Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Pipfile Analyzer #2877

Merged
merged 2 commits into from
Oct 12, 2020
Merged

Add Pipfile Analyzer #2877

merged 2 commits into from
Oct 12, 2020

Conversation

fcano
Copy link
Contributor

@fcano fcano commented Oct 9, 2020

Description of Change

Add a basic Pipfile Analyzer.

Have test cases been added to cover the new functionality?

yes

@boring-cyborg boring-cyborg bot added ant changes to ant cli changes to the cli core changes to core documentation site documentation maven changes to the maven plugin tests test cases utils changes to utils labels Oct 9, 2020
jeremylong
jeremylong requested changes Oct 10, 2020
View reviewed changes
Copy link
Owner

@jeremylong jeremylong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for such a complete PR! Just one minor suggestions - unless you can think of any other way to obtain vendor information from pip...

core/src/main/java/org/owasp/dependencycheck/analyzer/PipfileAnalyzer.java Show resolved Hide resolved
@fcano
Copy link
Contributor Author

fcano commented Oct 11, 2020

@jeremylong do you know why the test failed? Looking into the logs it does not seem a problem with the commit.

@jeremylong jeremylong added this to the 6.0.3 milestone Oct 11, 2020
@jeremylong
Copy link
Owner

Apparently I broke the build. If you git rebase main this should resolve itself. Otherwise I know this builds and is correct - I can just merge...

@fcano
Copy link
Contributor Author

fcano commented Oct 11, 2020
edited
Loading

The idea is to 'git rebase main' the branch 'add-pipfile-support' and drop the last commit (ab94853)?

@fcano fcano force-pushed the add-pipfile-support branch from ab94853 to 7533e9a Compare October 11, 2020 18:27
@fcano
Copy link
Contributor Author

fcano commented Oct 11, 2020

I think I did it. Now, the PR does not have an evidence for the VENDOR. Is it mandatory? I don't see that line in the PipAnalyzer for example. It only has these two lines:

https://github.com/jeremylong/DependencyCheck/pull/2526/files#diff-13b45a953258e6e7d4327bc57ef26169R163-R164

@jeremylong
Copy link
Owner

I just put the line adding the vendor evidence back. As to what happened - you likely accepted my change request in the github UI and did not pull the update back in before rebasing.

Seriously - that you for such a complete PR!

@fcano
Copy link
Contributor Author

fcano commented Oct 12, 2020

I'm sorry because I don't have a lot of experience with git and I got lost with the rebase. Now I see your commit in the pull request and the tests passing. Is everything ok now? Is there anything else that I have to do?

@jeremylong
Copy link
Owner

Yup - everything is good. Thanks for the PR!

@jeremylong jeremylong merged commit 67ce215 into jeremylong:main Oct 12, 2020
@fcano fcano deleted the add-pipfile-support branch October 13, 2020 05:49
This was referenced Mar 15, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremylong jeremylong jeremylong approved these changes

Assignees
No one assigned
Labels
ant changes to ant cli changes to the cli core changes to core documentation site documentation maven changes to the maven plugin tests test cases utils changes to utils
Projects
None yet
Milestone
6.0.3
Development

Successfully merging this pull request may close these issues.
2 participants
@fcano @jeremylong