PyPI - prismor - Versions diffs - 0.1.0__py3-none-any.whl → 0.1.2__py3-none-any.whl - Mend

prismor 0.1.0py3-none-any.whl → 0.1.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

prismor/__init__.py +1 -1
prismor/api.py +132 -8
prismor/cli.py +186 -45
{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/METADATA +1 -1
prismor-0.1.2.dist-info/RECORD +9 -0
prismor-0.1.0.dist-info/RECORD +0 -9
{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/WHEEL +0 -0
{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/entry_points.txt +0 -0
{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/licenses/LICENSE +0 -0
{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/top_level.txt +0 -0

prismor/__init__.py CHANGED Viewed

@@ -1,6 +1,6 @@
 """Prismor CLI - Security scanning tool for GitHub repositories."""
-__version__ = "0.1.0"
+__version__ = "0.1.2"
 __author__ = "Prismor"
 __description__ = "A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs"

prismor/api.py CHANGED Viewed

@@ -26,12 +26,52 @@ class PrismorClient:
                 "Please set it with: export PRISMOR_API_KEY=your_api_key"
             )
-        self.base_url = "https://api.prismor.dev"
+        # self.base_url = "http://localhost:3000"
+        self.base_url = "https://prismor.dev"
         self.headers = {
             "Authorization": f"Bearer {self.api_key}",
             "Content-Type": "application/json"
         }
+    def authenticate(self) -> Dict[str, Any]:
+        """Authenticate with the Prismor API using the API key.
+        Returns:
+            Dictionary containing user information and repositories
+        Raises:
+            PrismorAPIError: If authentication fails
+        """
+        try:
+            response = requests.post(
+                f"{self.base_url}/api/cli/auth",
+                json={"apiKey": self.api_key},
+                headers={"Content-Type": "application/json"},
+                timeout=30
+            )
+            if response.status_code == 401:
+                raise PrismorAPIError("Invalid API key. Please check your PRISMOR_API_KEY.")
+            if response.status_code == 400:
+                raise PrismorAPIError("API key is required.")
+            if response.status_code >= 400:
+                error_msg = response.json().get("error", "Authentication failed")
+                raise PrismorAPIError(f"Authentication error: {error_msg}")
+            response.raise_for_status()
+            return response.json()
+        except requests.exceptions.Timeout:
+            raise PrismorAPIError("Authentication request timed out.")
+        except requests.exceptions.ConnectionError:
+            raise PrismorAPIError(
+                "Failed to connect to Prismor API. Please check your internet connection."
+            )
+        except requests.exceptions.RequestException as e:
+            raise PrismorAPIError(f"Authentication request failed: {str(e)}")
     def normalize_repo_url(self, repo: str) -> str:
         """Normalize repository input to a full GitHub URL.
@@ -59,7 +99,8 @@ class PrismorClient:
         vex: bool = False,
         sbom: bool = False,
         detect_secret: bool = False,
-        fullscan: bool = False
+        fullscan: bool = False,
+        branch: Optional[str] = None
     ) -> Dict[str, Any]:
         """Perform security scan on a GitHub repository.
@@ -69,41 +110,59 @@ class PrismorClient:
             sbom: Enable SBOM generation
             detect_secret: Enable secret detection
             fullscan: Enable all scan types
+            branch: Specific branch to scan (defaults to main/master)
         Returns:
             Dictionary containing scan results
         """
         repo_url = self.normalize_repo_url(repo)
-        # Prepare request payload
+        # First authenticate to get user info
+        auth_response = self.authenticate()
+        user_info = auth_response.get("user", {})
+        # Prepare request payload for CLI scan
         payload = {
             "repo_url": repo_url,
+            "api_key": self.api_key,
             "vex": vex or fullscan,
             "sbom": sbom or fullscan,
             "detect_secret": detect_secret or fullscan,
-            "fullscan": fullscan
+            "fullscan": fullscan,
+            "branch": branch
         }
         try:
             response = requests.post(
-                f"{self.base_url}/scan",
+                f"{self.base_url}/api/cli/scan",
                 json=payload,
-                headers=self.headers,
+                headers={"Content-Type": "application/json"},
                 timeout=300  # 5 minute timeout
             )
             if response.status_code == 401:
+                error_data = response.json()
+                if error_data.get("action") == "integrate_github":
+                    raise PrismorAPIError(
+                        f"{error_data.get('message', 'GitHub integration required')}\n"
+                        f"Please visit: {error_data.get('integration_url', 'https://prismor.dev/dashboard')}"
+                    )
                 raise PrismorAPIError("Invalid API key. Please check your PRISMOR_API_KEY.")
             if response.status_code == 404:
-                raise PrismorAPIError("API endpoint not found. Please check the API URL.")
+                raise PrismorAPIError("CLI scan endpoint not found. Please check if CLI endpoints are available.")
             if response.status_code >= 400:
                 error_msg = response.json().get("error", "Unknown error")
                 raise PrismorAPIError(f"API error: {error_msg}")
             response.raise_for_status()
-            return response.json()
+            result = response.json()
+            # Handle the new response format from CLI endpoint
+            if result.get("ok") and "results" in result:
+                return result["results"]
+            return result
         except requests.exceptions.Timeout:
             raise PrismorAPIError(
@@ -115,4 +174,69 @@ class PrismorClient:
             )
         except requests.exceptions.RequestException as e:
             raise PrismorAPIError(f"Request failed: {str(e)}")
+    def get_repositories(self) -> Dict[str, Any]:
+        """Get user's repositories.
+        Returns:
+            Dictionary containing user repositories
+        Raises:
+            PrismorAPIError: If request fails
+        """
+        auth_response = self.authenticate()
+        user_info = auth_response.get("user", {})
+        return {
+            "repositories": user_info.get("repositories", []),
+            "user": {
+                "id": user_info.get("id"),
+                "email": user_info.get("email"),
+                "name": user_info.get("name")
+            }
+        }
+    def get_repository_by_name(self, repo_name: str) -> Dict[str, Any]:
+        """Get repository ID by repository name.
+        Args:
+            repo_name: Repository name (e.g., "username/repo")
+        Returns:
+            Dictionary containing repository information including ID
+        Raises:
+            PrismorAPIError: If request fails
+        """
+        try:
+            response = requests.post(
+                f"{self.base_url}/api/repositories/by-name",
+                json={
+                    "apiKey": self.api_key,
+                    "repoName": repo_name
+                },
+                headers={"Content-Type": "application/json"},
+                timeout=30
+            )
+            if response.status_code == 401:
+                raise PrismorAPIError("Invalid API key. Please check your PRISMOR_API_KEY.")
+            if response.status_code == 404:
+                raise PrismorAPIError(f"Repository '{repo_name}' not found.")
+            if response.status_code >= 400:
+                error_msg = response.json().get("error", "Unknown error")
+                raise PrismorAPIError(f"API error: {error_msg}")
+            response.raise_for_status()
+            return response.json()
+        except requests.exceptions.Timeout:
+            raise PrismorAPIError("Request timed out.")
+        except requests.exceptions.ConnectionError:
+            raise PrismorAPIError(
+                "Failed to connect to Prismor API. Please check your internet connection."
+            )
+        except requests.exceptions.RequestException as e:
+            raise PrismorAPIError(f"Request failed: {str(e)}")

prismor/cli.py CHANGED Viewed

@@ -38,56 +38,79 @@ def format_scan_results(results: dict, scan_type: str):
         click.secho("Repository:", fg="yellow", bold=True)
         click.echo(f"  {results['repository']}\n")
-    # Display scan status
-    if "status" in results:
-        status_color = "green" if results["status"] == "success" else "red"
-        click.secho(f"Status: ", fg="yellow", bold=True, nl=False)
-        click.secho(results["status"], fg=status_color)
-        click.echo()
+    if "branch" in results:
+        click.secho("Branch:", fg="yellow", bold=True)
+        click.echo(f"  {results['branch']}\n")
-    # Display scan results based on type
-    if "scan_results" in results:
-        scan_data = results["scan_results"]
+    if "commit_sha" in results:
+        click.secho("Commit SHA:", fg="yellow", bold=True)
+        click.echo(f"  {results['commit_sha']}\n")
+    # Display scan results for each scan type
+    if "scans" in results:
+        scans = results["scans"]
         # Vulnerability scan results
-        if "vulnerabilities" in scan_data or "Results" in scan_data:
-            click.secho("Vulnerabilities Found:", fg="yellow", bold=True)
-            vuln_data = scan_data.get("vulnerabilities", scan_data.get("Results", []))
-            if isinstance(vuln_data, list):
-                click.echo(f"  Total: {len(vuln_data)}")
-            else:
-                click.echo(f"  Data available in detailed output")
+        if "vulnerability" in scans:
+            vuln_scan = scans["vulnerability"]
+            click.secho("Vulnerability Scan:", fg="yellow", bold=True)
+            status_color = "green" if vuln_scan.get("status") == "success" else "red"
+            click.secho(f"  Status: {vuln_scan.get('status', 'unknown')}", fg=status_color)
+            if "scan_results" in vuln_scan:
+                scan_data = vuln_scan["scan_results"]
+                if "vulnerabilities" in scan_data or "Results" in scan_data:
+                    vuln_data = scan_data.get("vulnerabilities", scan_data.get("Results", []))
+                    if isinstance(vuln_data, list):
+                        click.echo(f"  Vulnerabilities Found: {len(vuln_data)}")
+                    else:
+                        click.echo(f"  Vulnerabilities: Data available")
+            if "public_url" in vuln_scan:
+                click.echo(f"  Results URL: {vuln_scan['public_url']}")
             click.echo()
-        # Secret scan results
-        if "secrets" in scan_data or "findings_summary" in scan_data:
-            click.secho("Secrets Detected:", fg="yellow", bold=True)
-            secrets = scan_data.get("secrets", scan_data.get("findings_summary", {}))
-            if isinstance(secrets, dict):
-                for key, value in secrets.items():
-                    click.echo(f"  {key}: {value}")
-            else:
-                click.echo(f"  {len(secrets) if isinstance(secrets, list) else 'Data available'}")
+        # SBOM results
+        if "sbom" in scans:
+            sbom_scan = scans["sbom"]
+            click.secho("SBOM Generation:", fg="yellow", bold=True)
+            status_color = "green" if sbom_scan.get("status") == "success" else "red"
+            click.secho(f"  Status: {sbom_scan.get('status', 'unknown')}", fg=status_color)
+            if "sbom" in sbom_scan:
+                sbom_data = sbom_scan["sbom"]
+                if isinstance(sbom_data, list):
+                    click.echo(f"  Artifacts Found: {len(sbom_data)}")
+                else:
+                    click.echo(f"  SBOM: Data available")
+            if "public_url" in sbom_scan:
+                click.echo(f"  Results URL: {sbom_scan['public_url']}")
             click.echo()
-        # SBOM results
-        if "sbom" in scan_data or "artifacts" in scan_data:
-            click.secho("SBOM Generated:", fg="yellow", bold=True)
-            sbom_data = scan_data.get("sbom", scan_data.get("artifacts", []))
-            if isinstance(sbom_data, list):
-                click.echo(f"  Total artifacts: {len(sbom_data)}")
-            else:
-                click.echo(f"  SBOM data available")
+        # Secret scan results
+        if "secret" in scans:
+            secret_scan = scans["secret"]
+            click.secho("Secret Detection:", fg="yellow", bold=True)
+            status_color = "green" if secret_scan.get("status") == "success" else "red"
+            click.secho(f"  Status: {secret_scan.get('status', 'unknown')}", fg=status_color)
+            if "summary" in secret_scan:
+                summary = secret_scan["summary"]
+                if isinstance(summary, dict):
+                    for key, value in summary.items():
+                        click.echo(f"  {key}: {value}")
+                else:
+                    click.echo(f"  Summary: {summary}")
+            if "public_url" in secret_scan:
+                click.echo(f"  Results URL: {secret_scan['public_url']}")
             click.echo()
-    # Display result URLs if available
-    if "public_url" in results:
-        click.secho("Results URL:", fg="yellow", bold=True)
-        click.echo(f"  {results['public_url']}\n")
-    if "presigned_url" in results:
-        click.secho("Download URL:", fg="yellow", bold=True)
-        click.echo(f"  {results['presigned_url']}\n")
+    # Display scan timestamp
+    if "scanned_at" in results:
+        click.secho("Scanned At:", fg="yellow", bold=True)
+        click.echo(f"  {results['scanned_at']}\n")
     click.echo("=" * 60 + "\n")
@@ -102,17 +125,21 @@ def format_scan_results(results: dict, scan_type: str):
 @click.option("--sbom", is_flag=True, help="Generate Software Bill of Materials")
 @click.option("--detect-secret", is_flag=True, help="Detect secrets in repository")
 @click.option("--fullscan", is_flag=True, help="Perform all scan types")
+@click.option("--branch", type=str, help="Specific branch to scan (defaults to main/master)")
 @click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
-@click.version_option(version="0.1.0", prog_name="prismor")
+@click.version_option(version="0.1.2", prog_name="prismor")
 @click.pass_context
 def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
-        fullscan: bool, output_json: bool):
+        fullscan: bool, branch: Optional[str], output_json: bool):
     """Prismor CLI - Security scanning tool for GitHub repositories.
     Examples:
         prismor --scan username/repo --vex
         prismor --scan username/repo --fullscan
         prismor --scan https://github.com/username/repo --detect-secret
+        prismor --scan username/repo --sbom --branch develop
+        prismor status
+        prismor repos
     """
     # If no command and no scan option, show help
     if ctx.invoked_subcommand is None and not scan:
@@ -152,7 +179,8 @@ def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
                 vex=vex,
                 sbom=sbom,
                 detect_secret=detect_secret,
-                fullscan=fullscan
+                fullscan=fullscan,
+                branch=branch
             )
             # Output results
@@ -161,6 +189,41 @@ def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
             else:
                 print_success("Scan completed successfully!")
                 format_scan_results(results, ', '.join(scan_types))
+                # Try to get repository ID and display dashboard link
+                try:
+                    # Extract repo name from scan input
+                    repo_name = scan
+                    if scan.startswith("http://") or scan.startswith("https://"):
+                        # Extract from GitHub URL
+                        if "github.com/" in scan:
+                            repo_name = scan.split("github.com/")[1].rstrip("/")
+                    # Get repository ID
+                    repo_info = client.get_repository_by_name(repo_name)
+                    if repo_info.get("success") and "repository" in repo_info:
+                        repo_id = repo_info["repository"]["id"]
+                        dashboard_url = f"https://prismor.dev/repositories/{repo_id}"
+                        click.echo("\n" + "=" * 60)
+                        click.secho("  📊 Dashboard Analysis", fg="cyan", bold=True)
+                        click.echo("=" * 60)
+                        click.secho(f"🔗 View detailed analysis and insights:", fg="blue")
+                        click.secho(f"   {dashboard_url}", fg="green", bold=True)
+                        click.echo("\n💡 The dashboard provides:")
+                        click.echo("   • Interactive visualizations and charts")
+                        click.echo("   • Historical vulnerability trends")
+                        click.echo("   • Detailed security reports")
+                        click.echo("   • Team collaboration features")
+                        click.echo("   • Export capabilities")
+                        click.echo("=" * 60 + "\n")
+                except PrismorAPIError as e:
+                    # Repository might not be found, continue without dashboard link
+                    print_warning(f"Could not generate dashboard link: {str(e)}")
+                except Exception as e:
+                    # Any other error, continue without dashboard link
+                    print_warning(f"Could not generate dashboard link: {str(e)}")
         except PrismorAPIError as e:
             print_error(str(e))
@@ -196,10 +259,88 @@ def config():
         click.echo("\nTo set your API key, run:")
         click.echo("  export PRISMOR_API_KEY=your_api_key")
-    click.echo("\nAPI Endpoint: https://api.prismor.dev")
+    # click.echo("\nAPI Endpoint: http://localhost:3000")
     click.echo("=" * 60 + "\n")
+@cli.command()
+def repos():
+    """List your connected repositories."""
+    try:
+        client = PrismorClient()
+        repos_data = client.get_repositories()
+        click.echo("\n" + "=" * 60)
+        click.secho("  Your Repositories", fg="cyan", bold=True)
+        click.echo("=" * 60 + "\n")
+        user_info = repos_data.get("user", {})
+        if user_info:
+            click.secho(f"User: {user_info.get('name', 'Unknown')} ({user_info.get('email', 'No email')})", fg="yellow")
+            click.echo()
+        repositories = repos_data.get("repositories", [])
+        if repositories:
+            for repo in repositories:
+                click.secho(f"• {repo.get('name', 'Unknown')}", fg="green")
+                click.echo(f"  URL: {repo.get('htmlUrl', 'No URL')}")
+                click.echo(f"  Owner: {repo.get('githubOwner', 'Unknown')}")
+                click.echo()
+        else:
+            print_warning("No repositories found. Connect repositories through the web interface.")
+        click.echo("=" * 60 + "\n")
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
+@cli.command()
+def status():
+    """Check your account status and GitHub integration."""
+    try:
+        client = PrismorClient()
+        auth_data = client.authenticate()
+        click.echo("\n" + "=" * 60)
+        click.secho("  Account Status", fg="cyan", bold=True)
+        click.echo("=" * 60 + "\n")
+        user_info = auth_data.get("user", {})
+        if user_info:
+            click.secho(f"User: {user_info.get('name', 'Unknown')} ({user_info.get('email', 'No email')})", fg="yellow")
+            click.echo()
+            repositories = user_info.get("repositories", [])
+            click.secho(f"Connected Repositories: {len(repositories)}", fg="green")
+            if repositories:
+                click.echo("\nRepository List:")
+                for repo in repositories:
+                    click.echo(f"  • {repo.get('name', 'Unknown')} ({repo.get('htmlUrl', 'No URL')})")
+            else:
+                print_warning("No repositories connected.")
+                click.echo("\nTo connect repositories:")
+                click.echo("  1. Visit https://prismor.dev/dashboard")
+                click.echo("  2. Connect your GitHub account")
+                click.echo("  3. Select repositories to scan")
+        else:
+            print_error("Failed to retrieve account information.")
+        click.echo("\n" + "=" * 60 + "\n")
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
 def main():
     """Entry point for the CLI."""
     cli()

{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prismor
-Version: 0.1.0
+Version: 0.1.2
 Summary: A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs
 Home-page: https://github.com/PrismorSec/prismor-cli
 Author: Prismor

prismor-0.1.2.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,9 @@
+prismor/__init__.py,sha256=6sRGygr6VrNie8Xd_B9Zeq6Q0ThWRftLBnVzZBdGEb4,230
+prismor/api.py,sha256=YrFnw1adT4ci6ehR4qB03kSOxw9l1o4fm0KSGUlDU4s,8886
+prismor/cli.py,sha256=K0aOxtbhE-gUoRw7selqT1a7BTr80A4Ogvvcspx5BUk,13582
+prismor-0.1.2.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
+prismor-0.1.2.dist-info/METADATA,sha256=sDwR9KP4wlNOdQON-j-42Sabowz2q7IhCXb4dss8s1I,9394
+prismor-0.1.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+prismor-0.1.2.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
+prismor-0.1.2.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
+prismor-0.1.2.dist-info/RECORD,,

prismor-0.1.0.dist-info/RECORD DELETED Viewed

@@ -1,9 +0,0 @@
-prismor/__init__.py,sha256=d_7a1UaXHGT7kAzI5fERetpR2vEj349becGSTKatQU0,230
-prismor/api.py,sha256=jnbxgzDJjYLGxC5viT18xVjcmbupFecvlb-ph8J0yik,3938
-prismor/cli.py,sha256=zjRJH9li_0_2CNquI4Y14alGpmiq1d-P_rZBTp4bS6I,7310
-prismor-0.1.0.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
-prismor-0.1.0.dist-info/METADATA,sha256=2boiqdtLo65Do3pxw_P7wWmU-FjVv95S43b3xfNT7Ps,9394
-prismor-0.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-prismor-0.1.0.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
-prismor-0.1.0.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
-prismor-0.1.0.dist-info/RECORD,,

{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{prismor-0.1.0.dist-info → prismor-0.1.2.dist-info}/top_level.txt RENAMED Viewed

File without changes

prismor 0.1.0__py3-none-any.whl → 0.1.2__py3-none-any.whl

prismor 0.1.0py3-none-any.whl → 0.1.2py3-none-any.whl