b86354f66799c8e62c28c5fc5f88b5521b2dbf",
|
||||
"sha256:24521fa2890642614558b492b473bee0ac1f8057a7263156b02e8b14c88ce6f5",
|
||||
"sha256:4fee71aa5bc6ed9d5f116327c04273e25ae31a3020386916905767ec4fc5317e",
|
||||
"sha256:70024e02197337533eef7b85b068212420f950319cc8c580261963aefc75f811",
|
||||
"sha256:74782fbd4d4f87ff04159e986886931456a1894c61229be9eaf4de6f6e44b99e",
|
||||
"sha256:940532b111b1952befd7db542c370887a8611660d2b9becff75d39355303d82d",
|
||||
"sha256:cb1f2f5e426dc9f07a7681419fe39cee823bb74f723f36f70399123f439e9b20",
|
||||
"sha256:dbbb2379c19ed6042e8f11f2a2c66d39cceb8aeace421bfc29d085d93eda3689",
|
||||
"sha256:e3a057b7a64f1222b56e47bcff5e4b94c4f61faac04c7c4ecb1985e18caa3994",
|
||||
"sha256:e9f45bd5b92c7974e59bcd2dcc8631a6b6cc380a904725fce7bc08872e691615"
|
||||
],
|
||||
"version": "==5.3"
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
"sha256:43999036bfa82904b6af1d99e4882b560e5e2c68e5c4b0aa03b655f3d7d73fee",
|
||||
"sha256:b3f43d496c6daba4493e7c431722aeb7dbc6288f52a6e04e7b6023b0247817e6"
|
||||
],
|
||||
"version": "==2.23.0"
|
||||
},
|
||||
"safety": {
|
||||
"hashes": [
|
||||
"sha256:0a3a8a178a9c96242b224f033ee8d1d130c0448b0e6622d12deaf37f6c3b4e59",
|
||||
"sha256:5059f3ffab3648330548ea9c7403405bbfaf085b11235770825d14c58f24cb78"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==1.8.5"
|
||||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
"sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
|
||||
"sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
|
||||
],
|
||||
"version": "==1.14.0"
|
||||
},
|
||||
"urllib3": {
|
||||
"hashes": [
|
||||
"sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc",
|
||||
"sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc"
|
||||
],
|
||||
"version": "==1.25.8"
|
||||
}
|
||||
},
|
||||
"develop": {}
|
||||
}
|
|
@ -1,115 +0,0 @@
|
|||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
from __future__ import absolute_import, print_function, unicode_literals
|
||||
|
||||
import os
|
||||
import sys
|
||||
import json
|
||||
|
||||
from mozbuild.base import (
|
||||
MachCommandBase,
|
||||
)
|
||||
|
||||
from mach.decorators import (
|
||||
CommandArgument,
|
||||
CommandProvider,
|
||||
Command,
|
||||
)
|
||||
|
||||
import mozpack.path as mozpath
|
||||
from mozpack.files import FileFinder
|
||||
|
||||
from mozlog import commandline
|
||||
|
||||
here = os.path.abspath(os.path.dirname(__file__))
|
||||
|
||||
|
||||
@CommandProvider
|
||||
class MachCommands(MachCommandBase):
|
||||
@Command('python-safety', category='testing',
|
||||
description='Run python requirements safety checks')
|
||||
@CommandArgument('--python',
|
||||
default='3.5',
|
||||
help='Version of Python for Pipenv to use. When given a '
|
||||
'Python version, Pipenv will automatically scan your '
|
||||
'system for a Python that matches that given version.')
|
||||
def python_safety(self, python=None, **kwargs):
|
||||
self.logger = commandline.setup_logging(
|
||||
"python-safety", {"raw": sys.stdout})
|
||||
|
||||
self.activate_pipenv(
|
||||
os.path.dirname(self.virtualenv_manager.virtualenv_root),
|
||||
pipfile=os.path.join(here, 'Pipfile'), python=python, populate=True)
|
||||
|
||||
pattern = '**/*requirements*.txt'
|
||||
path = mozpath.normsep(os.path.dirname(os.path.dirname(here)))
|
||||
finder = FileFinder(path)
|
||||
files = [os.path.join(path, p) for p, _ in finder.find(pattern)]
|
||||
|
||||
return_code = 0
|
||||
|
||||
self.logger.suite_start(tests=files)
|
||||
for filepath in files:
|
||||
self._run_python_safety(filepath)
|
||||
|
||||
self.logger.suite_end()
|
||||
return return_code
|
||||
|
||||
def _run_python_safety(self, test_path):
|
||||
from mozprocess import ProcessHandler
|
||||
|
||||
output = []
|
||||
self.logger.test_start(test_path)
|
||||
|
||||
def _line_handler(line):
|
||||
output.append(line.decode('UTF-8'))
|
||||
|
||||
cmd = ['safety', 'check', '--cache', '--json', '-r', test_path]
|
||||
env = os.environ.copy()
|
||||
env['PYTHONDONTWRITEBYTECODE'] = '1'
|
||||
|
||||
proc = ProcessHandler(
|
||||
cmd, env=env, processOutputLine=_line_handler, storeOutput=False)
|
||||
proc.run()
|
||||
|
||||
return_code = proc.wait()
|
||||
|
||||
"""
|
||||
Example output for an error in json.
|
||||
[
|
||||
"pycrypto",
|
||||
"<=2.6.1",
|
||||
"2.6",
|
||||
"Heap-based buffer overflow in the ALGnew...",
|
||||
"35015"
|
||||
]
|
||||
"""
|
||||
# Warnings are currently interleaved with json, see
|
||||
# https://github.com/pyupio/safety/issues/133
|
||||
for warning in output:
|
||||
if warning.startswith('Warning'):
|
||||
self.logger.warning(warning)
|
||||
output = [line for line in output if not line.startswith('Warning')]
|
||||
if output:
|
||||
output_json = json.loads("".join(output))
|
||||
affected = set()
|
||||
for entry in output_json:
|
||||
affected.add(entry[0])
|
||||
message = "{0} installed:{2} affected:{1} description:{3}\n".format(
|
||||
*entry)
|
||||
self.logger.test_status(test=test_path,
|
||||
subtest=entry[0],
|
||||
status='FAIL',
|
||||
message=message
|
||||
)
|
||||
|
||||
if return_code != 0:
|
||||
status = 'FAIL'
|
||||
else:
|
||||
status = 'PASS'
|
||||
self.logger.test_end(test_path, status=status,
|
||||
expected='PASS', message=" ".join(affected))
|
||||
|
||||
return return_code
|
|
@ -33,7 +33,6 @@ codespell:
|
|||
- python/docs/
|
||||
- python/mach/docs/
|
||||
- python/mozlint/
|
||||
- python/safety/
|
||||
- remote/doc/
|
||||
- security/manager/locales/en-US/
|
||||
- services/sync/locales/en-US/
|
||||
|
|
Загрузка…
Ссылка в новой задаче