fix: fix invalid poetry detection

package.json

@@ -126,7 +126,7 @@
     "snyk-nuget-plugin": "1.21.1",
     "snyk-php-plugin": "1.9.2",
     "snyk-policy": "1.19.0",
-    "snyk-python-plugin": "1.19.8",
+    "snyk-python-plugin": "1.19.9",
     "snyk-resolve": "1.1.0",
     "snyk-resolve-deps": "4.7.2",
     "snyk-sbt-plugin": "2.11.0",

src/lib/detect.ts

@@ -3,7 +3,10 @@ import * as pathLib from 'path';
 import * as debugLib from 'debug';
 const endsWith = require('lodash.endswith');
 import { NoSupportedManifestsFoundError } from './errors';
-import { SupportedPackageManagers } from './package-managers';
+import {
+  SupportedPackageManagers,
+  SUPPORTED_MANIFEST_FILES,
+} from './package-managers';
 
 const debug = debugLib('snyk-detect');
 
@@ -29,7 +32,6 @@ const DETECTABLE_FILES: string[] = [
   'composer.lock',
   'Podfile',
   'Podfile.lock',
-  'pyproject.toml',
   'poetry.lock',
   'mix.exs',
   'mix.lock',
@@ -57,46 +59,45 @@ export const AUTO_DETECTABLE_FILES: string[] = [
   'build.sbt',
   'build.gradle',
   'build.gradle.kts',
-  'pyproject.toml',
   'poetry.lock',
   'mix.exs',
   'mix.lock',
 ];
 
 // when file is specified with --file, we look it up here
+// this is also used when --all-projects flag is enabled and auto detection plugin is triggered
 const DETECTABLE_PACKAGE_MANAGERS: {
-  [name: string]: SupportedPackageManagers;
+  [key in SUPPORTED_MANIFEST_FILES]: SupportedPackageManagers;
 } = {
-  Gemfile: 'rubygems',
-  'Gemfile.lock': 'rubygems',
-  '.gemspec': 'rubygems',
-  'package-lock.json': 'npm',
-  'pom.xml': 'maven',
-  '.jar': 'maven',
-  '.war': 'maven',
-  'build.gradle': 'gradle',
-  'build.gradle.kts': 'gradle',
-  'build.sbt': 'sbt',
-  'yarn.lock': 'yarn',
-  'package.json': 'npm',
-  Pipfile: 'pip',
-  'setup.py': 'pip',
-  'requirements.txt': 'pip',
-  'Gopkg.lock': 'golangdep',
-  'go.mod': 'gomodules',
-  'vendor.json': 'govendor',
-  'project.assets.json': 'nuget',
-  'packages.config': 'nuget',
-  'project.json': 'nuget',
-  'paket.dependencies': 'paket',
-  'composer.lock': 'composer',
-  'Podfile.lock': 'cocoapods',
-  'CocoaPods.podfile.yaml': 'cocoapods',
-  'CocoaPods.podfile': 'cocoapods',
-  Podfile: 'cocoapods',
-  'pyproject.toml': 'poetry',
-  'poetry.lock': 'poetry',
-  'mix.exs': 'hex',
+  [SUPPORTED_MANIFEST_FILES.GEMFILE]: 'rubygems',
+  [SUPPORTED_MANIFEST_FILES.GEMFILE_LOCK]: 'rubygems',
+  [SUPPORTED_MANIFEST_FILES.GEMSPEC]: 'rubygems',
+  [SUPPORTED_MANIFEST_FILES.PACKAGE_LOCK_JSON]: 'npm',
+  [SUPPORTED_MANIFEST_FILES.POM_XML]: 'maven',
+  [SUPPORTED_MANIFEST_FILES.JAR]: 'maven',
+  [SUPPORTED_MANIFEST_FILES.WAR]: 'maven',
+  [SUPPORTED_MANIFEST_FILES.BUILD_GRADLE]: 'gradle',
+  [SUPPORTED_MANIFEST_FILES.BUILD_GRADLE_KTS]: 'gradle',
+  [SUPPORTED_MANIFEST_FILES.BUILD_SBT]: 'sbt',
+  [SUPPORTED_MANIFEST_FILES.YARN_LOCK]: 'yarn',
+  [SUPPORTED_MANIFEST_FILES.PACKAGE_JSON]: 'npm',
+  [SUPPORTED_MANIFEST_FILES.PIPFILE]: 'pip',
+  [SUPPORTED_MANIFEST_FILES.SETUP_PY]: 'pip',
+  [SUPPORTED_MANIFEST_FILES.REQUIREMENTS_TXT]: 'pip',
+  [SUPPORTED_MANIFEST_FILES.GOPKG_LOCK]: 'golangdep',
+  [SUPPORTED_MANIFEST_FILES.GO_MOD]: 'gomodules',
+  [SUPPORTED_MANIFEST_FILES.VENDOR_JSON]: 'govendor',
+  [SUPPORTED_MANIFEST_FILES.PROJECT_ASSETS_JSON]: 'nuget',
+  [SUPPORTED_MANIFEST_FILES.PACKAGES_CONFIG]: 'nuget',
+  [SUPPORTED_MANIFEST_FILES.PROJECT_JSON]: 'nuget',
+  [SUPPORTED_MANIFEST_FILES.PAKET_DEPENDENCIES]: 'paket',
+  [SUPPORTED_MANIFEST_FILES.COMPOSER_LOCK]: 'composer',
+  [SUPPORTED_MANIFEST_FILES.PODFILE_LOCK]: 'cocoapods',
+  [SUPPORTED_MANIFEST_FILES.COCOAPODS_PODFILE_YAML]: 'cocoapods',
+  [SUPPORTED_MANIFEST_FILES.COCOAPODS_PODFILE]: 'cocoapods',
+  [SUPPORTED_MANIFEST_FILES.PODFILE]: 'cocoapods',
+  [SUPPORTED_MANIFEST_FILES.POETRY_LOCK]: 'poetry',
+  [SUPPORTED_MANIFEST_FILES.MIX_EXS]: 'hex',
 };
 
 export function isPathToPackageFile(path) {
@@ -200,6 +201,7 @@ export function detectPackageManagerFromFile(
     // we throw and error here because the file was specified by the user
     throw new Error('Could not detect package manager for file: ' + file);
   }
+
   return DETECTABLE_PACKAGE_MANAGERS[key];
 }
 

src/lib/package-managers.ts

@@ -16,6 +16,38 @@ export type SupportedPackageManagers =
   | 'poetry'
   | 'hex';
 
+export enum SUPPORTED_MANIFEST_FILES {
+  GEMFILE = 'Gemfile',
+  GEMFILE_LOCK = 'Gemfile.lock',
+  GEMSPEC = '.gemspec',
+  PACKAGE_LOCK_JSON = 'package-lock.json',
+  POM_XML = 'pom.xml',
+  JAR = '.jar',
+  WAR = '.war',
+  BUILD_GRADLE = 'build.gradle',
+  BUILD_GRADLE_KTS = 'build.gradle.kts',
+  BUILD_SBT = 'build.sbt',
+  YARN_LOCK = 'yarn.lock',
+  PACKAGE_JSON = 'package.json',
+  PIPFILE = 'Pipfile',
+  SETUP_PY = 'setup.py',
+  REQUIREMENTS_TXT = 'requirements.txt',
+  GOPKG_LOCK = 'Gopkg.lock',
+  GO_MOD = 'go.mod',
+  VENDOR_JSON = 'vendor.json',
+  PROJECT_ASSETS_JSON = 'project.assets.json',
+  PACKAGES_CONFIG = 'packages.config',
+  PROJECT_JSON = 'project.json',
+  PAKET_DEPENDENCIES = 'paket.dependencies',
+  COMPOSER_LOCK = 'composer.lock',
+  PODFILE_LOCK = 'Podfile.lock',
+  COCOAPODS_PODFILE_YAML = 'CocoaPods.podfile.yaml',
+  COCOAPODS_PODFILE = 'CocoaPods.podfile',
+  PODFILE = 'Podfile',
+  POETRY_LOCK = 'poetry.lock',
+  MIX_EXS = 'mix.exs',
+}
+
 export const SUPPORTED_PACKAGE_MANAGER_NAME: {
   readonly [packageManager in SupportedPackageManagers]: string;
 } = {

test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts

@@ -933,7 +933,7 @@ if (!isWindows) {
       'sends version number',
     );
     t.match(req.url, '/monitor/poetry/graph', 'puts at correct url');
-    t.equal(req.body.targetFile, 'pyproject.toml', 'sends targetFile');
+    t.equal(req.body.targetFile, 'poetry.lock', 'sends targetFile');
     const depGraphJSON = req.body.depGraphJSON;
     t.ok(depGraphJSON);
   });

test/acceptance/cli-test/cli-test.all-projects.spec.ts

@@ -1154,26 +1154,5 @@ export const AllProjectsTests: AcceptanceTests = {
         'Go dep package manager',
       );
     },
-    '`test mono-repo-poetry --all-projects`': (params, utils) => async (t) => {
-      utils.chdirWorkspaces();
-      const res: CommandResult = await params.cli.test('mono-repo-poetry', {
-        allProjects: true,
-      });
-      t.match(
-        res.getDisplayResults(),
-        /Tested 2 projects, no vulnerable paths were found./,
-        'Two projects tested',
-      );
-      t.match(
-        res.getDisplayResults(),
-        'Package manager:   npm',
-        'Npm package manager',
-      );
-      t.match(
-        res.getDisplayResults(),
-        'Package manager:   poetry',
-        'Poetry package manager',
-      );
-    },
   },
 };

test/acceptance/cli-test/cli-test.python.spec.ts

@@ -279,22 +279,5 @@ export const PythonTests: AcceptanceTests = {
         'calls python plugin',
       );
     },
-    '`test poetry-app with pyproject.toml and poetry.lock`': (
-      params,
-      utils,
-    ) => async (t) => {
-      utils.chdirWorkspaces();
-      await params.cli.test('poetry-app', {});
-      const req = params.server.popRequest();
-      t.equal(req.method, 'POST', 'makes POST request');
-      t.equal(
-        req.headers['x-snyk-cli-version'],
-        params.versionNumber,
-        'sends version number',
-      );
-      t.match(req.url, '/test-dep-graph', 'posts to correct url');
-      t.equal(req.body.targetFile, 'pyproject.toml', 'specifies target');
-      t.equal(req.body.depGraph.pkgManager.name, 'poetry');
-    },
   },
 };

test/jest/system/snyk-test/python/fixtures/pyproject-with-poetry/Pipfile

@@ -0,0 +1,12 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+flask = "*"
+
+[dev-packages]
+
+[requires]
+python_version = "3.8"