socketsecurity 1.0.3__tar.gz → 1.0.5__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. {socketsecurity-1.0.3/socketsecurity.egg-info → socketsecurity-1.0.5}/PKG-INFO +2 -1
  2. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/README.md +1 -0
  3. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/__init__.py +1 -1
  4. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/__init__.py +7 -1
  5. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/github.py +1 -1
  6. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/socketcli.py +47 -13
  7. {socketsecurity-1.0.3 → socketsecurity-1.0.5/socketsecurity.egg-info}/PKG-INFO +2 -1
  8. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/LICENSE +0 -0
  9. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/pyproject.toml +0 -0
  10. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/setup.cfg +0 -0
  11. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/classes.py +0 -0
  12. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/exceptions.py +0 -0
  13. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/git_interface.py +0 -0
  14. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/gitlab.py +0 -0
  15. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/issues.py +0 -0
  16. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/licenses.py +0 -0
  17. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/messages.py +0 -0
  18. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity/core/scm_comments.py +0 -0
  19. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/SOURCES.txt +0 -0
  20. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/dependency_links.txt +0 -0
  21. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/entry_points.txt +0 -0
  22. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/requires.txt +0 -0
  23. {socketsecurity-1.0.3 → socketsecurity-1.0.5}/socketsecurity.egg-info/top_level.txt +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: socketsecurity
3
- Version: 1.0.3
3
+ Version: 1.0.5
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -60,3 +60,4 @@ If you don't want to provide the Socket API Token every time then you can use th
60
60
  | --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
61
61
  | --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
62
62
  | --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
63
+ | --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
@@ -37,3 +37,4 @@ If you don't want to provide the Socket API Token every time then you can use th
37
37
  | --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
38
38
  | --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
39
39
  | --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
40
+ | --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
@@ -1,2 +1,2 @@
1
1
  __author__ = 'socket.dev'
2
- __version__ = '1.0.3'
2
+ __version__ = '1.0.5'
@@ -82,6 +82,9 @@ socket_globs = {
82
82
  "pyproject.toml": {
83
83
  "pattern": "pyproject.toml"
84
84
  },
85
+ "poetry.lock": {
86
+ "pattern": "poetry.lock"
87
+ },
85
88
  "requirements.txt": {
86
89
  "pattern": "*requirements.txt"
87
90
  },
@@ -394,12 +397,15 @@ class Core:
394
397
  :return:
395
398
  """
396
399
  all_files = []
400
+ files_provided = False
401
+ if files is not None and len(files) > 0:
402
+ files_provided = True
397
403
  for ecosystem in socket_globs:
398
404
  patterns = socket_globs[ecosystem]
399
405
  for file_name in patterns:
400
406
  pattern = patterns[file_name]["pattern"]
401
407
  file_path = f"{path}/**/{pattern}"
402
- if files is None or len(files) == 0:
408
+ if not files_provided:
403
409
  files = glob(file_path, recursive=True)
404
410
  else:
405
411
  files = Core.match_supported_files(path, files)
@@ -111,7 +111,7 @@ class Github:
111
111
  @staticmethod
112
112
  def check_event_type() -> str:
113
113
  if github_event_name.lower() == "push":
114
- if pr_number is None or pr_number == "":
114
+ if pr_number is None or pr_number == "" or pr_number == "0":
115
115
  event_type = "main"
116
116
  else:
117
117
  event_type = "diff"
@@ -1,7 +1,7 @@
1
1
  import argparse
2
2
  import json
3
3
  from socketsecurity.core import Core, __version__
4
- from socketsecurity.core.classes import FullScanParams, Diff, Package, Alert
4
+ from socketsecurity.core.classes import FullScanParams, Diff, Package, Issue
5
5
  from socketsecurity.core.messages import Messages
6
6
  from socketsecurity.core.scm_comments import Comments
7
7
  from socketsecurity.core.git_interface import Git
@@ -12,6 +12,7 @@ import logging
12
12
 
13
13
  logging.basicConfig(level=logging.INFO)
14
14
  log = logging.getLogger("socketcli")
15
+ blocking_disabled = False
15
16
 
16
17
  parser = argparse.ArgumentParser(
17
18
  prog="socketcli",
@@ -142,6 +143,13 @@ parser.add_argument(
142
143
  default=False
143
144
  )
144
145
 
146
+ parser.add_argument(
147
+ '--disable-blocking',
148
+ help='Disables failing checks and will only exit with an exit code of 0',
149
+ action='store_true',
150
+ default=False
151
+ )
152
+
145
153
 
146
154
  def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> None:
147
155
  console_security_comment = Messages.create_console_security_alert_table(diff_report)
@@ -150,7 +158,8 @@ def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> No
150
158
  log.info("Security issues detected by Socket Security")
151
159
  msg = f"\n{console_security_comment}"
152
160
  log.info(msg)
153
- sys.exit(1)
161
+ if not blocking_disabled:
162
+ sys.exit(1)
154
163
  else:
155
164
  log.info("No New Security issues detected by Socket Security")
156
165
 
@@ -159,7 +168,7 @@ def output_console_json(diff_report: Diff, sbom_file_name: str = None) -> None:
159
168
  console_security_comment = Messages.create_security_comment_json(diff_report)
160
169
  save_sbom_file(diff_report, sbom_file_name)
161
170
  print(json.dumps(console_security_comment))
162
- if not report_pass(diff_report):
171
+ if not report_pass(diff_report) and not blocking_disabled:
163
172
  sys.exit(1)
164
173
 
165
174
 
@@ -167,7 +176,7 @@ def report_pass(diff_report: Diff) -> bool:
167
176
  report_passed = True
168
177
  if len(diff_report.new_alerts) > 0:
169
178
  for alert in diff_report.new_alerts:
170
- alert: Alert
179
+ alert: Issue
171
180
  if report_passed and alert.error:
172
181
  report_passed = False
173
182
  break
@@ -184,11 +193,17 @@ def cli():
184
193
  main_code()
185
194
  except KeyboardInterrupt:
186
195
  log.info("Keyboard Interrupt detected, exiting")
187
- sys.exit(2)
196
+ if not blocking_disabled:
197
+ sys.exit(2)
198
+ else:
199
+ sys.exit(0)
188
200
  except Exception as error:
189
201
  log.error("Unexpected error when running the cli")
190
202
  log.error(error)
191
- sys.exit(3)
203
+ if not blocking_disabled:
204
+ sys.exit(3)
205
+ else:
206
+ sys.exit(0)
192
207
 
193
208
 
194
209
  def main_code():
@@ -214,6 +229,10 @@ def main_code():
214
229
  disable_overview = arguments.disable_overview
215
230
  disable_security_issue = arguments.disable_security_issue
216
231
  ignore_commit_files = arguments.ignore_commit_files
232
+ disable_blocking = arguments.disable_blocking
233
+ if disable_blocking:
234
+ global blocking_disabled
235
+ blocking_disabled = True
217
236
  files = arguments.files
218
237
  log.info(f"Starting Socket Security Scan version {__version__}")
219
238
  api_token = os.getenv("SOCKET_SECURITY_API_KEY") or arguments.api_token
@@ -265,12 +284,15 @@ def main_code():
265
284
  if scm is not None:
266
285
  default_branch = scm.is_default_branch
267
286
 
268
- if is_repo and files is not None and len(files) == 0 and not ignore_commit_files:
269
- no_change = True
270
- else:
271
- no_change = False
272
287
  base_api_url = os.getenv("BASE_API_URL") or None
273
288
  core = Core(token=api_token, request_timeout=6000, base_api_url=base_api_url)
289
+ no_change = True
290
+ if ignore_commit_files:
291
+ no_change = False
292
+ elif is_repo and files is not None and len(files) > 0:
293
+ if len(core.match_supported_files(target_path, files)) > 0:
294
+ no_change = False
295
+
274
296
  set_as_pending_head = False
275
297
  if default_branch:
276
298
  set_as_pending_head = True
@@ -295,7 +317,9 @@ def main_code():
295
317
  log.info("Push initiated flow")
296
318
  diff: Diff
297
319
  diff = core.create_new_diff(target_path, params, workspace=target_path, new_files=files, no_change=no_change)
298
- if scm.check_event_type() == "diff":
320
+ if no_change:
321
+ log.info("No dependency changes")
322
+ elif scm.check_event_type() == "diff":
299
323
  log.info("Starting comment logic for PR/MR event")
300
324
  log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
301
325
  comments = scm.get_comments_for_pr(repo, str(pr_number))
@@ -307,14 +331,24 @@ def main_code():
307
331
  security_comment = Messages.security_comment_template(diff)
308
332
  new_security_comment = True
309
333
  new_overview_comment = True
334
+ update_old_security_comment = (
335
+ security_comment is None or
336
+ security_comment == "" or
337
+ (len(comments) != 0 and comments.get("security") is not None)
338
+ )
339
+ update_old_overview_comment = (
340
+ overview_comment is None or
341
+ overview_comment == "" or
342
+ (len(comments) != 0 and comments.get("overview") is not None)
343
+ )
310
344
  if len(diff.new_alerts) == 0 or disable_security_issue:
311
- if security_comment is None or security_comment == "":
345
+ if not update_old_security_comment:
312
346
  new_security_comment = False
313
347
  log.debug("No new alerts or security issue comment disabled")
314
348
  else:
315
349
  log.debug("Updated security comment with no new alerts")
316
350
  if (len(diff.new_packages) == 0 and len(diff.removed_packages) == 0) or disable_overview:
317
- if overview_comment is None or overview_comment == "":
351
+ if not update_old_overview_comment:
318
352
  new_overview_comment = False
319
353
  log.debug("No new/removed packages or Dependency Overview comment disabled")
320
354
  else:
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: socketsecurity
3
- Version: 1.0.3
3
+ Version: 1.0.5
4
4
  Summary: Socket Security CLI for CI/CD
5
5
  Author-email: Douglas Coburn <douglas@socket.dev>
6
6
  Maintainer-email: Douglas Coburn <douglas@socket.dev>
@@ -60,3 +60,4 @@ If you don't want to provide the Socket API Token every time then you can use th
60
60
  | --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
61
61
  | --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
62
62
  | --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
63
+ | --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
File without changes
File without changes