cycode 3.12.1.dev1__tar.gz → 3.12.2__tar.gz

{cycode-3.12.1.dev1 → cycode-3.12.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cycode
-Version: 3.12.1.dev1
+Version: 3.12.2
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 License-Expression: MIT
 License-File: LICENCE
@@ -71,6 +71,7 @@ This guide walks you through both installation and usage.
            4. [Package Vulnerabilities](#package-vulnerabilities-option)
            5. [License Compliance](#license-compliance-option)
            6. [Lock Restore](#lock-restore-option)
+           7. [Stop on Error](#stop-on-error-option)
         2. [Repository Scan](#repository-scan)
             1. [Branch Option](#branch-option)
         3. [Path Scan](#path-scan)
@@ -661,6 +662,7 @@ The Cycode CLI application offers several types of scans so that you can choose
 | `--monitor`                                                | When specified, the scan results will be recorded in Cycode.                                                                     |
 | `--cycode-report`                                          | Display a link to the scan report in the Cycode platform in the console output.                                                  |
 | `--no-restore`                                             | When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!                                |
+| `--stop-on-error`                                          | Abort the scan if any file collection or dependency restore failure occurs, instead of skipping the failed file and continuing.   |
 | `--gradle-all-sub-projects`                                | Run gradle restore command for all sub projects. This should be run from                                                         |
 | `--maven-settings-file`                                    | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when scanning for dependencies |
 | `--help`                                                   | Show options for given command.                                                                                                  |
@@ -767,6 +769,18 @@ If a lockfile already exists alongside the manifest, Cycode reads it directly wi
 addSbtPlugin("software.purpledragon" % "sbt-dependency-lock" % "1.5.1")
 ```
 
+#### Stop on Error Option
+
+By default, Cycode continues scanning even if a file cannot be read (e.g. due to a permission error) or a dependency lockfile cannot be generated during an SCA scan. The failed item is skipped with a warning and the scan proceeds with the remaining files.
+
+Use `--stop-on-error` to change this behaviour: the scan aborts immediately on the first such failure and reports the error.
+
+```bash
+cycode scan -t sca --stop-on-error path ~/home/git/codebase
+```
+
+This is useful in CI pipelines where a silent failure would produce an incomplete scan result. When `--stop-on-error` is triggered you can either fix the underlying issue or, for SCA restore failures specifically, add `--no-restore` to skip lockfile generation and scan direct dependencies only.
+
 ### Repository Scan
 
 A repository scan examines an entire local repository for any exposed secrets or insecure misconfigurations. This more holistic scan type looks at everything: the current state of your repository and its commit history. It will look not only for secrets that are currently exposed within the repository but previously deleted secrets as well.

{cycode-3.12.1.dev1 → cycode-3.12.2}/README.md

@@ -30,6 +30,7 @@ This guide walks you through both installation and usage.
            4. [Package Vulnerabilities](#package-vulnerabilities-option)
            5. [License Compliance](#license-compliance-option)
            6. [Lock Restore](#lock-restore-option)
+           7. [Stop on Error](#stop-on-error-option)
         2. [Repository Scan](#repository-scan)
             1. [Branch Option](#branch-option)
         3. [Path Scan](#path-scan)
@@ -620,6 +621,7 @@ The Cycode CLI application offers several types of scans so that you can choose
 | `--monitor`                                                | When specified, the scan results will be recorded in Cycode.                                                                     |
 | `--cycode-report`                                          | Display a link to the scan report in the Cycode platform in the console output.                                                  |
 | `--no-restore`                                             | When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!                                |
+| `--stop-on-error`                                          | Abort the scan if any file collection or dependency restore failure occurs, instead of skipping the failed file and continuing.   |
 | `--gradle-all-sub-projects`                                | Run gradle restore command for all sub projects. This should be run from                                                         |
 | `--maven-settings-file`                                    | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when scanning for dependencies |
 | `--help`                                                   | Show options for given command.                                                                                                  |
@@ -726,6 +728,18 @@ If a lockfile already exists alongside the manifest, Cycode reads it directly wi
 addSbtPlugin("software.purpledragon" % "sbt-dependency-lock" % "1.5.1")
 ```
 
