pysentry-rs 0.1.5__cp39-cp39-macosx_11_0_arm64.whl → 0.2.1__cp39-cp39-macosx_11_0_arm64.whl

pysentry/__init__.py

@@ -2,7 +2,7 @@
 
 from ._internal import audit_python, audit_with_options, check_resolvers, check_version
 
-__version__ = "0.1.5"
+__version__ = "0.2.1"
 __all__ = [
     "audit_python",
     "audit_with_options",
@@ -12,78 +12,157 @@ __all__ = [
 ]
 
 
+def resolve_sources(source, sources_list):
+    import sys
+
+    resolved_sources = []
+
+    if sources_list:
+        for source_arg in sources_list:
+            for source_str in source_arg.split(","):
+                source_str = source_str.strip()
+                if not source_str:
+                    continue
+                if source_str not in ["pypa", "pypi", "osv"]:
+                    print(
+                        f"Error: Invalid vulnerability source: '{source_str}'. Valid sources: pypa, pypi, osv",
+                        file=sys.stderr,
+                    )
+                    sys.exit(1)
+                resolved_sources.append(source_str)
+
+    if not resolved_sources:
+        if source != "pypa":
+            print(
+                "Warning: --source flag is deprecated and will be removed in a future version. Use --sources instead.",
+                file=sys.stderr,
+            )
+            resolved_sources.append(source)
+        else:
+            resolved_sources.append("pypa")
+
+    unique_sources = []
+    for src in resolved_sources:
+        if src not in unique_sources:
+            unique_sources.append(src)
+
+    return unique_sources
+
+
 def main():
     """CLI entry point."""
     import sys
     import argparse
 
-    # Handle the case where first argument is 'resolvers'
-    if len(sys.argv) > 1 and sys.argv[1] == "resolvers":
-        # Parse resolvers subcommand
-        parser = argparse.ArgumentParser(
-            prog="pysentry-rs resolvers",
-            description="Check available dependency resolvers",
-        )
-        parser.add_argument(
-            "--verbose", "-v", action="store_true", help="Enable verbose output"
-        )
+    # Global flag to track if deprecation warning has been shown
+    _deprecation_warning_shown = False
 
-        # Remove 'resolvers' from args and parse the rest
-        args = parser.parse_args(sys.argv[2:])
+    def handle_all_flags(args):
+        """Handle the deprecated --all flag and new --all-extras flag with appropriate warnings."""
+        nonlocal _deprecation_warning_shown
 
-        try:
-            result = check_resolvers(args.verbose)
-            print(result)
-        except Exception as e:
-            print(f"Error: {e}", file=sys.stderr)
-            sys.exit(1)
-        return
-
-    # Handle the case where first argument is 'check-version'
-    if len(sys.argv) > 1 and sys.argv[1] == "check-version":
-        # Parse check-version subcommand
-        parser = argparse.ArgumentParser(
-            prog="pysentry-rs check-version",
-            description="Check if a newer version is available",
-        )
-        parser.add_argument(
-            "--verbose", "-v", action="store_true", help="Enable verbose output"
-        )
+        if args.all and getattr(args, "all_extras", False):
+            if not _deprecation_warning_shown:
+                print(
+                    "Warning: Both --all and --all-extras flags are specified. Using --all-extras only. The --all flag is deprecated.",
+                    file=sys.stderr,
+                )
+                _deprecation_warning_shown = True
+            return True
+        elif args.all:
+            if not _deprecation_warning_shown:
+                print(
+                    "Warning: --all flag is deprecated and will be removed in a future version. Use --all-extras instead.",
+                    file=sys.stderr,
+                )
+                _deprecation_warning_shown = True
+            return True
+        else:
+            return getattr(args, "all_extras", False)
 
-        # Remove 'check-version' from args and parse the rest
-        args = parser.parse_args(sys.argv[2:])
+    # Handle subcommands manually to match Rust CLI structure exactly
+    if len(sys.argv) > 1:
+        if sys.argv[1] == "resolvers":
+            # Resolvers subcommand
+            parser = argparse.ArgumentParser(
+                prog="pysentry resolvers",
+                description="Check available dependency resolvers",
+            )
+            parser.add_argument(
+                "-v", "--verbose", action="store_true", help="Enable verbose output"
+            )
 
-        try:
-            result = check_version(args.verbose)
-            print(result)
-        except Exception as e:
-            print(f"Error: {e}", file=sys.stderr)
-            sys.exit(1)
-        return
+            args = parser.parse_args(sys.argv[2:])
+            try:
+                result = check_resolvers(args.verbose)
+                print(result)
+            except Exception as e:
+                print(f"Error: {e}", file=sys.stderr)
+                sys.exit(1)
+            return
 
-    # Default audit command parser
+        elif sys.argv[1] == "check-version":
+            # Check-version subcommand
+            parser = argparse.ArgumentParser(
+                prog="pysentry-rs check-version",
+                description="Check if a newer version is available",
+            )
+            parser.add_argument(
+                "-v", "--verbose", action="store_true", help="Enable verbose output"
+            )
+
+            args = parser.parse_args(sys.argv[2:])
+            try:
+                result = check_version(args.verbose)
+                print(result)
+            except Exception as e:
+                print(f"Error: {e}", file=sys.stderr)
+                sys.exit(1)
+            return
+        elif sys.argv[1] in ["-h", "--help"]:
+            # Show main help
+            pass
+        elif sys.argv[1] in ["-V", "--version"]:
+            print(f"pysentry-rs {__version__}")
+            return
+
+    # Main parser for audit command (default) and help
     parser = argparse.ArgumentParser(
         prog="pysentry-rs",
         description="Security vulnerability auditing for Python packages",
+        usage="pysentry-rs [OPTIONS] [PATH] [COMMAND]",
+    )
+
+    # Add version argument
+    parser.add_argument(
+        "-V", "--version", action="version", version=f"pysentry-rs {__version__}"
     )
 
+    # Main audit arguments
     parser.add_argument(
         "path",
         nargs="?",
         default=".",
-        help="Path to the project directory to audit (default: current directory)",
+        metavar="PATH",
+        help="Path to the project directory to audit [default: .]",
     )
     parser.add_argument(
         "--format",
-        choices=["human", "json", "sarif"],
+        choices=["human", "json", "sarif", "markdown"],
         default="human",
-        help="Output format (default: human)",
+        help="Output format [default: human] [possible values: human, json, sarif, markdown]",
     )
     parser.add_argument(
         "--severity",
         choices=["low", "medium", "high", "critical"],
         default="low",
-        help="Minimum severity level to report (default: low)",
+        help="Minimum severity level to report [default: low] [possible values: low, medium, high, critical]",
+    )
+    parser.add_argument(
+        "--fail-on",
+        choices=["low", "medium", "high", "critical"],
+        default="medium",
+        help="Fail (exit non-zero) if vulnerabilities of this severity or higher are found [default: medium] [possible values: low, medium, high, critical]",
     )
     parser.add_argument(
         "--ignore",
@@ -93,13 +172,17 @@ def main():
         help="Vulnerability IDs to ignore (can be specified multiple times)",
     )
     parser.add_argument(
-        "--output", "-o", metavar="FILE", help="Output file path (defaults to stdout)"
+        "-o", "--output", metavar="FILE", help="Output file path (defaults to stdout)"
     )
     parser.add_argument(
-        "--dev", action="store_true", help="Include development dependencies"
+        "--all",
+        action="store_true",
+        help=argparse.SUPPRESS,  # Hide deprecated flag from help
     )
     parser.add_argument(
-        "--optional", action="store_true", help="Include optional dependencies"
+        "--all-extras",
+        action="store_true",
+        help="Include ALL extra dependencies (main + dev, optional, etc)",
     )
     parser.add_argument(
         "--direct-only",
@@ -112,13 +195,18 @@ def main():
         "--source",
         choices=["pypa", "pypi", "osv"],
         default="pypa",
-        help="Vulnerability data source (default: pypa)",
+        help="Vulnerability data source [DEPRECATED: use --sources instead] [default: pypa] [possible values: pypa, pypi, osv]",
+    )
+    parser.add_argument(
+        "--sources",
+        action="append",
+        help="Vulnerability data sources (can be specified multiple times or comma-separated)",
     )
     parser.add_argument(
         "--resolver",
         choices=["uv", "pip-tools"],
         default="uv",
-        help="Dependency resolver for requirements.txt files (default: uv)",
+        help="Dependency resolver for requirements.txt files [default: uv] [possible values: uv, pip-tools]",
     )
     parser.add_argument(
         "--requirements-files",
@@ -127,25 +215,41 @@ def main():
         help="Specific requirements files to audit (disables auto-discovery)",
     )
     parser.add_argument(
-        "--verbose", "-v", action="store_true", help="Enable verbose output"
+        "-v", "--verbose", action="store_true", help="Enable verbose output"
     )
     parser.add_argument(
-        "--quiet", "-q", action="store_true", help="Suppress non-error output"
+        "-q", "--quiet", action="store_true", help="Suppress non-error output"
     )
 
+    # Add custom help text for commands
+    parser.epilog = """
+Commands:
+  resolvers      Check available dependency resolvers
+  check-version  Check if a newer version is available
+  help           Print this message or the help of the given subcommand(s)
+"""
+
     args = parser.parse_args()
 
     try:
-        # Main audit functionality
+        # Main audit functionality - handle deprecated --all flag and new --all-extras flag
+        include_all = handle_all_flags(args)
+        dev = include_all
+        optional = include_all
+
+        resolved_sources = resolve_sources(
+            args.source, getattr(args, "sources", None) or []
+        )
+
         result = audit_with_options(
             path=args.path,
             format=args.format,
-            source=args.source,
+            sources=resolved_sources,
             min_severity=args.severity,
             ignore_ids=args.ignore_ids,
             output=args.output,
-            dev=args.dev,
-            optional=args.optional,
+            dev=dev,
+            optional=optional,
             direct_only=args.direct_only,
             no_cache=args.no_cache,
             cache_dir=args.cache_dir,
@@ -158,6 +262,27 @@ def main():
         if not args.output:
             print(result)
 
+        if args.format == "json":
+            import json
+
+            try:
+                report_data = json.loads(result)
+                vulnerabilities = report_data.get("vulnerabilities", [])
+
+                severity_levels = {"low": 1, "medium": 2, "high": 3, "critical": 4}
+                fail_on_level = severity_levels.get(args.fail_on, 2)  # default medium
+
+                for vuln in vulnerabilities:
+                    vuln_severity = vuln.get("severity", "low").lower()
+                    vuln_level = severity_levels.get(vuln_severity, 1)
+                    if vuln_level >= fail_on_level:
+                        sys.exit(1)
+
+            except (json.JSONDecodeError, KeyError):
+                pass
+        else:
+            pass
+
     except Exception as e:
         print(f"Error: {e}", file=sys.stderr)
         sys.exit(1)

{pysentry_rs-0.1.5.dist-info → pysentry_rs-0.2.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.1.5
+Version: 0.2.1
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -26,30 +26,32 @@ Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
 
 # 🐍 PySentry
 
+[![OSV Integration](https://img.shields.io/badge/OSV-Integrated-blue)](https://google.github.io/osv.dev/)
+
 [Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12)
 
 A fast, reliable security vulnerability scanner for Python projects, written in Rust.
 
 ## Overview
 
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
 
 ## Key Features
 
-- **Multiple Project Formats**: Supports `uv.lock`, `pyproject.toml`, and `requirements.txt` files
+- **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` files
 - **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
 - **Multiple Data Sources**:
   - PyPA Advisory Database (default)
   - PyPI JSON API
   - OSV.dev (Open Source Vulnerabilities)
-- **Flexible Output**: Human-readable, JSON, and SARIF formats
+- **Flexible Output for different workflows**: Human-readable, JSON, SARIF, and Markdown formats
 - **Performance Focused**:
   - Written in Rust for speed
   - Async/concurrent processing
   - Intelligent caching system
 - **Comprehensive Filtering**:
   - Severity levels (low, medium, high, critical)
-  - Dependency types (production, development, optional)
+  - Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
   - Direct vs. transitive dependencies
 - **Enterprise Ready**: SARIF output for IDE/CI integration
 
@@ -174,7 +176,7 @@ pip install pip-tools
   ```
 - Alternatively, install resolvers globally for system-wide availability
 
-**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `pyproject.toml` files can be scanned.
+**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `poetry.lock` files can be scanned.
 
 ## Quick Start
 
@@ -189,15 +191,15 @@ uvx pysentry-rs /path/to/python/project
 pysentry
 pysentry /path/to/python/project
 
-# Scan requirements.txt (auto-detects resolver)
+# Automatically detects project type (uv.lock, poetry.lock, pyproject.toml, requirements.txt)
 pysentry /path/to/project
 
 # Force specific resolver
 pysentry --resolver uv /path/to/project
 pysentry --resolver pip-tools /path/to/project
 
-# Include development dependencies
-pysentry --dev
+# Include all dependencies (main + dev + optional)
+pysentry --all-extras
 
 # Filter by severity (only show high and critical)
 pysentry --severity high
@@ -210,14 +212,22 @@ pysentry --format json --output audit-results.json
 
 ```bash
 # Using uvx for comprehensive audit
-uvx pysentry-rs --dev --optional --format sarif --output security-report.sarif
+uvx pysentry-rs --all-extras --format sarif --output security-report.sarif
+
+# Check multiple vulnerability sources concurrently
+uvx pysentry-rs --sources pypa,osv,pypi /path/to/project
+uvx pysentry-rs --sources pypa --sources osv --sources pypi
+
+# Generate markdown report
+uvx pysentry-rs --format markdown --output security-report.md
 
-# Check only direct dependencies using OSV database
-uvx pysentry-rs --direct-only --source osv
+# Control CI exit codes - only fail on critical vulnerabilities
+uvx pysentry-rs --fail-on critical
 
 # Or with installed binary
-pysentry --dev --optional --format sarif --output security-report.sarif
-pysentry --direct-only --source osv
+pysentry --all-extras --format sarif --output security-report.sarif
+pysentry --sources pypa,osv --direct-only
+pysentry --format markdown --output security-report.md
 
 # Ignore specific vulnerabilities
 pysentry --ignore CVE-2023-12345 --ignore GHSA-xxxx-yyyy-zzzz
@@ -246,26 +256,45 @@ pysentry /path/to/project
 pysentry --verbose --resolver uv /path/to/project
 ```
 
+### CI/CD Integration Examples
+
+```bash
+# Development environment - only fail on critical vulnerabilities
+pysentry --fail-on critical --format json --output security-report.json
+
+# Staging environment - fail on high+ vulnerabilities
+pysentry --fail-on high --sources pypa,osv --format sarif --output security.sarif
+
+# Production deployment - strict security (fail on medium+, default)
+pysentry --sources pypa,pypi,osv --format json --output prod-security.json
+
+# Generate markdown report for GitHub issues/PRs
+pysentry --format markdown --output SECURITY-REPORT.md
+
+# Comprehensive audit with all sources and full reporting
+pysentry --sources pypa,pypi,osv --all-extras --format json --fail-on low
+```
+
 ## Configuration
 
 ### Command Line Options
 
-| Option           | Description                                           | Default             |
-| ---------------- | ----------------------------------------------------- | ------------------- |
-| `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
-| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
-| `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--dev`          | Include development dependencies                      | `false`             |
-| `--optional`     | Include optional dependencies                         | `false`             |
-| `--direct-only`  | Check only direct dependencies                        | `false`             |
-| `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
-| `--output`       | Output file path                                      | `stdout`            |
-| `--no-cache`     | Disable caching                                       | `false`             |
-| `--cache-dir`    | Custom cache directory                                | `~/.cache/pysentry` |
-| `--verbose`      | Enable verbose output                                 | `false`             |
-| `--quiet`        | Suppress non-error output                             | `false`             |
-| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`        | `auto`              |
-| `--requirements` | Additional requirements files (repeatable)            | `[]`                |
+| Option           | Description                                             | Default             |
+| ---------------- | ------------------------------------------------------- | ------------------- |
+| `--format`       | Output format: `human`, `json`, `sarif`, `markdown`     | `human`             |
+| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical`   | `low`               |
+| `--fail-on`      | Fail (exit non-zero) on vulnerabilities ≥ severity      | `medium`            |
+| `--sources`      | Vulnerability sources: `pypa`, `pypi`, `osv` (multiple) | `pypa`              |
+| `--all-extras`   | Include all dependencies (main + dev + optional)        | `false`             |
+| `--direct-only`  | Check only direct dependencies                          | `false`             |
+| `--ignore`       | Vulnerability IDs to ignore (repeatable)                | `[]`                |
+| `--output`       | Output file path                                        | `stdout`            |
+| `--no-cache`     | Disable caching                                         | `false`             |
+| `--cache-dir`    | Custom cache directory                                  | `~/.cache/pysentry` |
+| `--verbose`      | Enable verbose output                                   | `false`             |
+| `--quiet`        | Suppress non-error output                               | `false`             |
+| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`          | `auto`              |
+| `--requirements` | Additional requirements files (repeatable)              | `[]`                |
 
 ### Cache Management
 
@@ -293,6 +322,23 @@ PySentry has support for `uv.lock` files:
 - Source tracking
 - Dependency classification (main, dev, optional) including transitive dependencies
 
+### poetry.lock Files
+
+Full support for Poetry lock files:
+
+- **Exact Version Resolution**: Scans exact dependency versions locked by Poetry
+- **Lock-File Only Analysis**: Relies purely on the lock file structure, no pyproject.toml parsing needed
+- **Complete Dependency Tree**: Analyzes all resolved dependencies including transitive ones
+- **Dependency Classification**: Distinguishes between main dependencies and optional groups (dev, test, etc.)
+- **Source Tracking**: Supports PyPI registry, Git repositories, local paths, and direct URLs
+
+**Key Features:**
+
+- No external tools required
+- Fast parsing with exact version information
+- Handles Poetry's dependency groups and optional dependencies
+- Perfect for Poetry-managed projects with established lock files
+
 ### requirements.txt Files (External Resolution)
 
 Advanced support for `requirements.txt` files using external dependency resolvers:
@@ -360,6 +406,10 @@ Support for projects without lock files:
 
 Most comfortable to read.
 
+### Markdown
+
+GitHub-friendly format with structured sections and severity indicators. Perfect for documentation, GitHub issues, and security reports.
+
 ### JSON
 
 ```json
@@ -447,7 +497,7 @@ src/
 
 ```bash
 # Ensure you're in a Python project directory
-ls pyproject.toml uv.lock requirements.txt
+ls pyproject.toml uv.lock poetry.lock requirements.txt
 
 # Or specify the path explicitly
 pysentry /path/to/python/project
@@ -494,8 +544,9 @@ pysentry --verbose /path/to/project
 # Check network connectivity
 curl -I https://osv-vulnerabilities.storage.googleapis.com/
 
-# Try with different source
-pysentry --source pypi
+# Try with different or multiple sources
+pysentry --sources pypi
+pysentry --sources pypa,osv
 ```
 
 **Slow requirements.txt resolution**
@@ -524,7 +575,7 @@ pysentry /path/to/python/project
 pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
 
 # Check if higher-priority files exist (they take precedence)
-ls uv.lock pyproject.toml
+ls uv.lock poetry.lock pyproject.toml
 ```
 
 **Performance Issues**

pysentry_rs-0.2.1.dist-info/RECORD

@@ -0,0 +1,8 @@
+pysentry/__init__.py,sha256=7j3_zsnLLnKCaLgYXDrW3xm4AkmbE-ofoa5PX-79rGY,9792
+pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
+pysentry/_internal.cpython-39-darwin.so,sha256=IiQAoVDgDhvpe_Kqo4tOt1QVyRl3pkPMeBLbVSVHO_c,6395008
+pysentry_rs-0.2.1.dist-info/METADATA,sha256=4_2U3eoQuhETKDwaZVXbCqW9OGpUmzWhDTx2ppNn-Vw,19333
+pysentry_rs-0.2.1.dist-info/WHEEL,sha256=XNDUDUieSorG-Y7wZ8qiKEUDK0umKv3PscUlyjQeFKE,102
+pysentry_rs-0.2.1.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
+pysentry_rs-0.2.1.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
+pysentry_rs-0.2.1.dist-info/RECORD,,

pysentry_rs-0.1.5.dist-info/RECORD

@@ -1,8 +0,0 @@
-pysentry/__init__.py,sha256=t1lvpozrRrRipRHMSTK28BcMgkCXJNhpGVwi0GkjY8c,5089
-pysentry/__main__.py,sha256=FJdFFQuSE8TYsZtY_vb00oCE2nvq9hB6MhMLBxnn7Ns,117
-pysentry/_internal.cpython-39-darwin.so,sha256=XQwsz9kuj1ggKF3RQdDkTyEQqpfbhSC2Xzt_CQ2CSSA,6156016
-pysentry_rs-0.1.5.dist-info/METADATA,sha256=VVt36MRhL3evoIIFKxL0Cw-TVNwyLQO_QMx0URpGGJc,17030
-pysentry_rs-0.1.5.dist-info/WHEEL,sha256=XNDUDUieSorG-Y7wZ8qiKEUDK0umKv3PscUlyjQeFKE,102
-pysentry_rs-0.1.5.dist-info/entry_points.txt,sha256=3bJguekVEbXTn-ceDCWJaSIZScquPPP1Ux9TPVHHanE,44
-pysentry_rs-0.1.5.dist-info/licenses/LICENSE,sha256=TAMtDCoJuavXz7pCEklrzjH55sdvsy5gKsXY9NsImwY,34878
-pysentry_rs-0.1.5.dist-info/RECORD,,