@@ -16,8 +16,8 @@ def __init__(self, cve_db, logger):
1616
1717 def run_checker (self , filename ):
1818 self .filename = filename
19- lines = json . loads (
20- subprocess .check_output (
19+ try :
20+ output = subprocess .check_output (
2121 [
2222 "pip3" ,
2323 "install" ,
@@ -28,16 +28,30 @@ def run_checker(self, filename):
2828 "--report" ,
2929 "-" ,
3030 "--quiet" ,
31- ]
31+ ],
32+ stderr = subprocess .STDOUT ,
3233 )
33- )
34- for line in lines ["install" ]:
35- product = line ["metadata" ]["name" ]
36- version = line ["metadata" ]["version" ]
37- vendor = self .find_vendor (product , version )
38- if vendor is not None :
39- yield from vendor
40- self .logger .debug (f"Done scanning file: { self .filename } )
34+ except subprocess .CalledProcessError as e :
35+ self .logger .error (e .output )
36+ pip_version = subprocess .check_output (["pip3" , "--version" ])
37+ pip_version = float (pip_version [6 :10 ])
38+ if pip_version < 22.2 :
39+ self .logger .error (
40+ f"{ filename }
41+ )
42+ self .logger .error (
43+ "pip version >= 22.2 is required to scan Python requirements files."
44+ )
45+ else :
46+ output = output [127 :]
47+ lines = json .loads (output )
48+ for line in lines ["install" ]:
49+ product = line ["metadata" ]["name" ]
50+ version = line ["metadata" ]["version" ]
51+ vendor = self .find_vendor (product , version )
52+ if vendor is not None :
53+ yield from vendor
54+ self .logger .debug (f"Done scanning file: { self .filename } )
4155
4256
4357class PythonParser (Parser ):
0 commit comments