aswinnnn / pyscan

python dependency vulnerability scanner, written in Rust.
MIT License
184 stars 6 forks source link

error querying deps with a version qualifier #13

Closed jugmac00 closed 1 year ago

jugmac00 commented 1 year ago

To Reproduce

git clone git@github.com:tox-dev/tox.git
pyscan v0.1.5 | by Aswin S (github.com/aswinnnn)
Found 12 dependencies
Failed to make a request to pypi.org:
HTTP status client error (404 Not Found) for url (https://pypi.org/pypi/cachetools%3E=5.3.1/json)
pypi.org error: HTTP status client error (404 Not Found) for url (https://pypi.org/pypi/cachetools%3E=5.3.1/json)

pyproject.toml see... https://github.com/tox-dev/tox/blob/2e31a843ff881a70ceb3a9986dd11be69247a0da/pyproject.toml#L51

aswinnnn commented 1 year ago

Thanks for reporting. Seems to be a problem at extractor.rs which does no parsing beforehand to check for this version spec quirk.