Forbid dependencies direct url

xavfernandez · xavfernandez · commit 86b07792e7ae · 2017-01-30T10:22:40.000+01:00
diff --git a/pip/req/req_install.py b/pip/req/req_install.py
@@ -164,6 +164,11 @@ def from_req(cls, req, comes_from=None, isolated=False, wheel_cache=None):
             req = Requirement(req)
         except InvalidRequirement:
             raise InstallationError("Invalid requirement: '%s'" % req)
+        if req.url:
+            raise InstallationError(
+                "Direct url requirement (like %s) are not allowed for "
+                "dependencies" % req
+            )
         return cls(req, comes_from, isolated=isolated, wheel_cache=wheel_cache)
 
     @classmethod
diff --git a/tests/functional/test_install.py b/tests/functional/test_install.py
@@ -1217,7 +1217,6 @@ def test_install_pep508_with_url_in_install_requires(script):
             'ce1a869fe039fbf7e217df36c4653d1dbe657778b2d41709593a0003584405f4'
         ],
     )
-    res = script.pip('install', pkga_path)
-    assert "Successfully installed" in str(res), str(res)
-    res = script.pip('list', '--format=freeze')
-    assert 'packaging==15.3' in res.stdout
+    res = script.pip('install', pkga_path, expect_error=True)
+    assert "Direct url requirement " in res.stderr, str(res)
+    assert "are not allowed for dependencies" in res.stderr, str(res)