+#### Stop on Error Option
+
+By default, Cycode continues scanning even if a file cannot be read (e.g. due to a permission error) or a dependency lockfile cannot be generated during an SCA scan. The failed item is skipped with a warning and the scan proceeds with the remaining files.
+
+Use `--stop-on-error` to change this behaviour: the scan aborts immediately on the first such failure and reports the error.
+
+```bash
+cycode scan -t sca --stop-on-error path ~/home/git/codebase
+```
+
+This is useful in CI pipelines where a silent failure would produce an incomplete scan result. When `--stop-on-error` is triggered you can either fix the underlying issue or, for SCA restore failures specifically, add `--no-restore` to skip lockfile generation and scan direct dependencies only.
+
 ### Repository Scan
 
 A repository scan examines an entire local repository for any exposed secrets or insecure misconfigurations. This more holistic scan type looks at everything: the current state of your repository and its commit history. It will look not only for secrets that are currently exposed within the repository but previously deleted secrets as well.

cycode-3.12.2/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.12.2'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/apps/report/sbom/path/path_command.py

@@ -10,6 +10,7 @@ from cycode.cli.apps.sca_options import (
     GradleAllSubProjectsOption,
     MavenSettingsFileOption,
     NoRestoreOption,
+    StopOnErrorOption,
     apply_sca_restore_options_to_context,
 )
 from cycode.cli.exceptions.handle_report_sbom_errors import handle_report_exception
@@ -30,8 +31,9 @@ def path_command(
     no_restore: NoRestoreOption = False,
     gradle_all_sub_projects: GradleAllSubProjectsOption = False,
     maven_settings_file: MavenSettingsFileOption = None,
+    stop_on_error: StopOnErrorOption = False,
 ) -> None:
-    apply_sca_restore_options_to_context(ctx, no_restore, gradle_all_sub_projects, maven_settings_file)
+    apply_sca_restore_options_to_context(ctx, no_restore, gradle_all_sub_projects, maven_settings_file, stop_on_error)
 
     client = get_report_cycode_client(ctx)
     report_parameters = ctx.obj['report_parameters']
@@ -51,6 +53,7 @@ def path_command(
             consts.SCA_SCAN_TYPE,
             (str(path),),
             is_cycodeignore_allowed=is_cycodeignore_allowed_by_scan_config(ctx),
+            stop_on_error=stop_on_error,
         )
         # TODO(MarshalX): combine perform_pre_scan_documents_actions with get_relevant_document.
         #  unhardcode usage of context in perform_pre_scan_documents_actions

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/apps/sca_options.py

@@ -35,13 +35,24 @@ MavenSettingsFileOption = Annotated[
     ),
 ]
 
+StopOnErrorOption = Annotated[
+    bool,
+    typer.Option(
+        '--stop-on-error',
+        help='When specified, stops the process if any file collection or restore failure occurs.',
+        rich_help_panel=_SCA_RICH_HELP_PANEL,
+    ),
+]
+
 
 def apply_sca_restore_options_to_context(
     ctx: typer.Context,
     no_restore: bool,
     gradle_all_sub_projects: bool,
     maven_settings_file: Optional[Path],
+    stop_on_error: bool = False,
 ) -> None:
     ctx.obj['no_restore'] = no_restore
     ctx.obj['gradle_all_sub_projects'] = gradle_all_sub_projects
     ctx.obj['maven_settings_file'] = maven_settings_file
+    ctx.obj['stop_on_error'] = stop_on_error

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/apps/scan/code_scanner.py

@@ -47,6 +47,36 @@ start_scan_time = time.time()
 logger = get_logger('Code Scanner')
 
 
+class _UploadProgressAggregator:
+    """Aggregates upload progress across parallel batch uploads for display in the progress bar."""
+
+    def __init__(self, progress_bar: 'BaseProgressBar') -> None:
+        self._progress_bar = progress_bar
+        self._slots: list[list[int]] = []
+
+    def create_callback(self) -> Callable[[int, int], None]:
+        """Create a progress callback for one batch upload. Each batch gets its own slot."""
+        slot = [0, 0]
+        self._slots.append(slot)
+
+        def on_upload_progress(bytes_read: int, total_bytes: int) -> None:
+            slot[0] = bytes_read
+            slot[1] = total_bytes
+
+            # Sum across all batch slots to show combined progress
+            total_read = sum(s[0] for s in self._slots)
+            total_size = sum(s[1] for s in self._slots)
+
+            if total_read >= total_size:
+                self._progress_bar.update_right_side_label(None)
+            else:
+                mb_read = total_read / (1024 * 1024)
+                mb_total = total_size / (1024 * 1024)
+                self._progress_bar.update_right_side_label(f'Uploading {mb_read:.1f} / {mb_total:.1f} MB')
+
+        return on_upload_progress
+
+
 def scan_disk_files(ctx: typer.Context, paths: tuple[str, ...]) -> None:
     scan_type = ctx.obj['scan_type']
     progress_bar = ctx.obj['progress_bar']
@@ -58,6 +88,7 @@ def scan_disk_files(ctx: typer.Context, paths: tuple[str, ...]) -> None:
             scan_type,
             paths,
             is_cycodeignore_allowed=is_cycodeignore_allowed_by_scan_config(ctx),
+            stop_on_error=ctx.obj.get('stop_on_error', False),
         )
 
         # Add entrypoint.cycode file at root path to mark the scan root (only for single path that is a directory)
@@ -120,6 +151,9 @@ def _get_scan_documents_thread_func(
     severity_threshold = ctx.obj['severity_threshold']
     sync_option = ctx.obj['sync']
     command_scan_type = ctx.info_name
+    progress_bar = ctx.obj['progress_bar']
+
+    aggregator = _UploadProgressAggregator(progress_bar)
 
     def _scan_batch_thread_func(batch: list[Document]) -> tuple[str, CliError, LocalScanResult]:
         local_scan_result = error = error_message = None
@@ -142,6 +176,7 @@ def _get_scan_documents_thread_func(
                 is_commit_range,
                 scan_parameters,
                 should_use_sync_flow,
+                on_upload_progress=aggregator.create_callback(),
             )
 
             enrich_scan_result_with_data_from_detection_rules(cycode_client, scan_result)
@@ -267,15 +302,18 @@ def _perform_scan_v4_async(
     scan_parameters: dict,
     is_git_diff: bool,
     is_commit_range: bool,
+    on_upload_progress: Optional[Callable] = None,
 ) -> ZippedFileScanResult:
     upload_link = cycode_client.get_upload_link(scan_type)
     logger.debug('Got upload link, %s', {'upload_id': upload_link.upload_id})
 
-    cycode_client.upload_to_presigned_post(upload_link.url, upload_link.presigned_post_fields, zipped_documents)
+    cycode_client.upload_to_presigned_post(
+        upload_link.url, upload_link.presigned_post_fields, zipped_documents, on_upload_progress
+    )
     logger.debug('Uploaded zip to presigned URL')
 
     scan_async_result = cycode_client.scan_repository_from_upload_id(
-        scan_type, upload_link.upload_id, scan_parameters, is_git_diff, is_commit_range
+        scan_type, upload_link.upload_id, zipped_documents, scan_parameters, is_git_diff, is_commit_range
     )
     logger.debug(
         'Presigned upload scan request triggered, %s',
@@ -291,9 +329,14 @@ def _perform_scan_async(
     scan_type: str,
     scan_parameters: dict,
     is_commit_range: bool,
+    on_upload_progress: Optional[Callable] = None,
 ) -> ZippedFileScanResult:
     scan_async_result = cycode_client.zipped_file_scan_async(
-        zipped_documents, scan_type, scan_parameters, is_commit_range=is_commit_range
+        zipped_documents,
+        scan_type,
+        scan_parameters,
+        is_commit_range=is_commit_range,
+        on_upload_progress=on_upload_progress,
     )
     logger.debug('Async scan request has been triggered successfully, %s', {'scan_id': scan_async_result.scan_id})
 
