Merge pull request #183 from ylil93/issue175

ylil93 · web-flow · commit 8a69da153307 · 2018-11-13T16:02:54.000-08:00
use a strict whitelist for sanitizing packages
diff --git a/compatibility_lib/compatibility_lib/configs.py b/compatibility_lib/compatibility_lib/configs.py
@@ -15,6 +15,13 @@
 """Common configs for compatibility_lib."""
 
 
+def _format_url(repo_name, setuppy_path=''):
+    url = 'git%2Bgit://github.com/{}.git'.format(repo_name)
+    if setuppy_path != '':
+        url = '{}%23subdirectory={}'.format(url, setuppy_path)
+    return url
+
+
 # IGNORED_DEPENDENCIES are not direct dependencies for many packages and are
 # not installed via pip, resulting in unresolvable high priority warnings.
 IGNORED_DEPENDENCIES = [
@@ -64,6 +71,95 @@
     'gcloud',
 ]
 
+WHITELIST_PKGS = PKG_LIST
+
+WHITELIST_URLS = {
+    _format_url('googleapis/google-cloud-python', 'asset'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'automl'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'dataproc'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'dlp'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'iot'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'kms'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'legacy/google-cloud'):
+        'gcloud',
+    _format_url('googleapis/google-cloud-python', 'ndb'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'oslogin'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'redis'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'securitycenter'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'tasks'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'test_utils'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'texttospeech'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'websecurityscanner'):
+        'gcloud',
+    _format_url('googleapis/google-cloud-python', 'api_core'):
+        'google-api-core',
+    _format_url('googleapis/google-cloud-python', 'bigquery'):
+        'google-cloud-bigquery',
+    _format_url('googleapis/google-cloud-python', 'bigquery_datatransfer'):
+        'google-cloud-bigquery-datatransfer',
+    _format_url('googleapis/google-cloud-python', 'bigtable'):
+        'google-cloud-bigtable',
+    _format_url('googleapis/google-cloud-python', 'container'):
+        'google-cloud-container',
+    _format_url('googleapis/google-cloud-python', 'core'):
+        'google-cloud-core',
+    _format_url('googleapis/google-cloud-python', 'datastore'):
+        'google-cloud-datastore',
+    _format_url('googleapis/google-cloud-python', 'dns'): 'google-cloud-dns',
+    _format_url('googleapis/google-cloud-python', 'error_reporting'):
+        'google-cloud-error-reporting',
+    _format_url('googleapis/google-cloud-python', 'firestore'):
+        'google-cloud-firestore',
+    _format_url('googleapis/google-cloud-python', 'language'):
+        'google-cloud-language',
+    _format_url('googleapis/google-cloud-python', 'logging'):
+        'google-cloud-logging',
+    _format_url('googleapis/google-cloud-python', 'monitoring'):
+        'google-cloud-monitoring',
+    _format_url('googleapis/google-cloud-python', 'pubsub'):
+        'google-cloud-pubsub',
+    _format_url('googleapis/google-cloud-python', 'resource_manager'):
+        'google-cloud-resource-manager',
+    _format_url('googleapis/google-cloud-python', 'runtimeconfig'):
+        'google-cloud-runtimeconfig',
+    _format_url('googleapis/google-cloud-python', 'spanner'):
+        'google-cloud-spanner',
+    _format_url('googleapis/google-cloud-python', 'speech'):
+        'google-cloud-speech',
+    _format_url('googleapis/google-cloud-python', 'storage'):
+        'google-cloud-storage',
+    _format_url('googleapis/google-cloud-python', 'trace'):
+        'google-cloud-trace',
+    _format_url('googleapis/google-cloud-python', 'translate'):
+        'google-cloud-translate',
+    _format_url('googleapis/google-cloud-python', 'videointelligence'):
+        'google-cloud-videointelligence',
+    _format_url('googleapis/google-cloud-python', 'vision'):
+        'google-cloud-vision',
+    _format_url('googleapis/google-api-python-client'):
+        'google-api-python-client',
+    _format_url('googleapis/google-auth-library-python'): 'google-auth',
+    _format_url('GoogleCloudPlatform/google-resumable-media-python'):
+        'google-resumable-media',
+    _format_url('apache/beam', 'sdks/python'): 'apache-beam[gcp]',
+    _format_url('google/apitools'): 'google-apitools',
+    _format_url('GoogleCloudPlatform/gsutil'): 'gsutil',
+    _format_url('census-instrumentation/opencensus-python'): 'opencensus',
+    _format_url('protocolbuffers/protobuf', 'python'): 'protobuf',
+    _format_url('google/protorpc'): 'protorpc',
+    _format_url('tensorflow/tensorflow', 'tensorflow/tools/pip_package'):
+        'tensorflow',
+    _format_url('tensorflow/tensorflow',
+                'tensorflow/contrib/tpu/profiler/pip_package'): 'tensorflow',
+    # TODO: The following projects do not use setup.py
+    # googleapis-common-protos
+    # grpc-google-iam-v1
+    # grpcio
+    # tensorboard - not sure what the build process is
+    # _format_url('tensorflow/tensorboard', 'tensorboard/pip_package'):
+    #     'tensorboard',
+}
+
 # TODO: Find top 30 packages by download count in BigQuery table.
 THIRD_PARTY_PACKAGE_LIST = [
     'requests',
@@ -73,5 +169,5 @@
 
 PKG_PY_VERSION_NOT_SUPPORTED = {
     2: ['tensorflow', ],
-    3: ['google-cloud-dataflow', ],
+    3: ['apache-beam[gcp]', 'gsutil', ],
 }
diff --git a/compatibility_server/compatibility_checker_server.py b/compatibility_server/compatibility_checker_server.py
@@ -39,6 +39,7 @@
 
 import argparse
 import collections.abc
+import configs
 import json
 import logging
 import pprint
@@ -49,12 +50,6 @@
 
 import pip_checker
 
-# White list Google owned Python packages
-GITHUB_PREFIX = 'github.com/'
-WHITELIST_GITHUB_REPO = ['GoogleCloudPlatform/',
-                         'google/',
-                         'googleapis/']
-
 
 def _parse_python_version_to_interpreter_mapping(s):
     version_to_interpreter = {}
@@ -102,7 +97,7 @@ def _check(self, start_response, python_version, packages):
                            [('Content-Type', 'text/plain; charset=utf-8')])
             return [b'Request must specify at least one package']
 
-        sanitized_packages = self._sanitize_packages(packages)
+        sanitized_packages = _sanitize_packages(packages)
 
         if sanitized_packages != packages:
             start_response('400 Bad Request',
@@ -152,21 +147,6 @@ def _check(self, start_response, python_version, packages):
         start_response('200 OK', [('Content-Type', 'application/json')])
         return [json.dumps(results).encode('utf-8')]
 
-    def _sanitize_packages(self, packages):
-        # If checking github head version, only run checks for whitelisted
-        # repos.
-        sanitized_packages = []
-        for pkg in packages:
-            if GITHUB_PREFIX in pkg:
-                for whitelist_repo in WHITELIST_GITHUB_REPO:
-                    github_whitelist = GITHUB_PREFIX + whitelist_repo
-                    if github_whitelist in pkg:
-                        sanitized_packages.append(pkg)
-            else:
-                sanitized_packages.append(pkg)
-
-        return sanitized_packages
-
     def _wsgi_app(self, environ, start_response):
         if environ.get('REQUEST_METHOD') == 'GET':
             parameters = urllib.parse.parse_qs(environ.get('QUERY_STRING', ''))
@@ -206,6 +186,21 @@ def serve(self):
             self._httpd.serve_forever()
 
 
+def _sanitize_packages(packages):
+    """Checks if packages are whitelisted
+
+    Args:
+        packages: a list of packages
+    Returns:
+        a subset of packages that are whitelisted
+    """
+    sanitized_packages = []
+    for pkg in packages:
+        if pkg in configs.WHITELIST_PKGS or pkg in configs.WHITELIST_URLS:
+            sanitized_packages.append(pkg)
+    return sanitized_packages
+
+
 def main():
     logging.basicConfig(
         level=logging.INFO,
diff --git a/compatibility_server/configs.py b/compatibility_server/configs.py
@@ -0,0 +1,173 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Common configs for compatibility_lib."""
+
+
+def _format_url(repo_name, setuppy_path=''):
+    url = 'git%2Bgit://github.com/{}.git'.format(repo_name)
+    if setuppy_path != '':
+        url = '{}%23subdirectory={}'.format(url, setuppy_path)
+    return url
+
+
+# IGNORED_DEPENDENCIES are not direct dependencies for many packages and are
+# not installed via pip, resulting in unresolvable high priority warnings.
+IGNORED_DEPENDENCIES = [
+    'pip',
+    'setuptools',
+    'wheel',
+]
+
+PKG_LIST = [
+    'google-api-core',
+    'google-api-python-client',
+    'google-auth',
+    'google-cloud-bigquery',
+    'google-cloud-bigquery-datatransfer',
+    'google-cloud-bigtable',
+    'google-cloud-container',
+    'google-cloud-core',
+    'google-cloud-datastore',
+    'google-cloud-dns',
+    'google-cloud-error-reporting',
+    'google-cloud-firestore',
+    'google-cloud-language',
+    'google-cloud-logging',
+    'google-cloud-monitoring',
+    'google-cloud-pubsub',
+    'google-cloud-resource-manager',
+    'google-cloud-runtimeconfig',
+    'google-cloud-spanner',
+    'google-cloud-speech',
+    'google-cloud-storage',
+    'google-cloud-trace',
+    'google-cloud-translate',
+    'google-cloud-videointelligence',
+    'google-cloud-vision',
+    'google-resumable-media',
+    'apache-beam[gcp]',
+    'google-apitools',
+    'googleapis-common-protos',
+    'grpc-google-iam-v1',
+    'grpcio',
+    'gsutil',
+    'opencensus',
+    'protobuf',
+    'protorpc',
+    'tensorboard',
+    'tensorflow',
+    'gcloud',
+]
+
+WHITELIST_PKGS = PKG_LIST
+
+WHITELIST_URLS = {
+    _format_url('googleapis/google-cloud-python', 'asset'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'automl'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'dataproc'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'dlp'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'iot'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'kms'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'legacy/google-cloud'):
+        'gcloud',
+    _format_url('googleapis/google-cloud-python', 'ndb'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'oslogin'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'redis'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'securitycenter'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'tasks'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'test_utils'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'texttospeech'): 'gcloud',
+    _format_url('googleapis/google-cloud-python', 'websecurityscanner'):
+        'gcloud',
+    _format_url('googleapis/google-cloud-python', 'api_core'):
+        'google-api-core',
+    _format_url('googleapis/google-cloud-python', 'bigquery'):
+        'google-cloud-bigquery',
+    _format_url('googleapis/google-cloud-python', 'bigquery_datatransfer'):
+        'google-cloud-bigquery-datatransfer',
+    _format_url('googleapis/google-cloud-python', 'bigtable'):
+        'google-cloud-bigtable',
+    _format_url('googleapis/google-cloud-python', 'container'):
+        'google-cloud-container',
+    _format_url('googleapis/google-cloud-python', 'core'):
+        'google-cloud-core',
+    _format_url('googleapis/google-cloud-python', 'datastore'):
+        'google-cloud-datastore',
+    _format_url('googleapis/google-cloud-python', 'dns'): 'google-cloud-dns',
+    _format_url('googleapis/google-cloud-python', 'error_reporting'):
+        'google-cloud-error-reporting',
+    _format_url('googleapis/google-cloud-python', 'firestore'):
+        'google-cloud-firestore',
+    _format_url('googleapis/google-cloud-python', 'language'):
+        'google-cloud-language',
+    _format_url('googleapis/google-cloud-python', 'logging'):
+        'google-cloud-logging',
+    _format_url('googleapis/google-cloud-python', 'monitoring'):
+        'google-cloud-monitoring',
+    _format_url('googleapis/google-cloud-python', 'pubsub'):
+        'google-cloud-pubsub',
+    _format_url('googleapis/google-cloud-python', 'resource_manager'):
+        'google-cloud-resource-manager',
+    _format_url('googleapis/google-cloud-python', 'runtimeconfig'):
+        'google-cloud-runtimeconfig',
+    _format_url('googleapis/google-cloud-python', 'spanner'):
+        'google-cloud-spanner',
+    _format_url('googleapis/google-cloud-python', 'speech'):
+        'google-cloud-speech',
+    _format_url('googleapis/google-cloud-python', 'storage'):
+        'google-cloud-storage',
+    _format_url('googleapis/google-cloud-python', 'trace'):
+        'google-cloud-trace',
+    _format_url('googleapis/google-cloud-python', 'translate'):
+        'google-cloud-translate',
+    _format_url('googleapis/google-cloud-python', 'videointelligence'):
+        'google-cloud-videointelligence',
+    _format_url('googleapis/google-cloud-python', 'vision'):
+        'google-cloud-vision',
+    _format_url('googleapis/google-api-python-client'):
+        'google-api-python-client',
+    _format_url('googleapis/google-auth-library-python'): 'google-auth',
+    _format_url('GoogleCloudPlatform/google-resumable-media-python'):
+        'google-resumable-media',
+    _format_url('apache/beam', 'sdks/python'): 'apache-beam[gcp]',
+    _format_url('google/apitools'): 'google-apitools',
+    _format_url('GoogleCloudPlatform/gsutil'): 'gsutil',
+    _format_url('census-instrumentation/opencensus-python'): 'opencensus',
+    _format_url('protocolbuffers/protobuf', 'python'): 'protobuf',
+    _format_url('google/protorpc'): 'protorpc',
+    _format_url('tensorflow/tensorflow', 'tensorflow/tools/pip_package'):
+        'tensorflow',
+    _format_url('tensorflow/tensorflow',
+                'tensorflow/contrib/tpu/profiler/pip_package'): 'tensorflow',
+    # TODO: The following projects do not use setup.py
+    # googleapis-common-protos
+    # grpc-google-iam-v1
+    # grpcio
+    # tensorboard - not sure what the build process is
+    # _format_url('tensorflow/tensorboard', 'tensorboard/pip_package'):
+    #     'tensorboard',
+}
+
+# TODO: Find top 30 packages by download count in BigQuery table.
+THIRD_PARTY_PACKAGE_LIST = [
+    'requests',
+    'flask',
+    'django',
+]
+
+PKG_PY_VERSION_NOT_SUPPORTED = {
+    2: ['tensorflow', ],
+    3: ['apache-beam[gcp]', 'gsutil', ],
+}
diff --git a/compatibility_server/test_sanitize_packages.py b/compatibility_server/test_sanitize_packages.py
