PyPI - prismor - Versions diffs - 0.1.2__py3-none-any.whl → 1.1.1__py3-none-any.whl - Mend

prismor 0.1.2py3-none-any.whl → 1.1.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

prismor/__init__.py +1 -1
prismor/api.py +347 -22
prismor/cli.py +354 -72
prismor-1.1.1.dist-info/METADATA +744 -0
prismor-1.1.1.dist-info/RECORD +9 -0
{prismor-0.1.2.dist-info → prismor-1.1.1.dist-info}/WHEEL +1 -1
prismor-0.1.2.dist-info/METADATA +0 -371
prismor-0.1.2.dist-info/RECORD +0 -9
{prismor-0.1.2.dist-info → prismor-1.1.1.dist-info}/entry_points.txt +0 -0
{prismor-0.1.2.dist-info → prismor-1.1.1.dist-info}/licenses/LICENSE +0 -0
{prismor-0.1.2.dist-info → prismor-1.1.1.dist-info}/top_level.txt +0 -0

prismor/cli.py CHANGED Viewed

@@ -3,8 +3,10 @@
 import sys
 import json
 import click
+import threading
+import time
 from typing import Optional
-from .api import PrismorClient, PrismorAPIError
+from .api import PrismorClient, PrismorAPIError, parse_github_repo
 def print_success(message: str):
@@ -27,6 +29,43 @@ def print_warning(message: str):
     click.secho(f"⚠ {message}", fg="yellow")
+class Spinner:
+    """Simple spinner for showing loading state."""
+    def __init__(self, message: str = "Processing"):
+        self.message = message
+        self.spinner_chars = "|/-\\"
+        self.spinner_index = 0
+        self.running = False
+        self.thread = None
+    def _spin(self):
+        """Internal spinner loop."""
+        while self.running:
+            char = self.spinner_chars[self.spinner_index % len(self.spinner_chars)]
+            sys.stdout.write(f"\r{char} {self.message}...")
+            sys.stdout.flush()
+            self.spinner_index += 1
+            time.sleep(0.1)
+    def start(self):
+        """Start the spinner."""
+        self.running = True
+        self.thread = threading.Thread(target=self._spin, daemon=True)
+        self.thread.start()
+    def stop(self, message: str = None):
+        """Stop the spinner and clear the line."""
+        self.running = False
+        if self.thread:
+            self.thread.join(timeout=0.2)
+        # Clear the spinner line
+        sys.stdout.write("\r" + " " * (len(self.message) + 15) + "\r")
+        sys.stdout.flush()
+        if message:
+            click.echo(message)
 def format_scan_results(results: dict, scan_type: str):
     """Format and display scan results."""
     click.echo("\n" + "=" * 60)
@@ -117,113 +156,145 @@ def format_scan_results(results: dict, scan_type: str):
 @click.group(invoke_without_command=True)
 @click.option(
-    "--scan",
+    "--repo",
+    "scan_repo",
     type=str,
-    help="Repository to scan (username/repo or full GitHub URL)"
+    help="Repository to scan (username/repo, GitHub URL, SSH URL, etc.)"
 )
-@click.option("--vex", is_flag=True, help="Perform vulnerability scanning")
+@click.option("--scan", is_flag=True, help="Perform vulnerability scanning")
 @click.option("--sbom", is_flag=True, help="Generate Software Bill of Materials")
 @click.option("--detect-secret", is_flag=True, help="Detect secrets in repository")
 @click.option("--fullscan", is_flag=True, help="Perform all scan types")
 @click.option("--branch", type=str, help="Specific branch to scan (defaults to main/master)")
 @click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
-@click.version_option(version="0.1.2", prog_name="prismor")
+@click.option("--output", "-o", type=click.Path(), help="Save results to file (JSON format)")
+@click.option("--quiet", "-q", is_flag=True, help="Minimal output (only errors and final results)")
+@click.version_option(version="1.1.1", prog_name="prismor")
 @click.pass_context
-def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
-        fullscan: bool, branch: Optional[str], output_json: bool):
+def cli(ctx, scan_repo: Optional[str], scan: bool, sbom: bool, detect_secret: bool,
+        fullscan: bool, branch: Optional[str], output_json: bool, output: Optional[str], quiet: bool):
     """Prismor CLI - Security scanning tool for GitHub repositories.
     Examples:
-        prismor --scan username/repo --vex
-        prismor --scan username/repo --fullscan
-        prismor --scan https://github.com/username/repo --detect-secret
-        prismor --scan username/repo --sbom --branch develop
+        prismor --repo username/repo --scan
+        prismor --repo username/repo --fullscan
+        prismor --repo https://github.com/username/repo --detect-secret
+        prismor --repo git@github.com:username/repo.git --sbom
+        prismor --repo github.com/username/repo --fullscan --branch develop
         prismor status
         prismor repos
     """
     # If no command and no scan option, show help
-    if ctx.invoked_subcommand is None and not scan:
+    if ctx.invoked_subcommand is None and not scan_repo:
         click.echo(ctx.get_help())
         return
     # If scan option is provided, perform the scan
-    if scan:
+    if scan_repo:
         # Check if at least one scan type is selected
-        if not any([vex, sbom, detect_secret, fullscan]):
-            print_error("Please specify at least one scan type: --vex, --sbom, --detect-secret, or --fullscan")
+        if not any([scan, sbom, detect_secret, fullscan]):
+            print_error("Please specify at least one scan type: --scan, --sbom, --detect-secret, or --fullscan")
             sys.exit(1)
         try:
             # Initialize API client
-            print_info(f"Initializing Prismor scan for: {scan}")
+            if not quiet:
+                print_info(f"Initializing Prismor scan for: {scan_repo}")
             client = PrismorClient()
             # Determine scan type for display
             scan_types = []
             if fullscan:
-                scan_types.append("Full Scan (VEX + SBOM + Secret Detection)")
+                scan_types.append("Full Scan (scan + SBOM + Secret Detection)")
             else:
-                if vex:
-                    scan_types.append("VEX")
+                if scan:
+                    scan_types.append("scan")
                 if sbom:
                     scan_types.append("SBOM")
                 if detect_secret:
                     scan_types.append("Secret Detection")
-            print_info(f"Scan type: {', '.join(scan_types)}")
-            print_info("Starting scan... (this may take a few minutes)")
+            if not quiet:
+                print_info(f"Scan type: {', '.join(scan_types)}")
+                if scan or fullscan:
+                    print_info("Starting scan... (vulnerability scans run asynchronously and may take up to 10 minutes)")
+                else:
+                    print_info("Starting scan... (this may take a few minutes)")
-            # Perform scan
-            results = client.scan(
-                repo=scan,
-                vex=vex,
-                sbom=sbom,
-                detect_secret=detect_secret,
-                fullscan=fullscan,
-                branch=branch
-            )
+            # Show loading spinner during scan (unless quiet mode)
+            spinner = None
+            if not quiet and not output_json and not output:
+                spinner = Spinner("Scanning repository")
+                spinner.start()
+            try:
+                # Perform scan
+                results = client.scan(
+                    repo=scan_repo,
+                    scan=scan,
+                    sbom=sbom,
+                    detect_secret=detect_secret,
+                    fullscan=fullscan,
+                    branch=branch
+                )
+                if spinner:
+                    spinner.stop()
+            except Exception as e:
+                if spinner:
+                    spinner.stop()
+                raise e
+            # Save to file if --output specified
+            if output:
+                try:
+                    with open(output, 'w') as f:
+                        json.dump(results, f, indent=2)
+                    if not quiet:
+                        print_success(f"Results saved to: {output}")
+                except Exception as e:
+                    print_error(f"Failed to save results to file: {str(e)}")
+                    sys.exit(1)
             # Output results
-            if output_json:
-                click.echo(json.dumps(results, indent=2))
+            if output_json or output:
+                if not output:  # Only print to stdout if not saving to file
+                    click.echo(json.dumps(results, indent=2))
             else:
-                print_success("Scan completed successfully!")
+                if not quiet:
+                    print_success("Scan completed successfully!")
                 format_scan_results(results, ', '.join(scan_types))
-                # Try to get repository ID and display dashboard link
-                try:
-                    # Extract repo name from scan input
-                    repo_name = scan
-                    if scan.startswith("http://") or scan.startswith("https://"):
-                        # Extract from GitHub URL
-                        if "github.com/" in scan:
-                            repo_name = scan.split("github.com/")[1].rstrip("/")
-                    # Get repository ID
-                    repo_info = client.get_repository_by_name(repo_name)
-                    if repo_info.get("success") and "repository" in repo_info:
-                        repo_id = repo_info["repository"]["id"]
-                        dashboard_url = f"https://prismor.dev/repositories/{repo_id}"
+                # Try to get repository ID and display dashboard link (unless quiet mode)
+                if not quiet:
+                    try:
+                        # Extract repo name from scan input using the comprehensive parser
+                        repo_name = parse_github_repo(scan_repo)
-                        click.echo("\n" + "=" * 60)
-                        click.secho("  📊 Dashboard Analysis", fg="cyan", bold=True)
-                        click.echo("=" * 60)
-                        click.secho(f"🔗 View detailed analysis and insights:", fg="blue")
-                        click.secho(f"   {dashboard_url}", fg="green", bold=True)
-                        click.echo("\n💡 The dashboard provides:")
-                        click.echo("   • Interactive visualizations and charts")
-                        click.echo("   • Historical vulnerability trends")
-                        click.echo("   • Detailed security reports")
-                        click.echo("   • Team collaboration features")
-                        click.echo("   • Export capabilities")
-                        click.echo("=" * 60 + "\n")
-                except PrismorAPIError as e:
-                    # Repository might not be found, continue without dashboard link
-                    print_warning(f"Could not generate dashboard link: {str(e)}")
-                except Exception as e:
-                    # Any other error, continue without dashboard link
-                    print_warning(f"Could not generate dashboard link: {str(e)}")
+                        # Get repository ID
+                        repo_info = client.get_repository_by_name(repo_name)
+                        if repo_info.get("success") and "repository" in repo_info:
+                            repo_id = repo_info["repository"]["id"]
+                            dashboard_url = f"https://prismor.dev/repositories/{repo_id}"
+                            click.echo("\n" + "=" * 60)
+                            click.secho("  📊 Dashboard Analysis", fg="cyan", bold=True)
+                            click.echo("=" * 60)
+                            click.secho(f"🔗 View detailed analysis and insights:", fg="blue")
+                            click.secho(f"   {dashboard_url}", fg="green", bold=True)
+                            click.echo("\n💡 The dashboard provides:")
+                            click.echo("   • Interactive visualizations and charts")
+                            click.echo("   • Historical vulnerability trends")
+                            click.echo("   • Detailed security reports")
+                            click.echo("   • Team collaboration features")
+                            click.echo("   • Export capabilities")
+                            click.echo("=" * 60 + "\n")
+                    except PrismorAPIError as e:
+                        # Repository might not be found, continue without dashboard link
+                        print_warning(f"Could not generate dashboard link: {str(e)}")
+                    except Exception as e:
+                        # Any other error, continue without dashboard link
+                        print_warning(f"Could not generate dashboard link: {str(e)}")
         except PrismorAPIError as e:
             print_error(str(e))
@@ -236,7 +307,7 @@ def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
 @cli.command()
 def version():
     """Display the version of Prismor CLI."""
-    click.echo("Prismor CLI v0.1.0")
+    click.echo("Prismor CLI v1.1.0")
 @cli.command()
@@ -256,6 +327,8 @@ def config():
         print_success(f"PRISMOR_API_KEY: {masked_key}")
     else:
         print_error("PRISMOR_API_KEY: Not set")
+        click.echo("\nPlease specify your API key. You can generate one for free at:")
+        click.secho("  https://www.prismor.dev/cli", fg="cyan", underline=True)
         click.echo("\nTo set your API key, run:")
         click.echo("  export PRISMOR_API_KEY=your_api_key")
@@ -268,7 +341,14 @@ def repos():
     """List your connected repositories."""
     try:
         client = PrismorClient()
-        repos_data = client.get_repositories()
+        spinner = Spinner("Loading repositories")
+        spinner.start()
+        try:
+            repos_data = client.get_repositories()
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
         click.echo("\n" + "=" * 60)
         click.secho("  Your Repositories", fg="cyan", bold=True)
@@ -299,12 +379,216 @@ def repos():
         sys.exit(1)
+@cli.command()
+@click.argument("repo", type=str)
+@click.option("--branch", type=str, help="Specific branch to scan (defaults to main)")
+@click.option("--token", type=str, help="GitHub token (or set GITHUB_TOKEN env var)")
+@click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
+def start_scan(repo: str, branch: Optional[str], token: Optional[str], output_json: bool):
+    """Start a vulnerability scan and return a job_id for status checking.
+    REPO is the repository to scan (username/repo, GitHub URL, SSH URL, etc.)
+    This command starts a scan asynchronously and returns immediately with a job_id.
+    Use 'prismor scan-status <job_id>' to check when the scan completes.
+    Note: Requires GitHub token. Set GITHUB_TOKEN environment variable or use --token option.
+    Examples:
+        prismor start-scan username/repo
+        prismor start-scan https://github.com/username/repo --branch develop
+        prismor start-scan username/repo --token ghp_xxxxx
+        prismor start-scan username/repo --json
+    """
+    try:
+        client = PrismorClient()
+        print_info(f"Starting vulnerability scan for: {repo}")
+        if branch:
+            print_info(f"Branch: {branch}")
+        spinner = Spinner("Starting scan")
+        spinner.start()
+        try:
+            result = client.start_vulnerability_scan(repo, branch, token)
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
+        if output_json:
+            click.echo(json.dumps(result, indent=2))
+        else:
+            click.echo("\n" + "=" * 60)
+            click.secho("  Scan Started", fg="cyan", bold=True)
+            click.echo("=" * 60 + "\n")
+            job_id = result.get("job_id")
+            if job_id:
+                print_success(f"Scan started successfully!")
+                click.echo()
+                click.secho(f"Job ID: {job_id}", fg="yellow", bold=True)
+                click.echo()
+                click.secho("Repository:", fg="yellow", bold=True)
+                click.echo(f"  {result.get('repository', repo)}")
+                click.echo()
+                if "branch" in result:
+                    click.secho("Branch:", fg="yellow", bold=True)
+                    click.echo(f"  {result['branch']}")
+                    click.echo()
+                click.secho("Status:", fg="yellow", bold=True)
+                click.echo(f"  {result.get('status', 'accepted')}")
+                click.echo()
+                click.secho("Next Steps:", fg="cyan", bold=True)
+                click.echo(f"  Check scan status with:")
+                click.secho(f"    prismor scan-status {job_id}", fg="green", bold=True)
+                click.echo()
+            else:
+                print_error("Failed to get job_id from response")
+                click.echo(json.dumps(result, indent=2))
+            click.echo("=" * 60 + "\n")
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
+@cli.command()
+@click.argument("job_id", type=str)
+@click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
+def scan_status(job_id: str, output_json: bool):
+    """Check the status of a vulnerability scan job.
+    JOB_ID is the job ID returned when starting a scan.
+    Examples:
+        prismor scan-status a724a4663cda4bf087ad171683cb726d
+        prismor scan-status 50cbe253e5634227b81fe744c2a0b3e7 --json
+    """
+    try:
+        client = PrismorClient()
+        print_info(f"Checking scan status for job: {job_id}")
+        spinner = Spinner("Checking status")
+        spinner.start()
+        try:
+            status_data = client.check_scan_status(job_id)
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
+        if output_json:
+            click.echo(json.dumps(status_data, indent=2))
+        else:
+            click.echo("\n" + "=" * 60)
+            click.secho("  Scan Status", fg="cyan", bold=True)
+            click.echo("=" * 60 + "\n")
+            click.secho(f"Job ID: {status_data.get('job_id', job_id)}", fg="yellow", bold=True)
+            click.echo()
+            status = status_data.get("status", "unknown")
+            if status == "completed":
+                print_success(f"Status: {status}")
+                click.echo()
+                if "repository" in status_data:
+                    click.secho("Repository:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['repository']}")
+                    click.echo()
+                if "branch" in status_data:
+                    click.secho("Branch:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['branch']}")
+                    click.echo()
+                if "duration" in status_data:
+                    click.secho("Duration:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['duration']:.2f} seconds")
+                    click.echo()
+                if "public_url" in status_data:
+                    click.secho("Results URL:", fg="yellow", bold=True)
+                    click.secho(f"  {status_data['public_url']}", fg="green")
+                    click.echo()
+                if "presigned_url" in status_data:
+                    click.secho("Presigned URL (expires in 1 hour):", fg="yellow", bold=True)
+                    click.secho(f"  {status_data['presigned_url']}", fg="blue")
+                    click.echo()
+                # Display vulnerability summary if available
+                if "summary" in status_data:
+                    summary = status_data["summary"]
+                    click.secho("Vulnerability Summary:", fg="yellow", bold=True)
+                    click.echo(f"  Total Vulnerabilities: {summary.get('total_vulnerabilities', 0)}")
+                    click.echo(f"  Total Targets Scanned: {summary.get('total_targets', 0)}")
+                    click.echo()
+                    severity_breakdown = summary.get('severity_breakdown', {})
+                    if severity_breakdown:
+                        click.secho("  Severity Breakdown:", fg="yellow")
+                        if severity_breakdown.get('CRITICAL', 0) > 0:
+                            click.secho(f"    CRITICAL: {severity_breakdown['CRITICAL']}", fg="red", bold=True)
+                        if severity_breakdown.get('HIGH', 0) > 0:
+                            click.secho(f"    HIGH: {severity_breakdown['HIGH']}", fg="red")
+                        if severity_breakdown.get('MEDIUM', 0) > 0:
+                            click.secho(f"    MEDIUM: {severity_breakdown['MEDIUM']}", fg="yellow")
+                        if severity_breakdown.get('LOW', 0) > 0:
+                            click.secho(f"    LOW: {severity_breakdown['LOW']}", fg="blue")
+                        if severity_breakdown.get('UNKNOWN', 0) > 0:
+                            click.secho(f"    UNKNOWN: {severity_breakdown['UNKNOWN']}", fg="white")
+                        click.echo()
+                if "scan_date" in status_data:
+                    click.secho("Scan Date:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['scan_date']}")
+                    click.echo()
+            elif status == "running":
+                print_info(f"Status: {status}")
+                if "message" in status_data:
+                    click.echo(f"  {status_data['message']}")
+                click.echo()
+                click.echo("The scan is still in progress. Check back in a few moments.")
+                click.echo()
+            elif status == "failed":
+                print_error(f"Status: {status}")
+                if "error" in status_data:
+                    click.echo(f"  Error: {status_data['error']}")
+                click.echo()
+            else:
+                click.secho(f"Status: {status}", fg="yellow")
+                click.echo()
+            click.echo("=" * 60 + "\n")
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
 @cli.command()
 def status():
     """Check your account status and GitHub integration."""
     try:
         client = PrismorClient()
-        auth_data = client.authenticate()
+        spinner = Spinner("Checking account status")
+        spinner.start()
+        try:
+            auth_data = client.authenticate()
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
         click.echo("\n" + "=" * 60)
         click.secho("  Account Status", fg="cyan", bold=True)
@@ -312,9 +596,7 @@ def status():
         user_info = auth_data.get("user", {})
         if user_info:
-            click.secho(f"User: {user_info.get('name', 'Unknown')} ({user_info.get('email', 'No email')})", fg="yellow")
-            click.echo()
             repositories = user_info.get("repositories", [])
             click.secho(f"Connected Repositories: {len(repositories)}", fg="green")

prismor 0.1.2__py3-none-any.whl → 1.1.1__py3-none-any.whl

prismor 0.1.2py3-none-any.whl → 1.1.1py3-none-any.whl