@@ -325,6 +368,7 @@ def _perform_scan(
     is_commit_range: bool,
     scan_parameters: dict,
     should_use_sync_flow: bool = False,
+    on_upload_progress: Optional[Callable] = None,
 ) -> ZippedFileScanResult:
     if should_use_sync_flow:
         # it does not support commit range scans; should_use_sync_flow handles it
@@ -333,12 +377,20 @@ def _perform_scan(
     if should_use_presigned_upload(scan_type):
         try:
             return _perform_scan_v4_async(
-                cycode_client, zipped_documents, scan_type, scan_parameters, is_git_diff, is_commit_range
+                cycode_client,
+                zipped_documents,
+                scan_type,
+                scan_parameters,
+                is_git_diff,
+                is_commit_range,
+                on_upload_progress,
             )
         except requests.exceptions.RequestException:
             logger.warning('Direct upload to object storage failed. Falling back to upload via Cycode API. ')
 
-    return _perform_scan_async(cycode_client, zipped_documents, scan_type, scan_parameters, is_commit_range)
+    return _perform_scan_async(
+        cycode_client, zipped_documents, scan_type, scan_parameters, is_commit_range, on_upload_progress
+    )
 
 
 def poll_scan_results(

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/apps/scan/commit_range_scanner.py

@@ -113,7 +113,7 @@ def _perform_commit_range_scan_v4_async(
     logger.debug('Uploaded to-commit zip')
 
     scan_async_result = cycode_client.commit_range_scan_from_upload_ids(
-        scan_type, from_upload_link.upload_id, to_upload_link.upload_id, scan_parameters
+        scan_type, from_upload_link.upload_id, to_upload_link.upload_id, from_commit_zipped_documents, scan_parameters
     )
     logger.debug('V4 commit range scan request triggered, %s', {'scan_id': scan_async_result.scan_id})
 

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/apps/scan/scan_command.py

@@ -41,6 +41,13 @@ def scan_command(
     soft_fail: Annotated[
         bool, typer.Option('--soft-fail', help='Run the scan without failing; always return a non-error status code.')
     ] = False,
+    stop_on_error: Annotated[
+        bool,
+        typer.Option(
+            '--stop-on-error',
+            help='When specified, stops the scan if any file collection or restore failure occurs.',
+        ),
+    ] = False,
     severity_threshold: Annotated[
         SeverityOption,
         typer.Option(
@@ -131,6 +138,7 @@ def scan_command(
 
     ctx.obj['show_secret'] = show_secret
     ctx.obj['soft_fail'] = soft_fail
+    ctx.obj['stop_on_error'] = stop_on_error
     ctx.obj['scan_type'] = scan_type
     ctx.obj['sync'] = sync
     ctx.obj['severity_threshold'] = severity_threshold

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/exceptions/custom_exceptions.py

@@ -55,6 +55,11 @@ class HttpUnauthorizedError(RequestHttpError):
         return f'HTTP unauthorized error occurred during the request. Message: {self.error_message}'
 
 
+class SlowUploadConnectionError(CycodeError):
+    def __str__(self) -> str:
+        return 'Upload was interrupted mid-transfer, indicating a slow or unstable network connection.'
+
+
 class ZipTooLargeError(CycodeError):
     def __init__(self, size_limit: int) -> None:
         self.size_limit = size_limit
@@ -64,6 +69,15 @@ class ZipTooLargeError(CycodeError):
         return f'The size of zip to scan is too large, size limit: {self.size_limit}'
 
 
+class FileCollectionError(CycodeError):
+    def __init__(self, error_message: str) -> None:
+        self.error_message = error_message
+        super().__init__(self.error_message)
+
+    def __str__(self) -> str:
+        return self.error_message
+
+
 class AuthProcessError(CycodeError):
     def __init__(self, error_message: str) -> None:
         self.error_message = error_message
@@ -93,6 +107,12 @@ KNOWN_USER_FRIENDLY_REQUEST_ERRORS: CliErrors = {
         code='timeout_error',
         message='The request timed out. Please try again by executing the `cycode scan` command',
     ),
+    SlowUploadConnectionError: CliError(
+        soft_fail=True,
+        code='slow_upload_error',
+        message='The scan upload was interrupted. This is likely due to a slow or unstable network connection. '
+        'Please try again by executing the `cycode scan` command',
+    ),
     HttpUnauthorizedError: CliError(
         soft_fail=True,
         code='auth_error',

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/exceptions/handle_scan_errors.py

@@ -26,6 +26,12 @@ def handle_scan_exception(ctx: typer.Context, err: Exception, *, return_exceptio
             'Please try ignoring irrelevant paths using the `cycode ignore --by-path` command '
             'and execute the scan again',
         ),
+        custom_exceptions.FileCollectionError: CliError(
+            soft_fail=False,
+            code='file_collection_error',
+            message='File collection failed. '
+            'Use --no-restore to skip dependency restoration, or fix the underlying issue.',
+        ),
         custom_exceptions.TfplanKeyError: CliError(
             soft_fail=True,
             code='key_error',

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/files_collector/path_documents.py

@@ -2,6 +2,7 @@ import os
 from collections.abc import Generator
 from typing import TYPE_CHECKING
 
+from cycode.cli.exceptions.custom_exceptions import FileCollectionError
 from cycode.cli.files_collector.file_excluder import excluder
 from cycode.cli.files_collector.iac.tf_content_generator import (
     generate_tf_content_from_tfplan,
@@ -109,6 +110,7 @@ def get_relevant_documents(
     *,
     is_git_diff: bool = False,
     is_cycodeignore_allowed: bool = True,
+    stop_on_error: bool = False,
 ) -> list[Document]:
     relevant_files = _get_relevant_files(
         progress_bar, progress_bar_section, scan_type, paths, is_cycodeignore_allowed=is_cycodeignore_allowed
@@ -119,6 +121,10 @@ def get_relevant_documents(
         progress_bar.update(progress_bar_section)
 
         content = get_file_content(file)
+        if content is None:
+            if stop_on_error:
+                raise FileCollectionError(f'Failed to read file: {file}')
+            continue
         if not content:
             continue
 

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cli/files_collector/sca/sca_file_collector.py

@@ -4,6 +4,7 @@ from typing import TYPE_CHECKING, Optional
 import typer
 
 from cycode.cli import consts
+from cycode.cli.exceptions.custom_exceptions import FileCollectionError
 from cycode.cli.files_collector.repository_documents import get_file_content_from_commit_path
 from cycode.cli.files_collector.sca.base_restore_dependencies import BaseRestoreDependencies
 from cycode.cli.files_collector.sca.go.restore_go_dependencies import RestoreGoDependencies
@@ -116,6 +117,10 @@ def _try_restore_dependencies(
             'Error occurred while trying to generate dependencies tree, %s',
             {'filename': document.path, 'handler': type(restore_dependencies).__name__},
         )
+        if ctx.obj.get('stop_on_error', False):
+            raise FileCollectionError(
+                f'Failed to generate dependencies tree for {document.path} using {type(restore_dependencies).__name__}'
+            )
         return None
 
     if restore_dependencies_document.content is None:

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cyclient/cycode_client_base.py

@@ -1,6 +1,7 @@
 import os
 import platform
 import ssl
+from io import BytesIO
 from typing import TYPE_CHECKING, Callable, ClassVar, Optional
 
 import requests
@@ -15,6 +16,7 @@ from cycode.cli.exceptions.custom_exceptions import (
     RequestHttpError,
     RequestSslError,
     RequestTimeoutError,
+    SlowUploadConnectionError,
 )
 from cycode.cyclient import config
 from cycode.cyclient.headers import get_cli_user_agent, get_correlation_id
@@ -90,6 +92,23 @@ def _should_retry_exception(exception: BaseException) -> bool:
     return is_request_error or is_server_error
 
 
+class UploadProgressTracker:
+    """File-like wrapper that tracks bytes read during upload and fires a progress callback."""
+
+    def __init__(self, data: bytes, callback: Optional[Callable[[int, int], None]]) -> None:
+        self._io = BytesIO(data)
+        self._callback = callback
+        self.bytes_read = 0
+        self.len = len(data)
+
+    def read(self, size: int = -1) -> bytes:
+        chunk = self._io.read(size)
+        self.bytes_read += len(chunk)
+        if self._callback and chunk:
+            self._callback(self.bytes_read, self.len)
+        return chunk
+
+
 class CycodeClientBase:
     MANDATORY_HEADERS: ClassVar[dict[str, str]] = {
         'User-Agent': get_cli_user_agent(),
@@ -117,6 +136,72 @@ class CycodeClientBase:
     def get(self, url_path: str, headers: Optional[dict] = None, **kwargs) -> Response:
         return self._execute(method='get', endpoint=url_path, headers=headers, **kwargs)
 
+    def post_multipart(
+        self,
+        url_path: str,
+        form_fields: dict,
+        files: dict,
+        on_upload_progress: Optional[Callable[[int, int], None]] = None,
+        hide_response_content_log: bool = False,
+    ) -> Response:
+        """POST a multipart form body with optional upload progress tracking and retry."""
+        url = self.build_full_url(self.api_url, url_path)
+        logger.debug('Executing request, %s', {'method': 'POST', 'url': url})
+
+        # Encode the multipart body once up front so we can reuse the same bytes across retries.
+        # A dummy URL is used because requests.Request requires one, but only the encoded body matters here.
+        prepared = requests.Request('POST', 'https://dummy', data=form_fields, files=files).prepare()
+
+        return self._send_multipart(
+            url=url,
+            body=prepared.body,
+            content_type=prepared.headers['Content-Type'],
+            on_upload_progress=on_upload_progress,
+            hide_response_content_log=hide_response_content_log,
+        )
+
+    @retry(
+        retry=retry_if_exception(_should_retry_exception),
+        stop=_RETRY_STOP_STRATEGY,
+        wait=_RETRY_WAIT_STRATEGY,
+        reraise=True,
+        before_sleep=_retry_before_sleep,
+    )
+    def _send_multipart(
+        self,
+        url: str,
+        body: bytes,
+        content_type: str,
+        on_upload_progress: Optional[Callable[[int, int], None]],
+        hide_response_content_log: bool,
+    ) -> Response:
+        # Wrap the body in a fresh tracker each attempt so bytes_read starts from zero.
+        tracker = UploadProgressTracker(body, on_upload_progress)
+        headers = self.get_request_headers({'Content-Type': content_type})
+        try:
+            response = _get_request_function()(
+                method='post', url=url, data=tracker, headers=headers, timeout=self.timeout
+            )
+
+            content = 'HIDDEN' if hide_response_content_log else response.text
+            logger.debug(
+                'Receiving response, %s',
+                {'status_code': response.status_code, 'url': url, 'content': content},
+            )
+
+            response.raise_for_status()
+            return response
+        except (exceptions.ChunkedEncodingError, exceptions.ConnectionError) as e:
+            # A connection drop before the full body was sent indicates a slow/unstable network.
+            if tracker.bytes_read < tracker.len:
+                raise SlowUploadConnectionError from e
+            # Full body was sent — map to our types so _should_retry_exception handles retry logic.
+            if isinstance(e, exceptions.ConnectionError):
+                raise RequestConnectionError from e
+            raise
+        except Exception as e:
+            self._handle_exception(e)
+
     @retry(
         retry=retry_if_exception(_should_retry_exception),
         stop=_RETRY_STOP_STRATEGY,

{cycode-3.12.1.dev1 → cycode-3.12.2}/cycode/cyclient/scan_client.py

@@ -1,6 +1,6 @@
 import json
 from copy import deepcopy
-from typing import TYPE_CHECKING, Optional, Union
+from typing import TYPE_CHECKING, Callable, Optional, Union
 from uuid import UUID
 
 import requests
@@ -8,10 +8,14 @@ from requests import Response
 
 from cycode.cli import consts
 from cycode.cli.config import configuration_manager
-from cycode.cli.exceptions.custom_exceptions import CycodeError, RequestHttpError
+from cycode.cli.exceptions.custom_exceptions import (
+    CycodeError,
+    RequestHttpError,
+    SlowUploadConnectionError,
+)
 from cycode.cli.files_collector.models.in_memory_zip import InMemoryZip
 from cycode.cyclient import models
-from cycode.cyclient.cycode_client_base import CycodeClientBase
+from cycode.cyclient.cycode_client_base import CycodeClientBase, UploadProgressTracker
 from cycode.cyclient.logger import logger
 
 if TYPE_CHECKING:
@@ -114,18 +118,18 @@ class ScanClient:
         scan_parameters: dict,
         is_git_diff: bool = False,
         is_commit_range: bool = False,
+        on_upload_progress: Optional[Callable[[int, int], None]] = None,
     ) -> models.ScanInitializationResponse:
-        files = {'file': ('multiple_files_scan.zip', zip_file.read())}
-
-        response = self.scan_cycode_client.post(
+        response = self.scan_cycode_client.post_multipart(
             url_path=self.get_zipped_file_scan_async_url_path(scan_type),
-            data={
+            form_fields={
                 'is_git_diff': is_git_diff,
                 'scan_parameters': json.dumps(scan_parameters),
                 'is_commit_range': is_commit_range,
                 'compression_manifest': self._create_compression_manifest_string(zip_file),
             },
-            files=files,
+            files={'file': ('multiple_files_scan.zip', zip_file.read(), 'application/octet-stream')},
+            on_upload_progress=on_upload_progress,
         )
         return models.ScanInitializationResponseSchema().load(response.json())
 
@@ -135,17 +139,38 @@ class ScanClient:
         response = self.scan_cycode_client.get(url_path=url_path, hide_response_content_log=self._hide_response_log)
         return models.UploadLinkResponseSchema().load(response.json())
 
-    def upload_to_presigned_post(self, url: str, fields: dict[str, str], zip_file: 'InMemoryZip') -> None:
-        multipart = {key: (None, value) for key, value in fields.items()}
-        multipart['file'] = (None, zip_file.read())
-        # We are not using Cycode client, as we are calling aws S3.
-        response = requests.post(url, files=multipart, timeout=self.scan_cycode_client.timeout)
-        response.raise_for_status()
+    def upload_to_presigned_post(
+        self,
+        url: str,
+        fields: dict[str, str],
+        zip_file: 'InMemoryZip',
+        on_upload_progress: Optional[Callable[[int, int], None]] = None,
+    ) -> None:
+        all_files = {key: (None, value) for key, value in fields.items()}
+        all_files['file'] = ('multiple_files_scan.zip', zip_file.read(), 'application/octet-stream')
+
+        prepared = requests.Request('POST', 'https://dummy', files=all_files).prepare()
+        tracker = UploadProgressTracker(prepared.body, on_upload_progress)
+
+        try:
+            # We are not using Cycode client, as we are calling aws S3.
+            response = requests.post(
+                url,
+                data=tracker,
+                headers={'Content-Type': prepared.headers['Content-Type']},
+                timeout=self.scan_cycode_client.timeout,
+            )
+            response.raise_for_status()
+        except (requests.exceptions.ChunkedEncodingError, requests.exceptions.ConnectionError) as e:
+            if tracker.bytes_read < tracker.len:
+                raise SlowUploadConnectionError from e
+            raise
 
     def scan_repository_from_upload_id(
         self,
         scan_type: str,
         upload_id: str,
+        zip_file: InMemoryZip,
         scan_parameters: dict,
         is_git_diff: bool = False,
         is_commit_range: bool = False,
@@ -159,6 +184,7 @@ class ScanClient:
                 'is_git_diff': is_git_diff,
                 'is_commit_range': is_commit_range,
                 'scan_parameters': json.dumps(scan_parameters),
+                'compression_manifest': self._create_compression_manifest_string(zip_file),
             },
         )
         return models.ScanInitializationResponseSchema().load(response.json())
@@ -206,6 +232,7 @@ class ScanClient:
         scan_type: str,
         from_commit_upload_id: str,
         to_commit_upload_id: str,
+        from_commit_zip_file: InMemoryZip,
         scan_parameters: dict,
         is_git_diff: bool = False,
     ) -> models.ScanInitializationResponse:
@@ -218,6 +245,7 @@ class ScanClient:
                 'to_commit_upload_id': to_commit_upload_id,
                 'is_git_diff': is_git_diff,
                 'scan_parameters': json.dumps(scan_parameters),
+                'compression_manifest': self._create_compression_manifest_string(from_commit_zip_file),
             },
         )
         return models.ScanInitializationResponseSchema().load(response.json())

{cycode-3.12.1.dev1 → cycode-3.12.2}/pyproject.toml

@@ -21,7 +21,7 @@ classifiers = [
     "Programming Language :: Python :: 3.14",
 ]
 dynamic = ["dependencies"]
-version = "3.12.1.dev1"
+version = "3.12.2"
 
 [project.scripts]
 cycode = "cycode.cli.app:app"

cycode-3.12.1.dev1/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '3.12.1.dev1'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag