Merge pull request #213 from DataDog/hotfix/allow-specifying-top-pack…

…ages-cache-location Allow specifying a location where to cache top packages
DataDog · Mar 30, 2023 · f4cad6b · f4cad6b
2 parents ef65d05 + 43f1e7f
commit f4cad6b
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/guarddog/analyzer/metadata/pypi/typosquatting.py b/guarddog/analyzer/metadata/pypi/typosquatting.py
@@ -13,6 +13,9 @@
 log = logging.getLogger("guarddog")
 
 
+TOP_PACKAGES_CACHE_LOCATION = os.environ.get('GUARDDOG_TOP_PACKAGES_CACHE_LOCATION')
+
+
 class PypiTyposquatDetector(TyposquatDetector):
     """
     Detector for typosquatting attacks. Detects if a package name is a typosquat of one of the top 1000 packages.
@@ -42,7 +45,10 @@ def _get_top_packages(self) -> list:
         popular_packages_url = "https://hugovk.github.io/top-pypi-packages/top-pypi-packages-30-days.min.json"
 
         top_packages_filename = "top_pypi_packages.json"
-        resources_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "resources"))
+        resources_dir = TOP_PACKAGES_CACHE_LOCATION
+        if resources_dir is None:
+            resources_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "resources"))
+
         top_packages_path = os.path.join(resources_dir, top_packages_filename)
 
         top_packages_information = None