prismor 0.1.0__py3-none-any.whl → 0.1.1__py3-none-any.whl

prismor/__init__.py

@@ -1,6 +1,6 @@
 """Prismor CLI - Security scanning tool for GitHub repositories."""
 
-__version__ = "0.1.0"
+__version__ = "0.1.1"
 __author__ = "Prismor"
 __description__ = "A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs"
 

prismor/api.py

@@ -26,12 +26,52 @@ class PrismorClient:
                 "Please set it with: export PRISMOR_API_KEY=your_api_key"
             )
         
-        self.base_url = "https://api.prismor.dev"
+        # self.base_url = "http://localhost:3000"
+        self.base_url = "https://prismor.dev"
         self.headers = {
             "Authorization": f"Bearer {self.api_key}",
             "Content-Type": "application/json"
         }
     
+    def authenticate(self) -> Dict[str, Any]:
+        """Authenticate with the Prismor API using the API key.
+        
+        Returns:
+            Dictionary containing user information and repositories
+            
+        Raises:
+            PrismorAPIError: If authentication fails
+        """
+        try:
+            response = requests.post(
+                f"{self.base_url}/api/cli/auth",
+                json={"apiKey": self.api_key},
+                headers={"Content-Type": "application/json"},
+                timeout=30
+            )
+            
+            if response.status_code == 401:
+                raise PrismorAPIError("Invalid API key. Please check your PRISMOR_API_KEY.")
+            
+            if response.status_code == 400:
+                raise PrismorAPIError("API key is required.")
+            
+            if response.status_code >= 400:
+                error_msg = response.json().get("error", "Authentication failed")
+                raise PrismorAPIError(f"Authentication error: {error_msg}")
+            
+            response.raise_for_status()
+            return response.json()
+            
+        except requests.exceptions.Timeout:
+            raise PrismorAPIError("Authentication request timed out.")
+        except requests.exceptions.ConnectionError:
+            raise PrismorAPIError(
+                "Failed to connect to Prismor API. Please check your internet connection."
+            )
+        except requests.exceptions.RequestException as e:
+            raise PrismorAPIError(f"Authentication request failed: {str(e)}")
+    
     def normalize_repo_url(self, repo: str) -> str:
         """Normalize repository input to a full GitHub URL.
         
@@ -59,7 +99,8 @@ class PrismorClient:
         vex: bool = False,
         sbom: bool = False,
         detect_secret: bool = False,
-        fullscan: bool = False
+        fullscan: bool = False,
+        branch: Optional[str] = None
     ) -> Dict[str, Any]:
         """Perform security scan on a GitHub repository.
         
@@ -69,41 +110,59 @@ class PrismorClient:
             sbom: Enable SBOM generation
             detect_secret: Enable secret detection
             fullscan: Enable all scan types
+            branch: Specific branch to scan (defaults to main/master)
             
         Returns:
             Dictionary containing scan results
         """
         repo_url = self.normalize_repo_url(repo)
         
-        # Prepare request payload
+        # First authenticate to get user info
+        auth_response = self.authenticate()
+        user_info = auth_response.get("user", {})
+        
+        # Prepare request payload for CLI scan
         payload = {
             "repo_url": repo_url,
+            "api_key": self.api_key,
             "vex": vex or fullscan,
             "sbom": sbom or fullscan,
             "detect_secret": detect_secret or fullscan,
-            "fullscan": fullscan
+            "fullscan": fullscan,
+            "branch": branch
         }
         
         try:
             response = requests.post(
-                f"{self.base_url}/scan",
+                f"{self.base_url}/api/cli/scan",
                 json=payload,
-                headers=self.headers,
+                headers={"Content-Type": "application/json"},
                 timeout=300  # 5 minute timeout
             )
             
             if response.status_code == 401:
+                error_data = response.json()
+                if error_data.get("action") == "integrate_github":
+                    raise PrismorAPIError(
+                        f"{error_data.get('message', 'GitHub integration required')}\n"
+                        f"Please visit: {error_data.get('integration_url', 'https://prismor.dev/dashboard')}"
+                    )
                 raise PrismorAPIError("Invalid API key. Please check your PRISMOR_API_KEY.")
             
             if response.status_code == 404:
-                raise PrismorAPIError("API endpoint not found. Please check the API URL.")
+                raise PrismorAPIError("CLI scan endpoint not found. Please check if CLI endpoints are available.")
             
             if response.status_code >= 400:
                 error_msg = response.json().get("error", "Unknown error")
                 raise PrismorAPIError(f"API error: {error_msg}")
             
             response.raise_for_status()
-            return response.json()
+            result = response.json()
+            
+            # Handle the new response format from CLI endpoint
+            if result.get("ok") and "results" in result:
+                return result["results"]
+            return result
             
         except requests.exceptions.Timeout:
             raise PrismorAPIError(
@@ -115,4 +174,24 @@ class PrismorClient:
             )
         except requests.exceptions.RequestException as e:
             raise PrismorAPIError(f"Request failed: {str(e)}")
+    
+    def get_repositories(self) -> Dict[str, Any]:
+        """Get user's repositories.
+        
+        Returns:
+            Dictionary containing user repositories
+            
+        Raises:
+            PrismorAPIError: If request fails
+        """
+        auth_response = self.authenticate()
+        user_info = auth_response.get("user", {})
+        return {
+            "repositories": user_info.get("repositories", []),
+            "user": {
+                "id": user_info.get("id"),
+                "email": user_info.get("email"),
+                "name": user_info.get("name")
+            }
+        }
 

prismor/cli.py

@@ -38,56 +38,79 @@ def format_scan_results(results: dict, scan_type: str):
         click.secho("Repository:", fg="yellow", bold=True)
         click.echo(f"  {results['repository']}\n")
     
-    # Display scan status
-    if "status" in results:
-        status_color = "green" if results["status"] == "success" else "red"
-        click.secho(f"Status: ", fg="yellow", bold=True, nl=False)
-        click.secho(results["status"], fg=status_color)
-        click.echo()
+    if "branch" in results:
+        click.secho("Branch:", fg="yellow", bold=True)
+        click.echo(f"  {results['branch']}\n")
     
-    # Display scan results based on type
-    if "scan_results" in results:
-        scan_data = results["scan_results"]
+    if "commit_sha" in results:
+        click.secho("Commit SHA:", fg="yellow", bold=True)
+        click.echo(f"  {results['commit_sha']}\n")
+    
+    # Display scan results for each scan type
+    if "scans" in results:
+        scans = results["scans"]
         
         # Vulnerability scan results
-        if "vulnerabilities" in scan_data or "Results" in scan_data:
-            click.secho("Vulnerabilities Found:", fg="yellow", bold=True)
-            vuln_data = scan_data.get("vulnerabilities", scan_data.get("Results", []))
-            if isinstance(vuln_data, list):
-                click.echo(f"  Total: {len(vuln_data)}")
-            else:
-                click.echo(f"  Data available in detailed output")
+        if "vulnerability" in scans:
+            vuln_scan = scans["vulnerability"]
+            click.secho("Vulnerability Scan:", fg="yellow", bold=True)
+            status_color = "green" if vuln_scan.get("status") == "success" else "red"
+            click.secho(f"  Status: {vuln_scan.get('status', 'unknown')}", fg=status_color)
+            
+            if "scan_results" in vuln_scan:
+                scan_data = vuln_scan["scan_results"]
+                if "vulnerabilities" in scan_data or "Results" in scan_data:
+                    vuln_data = scan_data.get("vulnerabilities", scan_data.get("Results", []))
+                    if isinstance(vuln_data, list):
+                        click.echo(f"  Vulnerabilities Found: {len(vuln_data)}")
+                    else:
+                        click.echo(f"  Vulnerabilities: Data available")
+            
+            if "public_url" in vuln_scan:
+                click.echo(f"  Results URL: {vuln_scan['public_url']}")
             click.echo()
         
-        # Secret scan results
-        if "secrets" in scan_data or "findings_summary" in scan_data:
-            click.secho("Secrets Detected:", fg="yellow", bold=True)
-            secrets = scan_data.get("secrets", scan_data.get("findings_summary", {}))
-            if isinstance(secrets, dict):
-                for key, value in secrets.items():
-                    click.echo(f"  {key}: {value}")
-            else:
-                click.echo(f"  {len(secrets) if isinstance(secrets, list) else 'Data available'}")
+        # SBOM results
+        if "sbom" in scans:
+            sbom_scan = scans["sbom"]
+            click.secho("SBOM Generation:", fg="yellow", bold=True)
+            status_color = "green" if sbom_scan.get("status") == "success" else "red"
+            click.secho(f"  Status: {sbom_scan.get('status', 'unknown')}", fg=status_color)
+            
+            if "sbom" in sbom_scan:
+                sbom_data = sbom_scan["sbom"]
+                if isinstance(sbom_data, list):
+                    click.echo(f"  Artifacts Found: {len(sbom_data)}")
+                else:
+                    click.echo(f"  SBOM: Data available")
+            
+            if "public_url" in sbom_scan:
+                click.echo(f"  Results URL: {sbom_scan['public_url']}")
             click.echo()
         
-        # SBOM results
-        if "sbom" in scan_data or "artifacts" in scan_data:
-            click.secho("SBOM Generated:", fg="yellow", bold=True)
-            sbom_data = scan_data.get("sbom", scan_data.get("artifacts", []))
-            if isinstance(sbom_data, list):
-                click.echo(f"  Total artifacts: {len(sbom_data)}")
-            else:
-                click.echo(f"  SBOM data available")
+        # Secret scan results
+        if "secret" in scans:
+            secret_scan = scans["secret"]
+            click.secho("Secret Detection:", fg="yellow", bold=True)
+            status_color = "green" if secret_scan.get("status") == "success" else "red"
+            click.secho(f"  Status: {secret_scan.get('status', 'unknown')}", fg=status_color)
+            
+            if "summary" in secret_scan:
+                summary = secret_scan["summary"]
+                if isinstance(summary, dict):
+                    for key, value in summary.items():
+                        click.echo(f"  {key}: {value}")
+                else:
+                    click.echo(f"  Summary: {summary}")
+            
+            if "public_url" in secret_scan:
+                click.echo(f"  Results URL: {secret_scan['public_url']}")
             click.echo()
     
-    # Display result URLs if available
-    if "public_url" in results:
-        click.secho("Results URL:", fg="yellow", bold=True)
-        click.echo(f"  {results['public_url']}\n")
-    
-    if "presigned_url" in results:
-        click.secho("Download URL:", fg="yellow", bold=True)
-        click.echo(f"  {results['presigned_url']}\n")
+    # Display scan timestamp
+    if "scanned_at" in results:
+        click.secho("Scanned At:", fg="yellow", bold=True)
+        click.echo(f"  {results['scanned_at']}\n")
     
     click.echo("=" * 60 + "\n")
 
@@ -102,17 +125,21 @@ def format_scan_results(results: dict, scan_type: str):
 @click.option("--sbom", is_flag=True, help="Generate Software Bill of Materials")
 @click.option("--detect-secret", is_flag=True, help="Detect secrets in repository")
 @click.option("--fullscan", is_flag=True, help="Perform all scan types")
+@click.option("--branch", type=str, help="Specific branch to scan (defaults to main/master)")
 @click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
 @click.version_option(version="0.1.0", prog_name="prismor")
 @click.pass_context
 def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool, 
-        fullscan: bool, output_json: bool):
+        fullscan: bool, branch: Optional[str], output_json: bool):
     """Prismor CLI - Security scanning tool for GitHub repositories.
     
     Examples:
         prismor --scan username/repo --vex
         prismor --scan username/repo --fullscan
         prismor --scan https://github.com/username/repo --detect-secret
+        prismor --scan username/repo --sbom --branch develop
+        prismor status
+        prismor repos
     """
     # If no command and no scan option, show help
     if ctx.invoked_subcommand is None and not scan:
@@ -152,7 +179,8 @@ def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
                 vex=vex,
                 sbom=sbom,
                 detect_secret=detect_secret,
-                fullscan=fullscan
+                fullscan=fullscan,
+                branch=branch
             )
             
             # Output results
@@ -196,10 +224,88 @@ def config():
         click.echo("\nTo set your API key, run:")
         click.echo("  export PRISMOR_API_KEY=your_api_key")
     
-    click.echo("\nAPI Endpoint: https://api.prismor.dev")
+    # click.echo("\nAPI Endpoint: http://localhost:3000")
     click.echo("=" * 60 + "\n")
 
 
+@cli.command()
+def repos():
+    """List your connected repositories."""
+    try:
+        client = PrismorClient()
+        repos_data = client.get_repositories()
+        
+        click.echo("\n" + "=" * 60)
+        click.secho("  Your Repositories", fg="cyan", bold=True)
+        click.echo("=" * 60 + "\n")
+        
+        user_info = repos_data.get("user", {})
+        if user_info:
+            click.secho(f"User: {user_info.get('name', 'Unknown')} ({user_info.get('email', 'No email')})", fg="yellow")
+            click.echo()
+        
+        repositories = repos_data.get("repositories", [])
+        if repositories:
+            for repo in repositories:
+                click.secho(f"• {repo.get('name', 'Unknown')}", fg="green")
+                click.echo(f"  URL: {repo.get('htmlUrl', 'No URL')}")
+                click.echo(f"  Owner: {repo.get('githubOwner', 'Unknown')}")
+                click.echo()
+        else:
+            print_warning("No repositories found. Connect repositories through the web interface.")
+        
+        click.echo("=" * 60 + "\n")
+        
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
+
+
+@cli.command()
+def status():
+    """Check your account status and GitHub integration."""
+    try:
+        client = PrismorClient()
+        auth_data = client.authenticate()
+        
+        click.echo("\n" + "=" * 60)
+        click.secho("  Account Status", fg="cyan", bold=True)
+        click.echo("=" * 60 + "\n")
+        
+        user_info = auth_data.get("user", {})
+        if user_info:
+            click.secho(f"User: {user_info.get('name', 'Unknown')} ({user_info.get('email', 'No email')})", fg="yellow")
+            click.echo()
+            
+            repositories = user_info.get("repositories", [])
+            click.secho(f"Connected Repositories: {len(repositories)}", fg="green")
+            
+            if repositories:
+                click.echo("\nRepository List:")
+                for repo in repositories:
+                    click.echo(f"  • {repo.get('name', 'Unknown')} ({repo.get('htmlUrl', 'No URL')})")
+            else:
+                print_warning("No repositories connected.")
+                click.echo("\nTo connect repositories:")
+                click.echo("  1. Visit https://prismor.dev/dashboard")
+                click.echo("  2. Connect your GitHub account")
+                click.echo("  3. Select repositories to scan")
+        else:
+            print_error("Failed to retrieve account information.")
+        
+        click.echo("\n" + "=" * 60 + "\n")
+        
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
+
+
 def main():
     """Entry point for the CLI."""
     cli()

{prismor-0.1.0.dist-info → prismor-0.1.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prismor
-Version: 0.1.0
+Version: 0.1.1
 Summary: A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs
 Home-page: https://github.com/PrismorSec/prismor-cli
 Author: Prismor

prismor-0.1.1.dist-info/RECORD

@@ -0,0 +1,9 @@
+prismor/__init__.py,sha256=Wz9TJXpg-R4rq3KkawmGdozbNPeLMl2L8dTaAJKgBZQ,230
+prismor/api.py,sha256=Sx9YahTwGfO0cWXkVbjE0w_1hSrrhMYWzQw4tWxitQM,7149
+prismor/cli.py,sha256=a5DZ-x3g-L7-6R4-uJXlP_-V-n0Rubh2C_7EMvWtV2A,11452
+prismor-0.1.1.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
+prismor-0.1.1.dist-info/METADATA,sha256=RVjWQzwXVGUbUEVzKk9ilXzJowLFVe1o1nKqCmBA-Zk,9394
+prismor-0.1.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+prismor-0.1.1.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
+prismor-0.1.1.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
+prismor-0.1.1.dist-info/RECORD,,

prismor-0.1.0.dist-info/RECORD

@@ -1,9 +0,0 @@
-prismor/__init__.py,sha256=d_7a1UaXHGT7kAzI5fERetpR2vEj349becGSTKatQU0,230
-prismor/api.py,sha256=jnbxgzDJjYLGxC5viT18xVjcmbupFecvlb-ph8J0yik,3938
-prismor/cli.py,sha256=zjRJH9li_0_2CNquI4Y14alGpmiq1d-P_rZBTp4bS6I,7310
-prismor-0.1.0.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
-prismor-0.1.0.dist-info/METADATA,sha256=2boiqdtLo65Do3pxw_P7wWmU-FjVv95S43b3xfNT7Ps,9394
-prismor-0.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-prismor-0.1.0.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
-prismor-0.1.0.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
-prismor-0.1.0.dist-info/RECORD,,