cycode 2.2.1.dev1__tar.gz → 2.2.1.dev3__tar.gz

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 2.2.1.dev1
+Version: 2.2.1.dev3
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT
@@ -458,11 +458,11 @@ To limit the results of the `sca` scan to a specific severity threshold, add the
 
 Consider the following example. The following command will scan the repository for SCA policy violations that have a severity of Medium or higher:
 
-`cycode scan -t sca --security-threshold MEDIUM repository ~/home/git/codebase`
+`cycode scan -t sca --severity-threshold MEDIUM repository ~/home/git/codebase`
 
 or:
 
-`cycode scan --scan-type sca --security-threshold MEDIUM repository ~/home/git/codebase`
+`cycode scan --scan-type sca --severity-threshold MEDIUM repository ~/home/git/codebase`
 
 ### Path Scan
 

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/README.md

@@ -417,11 +417,11 @@ To limit the results of the `sca` scan to a specific severity threshold, add the
 
 Consider the following example. The following command will scan the repository for SCA policy violations that have a severity of Medium or higher:
 
-`cycode scan -t sca --security-threshold MEDIUM repository ~/home/git/codebase`
+`cycode scan -t sca --severity-threshold MEDIUM repository ~/home/git/codebase`
 
 or:
 
-`cycode scan --scan-type sca --security-threshold MEDIUM repository ~/home/git/codebase`
+`cycode scan --scan-type sca --severity-threshold MEDIUM repository ~/home/git/codebase`
 
 ### Path Scan
 

cycode-2.2.1.dev3/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '2.2.1.dev3'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cli/commands/scan/code_scanner.py

@@ -301,6 +301,7 @@ def scan_documents(
     if not scan_parameters:
         scan_parameters = get_default_scan_parameters(context)
 
+    scan_type = context.obj['scan_type']
     progress_bar = context.obj['progress_bar']
 
     if not documents_to_scan:
@@ -318,13 +319,13 @@ def scan_documents(
         context, is_git_diff, is_commit_range, scan_parameters
     )
     errors, local_scan_results = run_parallel_batched_scan(
-        scan_batch_thread_func, documents_to_scan, progress_bar=progress_bar
+        scan_batch_thread_func, scan_type, documents_to_scan, progress_bar=progress_bar
     )
 
     if len(local_scan_results) > 1:
         # if we used more than one batch, we need to fetch aggregate report url
         aggregation_report_url = _try_get_aggregation_report_url_if_needed(
-            scan_parameters, context.obj['client'], context.obj['scan_type']
+            scan_parameters, context.obj['client'], scan_type
         )
         set_aggregation_report_url(context, aggregation_report_url)
 

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cli/commands/scan/scan_command.py

@@ -3,6 +3,7 @@ from typing import List
 
 import click
 
+from cycode.cli import consts
 from cycode.cli.commands.scan.commit_history.commit_history_command import commit_history_command
 from cycode.cli.commands.scan.path.path_command import path_command
 from cycode.cli.commands.scan.pre_commit.pre_commit_command import pre_commit_command
@@ -34,7 +35,7 @@ from cycode.cli.utils.get_api_client import get_scan_cycode_client
 @click.option(
     '--scan-type',
     '-t',
-    default='secret',
+    default=consts.SECRET_SCAN_TYPE,
     help='Specify the type of scan you wish to execute (the default is Secrets).',
     type=click.Choice(config['scans']['supported_scans']),
 )

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cli/consts.py

@@ -136,14 +136,16 @@ EXCLUSIONS_BY_CVE_SECTION_NAME = 'cves'
 # 5MB in bytes (in decimal)
 FILE_MAX_SIZE_LIMIT_IN_BYTES = 5000000
 
-# 20MB in bytes (in binary)
-ZIP_MAX_SIZE_LIMIT_IN_BYTES = 20971520
-# 200MB in bytes (in binary)
-SCA_ZIP_MAX_SIZE_LIMIT_IN_BYTES = 209715200
+DEFAULT_ZIP_MAX_SIZE_LIMIT_IN_BYTES = 20 * 1024 * 1024
+ZIP_MAX_SIZE_LIMIT_IN_BYTES = {
+    SCA_SCAN_TYPE: 200 * 1024 * 1024,
+    SAST_SCAN_TYPE: 50 * 1024 * 1024,
+}
 
 # scan in batches
-SCAN_BATCH_MAX_SIZE_IN_BYTES = 9 * 1024 * 1024
-SCAN_BATCH_MAX_FILES_COUNT = 1000
+DEFAULT_SCAN_BATCH_MAX_SIZE_IN_BYTES = 9 * 1024 * 1024
+SCAN_BATCH_MAX_SIZE_IN_BYTES = {SAST_SCAN_TYPE: 50 * 1024 * 1024}
+DEFAULT_SCAN_BATCH_MAX_FILES_COUNT = 1000
 # if we increase this values, the server doesn't allow connecting (ConnectionError)
 SCAN_BATCH_MAX_PARALLEL_SCANS = 5
 SCAN_BATCH_SCANS_PER_CPU = 1

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cli/files_collector/zip_documents.py

@@ -10,12 +10,9 @@ from cycode.cyclient import logger
 
 
 def _validate_zip_file_size(scan_type: str, zip_file_size: int) -> None:
-    if scan_type == consts.SCA_SCAN_TYPE:
-        if zip_file_size > consts.SCA_ZIP_MAX_SIZE_LIMIT_IN_BYTES:
-            raise custom_exceptions.ZipTooLargeError(consts.SCA_ZIP_MAX_SIZE_LIMIT_IN_BYTES)
-    else:
-        if zip_file_size > consts.ZIP_MAX_SIZE_LIMIT_IN_BYTES:
-            raise custom_exceptions.ZipTooLargeError(consts.ZIP_MAX_SIZE_LIMIT_IN_BYTES)
+    max_size_limit = consts.ZIP_MAX_SIZE_LIMIT_IN_BYTES.get(scan_type, consts.DEFAULT_ZIP_MAX_SIZE_LIMIT_IN_BYTES)
+    if zip_file_size > max_size_limit:
+        raise custom_exceptions.ZipTooLargeError(max_size_limit)
 
 
 def zip_documents(scan_type: str, documents: List[Document], zip_file: Optional[InMemoryZip] = None) -> InMemoryZip:

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cli/utils/scan_batch.py

@@ -2,12 +2,7 @@ import os
 from multiprocessing.pool import ThreadPool
 from typing import TYPE_CHECKING, Callable, Dict, List, Tuple
 
-from cycode.cli.consts import (
-    SCAN_BATCH_MAX_FILES_COUNT,
-    SCAN_BATCH_MAX_PARALLEL_SCANS,
-    SCAN_BATCH_MAX_SIZE_IN_BYTES,
-    SCAN_BATCH_SCANS_PER_CPU,
-)
+from cycode.cli import consts
 from cycode.cli.models import Document
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
 
@@ -18,8 +13,8 @@ if TYPE_CHECKING:
 
 def split_documents_into_batches(
     documents: List[Document],
-    max_size_mb: int = SCAN_BATCH_MAX_SIZE_IN_BYTES,
-    max_files_count: int = SCAN_BATCH_MAX_FILES_COUNT,
+    max_size: int = consts.DEFAULT_SCAN_BATCH_MAX_SIZE_IN_BYTES,
+    max_files_count: int = consts.DEFAULT_SCAN_BATCH_MAX_FILES_COUNT,
 ) -> List[List[Document]]:
     batches = []
 
@@ -28,7 +23,7 @@ def split_documents_into_batches(
     for document in documents:
         document_size = len(document.content.encode('UTF-8'))
 
-        if (current_size + document_size > max_size_mb) or (len(current_batch) >= max_files_count):
+        if (current_size + document_size > max_size) or (len(current_batch) >= max_files_count):
             batches.append(current_batch)
 
             current_batch = [document]
@@ -45,17 +40,18 @@ def split_documents_into_batches(
 
 def _get_threads_count() -> int:
     cpu_count = os.cpu_count() or 1
-    return min(cpu_count * SCAN_BATCH_SCANS_PER_CPU, SCAN_BATCH_MAX_PARALLEL_SCANS)
+    return min(cpu_count * consts.SCAN_BATCH_SCANS_PER_CPU, consts.SCAN_BATCH_MAX_PARALLEL_SCANS)
 
 
 def run_parallel_batched_scan(
     scan_function: Callable[[List[Document]], Tuple[str, 'CliError', 'LocalScanResult']],
+    scan_type: str,
     documents: List[Document],
     progress_bar: 'BaseProgressBar',
-    max_size_mb: int = SCAN_BATCH_MAX_SIZE_IN_BYTES,
-    max_files_count: int = SCAN_BATCH_MAX_FILES_COUNT,
 ) -> Tuple[Dict[str, 'CliError'], List['LocalScanResult']]:
-    batches = split_documents_into_batches(documents, max_size_mb, max_files_count)
+    max_size = consts.SCAN_BATCH_MAX_SIZE_IN_BYTES.get(scan_type, consts.DEFAULT_SCAN_BATCH_MAX_SIZE_IN_BYTES)
+    batches = split_documents_into_batches(documents, max_size)
+
     progress_bar.set_section_length(ScanProgressBarSection.SCAN, len(batches))  # * 3
     # TODO(MarshalX): we should multiply the count of batches in SCAN section because each batch has 3 steps:
     # 1. scan creation

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cyclient/scan_client.py

@@ -328,11 +328,11 @@ class ScanClient:
     @staticmethod
     def get_service_name(scan_type: str) -> Optional[str]:
         # TODO(MarshalX): get_service_name should be removed from ScanClient? Because it exists in ScanConfig
-        if scan_type == 'secret':
+        if scan_type == consts.SECRET_SCAN_TYPE:
             return 'secret'
-        if scan_type == 'iac':
+        if scan_type == consts.INFRA_CONFIGURATION_SCAN_TYPE:
             return 'iac'
-        if scan_type == 'sca' or scan_type == 'sast':
+        if scan_type == consts.SCA_SCAN_TYPE or scan_type == consts.SAST_SCAN_TYPE:
             return 'scans'
 
         return None

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/cycode/cyclient/scan_config_base.py

@@ -9,9 +9,9 @@ class ScanConfigBase(ABC):
 
     @staticmethod
     def get_async_scan_type(scan_type: str) -> str:
-        if scan_type == 'secret':
+        if scan_type == consts.SECRET_SCAN_TYPE:
             return 'Secrets'
-        if scan_type == 'iac':
+        if scan_type == consts.INFRA_CONFIGURATION_SCAN_TYPE:
             return 'InfraConfiguration'
 
         return scan_type.upper()
@@ -31,9 +31,9 @@ class DevScanConfig(ScanConfigBase):
     def get_service_name(self, scan_type: str, should_use_scan_service: bool = False) -> str:
         if should_use_scan_service:
             return '5004'
-        if scan_type == 'secret':
+        if scan_type == consts.SECRET_SCAN_TYPE:
             return '5025'
-        if scan_type == 'iac':
+        if scan_type == consts.INFRA_CONFIGURATION_SCAN_TYPE:
             return '5026'
 
         # sca and sast
@@ -47,9 +47,9 @@ class DefaultScanConfig(ScanConfigBase):
     def get_service_name(self, scan_type: str, should_use_scan_service: bool = False) -> str:
         if should_use_scan_service:
             return 'scans'
-        if scan_type == 'secret':
+        if scan_type == consts.SECRET_SCAN_TYPE:
             return 'secret'
-        if scan_type == 'iac':
+        if scan_type == consts.INFRA_CONFIGURATION_SCAN_TYPE:
             return 'iac'
 
         # sca and sast

{cycode-2.2.1.dev1 → cycode-2.2.1.dev3}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "2.2.1.dev1" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "2.2.1.dev3" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-2.2.1.dev1/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '2.2.1.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag