cycode 1.9.5__tar.gz → 1.9.5.dev1__tar.gz

{cycode-1.9.5 → cycode-1.9.5.dev1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 1.9.5
+Version: 1.9.5.dev1
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT

cycode-1.9.5.dev1/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '1.9.5.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-1.9.5 → cycode-1.9.5.dev1}/cycode/cli/commands/scan/code_scanner.py

@@ -116,14 +116,19 @@ def _should_use_sync_flow(scan_type: str, sync_option: bool, scan_parameters: Op
 
 
 def _enrich_scan_result_with_data_from_detection_rules(
-    cycode_client: 'ScanClient', scan_result: ZippedFileScanResult
+    cycode_client: 'ScanClient', scan_type: str, scan_result: ZippedFileScanResult
 ) -> None:
+    # TODO(MarshalX): remove scan_type arg after migration to new backend filter
+    if scan_type not in {consts.SECRET_SCAN_TYPE, consts.INFRA_CONFIGURATION_SCAN_TYPE}:
+        # not yet
+        return
+
     detection_rule_ids = set()
     for detections_per_file in scan_result.detections_per_file:
         for detection in detections_per_file.detections:
             detection_rule_ids.add(detection.detection_rule_id)
 
-    detection_rules = cycode_client.get_detection_rules(detection_rule_ids)
+    detection_rules = cycode_client.get_detection_rules(scan_type, detection_rule_ids)
     detection_rules_by_id = {detection_rule.detection_rule_id: detection_rule for detection_rule in detection_rules}
 
     for detections_per_file in scan_result.detections_per_file:
@@ -133,9 +138,9 @@ def _enrich_scan_result_with_data_from_detection_rules(
                 # we want to make sure that BE returned it. better to not map data instead of failed scan
                 continue
 
-            if not detection.severity and detection_rule.classification_data:
+            if detection_rule.classification_data:
                 # it's fine to take the first one, because:
-                # - for "secrets" and "iac" there is only one classification rule per-detection rule
+                # - for "secrets" and "iac" there is only one classification rule per detection rule
                 # - for "sca" and "sast" we get severity from detection service
                 detection.severity = detection_rule.classification_data[0].severity
 
@@ -143,7 +148,6 @@ def _enrich_scan_result_with_data_from_detection_rules(
             detection.detection_details['custom_remediation_guidelines'] = detection_rule.custom_remediation_guidelines
             detection.detection_details['remediation_guidelines'] = detection_rule.remediation_guidelines
             detection.detection_details['description'] = detection_rule.description
-            detection.detection_details['policy_display_name'] = detection_rule.display_name
 
 
 def _get_scan_documents_thread_func(
@@ -183,7 +187,7 @@ def _get_scan_documents_thread_func(
                 should_use_sync_flow,
             )
 
-            _enrich_scan_result_with_data_from_detection_rules(cycode_client, scan_result)
+            _enrich_scan_result_with_data_from_detection_rules(cycode_client, scan_type, scan_result)
 
             local_scan_result = create_local_scan_result(
                 scan_result, batch, command_scan_type, scan_type, severity_threshold

{cycode-1.9.5 → cycode-1.9.5.dev1}/cycode/cli/consts.py

@@ -127,8 +127,8 @@ EXCLUSIONS_BY_PATH_SECTION_NAME = 'paths'
 EXCLUSIONS_BY_RULE_SECTION_NAME = 'rules'
 EXCLUSIONS_BY_PACKAGE_SECTION_NAME = 'packages'
 
-# 5MB in bytes (in decimal)
-FILE_MAX_SIZE_LIMIT_IN_BYTES = 5000000
+# 1MB in bytes (in decimal)
+FILE_MAX_SIZE_LIMIT_IN_BYTES = 1000000
 
 # 20MB in bytes (in binary)
 ZIP_MAX_SIZE_LIMIT_IN_BYTES = 20971520

{cycode-1.9.5 → cycode-1.9.5.dev1}/cycode/cyclient/models.py

@@ -38,7 +38,8 @@ class DetectionSchema(Schema):
 
     message = fields.String()
     type = fields.String()
-    severity = fields.String(missing=None)
+    severity = fields.String(missing='High')
+    # TODO(MarshalX): Remove "missing" arg when IaC and Secrets scans will have classifications
     detection_type_id = fields.String()
     detection_details = fields.Dict()
     detection_rule_id = fields.String()
@@ -441,8 +442,6 @@ class DetectionRule:
     custom_remediation_guidelines: Optional[str] = None
     remediation_guidelines: Optional[str] = None
     description: Optional[str] = None
-    policy_name: Optional[str] = None
-    display_name: Optional[str] = None
 
 
 class DetectionRuleSchema(Schema):
@@ -454,8 +453,6 @@ class DetectionRuleSchema(Schema):
     custom_remediation_guidelines = fields.String(allow_none=True)
     remediation_guidelines = fields.String(allow_none=True)
     description = fields.String(allow_none=True)
-    policy_name = fields.String(allow_none=True)
-    display_name = fields.String(allow_none=True)
 
     @post_load
     def build_dto(self, data: Dict[str, Any], **_) -> DetectionRule:

{cycode-1.9.5 → cycode-1.9.5.dev1}/cycode/cyclient/scan_client.py

@@ -164,7 +164,7 @@ class ScanClient:
         return (
             f'{self.scan_config.get_detections_prefix()}/'
             f'{self.POLICIES_SERVICE_CONTROLLER_PATH_V3}/'
-            f'detection_rules/byIds'
+            f'detection_rules'
         )
 
     @staticmethod
@@ -181,18 +181,36 @@ class ScanClient:
 
         return scan_type_to_policy_type[scan_type]
 
+    @staticmethod
+    def _filter_detection_rules_by_ids(
+        detection_rules: List[models.DetectionRule], detection_rules_ids: Union[Set[str], List[str]]
+    ) -> List[models.DetectionRule]:
+        ids = set(detection_rules_ids)  # cast to set to perform faster search
+        return [rule for rule in detection_rules if rule.detection_rule_id in ids]
+
     @staticmethod
     def parse_detection_rules_response(response: Response) -> List[models.DetectionRule]:
         return models.DetectionRuleSchema().load(response.json(), many=True)
 
-    def get_detection_rules(self, detection_rules_ids: Union[Set[str], List[str]]) -> List[models.DetectionRule]:
+    def get_detection_rules(
+        self, scan_type: str, detection_rules_ids: Union[Set[str], List[str]]
+    ) -> List[models.DetectionRule]:
+        # TODO(MarshalX): use filter by list of IDs instead of policy_type when BE will be ready
+        params = {
+            'include_hidden': False,
+            'include_only_enabled_detection_rules': True,
+            'page_number': 0,
+            'page_size': 5000,
+            'policy_types_v2': self._get_policy_type_by_scan_type(scan_type),
+        }
         response = self.scan_cycode_client.get(
             url_path=self.get_detection_rules_path(),
-            params={'ids': detection_rules_ids},
+            params=params,
             hide_response_content_log=self._hide_response_log,
         )
 
-        return self.parse_detection_rules_response(response)
+        # we are filtering rules by ids in-place for smooth migration when backend will be ready
+        return self._filter_detection_rules_by_ids(self.parse_detection_rules_response(response), detection_rules_ids)
 
     def get_scan_detections_path(self, scan_type: str) -> str:
         return f'{self.scan_config.get_detections_prefix()}/{self.get_detections_service_controller_path(scan_type)}'

{cycode-1.9.5 → cycode-1.9.5.dev1}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "1.9.5" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "1.9.5.dev1" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-1.9.5/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '1.9.5'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag