wip

Author: sdn4z

src/twyn/config/config_handler.py

@@ -36,7 +36,7 @@ class TwynConfiguration:
     selector_method: str
     logging_level: AvailableLoggingLevels
     allowlist: set[str]
-    pypi_reference: str
+    package_reference: str
     use_cache: bool
 
 
@@ -48,7 +48,7 @@ class ReadTwynConfiguration:
     selector_method: Optional[str] = None
     logging_level: Optional[AvailableLoggingLevels] = None
     allowlist: set[str] = field(default_factory=set)
-    pypi_reference: Optional[str] = None
+    package_reference: Optional[str] = None
     use_cache: Optional[bool] = None
 
 
@@ -101,7 +101,7 @@ def resolve_config(
             selector_method=final_selector_method,
             logging_level=_get_logging_level(verbosity, read_config.logging_level),
             allowlist=read_config.allowlist,
-            pypi_reference=read_config.pypi_reference or DEFAULT_TOP_PYPI_PACKAGES,
+            package_reference=read_config.package_reference or DEFAULT_TOP_PYPI_PACKAGES,
             use_cache=final_use_cache,
         )
 
@@ -135,7 +135,7 @@ def _get_read_config(self, toml: TOMLDocument) -> ReadTwynConfiguration:
             selector_method=twyn_config_data.get("selector_method"),
             logging_level=twyn_config_data.get("logging_level"),
             allowlist=set(twyn_config_data.get("allowlist", set())),
-            pypi_reference=twyn_config_data.get("pypi_reference"),
+            package_reference=twyn_config_data.get("package_reference"),
             use_cache=twyn_config_data.get("use_cache"),
         )
 

src/twyn/main.py

@@ -14,6 +14,7 @@
 from twyn.similarity.algorithm import EditDistance, SimilarityThreshold
 from twyn.trusted_packages import TopPyPiReference
 from twyn.trusted_packages.cache_handler import CacheHandler
+from twyn.trusted_packages.references import AbstractPackageReference
 from twyn.trusted_packages.selectors import AbstractSelector
 from twyn.trusted_packages.trusted_packages import (
     TrustedPackages,
@@ -47,15 +48,17 @@ def check_dependencies(
 
     cache_handler = CacheHandler() if config.use_cache else None
 
+    top_packages_reference = get_top_packages_reference(source=config.package_reference, cache_handler=cache_handler)
+
     trusted_packages = TrustedPackages(
-        names=TopPyPiReference(source=config.pypi_reference, cache_handler=cache_handler).get_packages(),
+        names=top_packages_reference.get_packages(),
         algorithm=EditDistance(),
         selector=get_candidate_selector(config.selector_method),
         threshold_class=SimilarityThreshold,
     )
-    normalized_allowlist_packages = TopPyPiReference.normalize_packages(config.allowlist)
+    normalized_allowlist_packages = top_packages_reference.normalize_packages(config.allowlist)
     dependencies = dependencies if dependencies else get_parsed_dependencies_from_file(config.dependency_file)
-    normalized_dependencies = TopPyPiReference.normalize_packages(dependencies)
+    normalized_dependencies = top_packages_reference.normalize_packages(dependencies)
 
     typos_list = TyposquatCheckResultList()
     dependencies_list = (
@@ -73,6 +76,10 @@ def check_dependencies(
     return typos_list
 
 
+def get_top_packages_reference(source: str, cache_handler: Optional[CacheHandler]) -> AbstractPackageReference:
+    return TopPyPiReference(source=source, cache_handler=cache_handler)
+
+
 def get_config(
     load_config_from_file: bool,
     config_file: Optional[str],

src/twyn/trusted_packages/references.py

@@ -118,3 +118,34 @@ def normalize_packages(packages: set[str]) -> set[str]:
                 raise PackageNormalizingError(f"Package name '{package}' does not match required pattern")
 
         return renamed_packages
+
+
+class TopNpmReference(AbstractPackageReference):
+    """Top npm packages retrieved from an online source."""
+
+    @override
+    @staticmethod
+    def _parse(packages_info: dict[str, Any]) -> set[str]:
+        try:
+            names = {row["project"] for row in packages_info["rows"]}
+        except KeyError as err:
+            raise InvalidPyPiFormatError from err
+
+        if not names:
+            raise EmptyPackagesListError
+
+        logger.debug("Successfully parsed trusted packages list")
+        return names
+
+    @override
+    @staticmethod
+    def normalize_packages(packages: set[str]) -> set[str]:
+        """Normalize dependency names according to npm https://packaging.python.org/en/latest/specifications/name-normalization/."""
+        renamed_packages = {re.sub(r"[-_.]+", "-", name).lower() for name in packages}
+
+        pattern = re.compile(r"^([a-z0-9]|[a-z0-9][a-z0-9._-]*[a-z0-9])\Z")  # noqa: F821
+        for package in renamed_packages:
+            if not pattern.match(package):
+                raise PackageNormalizingError(f"Package name '{package}' does not match required pattern")
+
+        return renamed_packages

tests/config/test_config_handler.py

@@ -31,21 +31,6 @@ class TestConfigHandler:
     def throw_exception(self) -> NoReturn:
         raise PathNotFoundError
 
-    @patch("twyn.file_handler.file_handler.FileHandler.read")
-    def test_no_enforce_file_on_non_existent_file(self, mock_is_file: Mock) -> None:
-        """Resolving the config without enforcing the file to be present gives you defaults."""
-        mock_is_file.side_effect = self.throw_exception
-        config = ConfigHandler(FileHandler(DEFAULT_PROJECT_TOML_FILE)).resolve_config()
-
-        assert config == TwynConfiguration(
-            dependency_file=None,
-            selector_method="all",
-            logging_level=AvailableLoggingLevels.warning,
-            allowlist=set(),
-            pypi_reference=DEFAULT_TOP_PYPI_PACKAGES,
-            use_cache=True,
-        )
-
     def test_config_raises_for_unknown_file(self) -> None:
         with pytest.raises(TOMLError):
             ConfigHandler(FileHandler("non-existent-file.toml")).resolve_config()
@@ -68,7 +53,7 @@ def test_get_twyn_data_from_file(self, pyproject_toml_file: Path) -> None:
             selector_method="all",
             logging_level="debug",
             allowlist={"boto4", "boto2"},
-            pypi_reference=None,
+            package_reference=None,
             use_cache=False,
         )
 
@@ -107,7 +92,7 @@ def test_write_toml(self, pyproject_toml_file: Path) -> None:
                     "selector_method": "all",
                     "logging_level": "debug",
                     "allowlist": {},
-                    "pypi_reference": DEFAULT_TOP_PYPI_PACKAGES,
+                    "package_reference": DEFAULT_TOP_PYPI_PACKAGES,
                     "use_cache": False,
                 },
             }
@@ -149,7 +134,7 @@ def test_no_load_config_from_cache(self, pyproject_toml_file: Path) -> None:
         assert config.logging_level == AvailableLoggingLevels.warning
         assert config.use_cache is True
         assert config.selector_method == DEFAULT_SELECTOR_METHOD
-        assert config.pypi_reference == DEFAULT_TOP_PYPI_PACKAGES
+        assert config.package_reference == DEFAULT_TOP_PYPI_PACKAGES
 
     def test_cannot_write_if_file_not_configured(self) -> None:
         with pytest.raises(ConfigFileNotConfiguredError, match="write operation"):

tests/core/test_config_handler.py

@@ -0,0 +1,193 @@
+import dataclasses
+from copy import deepcopy
+from pathlib import Path
+from unittest.mock import patch
+
+import pytest
+from tomlkit import TOMLDocument, dumps, parse
+from twyn.base.constants import DEFAULT_PROJECT_TOML_FILE, DEFAULT_TOP_PYPI_PACKAGES, AvailableLoggingLevels
+from twyn.config.config_handler import ConfigHandler, ReadTwynConfiguration, TwynConfiguration
+from twyn.config.exceptions import (
+    AllowlistPackageAlreadyExistsError,
+    AllowlistPackageDoesNotExistError,
+    InvalidSelectorMethodError,
+    TOMLError,
+)
+from twyn.file_handler.exceptions import PathNotFoundError
+from twyn.file_handler.file_handler import FileHandler
+
+
+class TestConfig:
+    def throw_exception(self):
+        raise PathNotFoundError
+
+    def test_config_raises_for_unknown_file(self):
+        with pytest.raises(TOMLError):
+            ConfigHandler(FileHandler("non-existent-file.toml")).resolve_config()
+
+    def test_read_config_values(self, pyproject_toml_file):
+        config = ConfigHandler(file_handler=FileHandler(pyproject_toml_file)).resolve_config()
+        assert config.dependency_file == "my_file.txt"
+        assert config.selector_method == "all"
+        assert config.logging_level == AvailableLoggingLevels.debug
+        assert config.allowlist == {"boto4", "boto2"}
+
+    def test_get_twyn_data_from_file(self, pyproject_toml_file):
+        handler = ConfigHandler(FileHandler(str(pyproject_toml_file)))
+
+        toml = handler._read_toml()
+        twyn_data = ConfigHandler(FileHandler(pyproject_toml_file))._get_read_config(toml)
+        assert twyn_data == ReadTwynConfiguration(
+            dependency_file="my_file.txt",
+            selector_method="all",
+            logging_level="debug",
+            allowlist={"boto4", "boto2"},
+            package_reference=None,
+        )
+
+    def test_write_toml(self, pyproject_toml_file):
+        handler = ConfigHandler(FileHandler(pyproject_toml_file))
+        toml = handler._read_toml()
+
+        initial_config = handler.resolve_config()
+        to_write = deepcopy(initial_config)
+        to_write = dataclasses.replace(to_write, allowlist={})
+
+        handler._write_config(toml, to_write)
+
+        new_config = handler.resolve_config()
+
+        assert new_config != initial_config
+        assert new_config.allowlist == set()
+        # Writing the config should result in changes in the twyn section but
+        # nowhere else
+        assert handler._read_toml() == {
+            "tool": {
+                "poetry": {
+                    "dependencies": {
+                        "python": "^3.11",
+                        "requests": "^2.28.2",
+                        "dparse": "^0.6.2",
+                        "click": "^8.1.3",
+                        "rich": "^13.3.1",
+                        "rapidfuzz": "^2.13.7",
+                        "regex": "^2022.10.31",
+                    },
+                    "scripts": {"twyn": "twyn.cli:entry_point"},
+                },
+                "twyn": {
+                    "dependency_file": "my_file.txt",
+                    "selector_method": "all",
+                    "logging_level": "debug",
+                    "allowlist": {},
+                    "package_reference": DEFAULT_TOP_PYPI_PACKAGES,
+                },
+            }
+        }
+
+
+class TestAllowlistConfigHandler:
+    @patch("twyn.file_handler.file_handler.FileHandler.write")
+    @patch("twyn.config.config_handler.ConfigHandler._read_toml")
+    def test_allowlist_add(self, mock_toml, mock_write_toml):
+        mock_toml.return_value = TOMLDocument()
+
+        config = ConfigHandler(FileHandler("some-file"))
+
+        config.add_package_to_allowlist("mypackage")
+
+        final_toml = config._read_toml()
+
+        assert final_toml == {"tool": {"twyn": {"allowlist": ["mypackage"]}}}
+        assert mock_write_toml.called
+
+    @patch("twyn.config.config_handler.ConfigHandler._write_toml")
+    @patch("twyn.config.config_handler.ConfigHandler._read_toml")
+    def test_allowlist_add_duplicate_error(self, mock_toml, mock_write_toml):
+        mock_toml.return_value = parse(dumps({"tool": {"twyn": {"allowlist": ["mypackage"]}}}))
+
+        config = ConfigHandler(FileHandler("some-file"))
+        with pytest.raises(
+            AllowlistPackageAlreadyExistsError,
+            match="Package 'mypackage' is already present in the allowlist. Skipping.",
+        ):
+            config.add_package_to_allowlist("mypackage")
+
+        assert not mock_write_toml.called
+
+    @patch("twyn.config.config_handler.ConfigHandler._write_toml")
+    @patch("twyn.config.config_handler.ConfigHandler._read_toml")
+    def test_allowlist_remove_completely(self, mock_toml, mock_write_toml):
+        mock_toml.return_value = parse(dumps({"tool": {"twyn": {"allowlist": ["mypackage"]}}}))
+
+        config = ConfigHandler(FileHandler("some-file"))
+
+        config.remove_package_from_allowlist("mypackage")
+        assert config._read_toml() == {"tool": {"twyn": {}}}
+
+    @patch("twyn.config.config_handler.ConfigHandler._write_toml")
+    @patch("twyn.config.config_handler.ConfigHandler._read_toml")
+    def test_allowlist_remove(self, mock_toml, mock_write_toml):
+        mock_toml.return_value = parse(dumps({"tool": {"twyn": {"allowlist": ["mypackage", "another-package"]}}}))
+
+        config = ConfigHandler(FileHandler("some-file"))
+
+        config.remove_package_from_allowlist("mypackage")
+        assert config._read_toml() == {"tool": {"twyn": {"allowlist": ["another-package"]}}}
+
+    @patch("twyn.config.config_handler.ConfigHandler._write_toml")
+    @patch("twyn.config.config_handler.ConfigHandler._read_toml")
+    def test_allowlist_remove_non_existent_package_error(self, mock_toml, mock_write_toml):
+        mock_toml.return_value = parse(dumps({"tool": {"twyn": {"allowlist": ["mypackage"]}}}))
+
+        config = ConfigHandler(FileHandler("some-file"))
+        with pytest.raises(
+            AllowlistPackageDoesNotExistError,
+            match="Package 'mypackage2' is not present in the allowlist. Skipping.",
+        ):
+            config.remove_package_from_allowlist("mypackage2")
+
+        assert not mock_write_toml.called
+
+    @pytest.mark.parametrize("valid_selector", ["first-letter", "nearby-letter", "all"])
+    def test_valid_selector_methods_accepted(self, valid_selector: str, tmp_path: Path):
+        """Test that all valid selector methods are accepted."""
+        pyproject_toml = tmp_path / "pyproject.toml"
+        pyproject_toml.write_text("")
+        config = ConfigHandler(FileHandler(str(pyproject_toml)))
+
+        # Should not raise any exception
+        resolved_config = config.resolve_config(selector_method=valid_selector)
+        assert resolved_config.selector_method == valid_selector
+
+    def test_invalid_selector_method_rejected(self, tmp_path: Path):
+        """Test that invalid selector methods are rejected with appropriate error."""
+        pyproject_toml = tmp_path / "pyproject.toml"
+        pyproject_toml.write_text("")
+        config = ConfigHandler(FileHandler(str(pyproject_toml)))
+
+        with pytest.raises(InvalidSelectorMethodError) as exc_info:
+            config.resolve_config(selector_method="random-selector")
+
+        error_message = str(exc_info.value)
+        assert "Invalid selector_method 'random-selector'" in error_message
+        assert "Must be one of: all, first-letter, nearby-letter" in error_message
+
+    def test_invalid_selector_method_from_config_file(self, tmp_path: Path):
+        """Test that invalid selector method from config file is rejected."""
+        # Create a config file with invalid selector method
+        pyproject_toml = tmp_path / "pyproject.toml"
+        data = """
+        [tool.twyn]
+        selector_method="invalid-selector"
+        """
+        pyproject_toml.write_text(data)
+
+        config = ConfigHandler(FileHandler(str(pyproject_toml)))
+
+        with pytest.raises(InvalidSelectorMethodError) as exc_info:
+            config.resolve_config()
+
+        error_message = str(exc_info.value)
+        assert "Invalid selector_method 'invalid-selector'" in error_message
+        assert "Must be one of: all, first-letter, nearby-letter" in error_message