diff --git a/dejacode/__init__.py b/dejacode/__init__.py index 35c882bb..9fbf9345 100644 --- a/dejacode/__init__.py +++ b/dejacode/__init__.py @@ -7,13 +7,13 @@ # import os +import shutil +import subprocess import sys import warnings from contextlib import suppress from pathlib import Path -import git - VERSION = "5.7.1" PROJECT_DIR = Path(__file__).resolve().parent @@ -33,13 +33,48 @@ def get_version(version): return version +def run_command_safely(command_args): + """ + Execute an external command and return its stdout. + + Runs without a shell (shell=False) to prevent injection vulnerabilities. + + Usage notes: + - Provide the command as a list of arguments. + - Use full executable paths to avoid ambiguity. + - Use the "--option=value" form, or split it as two list entries + ["--option", "value"], but never join an option and its value in a + single entry ("--option value"). + - Sanitize and validate any user input before passing it in. + + Raise a SubprocessError if the exit code is non-zero. + """ + completed_process = subprocess.run( # noqa: S603 + command_args, + capture_output=True, + text=True, + ) + if completed_process.returncode: + error_msg = ( + f'Error while executing cmd="{completed_process.args}": ' + f'"{completed_process.stderr.strip()}"' + ) + raise subprocess.SubprocessError(error_msg) + return completed_process.stdout + + def get_git_describe_from_local_checkout(): """ Return the git describe tag from the local checkout. This will only provide a result when the codebase is a git clone. """ - with suppress(git.GitError): - return git.Repo(".").git.describe(tags=True, always=True) + git_executable = shutil.which("git") + if not git_executable: + return + + with suppress(subprocess.SubprocessError): + git_describe = run_command_safely([git_executable, "describe", "--tags", "--always"]) + return git_describe.strip() def get_git_describe_from_version_file(version_file_location=ROOT_DIR / ".VERSION"): @@ -56,15 +91,6 @@ def get_git_describe_from_version_file(version_file_location=ROOT_DIR / ".VERSIO return version -def extract_short_commit(git_describe): - """ - Extract the short commit hash from a Git describe string while removing - any leading "g" character if present. - """ - short_commit = git_describe.split("-")[-1] - return short_commit.lstrip("g") - - __version__ = get_version(VERSION) diff --git a/pyproject.toml b/pyproject.toml index c303e570..345b1453 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -141,10 +141,6 @@ dependencies = [ "cyclonedx-python-lib==11.6.0", "sortedcontainers==2.4.0", "py-serializable==2.1.0", - # Git - "gitpython==3.1.50", - "gitdb==4.0.12", - "smmap==5.0.3", # CSAF "pydantic==2.12.5", "pydantic-core==2.41.5", diff --git a/thirdparty/dist/gitdb-4.0.12-py3-none-any.whl b/thirdparty/dist/gitdb-4.0.12-py3-none-any.whl deleted file mode 100644 index 1da16604..00000000 Binary files a/thirdparty/dist/gitdb-4.0.12-py3-none-any.whl and /dev/null differ diff --git a/thirdparty/dist/gitdb-4.0.12-py3-none-any.whl.ABOUT b/thirdparty/dist/gitdb-4.0.12-py3-none-any.whl.ABOUT deleted file mode 100644 index 5cee463b..00000000 --- a/thirdparty/dist/gitdb-4.0.12-py3-none-any.whl.ABOUT +++ /dev/null @@ -1,14 +0,0 @@ -about_resource: gitdb-4.0.12-py3-none-any.whl -name: gitdb -version: 4.0.12 -download_url: https://files.pythonhosted.org/packages/a0/61/5c78b91c3143ed5c14207f463aecfc8f9dbb5092fb2869baf37c273b2705/gitdb-4.0.12-py3-none-any.whl -package_url: pkg:pypi/gitdb@4.0.12 -license_expression: bsd-new -copyright: Copyright gitdb project contributors -attribute: yes -checksum_md5: 662e9c84460d11983aba4b49c3354549 -checksum_sha1: c8bbc0aeafd6493651e03764b7193800967117db -licenses: - - key: bsd-new - name: BSD-3-Clause - file: bsd-new.LICENSE diff --git a/thirdparty/dist/gitpython-3.1.46-py3-none-any.whl b/thirdparty/dist/gitpython-3.1.46-py3-none-any.whl deleted file mode 100644 index 88bc1550..00000000 Binary files a/thirdparty/dist/gitpython-3.1.46-py3-none-any.whl and /dev/null differ diff --git a/thirdparty/dist/gitpython-3.1.46-py3-none-any.whl.ABOUT b/thirdparty/dist/gitpython-3.1.46-py3-none-any.whl.ABOUT deleted file mode 100644 index b43a16c1..00000000 --- a/thirdparty/dist/gitpython-3.1.46-py3-none-any.whl.ABOUT +++ /dev/null @@ -1,14 +0,0 @@ -about_resource: gitpython-3.1.46-py3-none-any.whl -name: gitpython -version: 3.1.46 -download_url: https://files.pythonhosted.org/packages/6a/09/e21df6aef1e1ffc0c816f0522ddc3f6dcded766c3261813131c78a704470/gitpython-3.1.46-py3-none-any.whl -package_url: pkg:pypi/gitpython@3.1.46 -license_expression: bsd-new -copyright: Copyright gitpython project contributors -attribute: yes -checksum_md5: 0b9ccbb78ace1a13175d9fbe935a295f -checksum_sha1: f1bfc68d7e6f2697425a4f25a66dbaa21e872084 -licenses: - - key: bsd-new - name: BSD-3-Clause - file: bsd-new.LICENSE diff --git a/thirdparty/dist/gitpython-3.1.49-py3-none-any.whl b/thirdparty/dist/gitpython-3.1.49-py3-none-any.whl deleted file mode 100644 index 1fc9f0de..00000000 Binary files a/thirdparty/dist/gitpython-3.1.49-py3-none-any.whl and /dev/null differ diff --git a/thirdparty/dist/gitpython-3.1.50-py3-none-any.whl b/thirdparty/dist/gitpython-3.1.50-py3-none-any.whl deleted file mode 100644 index d56fcd90..00000000 Binary files a/thirdparty/dist/gitpython-3.1.50-py3-none-any.whl and /dev/null differ diff --git a/thirdparty/dist/smmap-5.0.2-py3-none-any.whl b/thirdparty/dist/smmap-5.0.2-py3-none-any.whl deleted file mode 100644 index 0ebec139..00000000 Binary files a/thirdparty/dist/smmap-5.0.2-py3-none-any.whl and /dev/null differ diff --git a/thirdparty/dist/smmap-5.0.2-py3-none-any.whl.ABOUT b/thirdparty/dist/smmap-5.0.2-py3-none-any.whl.ABOUT deleted file mode 100644 index 815798a3..00000000 --- a/thirdparty/dist/smmap-5.0.2-py3-none-any.whl.ABOUT +++ /dev/null @@ -1,14 +0,0 @@ -about_resource: smmap-5.0.2-py3-none-any.whl -name: smmap -version: 5.0.2 -download_url: https://files.pythonhosted.org/packages/04/be/d09147ad1ec7934636ad912901c5fd7667e1c858e19d355237db0d0cd5e4/smmap-5.0.2-py3-none-any.whl -package_url: pkg:pypi/smmap@5.0.2 -license_expression: bsd-new -copyright: Copyright smmap project contributors -attribute: yes -checksum_md5: 1a8eaba35da37e91943659f5cb7f2787 -checksum_sha1: cf5ba495ae740067de11bc380b2e0229596475ed -licenses: - - key: bsd-new - name: BSD-3-Clause - file: bsd-new.LICENSE diff --git a/thirdparty/dist/smmap-5.0.3-py3-none-any.whl b/thirdparty/dist/smmap-5.0.3-py3-none-any.whl deleted file mode 100644 index 7331288b..00000000 Binary files a/thirdparty/dist/smmap-5.0.3-py3-none-any.whl and /dev/null differ diff --git a/uv.lock b/uv.lock index 308a22df..b06459b0 100644 --- a/uv.lock +++ b/uv.lock @@ -11,7 +11,7 @@ supported-markers = [ ] [options] -exclude-newer = "2026-05-27T07:06:32.816217Z" +exclude-newer = "2026-05-27T09:13:10.434933Z" exclude-newer-span = "P7D" [[package]] @@ -231,8 +231,6 @@ dependencies = [ { name = "drf-yasg", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "et-xmlfile", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "fakeredis", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, - { name = "gitdb", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, - { name = "gitpython", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "gunicorn", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "idna", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "inflection", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, @@ -281,7 +279,6 @@ dependencies = [ { name = "setuptools-rust", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "setuptools-scm", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "six", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, - { name = "smmap", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "sortedcontainers", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "sqlparse", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, { name = "swapper", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, @@ -340,8 +337,6 @@ requires-dist = [ { name = "drf-yasg", specifier = "==1.21.15" }, { name = "et-xmlfile", specifier = "==2.0.0" }, { name = "fakeredis", specifier = "==2.35.1" }, - { name = "gitdb", specifier = "==4.0.12" }, - { name = "gitpython", specifier = "==3.1.50" }, { name = "gunicorn", specifier = "==26.0.0" }, { name = "idna", specifier = "==3.18" }, { name = "inflection", specifier = "==0.5.1" }, @@ -391,7 +386,6 @@ requires-dist = [ { name = "setuptools-rust", specifier = "==1.12.0" }, { name = "setuptools-scm", specifier = "==9.2.2" }, { name = "six", specifier = "==1.17.0" }, - { name = "smmap", specifier = "==5.0.3" }, { name = "sortedcontainers", specifier = "==2.4.0" }, { name = "sqlparse", specifier = "==0.5.5" }, { name = "swapper", specifier = "==1.4.0" }, @@ -623,28 +617,6 @@ wheels = [ { path = "fakeredis-2.35.1-py3-none-any.whl" }, ] -[[package]] -name = "gitdb" -version = "4.0.12" -source = { registry = "thirdparty/dist" } -dependencies = [ - { name = "smmap", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, -] -wheels = [ - { path = "gitdb-4.0.12-py3-none-any.whl" }, -] - -[[package]] -name = "gitpython" -version = "3.1.50" -source = { registry = "thirdparty/dist" } -dependencies = [ - { name = "gitdb", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" }, -] -wheels = [ - { path = "gitpython-3.1.50-py3-none-any.whl" }, -] - [[package]] name = "gunicorn" version = "26.0.0" @@ -1131,14 +1103,6 @@ wheels = [ { path = "six-1.17.0-py2.py3-none-any.whl" }, ] -[[package]] -name = "smmap" -version = "5.0.3" -source = { registry = "thirdparty/dist" } -wheels = [ - { path = "smmap-5.0.3-py3-none-any.whl" }, -] - [[package]] name = "sortedcontainers" version = "2.4.0"