From e45d53546ab008f9d1e1b0906b70d2e66f3391e8 Mon Sep 17 00:00:00 2001
From: Matt Davis <matteius@gmail.com>
Date: Fri, 9 Sep 2022 22:09:57 -0400
Subject: [PATCH] Safer import of pkg_resources.

---
 pipenv/patched/safety/cli.py                       |  4 ++--
 pipenv/vendor/cerberus/__init__.py                 |  2 +-
 pipenv/vendor/cerberus/tests/test_assorted.py      |  2 +-
 pipenv/vendor/requirementslib/models/setup_info.py | 12 ++++++------
 pipenv/vendor/requirementslib/models/utils.py      | 10 +++++-----
 pipenv/vendor/requirementslib/utils.py             |  2 +-
 pipenv/vendor/wheel/bdist_wheel.py                 |  2 +-
 pipenv/vendor/wheel/cli/__init__.py                |  2 +-
 pipenv/vendor/wheel/metadata.py                    |  2 +-
 9 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/pipenv/patched/safety/cli.py b/pipenv/patched/safety/cli.py
index 0d092fb2..f054af1b 100644
--- a/pipenv/patched/safety/cli.py
+++ b/pipenv/patched/safety/cli.py
@@ -61,7 +61,7 @@ def check(key, db, json, full_report, bare, stdin, files, cache, ignore, output,
     elif stdin:
         packages = list(read_requirements(sys.stdin))
     else:
-        import pkg_resources
+        import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
         packages = [
             d for d in pkg_resources.working_set
             if d.key not in {"python", "wsgiref", "argparse"}
@@ -150,7 +150,7 @@ def license(key, db, json, bare, cache, files, proxyprotocol, proxyhost, proxypo
     if files:
         packages = list(itertools.chain.from_iterable(read_requirements(f, resolve=True) for f in files))
     else:
-        import pkg_resources
+        import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
         packages = [
             d for d in pkg_resources.working_set
             if d.key not in {"python", "wsgiref", "argparse"}
diff --git a/pipenv/vendor/cerberus/__init__.py b/pipenv/vendor/cerberus/__init__.py
index b4628a52..7cb82be2 100644
--- a/pipenv/vendor/cerberus/__init__.py
+++ b/pipenv/vendor/cerberus/__init__.py
@@ -10,7 +10,7 @@
 
 from __future__ import absolute_import
 
-from pkg_resources import get_distribution, DistributionNotFound
+from pipenv.patched.pip._vendor.pkg_resources import get_distribution, DistributionNotFound
 
 from pipenv.vendor.cerberus.validator import DocumentError, Validator
 from pipenv.vendor.cerberus.schema import rules_set_registry, schema_registry, SchemaError
diff --git a/pipenv/vendor/cerberus/tests/test_assorted.py b/pipenv/vendor/cerberus/tests/test_assorted.py
index f45fdd5f..8f049ea5 100644
--- a/pipenv/vendor/cerberus/tests/test_assorted.py
+++ b/pipenv/vendor/cerberus/tests/test_assorted.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 
 from decimal import Decimal
-from pkg_resources import Distribution, DistributionNotFound
+from pipenv.patched.pip._vendor.pkg_resources import Distribution, DistributionNotFound
 
 from pytest import mark
 
diff --git a/pipenv/vendor/requirementslib/models/setup_info.py b/pipenv/vendor/requirementslib/models/setup_info.py
index 4ab4039c..56f98e7a 100644
--- a/pipenv/vendor/requirementslib/models/setup_info.py
+++ b/pipenv/vendor/requirementslib/models/setup_info.py
@@ -43,7 +43,7 @@ from .utils import (
 )
 
 try:
-    import pkg_resources.extern.packaging.requirements as pkg_resources_requirements
+    import pipenv.patched.pip._vendor.pkg_resources.extern.packaging.requirements as pkg_resources_requirements
 except ModuleNotFoundError:
     pkg_resources_requirements = None
 
@@ -70,8 +70,8 @@ if MYPY_RUNNING:
     from pipenv.patched.pip._vendor.packaging.requirements import Requirement as PackagingRequirement
     from pipenv.patched.pip._internal.index.package_finder import PackageFinder
     from pipenv.patched.pip._internal.req.req_install import InstallRequirement
-    from pkg_resources import DistInfoDistribution, EggInfoDistribution, PathMetadata
-    from pkg_resources import Requirement as PkgResourcesRequirement
+    from pipenv.patched.pip._vendor.pkg_resources import DistInfoDistribution, EggInfoDistribution, PathMetadata
+    from pipenv.patched.pip._vendor.pkg_resources import Requirement as PkgResourcesRequirement
 
     try:
         from setuptools.dist import Distribution
@@ -586,7 +586,7 @@ def _get_src_dir(root):
 @lru_cache()
 def ensure_reqs(reqs):
     # type: (List[Union[S, PkgResourcesRequirement]]) -> List[PkgResourcesRequirement]
-    import pkg_resources
+    import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
     if not isinstance(reqs, Iterable):
         raise TypeError("Expecting an Iterable, got %r" % reqs)
@@ -731,7 +731,7 @@ def find_distinfo(target, pkg_name=None):
 
 def get_distinfo_dist(path, pkg_name=None):
     # type: (S, Optional[S]) -> Optional[DistInfoDistribution]
-    import pkg_resources
+    import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
     dist_dir = next(iter(find_distinfo(path, pkg_name=pkg_name)), None)
     if dist_dir is not None:
@@ -745,7 +745,7 @@ def get_distinfo_dist(path, pkg_name=None):
 
 def get_egginfo_dist(path, pkg_name=None):
     # type: (S, Optional[S]) -> Optional[EggInfoDistribution]
-    import pkg_resources
+    import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
     egg_dir = next(iter(find_egginfo(path, pkg_name=pkg_name)), None)
     if egg_dir is not None:
diff --git a/pipenv/vendor/requirementslib/models/utils.py b/pipenv/vendor/requirementslib/models/utils.py
index a35be1bf..fac39713 100644
--- a/pipenv/vendor/requirementslib/models/utils.py
+++ b/pipenv/vendor/requirementslib/models/utils.py
@@ -49,7 +49,7 @@ if MYPY_RUNNING:
     from pipenv.patched.pip._vendor.packaging.markers import Value as PkgResourcesValue
     from pipenv.patched.pip._vendor.packaging.markers import Variable as PkgResourcesVariable
     from pipenv.patched.pip._vendor.packaging.requirements import Requirement as PackagingRequirement
-    from pkg_resources import Requirement as PkgResourcesRequirement
+    from pipenv.patched.pip._vendor.pkg_resources import Requirement as PkgResourcesRequirement
     from pipenv.patched.pip._vendor.urllib3.util.url import Url
 
     _T = TypeVar("_T")
@@ -189,7 +189,7 @@ def init_requirement(name):
 
     if not isinstance(name, str):
         raise TypeError("must supply a name to generate a requirement")
-    from pkg_resources import Requirement
+    from pipenv.patched.pip._vendor.pkg_resources import Requirement
 
     req = Requirement.parse(name)
     req.vcs = None
@@ -226,7 +226,7 @@ def parse_extras(extras_str):
     :rtype: List[str]
     """
 
-    from pkg_resources import Requirement
+    from pipenv.patched.pip._vendor.pkg_resources import Requirement
 
     extras = Requirement.parse("fakepkg{0}".format(extras_to_string(extras_str))).extras
     return sorted(dedup([extra.lower() for extra in extras]))
@@ -456,7 +456,7 @@ def _strip_extras_markers(marker):
 @lru_cache()
 def get_setuptools_version():
     # type: () -> Optional[STRING_TYPE]
-    import pkg_resources
+    import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
     setuptools_dist = pkg_resources.get_distribution(
         pkg_resources.Requirement("setuptools")
@@ -982,7 +982,7 @@ def get_name_variants(pkg):
     if not isinstance(pkg, str):
         raise TypeError("must provide a string to derive package names")
     from pipenv.patched.pip._vendor.packaging.utils import canonicalize_name
-    from pkg_resources import safe_name
+    from pipenv.patched.pip._vendor.pkg_resources import safe_name
 
     pkg = pkg.lower()
     names = {safe_name(pkg), canonicalize_name(pkg), pkg.replace("-", "_")}
diff --git a/pipenv/vendor/requirementslib/utils.py b/pipenv/vendor/requirementslib/utils.py
index 1ee543b2..71811fa2 100644
--- a/pipenv/vendor/requirementslib/utils.py
+++ b/pipenv/vendor/requirementslib/utils.py
@@ -203,7 +203,7 @@ def is_installable_file(path):
 def get_dist_metadata(dist):
     from email.parser import FeedParser
 
-    import pkg_resources
+    import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
     if isinstance(dist, pkg_resources.DistInfoDistribution) and dist.has_metadata(
         "METADATA"
diff --git a/pipenv/vendor/wheel/bdist_wheel.py b/pipenv/vendor/wheel/bdist_wheel.py
index 80e43d0a..c24884ba 100644
--- a/pipenv/vendor/wheel/bdist_wheel.py
+++ b/pipenv/vendor/wheel/bdist_wheel.py
@@ -20,7 +20,7 @@ from shutil import rmtree
 from sysconfig import get_config_var
 from zipfile import ZIP_DEFLATED, ZIP_STORED
 
-import pkg_resources
+import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
 from .pkginfo import write_pkg_info
 from .macosx_libfile import calculate_macosx_platform_tag
diff --git a/pipenv/vendor/wheel/cli/__init__.py b/pipenv/vendor/wheel/cli/__init__.py
index 95740bfb..a03389cf 100644
--- a/pipenv/vendor/wheel/cli/__init__.py
+++ b/pipenv/vendor/wheel/cli/__init__.py
@@ -11,7 +11,7 @@ import sys
 
 def require_pkgresources(name):
     try:
-        import pkg_resources  # noqa: F401
+        import pipenv.patched.pip._vendor.pkg_resources as pkg_resources  # noqa: F401
     except ImportError:
         raise RuntimeError("'{0}' needs pkg_resources (part of setuptools).".format(name))
 
diff --git a/pipenv/vendor/wheel/metadata.py b/pipenv/vendor/wheel/metadata.py
index 37efa743..21a0ee3e 100644
--- a/pipenv/vendor/wheel/metadata.py
+++ b/pipenv/vendor/wheel/metadata.py
@@ -5,7 +5,7 @@ Tools for converting old- to new-style metadata.
 import os.path
 import textwrap
 
-import pkg_resources
+import pipenv.patched.pip._vendor.pkg_resources as pkg_resources
 
 from .pkginfo import read_pkg_info