PyPI - devsecops-radar - Versions diffs - 0.3.5__tar.gz → 0.3.7__tar.gz - Mend

@@ -1,6 +1,6 @@
 from sqlalchemy import create_engine, Column, Integer, String, DateTime, JSON, ForeignKey
 from sqlalchemy.orm import declarative_base, sessionmaker, relationship
-from pydantic import BaseModel, validator
+from pydantic import BaseModel, field_validator
 from typing import Optional
 import datetime
 import os
@@ -16,14 +16,15 @@ class FindingSchema(BaseModel):
     description: Optional[str] = ""
     line: Optional[int] = None
-    @validator('severity')
-    def severity_upper(cls, v):
+    @field_validator('severity')
+    @classmethod
+    def severity_upper(cls, v: str) -> str:
         return v.upper()
 class Scan(Base):
     __tablename__ = 'scans'
     id = Column(Integer, primary_key=True)
-    timestamp = Column(DateTime, default=datetime.datetime.utcnow)
+    timestamp = Column(DateTime, default=lambda: datetime.datetime.now(datetime.UTC))
     findings_json = Column(JSON)
     findings = relationship("Finding", back_populates="scan", cascade="all, delete-orphan")

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.3.5
+Version: 0.3.7
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT

@@ -1,3 +1,4 @@
+import os
 import jwt
 import datetime
 from functools import wraps
@@ -18,11 +19,11 @@ def verify_token(token: str) -> dict:
 def login_required(f):
     @wraps(f)
     def decorated(*args, **kwargs):
-        # Only enforce authentication if the admin has configured an API key.
-        if settings.PIPELINE_API_KEY != "disabled":
+        # Read directly from os.environ to support test patching
+        api_key = os.environ.get("PIPELINE_API_KEY", "disabled")
+        if api_key != "disabled":
             key = request.headers.get("X-API-Key")
-            if key != settings.PIPELINE_API_KEY:
+            if key != api_key:
                 return jsonify({"error": "API key required"}), 401
-        # Without an API key, all requests are permitted (default for local use).
         return f(*args, **kwargs)
     return decorated

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: devsecops-radar
-Version: 0.3.5
+Version: 0.3.7
 Summary: Unified CI/CD Security Dashboard — Pipeline Sentinel
 Author-email: Mehrdoost <70381337+Mehrdoost@users.noreply.github.com>
 License-Expression: MIT

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "devsecops-radar"
-version = "0.3.5"
+version = "0.3.7"
 description = "Unified CI/CD Security Dashboard — Pipeline Sentinel"
 readme = "README.md"
 license = "MIT"

@@ -1,4 +1,5 @@
 import pytest
+from unittest.mock import patch
 from devsecops_radar.web.app import create_app
 @pytest.fixture
@@ -11,6 +12,13 @@ def app():
 def client(app):
     return app.test_client()
+@pytest.fixture(autouse=True)
+def mock_database():
+    # Mock the database function to avoid needing a real DB
+    with patch('devsecops_radar.web.dashboard.routes.get_findings_paginated') as mock:
+        mock.return_value = {"items": [], "total": 0, "page": 1, "per_page": 50}
+        yield
 def test_dashboard_page(client):
     resp = client.get('/')
     assert resp.status_code == 200

@@ -26,5 +26,6 @@ def test_cli_merge_sample_files():
         capture_output=True, text=True
     )
     assert result.returncode == 0
-    assert 'Merged' in result.stdout
+    # CLI logs to stderr, so check there
+    assert 'Merged' in result.stderr
     os.unlink(outpath)

devsecops-radar 0.3.5__tar.gz → 0.3.7__tar.gz