fix scan on empty python dep and add test cases

sobregosodd · sobregosodd · commit 1ede5dd1b420 · 2025-05-13T12:58:09.000+02:00
diff --git a/guarddog/scanners/pypi_project_scanner.py b/guarddog/scanners/pypi_project_scanner.py
@@ -76,8 +76,11 @@ def get_matched_versions(versions: set[str], semver_range: str) -> set[str]:
 
             # Filters to specified versions
             try:
-                spec = Specifier(semver_range)
-                result = [Version(m) for m in spec.filter(versions)]
+                matching_versions = versions
+                if semver_range:
+                    spec = Specifier(semver_range)
+                    matching_versions = set(spec.filter(versions))
+                result = [Version(m) for m in matching_versions]
             except ValueError:
                 # use it raw
                 return set([semver_range])
diff --git a/tests/core/test_npm_requirements_scanner.py b/tests/core/test_npm_requirements_scanner.py
@@ -10,12 +10,18 @@ def test_npm_requirements_scanner():
     {
         "dependencies": {
             "non-existing": "*",
-            "express": "4.x"
+            "express": "4.x",
+            "cors": "*"
         }
     }
     """)
     assert "non-existing" not in result  # ignoring non existing packages
     assert "express" in result
+    lookup = next(
+        filter(lambda r: r.name == "cors", result), None
+    )
+    assert lookup is not None
+    assert len(lookup.versions) == 1
 
 
 def test_npm_find_requirements():
diff --git a/tests/core/test_pypi_requirements_scanner.py b/tests/core/test_pypi_requirements_scanner.py
@@ -39,6 +39,7 @@ def test_requirements_scanner_on_git_url_packages():
                 "https://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl",
                 "guarddog @ git+https://github.com/DataDog/guarddog.git",
                 "git+https://github.com/DataDog/guarddog.git",
+                "requests",
             ]
         )
     )
@@ -48,4 +49,10 @@ def test_requirements_scanner_on_git_url_packages():
     assert lookup is not None
     assert "git+https://github.com/DataDog/guarddog.git" in [v.version for v in lookup.versions]
     assert "flask" in result
-    assert len(result) == 2
+    assert len(result) == 3
+    lookup = next(
+        filter(lambda r: r.name == "requests", result), None
+    )
+    assert lookup is not None
+    assert len(lookup.versions) == 1
+ 

Original file line number	Diff line number	Diff line change
`@@ -10,12 +10,18 @@ def test_npm_requirements_scanner():`
`10`	`10`	`{`
`11`	`11`	`"dependencies": {`
`12`	`12`	`"non-existing": "*",`
`13`		`- "express": "4.x"`
	`13`	`+ "express": "4.x",`
	`14`	`+ "cors": "*"`
`14`	`15`	`}`
`15`	`16`	`}`
`16`	`17`	`""")`
`17`	`18`	`assert "non-existing" not in result # ignoring non existing packages`
`18`	`19`	`assert "express" in result`
	`20`	`+ lookup = next(`
	`21`	`+ filter(lambda r: r.name == "cors", result), None`
	`22`	`+ )`
	`23`	`+ assert lookup is not None`
	`24`	`+ assert len(lookup.versions) == 1`
`19`	`25`
`20`	`26`
`21`	`27`	`def test_npm_find_requirements():`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ def test_requirements_scanner_on_git_url_packages():`
`39`	`39`	`"https://wxpython.org/Phoenix/snapshot-builds/wxPython_Phoenix-3.0.3.dev1820+49a8884-cp34-none-win_amd64.whl",`
`40`	`40`	`"guarddog @ git+https://github.com/DataDog/guarddog.git",`
`41`	`41`	`"git+https://github.com/DataDog/guarddog.git",`
	`42`	`+ "requests",`
`42`	`43`	`]`
`43`	`44`	`)`
`44`	`45`	`)`
`@@ -48,4 +49,10 @@ def test_requirements_scanner_on_git_url_packages():`
`48`	`49`	`assert lookup is not None`
`49`	`50`	`assert "git+https://github.com/DataDog/guarddog.git" in [v.version for v in lookup.versions]`
`50`	`51`	`assert "flask" in result`
`51`		`- assert len(result) == 2`
	`52`	`+ assert len(result) == 3`
	`53`	`+ lookup = next(`
	`54`	`+ filter(lambda r: r.name == "requests", result), None`
	`55`	`+ )`
	`56`	`+ assert lookup is not None`
	`57`	`+ assert len(lookup.versions) == 1`
	`58`	`+`