Fix dependency resolution crash with malformed dependencies

81c6fdfb · Sébastien Eustace · 4bc6f147 · 81c6fdfb · 81c6fdfb · 81c6fdfb
Commit 81c6fdfb authored Apr 09, 2018 by Sébastien Eustace
Showing with 287 additions and 3 deletions

CHANGELOG.md
+1 -2

poetry/repositories/pypi_repository.py
+3 -0

tests/repositories/fixtures/pypi.org/json/ipython/4.1.0rc1.json
+261 -0

tests/repositories/test_pypi_repository.py
+22 -1

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,15 +6,14 @@
 - Added support for Python 2.7.
 ### Changes
 - Improved dependency resolution time by using cache control.
 ### Fixed
 - Fixed `install_requires` and `extras` in generated sdist.
+- Fixed dependency resolution crash with malformed dependencies.
 ## [0.7.1] - 2018-04-05

--- a/poetry/repositories/pypi_repository.py
+++ b/poetry/repositories/pypi_repository.py
@@ -103,6 +103,9 @@ class PyPiRepository(Repository):
                    req = req.split(';')[0]
                    dependency = dependency_from_pep_508(req)
+                except ValueError:
+                    # Likely unable to parse constraint so we skip it
+                    continue
                if dependency.extras:
                    for extra in dependency.extras:

--- a/tests/repositories/fixtures/pypi.org/json/ipython/4.1.0rc1.json
+++ b/tests/repositories/fixtures/pypi.org/json/ipython/4.1.0rc1.json
+{
+  "info": {
+    "author": "The IPython Development Team",
+    "author_email": "ipython-dev@scipy.org",
+    "bugtrack_url": "",
+    "classifiers": [
+      "Framework :: IPython",
+      "Intended Audience :: Developers",
+      "Intended Audience :: Science/Research",
+      "License :: OSI Approved :: BSD License",
+      "Programming Language :: Python",
+      "Programming Language :: Python :: 2",
+      "Programming Language :: Python :: 2.7",
+      "Programming Language :: Python :: 3",
+      "Topic :: System :: Shells"
+    ],
+    "description": "IPython provides a rich toolkit to help you make the most out of using Python\ninteractively.  Its main components are:\n\n* A powerful interactive Python shell\n* A `Jupyter <http://jupyter.org/>`_ kernel to work with Python code in Jupyter\n  notebooks and other interactive frontends.\n\nThe enhanced interactive Python shells have the following main features:\n\n* Comprehensive object introspection.\n\n* Input history, persistent across sessions.\n\n* Caching of output results during a session with automatically generated\n  references.\n\n* Extensible tab completion, with support by default for completion of python\n  variables and keywords, filenames and function keywords.\n\n* Extensible system of 'magic' commands for controlling the environment and\n  performing many tasks related either to IPython or the operating system.\n\n* A rich configuration system with easy switching between different setups\n  (simpler than changing $PYTHONSTARTUP environment variables every time).\n\n* Session logging and reloading.\n\n* Extensible syntax processing for special purpose situations.\n\n* Access to the system shell with user-extensible alias system.\n\n* Easily embeddable in other Python programs and GUIs.\n\n* Integrated access to the pdb debugger and the Python profiler.\n\nThe latest development version is always available from IPython's `GitHub\nsite <http://github.com/ipython>`_.",
+    "docs_url": null,
+    "download_url": "https://github.com/ipython/ipython/downloads",
+    "downloads": {
+      "last_day": -1,
+      "last_month": -1,
+      "last_week": -1
+    },
+    "home_page": "http://ipython.org",
+    "keywords": "Interactive,Interpreter,Shell,Parallel,Distributed,Web-based computing,Qt console,Embedding",
+    "license": "BSD",
+    "maintainer": "",
+    "maintainer_email": "",
+    "name": "ipython",
+    "package_url": "https://pypi.org/project/ipython/",
+    "platform": "Linux,Mac OSX,Windows XP/Vista/7/8",
+    "project_url": "https://pypi.org/project/ipython/",
+    "release_url": "https://pypi.org/project/ipython/4.1.0rc1/",
+    "requires_dist": [
+      "pickleshare",
+      "setuptools (>=18.5decorator)",
+      "simplegeneric (>0.8)",
+      "traitlets",
+      "pexpect; sys_platform != \"win32\"",
+      "appnope; sys_platform == \"darwin\"",
+      "gnureadline; sys_platform == \"darwin\" and platform_python_implementation == \"CPython\"",
+      "Sphinx (>=1.3); extra == 'all'",
+      "ipykernel; extra == 'all'",
+      "ipyparallel; extra == 'all'",
+      "ipywidgets; extra == 'all'",
+      "nbconvert; extra == 'all'",
+      "nbformat; extra == 'all'",
+      "nose (>=0.10.1); extra == 'all'",
+      "notebook; extra == 'all'",
+      "qtconsole; extra == 'all'",
+      "requests; extra == 'all'",
+      "testpath; extra == 'all'",
+      "Sphinx (>=1.3); extra == 'doc'",
+      "ipykernel; extra == 'kernel'",
+      "nbconvert; extra == 'nbconvert'",
+      "nbformat; extra == 'nbformat'",
+      "ipywidgets; extra == 'notebook'",
+      "notebook; extra == 'notebook'",
+      "ipyparallel; extra == 'parallel'",
+      "qtconsole; extra == 'qtconsole'",
+      "pyreadline (>=2); sys_platform == \"win32\" and extra == 'terminal'",
+      "nose (>=0.10.1); extra == 'test'",
+      "requests; extra == 'test'",
+      "testpath; extra == 'test'",
+      "mock; python_version == \"2.7\" and extra == 'test'"
+    ],
+    "requires_python": "",
+    "summary": "IPython: Productive Interactive Computing",
+    "version": "4.1.0rc1"
+  },
+  "last_serial": 3740674,
+  "releases": {
+    "0.10": {},
+    "0.10.1": {},
+    "0.10.2": {},
+    "0.11": {},
+    "0.12": {},
+    "0.12.1": {},
+    "0.13": {},
+    "0.13.1": {},
+    "0.13.2": {},
+    "0.6.10": {},
+    "0.6.11": {},
+    "0.6.12": {},
+    "0.6.13": {},
+    "0.6.14": {},
+    "0.6.15": {},
+    "0.6.4": {},
+    "0.6.5": {},
+    "0.6.6": {},
+    "0.6.7": {},
+    "0.6.8": {},
+    "0.6.9": {},
+    "0.7.0": {},
+    "0.7.1": {},
+    "0.7.1.fix1": {},
+    "0.7.2": {},
+    "0.7.3": {},
+    "0.7.4.svn.r2010": {},
+    "0.8.0": {},
+    "0.8.1": {},
+    "0.8.2": {},
+    "0.8.3": {},
+    "0.8.4": {},
+    "0.9": {},
+    "0.9.1": {},
+    "1.0.0": {},
+    "1.1.0": {},
+    "1.2.0": {},
+    "1.2.1": {},
+    "2.0.0": {},
+    "2.1.0": {},
+    "2.2.0": {},
+    "2.3.0": {},
+    "2.3.1": {},
+    "2.4.0": {},
+    "2.4.1": {},
+    "3.0.0": {},
+    "3.1.0": {},
+    "3.2.0": {},
+    "3.2.1": {},
+    "3.2.2": {},
+    "3.2.3": {},
+    "4.0.0": {},
+    "4.0.0-b1": {},
+    "4.0.0b1": {},
+    "4.0.1": {},
+    "4.0.2": {},
+    "4.0.3": {},
+    "4.1.0": {},
+    "4.1.0rc1": [
+      {
+        "comment_text": "",
+        "digests": {
+          "md5": "512f0431c850c75a12baa9f8c4a9f12f",
+          "sha256": "4d0a08f3fd8837502bf33e9497a5ab28fe63e2fa4201765f378cb139c7a60d5f"
+        },
+        "downloads": -1,
+        "filename": "ipython-4.1.0rc1-py2.py3-none-any.whl",
+        "has_sig": false,
+        "md5_digest": "512f0431c850c75a12baa9f8c4a9f12f",
+        "packagetype": "bdist_wheel",
+        "python_version": "py2.py3",
+        "size": 736900,
+        "upload_time": "2016-01-26T19:58:35",
+        "url": "https://files.pythonhosted.org/packages/ac/02/04a5d372b4e64f9c97b2846646aec1ce4532885005aa4ba51eb20b80e17f/ipython-4.1.0rc1-py2.py3-none-any.whl"
+      },
+      {
+        "comment_text": "",
+        "digests": {
+          "md5": "2aff56d8e78341f64663bcbc81366376",
+          "sha256": "6244a8e3293088ee31c1854abe1a1e7a409cf3ac2fb7579aa9616bdfadd3d4dc"
+        },
+        "downloads": -1,
+        "filename": "ipython-4.1.0rc1.tar.gz",
+        "has_sig": false,
+        "md5_digest": "2aff56d8e78341f64663bcbc81366376",
+        "packagetype": "sdist",
+        "python_version": "source",
+        "size": 4933377,
+        "upload_time": "2016-01-26T19:58:53",
+        "url": "https://files.pythonhosted.org/packages/a0/de/f71f0c8b8a26ef28cc968fbf1859729ad3e68146cd2eb4a759e9c88da218/ipython-4.1.0rc1.tar.gz"
+      },
+      {
+        "comment_text": "",
+        "digests": {
+          "md5": "a9ff233f176dd99b076b81dc8904ab7a",
+          "sha256": "efa3a5a676648cb18e2a2d3cd6353f3c83f0f704df8eb0eb6ae7d0dcbf187ea1"
+        },
+        "downloads": -1,
+        "filename": "ipython-4.1.0rc1.zip",
+        "has_sig": false,
+        "md5_digest": "a9ff233f176dd99b076b81dc8904ab7a",
+        "packagetype": "sdist",
+        "python_version": "source",
+        "size": 5100723,
+        "upload_time": "2016-01-26T19:59:14",
+        "url": "https://files.pythonhosted.org/packages/71/f0/9d670266b840b8b921dc7106ecddd892f6fb893424883498e1ba3ec3a3a1/ipython-4.1.0rc1.zip"
+      }
+    ],
+    "4.1.0rc2": {},
+    "4.1.1": {},
+    "4.1.2": {},
+    "4.2.0": {},
+    "4.2.1": {},
+    "5.0.0": {},
+    "5.0.0b1": {},
+    "5.0.0b2": {},
+    "5.0.0b3": {},
+    "5.0.0b4": {},
+    "5.0.0rc1": {},
+    "5.1.0": {},
+    "5.2.0": {},
+    "5.2.1": {},
+    "5.2.2": {},
+    "5.3.0": {},
+    "5.4.0": {},
+    "5.4.1": {},
+    "5.5.0": {},
+    "5.6.0": {},
+    "6.0.0": {},
+    "6.0.0rc1": {},
+    "6.1.0": {},
+    "6.2.0": {},
+    "6.2.1": {},
+    "6.3.0": {},
+    "6.3.1": {}
+  },
+  "urls": [
+    {
+      "comment_text": "",
+      "digests": {
+        "md5": "512f0431c850c75a12baa9f8c4a9f12f",
+        "sha256": "4d0a08f3fd8837502bf33e9497a5ab28fe63e2fa4201765f378cb139c7a60d5f"
+      },
+      "downloads": -1,
+      "filename": "ipython-4.1.0rc1-py2.py3-none-any.whl",
+      "has_sig": false,
+      "md5_digest": "512f0431c850c75a12baa9f8c4a9f12f",
+      "packagetype": "bdist_wheel",
+      "python_version": "py2.py3",
+      "size": 736900,
+      "upload_time": "2016-01-26T19:58:35",
+      "url": "https://files.pythonhosted.org/packages/ac/02/04a5d372b4e64f9c97b2846646aec1ce4532885005aa4ba51eb20b80e17f/ipython-4.1.0rc1-py2.py3-none-any.whl"
+    },
+    {
+      "comment_text": "",
+      "digests": {
+        "md5": "2aff56d8e78341f64663bcbc81366376",
+        "sha256": "6244a8e3293088ee31c1854abe1a1e7a409cf3ac2fb7579aa9616bdfadd3d4dc"
+      },
+      "downloads": -1,
+      "filename": "ipython-4.1.0rc1.tar.gz",
+      "has_sig": false,
+      "md5_digest": "2aff56d8e78341f64663bcbc81366376",
+      "packagetype": "sdist",
+      "python_version": "source",
+      "size": 4933377,
+      "upload_time": "2016-01-26T19:58:53",
+      "url": "https://files.pythonhosted.org/packages/a0/de/f71f0c8b8a26ef28cc968fbf1859729ad3e68146cd2eb4a759e9c88da218/ipython-4.1.0rc1.tar.gz"
+    },
+    {
+      "comment_text": "",
+      "digests": {
+        "md5": "a9ff233f176dd99b076b81dc8904ab7a",
+        "sha256": "efa3a5a676648cb18e2a2d3cd6353f3c83f0f704df8eb0eb6ae7d0dcbf187ea1"
+      },
+      "downloads": -1,
+      "filename": "ipython-4.1.0rc1.zip",
+      "has_sig": false,
+      "md5_digest": "a9ff233f176dd99b076b81dc8904ab7a",
+      "packagetype": "sdist",
+      "python_version": "source",
+      "size": 5100723,
+      "upload_time": "2016-01-26T19:59:14",
+      "url": "https://files.pythonhosted.org/packages/71/f0/9d670266b840b8b921dc7106ecddd892f6fb893424883498e1ba3ec3a3a1/ipython-4.1.0rc1.zip"
+    }
+  ]
+}
\ No newline at end of file
--- a/tests/repositories/test_pypi_repository.py
+++ b/tests/repositories/test_pypi_repository.py
@@ -15,7 +15,19 @@ class MockRepository(PyPiRepository):
        )
    def _get(self, url):
-        fixture = self.FIXTURES / 'requests.json'
+        parts = url.split('/')[1:]
+        name = parts[0]
+        if len(parts) == 3:
+            version = parts[1]
+        else:
+            version = None
+        if not version:
+            fixture = self.FIXTURES / (name + '.json')
+        else:
+            fixture = self.FIXTURES / name / (version + '.json')
+            if not fixture.exists():
+                fixture = self.FIXTURES / (name + '.json')
        with fixture.open() as f:
            return json.loads(f.read())
@@ -42,3 +54,12 @@ def test_package():
    assert win_inet.name == 'win-inet-pton'
    assert win_inet.python_versions == '~2.7 || ~2.6'
    assert win_inet.platform == 'win32'
+def test_package_drops_malformed_dependencies():
+    repo = MockRepository()
+    package = repo.package('ipython', '4.1.0rc1')
+    dependency_names = [d.name for d in package.requires]
+    assert 'setuptools' not in dependency_names