diff --git a/go.mod b/go.mod
index 1f1067e8c429..bce124252acd 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
github.com/alicebob/miniredis/v2 v2.30.4
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.90.3
- github.com/aquasecurity/go-dep-parser v0.0.0-20230626110909-e7ea5097483b
+ github.com/aquasecurity/go-dep-parser v0.0.0-20230627073354-fb7eb3159bd5
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
diff --git a/go.sum b/go.sum
index 133a6dfde8fa..555bfba6a0e8 100644
--- a/go.sum
+++ b/go.sum
@@ -323,8 +323,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.90.3 h1:ZBPhzS5/+75SLGEZe6fWFyWEuNtibNc7CZZXl2yQhjw=
github.com/aquasecurity/defsec v0.90.3/go.mod h1:VPkgjZz3dx3znIIVLZgbtFhSzN9aZC2409s5V5Oqb7o=
-github.com/aquasecurity/go-dep-parser v0.0.0-20230626110909-e7ea5097483b h1:9Ju7hWzTS8H9K/z1CqkJdZi+yxw1pZQZE11gVICtmTE=
-github.com/aquasecurity/go-dep-parser v0.0.0-20230626110909-e7ea5097483b/go.mod h1:VjG2wX19QDny5yKN+he0v9wuZjF0k+00173mh0FJCVU=
+github.com/aquasecurity/go-dep-parser v0.0.0-20230627073354-fb7eb3159bd5 h1:FA5XM/KP1l+PYH+QafFzzBjdsT+WxWTWsYGPzKrMeAQ=
+github.com/aquasecurity/go-dep-parser v0.0.0-20230627073354-fb7eb3159bd5/go.mod h1:VjG2wX19QDny5yKN+he0v9wuZjF0k+00173mh0FJCVU=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg=
diff --git a/pkg/fanal/analyzer/language/python/packaging/packaging_test.go b/pkg/fanal/analyzer/language/python/packaging/packaging_test.go
index 6d119a37db7a..7557f0081a59 100644
--- a/pkg/fanal/analyzer/language/python/packaging/packaging_test.go
+++ b/pkg/fanal/analyzer/language/python/packaging/packaging_test.go
@@ -63,18 +63,39 @@ func Test_packagingAnalyzer_Analyze(t *testing.T) {
},
},
{
- name: "egg-info no-license",
- inputFile: "testdata/no_license.egg-info/PKG-INFO",
+ name: "egg-info license classifiers",
+ inputFile: "testdata/classifier-license.egg-info/PKG-INFO",
want: &analyzer.AnalysisResult{
Applications: []types.Application{
{
Type: types.PythonPkg,
- FilePath: "testdata/no_license.egg-info/PKG-INFO",
+ FilePath: "testdata/classifier-license.egg-info/PKG-INFO",
Libraries: []types.Package{
{
Name: "setuptools",
Version: "51.3.3",
- FilePath: "testdata/no_license.egg-info/PKG-INFO",
+ Licenses: []string{"MIT License"},
+ FilePath: "testdata/classifier-license.egg-info/PKG-INFO",
+ },
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "dist-info license classifiers",
+ inputFile: "testdata/classifier-license.dist-info/METADATA",
+ want: &analyzer.AnalysisResult{
+ Applications: []types.Application{
+ {
+ Type: types.PythonPkg,
+ FilePath: "testdata/classifier-license.dist-info/METADATA",
+ Libraries: []types.Package{
+ {
+ Name: "setuptools",
+ Version: "51.3.3",
+ Licenses: []string{"MIT License"},
+ FilePath: "testdata/classifier-license.dist-info/METADATA",
},
},
},
diff --git a/pkg/fanal/analyzer/language/python/packaging/testdata/classifier-license.dist-info/METADATA b/pkg/fanal/analyzer/language/python/packaging/testdata/classifier-license.dist-info/METADATA
new file mode 100644
index 000000000000..fa35ca3301a7
--- /dev/null
+++ b/pkg/fanal/analyzer/language/python/packaging/testdata/classifier-license.dist-info/METADATA
@@ -0,0 +1,90 @@
+Metadata-Version: 2.1
+Name: setuptools
+Version: 51.3.3
+Summary: Easily download, build, install, upgrade, and uninstall Python packages
+Home-page: https://github.com/pypa/setuptools
+Author: Python Packaging Authority
+Author-email: distutils-sig@python.org
+Project-URL: Documentation, https://setuptools.readthedocs.io/
+Keywords: CPAN PyPI distutils eggs package management
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: System :: Archiving :: Packaging
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Utilities
+Requires-Python: >=3.6
+Provides-Extra: testing
+Provides-Extra: docs
+Provides-Extra: ssl
+Provides-Extra: certs
+
+.. image:: https://img.shields.io/pypi/v/setuptools.svg
+ :target: https://pypi.org/project/setuptools
+
+.. image:: https://img.shields.io/pypi/pyversions/setuptools.svg
+
