cycode 3.16.2.dev1__py3-none-any.whl → 3.16.3.dev1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. cycode/__init__.py +1 -1
  2. cycode/cli/apps/configure/configure_command.py +17 -1
  3. cycode/cli/apps/configure/messages.py +14 -6
  4. cycode/cli/consts.py +24 -0
  5. cycode/cli/files_collector/file_excluder.py +8 -0
  6. {cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/METADATA +1 -1
  7. {cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/RECORD +10 -10
  8. {cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/WHEEL +0 -0
  9. {cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/entry_points.txt +0 -0
  10. {cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/licenses/LICENCE +0 -0
cycode/__init__.py CHANGED
@@ -5,4 +5,4 @@ import time as _time
5
5
  # end-to-end scan duration from the moment the user actually triggered it.
6
6
  _BOOT_WALL: float = _time.time()
7
7
 
8
- __version__ = '3.16.2.dev1' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
8
+ __version__ = '3.16.3.dev1' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
cycode/cli/apps/configure/configure_command.py CHANGED
@@ -1,7 +1,12 @@
1
1
  from typing import Optional
2
2
 
3
3
  from cycode.cli.apps.configure.consts import CONFIGURATION_MANAGER, CREDENTIALS_MANAGER
4
- from cycode.cli.apps.configure.messages import get_credentials_update_result_message, get_urls_update_result_message
4
+ from cycode.cli.apps.configure.messages import (
5
+ get_credentials_environment_variables_override_warning,
6
+ get_credentials_update_result_message,
7
+ get_urls_environment_variables_override_warning,
8
+ get_urls_update_result_message,
9
+ )
5
10
  from cycode.cli.apps.configure.prompts import (
6
11
  get_api_url_input,
7
12
  get_app_url_input,
@@ -73,3 +78,14 @@ def configure_command() -> None:
73
78
  console.print(get_urls_update_result_message())
74
79
  if credentials_updated or oidc_credentials_updated:
75
80
  console.print(get_credentials_update_result_message())
81
+
82
+ # Warn about environment variables that override the configured file values, regardless of whether anything was
83
+ # updated. The env vars take precedence on every subsequent call, so configuring the file alone has no effect while
84
+ # they are set.
85
+ urls_override_warning = get_urls_environment_variables_override_warning()
86
+ if urls_override_warning:
87
+ console.print(f'[yellow]Warning:[/] {urls_override_warning}')
88
+
89
+ credentials_override_warning = get_credentials_environment_variables_override_warning()
90
+ if credentials_override_warning:
91
+ console.print(f'[yellow]Warning:[/] {credentials_override_warning}')
cycode/cli/apps/configure/messages.py CHANGED
@@ -1,3 +1,5 @@
1
+ from typing import Optional
2
+
1
3
  from cycode.cli.apps.configure.consts import (
2
4
  CONFIGURATION_MANAGER,
3
5
  CREDENTIALS_ARE_SET_IN_ENVIRONMENT_VARIABLES_MESSAGE,
@@ -14,11 +16,14 @@ def _are_credentials_exist_in_environment_variables() -> bool:
14
16
 
15
17
 
16
18
  def get_credentials_update_result_message() -> str:
17
- success_message = CREDENTIALS_UPDATED_SUCCESSFULLY_MESSAGE.format(filename=CREDENTIALS_MANAGER.get_filename())
19
+ return CREDENTIALS_UPDATED_SUCCESSFULLY_MESSAGE.format(filename=CREDENTIALS_MANAGER.get_filename())
20
+
21
+
22
+ def get_credentials_environment_variables_override_warning() -> Optional[str]:
18
23
  if _are_credentials_exist_in_environment_variables():
19
- return f'{success_message}. {CREDENTIALS_ARE_SET_IN_ENVIRONMENT_VARIABLES_MESSAGE}'
24
+ return CREDENTIALS_ARE_SET_IN_ENVIRONMENT_VARIABLES_MESSAGE
20
25
 
21
- return success_message
26
+ return None
22
27
 
23
28
 
24
29
  def _are_urls_exist_in_environment_variables() -> bool:
@@ -28,10 +33,13 @@ def _are_urls_exist_in_environment_variables() -> bool:
28
33
 
29
34
 
30
35
  def get_urls_update_result_message() -> str:
31
- success_message = URLS_UPDATED_SUCCESSFULLY_MESSAGE.format(
36
+ return URLS_UPDATED_SUCCESSFULLY_MESSAGE.format(
32
37
  filename=CONFIGURATION_MANAGER.global_config_file_manager.get_filename()
33
38
  )
39
+
40
+
41
+ def get_urls_environment_variables_override_warning() -> Optional[str]:
34
42
  if _are_urls_exist_in_environment_variables():
35
- return f'{success_message}. {URLS_ARE_SET_IN_ENVIRONMENT_VARIABLES_MESSAGE}'
43
+ return URLS_ARE_SET_IN_ENVIRONMENT_VARIABLES_MESSAGE
36
44
 
37
- return success_message
45
+ return None
cycode/cli/consts.py CHANGED
@@ -53,6 +53,30 @@ SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE = (
53
53
  '.iso',
54
54
  )
55
55
 
56
+ # Fallback block-list used for SAST only when the server does not return scannable extensions
57
+ # (e.g. when the customer has custom rules, any text file is scannable). These are non-source
58
+ # data formats that can slip past binary detection (the EICAR test file and ClamAV signature
59
+ # databases are plain ASCII) and may be quarantined by object-storage antivirus after upload.
60
+ SAST_SCAN_FILE_EXTENSIONS_TO_IGNORE = (
61
+ '.bin',
62
+ '.cvd',
63
+ '.cld',
64
+ '.cud',
65
+ '.hdb',
66
+ '.hsb',
67
+ '.mdb',
68
+ '.msb',
69
+ '.ndb',
70
+ '.ndu',
71
+ '.ldb',
72
+ '.ldu',
73
+ '.idb',
74
+ '.fp',
75
+ '.sfp',
76
+ '.ign',
77
+ '.ign2',
78
+ )
79
+
56
80
  SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = ( # keep in lowercase
57
81
  'cargo.lock',
58
82
  'cargo.toml',
cycode/cli/files_collector/file_excluder.py CHANGED
@@ -63,7 +63,10 @@ class Excluder:
63
63
  }
64
64
  self._non_scannable_extensions: dict[str, tuple[str, ...]] = {
65
65
  consts.SECRET_SCAN_TYPE: consts.SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE,
66
+ consts.SAST_SCAN_TYPE: consts.SAST_SCAN_FILE_EXTENSIONS_TO_IGNORE,
66
67
  }
68
+ # Tracks scan types for which the SAST fallback log has already been emitted (log once, not per file)
69
+ self._logged_sast_fallback = False
67
70
 
68
71
  def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfiguration') -> None:
69
72
  if scan_config.scannable_extensions:
@@ -86,6 +89,11 @@ class Excluder:
86
89
 
87
90
  non_scannable_extensions = self._non_scannable_extensions.get(scan_type)
88
91
  if non_scannable_extensions:
92
+ # For SAST, reaching the block-list means the server returned no scannable extensions
93
+ # (e.g. custom rules, or no remote config). Log once so this is diagnosable.
94
+ if scan_type == consts.SAST_SCAN_TYPE and not self._logged_sast_fallback:
95
+ self._logged_sast_fallback = True
96
+ logger.debug('No scannable extensions provided for SAST; falling back to the built-in ignore list')
89
97
  return not filename.endswith(non_scannable_extensions)
90
98
 
91
99
  return True
{cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cycode
3
- Version: 3.16.2.dev1
3
+ Version: 3.16.3.dev1
4
4
  Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
5
5
  License-Expression: MIT
6
6
  License-File: LICENCE
{cycode-3.16.2.dev1.dist-info → cycode-3.16.3.dev1.dist-info}/RECORD RENAMED
@@ -1,4 +1,4 @@
1
- cycode/__init__.py,sha256=k3dJy6_nUYXpe_7kSCympFwrnsnHUWBAriIagwJQppE,396
1
+ cycode/__init__.py,sha256=CcpAyD7Y_714Ds_2eFLqD8gokAUY-k6EVd6dYaW2NI8,396
2
2
  cycode/__main__.py,sha256=Z3bD5yrA7yPvAChcADQrqCaZd0ChGI1gdiwALwbWJ6U,104
3
3
  cycode/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
4
4
  cycode/cli/app.py,sha256=AlR2durAEbsa47PDfIj7JtMvJDWA_Dq6wPtVuMJYSCs,10250
@@ -39,9 +39,9 @@ cycode/cli/apps/auth/auth_common.py,sha256=bfQXqfv5bcYmc7njWOnG1VGzRU-C7spBv48gx
39
39
  cycode/cli/apps/auth/auth_manager.py,sha256=ePRI1Nl8HVwcST77LAMuzu4tm4TTIX5b-MACB59LUrQ,4286
40
40
  cycode/cli/apps/auth/models.py,sha256=XVWq_9e6tQ9farEs_ks2Hv8B_qJdbuZciO7oe8wdgoY,96
41
41
  cycode/cli/apps/configure/__init__.py,sha256=J-XJyC3zFt8vP5LrMoHCExkR8MWFfegt-PE0T28cr40,539
42
- cycode/cli/apps/configure/configure_command.py,sha256=GzhdI4dmZuIxkhlf8pc579xm6YP4IqQz9PZONB-bwZw,3005
42
+ cycode/cli/apps/configure/configure_command.py,sha256=IOklkJBONN3tG3FjM_m3T5AsPjUbGDuy1Wc0XGN_zOM,3773
43
43
  cycode/cli/apps/configure/consts.py,sha256=wm3FV5eHRrg77zQnCRExAvBMfqnWdxb33sIdJeTgOK0,1130
44
- cycode/cli/apps/configure/messages.py,sha256=hZ4gFyvzPsjXKkYADmdtWl_OcIdZQLIsUSzUrThWMW8,1455
44
+ cycode/cli/apps/configure/messages.py,sha256=DYepPy8AuP6XJaPppmWeYg4M37SVi0YRpNDeHdlWDy0,1547
45
45
  cycode/cli/apps/configure/prompts.py,sha256=z1KZiVJOlFeWKawFE_RyMOitekzuZqKu9aV6KYGbuBU,1889
46
46
  cycode/cli/apps/ignore/__init__.py,sha256=hk1jyJ5ecDeNxHu7gbbbugNiMMS5Y0wmFhi2FiokSHo,220
47
47
  cycode/cli/apps/ignore/ignore_command.py,sha256=eHKR9AKvUqwLi_q1M4cM8iYqhW8yb-y37xPMyUI1qUc,5767
@@ -94,7 +94,7 @@ cycode/cli/apps/status/version_command.py,sha256=c6Iko_rmZo9T_kQSd3HUloBi40Qv7cj
94
94
  cycode/cli/cli_types.py,sha256=QbFWJLtlsEnHGdqdHbLolJqT57RfhocvsPAhlcNcCRE,3354
95
95
  cycode/cli/config.py,sha256=Op-lX_neanJtvPvoOEx4ByBdveh5ygElIga1FdSHhOI,299
96
96
  cycode/cli/console.py,sha256=vp-DHwlkwpwdsPyfwGdjsPF-6-Bi3f8W7G-W_YXCMH8,1914
97
- cycode/cli/consts.py,sha256=YjP_aIOayJkGEc87hTCMZBmRAFtXgM-dspVF51nVSCs,9029
97
+ cycode/cli/consts.py,sha256=DA64POP-TWR4jTOkBzzN-paHX_S_9A_qPs6GCIW-U9s,9651
98
98
  cycode/cli/exceptions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
99
99
  cycode/cli/exceptions/custom_exceptions.py,sha256=mTPLPI6V5JrEM6IQ8f7An9P207oYWEgJr-l9UpieSWk,4232
100
100
  cycode/cli/exceptions/handle_ai_remediation_errors.py,sha256=mA70upSYXK3rL_fmanzKYeUzLENhpXdkW8k3aIHrKzU,785
@@ -105,7 +105,7 @@ cycode/cli/exceptions/handle_scan_errors.py,sha256=1KkBFb7LniflYRr0vMl1FPIZDALPZ
105
105
  cycode/cli/files_collector/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
106
106
  cycode/cli/files_collector/commit_range_documents.py,sha256=ZAU9er6m8_IF9y9KxZoiEaDOiZC35SEfv5VtqKp4AZc,20484
107
107
  cycode/cli/files_collector/documents_walk_ignore.py,sha256=G4e-3vfP4WZ7wa9-VbZ66xCKCioTXnPBfbrs4_hh8xY,4705
108
- cycode/cli/files_collector/file_excluder.py,sha256=5Y7MM6_4x4FRKCV47D_hOXIg9BzYLHqwoWkmtV7Lt4I,7562
108
+ cycode/cli/files_collector/file_excluder.py,sha256=YSMzmsv1qJFwOIWk6JzXLYPOd2YNHZGqf854n_DSnWI,8233
109
109
  cycode/cli/files_collector/iac/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
110
110
  cycode/cli/files_collector/iac/tf_content_generator.py,sha256=a65zA0Ejv_LSA5jac2omHck4IKoNS5MX6v6ltF2wo4E,2873
111
111
  cycode/cli/files_collector/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -207,8 +207,8 @@ cycode/cyclient/report_client.py,sha256=Scq30NeJPzgXv0hPLO1U05AdE9i_2iu6cIrSKpEJ
207
207
  cycode/cyclient/scan_client.py,sha256=6TK5FQkfrvV7PHqRnUzEn1PBNd2oPYVamvIixcUfe3c,16755
208
208
  cycode/cyclient/scan_config_base.py,sha256=mXsPZGYCtp85rv5GIige40yQZXuRcEKUW-VQJ0vgFzk,1201
209
209
  cycode/logger.py,sha256=EfZGRK6VC5rE_LAjIcRrHFiQCueylCDXoG6bvGkrIME,2111
210
- cycode-3.16.2.dev1.dist-info/METADATA,sha256=oDlRz0-Fp8LwPQgfHSk-M0oISG7ywyV-zXW37RDoPSc,89245
211
- cycode-3.16.2.dev1.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
212
- cycode-3.16.2.dev1.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
213
- cycode-3.16.2.dev1.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
214
- cycode-3.16.2.dev1.dist-info/RECORD,,
210
+ cycode-3.16.3.dev1.dist-info/METADATA,sha256=GwuZ-h9XsghaNYx3U3Cl5f73NllN-rc-G3DyCr8Q8fk,89245
211
+ cycode-3.16.3.dev1.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
212
+ cycode-3.16.3.dev1.dist-info/entry_points.txt,sha256=iDcVJM8ByLElVgvBgtYxDjw1kT7O8Mo0LcWZIT5L3Ig,45
213
+ cycode-3.16.3.dev1.dist-info/licenses/LICENCE,sha256=2Wx4N6mD_4xB7-E3hPkZ3MPhpJy__k_I8MaCSO-PDRo,1068
214
+ cycode-3.16.3.dev1.dist-info/RECORD,,