socketsecurity 0.0.75__tar.gz → 0.0.77__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. {socketsecurity-0.0.75/socketsecurity.egg-info → socketsecurity-0.0.77}/PKG-INFO +1 -1
  2. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/pyproject.toml +1 -1
  3. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/__init__.py +4 -8
  4. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/classes.py +4 -0
  5. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/github.py +16 -8
  6. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/messages.py +22 -19
  7. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/socketcli.py +35 -2
  8. {socketsecurity-0.0.75 → socketsecurity-0.0.77/socketsecurity.egg-info}/PKG-INFO +1 -1
  9. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/LICENSE +0 -0
  10. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/README.md +0 -0
  11. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/setup.cfg +0 -0
  12. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/__init__.py +0 -0
  13. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/exceptions.py +0 -0
  14. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/gitlab.py +0 -0
  15. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/issues.py +0 -0
  16. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity/core/licenses.py +0 -0
  17. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity.egg-info/SOURCES.txt +0 -0
  18. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity.egg-info/dependency_links.txt +0 -0
  19. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity.egg-info/entry_points.txt +0 -0
  20. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity.egg-info/requires.txt +0 -0
  21. {socketsecurity-0.0.75 → socketsecurity-0.0.77}/socketsecurity.egg-info/top_level.txt +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: socketsecurity
3
- Version: 0.0.75
3
+ Version: 0.0.77
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "socketsecurity"
7
- version = "0.0.75"
7
+ version = "0.0.77"
8
8
  requires-python = ">= 3.9"
9
9
  dependencies = [
10
10
  'requests',
@@ -1,6 +1,4 @@
1
1
  import logging
2
- import os.path
3
-
4
2
  import requests
5
3
  from urllib.parse import urlencode
6
4
  import base64
@@ -27,7 +25,7 @@ import time
27
25
 
28
26
 
29
27
  __author__ = 'socket.dev'
30
- __version__ = '0.0.75'
28
+ __version__ = '0.0.77'
31
29
  __all__ = [
32
30
  "Core",
33
31
  "log",
@@ -395,8 +393,7 @@ class Core:
395
393
  file = file.replace("\\", "/")
396
394
  found_path, file_name = file.rsplit("/", 1)
397
395
  details = (found_path, file_name)
398
- if os.path.isfile(file):
399
- all_files.append(details)
396
+ all_files.append(details)
400
397
  return all_files
401
398
 
402
399
  @staticmethod
@@ -492,7 +489,7 @@ class Core:
492
489
  head_full_scan = Core.get_sbom_data(head_full_scan_id)
493
490
  head_end = time.time()
494
491
  total_head_time = head_end - head_start
495
- print(f"Total time to get head full-scan {total_head_time: .2f}")
492
+ log.info(f"Total time to get head full-scan {total_head_time: .2f}")
496
493
  except APIResourceNotFound:
497
494
  head_full_scan = []
498
495
  if files is not None and len(files) > 0:
@@ -501,7 +498,7 @@ class Core:
501
498
  new_full_scan.packages = Core.create_sbom_dict(new_full_scan.sbom_artifacts)
502
499
  new_scan_end = time.time()
503
500
  total_new_time = new_scan_end - new_scan_start
504
- print(f"Total time to get new full-scan {total_new_time: .2f}")
501
+ log.info(f"Total time to get new full-scan {total_new_time: .2f}")
505
502
  diff_report = Core.compare_sboms(new_full_scan.sbom_artifacts, head_full_scan)
506
503
  diff_report.packages = new_full_scan.packages
507
504
  else:
@@ -650,7 +647,6 @@ class Core:
650
647
  try:
651
648
  props = getattr(all_issues, alert.type)
652
649
  except AttributeError:
653
- # log.warning(f"Unable to get issue type props: {alert.type}")
654
650
  props = None
655
651
  if props is not None:
656
652
  description = props.description
@@ -145,6 +145,8 @@ class Issue:
145
145
  suggestion: str
146
146
  introduced_by: list
147
147
  manifests: str
148
+ url: str
149
+ purl: str
148
150
 
149
151
  def __init__(self, **kwargs):
150
152
  if kwargs:
@@ -157,6 +159,8 @@ class Issue:
157
159
  self.introduced_by = []
158
160
  if not hasattr(self, "manifests"):
159
161
  self.manifests = ""
162
+ self.url = f"https://socket.dev/{self.pkg_type}/{self.pkg_name}/overview/{self.pkg_version}"
163
+ self.purl = f"{self.pkg_type}/{self.pkg_name}@{self.pkg_version}"
160
164
 
161
165
  def __str__(self):
162
166
  return json.dumps(self.__dict__)
@@ -280,15 +280,23 @@ class Github:
280
280
  ignore_all = True
281
281
  else:
282
282
  command = command.lstrip("ignore").strip()
283
- name, version = command.split("@")
284
- data = f"{name}, {version}"
283
+ name, version = command.rsplit("@", 1)
284
+ ecosystem, name = name.split("/", 1)
285
+ data = (ecosystem, name, version)
285
286
  ignore_commands.append(data)
286
287
  return ignore_all, ignore_commands
287
288
 
288
289
  @staticmethod
289
- def is_ignore(pkg_name: str, pkg_version: str, name: str, version: str) -> bool:
290
+ def is_ignore(
291
+ pkg_ecosystem: str,
292
+ pkg_name: str,
293
+ pkg_version: str,
294
+ ecosystem: str,
295
+ name: str,
296
+ version: str
297
+ ) -> bool:
290
298
  result = False
291
- if pkg_name == name and (pkg_version == version or version == "*"):
299
+ if pkg_ecosystem == ecosystem and pkg_name == name and (pkg_version == version or version == "*"):
292
300
  result = True
293
301
  return result
294
302
 
@@ -317,13 +325,13 @@ class Github:
317
325
  if "start-socket-alerts-table" in line:
318
326
  start = True
319
327
  elif start and "end-socket-alerts-table" not in line and not Github.is_heading_line(line) and line != '':
320
- title, package, introduced_by, manifest = line.lstrip("|").rstrip("|").split("|")
328
+ title, package, introduced_by, manifest = line.strip("|").split("|")
321
329
  details, _ = package.split("](")
322
- ecosystem, details = details.split("/", 1)
330
+ pkg_ecosystem, details = details.strip("[").split("/", 1)
323
331
  pkg_name, pkg_version = details.split("@")
324
332
  ignore = False
325
- for name, version in ignore_commands:
326
- if ignore_all or Github.is_ignore(pkg_name, pkg_version, name, version):
333
+ for ecosystem, name, version in ignore_commands:
334
+ if ignore_all or Github.is_ignore(pkg_ecosystem, pkg_name, pkg_version, ecosystem, name, version):
327
335
  ignore = True
328
336
  if not ignore:
329
337
  lines.append(line)
@@ -1,3 +1,5 @@
1
+ import json
2
+
1
3
  from mdutils import MdUtils
2
4
  from socketsecurity.core.classes import Diff, Purl, Issue
3
5
  from prettytable import PrettyTable
@@ -5,6 +7,22 @@ from prettytable import PrettyTable
5
7
 
6
8
  class Messages:
7
9
 
10
+ @staticmethod
11
+ def create_security_comment_json(diff: Diff) -> dict:
12
+ if len(diff.new_alerts) == 0:
13
+ scan_failed = False
14
+ else:
15
+ scan_failed = True
16
+ output = {
17
+ "scan_failed": scan_failed,
18
+ "new_alerts": []
19
+ }
20
+ for alert in diff.new_alerts:
21
+ alert: Issue
22
+ output["new_alerts"].append(json.loads(str(alert)))
23
+ return output
24
+
25
+
8
26
  @staticmethod
9
27
  def security_comment_template(diff: Diff) -> str:
10
28
  """
@@ -124,14 +142,14 @@ class Messages:
124
142
  alert.description,
125
143
  alert.suggestion
126
144
  ]
127
- package_url, purl = Messages.create_package_link(alert)
128
- ignore = f"`SocketSecurity ignore {purl}`"
145
+ ignore = f"`SocketSecurity ignore {alert.purl}`"
129
146
  if ignore not in ignore_commands:
130
147
  ignore_commands.append(ignore)
131
148
  manifest_str, sources = Messages.create_sources(alert, "console")
149
+ purl_url = f"[{alert.purl}]({alert.url})"
132
150
  row = [
133
151
  alert.title,
134
- package_url,
152
+ purl_url,
135
153
  ", ".join(sources),
136
154
  manifest_str
137
155
  ]
@@ -247,20 +265,6 @@ class Messages:
247
265
  package_url = f"[{purl}](https://socket.dev/{details.ecosystem}/{details.name}/overview/{details.version})"
248
266
  return package_url
249
267
 
250
- @staticmethod
251
- def create_package_link(details: Issue) -> (str, str):
252
- """
253
- Creates the package link for the Security Comment Template
254
- :param details: Purl - Details about the package needed to create the URLs
255
- :return:
256
- """
257
- purl = f"{details.pkg_name}@{details.pkg_version}"
258
- package_url = (
259
- f"[{purl}]"
260
- f"(https://socket.dev/{details.pkg_type}/{details.pkg_name}/overview/{details.pkg_version})"
261
- )
262
- return package_url, purl
263
-
264
268
  @staticmethod
265
269
  def create_console_security_alert_table(diff: Diff) -> PrettyTable:
266
270
  """
@@ -278,11 +282,10 @@ class Messages:
278
282
  )
279
283
  for alert in diff.new_alerts:
280
284
  alert: Issue
281
- package_url, purl = Messages.create_package_link(alert)
282
285
  manifest_str, sources = Messages.create_sources(alert, "console")
283
286
  row = [
284
287
  alert.title,
285
- package_url,
288
+ alert.url,
286
289
  ", ".join(sources),
287
290
  manifest_str
288
291
  ]
@@ -105,6 +105,13 @@ parser.add_argument(
105
105
  default=False
106
106
  )
107
107
 
108
+ parser.add_argument(
109
+ '--enable-json',
110
+ help='Enable json output of results instead of table formatted',
111
+ action='store_true',
112
+ default=False
113
+ )
114
+
108
115
 
109
116
  def output_console_comments(diff_report) -> None:
110
117
  console_security_comment = Messages.create_console_security_alert_table(diff_report)
@@ -116,7 +123,26 @@ def output_console_comments(diff_report) -> None:
116
123
  log.info("No New Security issues detected by Socket Security")
117
124
 
118
125
 
126
+ def output_console_json(diff_report) -> None:
127
+ console_security_comment = Messages.create_security_comment_json(diff_report)
128
+ print(json.dumps(console_security_comment))
129
+ if len(diff_report.new_alerts) > 0:
130
+ sys.exit(1)
131
+
132
+
119
133
  def cli():
134
+ try:
135
+ main_code()
136
+ except KeyboardInterrupt:
137
+ log.info("Keyboard Interrupt detected, exiting")
138
+ sys.exit(2)
139
+ except Exception as error:
140
+ log.error("Unexpected error when running the cli")
141
+ log.error(error)
142
+ sys.exit(3)
143
+
144
+
145
+ def main_code():
120
146
  arguments = parser.parse_args()
121
147
  debug = arguments.enable_debug
122
148
  if debug:
@@ -132,6 +158,7 @@ def cli():
132
158
  commit_sha = arguments.commit_sha
133
159
  sbom_file = arguments.sbom_file
134
160
  license_mode = arguments.generate_license
161
+ enable_json = arguments.enable_json
135
162
  license_file = f"{repo}"
136
163
  if branch is not None:
137
164
  license_file += f"_{branch}"
@@ -196,12 +223,18 @@ def cli():
196
223
  new_security_comment,
197
224
  new_overview_comment
198
225
  )
199
- output_console_comments(diff)
226
+ if enable_json:
227
+ output_console_json(diff)
228
+ else:
229
+ output_console_comments(diff)
200
230
  else:
201
231
  log.info("API Mode")
202
232
  diff: Diff
203
233
  diff = core.create_new_diff(target_path, params, workspace=target_path)
204
- output_console_comments(diff)
234
+ if enable_json:
235
+ output_console_json(diff)
236
+ else:
237
+ output_console_comments(diff)
205
238
  if diff is not None and license_mode:
206
239
  all_packages = {}
207
240
  for package_id in diff.packages:
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: socketsecurity
3
- Version: 0.0.75
3
+ Version: 0.0.77
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
File without changes