cycode 2.0.1.dev1__tar.gz → 2.0.1.dev3__tar.gz

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 2.0.1.dev1
+Version: 2.0.1.dev3
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT
@@ -327,7 +327,7 @@ The Cycode CLI application offers several types of scans so that you can choose
 | `--client-id TEXT`                                         | Specify a Cycode client ID for this specific scan execution                                                                                                                                                                                             |
 | `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                                                                                                                                        |
 | `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.                                                                                                                                  |
-| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher (supported for the SCA scan type only).                                                                                                                                                           |
+| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                                                                                                                                                  |
 | `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both                                                                                                                                          |
 | `--monitor`                                                | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
 | `--report`                                                 | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution                                                                                                                   |

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/README.md

@@ -287,7 +287,7 @@ The Cycode CLI application offers several types of scans so that you can choose
 | `--client-id TEXT`                                         | Specify a Cycode client ID for this specific scan execution                                                                                                                                                                                             |
 | `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                                                                                                                                        |
 | `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.                                                                                                                                  |
-| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher (supported for the SCA scan type only).                                                                                                                                                           |
+| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                                                                                                                                                  |
 | `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both                                                                                                                                          |
 | `--monitor`                                                | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
 | `--report`                                                 | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution                                                                                                                   |

cycode-2.0.1.dev3/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '2.0.1.dev3'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/cycode/cli/commands/scan/code_scanner.py

@@ -713,20 +713,26 @@ def exclude_irrelevant_detections(
 ) -> List[Detection]:
     relevant_detections = _exclude_detections_by_exclusions_configuration(detections, scan_type)
     relevant_detections = _exclude_detections_by_scan_type(relevant_detections, scan_type, command_scan_type)
-    return _exclude_detections_by_severity(relevant_detections, scan_type, severity_threshold)
+    return _exclude_detections_by_severity(relevant_detections, severity_threshold)
 
 
-def _exclude_detections_by_severity(
-    detections: List[Detection], scan_type: str, severity_threshold: str
-) -> List[Detection]:
-    if scan_type != consts.SCA_SCAN_TYPE or severity_threshold is None:
+def _exclude_detections_by_severity(detections: List[Detection], severity_threshold: str) -> List[Detection]:
+    if severity_threshold is None:
         return detections
 
     relevant_detections = []
     for detection in detections:
         severity = detection.detection_details.get('advisory_severity')
+        if not severity:
+            severity = detection.severity
+
         if _does_severity_match_severity_threshold(severity, severity_threshold):
             relevant_detections.append(detection)
+        else:
+            logger.debug(
+                'Going to ignore violations because they are below the severity threshold, %s',
+                {'severity': severity, 'severity_threshold': severity_threshold},
+            )
 
     return relevant_detections
 
@@ -861,10 +867,11 @@ def _generate_unique_id() -> UUID:
 
 def _does_severity_match_severity_threshold(severity: str, severity_threshold: str) -> bool:
     detection_severity_value = Severity.try_get_value(severity)
-    if detection_severity_value is None:
+    severity_threshold_value = Severity.try_get_value(severity_threshold)
+    if detection_severity_value is None or severity_threshold_value is None:
         return True
 
-    return detection_severity_value >= Severity.try_get_value(severity_threshold)
+    return detection_severity_value >= severity_threshold_value
 
 
 def _get_scan_result(

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/cycode/cli/commands/scan/scan_command.py

@@ -66,7 +66,7 @@ from cycode.cli.utils.get_api_client import get_scan_cycode_client
 @click.option(
     '--severity-threshold',
     default=None,
-    help='Show violations only for the specified level or higher (supported for SCA scan types only).',
+    help='Show violations only for the specified level or higher.',
     type=click.Choice([e.name for e in Severity]),
     required=False,
 )

cycode-2.0.1.dev3/cycode/cli/files_collector/sca/ruby/restore_ruby_dependencies.py

@@ -0,0 +1,25 @@
+import os
+from typing import List, Optional
+
+from cycode.cli.files_collector.sca.base_restore_dependencies import BaseRestoreDependencies
+from cycode.cli.models import Document
+
+RUBY_PROJECT_FILE_EXTENSIONS = ['Gemfile']
+RUBY_LOCK_FILE_NAME = 'Gemfile.lock'
+
+
+class RestoreRubyDependencies(BaseRestoreDependencies):
+    def is_project(self, document: Document) -> bool:
+        return any(document.path.endswith(ext) for ext in RUBY_PROJECT_FILE_EXTENSIONS)
+
+    def get_commands(self, manifest_file_path: str) -> List[List[str]]:
+        return [['bundle', '--quiet']]
+
+    def get_lock_file_name(self) -> str:
+        return RUBY_LOCK_FILE_NAME
+
+    def verify_restore_file_already_exist(self, restore_file_path: str) -> bool:
+        return os.path.isfile(restore_file_path)
+
+    def get_working_directory(self, document: Document) -> Optional[str]:
+        return os.path.dirname(document.absolute_path)

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/cycode/cli/files_collector/sca/sca_code_scanner.py

@@ -10,6 +10,7 @@ from cycode.cli.files_collector.sca.maven.restore_gradle_dependencies import Res
 from cycode.cli.files_collector.sca.maven.restore_maven_dependencies import RestoreMavenDependencies
 from cycode.cli.files_collector.sca.npm.restore_npm_dependencies import RestoreNpmDependencies
 from cycode.cli.files_collector.sca.nuget.restore_nuget_dependencies import RestoreNugetDependencies
+from cycode.cli.files_collector.sca.ruby.restore_ruby_dependencies import RestoreRubyDependencies
 from cycode.cli.files_collector.sca.sbt.restore_sbt_dependencies import RestoreSbtDependencies
 from cycode.cli.models import Document
 from cycode.cli.utils.git_proxy import git_proxy
@@ -138,6 +139,7 @@ def restore_handlers(context: click.Context, is_git_diff: bool) -> List[BaseRest
         RestoreGoDependencies(context, is_git_diff, BUILD_DEP_TREE_TIMEOUT),
         RestoreNugetDependencies(context, is_git_diff, BUILD_DEP_TREE_TIMEOUT),
         RestoreNpmDependencies(context, is_git_diff, BUILD_DEP_TREE_TIMEOUT),
+        RestoreRubyDependencies(context, is_git_diff, BUILD_DEP_TREE_TIMEOUT),
     ]
 
 

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/cycode/cli/models.py

@@ -43,6 +43,7 @@ class Severity(Enum):
 
     @staticmethod
     def try_get_value(name: str) -> any:
+        name = name.upper()
         if name not in Severity.__members__:
             return None
 

{cycode-2.0.1.dev1 → cycode-2.0.1.dev3}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "2.0.1.dev1" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "2.0.1.dev3" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-2.0.1.dev1/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '2.0.1.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag