cycode 1.10.8__tar.gz → 1.10.8.dev2__tar.gz

{cycode-1.10.8 → cycode-1.10.8.dev2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 1.10.8
+Version: 1.10.8.dev2
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT

cycode-1.10.8.dev2/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '1.10.8.dev2'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-1.10.8 → cycode-1.10.8.dev2}/cycode/cli/commands/scan/code_scanner.py

@@ -487,7 +487,7 @@ def perform_scan(
         return perform_scan_sync(cycode_client, zipped_documents, scan_type, scan_parameters)
 
     if scan_type in (consts.SCA_SCAN_TYPE, consts.SAST_SCAN_TYPE) or should_use_scan_service:
-        return perform_scan_async(cycode_client, zipped_documents, scan_type, scan_parameters, is_commit_range)
+        return perform_scan_async(cycode_client, zipped_documents, scan_type, scan_parameters)
 
     if is_commit_range:
         return cycode_client.commit_range_zipped_file_scan(scan_type, zipped_documents, scan_id)
@@ -500,11 +500,8 @@ def perform_scan_async(
     zipped_documents: 'InMemoryZip',
     scan_type: str,
     scan_parameters: dict,
-    is_commit_range: bool,
 ) -> ZippedFileScanResult:
-    scan_async_result = cycode_client.zipped_file_scan_async(
-        zipped_documents, scan_type, scan_parameters, is_commit_range=is_commit_range
-    )
+    scan_async_result = cycode_client.zipped_file_scan_async(zipped_documents, scan_type, scan_parameters)
     logger.debug('Async scan request has been triggered successfully, %s', {'scan_id': scan_async_result.scan_id})
 
     return poll_scan_results(
@@ -525,7 +522,7 @@ def perform_scan_sync(
     logger.debug('Sync scan request has been triggered successfully, %s', {'scan_id': scan_results.id})
     return ZippedFileScanResult(
         did_detect=True,
-        detections_per_file=_map_detections_per_file_and_commit_id(scan_results.detection_messages),
+        detections_per_file=_map_detections_per_file(scan_results.detection_messages),
         scan_id=scan_results.id,
     )
 
@@ -870,11 +867,11 @@ def _get_scan_result(
     if not scan_details.detections_count:
         return init_default_scan_result(cycode_client, scan_id, scan_type, should_get_report)
 
-    scan_raw_detections = cycode_client.get_scan_raw_detections(scan_type, scan_id)
+    scan_detections = cycode_client.get_scan_detections(scan_type, scan_id)
 
     return ZippedFileScanResult(
         did_detect=True,
-        detections_per_file=_map_detections_per_file_and_commit_id(scan_raw_detections),
+        detections_per_file=_map_detections_per_file(scan_detections),
         scan_id=scan_id,
         report_url=_try_get_report_url_if_needed(cycode_client, should_get_report, scan_id, scan_type),
     )
@@ -904,58 +901,42 @@ def _try_get_report_url_if_needed(
         logger.debug('Failed to get report URL', exc_info=e)
 
 
-def _map_detections_per_file_and_commit_id(raw_detections: List[dict]) -> List[DetectionsPerFile]:
-    """Converts list of detections (async flow) to list of DetectionsPerFile objects (sync flow).
-
-    Args:
-        raw_detections: List of detections as is returned from the server.
-
-    Note:
-        This method fakes server response structure
-        to be able to use the same logic for both async and sync scans.
-
-    Note:
-        Aggregation is performed by file name and commit ID (if available)
-    """
+def _map_detections_per_file(detections: List[dict]) -> List[DetectionsPerFile]:
     detections_per_files = {}
-    for raw_detection in raw_detections:
+    for detection in detections:
         try:
-            # FIXME(MarshalX): investigate this field mapping
-            raw_detection['message'] = raw_detection['correlation_message']
-
-            file_name = _get_file_name_from_detection(raw_detection)
-            detection: Detection = DetectionSchema().load(raw_detection)
-            commit_id: Optional[str] = detection.detection_details.get('commit_id')  # could be None
-            group_by_key = (file_name, commit_id)
-
-            if group_by_key in detections_per_files:
-                detections_per_files[group_by_key].append(detection)
+            detection['message'] = detection['correlation_message']
+            file_name = _get_file_name_from_detection(detection)
+            if file_name is None:
+                logger.debug('File name is missing from detection with ID %s', detection.get('id'))
+                continue
+            if detections_per_files.get(file_name) is None:
+                detections_per_files[file_name] = [DetectionSchema().load(detection)]
             else:
-                detections_per_files[group_by_key] = [detection]
+                detections_per_files[file_name].append(DetectionSchema().load(detection))
         except Exception as e:
             logger.debug('Failed to parse detection', exc_info=e)
             continue
 
     return [
-        DetectionsPerFile(file_name=file_name, detections=file_detections, commit_id=commit_id)
-        for (file_name, commit_id), file_detections in detections_per_files.items()
+        DetectionsPerFile(file_name=file_name, detections=file_detections)
+        for file_name, file_detections in detections_per_files.items()
     ]
 
 
-def _get_file_name_from_detection(raw_detection: dict) -> str:
-    category = raw_detection.get('category')
+def _get_file_name_from_detection(detection: dict) -> str:
+    if detection.get('category') == 'SAST':
+        return detection['detection_details']['file_path']
 
