PyPI - cycode - Versions diffs - 3.5.2.dev1__tar.gz → 3.5.3.dev2__tar.gz - Mend

cycode 3.5.2.dev1tar.gz → 3.5.3.dev2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (167) hide show

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 3.5.2.dev1
+Version: 3.5.3.dev2
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT

cycode-3.5.3.dev2/cycode/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __version__ = '3.5.3.dev2' # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/apps/report/sbom/path/path_command.py RENAMED Viewed

@@ -12,6 +12,7 @@ from cycode.cli.files_collector.sca.sca_file_collector import add_sca_dependenci
 from cycode.cli.files_collector.zip_documents import zip_documents
 from cycode.cli.utils.get_api_client import get_report_cycode_client
 from cycode.cli.utils.progress_bar import SbomReportProgressBarSection
+from cycode.cli.utils.scan_utils import is_cycodeignore_allowed_by_scan_config
 from cycode.cli.utils.sentry import add_breadcrumb
@@ -37,7 +38,11 @@ def path_command(
     try:
         documents = get_relevant_documents(
-            progress_bar, SbomReportProgressBarSection.PREPARE_LOCAL_FILES, consts.SCA_SCAN_TYPE, (str(path),)
+            progress_bar,
+            SbomReportProgressBarSection.PREPARE_LOCAL_FILES,
+            consts.SCA_SCAN_TYPE,
+            (str(path),),
+            is_cycodeignore_allowed=is_cycodeignore_allowed_by_scan_config(ctx),
         )
         # TODO(MarshalX): combine perform_pre_scan_documents_actions with get_relevant_document.
         #  unhardcode usage of context in perform_pre_scan_documents_actions

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/apps/scan/code_scanner.py RENAMED Viewed

@@ -23,7 +23,11 @@ from cycode.cli.files_collector.zip_documents import zip_documents
 from cycode.cli.models import CliError, Document, LocalScanResult
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
 from cycode.cli.utils.scan_batch import run_parallel_batched_scan
-from cycode.cli.utils.scan_utils import generate_unique_scan_id, set_issue_detected_by_scan_results
+from cycode.cli.utils.scan_utils import (
+    generate_unique_scan_id,
+    is_cycodeignore_allowed_by_scan_config,
+    set_issue_detected_by_scan_results,
+)
 from cycode.cyclient.models import ZippedFileScanResult
 from cycode.logger import get_logger
@@ -42,7 +46,13 @@ def scan_disk_files(ctx: typer.Context, paths: tuple[str, ...]) -> None:
     progress_bar = ctx.obj['progress_bar']
     try:
-        documents = get_relevant_documents(progress_bar, ScanProgressBarSection.PREPARE_LOCAL_FILES, scan_type, paths)
+        documents = get_relevant_documents(
+            progress_bar,
+            ScanProgressBarSection.PREPARE_LOCAL_FILES,
+            scan_type,
+            paths,
+            is_cycodeignore_allowed=is_cycodeignore_allowed_by_scan_config(ctx),
+        )
         add_sca_dependencies_tree_documents_if_needed(ctx, scan_type, documents)
         scan_documents(ctx, documents, get_scan_parameters(ctx, paths))
     except Exception as e:

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/apps/scan/commit_range_scanner.py RENAMED Viewed

@@ -26,9 +26,9 @@ from cycode.cli.files_collector.commit_range_documents import (
     get_diff_file_path,
     get_pre_commit_modified_documents,
     get_safe_head_reference_for_diff,
-    parse_commit_range_sast,
-    parse_commit_range_sca,
+    parse_commit_range,
 )
+from cycode.cli.files_collector.documents_walk_ignore import filter_documents_with_cycodeignore
 from cycode.cli.files_collector.file_excluder import excluder
 from cycode.cli.files_collector.models.in_memory_zip import InMemoryZip
 from cycode.cli.files_collector.sca.sca_file_collector import (
@@ -40,7 +40,11 @@ from cycode.cli.models import Document
 from cycode.cli.utils.git_proxy import git_proxy
 from cycode.cli.utils.path_utils import get_path_by_os
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
-from cycode.cli.utils.scan_utils import generate_unique_scan_id, set_issue_detected_by_scan_results
+from cycode.cli.utils.scan_utils import (
+    generate_unique_scan_id,
+    is_cycodeignore_allowed_by_scan_config,
+    set_issue_detected_by_scan_results,
+)
 from cycode.cyclient.models import ZippedFileScanResult
 from cycode.logger import get_logger
@@ -182,13 +186,19 @@ def _scan_commit_range_documents(
 def _scan_sca_commit_range(ctx: typer.Context, repo_path: str, commit_range: str, **_) -> None:
     scan_parameters = get_scan_parameters(ctx, (repo_path,))
-    from_commit_rev, to_commit_rev = parse_commit_range_sca(commit_range, repo_path)
+    from_commit_rev, to_commit_rev = parse_commit_range(commit_range, repo_path)
     from_commit_documents, to_commit_documents, _ = get_commit_range_modified_documents(
         ctx.obj['progress_bar'], ScanProgressBarSection.PREPARE_LOCAL_FILES, repo_path, from_commit_rev, to_commit_rev
     )
     from_commit_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SCA_SCAN_TYPE, from_commit_documents)
     to_commit_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SCA_SCAN_TYPE, to_commit_documents)
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    from_commit_documents = filter_documents_with_cycodeignore(
+        from_commit_documents, repo_path, is_cycodeignore_allowed
+    )
+    to_commit_documents = filter_documents_with_cycodeignore(to_commit_documents, repo_path, is_cycodeignore_allowed)
     perform_sca_pre_commit_range_scan_actions(
         repo_path, from_commit_documents, from_commit_rev, to_commit_documents, to_commit_rev
     )
@@ -204,6 +214,11 @@ def _scan_secret_commit_range(
         consts.SECRET_SCAN_TYPE, commit_diff_documents_to_scan
     )
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    diff_documents_to_scan = filter_documents_with_cycodeignore(
+        diff_documents_to_scan, repo_path, is_cycodeignore_allowed
+    )
     scan_documents(
         ctx, diff_documents_to_scan, get_scan_parameters(ctx, (repo_path,)), is_git_diff=True, is_commit_range=True
     )
@@ -212,7 +227,7 @@ def _scan_secret_commit_range(
 def _scan_sast_commit_range(ctx: typer.Context, repo_path: str, commit_range: str, **_) -> None:
     scan_parameters = get_scan_parameters(ctx, (repo_path,))
-    from_commit_rev, to_commit_rev = parse_commit_range_sast(commit_range, repo_path)
+    from_commit_rev, to_commit_rev = parse_commit_range(commit_range, repo_path)
     _, commit_documents, diff_documents = get_commit_range_modified_documents(
         ctx.obj['progress_bar'],
         ScanProgressBarSection.PREPARE_LOCAL_FILES,
@@ -221,9 +236,14 @@ def _scan_sast_commit_range(ctx: typer.Context, repo_path: str, commit_range: st
         to_commit_rev,
         reverse_diff=False,
     )
     commit_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SAST_SCAN_TYPE, commit_documents)
     diff_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SAST_SCAN_TYPE, diff_documents)
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    commit_documents = filter_documents_with_cycodeignore(commit_documents, repo_path, is_cycodeignore_allowed)
+    diff_documents = filter_documents_with_cycodeignore(diff_documents, repo_path, is_cycodeignore_allowed)
     _scan_commit_range_documents(ctx, commit_documents, diff_documents, scan_parameters=scan_parameters)
@@ -254,11 +274,18 @@ def _scan_sca_pre_commit(ctx: typer.Context, repo_path: str) -> None:
         progress_bar_section=ScanProgressBarSection.PREPARE_LOCAL_FILES,
         repo_path=repo_path,
     )
     git_head_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SCA_SCAN_TYPE, git_head_documents)
     pre_committed_documents = excluder.exclude_irrelevant_documents_to_scan(
         consts.SCA_SCAN_TYPE, pre_committed_documents
     )
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    git_head_documents = filter_documents_with_cycodeignore(git_head_documents, repo_path, is_cycodeignore_allowed)
+    pre_committed_documents = filter_documents_with_cycodeignore(
+        pre_committed_documents, repo_path, is_cycodeignore_allowed
+    )
     perform_sca_pre_hook_range_scan_actions(repo_path, git_head_documents, pre_committed_documents)
     _scan_commit_range_documents(
@@ -288,8 +315,12 @@ def _scan_secret_pre_commit(ctx: typer.Context, repo_path: str) -> None:
                 is_git_diff_format=True,
             )
         )
     documents_to_scan = excluder.exclude_irrelevant_documents_to_scan(consts.SECRET_SCAN_TYPE, documents_to_scan)
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    documents_to_scan = filter_documents_with_cycodeignore(documents_to_scan, repo_path, is_cycodeignore_allowed)
     scan_documents(ctx, documents_to_scan, get_scan_parameters(ctx), is_git_diff=True)
@@ -301,11 +332,18 @@ def _scan_sast_pre_commit(ctx: typer.Context, repo_path: str, **_) -> None:
         progress_bar_section=ScanProgressBarSection.PREPARE_LOCAL_FILES,
         repo_path=repo_path,
     )
     pre_committed_documents = excluder.exclude_irrelevant_documents_to_scan(
         consts.SAST_SCAN_TYPE, pre_committed_documents
     )
     diff_documents = excluder.exclude_irrelevant_documents_to_scan(consts.SAST_SCAN_TYPE, diff_documents)
+    is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+    pre_committed_documents = filter_documents_with_cycodeignore(
+        pre_committed_documents, repo_path, is_cycodeignore_allowed
+    )
+    diff_documents = filter_documents_with_cycodeignore(diff_documents, repo_path, is_cycodeignore_allowed)
     _scan_commit_range_documents(ctx, pre_committed_documents, diff_documents, scan_parameters=scan_parameters)

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/apps/scan/repository/repository_command.py RENAMED Viewed

@@ -8,6 +8,7 @@ from cycode.cli import consts
 from cycode.cli.apps.scan.code_scanner import scan_documents
 from cycode.cli.apps.scan.scan_parameters import get_scan_parameters
 from cycode.cli.exceptions.handle_scan_errors import handle_scan_exception
+from cycode.cli.files_collector.documents_walk_ignore import filter_documents_with_cycodeignore
 from cycode.cli.files_collector.file_excluder import excluder
 from cycode.cli.files_collector.repository_documents import get_git_repository_tree_file_entries
 from cycode.cli.files_collector.sca.sca_file_collector import add_sca_dependencies_tree_documents_if_needed
@@ -15,6 +16,7 @@ from cycode.cli.logger import logger
 from cycode.cli.models import Document
 from cycode.cli.utils.path_utils import get_path_by_os
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
+from cycode.cli.utils.scan_utils import is_cycodeignore_allowed_by_scan_config
 from cycode.cli.utils.sentry import add_breadcrumb
@@ -60,6 +62,9 @@ def repository_command(
         documents_to_scan = excluder.exclude_irrelevant_documents_to_scan(scan_type, documents_to_scan)
+        is_cycodeignore_allowed = is_cycodeignore_allowed_by_scan_config(ctx)
+        documents_to_scan = filter_documents_with_cycodeignore(documents_to_scan, str(path), is_cycodeignore_allowed)
         add_sca_dependencies_tree_documents_if_needed(ctx, scan_type, documents_to_scan)
         logger.debug('Found all relevant files for scanning %s', {'path': path, 'branch': branch})

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/apps/scan/scan_command.py RENAMED Viewed

@@ -1,9 +1,11 @@
+import os
 from pathlib import Path
 from typing import Annotated, Optional
 import click
 import typer
+from cycode.cli.apps.scan.remote_url_resolver import _try_get_git_remote_url
 from cycode.cli.cli_types import ExportTypeOption, ScanTypeOption, ScaScanTypeOption, SeverityOption
 from cycode.cli.consts import (
     ISSUE_DETECTED_STATUS_CODE,
@@ -161,10 +163,15 @@ def scan_command(
     scan_client = get_scan_cycode_client(ctx)
     ctx.obj['client'] = scan_client
-    remote_scan_config = scan_client.get_scan_configuration_safe(scan_type)
+    # Get remote URL from current working directory
+    remote_url = _try_get_git_remote_url(os.getcwd())
+    remote_scan_config = scan_client.get_scan_configuration_safe(scan_type, remote_url)
     if remote_scan_config:
         excluder.apply_scan_config(str(scan_type), remote_scan_config)
+    ctx.obj['scan_config'] = remote_scan_config
     if export_type and export_file:
         console_printer = ctx.obj['console_printer']
         console_printer.enable_recording(export_type, export_file)

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/consts.py RENAMED Viewed

@@ -17,6 +17,8 @@ SAST_SCAN_TYPE = 'sast'
 IAC_SCAN_SUPPORTED_FILE_EXTENSIONS = ('.tf', '.tf.json', '.json', '.yaml', '.yml', '.dockerfile', '.containerfile')
 IAC_SCAN_SUPPORTED_FILE_PREFIXES = ('dockerfile', 'containerfile')
+CYCODEIGNORE_FILENAME = '.cycodeignore'
 SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE = (
     '.DS_Store',
     '.bmp',

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/files_collector/commit_range_documents.py RENAMED Viewed

@@ -408,22 +408,7 @@ def get_pre_commit_modified_documents(
     return git_head_documents, pre_committed_documents, diff_documents
-def parse_commit_range_sca(commit_range: str, path: str) -> tuple[Optional[str], Optional[str]]:
-    # FIXME(MarshalX): i truly believe that this function does NOT work as expected
-    #  it does not handle cases like 'A..B' correctly
-    #  i leave it as it for SCA to not break anything
-    #  the more correct approach is implemented for SAST
-    from_commit_rev = to_commit_rev = None
-    for commit in git_proxy.get_repo(path).iter_commits(rev=commit_range):
-        if not to_commit_rev:
-            to_commit_rev = commit.hexsha
-        from_commit_rev = commit.hexsha
-    return from_commit_rev, to_commit_rev
-def parse_commit_range_sast(commit_range: str, path: str) -> tuple[Optional[str], Optional[str]]:
+def parse_commit_range(commit_range: str, path: str) -> tuple[Optional[str], Optional[str]]:
     """Parses a git commit range string and returns the full SHAs for the 'from' and 'to' commits.
     Supports:

cycode-3.5.3.dev2/cycode/cli/files_collector/documents_walk_ignore.py ADDED Viewed

@@ -0,0 +1,124 @@
+import os
+from typing import TYPE_CHECKING
+from cycode.cli import consts
+from cycode.cli.logger import get_logger
+from cycode.cli.utils.ignore_utils import IgnoreFilterManager
+if TYPE_CHECKING:
+    from cycode.cli.models import Document
+logger = get_logger('Documents Ignores')
+def _get_cycodeignore_path(repo_path: str) -> str:
+    """Get the path to .cycodeignore file in the repository root."""
+    return os.path.join(repo_path, consts.CYCODEIGNORE_FILENAME)
+def _create_ignore_filter_manager(repo_path: str, cycodeignore_path: str) -> IgnoreFilterManager:
+    """Create IgnoreFilterManager with .cycodeignore file."""
+    return IgnoreFilterManager.build(
+        path=repo_path,
+        global_ignore_file_paths=[cycodeignore_path],
+        global_patterns=[],
+    )
+def _log_ignored_files(repo_path: str, dirpath: str, ignored_dirnames: list[str], ignored_filenames: list[str]) -> None:
+    """Log ignored files for debugging (similar to walk_ignore function)."""
+    rel_dirpath = '' if dirpath == repo_path else os.path.relpath(dirpath, repo_path)
+    display_dir = rel_dirpath or '.'
+    for is_dir, names in (
+        (True, ignored_dirnames),
+        (False, ignored_filenames),
+    ):
+        for name in names:
+            full_path = os.path.join(repo_path, display_dir, name)
+            if is_dir:
+                full_path = os.path.join(full_path, '*')
+            logger.debug('Ignoring match %s', full_path)
+def _build_allowed_paths_set(ignore_filter_manager: IgnoreFilterManager, repo_path: str) -> set[str]:
+    """Build set of allowed file paths using walk_with_ignored."""
+    allowed_paths = set()
+    for dirpath, _dirnames, filenames, ignored_dirnames, ignored_filenames in ignore_filter_manager.walk_with_ignored():
+        _log_ignored_files(repo_path, dirpath, ignored_dirnames, ignored_filenames)
+        for filename in filenames:
+            file_path = os.path.join(dirpath, filename)
+            allowed_paths.add(file_path)
+    return allowed_paths
+def _get_document_check_path(document: 'Document', repo_path: str) -> str:
+    """Get the normalized absolute path for a document to check against allowed paths."""
+    check_path = document.absolute_path
+    if not check_path:
+        check_path = document.path if os.path.isabs(document.path) else os.path.join(repo_path, document.path)
+    return os.path.normpath(check_path)
+def _filter_documents_by_allowed_paths(
+    documents: list['Document'], allowed_paths: set[str], repo_path: str
+) -> list['Document']:
+    """Filter documents by checking if their paths are in the allowed set."""
+    filtered_documents = []
+    for document in documents:
+        try:
+            check_path = _get_document_check_path(document, repo_path)
+            if check_path in allowed_paths:
+                filtered_documents.append(document)
+            else:
+                relative_path = os.path.relpath(check_path, repo_path)
+                logger.debug('Filtered out document due to .cycodeignore: %s', relative_path)
+        except Exception as e:
+            logger.debug('Error processing document %s: %s', document.path, e)
+            filtered_documents.append(document)
+    return filtered_documents
+def filter_documents_with_cycodeignore(
+    documents: list['Document'], repo_path: str, is_cycodeignore_allowed: bool = True
+) -> list['Document']:
+    """Filter documents based on .cycodeignore patterns.
+    This function uses .cycodeignore file in the repository root to filter out
+    documents whose paths match any of those patterns.
+    Args:
+        documents: List of Document objects to filter
+        repo_path: Path to the repository root
+        is_cycodeignore_allowed: Whether .cycodeignore filtering is allowed by scan configuration
+    Returns:
+        List of Document objects that don't match any .cycodeignore patterns
+    """
+    if not is_cycodeignore_allowed:
+        logger.debug('.cycodeignore filtering is not allowed by scan configuration')
+        return documents
+    cycodeignore_path = _get_cycodeignore_path(repo_path)
+    if not os.path.exists(cycodeignore_path):
+        logger.debug('.cycodeignore file does not exist in the repository root')
+        return documents
+    logger.info('Using %s for filtering documents', cycodeignore_path)
+    ignore_filter_manager = _create_ignore_filter_manager(repo_path, cycodeignore_path)
+    allowed_paths = _build_allowed_paths_set(ignore_filter_manager, repo_path)
+    filtered_documents = _filter_documents_by_allowed_paths(documents, allowed_paths, repo_path)
+    logger.debug('Filtered %d documents using .cycodeignore patterns', len(documents) - len(filtered_documents))
+    return filtered_documents

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/files_collector/path_documents.py RENAMED Viewed

@@ -1,4 +1,5 @@
 import os
+from collections.abc import Generator
 from typing import TYPE_CHECKING
 from cycode.cli.files_collector.file_excluder import excluder
@@ -17,10 +18,18 @@ if TYPE_CHECKING:
     from cycode.cli.utils.progress_bar import BaseProgressBar, ProgressBarSection
-def _get_all_existing_files_in_directory(path: str, *, walk_with_ignore_patterns: bool = True) -> list[str]:
+def _get_all_existing_files_in_directory(
+    path: str, *, walk_with_ignore_patterns: bool = True, is_cycodeignore_allowed: bool = True
+) -> list[str]:
     files: list[str] = []
-    walk_func = walk_ignore if walk_with_ignore_patterns else os.walk
+    if walk_with_ignore_patterns:
+        def walk_func(path: str) -> Generator[tuple[str, list[str], list[str]], None, None]:
+            return walk_ignore(path, is_cycodeignore_allowed=is_cycodeignore_allowed)
+    else:
+        walk_func = os.walk
     for root, _, filenames in walk_func(path):
         for filename in filenames:
             files.append(os.path.join(root, filename))
@@ -28,7 +37,7 @@ def _get_all_existing_files_in_directory(path: str, *, walk_with_ignore_patterns
     return files
-def _get_relevant_files_in_path(path: str) -> list[str]:
+def _get_relevant_files_in_path(path: str, *, is_cycodeignore_allowed: bool = True) -> list[str]:
     absolute_path = get_absolute_path(path)
     if not os.path.isfile(absolute_path) and not os.path.isdir(absolute_path):
@@ -37,16 +46,21 @@ def _get_relevant_files_in_path(path: str) -> list[str]:
     if os.path.isfile(absolute_path):
         return [absolute_path]
-    file_paths = _get_all_existing_files_in_directory(absolute_path)
+    file_paths = _get_all_existing_files_in_directory(absolute_path, is_cycodeignore_allowed=is_cycodeignore_allowed)
     return [file_path for file_path in file_paths if os.path.isfile(file_path)]
 def _get_relevant_files(
-    progress_bar: 'BaseProgressBar', progress_bar_section: 'ProgressBarSection', scan_type: str, paths: tuple[str, ...]
+    progress_bar: 'BaseProgressBar',
+    progress_bar_section: 'ProgressBarSection',
+    scan_type: str,
+    paths: tuple[str, ...],
+    *,
+    is_cycodeignore_allowed: bool = True,
 ) -> list[str]:
     all_files_to_scan = []
     for path in paths:
-        all_files_to_scan.extend(_get_relevant_files_in_path(path))
+        all_files_to_scan.extend(_get_relevant_files_in_path(path, is_cycodeignore_allowed=is_cycodeignore_allowed))
     # we are double the progress bar section length because we are going to process the files twice
     # first time to get the file list with respect of excluded patterns (excluding takes seconds to execute)
@@ -94,8 +108,11 @@ def get_relevant_documents(
     paths: tuple[str, ...],
     *,
     is_git_diff: bool = False,
+    is_cycodeignore_allowed: bool = True,
 ) -> list[Document]:
-    relevant_files = _get_relevant_files(progress_bar, progress_bar_section, scan_type, paths)
+    relevant_files = _get_relevant_files(
+        progress_bar, progress_bar_section, scan_type, paths, is_cycodeignore_allowed=is_cycodeignore_allowed
+    )
     documents: list[Document] = []
     for file in relevant_files:

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/files_collector/walk_ignore.py RENAMED Viewed

@@ -1,6 +1,7 @@
 import os
 from collections.abc import Generator, Iterable
+from cycode.cli import consts
 from cycode.cli.logger import get_logger
 from cycode.cli.utils.ignore_utils import IgnoreFilterManager
@@ -8,7 +9,6 @@ logger = get_logger('Ignores')
 _SUPPORTED_IGNORE_PATTERN_FILES = {
     '.gitignore',
-    '.cycodeignore',
 }
 _DEFAULT_GLOBAL_IGNORE_PATTERNS = [
     '.git',
@@ -25,11 +25,17 @@ def _walk_to_top(path: str) -> Iterable[str]:
         yield path  # Include the top-level directory
-def _collect_top_level_ignore_files(path: str) -> list[str]:
+def _collect_top_level_ignore_files(path: str, *, is_cycodeignore_allowed: bool = True) -> list[str]:
     ignore_files = []
     top_paths = reversed(list(_walk_to_top(path)))  # we must reverse it to make top levels more prioritized
+    supported_files = set(_SUPPORTED_IGNORE_PATTERN_FILES)
+    if is_cycodeignore_allowed:
+        supported_files.add(consts.CYCODEIGNORE_FILENAME)
+        logger.debug('.cycodeignore files included due to scan configuration')
     for dir_path in top_paths:
-        for ignore_file in _SUPPORTED_IGNORE_PATTERN_FILES:
+        for ignore_file in supported_files:
             ignore_file_path = os.path.join(dir_path, ignore_file)
             if os.path.exists(ignore_file_path):
                 logger.debug('Reading top level ignore file: %s', ignore_file_path)
@@ -37,10 +43,13 @@ def _collect_top_level_ignore_files(path: str) -> list[str]:
     return ignore_files
-def walk_ignore(path: str) -> Generator[tuple[str, list[str], list[str]], None, None]:
+def walk_ignore(
+    path: str, *, is_cycodeignore_allowed: bool = True
+) -> Generator[tuple[str, list[str], list[str]], None, None]:
+    ignore_file_paths = _collect_top_level_ignore_files(path, is_cycodeignore_allowed=is_cycodeignore_allowed)
     ignore_filter_manager = IgnoreFilterManager.build(
         path=path,
-        global_ignore_file_paths=_collect_top_level_ignore_files(path),
+        global_ignore_file_paths=ignore_file_paths,
         global_patterns=_DEFAULT_GLOBAL_IGNORE_PATTERNS,
     )
     for dirpath, dirnames, filenames, ignored_dirnames, ignored_filenames in ignore_filter_manager.walk_with_ignored():

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cli/utils/scan_utils.py RENAMED Viewed

@@ -1,11 +1,12 @@
 import os
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Optional
 from uuid import UUID, uuid4
 import typer
 if TYPE_CHECKING:
     from cycode.cli.models import LocalScanResult
+    from cycode.cyclient.models import ScanConfiguration
 def set_issue_detected(ctx: typer.Context, issue_detected: bool) -> None:
@@ -22,6 +23,11 @@ def is_scan_failed(ctx: typer.Context) -> bool:
     return did_fail or issue_detected
+def is_cycodeignore_allowed_by_scan_config(ctx: typer.Context) -> bool:
+    scan_config: Optional[ScanConfiguration] = ctx.obj.get('scan_config')
+    return scan_config.is_cycode_ignore_allowed if scan_config else True
 def generate_unique_scan_id() -> UUID:
     if 'PYTEST_TEST_UNIQUE_ID' in os.environ:
         return UUID(os.environ['PYTEST_TEST_UNIQUE_ID'])

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cyclient/models.py RENAMED Viewed

@@ -505,6 +505,7 @@ class SupportedModulesPreferencesSchema(Schema):
 @dataclass
 class ScanConfiguration:
     scannable_extensions: list[str]
+    is_cycode_ignore_allowed: bool
 class ScanConfigurationSchema(Schema):
@@ -512,6 +513,7 @@ class ScanConfigurationSchema(Schema):
         unknown = EXCLUDE
     scannable_extensions = fields.List(fields.String(), allow_none=True)
+    is_cycode_ignore_allowed = fields.Boolean(load_default=True)
     @post_load
     def build_dto(self, data: dict[str, Any], **_) -> 'ScanConfiguration':

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/cycode/cyclient/scan_client.py RENAMED Viewed

@@ -280,16 +280,23 @@ class ScanClient:
         correct_scan_type = self.scan_config.get_async_scan_type(scan_type)
         return f'{self.get_scan_service_url_path(scan_type)}/{correct_scan_type}/configuration'
-    def get_scan_configuration(self, scan_type: str) -> models.ScanConfiguration:
+    def get_scan_configuration(self, scan_type: str, remote_url: Optional[str] = None) -> models.ScanConfiguration:
+        params = {}
+        if remote_url:
+            params['remote_url'] = remote_url
         response = self.scan_cycode_client.get(
             url_path=self.get_scan_configuration_path(scan_type),
+            params=params,
             hide_response_content_log=self._hide_response_log,
         )
         return models.ScanConfigurationSchema().load(response.json())
-    def get_scan_configuration_safe(self, scan_type: str) -> Optional['models.ScanConfiguration']:
+    def get_scan_configuration_safe(
+        self, scan_type: str, remote_url: Optional[str] = None
+    ) -> Optional['models.ScanConfiguration']:
         try:
-            return self.get_scan_configuration(scan_type)
+            return self.get_scan_configuration(scan_type, remote_url)
         except RequestHttpError as e:
             if e.status_code == 404:
                 logger.debug(

{cycode-3.5.2.dev1 → cycode-3.5.3.dev2}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "cycode"
-version = "3.5.2.dev1" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
+version = "3.5.3.dev2" # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag
 description = "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning."
 keywords=["secret-scan", "cycode", "devops", "token", "secret", "security", "cycode", "code"]
 authors = ["Cycode <support@cycode.com>"]