socketsecurity 2.2.56__tar.gz → 2.2.59__tar.gz

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 2.2.57
+
+- Fixed Dockerfile to set `GOROOT` to `/usr/lib/go` when using system Go (`GO_VERSION=system`) instead of always using `/usr/local/go`.
+
 ## 2.2.56
 
 - Removed process timeout from reachability analysis subprocess. Timeouts are now only passed to the Coana CLI via the `--analysis-timeout` flag.

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/Dockerfile

@@ -20,7 +20,8 @@ RUN apk update && apk add --no-cache \
 
 # Install Go with version control
 RUN if [ "$GO_VERSION" = "system" ]; then \
-        apk add --no-cache go; \
+        apk add --no-cache go && \
+        echo "/usr/lib/go" > /etc/goroot; \
     else \
         cd /tmp && \
         ARCH=$(uname -m) && \
@@ -31,7 +32,8 @@ RUN if [ "$GO_VERSION" = "system" ]; then \
         esac && \
         wget https://golang.org/dl/go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
         tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
-        rm go${GO_VERSION}.linux-${GOARCH}.tar.gz; \
+        rm go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
+        echo "/usr/local/go" > /etc/goroot; \
     fi
 
 # Install Java with version control
@@ -64,8 +66,7 @@ RUN npm install @coana-tech/cli socket -g && \
     rustup component add rustfmt clippy
 
 # Set environment paths
-ENV PATH="/usr/local/go/bin:/root/.cargo/bin:${PATH}"
-ENV GOROOT="/usr/local/go"
+ENV PATH="/usr/local/go/bin:/usr/lib/go/bin:/root/.cargo/bin:${PATH}"
 ENV GOPATH="/go"
 
 # Install uv

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.56
+Version: 2.2.59
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.56"
+version = "2.2.59"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/scripts/docker-entrypoint.sh

@@ -4,6 +4,9 @@
 # docker run socketdev/cli socketcli --params
 # docker run socketdev/cli --cli-params
 
+# Set GOROOT from the value determined at build time
+export GOROOT=$(cat /etc/goroot)
+
 # Check if we have any arguments
 if [ $# -eq 0 ]; then
     # No arguments provided, run socketcli with no args (will show help)

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.56'
+__version__ = '2.2.59'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.56 → socketsecurity-2.2.59}/socketsecurity/core/__init__.py

@@ -4,13 +4,10 @@ import sys
 import tarfile
 import tempfile
 import time
-import io
 import json
 from dataclasses import asdict
-from glob import glob
-from io import BytesIO
-from pathlib import PurePath
-from typing import BinaryIO, Dict, List, Tuple, Set, Union, TYPE_CHECKING, Optional
+from pathlib import Path, PurePath
+from typing import Dict, List, Tuple, Set, TYPE_CHECKING, Optional
 
 if TYPE_CHECKING:
     from socketsecurity.config import CliConfig
@@ -315,15 +312,18 @@ class Core:
 
                 for pattern in expanded_patterns:
                     case_insensitive_pattern = Core.to_case_insensitive_regex(pattern)
-                    file_path = os.path.join(path, "**", case_insensitive_pattern)
-
-                    log.debug(f"Globbing {file_path}")
+                    
+                    log.debug(f"Searching for pattern: {case_insensitive_pattern}")
                     glob_start = time.time()
-                    glob_files = glob(file_path, recursive=True)
+                    
+                    # Use pathlib.Path.rglob() instead of glob.glob() to properly match dotfiles/dotdirs
+                    base_path = Path(path)
+                    glob_files = base_path.rglob(case_insensitive_pattern)
 
                     for glob_file in glob_files:
-                        if os.path.isfile(glob_file) and not Core.is_excluded(glob_file, self.config.excluded_dirs):
-                            files.add(glob_file.replace("\\", "/"))
+                        glob_file_str = str(glob_file)
+                        if os.path.isfile(glob_file_str) and not Core.is_excluded(glob_file_str, self.config.excluded_dirs):
+                            files.add(glob_file_str.replace("\\", "/"))
 
                     glob_end = time.time()
                     log.debug(f"Globbing took {glob_end - glob_start:.4f} seconds")
@@ -414,6 +414,11 @@ class Core:
                 # Expand brace patterns for each manifest pattern
                 expanded_patterns = Core.expand_brace_pattern(pattern_str)
                 for exp_pat in expanded_patterns:
+                    # If pattern doesn't contain '/', prepend '**/' to match files in any subdirectory
+                    # This ensures patterns like '*requirements.txt' match '.test/requirements.txt'
+                    if '/' not in exp_pat:
+                        exp_pat = f"**/{exp_pat}"
+                    
                     for file in norm_files:
                         # Use PurePath.match for glob-like matching
                         if PurePath(file).match(exp_pat):