refactor: replace pkg_resources with importlib (fixes #1521) (#1542)

* fixes #1521

cve_bin_tool/cli.py

@@ -23,8 +23,6 @@
 from collections import ChainMap
 from typing import Dict
 
-import pkg_resources
-
 from cve_bin_tool.available_fix import (
     AvailableFixReport,
     get_available_fix_supported_distros,
@@ -51,6 +49,11 @@
 from cve_bin_tool.version import VERSION
 from cve_bin_tool.version_scanner import VersionScanner
 
+if sys.version_info >= (3, 8):
+    from importlib import metadata as importlib_metadata
+else:
+    import importlib_metadata
+
 sys.excepthook = excepthook  # Always install excepthook for entrypoint module.
 
 
@@ -500,7 +503,7 @@ def main(argv=None):
                 lambda checker: checker.name,
                 filter(
                     lambda checker: checker.name not in runs,
-                    pkg_resources.iter_entry_points("cve_bin_tool.checker"),
+                    importlib_metadata.entry_points()["cve_bin_tool.checker"],
                 ),
             )
         )

cve_bin_tool/version_scanner.py

@@ -7,7 +7,6 @@
 from re import MULTILINE, compile, search
 
 import defusedxml.ElementTree as ET
-import pkg_resources
 
 from cve_bin_tool.cvedb import CVEDB
 from cve_bin_tool.egg_updater import IS_DEVELOP, update_egg
@@ -18,6 +17,11 @@
 from cve_bin_tool.strings import Strings
 from cve_bin_tool.util import DirWalk, ProductInfo, inpath
 
+if sys.version_info >= (3, 8):
+    from importlib import metadata as importlib_metadata
+else:
+    import importlib_metadata
+
 
 class InvalidFileError(Exception):
     """Filepath is invalid for scanning."""
@@ -67,14 +71,14 @@ def load_checkers(cls):
         checkers = dict(
             map(
                 lambda checker: (checker.name, checker.load()),
-                pkg_resources.iter_entry_points(cls.CHECKER_ENTRYPOINT),
+                importlib_metadata.entry_points()[cls.CHECKER_ENTRYPOINT],
             )
         )
         return checkers
 
     @classmethod
     def available_checkers(cls):
-        checkers = pkg_resources.iter_entry_points(cls.CHECKER_ENTRYPOINT)
+        checkers = importlib_metadata.entry_points()[cls.CHECKER_ENTRYPOINT]
         checker_list = [item.name for item in checkers]
         return checker_list
 

requirements.csv

@@ -18,3 +18,4 @@ srossross_not_in_db,rpmfile
 indygreg_not_in_db,zstandard
 nir0s_not_in_db,distro
 tiran_not_in_db,defusedxml
+python_not_in_db,importlib_metadata

requirements.txt

@@ -17,3 +17,4 @@ zstandard; python_version >= "3.4"
 reportlab
 distro
 defusedxml
+importlib_metadata; python_version < "3.8"

test/test_checkers.py

@@ -2,14 +2,19 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import re
+import sys
 
-import pkg_resources
 import pytest
 
 from cve_bin_tool.checkers import Checker, VendorProductPair
 from cve_bin_tool.egg_updater import IS_DEVELOP, update_egg
 from cve_bin_tool.log import LOGGER
 
+if sys.version_info >= (3, 8):
+    from importlib import metadata as importlib_metadata
+else:
+    import importlib_metadata
+
 Pattern = type(re.compile("", 0))
 
 
@@ -113,7 +118,7 @@ def setup_class(cls):
     )
     def test_filename_is(self, checker_name, file_name, expected_results):
         """Test a checker's filename detection"""
-        checkers = pkg_resources.iter_entry_points("cve_bin_tool.checker")
+        checkers = importlib_metadata.entry_points()["cve_bin_tool.checker"]
         for checker in checkers:
             if checker.name == checker_name:
                 Checker = checker.load()
@@ -162,7 +167,7 @@ def test_glibc_latest_version(self):
             "2.30",
         ]
         file_name = "libc.so.6"
-        checkers = pkg_resources.iter_entry_points("cve_bin_tool.checker")
+        checkers = importlib_metadata.entry_points()["cve_bin_tool.checker"]
         result = None
         for checker in checkers:
             if checker.name == "glibc":