cycode 3.12.3.dev2__py3-none-any.whl → 3.12.3.dev3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. cycode/__init__.py +1 -1
  2. cycode/cli/apps/ai_guardrails/scan/handlers.py +25 -9
  3. {cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/METADATA +1 -1
  4. {cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/RECORD +7 -7
  5. {cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/WHEEL +0 -0
  6. {cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/entry_points.txt +0 -0
  7. {cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/licenses/LICENCE +0 -0
cycode/__init__.py CHANGED
@@ -1 +1 @@
1
- __version__ = '3.12.3.dev2' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
1
+ __version__ = '3.12.3.dev3' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
cycode/cli/apps/ai_guardrails/scan/handlers.py CHANGED
@@ -116,7 +116,8 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
116
116
 
117
117
  try:
118
118
  # Check path-based denylist first
119
- if is_denied_path(file_path, policy):
119
+ is_sensitive_path = is_denied_path(file_path, policy)
120
+ if is_sensitive_path:
120
121
  block_reason = BlockReason.SENSITIVE_PATH
121
122
  if mode == PolicyMode.BLOCK and action == PolicyMode.BLOCK:
122
123
  outcome = AIHookOutcome.BLOCKED
@@ -125,13 +126,21 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
125
126
  user_message,
126
127
  'This file path is classified as sensitive; do not read/send it to the model.',
127
128
  )
128
- # Warn mode - ask user for permission
129
+ # Warn mode - if content scan is enabled, emit a separate event for the
130
+ # sensitive path so the finally block can independently track the scan result.
131
+ # If content scan is disabled, a single event (from finally) is enough.
129
132
  outcome = AIHookOutcome.WARNED
130
- user_message = f'Cycode flagged {file_path} as sensitive. Allow reading?'
131
- return response_builder.ask_permission(
132
- user_message,
133
- 'This file path is classified as sensitive; proceed with caution.',
134
- )
133
+ if get_policy_value(file_read_config, 'scan_content', default=True):
134
+ ai_client.create_event(
135
+ payload,
136
+ AiHookEventType.FILE_READ,
137
+ outcome,
138
+ block_reason=BlockReason.SENSITIVE_PATH,
139
+ file_path=payload.file_path,
140
+ )
141
+ # Reset for the content scan result tracked by the finally block
142
+ block_reason = None
143
+ outcome = AIHookOutcome.ALLOWED
135
144
 
136
145
  # Scan file content if enabled
137
146
  if get_policy_value(file_read_config, 'scan_content', default=True):
@@ -152,7 +161,14 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
152
161
  user_message,
153
162
  'Possible secrets detected; proceed with caution.',
154
163
  )
155
- return response_builder.allow_permission()
164
+
165
+ # If path was sensitive but content scan found no secrets (or scan disabled), still warn
166
+ if is_sensitive_path:
167
+ user_message = f'Cycode flagged {file_path} as sensitive. Allow reading?'
168
+ return response_builder.ask_permission(
169
+ user_message,
170
+ 'This file path is classified as sensitive; proceed with caution.',
171
+ )
156
172
 
157
173
  return response_builder.allow_permission()
158
174
  except Exception as e:
@@ -342,7 +358,7 @@ def _scan_path_for_secrets(ctx: typer.Context, file_path: str, policy: dict) ->
342
358
  Returns tuple of (violation_summary, scan_id) if secrets found, (None, scan_id) if clean.
343
359
  Raises exception on error or timeout.
344
360
  """
345
- if not file_path or not os.path.exists(file_path):
361
+ if not file_path or not os.path.isfile(file_path):
346
362
  return None, None
347
363
 
348
364
  max_bytes = get_policy_value(policy, 'secrets', 'max_bytes', default=200000)
{cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cycode
3
- Version: 3.12.3.dev2
3
+ Version: 3.12.3.dev3
4
4
  Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
5
5
  License-Expression: MIT
6
6
  License-File: LICENCE
{cycode-3.12.3.dev2.dist-info → cycode-3.12.3.dev3.dist-info}/RECORD RENAMED
@@ -1,4 +1,4 @@
1
- cycode/__init__.py,sha256=Gny-NPw7ssVE0Ug9mwxX7Y55eomURHuonnfna8G68u4,115
1
+ cycode/__init__.py,sha256=N_QGgVepCNUBZT87hiWWdJmBQ1Te8vL0B_rHb-wEKJw,115
2
2
  cycode/__main__.py,sha256=Z3bD5yrA7yPvAChcADQrqCaZd0ChGI1gdiwALwbWJ6U,104
3
3
  cycode/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
4
4
  cycode/cli/app.py,sha256=bsfXV85RRb1iz19JRC9gkc5Iv30fnEE1cwA8dg552NQ,6482
@@ -12,7 +12,7 @@ cycode/cli/apps/ai_guardrails/hooks_manager.py,sha256=37IcEMCK60pQ8lnuy8GThlq9oe
12
12
  cycode/cli/apps/ai_guardrails/install_command.py,sha256=qlklts1Uj6j3urK6jwAWJY-L_DgVaZWuk7vZcpoKPAQ,4571
13
13
  cycode/cli/apps/ai_guardrails/scan/__init__.py,sha256=qJc82XiQGiAuc1sYY8Ij_A-qXpxgLPuayQq8xWlouMA,48
14
14
  cycode/cli/apps/ai_guardrails/scan/consts.py,sha256=drAslw6vW3kxmbCs2qPCUbUPR7PJouT2lsXtu5sD-lQ,1094
15
- cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=nTb4kIiaAmd04t0hQlZP-l49RKakvcyn7myZLHNpY7Q,14855
15
+ cycode/cli/apps/ai_guardrails/scan/handlers.py,sha256=e3UlQ6TbFFFAFEAgMUhL5i7bV1mSrmFJuLb9O0FLX2Y,15702
16
16
  cycode/cli/apps/ai_guardrails/scan/payload.py,sha256=-r8BsvP-VPD3XibyIPKreCjJNVXGpe_9ENPF78NlnkQ,10178
17
17
  cycode/cli/apps/ai_guardrails/scan/policy.py,sha256=39s8hnxgjny1l6XAO59wsRcAlpW-LG00GUnO0PfqvuY,2566
18
18
  cycode/cli/apps/ai_guardrails/scan/response_builders.py,sha256=tVFJCnGdqSmyileg-idypOihygct7F6T4KHXYlX8y_c,4653
@@ -198,8 +198,8 @@ cycode/cyclient/report_client.py,sha256=Scq30NeJPzgXv0hPLO1U05AdE9i_2iu6cIrSKpEJ
198
198
  cycode/cyclient/scan_client.py,sha256=6TK5FQkfrvV7PHqRnUzEn1PBNd2oPYVamvIixcUfe3c,16755
199
199
  cycode/cyclient/scan_config_base.py,sha256=mXsPZGYCtp85rv5GIige40yQZXuRcEKUW-VQJ0vgFzk,1201
200
200
  cycode/logger.py,sha256=EfZGRK6VC5rE_LAjIcRrHFiQCueylCDXoG6bvGkrIME,2111
201
- cycode-3.12.3.dev2.dist-info/METADATA,sha256=kkFFeC4gpGgwhz9oQWVQi5BDjrXf5VoaZAtnXAVuCGM,84350
202
- cycode-3.12.3.dev2.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
203
- cycode-3.12.3.dev2.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
204
- cycode-3.12.3.dev2.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
205
- cycode-3.12.3.dev2.dist-info/RECORD,,
201
+ cycode-3.12.3.dev3.dist-info/METADATA,sha256=Ee8Y1VwTf_Ztfg_AzKgqjQHDvtF6evcW3RElYo3SsKA,84350
202
+ cycode-3.12.3.dev3.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
203
+ cycode-3.12.3.dev3.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
204
+ cycode-3.12.3.dev3.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
205
+ cycode-3.12.3.dev3.dist-info/RECORD,,