diff --git a/supply_chain_scanner/test_supply_chain.py b/supply_chain_scanner/test_supply_chain.py index dd21100..e4acc85 100644 --- a/supply_chain_scanner/test_supply_chain.py +++ b/supply_chain_scanner/test_supply_chain.py @@ -24,6 +24,7 @@ import re import site import sys +import warnings import zlib from pathlib import Path @@ -333,7 +334,8 @@ def test_no_suspicious_pth_files(self): for pth_file in pth_files: try: content = pth_file.read_text(errors="replace") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {pth_file}: {exc}", stacklevel=1) continue issues = [] @@ -387,7 +389,8 @@ def test_pth_files_are_path_only(self): for pth_file in pth_files: try: content = pth_file.read_text(errors="replace") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {pth_file}: {exc}", stacklevel=1) continue for line_num, line in enumerate(content.splitlines(), 1): @@ -428,7 +431,8 @@ def test_no_encoded_exfiltration_payloads(self): try: content = py_file.read_text(errors="replace") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {py_file}: {exc}", stacklevel=1) continue # Scan for encoded strings (base64, hex) @@ -464,7 +468,8 @@ def test_no_string_concat_obfuscation(self): try: content = py_file.read_text(errors="replace") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {py_file}: {exc}", stacklevel=1) continue for pattern in OBFUSCATION_PATTERNS: @@ -562,7 +567,8 @@ def test_no_suspicious_egg_info_scripts(self): for pattern in SUSPICIOUS_PATTERNS: if pattern.search(content): suspicious.append(f"{egg_info.name}/{script.name}: {pattern.pattern}") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {script}: {exc}", stacklevel=1) continue assert not suspicious, f"Packages with suspicious install scripts: {suspicious}" @@ -585,7 +591,8 @@ def test_no_setup_py_with_network_calls(self): for pattern in network_patterns: if pattern.search(content): suspicious.append(f"{setup_py.parent.name}/setup.py: {pattern.pattern}") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {setup_py}: {exc}", stacklevel=1) continue assert not suspicious, f"Packages with setup.py making network calls: {suspicious}" @@ -634,8 +641,8 @@ def test_no_unexpected_pth_files(self): content = Path(pth_path).read_text(errors="replace") if any(pattern.search(content) for pattern in SUSPICIOUS_PATTERNS): risky.append(pth_path) - except (OSError, PermissionError): - pass + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {pth_path}: {exc}", stacklevel=1) assert not risky, f"CRITICAL: Unexpected .pth files with suspicious content: {risky}" @@ -659,7 +666,8 @@ def test_no_credential_exfiltration_in_startup(self): try: content = pth_file.read_text(errors="replace") - except (OSError, PermissionError): + except (OSError, PermissionError) as exc: + warnings.warn(f"Could not read {pth_file}: {exc}", stacklevel=1) continue for target in SENSITIVE_EXFIL_TARGETS: