#!/usr/bin/env python3 """OpenCV pin gate — D-CROSS-CVE-1 enforcement. Asserts that the resolved `opencv-python` (or `opencv-contrib-python`) version declared in `pyproject.toml` is `>= 4.12.0`. Runs without installing any deps. """ from __future__ import annotations import argparse import re import sys from pathlib import Path MIN_VERSION = (4, 12, 0) OPENCV_PACKAGES = ("opencv-python", "opencv-contrib-python") def _parse_version(spec: str) -> tuple[int, ...]: match = re.search(r"(\d+)\.(\d+)\.(\d+)", spec) if match is None: raise ValueError(f"Cannot parse a version from {spec!r}") return tuple(int(g) for g in match.groups()) def main(argv: list[str] | None = None) -> int: parser = argparse.ArgumentParser(description="OpenCV >=4.12.0 pin gate.") parser.add_argument("--pyproject", type=Path, default=Path("pyproject.toml")) args = parser.parse_args(argv) text = args.pyproject.read_text() found: list[tuple[str, tuple[int, ...]]] = [] for pkg in OPENCV_PACKAGES: for line in text.splitlines(): stripped = line.strip().strip(",").strip('"').strip("'") if stripped.startswith(pkg): spec = stripped[len(pkg) :].strip() if spec.startswith((">=", "==", "~=", ">")): spec = spec.lstrip(">=~<") if not spec: continue try: parsed = _parse_version(spec) except ValueError: continue found.append((pkg, parsed)) if not found: print("FAIL: no OpenCV pin found in pyproject.toml.", file=sys.stderr) return 2 for pkg, version in found: if version < MIN_VERSION: print( f"FAIL: {pkg}=={'.'.join(str(v) for v in version)} " f"< required {'.'.join(str(v) for v in MIN_VERSION)} (D-CROSS-CVE-1).", file=sys.stderr, ) return 1 print(f"OK: {pkg} >= {'.'.join(str(v) for v in MIN_VERSION)}") return 0 if __name__ == "__main__": raise SystemExit(main())