From 98af5c8c1e9c15fa888c900252e76116b0ec25d1 Mon Sep 17 00:00:00 2001 From: Christophe Tafani-Dereeper Date: Tue, 29 Nov 2022 11:30:04 +0100 Subject: [PATCH] Use tarsafe instead of built-in tarfile to extract archives (#89) * Use tarsafe instead of built-in tarfile to extract archives * Bump down Semgrep version to 0.112.1 See also https://github.com/returntocorp/semgrep/issues/6631 --- guarddog/scanners/package_scanner.py | 4 +- poetry.lock | 25 +- pyproject.toml | 4 +- requirements.txt | 344 +++++---------------------- 4 files changed, 78 insertions(+), 299 deletions(-) diff --git a/guarddog/scanners/package_scanner.py b/guarddog/scanners/package_scanner.py index 77c10989..b3f71290 100644 --- a/guarddog/scanners/package_scanner.py +++ b/guarddog/scanners/package_scanner.py @@ -2,7 +2,7 @@ import os import shutil import sys -import tarfile +import tarsafe import tempfile import requests @@ -44,7 +44,7 @@ def scan_local(self, path, rules=None) -> dict: if os.path.exists(path): if path.endswith('.tar.gz'): with tempfile.TemporaryDirectory() as tmpdirname: - tarfile.open(path).extractall(tmpdirname) + tarsafe.open(path).extractall(tmpdirname) return self.analyzer.analyze_sourcecode(tmpdirname, rules=rules) elif os.path.isdir(path): return self.analyzer.analyze_sourcecode(path, rules=rules) diff --git a/poetry.lock b/poetry.lock index f79b8d06..e96849bc 100644 --- a/poetry.lock +++ b/poetry.lock @@ -476,7 +476,7 @@ python-versions = ">=3.5" [[package]] name = "semgrep" -version = "0.122.0" +version = "0.112.1" description = "Lightweight static analysis for many languages. Find bug variants with patterns that look like source code." category = "main" optional = false @@ -496,7 +496,6 @@ peewee = ">=3.14,<4.0" python-lsp-jsonrpc = ">=1.0.0,<1.1.0" requests = ">=2.22,<3.0" "ruamel.yaml" = ">=0.16.0,<0.18" -tomli = ">=2.0.1,<2.1.0" tqdm = ">=4.46,<5.0" typing-extensions = ">=4.2,<5.0" urllib3 = ">=1.26,<2.0" @@ -526,6 +525,14 @@ category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" +[[package]] +name = "tarsafe" +version = "0.0.4" +description = "A safe subclass of the TarFile class for interacting with tar files. Can be used as a direct drop-in replacement for safe usage of extractall()" +category = "main" +optional = false +python-versions = ">=3.6" + [[package]] name = "termcolor" version = "2.1.1" @@ -618,7 +625,7 @@ test = ["websockets"] [metadata] lock-version = "1.1" python-versions = ">=3.9, <4" -content-hash = "a2ee2a3bf8cdebfd91939977044d2a626e5b54500965da9d66a70c3c9b71ca2c" +content-hash = "0faf892801caefce1e994f6fdee7254ac4e2e95ad947d7459b75113af80eed74" [metadata.files] attrs = [ @@ -867,10 +874,10 @@ ruamel-yaml-clib = [ {file = "ruamel.yaml.clib-0.2.7.tar.gz", hash = "sha256:1f08fd5a2bea9c4180db71678e850b995d2a5f4537be0e94557668cf0f5f9497"}, ] semgrep = [ - {file = "semgrep-0.122.0-cp37.cp38.cp39.py37.py38.py39-none-any.whl", hash = "sha256:c7002b9aba97deb6677f4cabfa5dcc8faef2808ce6a6f28ecdd70cd8e90b01b5"}, - {file = "semgrep-0.122.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl", hash = "sha256:e3fb9956e2bb926cfeff52deafe4cec24d5f1e91fe6d3fc4f81e86ec452b2ad5"}, - {file = "semgrep-0.122.0-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl", hash = "sha256:6116391b0c8c87581d9d72113702b6f8c2938d799cdae7d71a845ec89249566c"}, - {file = "semgrep-0.122.0.tar.gz", hash = "sha256:a4c7400eb8bec9fe8df25520d1ffcb5d78b87c73dc654f1c2aec1195789bc611"}, + {file = "semgrep-0.112.1-cp37.cp38.cp39.py37.py38.py39-none-any.whl", hash = "sha256:2a62bc6321d371dadc41df2c68678e87df807ddfa3d1faafb40bd0998abfe503"}, + {file = "semgrep-0.112.1-cp37.cp38.cp39.py37.py38.py39-none-macosx_10_14_x86_64.whl", hash = "sha256:b690a84cbaa6a4670ff6c11a674818b8ad99736e89520a3c47d1542cc45e6d05"}, + {file = "semgrep-0.112.1-cp37.cp38.cp39.py37.py38.py39-none-macosx_11_0_arm64.whl", hash = "sha256:bc2437f12e41ac5e28a303e463098565a3d948c7744f6745bdb0fea341ccdae1"}, + {file = "semgrep-0.112.1.tar.gz", hash = "sha256:2140a0fd16f3ac0a0e330980613ba65fe58faea7808a965e219c4199bab96102"}, ] setuptools = [ {file = "setuptools-65.6.3-py3-none-any.whl", hash = "sha256:57f6f22bde4e042978bcd50176fdb381d7c21a9efa4041202288d3737a0c6a54"}, @@ -880,6 +887,10 @@ six = [ {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"}, {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"}, ] +tarsafe = [ + {file = "tarsafe-0.0.4-py3-none-any.whl", hash = "sha256:12903a81f2612c09d22117115301ea510944af5caa1e358636e0fc1d0e6134df"}, + {file = "tarsafe-0.0.4.tar.gz", hash = "sha256:a376f4138005298c11c30cb60a5081fa2c09f44384c966106fbaeee3059e9ec5"}, +] termcolor = [ {file = "termcolor-2.1.1-py3-none-any.whl", hash = "sha256:fa852e957f97252205e105dd55bbc23b419a70fec0085708fc0515e399f304fd"}, {file = "termcolor-2.1.1.tar.gz", hash = "sha256:67cee2009adc6449c650f6bcf3bdeed00c8ba53a8cda5362733c53e0a39fb70b"}, diff --git a/pyproject.toml b/pyproject.toml index e648a1c4..c4f278f4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,8 @@ guarddog = "guarddog.cli:cli" [tool.poetry.dependencies] python = ">=3.9, <4" docker = "==6.0.0b1" -semgrep = "==0.122.0" +# NOTE: Before https://github.com/returntocorp/semgrep/issues/6631 is addressed, we can't seem to upgrade past 0.112.1 +semgrep = "==0.112.1" requests = "==2.28.1" tqdm = "==4.64.0" python-dotenv = "==0.20.0" @@ -47,6 +48,7 @@ flake8 = "^5.0.4" python-whois = "^0.8.0" termcolor = "^2.1.0" setuptools = "^65.6.3" +tarsafe = "^0.0.4" [tool.poetry.dev-dependencies] diff --git a/requirements.txt b/requirements.txt index fe529bfb..52337147 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,289 +1,55 @@ -atomicwrites==1.4.1 ; python_version >= "3.10" and python_version < "4" and sys_platform == "win32" \ - --hash=sha256:81b2c9071a49367a7f770170e5eec8cb66567cfbbc8c73d20ce5ca4a8d71cf11 -attrs==21.4.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4 \ - --hash=sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd -boltons==21.0.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:65e70a79a731a7fe6e98592ecfb5ccf2115873d01dbc576079874629e5c90f13 \ - --hash=sha256:b9bb7b58b2b420bbe11a6025fdef6d3e5edc9f76a42fb467afe7ca212ef9948b -bracex==2.3.post1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:351b7f20d56fb9ea91f9b9e9e7664db466eb234188c175fd943f8f755c807e73 \ - --hash=sha256:e7b23fc8b2cd06d3dec0692baabecb249dda94e06a617901ff03a6c56fd71693 -certifi==2022.6.15 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:84c85a9078b11105f04f3036a9482ae10e4621616db313fe045dd24743a0820d \ - --hash=sha256:fe86415d55e84719d75f8b69414f6438ac3547d2078ab91b67e779ef69378412 -charset-normalizer==2.1.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5 \ - --hash=sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413 -click-option-group==0.5.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:9653a2297357335d7325a1827e71ac1245d91c97d959346a7decabd4a52d5354 \ - --hash=sha256:a6e924f3c46b657feb5b72679f7e930f8e5b224b766ab35c91ae4019b4e0615e -click==8.1.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e \ - --hash=sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48 -colorama==0.4.5 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:854bf444933e37f5824ae7bfc1e98d5bce2ebe4160d46b5edf346a89358e99da \ - --hash=sha256:e6c6b4334fc50988a639d9b98aa429a0b57da6e17b9a44f0451f930b6967b7a4 -defusedxml==0.7.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69 \ - --hash=sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 -dill==0.3.5.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:33501d03270bbe410c72639b350e941882a8b0fd55357580fbc873fba0c59302 \ - --hash=sha256:d75e41f3eff1eee599d738e76ba8f4ad98ea229db8b085318aa2b3333a208c86 -docker==6.0.0b1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:61e4a5c726d76ee1e4632e9626b6e3b99dadff3ffd6b24b246b68c05d854bd11 \ - --hash=sha256:a38b57fd6ad112dade98b795dc94a790b347134b140a5d43d7634aa6ad928859 -face==20.1.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:3790311a7329e4b0d90baee346eecad54b337629576edf3a246683a5f0d24446 \ - --hash=sha256:7d59ca5ba341316e58cf72c6aff85cca2541cf5056c4af45cb63af9a814bed3e -flake8==5.0.4 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:6fbe320aad8d6b95cec8b8e47bc933004678dc63095be98528b7bdd2a9f510db \ - --hash=sha256:7a1cf6b73744f5806ab95e526f6f0d8c01c66d7bbe349562d22dfca20610b248 -future==0.18.2 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d -glom==22.1.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:1510c6587a8f9c64a246641b70033cbc5ebde99f02ad245693678038e821aeb5 \ - --hash=sha256:5339da206bf3532e01a83a35aca202960ea885156986d190574b779598e9e772 -idna==3.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff \ - --hash=sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d -iniconfig==1.1.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3 \ - --hash=sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32 -jsonschema==4.9.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:408c4c8ed0dede3b268f7a441784f74206380b04f93eb2d537c7befb3df3099f \ - --hash=sha256:8ebad55894c002585271af2d327d99339ef566fb085d9129b69e2623867c4106 -mccabe==0.7.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325 \ - --hash=sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e -multiprocess==0.70.13 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:00ef48461d43d1e30f8f4b2e1b287ecaaffec325a37053beb5503e0d69e5a3cd \ - --hash=sha256:01c1137d2f18d0cd262d0fdb7294b1fe9fc3e8dc8b126e506085434ae8eb3677 \ - --hash=sha256:0f4faf4811019efdb2f91db09240f893ee40cbfcb06978f3b8ed8c248e73babe \ - --hash=sha256:17cb4229aa43e6973679d67c66a454cbf8b6b0d038425cba3220ea5a06d61b58 \ - --hash=sha256:2e096dd618a84d15aa369a9cf6695815e5539f853dc8fa4f4b9153b11b1d0b32 \ - --hash=sha256:34e9703bd5b9fee5455c93a74e44dbabe55481c214d03be1e65f037be9d0c520 \ - --hash=sha256:3ec1c8015e19182bfa01b5887a9c25805c48df3c71863f48fe83803147cde5d6 \ - --hash=sha256:48315eefe02c35dd7560da3fa8af66d9f4a61b9dc8f7c40801c5f972ab4604b1 \ - --hash=sha256:5436d1cd9f901f7ddc4f20b6fd0b462c87dcc00d941cc13eeb2401fc5bd00e42 \ - --hash=sha256:5974bdad390ba466cc130288d2ef1048fdafedd01cf4641fc024f6088af70bfe \ - --hash=sha256:5a6dca5f29f0224c855d0d5cad963476175cfc8de112d3eebe85914cb735f130 \ - --hash=sha256:62e556a0c31ec7176e28aa331663ac26c276ee3536b5e9bb5e850681e7a00f11 \ - --hash=sha256:6cdde49defcb933062df382ebc9b5299beebcd157a98b3a65291c1c94a2edc41 \ - --hash=sha256:7be9e320a41d2d0d0eddacfe693cfb07b4cb9c0d3d10007f4304255c15215778 \ - --hash=sha256:7e6a689da3490412caa7b3e27c3385d8aaa49135f3a353ace94ca47e4c926d37 \ - --hash=sha256:92003c247436f8699b7692e95346a238446710f078500eb364bc23bb0503dd4f \ - --hash=sha256:99bb68dd0d5b3d30fe104721bee26e4637667112d5951b51feb81479fd560876 \ - --hash=sha256:af0a48440aa8f793d8bb100f20102c12f192de5a608638819a998f2cc59e1fcd \ - --hash=sha256:b7415f61bddfffdade73396904551be8124a4a363322aa9c72d42e349c5fca39 \ - --hash=sha256:b9a3be43ecee6776a9e7223af96914a0164f306affcf4624b213885172236b77 \ - --hash=sha256:c4a97216e8319039c69a266252cc68a392b96f9e67e3ed02ad88be9e6f2d2969 -mypy-extensions==0.4.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d \ - --hash=sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8 -packaging==21.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb \ - --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522 -pathos==0.2.9 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:1c44373d8692897d5d15a8aa3b3a442ddc0814c5e848f4ff0ded5491f34b1dac \ - --hash=sha256:6a6ddb514ce2719f63fb88d5ec4f4490e436b636b54f1102d952c9f7c52f18e2 \ - --hash=sha256:a8dbddcd3d9af32ada7c6dc088d845588c513a29a0ba19ab9f64c5cd83692934 -pathspec==0.9.