From afaf03a8267666fc6732f1daa0a9a7d33d89b20d Mon Sep 17 00:00:00 2001
From: edX requirements bot <testeng+edx-requirements-bot@edx.org>
Date: Tue, 5 Sep 2023 06:15:20 -0400
Subject: [PATCH 1/2] fix: setup.py update using script

---
 setup.py | 44 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)
 mode change 100755 => 100644 setup.py

diff --git a/setup.py b/setup.py
old mode 100755
new mode 100644
index beddc7f..2912ee5
--- a/setup.py
+++ b/setup.py
@@ -34,20 +34,50 @@ def load_requirements(*requirements_paths):
     with -c in the requirements files.
     Returns a list of requirement strings.
     """
+    # UPDATED VIA SEMGREP - if you need to remove/modify this method remove this line and add a comment specifying why.
+
+    # e.g. {"django": "Django", "confluent-kafka": "confluent_kafka[avro]"}
+    by_canonical_name = {}
+
+    def check_name_consistent(package):
+        """
+        Raise exception if package is named different ways.
+
+        This ensures that packages are named consistently so we can match
+        constraints to packages. It also ensures that if we require a package
+        with extras we don't constrain it without mentioning the extras (since
+        that too would interfere with matching constraints.)
+        """
+        canonical = package.lower().replace('_', '-').split('[')[0]
+        seen_spelling = by_canonical_name.get(canonical)
+        if seen_spelling is None:
+            by_canonical_name[canonical] = package
+        elif seen_spelling != package:
+            raise Exception(
+                f'Encountered both "{seen_spelling}" and "{package}" in requirements '
+                'and constraints files; please use just one or the other.'
+            )
+
     requirements = {}
     constraint_files = set()
 
     # groups "pkg<=x.y.z,..." into ("pkg", "<=x.y.z,...")
-    requirement_line_regex = re.compile(r"([a-zA-Z0-9-_.]+)([<>=][^#\s]+)?")
+    re_package_name_base_chars = r"a-zA-Z0-9\-_."  # chars allowed in base package name
+    # Two groups: name[maybe,extras], and optionally a constraint
+    requirement_line_regex = re.compile(
+        r"([%s]+(?:\[[%s,\s]+\])?)([<>=][^#\s]+)?"
+        % (re_package_name_base_chars, re_package_name_base_chars)
+    )
 
     def add_version_constraint_or_raise(current_line, current_requirements, add_if_not_present):
         regex_match = requirement_line_regex.match(current_line)
         if regex_match:
             package = regex_match.group(1)
             version_constraints = regex_match.group(2)
+            check_name_consistent(package)
             existing_version_constraints = current_requirements.get(package, None)
-            # fine to add constraints to an unconstrained package,
-            # raise an error if there are already constraints in place
+            # It's fine to add constraints to an unconstrained package,
+            # but raise an error if there are already constraints in place.
             if existing_version_constraints and existing_version_constraints != version_constraints:
                 raise BaseException(f'Multiple constraint definitions found for {package}:'
                                     f' "{existing_version_constraints}" and "{version_constraints}".'
@@ -56,8 +86,8 @@ def add_version_constraint_or_raise(current_line, current_requirements, add_if_n
             if add_if_not_present or package in current_requirements:
                 current_requirements[package] = version_constraints
 
-    # read requirements from .in
-    # store the path to any constraint files that are pulled in
+    # Read requirements from .in files and store the path to any
+    # constraint files that are pulled in.
     for path in requirements_paths:
         with open(path) as reqs:
             for line in reqs:
@@ -86,7 +116,9 @@ def is_requirement(line):
         bool: True if the line is not blank, a comment,
         a URL, or an included file
     """
-    return line and line.strip() and not line.startswith(("-r", "#", "-e", "git+", "-c"))
+    # UPDATED VIA SEMGREP - if you need to remove/modify this method remove this line and add a comment specifying why
+
+    return line and line.strip() and not line.startswith(('-r', '#', '-e', 'git+', '-c'))
 
 
 VERSION = get_version('edx_event_bus_redis', '__init__.py')

From 229fa558ee5ac568b1caa04a2e2537feb4413cb0 Mon Sep 17 00:00:00 2001
From: Brian Mesick <bmesick@tcril.org>
Date: Wed, 11 Oct 2023 09:42:09 -0400
Subject: [PATCH 2/2] style: Disable broad except that is failing the lint
 check

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 2912ee5..fbd52a8 100644
--- a/setup.py
+++ b/setup.py
@@ -53,7 +53,7 @@ def check_name_consistent(package):
         if seen_spelling is None:
             by_canonical_name[canonical] = package
         elif seen_spelling != package:
-            raise Exception(
+            raise Exception(    # pylint: disable=broad-exception-raised
                 f'Encountered both "{seen_spelling}" and "{package}" in requirements '
                 'and constraints files; please use just one or the other.'
             )