cycode 1.9.5.dev2__tar.gz → 1.9.5.dev4__tar.gz

{cycode-1.9.5.dev2 → cycode-1.9.5.dev4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 1.9.5.dev2
+Version: 1.9.5.dev4
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT

cycode-1.9.5.dev4/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '1.9.5.dev4'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-1.9.5.dev2 → cycode-1.9.5.dev4}/cycode/cli/commands/scan/code_scanner.py

@@ -116,19 +116,14 @@ def _should_use_sync_flow(scan_type: str, sync_option: bool, scan_parameters: Op
 
 
 def _enrich_scan_result_with_data_from_detection_rules(
-    cycode_client: 'ScanClient', scan_type: str, scan_result: ZippedFileScanResult
+    cycode_client: 'ScanClient', scan_result: ZippedFileScanResult
 ) -> None:
-    # TODO(MarshalX): remove scan_type arg after migration to new backend filter
-    if scan_type not in {consts.SECRET_SCAN_TYPE, consts.INFRA_CONFIGURATION_SCAN_TYPE}:
-        # not yet
-        return
-
     detection_rule_ids = set()
     for detections_per_file in scan_result.detections_per_file:
         for detection in detections_per_file.detections:
             detection_rule_ids.add(detection.detection_rule_id)
 
-    detection_rules = cycode_client.get_detection_rules(scan_type, detection_rule_ids)
+    detection_rules = cycode_client.get_detection_rules(detection_rule_ids)
     detection_rules_by_id = {detection_rule.detection_rule_id: detection_rule for detection_rule in detection_rules}
 
     for detections_per_file in scan_result.detections_per_file:
@@ -138,9 +133,9 @@ def _enrich_scan_result_with_data_from_detection_rules(
                 # we want to make sure that BE returned it. better to not map data instead of failed scan
                 continue
 
-            if detection_rule.classification_data:
+            if not detection.severity and detection_rule.classification_data:
                 # it's fine to take the first one, because:
-                # - for "secrets" and "iac" there is only one classification rule per detection rule
+                # - for "secrets" and "iac" there is only one classification rule per-detection rule
                 # - for "sca" and "sast" we get severity from detection service
                 detection.severity = detection_rule.classification_data[0].severity
 
@@ -148,6 +143,7 @@ def _enrich_scan_result_with_data_from_detection_rules(
             detection.detection_details['custom_remediation_guidelines'] = detection_rule.custom_remediation_guidelines
             detection.detection_details['remediation_guidelines'] = detection_rule.remediation_guidelines
             detection.detection_details['description'] = detection_rule.description
+            detection.detection_details['policy_display_name'] = detection_rule.display_name
 
 
 def _get_scan_documents_thread_func(
@@ -187,7 +183,7 @@ def _get_scan_documents_thread_func(
                 should_use_sync_flow,
             )
 
-            _enrich_scan_result_with_data_from_detection_rules(cycode_client, scan_type, scan_result)
+            _enrich_scan_result_with_data_from_detection_rules(cycode_client, scan_result)
 
             local_scan_result = create_local_scan_result(
                 scan_result, batch, command_scan_type, scan_type, severity_threshold

{cycode-1.9.5.dev2 → cycode-1.9.5.dev4}/cycode/cyclient/models.py

@@ -38,8 +38,7 @@ class DetectionSchema(Schema):
 
     message = fields.String()
     type = fields.String()
-    severity = fields.String(missing='High')
-    # TODO(MarshalX): Remove "missing" arg when IaC and Secrets scans will have classifications
+    severity = fields.String(missing=None)
     detection_type_id = fields.String()
     detection_details = fields.Dict()
     detection_rule_id = fields.String()
@@ -442,6 +441,8 @@ class DetectionRule:
     custom_remediation_guidelines: Optional[str] = None
     remediation_guidelines: Optional[str] = None
     description: Optional[str] = None
+    policy_name: Optional[str] = None
+    display_name: Optional[str] = None
 
 
 class DetectionRuleSchema(Schema):
@@ -453,6 +454,8 @@ class DetectionRuleSchema(Schema):
     custom_remediation_guidelines = fields.String(allow_none=True)
     remediation_guidelines = fields.String(allow_none=True)
     description = fields.String(allow_none=True)
+    policy_name = fields.String(allow_none=True)
+    display_name = fields.String(allow_none=True)
 
     @post_load
     def build_dto(self, data: Dict[str, Any], **_) -> DetectionRule:

{cycode-1.9.5.dev2 → cycode-1.9.5.dev4}/cycode/cyclient/scan_client.py

@@ -164,7 +164,7 @@ class ScanClient:
         return (
             f'{self.scan_config.get_detections_prefix()}/'
             f'{self.POLICIES_SERVICE_CONTROLLER_PATH_V3}/'
-            f'detection_rules'
+            f'detection_rules/byIds'
         )
 
     @staticmethod
@@ -181,36 +181,18 @@ class ScanClient:
 
         return scan_type_to_policy_type[scan_type]
 
-    @staticmethod
-    def _filter_detection_rules_by_ids(
-        detection_rules: List[models.DetectionRule], detection_rules_ids: Union[Set[str], List[str]]
-    ) -> List[models.DetectionRule]:
-        ids = set(detection_rules_ids)  # cast to set to perform faster search
-        return [rule for rule in detection_rules if rule.detection_rule_id in ids]
-
     @staticmethod
     def parse_detection_rules_response(response: Response) -> List[models.DetectionRule]:
         return models.DetectionRuleSchema().load(response.json(), many=True)
 
-    def get_detection_rules(
-        self, scan_type: str, detection_rules_ids: Union[Set[str], List[str]]
-    ) -> List[models.DetectionRule]:
-        # TODO(MarshalX): use filter by list of IDs instead of policy_type when BE will be ready
-        params = {
-            'include_hidden': False,
-            'include_only_enabled_detection_rules': True,
-            'page_number': 0,
-            'page_size': 5000,
-            'policy_types_v2': self._get_policy_type_by_scan_type(scan_type),
-        }
+    def get_detection_rules(self, detection_rules_ids: Union[Set[str], List[str]]) -> List[models.DetectionRule]:
         response = self.scan_cycode_client.get(
             url_path=self.get_detection_rules_path(),
-            params=params,
+            params={'ids': detection_rules_ids},
             hide_response_content_log=self._hide_response_log,
         )
 
-        # we are filtering rules by ids in-place for smooth migration when backend will be ready
-        return self._filter_detection_rules_by_ids(self.parse_detection_rules_response(response), detection_rules_ids)
+        return self.parse_detection_rules_response(response)
 
     def get_scan_detections_path(self, scan_type: str) -> str:
         return f'{self.scan_config.get_detections_prefix()}/{self.get_detections_service_controller_path(scan_type)}'

{cycode-1.9.5.dev2 → cycode-1.9.5.dev4}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "1.9.5.dev2" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "1.9.5.dev4" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-1.9.5.dev2/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '1.9.5.dev2'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag