socketsecurity 1.0.3__tar.gz → 1.0.5__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {socketsecurity-1.0.3/socketsecurity.egg-info → socketsecurity-1.0.5}/PKG-INFO +2 -1
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/README.md +1 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/__init__.py +1 -1
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/__init__.py +7 -1
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/github.py +1 -1
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/socketcli.py +47 -13
- {socketsecurity-1.0.3 → socketsecurity-1.0.5/socketsecurity.egg-info}/PKG-INFO +2 -1
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/LICENSE +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/pyproject.toml +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/setup.cfg +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/classes.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/exceptions.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/git_interface.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/gitlab.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/issues.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/licenses.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/messages.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/scm_comments.py +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/SOURCES.txt +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/dependency_links.txt +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/entry_points.txt +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/requires.txt +0 -0
- {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/top_level.txt +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: socketsecurity
|
|
3
|
-
Version: 1.0.
|
|
3
|
+
Version: 1.0.5
|
|
4
4
|
Summary: Socket Security CLI for CI/CD
|
|
5
5
|
Author-email: Douglas Coburn <douglas@socket.dev>
|
|
6
6
|
Maintainer-email: Douglas Coburn <douglas@socket.dev>
|
|
@@ -60,3 +60,4 @@ If you don't want to provide the Socket API Token every time then you can use th
|
|
|
60
60
|
| --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
|
|
61
61
|
| --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
|
|
62
62
|
| --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
|
|
63
|
+
| --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
|
|
@@ -37,3 +37,4 @@ If you don't want to provide the Socket API Token every time then you can use th
|
|
|
37
37
|
| --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
|
|
38
38
|
| --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
|
|
39
39
|
| --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
|
|
40
|
+
| --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
__author__ = 'socket.dev'
|
|
2
|
-
__version__ = '1.0.
|
|
2
|
+
__version__ = '1.0.5'
|
|
@@ -82,6 +82,9 @@ socket_globs = {
|
|
|
82
82
|
"pyproject.toml": {
|
|
83
83
|
"pattern": "pyproject.toml"
|
|
84
84
|
},
|
|
85
|
+
"poetry.lock": {
|
|
86
|
+
"pattern": "poetry.lock"
|
|
87
|
+
},
|
|
85
88
|
"requirements.txt": {
|
|
86
89
|
"pattern": "*requirements.txt"
|
|
87
90
|
},
|
|
@@ -394,12 +397,15 @@ class Core:
|
|
|
394
397
|
:return:
|
|
395
398
|
"""
|
|
396
399
|
all_files = []
|
|
400
|
+
files_provided = False
|
|
401
|
+
if files is not None and len(files) > 0:
|
|
402
|
+
files_provided = True
|
|
397
403
|
for ecosystem in socket_globs:
|
|
398
404
|
patterns = socket_globs[ecosystem]
|
|
399
405
|
for file_name in patterns:
|
|
400
406
|
pattern = patterns[file_name]["pattern"]
|
|
401
407
|
file_path = f"{path}/**/{pattern}"
|
|
402
|
-
if
|
|
408
|
+
if not files_provided:
|
|
403
409
|
files = glob(file_path, recursive=True)
|
|
404
410
|
else:
|
|
405
411
|
files = Core.match_supported_files(path, files)
|
|
@@ -111,7 +111,7 @@ class Github:
|
|
|
111
111
|
@staticmethod
|
|
112
112
|
def check_event_type() -> str:
|
|
113
113
|
if github_event_name.lower() == "push":
|
|
114
|
-
if pr_number is None or pr_number == "":
|
|
114
|
+
if pr_number is None or pr_number == "" or pr_number == "0":
|
|
115
115
|
event_type = "main"
|
|
116
116
|
else:
|
|
117
117
|
event_type = "diff"
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import argparse
|
|
2
2
|
import json
|
|
3
3
|
from socketsecurity.core import Core, __version__
|
|
4
|
-
from socketsecurity.core.classes import FullScanParams, Diff, Package,
|
|
4
|
+
from socketsecurity.core.classes import FullScanParams, Diff, Package, Issue
|
|
5
5
|
from socketsecurity.core.messages import Messages
|
|
6
6
|
from socketsecurity.core.scm_comments import Comments
|
|
7
7
|
from socketsecurity.core.git_interface import Git
|
|
@@ -12,6 +12,7 @@ import logging
|
|
|
12
12
|
|
|
13
13
|
logging.basicConfig(level=logging.INFO)
|
|
14
14
|
log = logging.getLogger("socketcli")
|
|
15
|
+
blocking_disabled = False
|
|
15
16
|
|
|
16
17
|
parser = argparse.ArgumentParser(
|
|
17
18
|
prog="socketcli",
|
|
@@ -142,6 +143,13 @@ parser.add_argument(
|
|
|
142
143
|
default=False
|
|
143
144
|
)
|
|
144
145
|
|
|
146
|
+
parser.add_argument(
|
|
147
|
+
'--disable-blocking',
|
|
148
|
+
help='Disables failing checks and will only exit with an exit code of 0',
|
|
149
|
+
action='store_true',
|
|
150
|
+
default=False
|
|
151
|
+
)
|
|
152
|
+
|
|
145
153
|
|
|
146
154
|
def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> None:
|
|
147
155
|
console_security_comment = Messages.create_console_security_alert_table(diff_report)
|
|
@@ -150,7 +158,8 @@ def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> No
|
|
|
150
158
|
log.info("Security issues detected by Socket Security")
|
|
151
159
|
msg = f"\n{console_security_comment}"
|
|
152
160
|
log.info(msg)
|
|
153
|
-
|
|
161
|
+
if not blocking_disabled:
|
|
162
|
+
sys.exit(1)
|
|
154
163
|
else:
|
|
155
164
|
log.info("No New Security issues detected by Socket Security")
|
|
156
165
|
|
|
@@ -159,7 +168,7 @@ def output_console_json(diff_report: Diff, sbom_file_name: str = None) -> None:
|
|
|
159
168
|
console_security_comment = Messages.create_security_comment_json(diff_report)
|
|
160
169
|
save_sbom_file(diff_report, sbom_file_name)
|
|
161
170
|
print(json.dumps(console_security_comment))
|
|
162
|
-
if not report_pass(diff_report):
|
|
171
|
+
if not report_pass(diff_report) and not blocking_disabled:
|
|
163
172
|
sys.exit(1)
|
|
164
173
|
|
|
165
174
|
|
|
@@ -167,7 +176,7 @@ def report_pass(diff_report: Diff) -> bool:
|
|
|
167
176
|
report_passed = True
|
|
168
177
|
if len(diff_report.new_alerts) > 0:
|
|
169
178
|
for alert in diff_report.new_alerts:
|
|
170
|
-
alert:
|
|
179
|
+
alert: Issue
|
|
171
180
|
if report_passed and alert.error:
|
|
172
181
|
report_passed = False
|
|
173
182
|
break
|
|
@@ -184,11 +193,17 @@ def cli():
|
|
|
184
193
|
main_code()
|
|
185
194
|
except KeyboardInterrupt:
|
|
186
195
|
log.info("Keyboard Interrupt detected, exiting")
|
|
187
|
-
|
|
196
|
+
if not blocking_disabled:
|
|
197
|
+
sys.exit(2)
|
|
198
|
+
else:
|
|
199
|
+
sys.exit(0)
|
|
188
200
|
except Exception as error:
|
|
189
201
|
log.error("Unexpected error when running the cli")
|
|
190
202
|
log.error(error)
|
|
191
|
-
|
|
203
|
+
if not blocking_disabled:
|
|
204
|
+
sys.exit(3)
|
|
205
|
+
else:
|
|
206
|
+
sys.exit(0)
|
|
192
207
|
|
|
193
208
|
|
|
194
209
|
def main_code():
|
|
@@ -214,6 +229,10 @@ def main_code():
|
|
|
214
229
|
disable_overview = arguments.disable_overview
|
|
215
230
|
disable_security_issue = arguments.disable_security_issue
|
|
216
231
|
ignore_commit_files = arguments.ignore_commit_files
|
|
232
|
+
disable_blocking = arguments.disable_blocking
|
|
233
|
+
if disable_blocking:
|
|
234
|
+
global blocking_disabled
|
|
235
|
+
blocking_disabled = True
|
|
217
236
|
files = arguments.files
|
|
218
237
|
log.info(f"Starting Socket Security Scan version {__version__}")
|
|
219
238
|
api_token = os.getenv("SOCKET_SECURITY_API_KEY") or arguments.api_token
|
|
@@ -265,12 +284,15 @@ def main_code():
|
|
|
265
284
|
if scm is not None:
|
|
266
285
|
default_branch = scm.is_default_branch
|
|
267
286
|
|
|
268
|
-
if is_repo and files is not None and len(files) == 0 and not ignore_commit_files:
|
|
269
|
-
no_change = True
|
|
270
|
-
else:
|
|
271
|
-
no_change = False
|
|
272
287
|
base_api_url = os.getenv("BASE_API_URL") or None
|
|
273
288
|
core = Core(token=api_token, request_timeout=6000, base_api_url=base_api_url)
|
|
289
|
+
no_change = True
|
|
290
|
+
if ignore_commit_files:
|
|
291
|
+
no_change = False
|
|
292
|
+
elif is_repo and files is not None and len(files) > 0:
|
|
293
|
+
if len(core.match_supported_files(target_path, files)) > 0:
|
|
294
|
+
no_change = False
|
|
295
|
+
|
|
274
296
|
set_as_pending_head = False
|
|
275
297
|
if default_branch:
|
|
276
298
|
set_as_pending_head = True
|
|
@@ -295,7 +317,9 @@ def main_code():
|
|
|
295
317
|
log.info("Push initiated flow")
|
|
296
318
|
diff: Diff
|
|
297
319
|
diff = core.create_new_diff(target_path, params, workspace=target_path, new_files=files, no_change=no_change)
|
|
298
|
-
if
|
|
320
|
+
if no_change:
|
|
321
|
+
log.info("No dependency changes")
|
|
322
|
+
elif scm.check_event_type() == "diff":
|
|
299
323
|
log.info("Starting comment logic for PR/MR event")
|
|
300
324
|
log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
|
|
301
325
|
comments = scm.get_comments_for_pr(repo, str(pr_number))
|
|
@@ -307,14 +331,24 @@ def main_code():
|
|
|
307
331
|
security_comment = Messages.security_comment_template(diff)
|
|
308
332
|
new_security_comment = True
|
|
309
333
|
new_overview_comment = True
|
|
334
|
+
update_old_security_comment = (
|
|
335
|
+
security_comment is None or
|
|
336
|
+
security_comment == "" or
|
|
337
|
+
(len(comments) != 0 and comments.get("security") is not None)
|
|
338
|
+
)
|
|
339
|
+
update_old_overview_comment = (
|
|
340
|
+
overview_comment is None or
|
|
341
|
+
overview_comment == "" or
|
|
342
|
+
(len(comments) != 0 and comments.get("overview") is not None)
|
|
343
|
+
)
|
|
310
344
|
if len(diff.new_alerts) == 0 or disable_security_issue:
|
|
311
|
-
if
|
|
345
|
+
if not update_old_security_comment:
|
|
312
346
|
new_security_comment = False
|
|
313
347
|
log.debug("No new alerts or security issue comment disabled")
|
|
314
348
|
else:
|
|
315
349
|
log.debug("Updated security comment with no new alerts")
|
|
316
350
|
if (len(diff.new_packages) == 0 and len(diff.removed_packages) == 0) or disable_overview:
|
|
317
|
-
if
|
|
351
|
+
if not update_old_overview_comment:
|
|
318
352
|
new_overview_comment = False
|
|
319
353
|
log.debug("No new/removed packages or Dependency Overview comment disabled")
|
|
320
354
|
else:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: socketsecurity
|
|
3
|
-
Version: 1.0.
|
|
3
|
+
Version: 1.0.5
|
|
4
4
|
Summary: Socket Security CLI for CI/CD
|
|
5
5
|
Author-email: Douglas Coburn <douglas@socket.dev>
|
|
6
6
|
Maintainer-email: Douglas Coburn <douglas@socket.dev>
|
|
@@ -60,3 +60,4 @@ If you don't want to provide the Socket API Token every time then you can use th
|
|
|
60
60
|
| --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
|
|
61
61
|
| --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
|
|
62
62
|
| --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
|
|
63
|
+
| --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|