From a90897d109625a385ef0157090e29d2edd000821 Mon Sep 17 00:00:00 2001 From: chenhaoxuan Date: Thu, 2 Jan 2025 18:34:40 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=88=A0=E9=99=A4=E5=91=BD=E4=BB=A4?= =?UTF-8?q?=E8=A1=8C=E4=B8=AD=E4=BC=A0=E5=8F=82=E7=A7=81=E6=9C=89=E6=BA=90?= =?UTF-8?q?=E5=92=8C=E4=BB=A3=E7=90=86=E5=9C=B0=E5=9D=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cmd/murphy/internal/scan/cmd.go | 6 ----- env/python.go | 6 +++++ module/go_mod/go.go | 15 ------------ module/python/venv.go | 43 ++++++++++++++++----------------- 4 files changed, 27 insertions(+), 43 deletions(-) create mode 100644 env/python.go diff --git a/cmd/murphy/internal/scan/cmd.go b/cmd/murphy/internal/scan/cmd.go index 93dc10d..7042b0d 100644 --- a/cmd/murphy/internal/scan/cmd.go +++ b/cmd/murphy/internal/scan/cmd.go @@ -39,8 +39,6 @@ var sbomOutputType common.SBOMFormatFlag var webhookAddr string var webhookMode common.WebhookModeFlag var extraData string -var privateSourceAddr string -var proxyAddr string func Cmd() *cobra.Command { var c cobra.Command @@ -60,8 +58,6 @@ func Cmd() *cobra.Command { c.Flags().StringVar(&webhookAddr, "webhook-addr", "", "specify the webhook address") c.Flags().Var(&webhookMode, "webhook-mode", "specify the webhook mode, currently supports: simple, full") c.Flags().StringVar(&extraData, "extra-data", "", "specify the extra data") - c.Flags().StringVar(&privateSourceAddr, "private-source-addr", "", "specify the private source address") - c.Flags().StringVar(&proxyAddr, "proxy-addr", "", "specify the proxy address") return &c } @@ -83,8 +79,6 @@ func DfCmd() *cobra.Command { c.Flags().StringVar(&webhookAddr, "webhook-addr", "", "specify the webhook address") c.Flags().Var(&webhookMode, "webhook-mode", "specify the webhook mode, currently supports: simple, full(default)") c.Flags().StringVar(&extraData, "extra-data", "", "specify the extra data") - c.Flags().StringVar(&privateSourceAddr, "private-source-addr", "", "specify the private source address") - c.Flags().StringVar(&proxyAddr, "proxy-addr", "", "specify the proxy address") return &c } diff --git a/env/python.go b/env/python.go new file mode 100644 index 0000000..e0f0568 --- /dev/null +++ b/env/python.go @@ -0,0 +1,6 @@ +package env + +import "os" + +var PIP_SOURCE_ADDR = os.Getenv("PIP_SOURCE_ADDR") +var PIPREQS_SERVER_SOURCE_ADDR = os.Getenv("PIPREQS_SERVER_SOURCE_ADDR") diff --git a/module/go_mod/go.go b/module/go_mod/go.go index 70f3904..48298de 100644 --- a/module/go_mod/go.go +++ b/module/go_mod/go.go @@ -4,11 +4,9 @@ import ( "context" "path/filepath" - "github.com/murphysecurity/murphysec/infra/logctx" "github.com/murphysecurity/murphysec/model" "github.com/murphysecurity/murphysec/utils" "github.com/pkg/errors" - "go.uber.org/zap" ) type Inspector struct{} @@ -26,19 +24,6 @@ func (Inspector) CheckDir(dir string) bool { } func (Inspector) InspectProject(ctx context.Context) error { - logger := logctx.Use(ctx) - if privatePath, ok := ctx.Value("privateSourceAddr").(string); ok { - logger.Debug("Use private path", zap.String("path", privatePath)) - if err := setPrivatePath(privatePath, logger); err != nil { - return err - } - } - if proxyPath, ok := ctx.Value("proxyAddr").