ܖiGdZddlmZddlmZmZddlmZddlm Z m Z ddl m Z ddl m Z mZddlmZdd lmZed eZdd Ze d GddZe d GddeZe d GddeZe d GddZGddeZGddeZGddeZy)z Interfaces for interacting with vulnerability services, i.e. sources of vulnerability information for fully resolved Python packages. ) annotations)ABCabstractmethod)Iterator) dataclassreplace)datetime)AnyNewType)canonicalize_name)VersionVulnerabilityIDcL|jdry|jdryy)NPYSECCVE) startswith)ids `/var/www/html/content-pipeline/venv/lib/python3.12/site-packages/pip_audit/_service/interface.py_id_comparison_keyrs# }}W u  T)frozenc@eZdZUdZded< ddZed dZd dZy) Dependencyz` Represents an abstract Python package. This class cannot be constructed directly. strnamect)z7 A stub constructor that always fails. NotImplementedError)self_args_kwargss r__init__zDependency.__init__+s "!rc,t|jS)z@ The `Dependency`'s PEP-503 canonicalized name. )r rr"s rcanonical_namezDependency.canonical_name2s !++rc&|jtuS)zJ Check whether the `Dependency` was skipped by the audit. ) __class__SkippedDependencyr's r is_skippedzDependency.is_skipped9s~~!222rN)r#r r$r returnNone)r-r)r-bool) __name__ __module__ __qualname____doc____annotations__r%propertyr(r,rrrrs1 I ",, 3rrceZdZUdZded<y)ResolvedDependencyz5 Represents a fully resolved Python package. r versionNr0r1r2r3r4r6rrr8r8@srr8ceZdZUdZded<y)r+z[ Represents a Python package that was unable to be audited and therefore, skipped. r skip_reasonNr:r6rrr+r+Isrr+ceZdZUdZded< ded< ded< ded < d Zd ed < e dd ZddZddZ ddZ y )VulnerabilityResultzt Represents a "result" from a vulnerability service, indicating a vulnerability in some Python package. rrr description list[Version] fix_versionszset[VulnerabilityID]aliasesNdatetime | None publishedc d|jt||d||t|dd|S)z Instantiates a `VulnerabilityResult` with the given data, prioritizing PYSEC and CVE vulnerability IDs for the primary identifier. )keyrrN)sortrset)clsidsr?rArDs rcreatezVulnerabilityResult.creaters4 '(3q6; c#ab'lINNrct|j|jhzj|j|jhzS)z Returns whether this result is an "alias" of another result. Two results are said to be aliases if their respective sets of `{id, *aliases}` intersect at all. A result is therefore its own alias. )r/rBr intersection)r"others ralias_ofzVulnerabilityResult.alias_ofs8T\\TWWI-;;EMMUXXJ)rNr>r-r/)rNr>r-r>)rJzset[str]r-r/) r0r1r2r3r4rD classmethodrKrOrQrSr6rrr>r>Rs  "!"&I% O " O O$ O # O  O OY.6rr>cLeZdZdZe ddZ ddZeddZy) VulnerabilityServicezV Represents an abstract provider of Python package vulnerability information. ct)z Query the `VulnerabilityService` for information about the given `Dependency`, returning a list of `VulnerabilityResult`. r )r"specs rqueryzVulnerabilityService.querys "!rc#@K|D]}|j|yw)z Query the vulnerability service for information on multiple dependencies. `VulnerabilityService` implementations can override this implementation with a more optimized one, if they support batched or bulk requests. N)rY)r"specsrXs r query_allzVulnerabilityService.query_alls& #D**T" " #sc|y tj|dS#t$rtj|dcYSwxYw)Nz%Y-%m-%dT%H:%M:%S.%fZz%Y-%m-%dT%H:%M:%SZ)r strptime ValueError)dts r_parse_rfc3339z#VulnerabilityService._parse_rfc3339sF :  ?$$R)@A A ?$$R)=> > ?s ==N)rXrr-z,tuple[Dependency, list[VulnerabilityResult]])r[zIterator[Dependency]r-z6Iterator[tuple[Dependency, list[VulnerabilityResult]]])r`z str | Noner-rC) r0r1r2r3rrYr\ staticmethodrar6rrrVrVsT"" 5"" #) # ? # ? ?rrVceZdZdZy) ServiceErrorz Raised when a `VulnerabilityService` fails, for any reason. Concrete implementations of `VulnerabilityService` are expected to subclass this exception to provide more context. Nr0r1r2r3r6rrrdrds  rrdceZdZdZy)ConnectionErrorz A specialization of `ServiceError` specifically for cases where the vulnerability service is unreachable or offline. Nrer6rrrgrgs   rrgN)rrr-int)r3 __future__rabcrrcollections.abcr dataclassesrrr typingr r packaging.utilsr packaging.versionr rrrrr8r+r>rV Exceptionrdrgr6rrrqs ##$*-%+S1  $ 3 3 3F $ $  $E6E6E6P'?3'?T 9  l r