Support pipenv

Author: kyoshidajp

README.md

@@ -17,7 +17,7 @@ However, some libraries have archived their source code repositories or have had
 | JavaScript | yarn | yarn.lock | :heavy_check_mark: |
 | PHP | composer | composer.lock | :heavy_check_mark: |
 | Python | pip | requirements.txt | :heavy_check_mark: |
-| Python | pipenv | Pipfile.lock | (later) |
+| Python | pipenv | Pipfile.lock | :heavy_check_mark: |
 | Python | poetry | poetry.lock | (later) |
 | Ruby | bundler | Gemfile.lock | :heavy_check_mark: |
 | Rust | cargo | Cargo.lock | :heavy_check_mark: |

cmd/diagnose.go

@@ -215,6 +215,7 @@ var doctors = Doctors{
 	"bundler":   ruby.NewBundlerDoctor(),
 	"yarn":      nodejs.NewYarnDoctor(),
 	"pip":       python.NewPipDoctor(),
+	"pipenv":    python.NewPipenvDoctor(),
 	"npm":       nodejs.NewNPMDoctor(),
 	"composer":  php.NewComposerDoctor(),
 	"golang":    golang.NewGolangDoctor(),

cmd/python/pipenv.go

@@ -0,0 +1,30 @@
+package python
+
+import (
+	"net/http"
+
+	parser_io "github.com/aquasecurity/go-dep-parser/pkg/io"
+	"github.com/aquasecurity/go-dep-parser/pkg/python/pipenv"
+	"github.com/aquasecurity/go-dep-parser/pkg/types"
+)
+
+type PipenvDoctor struct {
+	HTTPClient http.Client
+}
+
+func NewPipenvDoctor() *PipenvDoctor {
+	client := &http.Client{}
+	return &PipenvDoctor{HTTPClient: *client}
+}
+
+func (d *PipenvDoctor) Libraries(r parser_io.ReadSeekerAt) []types.Library {
+	p := pipenv.NewParser()
+	libs, _, _ := p.Parse(r)
+	return libs
+}
+
+func (d *PipenvDoctor) SourceCodeURL(lib types.Library) (string, error) {
+	pypi := Pypi{name: lib.Name}
+	url, err := pypi.fetchURLFromRegistry(d.HTTPClient)
+	return url, err
+}

cmd/python/pipenv/testdata/Pipfile.lock

@@ -14,8 +14,10 @@ const PYPI_REGISTRY_API = "https://pypi.org/pypi/%s/json"
 type PypiRegistryResponse struct {
 	Info struct {
 		ProjectUrls struct {
-			SourceCode string `json:"Source Code"`
-			Source     string `json:"Source"`
+			SourceCode    string `json:"Source Code"`
+			Source        string `json:"Source"`
+			Code          string `json:"Code"`
+			GitHubProject string `json:"GitHub Project"`
 		} `json:"project_urls"`
 	} `json:"info"`
 }
@@ -54,5 +56,13 @@ func (p *Pypi) fetchURLFromRegistry(client http.Client) (string, error) {
 		return PypiRegistryResponse.Info.ProjectUrls.SourceCode, nil
 	}
 
+	if PypiRegistryResponse.Info.ProjectUrls.Code != "" {
+		return PypiRegistryResponse.Info.ProjectUrls.Code, nil
+	}
+
+	if PypiRegistryResponse.Info.ProjectUrls.GitHubProject != "" {
+		return PypiRegistryResponse.Info.ProjectUrls.GitHubProject, nil
+	}
+
 	return PypiRegistryResponse.Info.ProjectUrls.Source, nil
 }