(string); ok { - logger.Debug("Use proxy path", zap.String("path", proxyPath)) - if err := setProxyPath(proxyPath, logger); err != nil { - return err - } - } if err := buildScan(ctx); err != nil { if err := baseScan(ctx); err != nil { return err diff --git a/module/python/venv.go b/module/python/venv.go index 11019ee..f8ce0ed 100644 --- a/module/python/venv.go +++ b/module/python/venv.go @@ -5,6 +5,7 @@ import ( "bytes" "encoding/json" "fmt" + "github.com/murphysecurity/murphysec/env" "github.com/murphysecurity/murphysec/model" "go.uber.org/zap" "golang.org/x/net/context" @@ -42,12 +43,13 @@ func getVenvPath(basePath string) string { return "" } -func newVenv(dir string, logger *zap.SugaredLogger) error { +func newVenv(dir string, pythonVersion string, logger *zap.SugaredLogger) error { var out bytes.Buffer var errout bytes.Buffer env := os.Environ() logger.Debug(zap.Any("env", env)) - cmd := exec.Command("bash", "-c", "/usr/local/python3.10/bin/python3.10 -m venv virtual_venv") + pythonVersion = "./" + pythonVersion + cmd := exec.Command("bash", "-c", pythonVersion+" -m venv virtual_venv") cmd.Dir = dir cmd.Stdout = &out cmd.Stderr = &errout @@ -82,10 +84,11 @@ func newPipConf(basePath string, privateAddr string) error { } return nil } -func updatePip(dir string, logger *zap.SugaredLogger) error { +func updatePip(dir string, pythonVersion string, logger *zap.SugaredLogger) error { var out bytes.Buffer var errout bytes.Buffer - cmd := exec.Command("./python3.10", "-m", "pip", "install", "--upgrade", "pip") + pythonVersion = "./" + pythonVersion + cmd := exec.Command(pythonVersion, "-m", "pip", "install", "--upgrade", "pip") cmd.Stdout = &out cmd.Dir = dir if err := cmd.Run(); err != nil { @@ -102,8 +105,8 @@ func pipreqs(dir string, projectPath, savePath string, logger *zap.SugaredLogger logger.Debug(zap.String("pipreqs projectPath", projectPath)) logger.Debug(zap.String("pipreqs savepath", savePath)) var pypiserverAddr string - if s := getPipreqsServerSourctAddr(); s != "" { - pypiserverAddr = "--pypi-server=" + s + if env.PIPREQS_SERVER_SOURCE_ADDR != "" { + pypiserverAddr = "--pypi-server=" + env.PIPREQS_SERVER_SOURCE_ADDR } cmd := exec.Command("./pipreqs", projectPath, "--savepath", savePath, "--encoding=utf-8", "--ignore=virtual_venv", pypiserverAddr) cmd.Dir = dir @@ -278,11 +281,12 @@ func directDependenceSurvival(mod *[]model.DependencyItem, nvMp map[string]strin } } } -func pipenv() string { - return os.Getenv("PIP_SOURCE_ADDR") -} -func getPipreqsServerSourctAddr() string { - return os.Getenv("PIPREQS_SERVER_SOURCE_ADDR") +func getPythonVersion() string { + _, err := exec.LookPath("python3.10") + if err != nil { + return "python" + } + return "python3.10" } func Run(ctx context.Context, dir string, logger *zap.SugaredLogger, nvMp map[string]string) ([]model.DependencyItem, error) { var mod []model.DependencyItem @@ -290,22 +294,17 @@ func Run(ctx context.Context, dir string, logger *zap.SugaredLogger, nvMp map[st venvPath := getVenvPath(dir) requirementsPath := filepath.Join(dir, "requirements.txt") venvRequirementsPath := filepath.Join(venvPath, "requirements.txt") - if err := newVenv(dir, logger); err != nil { + pythonVersion := getPythonVersion() + if err := newVenv(dir, pythonVersion, logger); err != nil { return nil, err } - if privatePath, ok := ctx.Value("privateSourceAddr").(string); ok { - logger.Debug("Use private path", zap.String("path", privatePath)) - if err := newPipConf(dir, privatePath); err != nil { - return nil, err - } - } - if envSource := pipenv(); envSource != "" { - logger.Debug("Use private path", zap.String("path", envSource)) - if err := newPipConf(dir, envSource); err != nil { + if env.PIP_SOURCE_ADDR != "" { + logger.Debug("Use private path", zap.String("path", env.PIP_SOURCE_ADDR)) + if err := newPipConf(dir, env.PIP_SOURCE_ADDR); err != nil { return nil, err } } - if err := updatePip(venvPath, logger); err != nil { + if err := updatePip(venvPath, pythonVersion, logger); err != nil { return nil, err } if err := setPipTimeout(); err != nil {