socketsecurity 0.0.89__tar.gz → 0.0.92__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {socketsecurity-0.0.89/socketsecurity.egg-info → socketsecurity-0.0.92}/PKG-INFO +1 -1
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/__init__.py +1 -1
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/__init__.py +5 -2
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/github.py +19 -61
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/gitlab.py +22 -91
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/socketcli.py +14 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92/socketsecurity.egg-info}/PKG-INFO +1 -1
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/LICENSE +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/README.md +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/pyproject.toml +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/setup.cfg +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/classes.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/exceptions.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/git_interface.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/issues.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/licenses.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/messages.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity/core/scm_comments.py +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity.egg-info/SOURCES.txt +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity.egg-info/dependency_links.txt +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity.egg-info/entry_points.txt +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity.egg-info/requires.txt +0 -0
- {socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity.egg-info/top_level.txt +0 -0
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
__author__ = 'socket.dev'
|
|
2
|
-
__version__ = '0.0.
|
|
2
|
+
__version__ = '0.0.92'
|
|
@@ -28,7 +28,8 @@ import time
|
|
|
28
28
|
__all__ = [
|
|
29
29
|
"Core",
|
|
30
30
|
"log",
|
|
31
|
-
"__version__"
|
|
31
|
+
"__version__",
|
|
32
|
+
"do_request"
|
|
32
33
|
]
|
|
33
34
|
|
|
34
35
|
|
|
@@ -128,8 +129,10 @@ def do_request(
|
|
|
128
129
|
else:
|
|
129
130
|
msg = {
|
|
130
131
|
"status_code": response.status_code,
|
|
132
|
+
"UnexpectedError": "There was an unexpected error using the API",
|
|
131
133
|
"error": response.text,
|
|
132
|
-
"
|
|
134
|
+
"payload": payload,
|
|
135
|
+
"url": url
|
|
133
136
|
}
|
|
134
137
|
raise APIFailure(msg)
|
|
135
138
|
|
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
import json
|
|
2
2
|
import os
|
|
3
|
-
from socketsecurity.core import log
|
|
3
|
+
from socketsecurity.core import log, do_request
|
|
4
4
|
import requests
|
|
5
|
-
from socketsecurity.core.exceptions import *
|
|
6
5
|
from socketsecurity.core.classes import Comment
|
|
7
6
|
from socketsecurity.core.scm_comments import Comments
|
|
8
7
|
import sys
|
|
@@ -54,59 +53,12 @@ for env in github_variables:
|
|
|
54
53
|
else:
|
|
55
54
|
is_default_branch = True
|
|
56
55
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
method: str = "GET",
|
|
64
|
-
) -> dict:
|
|
65
|
-
"""
|
|
66
|
-
do_requests is the shared function for making HTTP calls
|
|
67
|
-
|
|
68
|
-
:param path: Required path for the request
|
|
69
|
-
:param headers: Optional dictionary of headers. If not set will use a default set
|
|
70
|
-
:param payload: Optional dictionary or string of the payload to pass
|
|
71
|
-
:param files: Optional list of files to upload
|
|
72
|
-
:param method: Optional method to use, defaults to GET
|
|
73
|
-
:return:
|
|
74
|
-
"""
|
|
75
|
-
if gh_api_token is None or gh_api_token == "":
|
|
76
|
-
raise APIKeyMissing
|
|
77
|
-
|
|
78
|
-
if headers is None:
|
|
79
|
-
headers = {
|
|
80
|
-
'Authorization': f"Bearer {gh_api_token}",
|
|
81
|
-
'User-Agent': 'SocketPythonScript/0.0.1',
|
|
82
|
-
"accept": "application/json"
|
|
83
|
-
}
|
|
84
|
-
url = f"{github_api_url}/{path}"
|
|
85
|
-
response = requests.request(
|
|
86
|
-
method.upper(),
|
|
87
|
-
url,
|
|
88
|
-
headers=headers,
|
|
89
|
-
data=payload,
|
|
90
|
-
files=files
|
|
91
|
-
)
|
|
92
|
-
if response.status_code <= 399:
|
|
93
|
-
try:
|
|
94
|
-
return response.json()
|
|
95
|
-
except Exception as error:
|
|
96
|
-
response = {
|
|
97
|
-
"error": error,
|
|
98
|
-
"response": response.text,
|
|
99
|
-
"payload": payload
|
|
100
|
-
}
|
|
101
|
-
return response
|
|
102
|
-
else:
|
|
103
|
-
msg = {
|
|
104
|
-
"status_code": response.status_code,
|
|
105
|
-
"UnexpectedError": "There was an unexpected error using the API",
|
|
106
|
-
"error": response.text,
|
|
107
|
-
"payload": payload
|
|
108
|
-
}
|
|
109
|
-
raise APIFailure(msg)
|
|
56
|
+
headers = {
|
|
57
|
+
'Authorization': f"Bearer {gh_api_token}",
|
|
58
|
+
'User-Agent': 'SocketPythonScript/0.0.1',
|
|
59
|
+
"accept": "application/json"
|
|
60
|
+
}
|
|
61
|
+
base_url = f"{github_api_url}/"
|
|
110
62
|
|
|
111
63
|
|
|
112
64
|
class Github:
|
|
@@ -176,37 +128,43 @@ class Github:
|
|
|
176
128
|
existing_overview_comment = comments.get("overview")
|
|
177
129
|
existing_security_comment = comments.get("security")
|
|
178
130
|
if new_overview_comment:
|
|
131
|
+
log.debug("New Dependency Overview comment")
|
|
179
132
|
if existing_overview_comment is not None:
|
|
133
|
+
log.debug("Previous version of Dependency Overview, updating")
|
|
180
134
|
existing_overview_comment: Comment
|
|
181
135
|
Github.update_comment(overview_comment, str(existing_overview_comment.id))
|
|
182
136
|
else:
|
|
137
|
+
log.debug("No previous version of Dependency Overview, posting")
|
|
183
138
|
Github.post_comment(overview_comment)
|
|
184
139
|
if new_security_comment:
|
|
140
|
+
log.debug("New Security Issue Comment")
|
|
185
141
|
if existing_security_comment is not None:
|
|
142
|
+
log.debug("Previous version of Security Issue comment, updating")
|
|
186
143
|
existing_security_comment: Comment
|
|
187
144
|
Github.update_comment(security_comment, str(existing_security_comment.id))
|
|
188
145
|
else:
|
|
146
|
+
log.debug("No Previous version of Security Issue comment, posting")
|
|
189
147
|
Github.post_comment(security_comment)
|
|
190
148
|
|
|
191
149
|
@staticmethod
|
|
192
150
|
def post_comment(body: str) -> None:
|
|
193
151
|
repo = github_repository.rsplit("/", 1)[1]
|
|
194
|
-
path = f"repos/{github_repository_owner}/{repo}/issues/{pr_number}/comments"
|
|
152
|
+
path = f"{base_url}repos/{github_repository_owner}/{repo}/issues/{pr_number}/comments"
|
|
195
153
|
payload = {
|
|
196
154
|
"body": body
|
|
197
155
|
}
|
|
198
156
|
payload = json.dumps(payload)
|
|
199
|
-
do_request(path, payload=payload, method="POST")
|
|
157
|
+
do_request(path, payload=payload, method="POST", headers=headers)
|
|
200
158
|
|
|
201
159
|
@staticmethod
|
|
202
160
|
def update_comment(body: str, comment_id: str) -> None:
|
|
203
161
|
repo = github_repository.rsplit("/", 1)[1]
|
|
204
|
-
path = f"repos/{github_repository_owner}/{repo}/issues/comments/{comment_id}"
|
|
162
|
+
path = f"{base_url}repos/{github_repository_owner}/{repo}/issues/comments/{comment_id}"
|
|
205
163
|
payload = {
|
|
206
164
|
"body": body
|
|
207
165
|
}
|
|
208
166
|
payload = json.dumps(payload)
|
|
209
|
-
do_request(path, payload=payload, method="PATCH")
|
|
167
|
+
do_request(path, payload=payload, method="PATCH", headers=headers)
|
|
210
168
|
|
|
211
169
|
@staticmethod
|
|
212
170
|
def write_new_env(name: str, content: str) -> None:
|
|
@@ -217,8 +175,8 @@ class Github:
|
|
|
217
175
|
|
|
218
176
|
@staticmethod
|
|
219
177
|
def get_comments_for_pr(repo: str, pr: str) -> dict:
|
|
220
|
-
path = f"repos/{github_repository_owner}/{repo}/issues/{pr}/comments"
|
|
221
|
-
raw_comments = do_request(path)
|
|
178
|
+
path = f"{base_url}repos/{github_repository_owner}/{repo}/issues/{pr}/comments"
|
|
179
|
+
raw_comments = do_request(path, headers=headers)
|
|
222
180
|
comments = {}
|
|
223
181
|
if "error" not in raw_comments:
|
|
224
182
|
for item in raw_comments:
|
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import os
|
|
2
|
-
from socketsecurity.core import log
|
|
3
|
-
import requests
|
|
4
|
-
from socketsecurity.core.exceptions import *
|
|
2
|
+
from socketsecurity.core import log, do_request
|
|
5
3
|
from socketsecurity.core.scm_comments import Comments
|
|
6
4
|
import sys
|
|
7
5
|
from socketsecurity.core.classes import Comment, Issue
|
|
@@ -41,62 +39,19 @@ gitlab_variables = [
|
|
|
41
39
|
"GITLAB_TOKEN",
|
|
42
40
|
]
|
|
43
41
|
|
|
44
|
-
|
|
45
42
|
for env in gitlab_variables:
|
|
46
43
|
var_name = env.lower()
|
|
47
44
|
globals()[var_name] = os.getenv(env) or None
|
|
45
|
+
if var_name != 'gitlab_token':
|
|
46
|
+
value = globals()[var_name]
|
|
47
|
+
log.debug(f"{env}={value}")
|
|
48
48
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
method: str = "GET",
|
|
56
|
-
) -> dict:
|
|
57
|
-
"""
|
|
58
|
-
do_requests is the shared function for making HTTP calls
|
|
59
|
-
|
|
60
|
-
:param path: Required path for the request
|
|
61
|
-
:param headers: Optional dictionary of headers. If not set will use a default set
|
|
62
|
-
:param payload: Optional dictionary or string of the payload to pass
|
|
63
|
-
:param files: Optional list of files to upload
|
|
64
|
-
:param method: Optional method to use, defaults to GET
|
|
65
|
-
:return:
|
|
66
|
-
"""
|
|
67
|
-
if gitlab_token is None or gitlab_token == "":
|
|
68
|
-
raise APIKeyMissing
|
|
69
|
-
|
|
70
|
-
if headers is None:
|
|
71
|
-
headers = {
|
|
72
|
-
'Authorization': f"Bearer {gitlab_token}",
|
|
73
|
-
'User-Agent': 'SocketPythonScript/0.0.1',
|
|
74
|
-
"accept": "application/json"
|
|
75
|
-
}
|
|
76
|
-
url = f"{ci_api_v4_url}/{path}"
|
|
77
|
-
response = requests.request(
|
|
78
|
-
method.upper(),
|
|
79
|
-
url,
|
|
80
|
-
headers=headers,
|
|
81
|
-
data=payload,
|
|
82
|
-
files=files
|
|
83
|
-
)
|
|
84
|
-
if response.status_code <= 399:
|
|
85
|
-
try:
|
|
86
|
-
return response.json()
|
|
87
|
-
except Exception as error:
|
|
88
|
-
response = {
|
|
89
|
-
"error": error,
|
|
90
|
-
"response": response.text
|
|
91
|
-
}
|
|
92
|
-
return response
|
|
93
|
-
else:
|
|
94
|
-
msg = {
|
|
95
|
-
"status_code": response.status_code,
|
|
96
|
-
"UnexpectedError": "There was an unexpected error using the API",
|
|
97
|
-
"error": response.text
|
|
98
|
-
}
|
|
99
|
-
raise APIFailure(msg)
|
|
49
|
+
base_url = f"{ci_api_v4_url}/"
|
|
50
|
+
headers = {
|
|
51
|
+
'Authorization': f"Bearer {gitlab_token}",
|
|
52
|
+
'User-Agent': 'SocketPythonScript/0.0.1',
|
|
53
|
+
"accept": "application/json"
|
|
54
|
+
}
|
|
100
55
|
|
|
101
56
|
|
|
102
57
|
class Gitlab:
|
|
@@ -166,40 +121,44 @@ class Gitlab:
|
|
|
166
121
|
existing_overview_comment = comments.get("overview")
|
|
167
122
|
existing_security_comment = comments.get("security")
|
|
168
123
|
if new_overview_comment:
|
|
124
|
+
log.debug("New Dependency Overview comment")
|
|
169
125
|
if existing_overview_comment is not None:
|
|
126
|
+
log.debug("Previous version of Dependency Overview, updating")
|
|
170
127
|
existing_overview_comment: Comment
|
|
171
128
|
Gitlab.update_comment(overview_comment, str(existing_overview_comment.id))
|
|
172
129
|
else:
|
|
130
|
+
log.debug("No previous version of Dependency Overview, posting")
|
|
173
131
|
Gitlab.post_comment(overview_comment)
|
|
174
132
|
if new_security_comment:
|
|
133
|
+
log.debug("New Security Issue Comment")
|
|
175
134
|
if existing_security_comment is not None:
|
|
135
|
+
log.debug("Previous version of Security Issue comment, updating")
|
|
176
136
|
existing_security_comment: Comment
|
|
177
137
|
Gitlab.update_comment(security_comment, str(existing_security_comment.id))
|
|
178
138
|
else:
|
|
139
|
+
log.debug("No Previous version of Security Issue comment, posting")
|
|
179
140
|
Gitlab.post_comment(security_comment)
|
|
180
141
|
|
|
181
142
|
@staticmethod
|
|
182
143
|
def post_comment(body: str) -> None:
|
|
183
|
-
path = f"projects/{ci_merge_request_project_id}/merge_requests/{ci_merge_request_iid}/notes"
|
|
144
|
+
path = f"{base_url}projects/{ci_merge_request_project_id}/merge_requests/{ci_merge_request_iid}/notes"
|
|
184
145
|
payload = {
|
|
185
146
|
"body": body
|
|
186
147
|
}
|
|
187
|
-
|
|
188
|
-
do_request(path, payload=payload, method="POST")
|
|
148
|
+
do_request(path, payload=payload, method="POST", headers=headers)
|
|
189
149
|
|
|
190
150
|
@staticmethod
|
|
191
151
|
def update_comment(body: str, comment_id: str) -> None:
|
|
192
|
-
path = f"projects/{ci_merge_request_project_id}/merge_requests/{ci_merge_request_iid}/notes/{comment_id}"
|
|
152
|
+
path = f"{base_url}projects/{ci_merge_request_project_id}/merge_requests/{ci_merge_request_iid}/notes/{comment_id}"
|
|
193
153
|
payload = {
|
|
194
154
|
"body": body
|
|
195
155
|
}
|
|
196
|
-
|
|
197
|
-
do_request(path, payload=payload, method="PUT")
|
|
156
|
+
do_request(path, payload=payload, method="PUT", headers=headers)
|
|
198
157
|
|
|
199
158
|
@staticmethod
|
|
200
159
|
def get_comments_for_pr(repo: str, pr: str) -> dict:
|
|
201
|
-
path = f"projects/{ci_merge_request_project_id}/merge_requests/{ci_merge_request_iid}/notes"
|
|
202
|
-
raw_comments = do_request(path)
|
|
160
|
+
path = f"{base_url}projects/{ci_merge_request_project_id}/merge_requests/{ci_merge_request_iid}/notes"
|
|
161
|
+
raw_comments = do_request(path, headers=headers)
|
|
203
162
|
comments = {}
|
|
204
163
|
if "message" not in raw_comments:
|
|
205
164
|
for item in raw_comments:
|
|
@@ -212,34 +171,6 @@ class Gitlab:
|
|
|
212
171
|
socket_comments = Comments.check_for_socket_comments(comments)
|
|
213
172
|
return socket_comments
|
|
214
173
|
|
|
215
|
-
@staticmethod
|
|
216
|
-
def get_ignore_options(comments: dict) -> [bool, list]:
|
|
217
|
-
ignore_commands = []
|
|
218
|
-
ignore_all = False
|
|
219
|
-
|
|
220
|
-
for comment in comments["ignore"]:
|
|
221
|
-
comment: Comment
|
|
222
|
-
first_line = comment.body_list[0]
|
|
223
|
-
if not ignore_all and "SocketSecurity ignore" in first_line:
|
|
224
|
-
first_line = first_line.lstrip("@")
|
|
225
|
-
_, command = first_line.split("SocketSecurity ")
|
|
226
|
-
command = command.strip()
|
|
227
|
-
if command == "ignore-all":
|
|
228
|
-
ignore_all = True
|
|
229
|
-
else:
|
|
230
|
-
command = command.lstrip("ignore").strip()
|
|
231
|
-
name, version = command.split("@")
|
|
232
|
-
data = f"{name}, {version}"
|
|
233
|
-
ignore_commands.append(data)
|
|
234
|
-
return ignore_all, ignore_commands
|
|
235
|
-
|
|
236
|
-
@staticmethod
|
|
237
|
-
def is_ignore(pkg_name: str, pkg_version: str, name: str, version: str) -> bool:
|
|
238
|
-
result = False
|
|
239
|
-
if pkg_name == name and (pkg_version == version or version == "*"):
|
|
240
|
-
result = True
|
|
241
|
-
return result
|
|
242
|
-
|
|
243
174
|
@staticmethod
|
|
244
175
|
def remove_comment_alerts(comments: dict):
|
|
245
176
|
security_alert = comments.get("security")
|
|
@@ -248,23 +248,34 @@ def main_code():
|
|
|
248
248
|
diff = None
|
|
249
249
|
if scm is not None and scm.check_event_type() == "comment":
|
|
250
250
|
log.info("Comment initiated flow")
|
|
251
|
+
log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
|
|
251
252
|
comments = scm.get_comments_for_pr(scm.repository, str(scm.pr_number))
|
|
253
|
+
log.debug("Removing comment alerts")
|
|
252
254
|
scm.remove_comment_alerts(comments)
|
|
253
255
|
elif scm is not None and scm.check_event_type() != "comment":
|
|
254
256
|
log.info("Push initiated flow")
|
|
255
257
|
diff: Diff
|
|
256
258
|
diff = core.create_new_diff(target_path, params, workspace=target_path, new_files=files)
|
|
257
259
|
if scm.check_event_type() == "diff":
|
|
260
|
+
log.info("Starting comment logic for PR/MR event")
|
|
261
|
+
log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
|
|
258
262
|
comments = scm.get_comments_for_pr(repo, str(pr_number))
|
|
263
|
+
log.debug("Removing comment alerts")
|
|
264
|
+
log.debug("")
|
|
259
265
|
diff.new_alerts = Comments.remove_alerts(comments, diff.new_alerts)
|
|
266
|
+
log.debug("Creating Dependency Overview Comment")
|
|
260
267
|
overview_comment = Messages.dependency_overview_template(diff)
|
|
268
|
+
log.debug("Creating Security Issues Comment")
|
|
261
269
|
security_comment = Messages.security_comment_template(diff)
|
|
262
270
|
new_security_comment = True
|
|
263
271
|
new_overview_comment = True
|
|
264
272
|
if len(diff.new_alerts) == 0 or disable_security_issue:
|
|
265
273
|
new_security_comment = False
|
|
274
|
+
log.debug("No new alerts or security issue comment disabled")
|
|
266
275
|
if (len(diff.new_packages) == 0 and diff.removed_packages == 0) or disable_overview:
|
|
267
276
|
new_overview_comment = False
|
|
277
|
+
log.debug("No new/removed packages or Dependency Overview comment disabled")
|
|
278
|
+
log.debug(f"Adding comments for {scm_type}")
|
|
268
279
|
scm.add_socket_comments(
|
|
269
280
|
security_comment,
|
|
270
281
|
overview_comment,
|
|
@@ -272,7 +283,10 @@ def main_code():
|
|
|
272
283
|
new_security_comment,
|
|
273
284
|
new_overview_comment
|
|
274
285
|
)
|
|
286
|
+
else:
|
|
287
|
+
log.info("Not a PR/MR event no comment needed")
|
|
275
288
|
if enable_json:
|
|
289
|
+
log.debug("Outputting JSON Results")
|
|
276
290
|
output_console_json(diff)
|
|
277
291
|
else:
|
|
278
292
|
output_console_comments(diff)
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{socketsecurity-0.0.89 → socketsecurity-0.0.92}/socketsecurity.egg-info/dependency_links.txt
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|