Parse setup.py without setuptools

Question

Parse setup.py without setuptools

I am using python on my ipad and need a way to capture name, version, packages, etc. from setup.py packages. I do not have access to setuptools or distutils. At first it seemed to me that I would parse setup.py, but this does not seem to be the answer, since there are many ways to pass args to setup (). I would like to create mock setup () that returns the arguments passed to it, but I'm not sure how to get past the import errors. Any help would be greatly appreciated.

+6

python python-2.7 setuptools

briarfox Jan 6 '15 at 0:33

source share

4 answers

I'm not kidding. This worked on python 3.4.3 and 2.7.6;)

 export VERSION=$(python my_package/setup.py --version)

contents of setup.py:

 from distutils.core import setup setup( name='bonsai', version='0.0.1', packages=['my_package'], url='', license='MIT', author='', author_email='', description='', test_suite='nose.collector', tests_require=['nose'], )

+3

guneysus Sep 19 '16 at 18:15

source share

Analysis setup.py can be dangerous in case of such malicious files:

 from setuptools import setup import shutil setup( install_requires=[ shutil.rmtree('/'), # very dangerous! 'django', ], )

I prepared a simple script (based on the @ simeon-visser idea) and a docker image that analyzes the setup.py file in an isolated and protected container:

Using

 $ git clone https://github.com/noisy/parse_setup.py $ cd parse_setup.py/ $ docker build -t parse . $ ./parse.sh ./example_files/setup.py #[OK] lxml==3.4.4 termcolor==1.1.0 $ ./parse.sh ./example_files/dangerous_setup.py [Errno 39] Directory not empty: '/usr/local/lib' #nothing bad happend :)

0

noisy Aug 16 '15 at 16:11

source share

You can replace the setup method of the setup package as follows

 >>> import setuptools >>> def setup(**kwargs): print(kwargs) >>> setuptools.setup = setup >>> content = open('setup.py').read() >>> exec(content)

0

Priyam singh Jun 01 '17 at 7:38

source share

Simeon visser · Accepted Answer · 2015-01-06T00:52:38+0000

You can dynamically create the setuptools module and commit the values passed to setup :

 >>> import imp >>> module = """ ... def setup(*args, **kwargs): ... print(args, kwargs) ... """ >>> >>> setuptools = imp.new_module("setuptools") >>> exec module in setuptools.__dict__ >>> setuptools <module 'setuptools' (built-in)> >>> setuptools.setup(3) ((3,), {})

After the above, you have the setuptools module with the setup function. You may need to create some more functions for all import operations to work. After that, you can import setup.py and compile the contents. This, as a rule, is a complicated approach, since setup.py can contain any Python code with conditional imports and dynamic calculations for passing setup() values.

Parse setup.py without setuptools

Using

More articles: