Modify utils.js and its test code

Signed-off-by: ambuj <[email protected]>

Author: ambuj-1211

lib/helpers/utils.js

@@ -4927,9 +4927,9 @@ export function parsePyProjectTomlFile(tomlFile) {
   ) {
     poetryMode = true;
   }
-  const requires = tomlData?.["build-system"]?.["requires"];
-  if (requires && Array.isArray(requires)) {
-    for (const req of requires) {
+  const buildRequires = tomlData?.["build-system"]?.["requires"];
+  if (buildRequires && Array.isArray(buildRequires)) {
+    for (const req of buildRequires) {
       if (req.startsWith("poetry-core") && req.includes(">=2.0")) {
         isPoetryV2 = true;
         break;
@@ -13529,9 +13529,9 @@ export function getPipFrozenTree(
       });
       thoughtLog("Performing poetry install");
       let poetryInstallArgs = ["-m", "poetry", "install", "-n", "--no-root"];
-      const isPoetryV2 = parsePyProjectTomlFile(
-        join(basePath, "pyproject.toml"),
-      ).isPoetryV2;
+
+      const pyprojectpath = safeExistsSync(join(basePath, "pyproject.toml"));
+      const isPoetryV2 = parsePyProjectTomlFile(pyprojectpath).isPoetryV2;
       // checking if poetryV2 is true or not
       if (isPoetryV2) {
         // Include all dependency groups and extras (Poetry v2+)

lib/helpers/utils.test.js

@@ -4975,29 +4975,33 @@ test("parse pyproject.toml", () => {
 
 test("parse pyproject.toml with poetryv2 requirement", () => {
   const retMap = parsePyProjectTomlFile("./test/data/pyproject_poetryv2.toml");
-  // expect(retMap.parentComponent).toEqual({
-  //   name: "cpggen",
-  //   version: "1.9.0",
-  //   description:
-  //     "Generate CPG for multiple languages for code and threat analysis",
-  //   license: "Apache-2.0",
-  //   author: "Team AppThreat <[email protected]>",
-  //   homepage: { url: "https://github.com/AppThreat/cpggen" },
-  //   repository: { url: "https://github.com/AppThreat/cpggen" },
-  //   tags: [
-  //     "atom",
-  //     "code analysis",
-  //     "code property graph",
-  //     "cpg",
-  //     "joern",
-  //     "static analysis",
-  //     "threat analysis",
-  //   ],
-  //   type: "application",
-  //   "bom-ref": "pkg:pypi/[email protected]",
-  //   purl: "pkg:pypi/[email protected]",
-  //   evidence: { identity: { field: "purl", confidence: 1, methods: [Array] } },
-  // });
+  expect(retMap.parentComponent).toEqual({
+    name: "blint",
+    version: "2.4.2",
+    description: "Linter and SBOM generator for binary files.",
+    license: "MIT",
+    authors: [{ name: "Team AppThreat", email: "[email protected]" }],
+    homepage: { url: "https://github.com/owasp-dep-scan/blint" },
+    repository: { url: "https://github.com/owasp-dep-scan/blint" },
+    tags: ["binary", "linter", "sast", "security"],
+    properties: [{ name: "cdx:pypi:requiresPython", value: ">=3.10,<3.14" }],
+    type: "application",
+    "bom-ref": "pkg:pypi/[email protected]",
+    purl: "pkg:pypi/[email protected]",
+    evidence: {
+      identity: {
+        field: "purl",
+        confidence: 1,
+        methods: [
+          {
+            technique: "manifest-analysis",
+            confidence: 1,
+            value: "./test/data/pyproject_poetryv2.toml",
+          },
+        ],
+      },
+    },
+  });
   expect(retMap.isPoetryV2).toBeTruthy();
 });
 

test/data/pyproject_poetryv2.toml

@@ -1,52 +1,81 @@
-[tool.poetry]
-name = "cpggen"
-version = "1.9.0" # 1.9.0 is not version 2.0.0
-description = "Generate CPG for multiple languages for code and threat analysis"
-authors = ["Team AppThreat <[email protected]>"]
-license = "Apache-2.0"
+[project]
+name = "blint"
+version = "2.4.2"
+description = "Linter and SBOM generator for binary files."
+authors = [
+    {name= "Team AppThreat", email = "[email protected]"},
+]
+dependencies = [
+    "lief>=0.16.6",
+    "rich>=14.0.0",
+    "PyYAML>=6.0.2",
+    "defusedxml>=0.7.1",
+    "pydantic[email]>=2.11.3",
+    "orjson>=3.10.16",
+    "symbolic==10.2.1",
+    "ar>=1.0.0",
+    "custom-json-diff>=2.1.6",
+    "appdirs>=1.4.4",
+    "apsw>=3.49.1.0",
+    "packageurl-python>=0.16.0",
+    "oras>=0.2.28",
+]
+license = "MIT"
 readme = "README.md"
-packages = [{include = "cpggen"}]
-homepage = "https://github.com/AppThreat/cpggen"
-repository = "https://github.com/AppThreat/cpggen"
-keywords = ["joern", "code analysis", "static analysis", "cpg", "code property graph", "atom", "threat analysis"]
+homepage = "https://github.com/owasp-dep-scan/blint"
+repository = "https://github.com/owasp-dep-scan/blint"
+keywords = ["linter", "binary", "security", "sast"]
 classifiers = [
     "Development Status :: 5 - Production/Stable",
     "Intended Audience :: Developers",
     "Intended Audience :: System Administrators",
     "Topic :: Utilities",
     "Topic :: Security",
-    "Programming Language :: Python :: 3.8",
-    "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
     "Operating System :: OS Independent",
 ]
-exclude = ["contrib", "tests"]
-include = ["cpggen/atom/*"]
-
-[tool.poetry.scripts]
-atomgen = 'cpggen.cli:main'
-cpggen = 'cpggen.cli:main'
-cpg = 'cpggen.cli:main'
-
-[tool.poetry.dependencies]
-python = ">=3.8.1,<3.12"
-rich = "^13.4.2"
-gitpython = "^3.1.31"
-quart = "^0.18.4"
-psutil = "^5.9.5"
-packageurl-python = "^0.11.1"
-httpx = "^0.24.1"
-
-[tool.poetry.group.dev.dependencies]
-pytest = "^7.4.0"
-black = "^23.3.0"
-flake8 = "^6.0.0"
-pytest-cov = "^4.0.0"
-pyinstaller = "^5.12.0"
-bandit = "^1.7.5"
-pylint = "^2.17.4"
+requires-python = ">=3.10,<3.14"
+include = ["blint/data/*.yml"]
+
+[project.urls]
+"CI" = "https://github.com/owasp-dep-scan/blint/actions"
+
+[project.scripts]
+blint = 'blint.cli:main'
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8.3.5",
+    "black>=25.1.0",
+    "flake8>=7.2.0",
+    "pylint>=3.3.6",
+    "pytest-cov>=6.1.1",
+    "pyinstaller>=6.12.0"
+]
+
+[tool.black]
+line-length = 99
 
 [build-system]
 requires = ["poetry-core>=2.0.0"]
 build-backend = "poetry.core.masonry.api"
+
+[tool.pytest.ini_options]
+addopts = "--verbose --cov-append --cov-report term --cov blint"
+
+[tool.pylint]
+generated-members = ["lief", "orjson"]
+ignore-paths = ["blint/cyclonedx/*", "tests/*"]
+# Let's not fuss about long strings
+ignore-long-lines = "[r|f]\""
+disable = ["missing-module-docstring", "logging-fstring-interpolation"]
+
+[tool.pylint.format]
+max-line-length = 99
+
+[tool.pylint.design]
+max-args = 6
+max-nested-blocks = 6