8000 Skip symlinks when creating SBOM for source tarball (#232) · python/release-tools@267346a · GitHub
[go: up one dir, main page]
Skip to content

Commit 267346a

Browse files
hugovkAA-Turnersethmlarson
authored
Skip symlinks when creating SBOM for source tarball (#232)
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
1 parent c8a4771 commit 267346a

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

sbom.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -608,12 +608,12 @@ def create_sbom_for_source_tarball(tarball_path: str) -> SBOM:
608608
# Now we walk the tarball and compare known files to our expected checksums in the SBOM.
609609
# All files that aren't already in the SBOM can be added as "CPython" f 7C74 iles.
610610
for member in tarball.getmembers():
611-
if member.isdir(): # Skip directories!
611+
if not member.isfile(): # Only keep files (no symlinks)
612612
continue
613613

614614
# Get the member from the tarball. CPython prefixes all of its
615615
# source code with 'Python-{version}/...'.
616-
assert member.isfile() and member.name.startswith(f"Python-{cpython_version}/")
616+
assert member.name.startswith(f"Python-{cpython_version}/")
617617

618618
# Calculate the hashes, either for comparison with a known value
619619
# or to embed in the SBOM as a new file. SHA1 is only used because

0 commit comments

Comments
 (0)
0