Crash on editable install in requirements.txt from pip-compile

[jamesbraza]

Bug description

Here is my requirements.txt, output from pip-compile, containing one editable install:

#
# This file is autogenerated by pip-compile with python 3.10
# To update, run:
#
#    pip-compile --no-emit-index-url requirements.in
#
-e file:instrument

When I run:

pip-audit -r requirements.txt

It crashes with an AttributeError: AttributeError: 'NoneType' object has no attribute 'name'

Expected behavior

I expect it not to crash.

Screenshots and logs

> pip install git+https://github.com/trailofbits/pip-audit.git@fix/327
Looking in indexes: https://pypi.org/simple, https://secret/
Collecting git+https://github.com/trailofbits/pip-audit.git@fix/327
  Cloning https://github.com/trailofbits/pip-audit.git (to revision fix/327) to /private/var/folders/41/wlbjqvm94zn1_vbrg9fqff8m0000gn/T/pip-req-build-ffbk1gml
  Running command git clone --filter=blob:none --quiet https://github.com/trailofbits/pip-audit.git /private/var/folders/41/wlbjqvm94zn1_vbrg9fqff8m0000gn/T/pip-req-build-ffbk1gml
  Running command git checkout -b fix/327 --track origin/fix/327
  Switched to a new branch 'fix/327'
  branch 'fix/327' set up to track 'origin/fix/327'.
  Resolved https://github.com/trailofbits/pip-audit.git to commit 142577bbcd7b36b29a75d0e7f8b82a919605d15c
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Requirement already satisfied: pip-api>=0.0.28 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (0.0.30)
Requirement already satisfied: toml>=0.10 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (0.10.2)
Requirement already satisfied: packaging>=21.0.0 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (21.3)
Requirement already satisfied: CacheControl[filecache]>=0.12.10 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (0.12.11)
Requirement already satisfied: html5lib>=1.1 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (1.1)
Requirement already satisfied: pip-requirements-parser>=31.2.0 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (31.2.0)
Requirement already satisfied: resolvelib>=0.8.0 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (0.8.1)
Requirement already satisfied: cyclonedx-python-lib!=2.5.0,>=2.0.0 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (2.7.0)
Requirement already satisfied: rich>=12.4 in ./venv/lib/python3.10/site-packages (from pip_audit==2.4.2) (12.5.1)
Requirement already satisfied: requests in ./venv/lib/python3.10/site-packages (from CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (2.28.1)
Requirement already satisfied: msgpack>=0.5.2 in ./venv/lib/python3.10/site-packages (from CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (1.0.4)
Requirement already satisfied: lockfile>=0.9 in ./venv/lib/python3.10/site-packages (from CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (0.12.2)
Requirement already satisfied: setuptools>=47.0.0 in ./venv/lib/python3.10/site-packages (from cyclonedx-python-lib!=2.5.0,>=2.0.0->pip_audit==2.4.2) (58.1.0)
Requirement already satisfied: packageurl-python>=0.9 in ./venv/lib/python3.10/site-packages (from cyclonedx-python-lib!=2.5.0,>=2.0.0->pip_audit==2.4.2) (0.10.0)
Requirement already satisfied: sortedcontainers<3.0.0,>=2.4.0 in ./venv/lib/python3.10/site-packages (from cyclonedx-python-lib!=2.5.0,>=2.0.0->pip_audit==2.4.2) (2.4.0)
Requirement already satisfied: webencodings in ./venv/lib/python3.10/site-packages (from html5lib>=1.1->pip_audit==2.4.2) (0.5.1)
Requirement already satisfied: six>=1.9 in ./venv/lib/python3.10/site-packages (from html5lib>=1.1->pip_audit==2.4.2) (1.16.0)
Requirement already satisfied: pyparsing!=3.0.5,>=2.0.2 in ./venv/lib/python3.10/site-packages (from packaging>=21.0.0->pip_audit==2.4.2) (3.0.9)
Requirement already satisfied: pip in ./venv/lib/python3.10/site-packages (from pip-api>=0.0.28->pip_audit==2.4.2) (22.2)
Requirement already satisfied: commonmark<0.10.0,>=0.9.0 in ./venv/lib/python3.10/site-packages (from rich>=12.4->pip_audit==2.4.2) (0.9.1)
Requirement already satisfied: pygments<3.0.0,>=2.6.0 in ./venv/lib/python3.10/site-packages (from rich>=12.4->pip_audit==2.4.2) (2.12.0)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in ./venv/lib/python3.10/site-packages (from requests->CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (1.26.10)
Requirement already satisfied: charset-normalizer<3,>=2 in ./venv/lib/python3.10/site-packages (from requests->CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (2.1.0)
Requirement already satisfied: certifi>=2017.4.17 in ./venv/lib/python3.10/site-packages (from requests->CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (2022.6.15)
Requirement already satisfied: idna<4,>=2.5 in ./venv/lib/python3.10/site-packages (from requests->CacheControl[filecache]>=0.12.10->pip_audit==2.4.2) (3.3)

> pip-audit --verbose -r requirements.txt
DEBUG:pip_audit._cli:parsed arguments: Namespace(local=False, requirements=[<_io.TextIOWrapper name='requirements.txt' mode='r' encoding='UTF-8'>], project_path=None, format=<OutputFormatChoice.Columns: 'columns'>, vulnerability_service=<VulnerabilityServiceChoice.Pypi: 'pypi'>, dry_run=False, strict=False, desc=<VulnerabilityDescriptionChoice.Auto: 'auto'>, cache_dir=None, progress_spinner=<ProgressSpinnerChoice.On: 'on'>, timeout=15, paths=[], verbose=True, fix=False, require_hashes=False, index_url='https://pypi.org/simple', extra_index_urls=[], skip_editable=False, no_deps=False, output=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>, ignore_vulns=[])
Traceback (most recent call last):
  File "/path/to/venv/bin/pip-audit", line 8, in <module>
    sys.exit(audit())
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_cli.py", line 428, in audit
    for (spec, vulns) in auditor.audit(source):
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_audit.py", line 66, in audit
    for dep, vulns in self._service.query_all(specs):
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_service/interface.py", line 148, in query_all
    for spec in specs:
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_dependency_source/requirement.py", line 101, in collect
    for _, dep in self._collect_cached_deps(filename, reqs):
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_dependency_source/requirement.py", line 299, in _collect_cached_deps
    for req, resolved_deps in self._resolver.resolve_all(iter(req_values)):
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_dependency_source/interface.py", line 87, in resolve_all
    yield (req, self.resolve(req))
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/resolvelib.py", line 75, in resolve
    result = self.resolver.resolve([req])
  File "/path/to/venv/lib/python3.10/site-packages/resolvelib/resolvers.py", line 481, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/path/to/venv/lib/python3.10/site-packages/resolvelib/resolvers.py", line 348, in resolve
    self._add_to_criteria(self.state.criteria, r, parent=None)
  File "/path/to/venv/lib/python3.10/site-packages/resolvelib/resolvers.py", line 140, in _add_to_criteria
    identifier = self._p.identify(requirement_or_candidate=requirement)
  File "/path/to/venv/lib/python3.10/site-packages/pip_audit/_dependency_source/resolvelib/pypi_provider.py", line 290, in identify
    return canonicalize_name(requirement_or_candidate.name)
AttributeError: 'NoneType' object has no attribute 'name'

Platform information

• OS name and version: macOS Big Sur v11.5.1
• pip-audit version (pip-audit -V): 2.4.2
• Python version (python -V or python3 -V): 3.10.3
• pip version (pip -V or pip3 -V): 22.2

Additional context

Add any other context about the problem here.

[di]

Are we missing some of your stacktrace here?

[di]

@jamesbraza Can you try the fix in #328 and see if it works for you? You can install that locally with:

$ pip install git+https://github.com/trailofbits/pip-audit.git@fix/327

[jamesbraza]

@di I have updated the description, seems I did cut off the stack trace! The fix in #328 did not fix my issue sadly :/

[woodruffw]

Thanks for the debugging help @jamesbraza! I've cut 2.4.3 with the fixes in #331; should be available momentarily.