+.. image:: https://github.com/pypa/setuptools/workflows/tests/badge.svg
+ :target: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
+ :alt: tests
+
+.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
+ :target: https://github.com/psf/black
+ :alt: Code style: Black
+
+.. image:: https://img.shields.io/readthedocs/setuptools/latest.svg
+ :target: https://setuptools.pypa.io
+
+.. image:: https://img.shields.io/badge/skeleton-2023-informational
+ :target: https://blog.jaraco.com/skeleton
+
+.. image:: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
+ :target: https://codecov.io/gh/pypa/setuptools
+
+.. image:: https://tidelift.com/badges/github/pypa/setuptools?style=flat
+ :target: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
+
+.. image:: https://img.shields.io/discord/803025117553754132
+ :target: https://discord.com/channels/803025117553754132/815945031150993468
+ :alt: Discord
+
+See the `Installation Instructions
+`_ in the Python Packaging
+User's Guide for instructions on installing, upgrading, and uninstalling
+Setuptools.
+
+Questions and comments should be directed to `GitHub Discussions
+`_.
+Bug reports and especially tested patches may be
+submitted directly to the `bug tracker
+`_.
+
+
+Code of Conduct
+===============
+
+Everyone interacting in the setuptools project's codebases, issue trackers,
+chat rooms, and fora is expected to follow the
+`PSF Code of Conduct `_.
+
+
+For Enterprise
+==============
+
+Available as part of the Tidelift Subscription.
+
+Setuptools and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.
+
+`Learn more `_.
+
+
+Security Contact
+================
+
+To report a security vulnerability, please use the
+`Tidelift security contact `_.
+Tidelift will coordinate the fix and disclosure.
diff --git a/pkg/fanal/analyzer/language/python/packaging/testdata/classifier-license.egg-info/PKG-INFO b/pkg/fanal/analyzer/language/python/packaging/testdata/classifier-license.egg-info/PKG-INFO
new file mode 100644
index 000000000000..3c775e5909e8
--- /dev/null
+++ b/pkg/fanal/analyzer/language/python/packaging/testdata/classifier-license.egg-info/PKG-INFO
@@ -0,0 +1,89 @@
+Metadata-Version: 2.1
+Name: setuptools
+Version: 51.3.3
+Summary: Easily download, build, install, upgrade, and uninstall Python packages
+Home-page: https://github.com/pypa/setuptools
+Author: Python Packaging Authority
+Author-email: distutils-sig@python.org
+Project-URL: Documentation, https://setuptools.readthedocs.io/
+Keywords: CPAN PyPI distutils eggs package management
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: System :: Archiving :: Packaging
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Utilities
+Requires-Python: >=3.6
+Provides-Extra: testing
+Provides-Extra: docs
+Provides-Extra: ssl
+Provides-Extra: certs
+.. image:: https://img.shields.io/pypi/v/setuptools.svg
+ :target: https://pypi.org/project/setuptools
+
+.. image:: https://img.shields.io/pypi/pyversions/setuptools.svg
+
+.. image:: https://github.com/pypa/setuptools/workflows/tests/badge.svg
+ :target: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
+ :alt: tests
+
+.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
+ :target: https://github.com/psf/black
+ :alt: Code style: Black
+
+.. image:: https://img.shields.io/readthedocs/setuptools/latest.svg
+ :target: https://setuptools.pypa.io
+
+.. image:: https://img.shields.io/badge/skeleton-2023-informational
+ :target: https://blog.jaraco.com/skeleton
+
+.. image:: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
+ :target: https://codecov.io/gh/pypa/setuptools
+
+.. image:: https://tidelift.com/badges/github/pypa/setuptools?style=flat
+ :target: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
+
+.. image:: https://img.shields.io/discord/803025117553754132
+ :target: https://discord.com/channels/803025117553754132/815945031150993468
+ :alt: Discord
+
+See the `Installation Instructions
+`_ in the Python Packaging
+User's Guide for instructions on installing, upgrading, and uninstalling
+Setuptools.
+
+Questions and comments should be directed to `GitHub Discussions
+`_.
+Bug reports and especially tested patches may be
+submitted directly to the `bug tracker
+`_.
+
+
+Code of Conduct
+===============
+
+Everyone interacting in the setuptools project's codebases, issue trackers,
+chat rooms, and fora is expected to follow the
+`PSF Code of Conduct `_.
+
+
+For Enterprise
+==============
+
+Available as part of the Tidelift Subscription.
+
+Setuptools and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.
+
+`Learn more `_.
+
+
+Security Contact
+================
+
+To report a security vulnerability, please use the
+`Tidelift security contact `_.
+Tidelift will coordinate the fix and disclosure.
diff --git a/pkg/fanal/analyzer/language/python/packaging/testdata/no_license.dist-info/METADATA b/pkg/fanal/analyzer/language/python/packaging/testdata/no_license.dist-info/METADATA
deleted file mode 100644
index a5a676144b0d..000000000000
--- a/pkg/fanal/analyzer/language/python/packaging/testdata/no_license.dist-info/METADATA
+++ /dev/null
@@ -1,86 +0,0 @@
-Metadata-Version: 2.1
-Name: setuptools
-Version: 51.3.3
-Summary: Easily download, build, install, upgrade, and uninstall Python packages
-Home-page: https://github.com/pypa/setuptools
-Author: Python Packaging Authority
-Author-email: distutils-sig@python.org
-Project-URL: Documentation, https://setuptools.readthedocs.io/
-Description: .. image:: https://img.shields.io/pypi/v/setuptools.svg
- :target: `PyPI link`_
-
- .. image:: https://img.shields.io/pypi/pyversions/setuptools.svg
- :target: `PyPI link`_
-
- .. _PyPI link: https://pypi.org/project/setuptools
-
- .. image:: https://github.com/pypa/setuptools/workflows/tests/badge.svg
- :target: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
- :alt: tests
-
- .. image:: https://img.shields.io/badge/code%20style-black-000000.svg
- :target: https://github.com/psf/black
- :alt: Code style: Black
-
- .. image:: https://img.shields.io/readthedocs/setuptools/latest.svg
- :target: https://setuptools.readthedocs.io
-
- .. image:: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
- :target: https://codecov.io/gh/pypa/setuptools
-
- .. image:: https://tidelift.com/badges/github/pypa/setuptools?style=flat
- :target: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
-
- See the `Installation Instructions
- `_ in the Python Packaging
- User's Guide for instructions on installing, upgrading, and uninstalling
- Setuptools.
-
- Questions and comments should be directed to the `distutils-sig
- mailing list `_.
- Bug reports and especially tested patches may be
- submitted directly to the `bug tracker
- `_.
-
-
- Code of Conduct
- ===============
-
- Everyone interacting in the setuptools project's codebases, issue trackers,
- chat rooms, and mailing lists is expected to follow the
- `PSF Code of Conduct `_.
-
-
- For Enterprise
- ==============
-
- Available as part of the Tidelift Subscription.
-
- Setuptools and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.
-
- `Learn more `_.
-
-
- Security Contact
- ================
-
- To report a security vulnerability, please use the
- `Tidelift security contact `_.
- Tidelift will coordinate the fix and disclosure.
-
-Keywords: CPAN PyPI distutils eggs package management
-Platform: UNKNOWN
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Classifier: Topic :: System :: Archiving :: Packaging
-Classifier: Topic :: System :: Systems Administration
-Classifier: Topic :: Utilities
-Requires-Python: >=3.6
-Provides-Extra: testing
-Provides-Extra: docs
-Provides-Extra: ssl
-Provides-Extra: certs
\ No newline at end of file
diff --git a/pkg/fanal/analyzer/language/python/packaging/testdata/no_license.egg-info/PKG-INFO b/pkg/fanal/analyzer/language/python/packaging/testdata/no_license.egg-info/PKG-INFO
deleted file mode 100644
index a5a676144b0d..000000000000
--- a/pkg/fanal/analyzer/language/python/packaging/testdata/no_license.egg-info/PKG-INFO
+++ /dev/null
@@ -1,86 +0,0 @@
-Metadata-Version: 2.1
-Name: setuptools
-Version: 51.3.3
-Summary: Easily download, build, install, upgrade, and uninstall Python packages
-Home-page: https://github.com/pypa/setuptools
-Author: Python Packaging Authority
-Author-email: distutils-sig@python.org
-Project-URL: Documentation, https://setuptools.readthedocs.io/
-Description: .. image:: https://img.shields.io/pypi/v/setuptools.svg
- :target: `PyPI link`_
-
- .. image:: https://img.shields.io/pypi/pyversions/setuptools.svg
- :target: `PyPI link`_
-
- .. _PyPI link: https://pypi.org/project/setuptools
-
- .. image:: https://github.com/pypa/setuptools/workflows/tests/badge.svg
- :target: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
- :alt: tests
-
- .. image:: https://img.shields.io/badge/code%20style-black-000000.svg
- :target: https://github.com/psf/black
- :alt: Code style: Black
-
- .. image:: https://img.shields.io/readthedocs/setuptools/latest.svg
- :target: https://setuptools.readthedocs.io
-
- .. image:: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
- :target: https://codecov.io/gh/pypa/setuptools
-
- .. image:: https://tidelift.com/badges/github/pypa/setuptools?style=flat
- :target: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
-
- See the `Installation Instructions
- `_ in the Python Packaging
- User's Guide for instructions on installing, upgrading, and uninstalling
- Setuptools.
-
- Questions and comments should be directed to the `distutils-sig
- mailing list `_.
- Bug reports and especially tested patches may be
- submitted directly to the `bug tracker
- `_.
-
-
- Code of Conduct
- ===============
-
- Everyone interacting in the setuptools project's codebases, issue trackers,
- chat rooms, and mailing lists is expected to follow the
- `PSF Code of Conduct `_.
-
-
- For Enterprise
- ==============
-
- Available as part of the Tidelift Subscription.
-
- Setuptools and the maintainers of thousands of other packages are working with Tidelift to deliver one enterprise subscription that covers all of the open source you use.
-
- `Learn more `_.
-
-
- Security Contact
- ================
-
- To report a security vulnerability, please use the
- `Tidelift security contact `_.
- Tidelift will coordinate the fix and disclosure.
-
-Keywords: CPAN PyPI distutils eggs package management
-Platform: UNKNOWN
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Classifier: Topic :: System :: Archiving :: Packaging
-Classifier: Topic :: System :: Systems Administration
-Classifier: Topic :: Utilities
-Requires-Python: >=3.6
-Provides-Extra: testing
-Provides-Extra: docs
-Provides-Extra: ssl
-Provides-Extra: certs
\ No newline at end of file