ܖidZddlmZddlZddlZddlmZddlmZm Z ddl m Z ddl Z ddl mZddlmZdd lmZdd lmZmZmZmZmZmZmZej6eZGd d eZy) zb Functionality for using the [Ecosyste.ms](https://ecosyste.ms/) API as a `VulnerabilityService`. ) annotationsN)Path)Anycast) urlencode) SpecifierSet)Version)caching_session)ConnectionError DependencyResolvedDependency ServiceErrorVulnerabilityIDVulnerabilityResultVulnerabilityServicec,eZdZdZ d ddZddZy)EcosystemsServicez An implementation of `VulnerabilityService` that uses Ecosyste.ms to provide Python package vulnerability information. Nc6t|d|_||_y)aq Create a new `EcosystemsService`. `cache_dir` is an optional cache directory to use, for caching and reusing OSV API requests. If `None`, `pip-audit` will use its own internal caching directory. `timeout` is an optional argument to control how many seconds the component should wait for responses to network requests. F)use_pipN)r sessiontimeout)self cache_dirrs [/var/www/html/content-pipeline/venv/lib/python3.12/site-packages/pip_audit/_service/esms.py__init__zEcosystemsService.__init__%s'y%@  c Xd}|jr|gfStt|}d|jd} |jj |dt ||j}|jg}|j}|s||fS|D]O}|d} |d } | tj!d | d d | /|d } | s|d} | sd} | j#dd} d} t%} |dD]}|d|jk7s|ddk7r|dD]s}|d}t't)j*dd|}|j-|j.sDd} |j dx}| j1t3|| s|j5t7j8| | t;| |j=|j dR||fS#tj$r tdtj$r }t|d}~wwxYw)zz Queries Ecosyste.ms for the given `Dependency` specification. See `VulnerabilityService.query`. z0https://advisories.ecosyste.ms/api/v1/advisoriespypi) ecosystem package_name?)rz-Could not connect to ESMS' vulnerability feedN identifiers withdrawn_atzESMS vuln entry 'rz' marked as withdrawn at title descriptionzN/A  Fpackagesr rversionsvulnerable_version_rangez (^|(, ))=z\1==Tfirst_patched_version published)idsr% fix_versionsr,) is_skippedrr canonical_namergetrrraise_for_statusrequestsConnectTimeoutr HTTPErrorrjsonloggerdebugreplacesetrresubcontainsversionaddr appendrcreatesorted_parse_rfc3339)rspecurlqueryresponse http_errorresults response_jsonvulnr-r#r%seen_vulnerabler.affectedrecordosv_spec vulnerablepatcheds rrFzEcosystemsService.query6s} A ?? 8O&-  //  /*.,,*:*:%q5)*+ +;+H  % % '.0  = "= D)-m)rbs\# "-%,   8 $|,|r