24457923341

Committed 15 Apr 2026 01:42PM UTC coverage: 75.08% (-5.2%) from 80.27%

Build # 24457923341

Build Type

push

github

Committed by

web-flow

Commit Message

upgrade to Trivy v0.69.2 (Cherry-pick of #23155) (#23258)

Update to Trivy v0.69.2. Prior releases were deleted as part of [an
attack they
suffered](https://github.com/aquasecurity/trivy/discussions/10265), so
our CI is broken while it is still references the prior version.

Co-authored-by: Tom Dyas <tom.dyas@gmail.com>

Coverage Stats

1 of 1 new or added line in 1 file covered. (100.0%)

2174 existing lines in 88 files now uncovered.

6128 of 8162 relevant lines covered (75.08%)

33.63 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

47.83

/src/python/pants/fs/fs.py

# Copyright 2014 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).

import hashlib
import os

# The max filename length for HFS+, extX and NTFS is 255, but many systems also have limits on the
# total path length (made up of multiple filenames), so we include some additional buffer.
_MAX_FILENAME_LENGTH = 100


def safe_filename(name, extension=None, digest=None, max_length=_MAX_FILENAME_LENGTH):
    """Creates filename from name and extension ensuring that the final length is within the
    max_length constraint.

    By default the length is capped to work on most filesystems and the fallback to achieve
    shortening is a sha1 hash of the proposed name.

    Raises ValueError if the proposed name is not a simple filename but a file path.
    Also raises ValueError when the name is simple but cannot be satisfactorily shortened with the
    given digest.

    :API: public

    name:       the proposed filename without extension
    extension:  an optional extension to append to the filename
    digest:     the digest to fall back on for too-long name, extension concatenations - should
                support the hashlib digest api of update(string) and hexdigest
    max_length: the maximum desired file name length
    """
    if os.path.basename(name) != name:
        raise ValueError(f"Name must be a filename, handed a path: {name}")

    ext = extension or ""
    filename = name + ext
    if len(filename) <= max_length:
        return filename
    else:
        digest = digest or hashlib.sha1()
        digest.update(filename.encode())
        hexdigest = digest.hexdigest()[:16]

        # Prefix and suffix length: max length less 2 periods, the extension length, and the digest length.
        ps_len = max(0, (max_length - (2 + len(ext) + len(hexdigest))) // 2)
        sep = "." if ps_len > 0 else ""
        prefix = name[:ps_len]
        suffix = name[-ps_len:] if ps_len > 0 else ""

        safe_name = f"{prefix}{sep}{hexdigest}{sep}{suffix}{ext}"
        if len(safe_name) > max_length:
            raise ValueError(
                f"Digest {digest} failed to produce a filename <= {max_length} characters for {filename} - got {safe_name}"
            )
        return safe_name


def safe_filename_from_path(path, **kwargs):
    """As for `safe_filename`, but takes a path.

    First converts it into a name by replacing separator characters, and then calls safe_filename.
    """
    return safe_filename(path.strip(os.path.sep).replace(os.path.sep, "."), **kwargs)

1	# Copyright 2014 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3
4	import hashlib	10✔
5	import os	10✔
6
7	# The max filename length for HFS+, extX and NTFS is 255, but many systems also have limits on the
8	# total path length (made up of multiple filenames), so we include some additional buffer.
9	_MAX_FILENAME_LENGTH = 100	10✔
10
11
12	def safe_filename(name, extension=None, digest=None, max_length=_MAX_FILENAME_LENGTH):	10✔
13	"""Creates filename from name and extension ensuring that the final length is within the
14	max_length constraint.
15
16	By default the length is capped to work on most filesystems and the fallback to achieve
17	shortening is a sha1 hash of the proposed name.
18
19	Raises ValueError if the proposed name is not a simple filename but a file path.
20	Also raises ValueError when the name is simple but cannot be satisfactorily shortened with the
21	given digest.
22
23	:API: public
24
25	name: the proposed filename without extension
26	extension: an optional extension to append to the filename
27	digest: the digest to fall back on for too-long name, extension concatenations - should
28	support the hashlib digest api of update(string) and hexdigest
29	max_length: the maximum desired file name length
30	"""
31	if os.path.basename(name) != name:	2✔
UNCOV 32	raise ValueError(f"Name must be a filename, handed a path: {name}")	×
33
34	ext = extension or ""	2✔
35	filename = name + ext	2✔
36	if len(filename) <= max_length:	2✔
37	return filename	2✔
38	else:
UNCOV 39	digest = digest or hashlib.sha1()	×
UNCOV 40	digest.update(filename.encode())	×
UNCOV 41	hexdigest = digest.hexdigest()[:16]	×
42
43	# Prefix and suffix length: max length less 2 periods, the extension length, and the digest length.
UNCOV 44	ps_len = max(0, (max_length - (2 + len(ext) + len(hexdigest))) // 2)	×
UNCOV 45	sep = "." if ps_len > 0 else ""	×
UNCOV 46	prefix = name[:ps_len]	×
UNCOV 47	suffix = name[-ps_len:] if ps_len > 0 else ""	×
48
UNCOV 49	safe_name = f"{prefix}{sep}{hexdigest}{sep}{suffix}{ext}"	×
UNCOV 50	if len(safe_name) > max_length:	×
UNCOV 51	raise ValueError(	×
52	f"Digest {digest} failed to produce a filename <= {max_length} characters for {filename} - got {safe_name}"
53	)
UNCOV 54	return safe_name	×
55
56
57	def safe_filename_from_path(path, **kwargs):	10✔
58	"""As for `safe_filename`, but takes a path.
59
60	First converts it into a name by replacing separator characters, and then calls safe_filename.
61	"""
62	return safe_filename(path.strip(os.path.sep).replace(os.path.sep, "."), **kwargs)	2✔

pantsbuild / pants / 24457923341

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous