cycode 3.2.2.dev2__tar.gz → 3.2.2.dev4__tar.gz

{cycode-3.2.2.dev2 → cycode-3.2.2.dev4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 3.2.2.dev2
+Version: 3.2.2.dev4
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT
@@ -582,18 +582,19 @@ This information can be helpful when:
 
 The Cycode CLI application offers several types of scans so that you can choose the option that best fits your case. The following are the current options and commands available:
 
-| Option                                                     | Description                                                                                                            |
-|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|
-| `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`.                           |
-| `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                       |
-| `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details. |
-| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                 |
-| `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both.        |
-| `--monitor`                                                | When specified, the scan results will be recorded in Cycode.                                                           |
-| `--cycode-report`                                          | Display a link to the scan report in the Cycode platform in the console output.                                        |
-| `--no-restore`                                             | When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!                      |
-| `--gradle-all-sub-projects`                                | Run gradle restore command for all sub projects. This should be run from the project root directory ONLY!              |
-| `--help`                                                   | Show options for given command.                                                                                        |
+| Option                                                     | Description                                                                                                                      |
+|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`.                                     |
+| `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                 |
+| `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.           |
+| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                           |
+| `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both.                  |
+| `--monitor`                                                | When specified, the scan results will be recorded in Cycode.                                                                     |
+| `--cycode-report`                                          | Display a link to the scan report in the Cycode platform in the console output.                                                  |
+| `--no-restore`                                             | When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!                                |
+| `--gradle-all-sub-projects`                                | Run gradle restore command for all sub projects. This should be run from                                                         |
+| `--maven-settings-file`                                    | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when scanning for dependencies |
+| `--help`                                                   | Show options for given command.                                                                                                  |
 
 | Command                                | Description                                                     |
 |----------------------------------------|-----------------------------------------------------------------|

{cycode-3.2.2.dev2 → cycode-3.2.2.dev4}/README.md

@@ -538,18 +538,19 @@ This information can be helpful when:
 
 The Cycode CLI application offers several types of scans so that you can choose the option that best fits your case. The following are the current options and commands available:
 
-| Option                                                     | Description                                                                                                            |
-|------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|
-| `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`.                           |
-| `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                       |
-| `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details. |
-| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                 |
-| `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both.        |
-| `--monitor`                                                | When specified, the scan results will be recorded in Cycode.                                                           |
-| `--cycode-report`                                          | Display a link to the scan report in the Cycode platform in the console output.                                        |
-| `--no-restore`                                             | When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!                      |
-| `--gradle-all-sub-projects`                                | Run gradle restore command for all sub projects. This should be run from the project root directory ONLY!              |
-| `--help`                                                   | Show options for given command.                                                                                        |
+| Option                                                     | Description                                                                                                                      |
+|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`.                                     |
+| `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                 |
+| `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.           |
+| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                           |
+| `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both.                  |
+| `--monitor`                                                | When specified, the scan results will be recorded in Cycode.                                                                     |
+| `--cycode-report`                                          | Display a link to the scan report in the Cycode platform in the console output.                                                  |
+| `--no-restore`                                             | When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!                                |
+| `--gradle-all-sub-projects`                                | Run gradle restore command for all sub projects. This should be run from                                                         |
+| `--maven-settings-file`                                    | For Maven only, allows using a custom [settings.xml](https://maven.apache.org/settings.html) file when scanning for dependencies |
+| `--help`                                                   | Show options for given command.                                                                                                  |
 
 | Command                                | Description                                                     |
 |----------------------------------------|-----------------------------------------------------------------|

cycode-3.2.2.dev4/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.2.2.dev4'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.2.2.dev2 → cycode-3.2.2.dev4}/cycode/cli/files_collector/commit_range_documents.py

@@ -193,7 +193,10 @@ def get_diff_file_path(diff: 'Diff', relative: bool = False) -> Optional[str]:
 
     if diff.b_blob:
         return diff.b_blob.abspath
-    return diff.a_blob.abspath
+    if diff.a_blob:
+        return diff.a_blob.abspath
+
+    return None
 
 
 def get_diff_file_content(diff: 'Diff') -> str:

{cycode-3.2.2.dev2 → cycode-3.2.2.dev4}/cycode/cli/user_settings/configuration_manager.py

@@ -82,7 +82,7 @@ class ConfigurationManager:
     @staticmethod
     def _merge_exclusions(local_exclusions: dict, global_exclusions: dict) -> dict:
         keys = set(list(local_exclusions.keys()) + list(global_exclusions.keys()))
-        return {key: local_exclusions.get(key, []) + global_exclusions.get(key, []) for key in keys}
+        return {key: (local_exclusions.get(key) or []) + (global_exclusions.get(key) or []) for key in keys}
 
     def get_or_create_installation_id(self) -> str:
         config_file_manager = self.get_config_file_manager()

{cycode-3.2.2.dev2 → cycode-3.2.2.dev4}/cycode/cli/utils/yaml_utils.py

@@ -4,6 +4,10 @@ from typing import Any, TextIO
 
 import yaml
 
+from cycode.logger import get_logger
+
+logger = get_logger('YAML Utils')
+
 
 def _deep_update(source: dict[Hashable, Any], overrides: dict[Hashable, Any]) -> dict[Hashable, Any]:
     for key, value in overrides.items():
@@ -15,10 +19,16 @@ def _deep_update(source: dict[Hashable, Any], overrides: dict[Hashable, Any]) ->
     return source
 
 
-def _yaml_safe_load(file: TextIO) -> dict[Hashable, Any]:
+def _yaml_object_safe_load(file: TextIO) -> dict[Hashable, Any]:
     # loader.get_single_data could return None
     loaded_file = yaml.safe_load(file)
-    if loaded_file is None:
+
+    if not isinstance(loaded_file, dict):
+        # forbid literals at the top level
+        logger.debug(
+            'YAML file does not contain a dictionary at the top level: %s',
+            {'filename': file.name, 'actual_type': type(loaded_file)},
+        )
         return {}
 
     return loaded_file
@@ -29,7 +39,7 @@ def read_yaml_file(filename: str) -> dict[Hashable, Any]:
         return {}
 
     with open(filename, encoding='UTF-8') as file:
-        return _yaml_safe_load(file)
+        return _yaml_object_safe_load(file)
 
 
 def write_yaml_file(filename: str, content: dict[Hashable, Any]) -> None:

{cycode-3.2.2.dev2 → cycode-3.2.2.dev4}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "3.2.2.dev2" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "3.2.2.dev4" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]

cycode-3.2.2.dev2/cycode/__init__.py

@@ -1 +0,0 @@
-__version__ = '3.2.2.dev2'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag