socketsecurity 1.0.23__tar.gz → 1.0.25__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. {socketsecurity-1.0.23/socketsecurity.egg-info → socketsecurity-1.0.25}/PKG-INFO +1 -1
  2. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/__init__.py +1 -1
  3. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/__init__.py +15 -9
  4. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/socketcli.py +8 -5
  5. {socketsecurity-1.0.23 → socketsecurity-1.0.25/socketsecurity.egg-info}/PKG-INFO +1 -1
  6. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/LICENSE +0 -0
  7. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/README.md +0 -0
  8. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/pyproject.toml +0 -0
  9. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/setup.cfg +0 -0
  10. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/classes.py +0 -0
  11. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/exceptions.py +0 -0
  12. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/git_interface.py +0 -0
  13. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/github.py +0 -0
  14. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/gitlab.py +0 -0
  15. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/issues.py +0 -0
  16. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/licenses.py +0 -0
  17. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/messages.py +0 -0
  18. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity/core/scm_comments.py +0 -0
  19. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity.egg-info/SOURCES.txt +0 -0
  20. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity.egg-info/dependency_links.txt +0 -0
  21. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity.egg-info/entry_points.txt +0 -0
  22. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity.egg-info/requires.txt +0 -0
  23. {socketsecurity-1.0.23 → socketsecurity-1.0.25}/socketsecurity.egg-info/top_level.txt +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: socketsecurity
3
- Version: 1.0.23
3
+ Version: 1.0.25
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -1,2 +1,2 @@
1
1
  __author__ = 'socket.dev'
2
- __version__ = '1.0.23'
2
+ __version__ = '1.0.25'
@@ -45,9 +45,8 @@ org_id = None
45
45
  org_slug = None
46
46
  all_new_alerts = False
47
47
  security_policy = {}
48
+ allow_unverified_ssl = False
48
49
  log = logging.getLogger("socketdev")
49
- # log_format = "%(asctime)s %(funcName)20s() %(message)s"
50
- # logging.basicConfig(format=log_format)
51
50
  log.addHandler(logging.NullHandler())
52
51
 
53
52
  socket_globs = {
@@ -164,13 +163,17 @@ def do_request(
164
163
  'User-Agent': f'SocketPythonCLI/{__version__}',
165
164
  "accept": "application/json"
166
165
  }
166
+ verify = True
167
+ if allow_unverified_ssl:
168
+ verify = False
167
169
  response = requests.request(
168
170
  method.upper(),
169
171
  url,
170
172
  headers=headers,
171
173
  data=payload,
172
174
  files=files,
173
- timeout=timeout
175
+ timeout=timeout,
176
+ verify=verify
174
177
  )
175
178
  output_headers = headers.copy()
176
179
  output_headers['Authorization'] = "API_KEY_REDACTED"
@@ -220,8 +223,11 @@ class Core:
220
223
  token: str,
221
224
  base_api_url: str = None,
222
225
  request_timeout: int = None,
223
- enable_all_alerts: bool = False
226
+ enable_all_alerts: bool = False,
227
+ allow_unverified: bool = False
224
228
  ):
229
+ global allow_unverified_ssl
230
+ allow_unverified_ssl = allow_unverified
225
231
  self.token = token + ":"
226
232
  encode_key(self.token)
227
233
  self.socket_date_format = "%Y-%m-%dT%H:%M:%S.%fZ"
@@ -409,7 +415,7 @@ class Core:
409
415
  """
410
416
  log.debug("Starting Find Files")
411
417
  start_time = time.time()
412
- files = []
418
+ files = set()
413
419
  for ecosystem in socket_globs:
414
420
  patterns = socket_globs[ecosystem]
415
421
  for file_name in patterns:
@@ -421,7 +427,7 @@ class Core:
421
427
  glob_files = glob(file_path, recursive=True)
422
428
  for glob_file in glob_files:
423
429
  if glob_file not in files:
424
- files.append(glob_file)
430
+ files.add(glob_file)
425
431
  glob_end = time.time()
426
432
  glob_total_time = glob_end - glob_start
427
433
  log.debug(f"Glob for pattern {file_path} took {glob_total_time:.2f} seconds")
@@ -430,7 +436,7 @@ class Core:
430
436
  end_time = time.time()
431
437
  total_time = end_time - start_time
432
438
  log.info(f"Found {len(files)} in {total_time:.2f} seconds")
433
- return files
439
+ return list(files)
434
440
 
435
441
  @staticmethod
436
442
  def create_full_scan(files: list, params: FullScanParams, workspace: str) -> FullScan:
@@ -588,13 +594,13 @@ class Core:
588
594
  head_packages = Core.create_sbom_dict(head_scan)
589
595
  new_scan_alerts = {}
590
596
  head_scan_alerts = {}
591
- consolidated = []
597
+ consolidated = set()
592
598
  for package_id in new_packages:
593
599
  purl, package = Core.create_purl(package_id, new_packages)
594
600
  base_purl = f"{purl.ecosystem}/{purl.name}@{purl.version}"
595
601
  if package_id not in head_packages and package.direct and base_purl not in consolidated:
596
602
  diff.new_packages.append(purl)
597
- consolidated.append(base_purl)
603
+ consolidated.add(base_purl)
598
604
  new_scan_alerts = Core.create_issue_alerts(package, new_scan_alerts, new_packages)
599
605
  for package_id in head_packages:
600
606
  purl, package = Core.create_purl(package_id, head_packages)
@@ -27,11 +27,6 @@ parser.add_argument(
27
27
  help='The Socket API token can be set via SOCKET_SECURITY_API_KEY',
28
28
  required=False
29
29
  )
30
- parser.add_argument(
31
- '--base-url',
32
- help='Override the base url to use with the Socket Broker',
33
- required=False
34
- )
35
30
  parser.add_argument(
36
31
  '--repo',
37
32
  help='The name of the repository',
@@ -118,6 +113,13 @@ parser.add_argument(
118
113
  default=False
119
114
  )
120
115
 
116
+ parser.add_argument(
117
+ '--allow-unverified',
118
+ help='Allow unverified SSL Connections',
119
+ action='store_true',
120
+ default=False
121
+ )
122
+
121
123
  parser.add_argument(
122
124
  '--enable-json',
123
125
  help='Enable json output of results instead of table formatted',
@@ -240,6 +242,7 @@ def main_code():
240
242
  disable_security_issue = arguments.disable_security_issue
241
243
  ignore_commit_files = arguments.ignore_commit_files
242
244
  disable_blocking = arguments.disable_blocking
245
+ allow_unverified = arguments.allow_unverified
243
246
  if disable_blocking:
244
247
  global blocking_disabled
245
248
  blocking_disabled = True
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: socketsecurity
3
- Version: 1.0.23
3
+ Version: 1.0.25
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
File without changes