Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poetry detector fails on specific use case due to multiple sources for a package being specified in poetry.lock file #1323

Open
FernandoRojo opened this issue Dec 10, 2024 · 0 comments
Open

Poetry detector fails on specific use case due to multiple sources for a package being specified in poetry.lock file #1323

FernandoRojo opened this issue Dec 10, 2024 · 0 comments

Comments

@FernandoRojo
Copy link
Contributor

If a lock file is generated that has multiple source entries under a single package, the poetry detector will hard fail:

Tomlyn.TomlException: (157,1) : error : The key `package.[3].source` is already defined at (152,1) with `[package.source]␤type = \"legacy\"␤url = \"https://artifactory.metaswitch.com/api/pypi/pypi-virtual/simple\"␤reference = \"metaswitch\"` and cannot be redefined
(160,1) : error : The key `package.[3].source.reference` is already defined at (155,1) with `reference = \"metaswitch\"` and cannot be redefined
(162,1) : error : The key `package.[3].source` is already defined at (152,1) with `[package.source]␤type = \"legacy\"␤url = \"https://artifactory.metaswitch.com/api/pypi/pypi-virtual/simple\"␤reference = \"metaswitch\"` and cannot be redefined
(165,1) : error : The key `package.[3].source.reference` is already defined at (155,1) with `reference = \"metaswitch\"` and cannot be redefined
(215,1) : error : The key `package.[5].source` is already defined at (210,1) with `[package.source]␤type = \"legacy\"␤url = \"https://artifactory.metaswitch.com/api/pypi/pypi-virtual/simple\"␤reference = \"metaswitch\"` and cannot be redefined
(218,1) : error : The key `package.[5].source.reference` is already defined at (213,1) with `reference = \"metaswitch\"` and cannot be redefined
(220,1) : error : The key `package.[5].source` is already defined at (210,1) with `[package.source]␤type = \"legacy\"␤url = \"https://artifactory.metaswitch.com/api/pypi/pypi-virtual/simple\"␤reference = \"metaswitch\"` and cannot be redefined
(223,1) : error : The key `package.[5].source.reference` is already defined at (213,1) with `reference = \"metaswitch\"` and cannot be redefined
at Tomlyn.Toml.ToModel[T](String text, String sourcePath, TomlModelOptions options)
at Microsoft.ComponentDetection.Detectors.Poetry.PoetryComponentDetector.OnFileFoundAsync(ProcessRequest processRequest, IDictionary`2 detectorArgs, CancellationToken cancellationToken)
at Microsoft.ComponentDetection.Contracts.FileComponentDetector.OnFileFoundAsync(ProcessRequest processRequest, IDictionary`2 detectorArgs, Boolean cleanupCreatedFiles, CancellationToken cancellationToken)
at Microsoft.ComponentDetection.Contracts.FileComponentDetector.<>c__DisplayClass57_0.<<ProcessAsync>b__0>d.MoveNext()

spec for lock file needs to be reviewed and contract updated to prevent this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FernandoRojo