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:7d15c4ddb0b5c802d161efc417ec1a2558ea2653c2e8ad9c19098201dc1c993a \ - --hash=sha256:e564499435a2673d586f6b2130bb5b95f04a3ba06f81b8f895b651a3c76aabb1 -peewee==3.15.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:6d5db3babc33819ac326f1550e5a39677f4584094c567a7b88cc6bf7bcdcb687 -platformdirs==2.5.2 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:027d8e83a2d7de06bbac4e5ef7e023c02b863d7ea5d079477e722bb41ab25788 \ - --hash=sha256:58c8abb07dcb441e6ee4b11d8df0ac856038f944ab98b7be6b27b2a3c7feef19 -pluggy==1.0.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159 \ - --hash=sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3 -pox==0.3.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:541b5c845aacb806c1364d4142003efb809d654c9ca8db82e650ee86c81e680b \ - --hash=sha256:cbb0c0acd650c0ffb620999da611e93aae5105c46a084c4ceaf2f704ed708c1e -ppft==1.7.6.5 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:07166097d7dd45af7b98859654390d579d11dadf20780f6baca4bded3f55a580 \ - --hash=sha256:47e0dab87a516c0b9992cd5b0c908348e4c7d964304d106b227fad28ae03219e -py==1.11.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \ - --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378 -pycodestyle==2.9.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:2c9607871d58c76354b697b42f5d57e1ada7d261c261efac224b664affdc5785 \ - --hash=sha256:d1735fc58b418fd7c5f658d28d943854f8a849b01a5d0a1e6f3f3fdd0166804b -pyflakes==2.5.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:4579f67d887f804e67edb544428f264b7b24f435b263c4614f384135cea553d2 \ - --hash=sha256:491feb020dca48ccc562a8c0cbe8df07ee13078df59813b83959cbdada312ea3 -pyparsing==3.0.9 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb \ - --hash=sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc -pyrsistent==0.18.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:0e3e1fcc45199df76053026a51cc59ab2ea3fc7c094c6627e93b7b44cdae2c8c \ - --hash=sha256:1b34eedd6812bf4d33814fca1b66005805d3640ce53140ab8bbb1e2651b0d9bc \ - --hash=sha256:4ed6784ceac462a7d6fcb7e9b663e93b9a6fb373b7f43594f9ff68875788e01e \ - --hash=sha256:5d45866ececf4a5fff8742c25722da6d4c9e180daa7b405dc0a2a2790d668c26 \ - --hash=sha256:636ce2dc235046ccd3d8c56a7ad54e99d5c1cd0ef07d9ae847306c91d11b5fec \ - --hash=sha256:6455fc599df93d1f60e1c5c4fe471499f08d190d57eca040c0ea182301321286 \ - --hash=sha256:6bc66318fb7ee012071b2792024564973ecc80e9522842eb4e17743604b5e045 \ - --hash=sha256:7bfe2388663fd18bd8ce7db2c91c7400bf3e1a9e8bd7d63bf7e77d39051b85ec \ - --hash=sha256:7ec335fc998faa4febe75cc5268a9eac0478b3f681602c1f27befaf2a1abe1d8 \ - --hash=sha256:914474c9f1d93080338ace89cb2acee74f4f666fb0424896fcfb8d86058bf17c \ - --hash=sha256:b568f35ad53a7b07ed9b1b2bae09eb15cdd671a5ba5d2c66caee40dbf91c68ca \ - --hash=sha256:cdfd2c361b8a8e5d9499b9082b501c452ade8bbf42aef97ea04854f4a3f43b22 \ - --hash=sha256:d1b96547410f76078eaf66d282ddca2e4baae8964364abb4f4dcdde855cd123a \ - --hash=sha256:d4d61f8b993a7255ba714df3aca52700f8125289f84f704cf80916517c46eb96 \ - --hash=sha256:d7a096646eab884bf8bed965bad63ea327e0d0c38989fc83c5ea7b8a87037bfc \ - --hash=sha256:df46c854f490f81210870e509818b729db4488e1f30f2a1ce1698b2295a878d1 \ - --hash=sha256:e24a828f57e0c337c8d8bb9f6b12f09dfdf0273da25fda9e314f0b684b415a07 \ - --hash=sha256:e4f3149fd5eb9b285d6bfb54d2e5173f6a116fe19172686797c056672689daf6 \ - --hash=sha256:e92a52c166426efbe0d1ec1332ee9119b6d32fc1f0bbfd55d5c1088070e7fc1b \ - --hash=sha256:f87cc2863ef33c709e237d4b5f4502a62a00fab450c9e020892e8e2ede5847f5 \ - --hash=sha256:fd8da6d0124efa2f67d86fa70c851022f87c98e205f0594e1fae044e7119a5a6 -pytest==7.1.2 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:13d0e3ccfc2b6e26be000cb6568c832ba67ba32e719443bfe725814d3c42433c \ - --hash=sha256:a06a0425453864a270bc45e71f783330a7428defb4230fb5e6a731fde06ecd45 -python-dateutil==2.8.2 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \ - --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9 -python-dotenv==0.20.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:b7e3b04a59693c42c36f9ab1cc2acc46fa5df8c78e178fc33a8d4cd05c8d498f \ - --hash=sha256:d92a187be61fe482e4fd675b6d52200e7be63a12b724abbf931a40ce4fa92938 -python-lsp-jsonrpc==1.0.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:079b143be64b0a378bdb21dff5e28a8c1393fe7e8a654ef068322d754e545fc7 \ - --hash=sha256:7bec170733db628d3506ea3a5288ff76aa33c70215ed223abdb0d95e957660bd -python-whois==0.8.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:dd336d3517eace2a7689406db7bb96ada3c5e74327423151aeee3e64225f6220 -pywin32==304 ; python_version >= "3.10" and python_version < "4" and sys_platform == "win32" \ - --hash=sha256:25746d841201fd9f96b648a248f731c1dec851c9a08b8e33da8b56148e4c65cc \ - --hash=sha256:30c53d6ce44c12a316a06c153ea74152d3b1342610f1b99d40ba2795e5af0269 \ - --hash=sha256:3c7bacf5e24298c86314f03fa20e16558a4e4138fc34615d7de4070c23e65af3 \ - --hash=sha256:4f32145913a2447736dad62495199a8e280a77a0ca662daa2332acf849f0be48 \ - --hash=sha256:7ffa0c0fa4ae4077e8b8aa73800540ef8c24530057768c3ac57c609f99a14fd4 \ - --hash=sha256:94037b5259701988954931333aafd39cf897e990852115656b014ce72e052e96 \ - --hash=sha256:bb2ea2aa81e96eee6a6b79d87e1d1648d3f8b87f9a64499e0b92b30d141e76df \ - --hash=sha256:be253e7b14bc601718f014d2832e4c18a5b023cbe72db826da63df76b77507a1 \ - --hash=sha256:cbbe34dad39bdbaa2889a424d28752f1b4971939b14b1bb48cbf0182a3bcfc43 \ - --hash=sha256:d24a3382f013b21aa24a5cfbfad5a2cd9926610c0affde3e8ab5b3d7dbcf4ac9 \ - --hash=sha256:d3ee45adff48e0551d1aa60d2ec066fec006083b791f5c3527c40cd8aefac71f \ - --hash=sha256:de9827c23321dcf43d2f288f09f3b6d772fee11e809015bdae9e69fe13213988 \ - --hash=sha256:ead865a2e179b30fb717831f73cf4373401fc62fbc3455a0889a7ddac848f83e \ - --hash=sha256:f64c0377cf01b61bd5e76c25e1480ca8ab3b73f0c4add50538d332afdf8f69c5 -requests==2.28.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983 \ - --hash=sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349 -ruamel-yaml-clib==0.2.6 ; platform_python_implementation == "CPython" and python_version < "3.11" and python_version >= "3.10" \ - --hash=sha256:066f886bc90cc2ce44df8b5f7acfc6a7e2b2e672713f027136464492b0c34d7c \ - --hash=sha256:0847201b767447fc33b9c235780d3aa90357d20dd6108b92be544427bea197dd \ - --hash=sha256:1070ba9dd7f9370d0513d649420c3b362ac2d687fe78c6e888f5b12bf8bc7bee \ - --hash=sha256:1866cf2c284a03b9524a5cc00daca56d80057c5ce3cdc86a52020f4c720856f0 \ - --hash=sha256:1b4139a6ffbca8ef60fdaf9b33dec05143ba746a6f0ae0f9d11d38239211d335 \ - --hash=sha256:210c8fcfeff90514b7133010bf14e3bad652c8efde6b20e00c43854bf94fa5a6 \ - --hash=sha256:221eca6f35076c6ae472a531afa1c223b9c29377e62936f61bc8e6e8bdc5f9e7 \ - --hash=sha256:31ea73e564a7b5fbbe8188ab8b334393e06d997914a4e184975348f204790277 \ - --hash=sha256:3fb9575a5acd13031c57a62cc7823e5d2ff8bc3835ba4d94b921b4e6ee664104 \ - --hash=sha256:4ff604ce439abb20794f05613c374759ce10e3595d1867764dd1ae675b85acbd \ - --hash=sha256:61bc5e5ca632d95925907c569daa559ea194a4d16084ba86084be98ab1cec1c6 \ - --hash=sha256:6e7be2c5bcb297f5b82fee9c665eb2eb7001d1050deaba8471842979293a80b0 \ - --hash=sha256:72a2b8b2ff0a627496aad76f37a652bcef400fd861721744201ef1b45199ab78 \ - --hash=sha256:77df077d32921ad46f34816a9a16e6356d8100374579bc35e15bab5d4e9377de \ - --hash=sha256:78988ed190206672da0f5d50c61afef8f67daa718d614377dcd5e3ed85ab4a99 \ - --hash=sha256:7b2927e92feb51d830f531de4ccb11b320255ee95e791022555971c466af4527 \ - --hash=sha256:7f7ecb53ae6848f959db6ae93bdff1740e651809780822270eab111500842a84 \ - --hash=sha256:825d5fccef6da42f3c8eccd4281af399f21c02b32d98e113dbc631ea6a6ecbc7 \ - --hash=sha256:846fc8336443106fe23f9b6d6b8c14a53d38cef9a375149d61f99d78782ea468 \ - --hash=sha256:89221ec6d6026f8ae859c09b9718799fea22c0e8da8b766b0b2c9a9ba2db326b \ - --hash=sha256:9efef4aab5353387b07f6b22ace0867032b900d8e91674b5d8ea9150db5cae94 \ - --hash=sha256:a32f8d81ea0c6173ab1b3da956869114cae53ba1e9f72374032e33ba3118c233 \ - --hash=sha256:a49e0161897901d1ac9c4a79984b8410f450565bbad64dbfcbf76152743a0cdb \ - --hash=sha256:ada3f400d9923a190ea8b59c8f60680c4ef8a4b0dfae134d2f2ff68429adfab5 \ - --hash=sha256:bf75d28fa071645c529b5474a550a44686821decebdd00e21127ef1fd566eabe \ - --hash=sha256:cfdb9389d888c5b74af297e51ce357b800dd844898af9d4a547ffc143fa56751 \ - --hash=sha256:d3c620a54748a3d4cf0bcfe623e388407c8e85a4b06b8188e126302bcab93ea8 \ - --hash=sha256:d67f273097c368265a7b81e152e07fb90ed395df6e552b9fa858c6d2c9f42502 \ - --hash=sha256:dc6a613d6c74eef5a14a214d433d06291526145431c3b964f5e16529b1842bed \ - --hash=sha256:de9c6b8a1ba52919ae919f3ae96abb72b994dd0350226e28f3686cb4f142165c -ruamel-yaml==0.17.21 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:742b35d3d665023981bd6d16b3d24248ce5df75fdb4e2924e93a05c1f8b61ca7 \ - --hash=sha256:8b7ce697a2f212752a35c1ac414471dc16c424c9573be4926b56ff3f5d23b7af -semgrep==0.107.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:202a3cc52e96b6603d22f3d5629e6f654008d53ab32613dbc9a8521be6cc42b9 \ - --hash=sha256:2902ca1825fa2a17a57b5b8fbe0828c4c714bbe82dff7bc5f415cd876f58d715 \ - --hash=sha256:51dc4813e2304efa9811d89c81614b6076a6d16f6ca56f19f672898d451946b5 \ - --hash=sha256:f357b650dcc517671286aa6df4b3e7a2eb1f12ca178edd6c18b9c8eeea3ca135 -six==1.16.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \ - --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 -termcolor==2.1.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:91dd04fdf661b89d7169cefd35f609b19ca931eb033687eaa647cef1ff177c49 \ - --hash=sha256:b80df54667ce4f48c03fe35df194f052dc27a541ebbf2544e4d6b47b5d6949c4 -tomli==2.0.1 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \ - --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f -tqdm==4.64.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:40be55d30e200777a307a7585aee69e4eabb46b4ec6a4b4a5f2d9f11e7d5408d \ - --hash=sha256:74a2cdefe14d11442cedf3ba4e21a3b84ff9a2dbdc6cfae2c34addb2a14a5ea6 -typing-extensions==4.3.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:25642c956049920a5aa49edcdd6ab1e06d7e5d467fc00e0506c44ac86fbfca02 \ - --hash=sha256:e6d2677a32f47fc7eb2795db1dd15c1f34eff616bcaf2cfb5e997f854fa1c4a6 -ujson==5.4.0 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:025758cf6561af6986d77cd4af9367ab56dde5c7c50f13f59e6964b4b25df73e \ - --hash=sha256:0551c1ba0bc9e05b69d9c18266dbc93252b5fa3cd9940051bc88a0dd33607b19 \ - --hash=sha256:05e411627e5d6ee773232960ca7307e66017f78e3fa74f7e95c3a8cc5cb05415 \ - --hash=sha256:0b46aee21e5d75426c4058dfdb42f7e7b1d130c664ee5027a8dbbc50872dc32b \ - --hash=sha256:0bcde3135265ecdd5714a7de4fdc167925390d7b17ca325e59980f4114c962b8 \ - --hash=sha256:1120c8263f7d85e89533a2b46d80cc6def15114772010ede4d197739e111dba6 \ - --hash=sha256:13297a7d501f9c8c53e409d4fa57cc574e4fbfbe8807ef2c4c7ce2e3ec933a85 \ - --hash=sha256:191f88d5865740497b9827ef9b7c12f37a79872ac984e09f0901a10024019380 \ - --hash=sha256:1a2e645325f844f9c890c9d956fc2d35ca91f38c857278238ef6516c2f99cf7c \ - --hash=sha256:2974b17bc522ef86d98b498959d82f03c02e07d9eb08746026415298f4a4bca3 \ - --hash=sha256:2d98248f1df1e1aab67e0374ab98945dd36bc1764753d71fd8aea5f296360b76 \ - --hash=sha256:31bdb6d771d5ef6d37134b42211500bfe176c55d399f3317e569783dc42ed38e \ - --hash=sha256:3212847d3885bfd4f5fd56cdc37645a8f8e8a80d6cb569505da22fd9eb0e1a02 \ - --hash=sha256:326a96324ed9215b0bc9f1a5af324fb33900b6b0901516bcc421475d6596de0d \ - --hash=sha256:381c97d326d1ec569d318cc0ae83940ea2df125ede1000871680fefd5b7fdea9 \ - --hash=sha256:39bb702ca1612253b5e4b6004e0f20208c98a446606aa351f9a7ba5ceaff0eb8 \ - --hash=sha256:3a0707f381f97e1287c0dbf94d95bd6c0bbf6e4eeeaa656f0076b7883010c818 \ - --hash=sha256:400e4ca8a59f71398e8fa56c4d2d6f535e2a121ddb57284ec15752ffce2dd63a \ - --hash=sha256:422653083c6df6cec17fdb5d6106c209aad9b0c94131c53b073980403db22167 \ - --hash=sha256:511aa641a5b91d19280183b134fb6c473039d4dd82e987ac810cffba783521ac \ - --hash=sha256:5df8b6369ee5ee2685fcc917f6c46b34e599c6e9a512fada6dfd752b909fa06a \ - --hash=sha256:67f4e2fa81e1d99c01e7b1978ab0cbf3c9a8b663f683a709f87baad110d5b940 \ - --hash=sha256:68c7f753aec490c6566fd3cd301887c413ac3a588316e446f30a4134ac665668 \ - --hash=sha256:6a20f2f6e8818c1ab89dd4be6bbad3fc2ddb15287f89e7ea35f3eb849afebbd9 \ - --hash=sha256:6b953e09441e307504130755e5bd6b15850178d591f66292bba4608c4f7f9b00 \ - --hash=sha256:754f422aba8db8201a1073f25e2f732effc6471f8755708b16e6ebf19dd23634 \ - --hash=sha256:784dbd12925845a3f0757a956447e2fd31418abb5aeaebf3aca1203195f16fd1 \ - --hash=sha256:7d4c9ccd30e621e714ec24ca911ad8873567dc1ac1e5e914405ea9dd16b9d40c \ - --hash=sha256:7e12272361e9722777c83b3f5b0bb91d402531f36e80c6e5fafb6acb89e897e3 \ - --hash=sha256:8cce79ce47c37132373fbdf55b683883c262a3a60763130e080b8394c1201d32 \ - --hash=sha256:8cd6117e33233f2de6bc896eea6a5a59b58a37db08f371157264e0ec5e51c76a \ - --hash=sha256:8d472efa9c92e1b2933a22d2f1dbd5237087997136b24ac2b913bf4e8be03135 \ - --hash=sha256:91edcf9978ee401119e9c8589376ae37fd3e6e75ee365c49385cb005eaff1535 \ - --hash=sha256:9ae1d0094ce730e39e09656bc14074d9573cdd80adec1a55b06d8bf1f9613a01 \ - --hash=sha256:aa00b746138835271653b0c3da171d2a8b510c579381f71e8b8e03484d50d825 \ - --hash=sha256:aaa77af91df3f71858a1f792c74d3f2d3abf3875f93ab1a2b9a24b3797743b02 \ - --hash=sha256:b045ca5497a950cc3492840adb3bcb3b9e305ed6599ed14c6aeaa08011aa463f \ - --hash=sha256:b40a3757a563ef77c3f2f9ea1732c2924e8b3b2bda3fa89513f949472ad40b6e \ - --hash=sha256:baa76a6f707a6d22437fe9c7ec9719672fb04d4d9435a3e80ee9b1aaeb2089d9 \ - --hash=sha256:cec010d318a0238b1333ea9f40d5603d374cc026c29c4471e2661712c6682da1 \ - --hash=sha256:dd0d4ec694cab8a0a4d85f45f81ae0065465c4670f0db72ba48d6c4e7ae42834 \ - --hash=sha256:e2a9ddb5c6d1427056b8d62a1a172a18ae522b14d9ba5996b8281b09cba87edd \ - --hash=sha256:e844be0831042aa91e847e5ab03bddd1089ab1a8dd0a1bf90411abf864f058b2 \ - --hash=sha256:e91947fda8354ea7faf698b084ebcdbabd239e7b15d8436fb74394f59a207ac9 \ - --hash=sha256:ea7fbc540bc04d5b05e5cd54e60ee8745ac665eedf2bad2ba9d12d5c7a7b7d2e \ - --hash=sha256:ee29cf5cfc1e841708297633e1ce749aa851fb96830bbe51f2e5940741ff2441 \ - --hash=sha256:ef985eb2770900a485431910bd3f333b56d1a34b65f8c26a6ed8e8adf55f98d9 \ - --hash=sha256:f5c547d49a7e9d3f231e9323171bbbbcef63173fb007a2787cd4f05ac6269315 \ - --hash=sha256:fbea46c0fbc1c3bc8f957afd8dbb25b4ea3a356e18ee6dd79ace6cf32bd4cff7 \ - --hash=sha256:fd82932aaa224abd7d01e823b77aef9970f5ac1695027331d99e7f5fda9d37f5 -urllib3==1.26.11 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:c33ccba33c819596124764c23a97d25f32b28433ba0dedeb77d873a38722c9bc \ - --hash=sha256:ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a -wcmatch==8.4 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:ba4fc5558f8946bf1ffc7034b05b814d825d694112499c86035e0e4d398b6a67 \ - --hash=sha256:dc7351e5a7f8bbf4c6828d51ad20c1770113f5f3fd3dfe2a03cfde2a63f03f98 -websocket-client==1.3.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:5d55652dc1d0b3c734f044337d929aaf83f4f9138816ec680c1aefefb4dc4877 \ - --hash=sha256:d58c5f284d6a9bf8379dab423259fe8f85b70d5fa5d2916d5791a84594b122b1 -setuptools==65.6.3 ; python_version >= "3.10" and python_version < "4" \ - --hash=sha256:57f6f22bde4e042978bcd50176fdb381d7c21a9efa4041202288d3737a0c6a54 +attrs==21.4.0 ; python_version >= "3.9" and python_version < "4" +boltons==21.0.0 ; python_version >= "3.9" and python_version < "4" +bracex==2.3.post1 ; python_version >= "3.9" and python_version < "4" +certifi==2022.9.24 ; python_version >= "3.9" and python_version < "4" +charset-normalizer==2.1.0 ; python_version >= "3.9" and python_version < "4" +click-option-group==0.5.3 ; python_version >= "3.9" and python_version < "4" +click==8.1.3 ; python_version >= "3.9" and python_version < "4" +colorama==0.4.5 ; python_version >= "3.9" and python_version < "4" +defusedxml==0.7.1 ; python_version >= "3.9" and python_version < "4" +dill==0.3.6 ; python_version >= "3.9" and python_version < "4" +docker==6.0.0b1 ; python_version >= "3.9" and python_version < "4" +exceptiongroup==1.0.4 ; python_version >= "3.9" and python_version < "3.11" +face==20.1.1 ; python_version >= "3.9" and python_version < "4" +flake8==5.0.4 ; python_version >= "3.9" and python_version < "4" +future==0.18.2 ; python_version >= "3.9" and python_version < "4" +glom==22.1.0 ; python_version >= "3.9" and python_version < "4" +idna==3.3 ; python_version >= "3.9" and python_version < "4" +iniconfig==1.1.1 ; python_version >= "3.9" and python_version < "4" +jsonschema==4.9.1 ; python_version >= "3.9" and python_version < "4" +mccabe==0.7.0 ; python_version >= "3.9" and python_version < "4" +multiprocess==0.70.14 ; python_version >= "3.9" and python_version < "4" +mypy-extensions==0.4.3 ; python_version >= "3.9" and python_version < "4" +packaging==21.3 ; python_version >= "3.9" and python_version < "4" +pathos==0.2.9 ; python_version >= "3.9" and python_version < "4" +pathspec==0.9.0 ; python_version >= "3.9" and python_version < "4" +peewee==3.15.4 ; python_version >= "3.9" and python_version < "4" +platformdirs==2.5.2 ; python_version >= "3.9" and python_version < "4" +pluggy==1.0.0 ; python_version >= "3.9" and python_version < "4" +pox==0.3.2 ; python_version >= "3.9" and python_version < "4" +ppft==1.7.6.6 ; python_version >= "3.9" and python_version < "4" +pycodestyle==2.9.1 ; python_version >= "3.9" and python_version < "4" +pyflakes==2.5.0 ; python_version >= "3.9" and python_version < "4" +pyparsing==3.0.9 ; python_version >= "3.9" and python_version < "4" +pyrsistent==0.19.2 ; python_version >= "3.9" and python_version < "4" +pytest==7.2.0 ; python_version >= "3.9" and python_version < "4" +python-dateutil==2.8.2 ; python_version >= "3.9" and python_version < "4" +python-dotenv==0.20.0 ; python_version >= "3.9" and python_version < "4" +python-lsp-jsonrpc==1.0.0 ; python_version >= "3.9" and python_version < "4" +python-whois==0.8.0 ; python_version >= "3.9" and python_version < "4" +pywin32==305 ; python_version >= "3.9" and python_version < "4" and sys_platform == "win32" +requests==2.28.1 ; python_version >= "3.9" and python_version < "4" +ruamel-yaml-clib==0.2.7 ; platform_python_implementation == "CPython" and python_version < "3.11" and python_version >= "3.9" +ruamel-yaml==0.17.21 ; python_version >= "3.9" and python_version < "4" +semgrep==0.112.1 ; python_version >= "3.9" and python_version < "4" +setuptools==65.6.3 ; python_version >= "3.9" and python_version < "4" +six==1.16.0 ; python_version >= "3.9" and python_version < "4" +tarsafe==0.0.4 ; python_version >= "3.9" and python_version < "4" +termcolor==2.1.1 ; python_version >= "3.9" and python_version < "4" +tomli==2.0.1 ; python_version >= "3.9" and python_version < "4" +tqdm==4.64.0 ; python_version >= "3.9" and python_version < "4" +typing-extensions==4.3.0 ; python_version >= "3.9" and python_version < "4" +ujson==5.4.0 ; python_version >= "3.9" and python_version < "4" +urllib3==1.26.11 ; python_version >= "3.9" and python_version < "4" +wcmatch==8.4 ; python_version >= "3.9" and python_version < "4" +websocket-client==1.3.3 ; python_version >= "3.9" and python_version < "4"