-    if category == 'SAST':
-        return raw_detection['detection_details']['file_path']
-    if category == 'SecretDetection':
-        return _get_secret_file_name_from_detection(raw_detection)
+    if detection.get('category') == 'SecretDetection':
+        return _get_secret_file_name_from_detection(detection)
 
-    return raw_detection['detection_details']['file_name']
+    return detection['detection_details']['file_name']
 
 
-def _get_secret_file_name_from_detection(raw_detection: dict) -> str:
-    file_path: str = raw_detection['detection_details']['file_path']
-    file_name: str = raw_detection['detection_details']['file_name']
+def _get_secret_file_name_from_detection(detection: dict) -> str:
+    file_path: str = detection['detection_details']['file_path']
+    file_name: str = detection['detection_details']['file_name']
     return os.path.join(file_path, file_name)
 
 

{cycode-1.10.8 → cycode-1.10.8.dev2}/cycode/cli/files_collector/iac/tf_content_generator.py

@@ -1,5 +1,6 @@
 import json
 import time
+import uuid
 from typing import List
 
 from cycode.cli import consts
@@ -43,7 +44,7 @@ def _generate_tf_content(resource_changes: List[ResourceChange]) -> str:
 
 
 def _generate_resource_content(resource_change: ResourceChange) -> str:
-    resource_content = f'resource "{resource_change.resource_type}" "{_get_resource_name(resource_change)}" {{\n'
+    resource_content = f'resource "{resource_change.resource_type}" "{resource_change.name}-{uuid.uuid4()}" {{\n'
     if resource_change.values is not None:
         for key, value in resource_change.values.items():
             resource_content += f'  {key} = {json.dumps(value)}\n'
@@ -51,17 +52,6 @@ def _generate_resource_content(resource_change: ResourceChange) -> str:
     return resource_content
 
 
-def _get_resource_name(resource_change: ResourceChange) -> str:
-    parts = [resource_change.module_address, resource_change.name]
-
-    if resource_change.index is not None:
-        parts.append(str(resource_change.index))
-
-    valid_parts = [part for part in parts if part]
-
-    return '.'.join(valid_parts)
-
-
 def _extract_resources(tfplan: str, filename: str) -> List[ResourceChange]:
     tfplan_json = load_json(tfplan)
     resources: List[ResourceChange] = []
@@ -70,10 +60,8 @@ def _extract_resources(tfplan: str, filename: str) -> List[ResourceChange]:
         for resource_change in resource_changes:
             resources.append(
                 ResourceChange(
-                    module_address=resource_change.get('module_address'),
                     resource_type=resource_change['type'],
                     name=resource_change['name'],
-                    index=resource_change.get('index'),
                     actions=resource_change['change']['actions'],
                     values=resource_change['change']['after'],
                 )

{cycode-1.10.8 → cycode-1.10.8.dev2}/cycode/cli/models.py

@@ -76,10 +76,8 @@ class LocalScanResult(NamedTuple):
 
 @dataclass
 class ResourceChange:
-    module_address: Optional[str]
     resource_type: str
     name: str
-    index: Optional[int]
     actions: List[str]
     values: Dict[str, str]
 

{cycode-1.10.8 → cycode-1.10.8.dev2}/cycode/cyclient/scan_client.py

@@ -126,16 +126,11 @@ class ScanClient:
         scan_type: str,
         scan_parameters: dict,
         is_git_diff: bool = False,
-        is_commit_range: bool = False,
     ) -> models.ScanInitializationResponse:
         files = {'file': ('multiple_files_scan.zip', zip_file.read())}
         response = self.scan_cycode_client.post(
             url_path=self.get_zipped_file_scan_async_url_path(scan_type),
-            data={
-                'is_git_diff': is_git_diff,
-                'scan_parameters': json.dumps(scan_parameters),
-                'is_commit_range': is_commit_range,
-            },
+            data={'is_git_diff': is_git_diff, 'scan_parameters': json.dumps(scan_parameters)},
             files=files,
         )
         return models.ScanInitializationResponseSchema().load(response.json())
@@ -225,12 +220,12 @@ class ScanClient:
     def get_scan_detections_list_path(self, scan_type: str) -> str:
         return f'{self.get_scan_detections_path(scan_type)}{self.get_scan_detections_list_path_suffix(scan_type)}'
 
-    def get_scan_raw_detections(self, scan_type: str, scan_id: str) -> List[dict]:
+    def get_scan_detections(self, scan_type: str, scan_id: str) -> List[dict]:
         params = {'scan_id': scan_id}
 
         page_size = 200
 
-        raw_detections = []
+        detections = []
 
         page_number = 0
         last_response_size = 0
@@ -243,12 +238,12 @@ class ScanClient:
                 params=params,
                 hide_response_content_log=self._hide_response_log,
             ).json()
-            raw_detections.extend(response)
+            detections.extend(response)
 
             page_number += 1
             last_response_size = len(response)
 
-        return raw_detections
+        return detections
 
     def commit_range_zipped_file_scan(
         self, scan_type: str, zip_file: InMemoryZip, scan_id: str

{cycode-1.10.8 → cycode-1.10.8.dev2}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "1.10.8" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "1.10.8.dev2" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-1.10.8/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '1.10.8'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag