socketsecurity 2.2.7__tar.gz → 2.2.8__tar.gz

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.7
+Version: 2.2.8
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -39,7 +39,7 @@ Requires-Dist: packaging
 Requires-Dist: prettytable
 Requires-Dist: python-dotenv
 Requires-Dist: requests
-Requires-Dist: socketdev<4.0.0,>=3.0.0
+Requires-Dist: socketdev<4.0.0,>=3.0.5
 Provides-Extra: dev
 Requires-Dist: hatch; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.7"
+version = "2.2.8"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socketdev>=3.0.0,<4.0.0'
+    'socketdev>=3.0.5,<4.0.0'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.7'
+__version__ = '2.2.8'

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/socketsecurity/core/__init__.py

@@ -451,13 +451,14 @@ class Core:
         log.debug(f"Created temporary empty file for baseline scan: {temp_path}")
         return [temp_path]
 
-    def create_full_scan(self, files: List[str], params: FullScanParams) -> FullScan:
+    def create_full_scan(self, files: List[str], params: FullScanParams, base_path: str = None) -> FullScan:
         """
         Creates a new full scan via the Socket API.
 
         Args:
             files: List of file paths to scan
             params: Parameters for the full scan
+            base_path: Base path for the scan (optional)
 
         Returns:
             FullScan object with scan results
@@ -465,7 +466,7 @@ class Core:
         log.info("Creating new full scan")
         create_full_start = time.time()
 
-        res = self.sdk.fullscans.post(files, params, use_types=True, use_lazy_loading=True, max_open_files=50)
+        res = self.sdk.fullscans.post(files, params, use_types=True, use_lazy_loading=True, max_open_files=50, base_path=base_path)
         if not res.success:
             log.error(f"Error creating full scan: {res.message}, status: {res.status}")
             raise Exception(f"Error creating full scan: {res.message}, status: {res.status}")
@@ -523,7 +524,7 @@ class Core:
         try:
             # Create new scan
             new_scan_start = time.time()
-            new_full_scan = self.create_full_scan(files, params)
+            new_full_scan = self.create_full_scan(files, params, base_path=path)
             new_scan_end = time.time()
             log.info(f"Total time to create new full scan: {new_scan_end - new_scan_start:.2f}")
         except APIFailure as e:
@@ -899,7 +900,7 @@ class Core:
             # Create baseline scan with empty file
             empty_files = Core.empty_head_scan_file()
             try:
-                head_full_scan = self.create_full_scan(empty_files, tmp_params)
+                head_full_scan = self.create_full_scan(empty_files, tmp_params, base_path=path)
                 head_full_scan_id = head_full_scan.id
                 log.debug(f"Created empty baseline scan: {head_full_scan_id}")
                 
@@ -922,7 +923,7 @@ class Core:
         # Create new scan
         try:
             new_scan_start = time.time()
-            new_full_scan = self.create_full_scan(files, params)
+            new_full_scan = self.create_full_scan(files, params, base_path=path)
             new_scan_end = time.time()
             log.info(f"Total time to create new full scan: {new_scan_end - new_scan_start:.2f}")
         except APIFailure as e:

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/socketsecurity/core/messages.py

@@ -1,5 +1,6 @@
 import json
 import logging
+import os
 import re
 from pathlib import Path
 from mdutils import MdUtils
@@ -29,6 +30,92 @@ class Messages:
         }
         return severity_mapping.get(severity.lower(), "note")
 
+    @staticmethod
+    def get_manifest_file_url(diff: Diff, manifest_path: str, config=None) -> str:
+        """
+        Generate proper URL for manifest file based on the repository type and diff URL.
+        
+        :param diff: Diff object containing diff_url and report_url
+        :param manifest_path: Path to the manifest file (can contain multiple files separated by ';')
+        :param config: Configuration object to determine SCM type
+        :return: Properly formatted URL for the manifest file
+        """
+        if not manifest_path:
+            return ""
+        
+        # Handle multiple manifest files separated by ';' - use the first one
+        first_manifest = manifest_path.split(';')[0] if ';' in manifest_path else manifest_path
+        
+        # Clean up the manifest path - remove build agent paths and normalize
+        clean_path = first_manifest
+        
+        # Remove common build agent path prefixes
+        prefixes_to_remove = [
+            'opt/buildagent/work/',
+            '/opt/buildagent/work/',
+            'home/runner/work/',
+            '/home/runner/work/',
+        ]
+        
+        for prefix in prefixes_to_remove:
+            if clean_path.startswith(prefix):
+                # Find the part after the build ID (usually a hash)
+                parts = clean_path[len(prefix):].split('/', 2)
+                if len(parts) >= 3:
+                    clean_path = parts[2]  # Take everything after build ID and repo name
+                break
+        
+        # Remove leading slashes
+        clean_path = clean_path.lstrip('/')
+        
+        # Determine SCM type from config or diff_url
+        scm_type = "api"  # Default to API
+        if config and hasattr(config, 'scm'):
+            scm_type = config.scm.lower()
+        elif hasattr(diff, 'diff_url') and diff.diff_url:
+            diff_url = diff.diff_url.lower()
+            if 'github.com' in diff_url or 'github' in diff_url:
+                scm_type = "github"
+            elif 'gitlab' in diff_url:
+                scm_type = "gitlab"
+            elif 'bitbucket' in diff_url:
+                scm_type = "bitbucket"
+        
+        # Generate URL based on SCM type using config information
+        # NEVER use diff.diff_url for SCM URLs - those are Socket URLs for "View report" links
+        if scm_type == "github":
+            if config and hasattr(config, 'repo') and config.repo:
+                # Get branch from config, default to main
+                branch = getattr(config, 'branch', 'main') if hasattr(config, 'branch') and config.branch else 'main'
+                # Construct GitHub URL from repo info (could be github.com or GitHub Enterprise)
+                github_server = os.getenv('GITHUB_SERVER_URL', 'https://github.com')
+                return f"{github_server}/{config.repo}/blob/{branch}/{clean_path}"
+        
+        elif scm_type == "gitlab":
+            if config and hasattr(config, 'repo') and config.repo:
+                # Get branch from config, default to main
+                branch = getattr(config, 'branch', 'main') if hasattr(config, 'branch') and config.branch else 'main'
+                # Construct GitLab URL from repo info (could be gitlab.com or self-hosted GitLab)
+                gitlab_server = os.getenv('CI_SERVER_URL', 'https://gitlab.com')
+                return f"{gitlab_server}/{config.repo}/-/blob/{branch}/{clean_path}"
+        
+        elif scm_type == "bitbucket":
+            if config and hasattr(config, 'repo') and config.repo:
+                # Get branch from config, default to main  
+                branch = getattr(config, 'branch', 'main') if hasattr(config, 'branch') and config.branch else 'main'
+                # Construct Bitbucket URL from repo info (could be bitbucket.org or Bitbucket Server)
+                bitbucket_server = os.getenv('BITBUCKET_SERVER_URL', 'https://bitbucket.org')
+                return f"{bitbucket_server}/{config.repo}/src/{branch}/{clean_path}"
+        
+        # Fallback to Socket file view for API or unknown repository types
+        if hasattr(diff, 'report_url') and diff.report_url:
+            # Strip leading slash and URL encode for Socket dashboard
+            socket_path = clean_path.lstrip('/')
+            encoded_path = socket_path.replace('/', '%2F')
+            return f"{diff.report_url}?tab=files&file={encoded_path}"
+        
+        return ""
+
     @staticmethod
     def find_line_in_file(packagename: str, packageversion: str, manifest_file: str) -> tuple:
         """
@@ -301,12 +388,13 @@ class Messages:
         return output
 
     @staticmethod
-    def security_comment_template(diff: Diff) -> str:
+    def security_comment_template(diff: Diff, config=None) -> str:
         """
         Generates the security comment template in the new required format.
         Dynamically determines placement of the alerts table if markers like `<!-- start-socket-alerts-table -->` are used.
 
         :param diff: Diff - Contains the detected vulnerabilities and warnings.
+        :param config: Optional configuration object to determine SCM type.
         :return: str - The formatted Markdown/HTML string.
         """
         # Group license policy violations by PURL (ecosystem/package@version)
@@ -348,6 +436,8 @@ class Messages:
             severity_icon = Messages.get_severity_icon(alert.severity)
             action = "Block" if alert.error else "Warn"
             details_open = ""
+            # Generate proper manifest URL
+            manifest_url = Messages.get_manifest_file_url(diff, alert.manifests, config)
             # Generate a table row for each alert
             comment += f"""
 <!-- start-socket-alert-{alert.pkg_name}@{alert.pkg_version} -->
@@ -360,7 +450,7 @@ class Messages:
     <details {details_open}>
       <summary>{alert.pkg_name}@{alert.pkg_version} - {alert.title}</summary>
       <p><strong>Note:</strong> {alert.description}</p>
-      <p><strong>Source:</strong> <a href="{alert.manifests}">Manifest File</a></p>
+      <p><strong>Source:</strong> <a href="{manifest_url}">Manifest File</a></p>
       <p>ℹ️ Read more on:  
       <a href="{alert.purl}">This package</a> |  
       <a href="{alert.url}">This alert</a> |  
@@ -405,8 +495,12 @@ class Messages:
             for finding in license_findings:
                 comment += f"        <li>{finding}</li>\n"
             
+            
+            # Generate proper manifest URL for license violations
+            license_manifest_url = Messages.get_manifest_file_url(diff, first_alert.manifests, config)
+            
             comment += f"""      </ul>
-      <p><strong>From:</strong> {first_alert.manifests}</p>
+      <p><strong>From:</strong> <a href="{license_manifest_url}">Manifest File</a></p>
       <p>ℹ️ Read more on: <a href="{first_alert.purl}">This package</a> | <a href="https://socket.dev/alerts/license">What is a license policy violation?</a></p>
       <blockquote>
         <p><em>Next steps:</em> Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at <strong>support@socket.dev</strong>.</p>
@@ -420,12 +514,19 @@ class Messages:
     """
 
         # Close table
-        comment += """
+        # Use diff_url for PRs, report_url for non-PR scans
+        view_report_url = ""
+        if hasattr(diff, 'diff_url') and diff.diff_url:
+            view_report_url = diff.diff_url
+        elif hasattr(diff, 'report_url') and diff.report_url:
+            view_report_url = diff.report_url
+            
+        comment += f"""
   </tbody>
 </table>
 <!-- end-socket-alerts-table -->
 
-[View full report](https://socket.dev/...&action=error%2Cwarn)
+[View full report]({view_report_url}?action=error%2Cwarn)
     """
 
         return comment
@@ -519,7 +620,7 @@ class Messages:
         return md
 
     @staticmethod
-    def create_security_alert_table(diff: Diff, md: MdUtils) -> (MdUtils, list, dict):
+    def create_security_alert_table(diff: Diff, md: MdUtils) -> tuple[MdUtils, list, dict]:
         """
         Creates the detected issues table based on the Security Policy
         :param diff: Diff - Diff report with the detected issues
@@ -730,7 +831,7 @@ class Messages:
         return alert_table
 
     @staticmethod
-    def create_sources(alert: Issue, style="md") -> [str, str]:
+    def create_sources(alert: Issue, style="md") -> tuple[str, str]:
         sources = []
         manifests = []
 

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/socketsecurity/socketcli.py

@@ -275,7 +275,7 @@ def main_code():
             overview_comment = Messages.dependency_overview_template(diff)
             log.debug("Creating Security Issues Comment")
             
-            security_comment = Messages.security_comment_template(diff)
+            security_comment = Messages.security_comment_template(diff, config)
             
             new_security_comment = True
             new_overview_comment = True

{socketsecurity-2.2.7 → socketsecurity-2.2.8}/uv.lock

@@ -1027,20 +1027,20 @@ wheels = [
 
 [[package]]
 name = "socketdev"
-version = "3.0.0"
+version = "3.0.5"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "requests" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/b6/4f/07cb8e4e827931527a3c04e3520dabed8f20ece5a5fb91e5a012e6bb2446/socketdev-3.0.0.tar.gz", hash = "sha256:27c22d3a016e06b916f373f78edd34dc6d7612da0ae845e8e383d58d7425e5bb", size = 101362, upload-time = "2025-08-23T22:59:02.855Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/19/b7/fe90d55105df76e9ff3af025f64b2d2b515c30ac0866a9973a093f25c5ed/socketdev-3.0.5.tar.gz", hash = "sha256:58cbe8613c3c892cdbae4941cb53f065051f8e991500d9d61618b214acf4ffc2", size = 129576, upload-time = "2025-09-09T07:15:48.232Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/58/c4/ed98ab0022f19c8e7ded5a2eaea0f0cabf829c6e7001bb7cf8ae112e964f/socketdev-3.0.0-py3-none-any.whl", hash = "sha256:f142f3b0d22a32479cf73bd35f9a0bdcd4896e494c60fdeb2999c0daa9682611", size = 48942, upload-time = "2025-08-23T22:59:01.134Z" },
+    { url = "https://files.pythonhosted.org/packages/de/05/c3fc7d0418c2598302ad4b0baf111fa492b31a8fa14acfa394af6f55b373/socketdev-3.0.5-py3-none-any.whl", hash = "sha256:e050f50d2c6b4447107edd3368b56b053e1df62056d424cc1616e898303638ef", size = 55083, upload-time = "2025-09-09T07:15:46.52Z" },
 ]
 
 [[package]]
 name = "socketsecurity"
-version = "2.2.3"
+version = "2.2.7"
 source = { editable = "." }
 dependencies = [
     { name = "gitpython" },
@@ -1084,7 +1084,7 @@ requires-dist = [
     { name = "python-dotenv" },
     { name = "requests" },
     { name = "ruff", marker = "extra == 'dev'", specifier = ">=0.3.0" },
-    { name = "socketdev", specifier = ">=3.0.0,<4.0.0" },
+    { name = "socketdev", specifier = ">=3.0.5,<4.0.0" },
     { name = "twine", marker = "extra == 'dev'" },
     { name = "uv", marker = "extra == 'dev'", specifier = ">=0.1.0" },
 ]