(pkg)
| 30 | |
| 31 | |
| 32 | def check_requirement(pkg): |
| 33 | click.secho("Received payload from package manager, running security audit...") |
| 34 | |
| 35 | out_format = ScanOutputBase.from_uri("text") |
| 36 | |
| 37 | handler = URIHandler.from_uri(f"{pkg['path']}") |
| 38 | try: |
| 39 | metadata = { # FIXME, add to item scan location |
| 40 | "uri_input": "pkg_path", |
| 41 | "source": "package_manager", |
| 42 | "pm_data": pkg, |
| 43 | "format": "plain", |
| 44 | "min_score": 0, |
| 45 | } |
| 46 | hits = [] |
| 47 | |
| 48 | for location in handler.get_paths(metadata=metadata): |
| 49 | # print(f"Enumerating: {location}") |
| 50 | hits.extend(scan_worker(location)) |
| 51 | |
| 52 | typosquatting = typos.check_name(pkg["name"]) |
| 53 | if typosquatting: |
| 54 | click.secho( |
| 55 | "Possible typosquatting detected", fg="red", bold=True, blink=True |
| 56 | ) |
| 57 | click.secho( |
| 58 | f"Following {len(typosquatting)} packages with similar names has been found:" |
| 59 | ) |
| 60 | for x in typosquatting: |
| 61 | click.echo(f" - '{x}'") |
| 62 | |
| 63 | finally: |
| 64 | handler.cleanup() |
| 65 | sys.exit(1) |
| 66 | |
| 67 | |
| 68 | def scan_worker(item: ScanLocation) -> Generator[Detection, None, None]: |
nothing calls this directly
no test coverage detected