`--requirement -` does not work: `No such file or directory: '<stdin>'`

aucampia commented 1 year ago

Bug description

When running pip-audit with --requirement - does not read the requirements from stdin like --requirement /dev/stdin does but instead raises an exception pip_requirements_parser.InstallationError: Could not open requirements file: <stdin>|n[Errno 2] No such file or directory: '<stdin>'.

Reproduction steps

echo 'poetry' | pipx run --spec=pip-audit==2.4.6 pip-audit --requirement -

Expected behavior

I expect this to do the same as:

echo 'poetry' | pipx run --spec=pip-audit==2.4.6 pip-audit --requirement /dev/stdin

i.e.

$ echo 'poetry' | pipx run --spec=pip-audit==2.4.6 pip-audit --requirement /dev/stdin
⚠️  pip-audit is already on your PATH and installed at /home/iwana/.local/bin/pip-audit. Downloading and running anyway.
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
WARNING:cachecontrol.controller:Cache entry deserialization failed, entry ignored
Found 1 known vulnerability in 1 package
Name Version ID                  Fix Versions
---- ------- ------------------- ------------
cleo 1.0.0a5 GHSA-2p9h-ccw7-33gf

Screenshots and logs

instead this is what happens:

$ echo 'poetry' | pipx run --spec=pip-audit==2.4.6 pip-audit --requirement -
⚠️  pip-audit is already on your PATH and installed at /home/iwana/.local/bin/pip-audit. Downloading and running anyway.
Traceback (most recent call last):
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 1577, in get_file_content
    with open(filename, "rb") as f:
FileNotFoundError: [Errno 2] No such file or directory: '<stdin>'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/bin/pip-audit", line 8, in <module>
    sys.exit(audit())
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_audit/_cli.py", line 434, in audit
    for (spec, vulns) in auditor.audit(source):
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_audit/_audit.py", line 66, in audit
    for dep, vulns in self._service.query_all(specs):
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_audit/_service/interface.py", line 155, in query_all
    for spec in specs:
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_audit/_dependency_source/requirement.py", line 82, in collect
    rf = RequirementsFile.from_file(filename)
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 233, in from_file
    for parsed in cls.parse(
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 277, in parse
    for parsed in parse_requirements(
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 1152, in parse_requirements
    for parsed_line in parser.parse(
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 1329, in parse
    yield from self._parse_and_recurse(
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 1351, in _parse_and_recurse
    for line in self._parse_file(filename=filename, is_constraint=is_constraint):
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 1404, in _parse_file
    content = get_file_content(filename)
  File "/home/iwana/.local/pipx/.cache/5da69b18b537a22/lib64/python3.10/site-packages/pip_requirements_parser.py", line 1580, in get_file_content
    raise InstallationError(
pip_requirements_parser.InstallationError: Could not open requirements file: <stdin>|n[Errno 2] No such file or directory: '<stdin>'

Platform information

OS name and version: Fedora Linux 36 (Xfce)
pip-audit version (pip-audit -V): 2.4.6
Python version (python -V or python3 -V): 3.10.8
pip version (pip -V or pip3 -V): Using pipx, so none.

Additional context

I'm trying to use pip-audit with poetry, and to do this I run:

poetry export --without-hashes --with dev --format requirements.txt | \
  poetry run python -m pip_audit --requirement /dev/stdin --no-deps --strict --desc on

However this will probably not work great on windows, and I would prefer a less platform dependent way of specifying stdin, like --requirement -.

woodruffw commented 1 year ago

Thanks for the report!

In general, we aim to maintain CLI compatibility with pip, and pip also doesn't support - as a stdin shorthand. For example, here's what I get with pip --requirements -:

ERROR: Could not open requirements file: [Errno 2] No such file or directory: '-'

Have you considered using subshell substitution, e.g. something like this?

pip-audit --requirements <(echo 'poetry')

(where echo poetry is whatever your source is.)

woodruffw commented 1 year ago

Looks like this is pip's upstream tracking for -r -: https://github.com/pypa/pip/issues/7822

pypa / pip-audit