PyPI - socketsecurity - Versions diffs - 2.2.57__tar.gz → 2.2.60__tar.gz - Mend

socketsecurity 2.2.57tar.gz → 2.2.60tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

{socketsecurity-2.2.57 → socketsecurity-2.2.60}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.57
+Version: 2.2.60
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -35,12 +35,13 @@ Classifier: Programming Language :: Python :: 3.12
 Requires-Python: >=3.10
 Requires-Dist: bs4>=0.0.2
 Requires-Dist: gitpython
+Requires-Dist: markdown>=3.10
 Requires-Dist: mdutils
 Requires-Dist: packaging
 Requires-Dist: prettytable
 Requires-Dist: python-dotenv
 Requires-Dist: requests
-Requires-Dist: socketdev<4.0.0,>=3.0.22
+Requires-Dist: socketdev<4.0.0,>=3.0.25
 Provides-Extra: dev
 Requires-Dist: hatch; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'
@@ -158,14 +159,14 @@ socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--repo-is-public] [--branc
           [--only-facts-file] [--version]
 ````
-If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_KEY`
+If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_TOKEN`
 ### Parameters
 #### Authentication
-| Parameter   | Required | Default | Description                                                                     |
-|:------------|:---------|:--------|:--------------------------------------------------------------------------------|
-| --api-token | False    |         | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var) |
+| Parameter   | Required | Default | Description                                                                       |
+|:------------|:---------|:--------|:----------------------------------------------------------------------------------|
+| --api-token | False    |         | Socket Security API token (can also be set via SOCKET_SECURITY_API_TOKEN env var) |
 #### Repository
 | Parameter        | Required | Default | Description                                                             |
@@ -278,15 +279,43 @@ Example `SOCKET_JIRA_CONFIG_JSON` value
 | Environment Variable     | Required | Default | Description                        |
 |:-------------------------|:---------|:--------|:-----------------------------------|
-| SOCKET_SLACK_ENABLED     | False    | false   | Enables/Disables the Slack Plugin  |
-| SOCKET_SLACK_CONFIG_JSON | True     | None    | Required if the Plugin is enabled. |
+| SOCKET_SLACK_CONFIG_JSON | False    | None    | Slack webhook configuration (enables plugin when set). Alternatively, use --slack-webhook CLI flag. |
-Example `SOCKET_SLACK_CONFIG_JSON` value
+Example `SOCKET_SLACK_CONFIG_JSON` value (simple webhook):
 ````json
 {"url": "https://REPLACE_ME_WEBHOOK"}
 ````
+Example with advanced filtering (reachability-only alerts):
+````json
+{
+  "url": [
+    {
+      "name": "prod_alerts",
+      "url": "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
+    }
+  ],
+  "url_configs": {
+    "prod_alerts": {
+      "reachability_alerts_only": true,
+      "always_send_reachability": true
+    }
+  }
+}
+````
+**Advanced Configuration Options:**
+The `url_configs` object allows per-webhook filtering:
+- `reachability_alerts_only` (boolean, default: false): When `--reach` is enabled, only send blocking alerts (error=true) from diff scans
+- `always_send_reachability` (boolean, default: true): Send reachability alerts even on non-diff scans when `--reach` is enabled. Set to false to only send reachability alerts when there are diff alerts.
+- `repos` (array): Only send alerts for specific repositories (e.g., `["owner/repo1", "owner/repo2"]`)
+- `alert_types` (array): Only send specific alert types (e.g., `["malware", "typosquat"]`)
+- `severities` (array): Only send alerts with specific severities (e.g., `["high", "critical"]`)
 ## Automatic Git Detection
 The CLI now automatically detects repository information from your git environment, significantly simplifying usage in CI/CD pipelines:
@@ -547,7 +576,8 @@ Implementation targets:
 ### Environment Variables
 #### Core Configuration
-- `SOCKET_SECURITY_API_KEY`: Socket Security API token (alternative to --api-token parameter)
+- `SOCKET_SECURITY_API_TOKEN`: Socket Security API token (alternative to --api-token parameter)
+  - For backwards compatibility, also accepts: `SOCKET_SECURITY_API_KEY`, `SOCKET_API_KEY`, `SOCKET_API_TOKEN`
 - `SOCKET_SDK_PATH`: Path to local socketdev repository (default: ../socketdev)
 #### GitLab Integration

{socketsecurity-2.2.57 → socketsecurity-2.2.60}/README.md RENAMED Viewed

@@ -101,14 +101,14 @@ socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--repo-is-public] [--branc
           [--only-facts-file] [--version]
 ````
-If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_KEY`
+If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_TOKEN`
 ### Parameters
 #### Authentication
-| Parameter   | Required | Default | Description                                                                     |
-|:------------|:---------|:--------|:--------------------------------------------------------------------------------|
-| --api-token | False    |         | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var) |
+| Parameter   | Required | Default | Description                                                                       |
+|:------------|:---------|:--------|:----------------------------------------------------------------------------------|
+| --api-token | False    |         | Socket Security API token (can also be set via SOCKET_SECURITY_API_TOKEN env var) |
 #### Repository
 | Parameter        | Required | Default | Description                                                             |
@@ -221,15 +221,43 @@ Example `SOCKET_JIRA_CONFIG_JSON` value
 | Environment Variable     | Required | Default | Description                        |
 |:-------------------------|:---------|:--------|:-----------------------------------|
-| SOCKET_SLACK_ENABLED     | False    | false   | Enables/Disables the Slack Plugin  |
-| SOCKET_SLACK_CONFIG_JSON | True     | None    | Required if the Plugin is enabled. |
+| SOCKET_SLACK_CONFIG_JSON | False    | None    | Slack webhook configuration (enables plugin when set). Alternatively, use --slack-webhook CLI flag. |
-Example `SOCKET_SLACK_CONFIG_JSON` value
+Example `SOCKET_SLACK_CONFIG_JSON` value (simple webhook):
 ````json
 {"url": "https://REPLACE_ME_WEBHOOK"}
 ````
+Example with advanced filtering (reachability-only alerts):
+````json
+{
+  "url": [
+    {
+      "name": "prod_alerts",
+      "url": "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
+    }
+  ],
+  "url_configs": {
+    "prod_alerts": {
+      "reachability_alerts_only": true,
+      "always_send_reachability": true
+    }
+  }
+}
+````
+**Advanced Configuration Options:**
+The `url_configs` object allows per-webhook filtering:
+- `reachability_alerts_only` (boolean, default: false): When `--reach` is enabled, only send blocking alerts (error=true) from diff scans
+- `always_send_reachability` (boolean, default: true): Send reachability alerts even on non-diff scans when `--reach` is enabled. Set to false to only send reachability alerts when there are diff alerts.
+- `repos` (array): Only send alerts for specific repositories (e.g., `["owner/repo1", "owner/repo2"]`)
+- `alert_types` (array): Only send specific alert types (e.g., `["malware", "typosquat"]`)
+- `severities` (array): Only send alerts with specific severities (e.g., `["high", "critical"]`)
 ## Automatic Git Detection
 The CLI now automatically detects repository information from your git environment, significantly simplifying usage in CI/CD pipelines:
@@ -490,7 +518,8 @@ Implementation targets:
 ### Environment Variables
 #### Core Configuration
-- `SOCKET_SECURITY_API_KEY`: Socket Security API token (alternative to --api-token parameter)
+- `SOCKET_SECURITY_API_TOKEN`: Socket Security API token (alternative to --api-token parameter)
+  - For backwards compatibility, also accepts: `SOCKET_SECURITY_API_KEY`, `SOCKET_API_KEY`, `SOCKET_API_TOKEN`
 - `SOCKET_SDK_PATH`: Path to local socketdev repository (default: ../socketdev)
 #### GitLab Integration

{socketsecurity-2.2.57 → socketsecurity-2.2.60}/pyproject.toml RENAMED Viewed

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 [project]
 name = "socketsecurity"
-version = "2.2.57"
+version = "2.2.60"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,8 +16,9 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socketdev>=3.0.22,<4.0.0',
+    "socketdev>=3.0.25,<4.0.0",
     "bs4>=0.0.2",
+    "markdown>=3.10",
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"

{socketsecurity-2.2.57 → socketsecurity-2.2.60}/socketsecurity/__init__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.57'
+__version__ = '2.2.60'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.57 → socketsecurity-2.2.60}/socketsecurity/config.py RENAMED Viewed

@@ -57,6 +57,7 @@ class CliConfig:
     version: str = __version__
     jira_plugin: PluginConfig = field(default_factory=PluginConfig)
     slack_plugin: PluginConfig = field(default_factory=PluginConfig)
+    slack_webhook: Optional[str] = None
     license_file_name: str = "license_output.json"
     save_submitted_files_list: Optional[str] = None
     save_manifest_tar: Optional[str] = None
@@ -85,8 +86,14 @@ class CliConfig:
         parser = create_argument_parser()
         args = parser.parse_args(args_list)
-        # Get API token from env or args
-        api_token = os.getenv("SOCKET_SECURITY_API_KEY") or args.api_token
+        # Get API token from env or args (check multiple env var names)
+        api_token = (
+            os.getenv("SOCKET_SECURITY_API_KEY") or
+            os.getenv("SOCKET_SECURITY_API_TOKEN") or
+            os.getenv("SOCKET_API_KEY") or
+            os.getenv("SOCKET_API_TOKEN") or
+            args.api_token
+        )
         # Strip quotes from commit message if present
         commit_message = args.commit_message
@@ -128,6 +135,7 @@ class CliConfig:
             'save_manifest_tar': args.save_manifest_tar,
             'sub_paths': args.sub_paths or [],
             'workspace_name': args.workspace_name,
+            'slack_webhook': args.slack_webhook,
             'reach': args.reach,
             'reach_version': args.reach_version,
             'reach_analysis_timeout': args.reach_analysis_timeout,
@@ -151,6 +159,11 @@ class CliConfig:
         except json.JSONDecodeError:
             logging.error(f"Unable to parse excluded_ecosystems: {config_args['excluded_ecosystems']}")
             exit(1)
+        # Build Slack plugin config, merging CLI arg with env config
+        slack_config = get_plugin_config_from_env("SOCKET_SLACK")
+        if args.slack_webhook:
+            slack_config["url"] = args.slack_webhook
         config_args.update({
             "jira_plugin": PluginConfig(
                 enabled=os.getenv("SOCKET_JIRA_ENABLED", "false").lower() == "true",
@@ -158,9 +171,9 @@ class CliConfig:
                 config=get_plugin_config_from_env("SOCKET_JIRA")
             ),
             "slack_plugin": PluginConfig(
-                enabled=os.getenv("SOCKET_SLACK_ENABLED", "false").lower() == "true",
+                enabled=bool(slack_config) or bool(args.slack_webhook),
                 levels=os.getenv("SOCKET_SLACK_LEVELS", "block,warn").split(","),
-                config=get_plugin_config_from_env("SOCKET_SLACK")
+                config=slack_config
             )
         })
@@ -212,7 +225,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
         "--api-token",
         dest="api_token",
         metavar="<token>",
-        help="Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var)",
+        help="Socket Security API token (can also be set via SOCKET_SECURITY_API_TOKEN env var)",
         required=False
     )
     auth_group.add_argument(
@@ -475,6 +488,15 @@ def create_argument_parser() -> argparse.ArgumentParser:
         help=argparse.SUPPRESS
     )
+    # Plugin Configuration
+    plugin_group = parser.add_argument_group('Plugin Configuration')
+    plugin_group.add_argument(
+        "--slack-webhook",
+        dest="slack_webhook",
+        metavar="<url>",
+        help="Slack webhook URL for notifications (automatically enables Slack plugin)"
+    )
     # Advanced Configuration
     advanced_group = parser.add_argument_group('Advanced Configuration')
     advanced_group.add_argument(

{socketsecurity-2.2.57 → socketsecurity-2.2.60}/socketsecurity/core/__init__.py RENAMED Viewed

@@ -4,13 +4,10 @@ import sys
 import tarfile
 import tempfile
 import time
-import io
 import json
 from dataclasses import asdict
-from glob import glob
-from io import BytesIO
-from pathlib import PurePath
-from typing import BinaryIO, Dict, List, Tuple, Set, Union, TYPE_CHECKING, Optional
+from pathlib import Path, PurePath
+from typing import Dict, List, Tuple, Set, TYPE_CHECKING, Optional
 if TYPE_CHECKING:
     from socketsecurity.config import CliConfig
@@ -315,15 +312,18 @@ class Core:
                 for pattern in expanded_patterns:
                     case_insensitive_pattern = Core.to_case_insensitive_regex(pattern)
-                    file_path = os.path.join(path, "**", case_insensitive_pattern)
-                    log.debug(f"Globbing {file_path}")
+                    log.debug(f"Searching for pattern: {case_insensitive_pattern}")
                     glob_start = time.time()
-                    glob_files = glob(file_path, recursive=True)
+                    # Use pathlib.Path.rglob() instead of glob.glob() to properly match dotfiles/dotdirs
+                    base_path = Path(path)
+                    glob_files = base_path.rglob(case_insensitive_pattern)
                     for glob_file in glob_files:
-                        if os.path.isfile(glob_file) and not Core.is_excluded(glob_file, self.config.excluded_dirs):
-                            files.add(glob_file.replace("\\", "/"))
+                        glob_file_str = str(glob_file)
+                        if os.path.isfile(glob_file_str) and not Core.is_excluded(glob_file_str, self.config.excluded_dirs):
+                            files.add(glob_file_str.replace("\\", "/"))
                     glob_end = time.time()
                     log.debug(f"Globbing took {glob_end - glob_start:.4f} seconds")
@@ -414,6 +414,11 @@ class Core:
                 # Expand brace patterns for each manifest pattern
                 expanded_patterns = Core.expand_brace_pattern(pattern_str)
                 for exp_pat in expanded_patterns:
+                    # If pattern doesn't contain '/', prepend '**/' to match files in any subdirectory
+                    # This ensures patterns like '*requirements.txt' match '.test/requirements.txt'
+                    if '/' not in exp_pat:
+                        exp_pat = f"**/{exp_pat}"
                     for file in norm_files:
                         # Use PurePath.match for glob-like matching
                         if PurePath(file).match(exp_pat):

socketsecurity 2.2.57__tar.gz → 2.2.60__tar.gz

socketsecurity 2.2.57tar.gz → 2.2.60tar.gz