socketsecurity 2.2.83__tar.gz → 2.2.85__tar.gz

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.83
+Version: 2.2.85
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.83"
+version = "2.2.85"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.83'
+__version__ = '2.2.85'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/config.py

@@ -131,6 +131,10 @@ class CliConfig:
     reach_additional_params: Optional[List[str]] = None
     only_facts_file: bool = False
     reach_use_only_pregenerated_sboms: bool = False
+    reach_continue_on_analysis_errors: bool = False
+    reach_continue_on_install_errors: bool = False
+    reach_continue_on_missing_lock_files: bool = False
+    reach_continue_on_no_source_files: bool = False
     max_purl_batch_size: int = 5000
     enable_commit_status: bool = False
     config_file: Optional[str] = None
@@ -236,6 +240,10 @@ class CliConfig:
             'reach_additional_params': args.reach_additional_params,
             'only_facts_file': args.only_facts_file,
             'reach_use_only_pregenerated_sboms': args.reach_use_only_pregenerated_sboms,
+            'reach_continue_on_analysis_errors': args.reach_continue_on_analysis_errors,
+            'reach_continue_on_install_errors': args.reach_continue_on_install_errors,
+            'reach_continue_on_missing_lock_files': args.reach_continue_on_missing_lock_files,
+            'reach_continue_on_no_source_files': args.reach_continue_on_no_source_files,
             'max_purl_batch_size': args.max_purl_batch_size,
             'enable_commit_status': args.enable_commit_status,
             'config_file': args.config_file,
@@ -861,6 +869,30 @@ def create_argument_parser() -> argparse.ArgumentParser:
         action="store_true",
         help="When using this option, the scan is created based only on pre-generated CDX and SPDX files in your project. (requires --reach)"
     )
+    reachability_group.add_argument(
+        "--reach-continue-on-analysis-errors",
+        dest="reach_continue_on_analysis_errors",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-install-errors",
+        dest="reach_continue_on_install_errors",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-missing-lock-files",
+        dest="reach_continue_on_missing_lock_files",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
+    reachability_group.add_argument(
+        "--reach-continue-on-no-source-files",
+        dest="reach_continue_on_no_source_files",
+        action="store_true",
+        help=argparse.SUPPRESS
+    )
 
     parser.add_argument(
         '--version',

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/core/cli_client.py

@@ -1,4 +1,5 @@
 import base64
+import json
 import logging
 from typing import Dict, List, Optional, Union
 
@@ -55,3 +56,18 @@ class CliClient:
         except requests.exceptions.RequestException as e:
             logger.error(f"API request failed: {str(e)}")
             raise APIFailure(f"Request failed: {str(e)}")
+
+    def post_telemetry_events(self, org_slug: str, events: List[Dict]) -> None:
+        """Post telemetry events one at a time to the v0 telemetry API. Fire-and-forget — logs errors but never raises."""
+        logger.debug(f"Sending {len(events)} telemetry event(s) to v0/orgs/{org_slug}/telemetry")
+        for i, event in enumerate(events):
+            try:
+                logger.debug(f"Telemetry event {i+1}/{len(events)}: {json.dumps(event)}")
+                resp = self.request(
+                    path=f"orgs/{org_slug}/telemetry",
+                    method="POST",
+                    payload=json.dumps(event),
+                )
+                logger.debug(f"Telemetry event {i+1}/{len(events)} sent: status={resp.status_code}")
+            except Exception as e:
+                logger.warning(f"Failed to send telemetry event {i+1}/{len(events)}: {e}")

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/core/scm/gitlab.py

@@ -1,3 +1,4 @@
+import json
 import os
 import sys
 from dataclasses import dataclass
@@ -219,6 +220,24 @@ class Gitlab:
             base_url=self.config.api_url
         )
 
+    def has_thumbsup_reaction(self, comment_id: int) -> bool:
+        """Best-effort check for 'thumbsup' award emoji on a MR note."""
+        if not self.config.mr_project_id or not self.config.mr_iid:
+            return False
+        path = f"projects/{self.config.mr_project_id}/merge_requests/{self.config.mr_iid}/notes/{comment_id}/award_emoji"
+        try:
+            response = self._request_with_fallback(
+                path=path,
+                headers=self.config.headers,
+                base_url=self.config.api_url
+            )
+            for emoji in response.json():
+                if emoji.get("name") == "thumbsup":
+                    return True
+        except Exception as e:
+            log.debug(f"Could not check award emoji for note {comment_id} (best effort): {e}")
+        return False
+
     def get_comments_for_pr(self) -> dict:
         log.debug(f"Getting Gitlab comments for Repo {self.config.repository} for PR {self.config.mr_iid}")
         path = f"projects/{self.config.mr_project_id}/merge_requests/{self.config.mr_iid}/notes"
@@ -326,9 +345,32 @@ class Gitlab:
         except Exception as e:
             log.error(f"Failed to set commit status: {e}")
 
+    def post_thumbsup_reaction(self, comment_id: int) -> None:
+        """Best-effort: add 'thumbsup' award emoji to a MR note."""
+        if not self.config.mr_project_id or not self.config.mr_iid:
+            return
+        path = f"projects/{self.config.mr_project_id}/merge_requests/{self.config.mr_iid}/notes/{comment_id}/award_emoji"
+        try:
+            headers = {**self.config.headers, "Content-Type": "application/json"}
+            self._request_with_fallback(
+                path=path,
+                payload=json.dumps({"name": "thumbsup"}),
+                method="POST",
+                headers=headers,
+                base_url=self.config.api_url
+            )
+        except Exception as e:
+            log.debug(f"Could not add thumbsup emoji to note {comment_id} (best effort): {e}")
+
+    def handle_ignore_reactions(self, comments: dict) -> None:
+        for comment in comments.get("ignore", []):
+            if "SocketSecurity ignore" in comment.body and not self.has_thumbsup_reaction(comment.id):
+                self.post_thumbsup_reaction(comment.id)
+
     def remove_comment_alerts(self, comments: dict):
         security_alert = comments.get("security")
         if security_alert is not None:
             # Type narrowing: after None check, mypy knows this is Comment
             new_body = Comments.process_security_comment(security_alert, comments)
+            self.handle_ignore_reactions(comments)
             self.update_comment(new_body, str(security_alert.id))

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/core/scm_comments.py

@@ -51,11 +51,13 @@ class Comments:
         for comment in comments["ignore"]:
             comment: Comment
             first_line = comment.body_list[0]
-            if not ignore_all and "SocketSecurity ignore" in first_line:
+            if not ignore_all and "socketsecurity ignore" in first_line.lower():
                 try:
                     first_line = first_line.lstrip("@")
-                    _, command = first_line.split("SocketSecurity ")
-                    command = command.strip()
+                    # Case-insensitive split: find "SocketSecurity " regardless of casing
+                    lower_line = first_line.lower()
+                    split_idx = lower_line.index("socketsecurity ") + len("socketsecurity ")
+                    command = first_line[split_idx:].strip()
                     if command == "ignore-all":
                         ignore_all = True
                     else:

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/core/tools/reachability.py

@@ -104,6 +104,10 @@ class ReachabilityAnalyzer:
         allow_unverified: bool = False,
         enable_debug: bool = False,
         use_only_pregenerated_sboms: bool = False,
+        continue_on_analysis_errors: bool = False,
+        continue_on_install_errors: bool = False,
+        continue_on_missing_lock_files: bool = False,
+        continue_on_no_source_files: bool = False,
     ) -> Dict[str, Any]:
         """
         Run reachability analysis.
@@ -196,6 +200,18 @@ class ReachabilityAnalyzer:
         if use_only_pregenerated_sboms:
             cmd.append("--use-only-pregenerated-sboms")
 
+        if continue_on_analysis_errors:
+            cmd.append("--reach-continue-on-analysis-errors")
+
+        if continue_on_install_errors:
+            cmd.append("--reach-continue-on-install-errors")
+
+        if continue_on_missing_lock_files:
+            cmd.append("--reach-continue-on-missing-lock-files")
+
+        if continue_on_no_source_files:
+            cmd.append("--reach-continue-on-no-source-files")
+
         # Add any additional parameters provided by the user
         if additional_params:
             cmd.extend(additional_params)

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/socketsecurity/socketcli.py

@@ -4,6 +4,8 @@ import sys
 import traceback
 import shutil
 import warnings
+from datetime import datetime, timezone
+from uuid import uuid4
 
 from dotenv import load_dotenv
 from git import InvalidGitRepositoryError, NoSuchPathError
@@ -301,7 +303,11 @@ def main_code():
                     additional_params=config.reach_additional_params,
                     allow_unverified=config.allow_unverified,
                     enable_debug=config.enable_debug,
-                    use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms
+                    use_only_pregenerated_sboms=config.reach_use_only_pregenerated_sboms,
+                    continue_on_analysis_errors=config.reach_continue_on_analysis_errors,
+                    continue_on_install_errors=config.reach_continue_on_install_errors,
+                    continue_on_missing_lock_files=config.reach_continue_on_missing_lock_files,
+                    continue_on_no_source_files=config.reach_continue_on_no_source_files,
                 )
                 
                 log.info(f"Reachability analysis completed successfully")
@@ -478,6 +484,17 @@ def main_code():
 
     # Handle SCM-specific flows
     log.debug(f"Flow decision: scm={scm is not None}, force_diff_mode={force_diff_mode}, force_api_mode={force_api_mode}, enable_diff={config.enable_diff}")
+
+    def _is_unprocessed(c):
+        """Check if an ignore comment has not yet been marked with '+1' reaction.
+        For GitHub, reactions['+1'] is already in the comment response (no extra call).
+        For GitLab, has_thumbsup_reaction() makes a lazy API call per comment."""
+        if getattr(c, "reactions", {}).get("+1"):
+            return False
+        if hasattr(scm, "has_thumbsup_reaction") and scm.has_thumbsup_reaction(c.id):
+            return False
+        return True
+
     if scm is not None and scm.check_event_type() == "comment":
         # FIXME: This entire flow should be a separate command called "filter_ignored_alerts_in_comments"
         # It's not related to scanning or diff generation - it just:
@@ -489,6 +506,44 @@ def main_code():
 
         if not config.disable_ignore:
             comments = scm.get_comments_for_pr()
+
+            # Emit telemetry for ignore comments before +1 reaction is added.
+            # The +1 reaction (added by remove_comment_alerts) serves as the "processed" marker.
+            if "ignore" in comments:
+                unprocessed = [c for c in comments["ignore"] if _is_unprocessed(c)]
+                if unprocessed:
+                    try:
+                        events = []
+                        for c in unprocessed:
+                            single = {"ignore": [c]}
+                            ignore_all, ignore_commands = Comments.get_ignore_options(single)
+                            user = getattr(c, "user", None) or getattr(c, "author", None) or {}
+                            now = datetime.now(timezone.utc).isoformat()
+                            shared_fields = {
+                                "event_kind": "user-action",
+                                "client_action": "ignore",
+                                "alert_action": "error",
+                                "event_sender_created_at": now,
+                                "vcs_provider": integration_type,
+                                "owner": config.repo.split("/")[0] if "/" in config.repo else "",
+                                "repo": config.repo,
+                                "pr_number": pr_number,
+                                "ignore_all": ignore_all,
+                                "sender_name": user.get("login") or user.get("username", ""),
+                                "sender_id": str(user.get("id", "")),
+                            }
+                            if ignore_commands:
+                                for name, version in ignore_commands:
+                                    events.append({**shared_fields, "event_id": str(uuid4()), "artifact_input": f"{name}@{version}"})
+                            elif ignore_all:
+                                events.append({**shared_fields, "event_id": str(uuid4())})
+
+                        if events:
+                            log.debug(f"Ignore telemetry: {len(events)} events to send")
+                            client.post_telemetry_events(org_slug, events)
+                    except Exception as e:
+                        log.warning(f"Failed to send ignore telemetry: {e}")
+
             log.debug("Removing comment alerts")
             scm.remove_comment_alerts(comments)
         else:
@@ -504,9 +559,76 @@ def main_code():
             # FIXME: this overwrites diff.new_alerts, which was previously populated by Core.create_issue_alerts
             if not config.disable_ignore:
                 log.debug("Removing comment alerts")
+                alerts_before = list(diff.new_alerts)
                 diff.new_alerts = Comments.remove_alerts(comments, diff.new_alerts)
+
+                ignored_alerts = [a for a in alerts_before if a not in diff.new_alerts]
+                # Emit telemetry per-comment so each event carries the comment author.
+                unprocessed_ignore = [
+                    c for c in comments.get("ignore", [])
+                    if _is_unprocessed(c)
+                ]
+                if ignored_alerts and unprocessed_ignore:
+                    try:
+                        events = []
+                        now = datetime.now(timezone.utc).isoformat()
+                        for c in unprocessed_ignore:
+                            single = {"ignore": [c]}
+                            c_ignore_all, c_ignore_commands = Comments.get_ignore_options(single)
+                            user = getattr(c, "user", None) or getattr(c, "author", None) or {}
+                            sender_name = user.get("login") or user.get("username", "")
+                            sender_id = str(user.get("id", ""))
+
+                            # Match this comment's targets to the actual ignored alerts
+                            matched_alerts = []
+                            if c_ignore_all:
+                                matched_alerts = ignored_alerts
+                            else:
+                                for alert in ignored_alerts:
+                                    full_name = f"{alert.pkg_type}/{alert.pkg_name}"
+                                    purl = (full_name, alert.pkg_version)
+                                    purl_star = (full_name, "*")
+                                    if purl in c_ignore_commands or purl_star in c_ignore_commands:
+                                        matched_alerts.append(alert)
+
+                            shared_fields = {
+                                "event_kind": "user-action",
+                                "client_action": "ignore",
+                                "event_sender_created_at": now,
+                                "vcs_provider": integration_type,
+                                "owner": config.repo.split("/")[0] if "/" in config.repo else "",
+                                "repo": config.repo,
+                                "pr_number": pr_number,
+                                "ignore_all": c_ignore_all,
+                                "sender_name": sender_name,
+                                "sender_id": sender_id,
+                            }
+                            if matched_alerts:
+                                for alert in matched_alerts:
+                                    # Derive alert_action from the alert's resolved action flags
+                                    if getattr(alert, "error", False):
+                                        alert_action = "error"
+                                    elif getattr(alert, "warn", False):
+                                        alert_action = "warn"
+                                    elif getattr(alert, "monitor", False):
+                                        alert_action = "monitor"
+                                    else:
+                                        alert_action = "error"
+                                    events.append({**shared_fields, "alert_action": alert_action, "event_id": str(uuid4()), "artifact_purl": alert.purl})
+                            elif c_ignore_all:
+                                events.append({**shared_fields, "event_id": str(uuid4())})
+
+                        if events:
+                            client.post_telemetry_events(org_slug, events)
+
+                        # Mark ignore comments as processed with +1 reaction
+                        if hasattr(scm, "handle_ignore_reactions"):
+                            scm.handle_ignore_reactions(comments)
+                    except Exception as e:
+                        log.warning(f"Failed to send ignore telemetry: {e}")
             else:
                 log.info("Ignore commands disabled (--disable-ignore), all alerts will be reported")
+
             log.debug("Creating Dependency Overview Comment")
             
             overview_comment = Messages.dependency_overview_template(diff)

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/tests/unit/test_client.py

@@ -122,4 +122,53 @@ def test_request_with_payload(client):
 
         args, kwargs = mock_request.call_args
         assert kwargs['method'] == "POST"
-        assert kwargs['data'] == payload
+        assert kwargs['data'] == payload
+
+
+def test_post_telemetry_events_sends_individually(client):
+    """Test that telemetry events are posted one at a time to v0 API"""
+    import json
+
+    events = [
+        {"event_kind": "user-action", "client_action": "ignore_alerts", "artifact_purl": "pkg:npm/foo@1.0.0"},
+        {"event_kind": "user-action", "client_action": "ignore_alerts", "artifact_purl": "pkg:npm/bar@2.0.0"},
+    ]
+
+    with patch('requests.request') as mock_request:
+        mock_response = Mock()
+        mock_response.status_code = 201
+        mock_request.return_value = mock_response
+
+        client.post_telemetry_events("test-org", events)
+
+        assert mock_request.call_count == 2
+
+        first_call = mock_request.call_args_list[0]
+        assert first_call.kwargs['url'] == "https://api.socket.dev/v0/orgs/test-org/telemetry"
+        assert first_call.kwargs['method'] == "POST"
+        assert first_call.kwargs['data'] == json.dumps(events[0])
+
+        second_call = mock_request.call_args_list[1]
+        assert second_call.kwargs['data'] == json.dumps(events[1])
+
+
+def test_post_telemetry_events_continues_on_failure(client):
+    """Test that a failed event does not prevent subsequent events from being sent"""
+    import json
+
+    events = [
+        {"event_kind": "user-action", "artifact_purl": "pkg:npm/foo@1.0.0"},
+        {"event_kind": "user-action", "artifact_purl": "pkg:npm/bar@2.0.0"},
+    ]
+
+    with patch('requests.request') as mock_request:
+        mock_response = Mock()
+        mock_response.status_code = 201
+        mock_request.side_effect = [
+            requests.exceptions.ConnectionError("timeout"),
+            mock_response,
+        ]
+
+        client.post_telemetry_events("test-org", events)
+
+        assert mock_request.call_count == 2

socketsecurity-2.2.85/tests/unit/test_ignore_telemetry_filtering.py

@@ -0,0 +1,237 @@
+"""Tests for the +1 reaction dedup logic used to filter ignore comments for telemetry."""
+
+from unittest.mock import Mock
+
+from socketsecurity.core.classes import Comment
+from socketsecurity.core.scm_comments import Comments
+
+
+def _make_comment(body: str, thumbs_up: int = 0, comment_id: int = 1, user: dict | None = None) -> Comment:
+    return Comment(
+        id=comment_id,
+        body=body,
+        body_list=body.split("\n"),
+        reactions={"+1": thumbs_up},
+        user=user or {"login": "test-user", "id": 123},
+    )
+
+
+def _filter_unprocessed(comments: list[Comment], scm=None) -> list[Comment]:
+    """Mirrors the _is_unprocessed logic in socketcli.py."""
+    def _is_unprocessed(c):
+        if getattr(c, "reactions", {}).get("+1"):
+            return False
+        if hasattr(scm, "has_thumbsup_reaction") and scm.has_thumbsup_reaction(c.id):
+            return False
+        return True
+
+    return [c for c in comments if _is_unprocessed(c)]
+
+
+class TestUnprocessedIgnoreFiltering:
+    def test_returns_comments_without_thumbsup(self):
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=0, comment_id=1),
+            _make_comment("SocketSecurity ignore npm/express@4.18.2", thumbs_up=0, comment_id=2),
+        ]
+        result = _filter_unprocessed(comments)
+        assert len(result) == 2
+
+    def test_excludes_comments_with_thumbsup(self):
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=1, comment_id=1),
+            _make_comment("SocketSecurity ignore npm/express@4.18.2", thumbs_up=0, comment_id=2),
+        ]
+        result = _filter_unprocessed(comments)
+        assert len(result) == 1
+        assert result[0].id == 2
+
+    def test_returns_empty_when_all_processed(self):
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=1, comment_id=1),
+            _make_comment("SocketSecurity ignore-all", thumbs_up=2, comment_id=2),
+        ]
+        result = _filter_unprocessed(comments)
+        assert len(result) == 0
+
+    def test_handles_missing_reactions_attr(self):
+        c = Comment(id=1, body="SocketSecurity ignore npm/foo@1.0.0", body_list=["SocketSecurity ignore npm/foo@1.0.0"])
+        # No reactions attribute set at all
+        result = _filter_unprocessed([c])
+        assert len(result) == 1
+
+    def test_handles_empty_reactions_dict(self):
+        c = _make_comment("SocketSecurity ignore npm/foo@1.0.0", comment_id=1)
+        c.reactions = {}
+        result = _filter_unprocessed([c])
+        assert len(result) == 1
+
+    def test_handles_reactions_with_thumbsup_zero(self):
+        c = _make_comment("SocketSecurity ignore npm/foo@1.0.0", thumbs_up=0, comment_id=1)
+        result = _filter_unprocessed([c])
+        assert len(result) == 1
+
+
+class TestUnprocessedIgnoreFilteringWithScmFallback:
+    """Tests for the has_thumbsup_reaction fallback path (GitLab)."""
+
+    def test_scm_fallback_excludes_processed_comments(self):
+        """When inline reactions['+1'] is 0 but scm says it has thumbsup, exclude it."""
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=0, comment_id=1),
+            _make_comment("SocketSecurity ignore npm/express@4.18.2", thumbs_up=0, comment_id=2),
+        ]
+        scm = Mock()
+        scm.has_thumbsup_reaction = Mock(side_effect=lambda cid: cid == 1)
+
+        result = _filter_unprocessed(comments, scm=scm)
+        assert len(result) == 1
+        assert result[0].id == 2
+
+    def test_scm_fallback_not_called_when_inline_thumbsup_present(self):
+        """When inline reactions['+1'] is truthy, scm.has_thumbsup_reaction should not be called."""
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=1, comment_id=1),
+        ]
+        scm = Mock()
+        scm.has_thumbsup_reaction = Mock(return_value=False)
+
+        result = _filter_unprocessed(comments, scm=scm)
+        assert len(result) == 0
+        scm.has_thumbsup_reaction.assert_not_called()
+
+    def test_scm_without_has_thumbsup_reaction_skips_fallback(self):
+        """When scm doesn't have has_thumbsup_reaction (e.g. GitHub), only inline check runs."""
+        comments = [
+            _make_comment("SocketSecurity ignore npm/foo@1.0.0", thumbs_up=0, comment_id=1),
+        ]
+        scm = Mock(spec=[])  # no methods at all
+
+        result = _filter_unprocessed(comments, scm=scm)
+        assert len(result) == 1
+
+    def test_scm_fallback_returns_all_unprocessed(self):
+        """When scm says none have thumbsup, all are returned."""
+        comments = [
+            _make_comment("SocketSecurity ignore npm/foo@1.0.0", thumbs_up=0, comment_id=1),
+            _make_comment("SocketSecurity ignore npm/bar@2.0.0", thumbs_up=0, comment_id=2),
+        ]
+        scm = Mock()
+        scm.has_thumbsup_reaction = Mock(return_value=False)
+
+        result = _filter_unprocessed(comments, scm=scm)
+        assert len(result) == 2
+
+
+class TestUnprocessedIgnoreFilteringWithCommentsParsing:
+    """Integration: filter unprocessed comments, then parse ignore options."""
+
+    def test_only_new_artifacts_are_parsed(self):
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=1, comment_id=1),
+            _make_comment("SocketSecurity ignore npm/express@4.18.2", thumbs_up=0, comment_id=2),
+            _make_comment("SocketSecurity ignore npm/axios@1.6.0", thumbs_up=0, comment_id=3),
+        ]
+        unprocessed = _filter_unprocessed(comments)
+        unprocessed_comments = {"ignore": unprocessed}
+        ignore_all, ignore_commands = Comments.get_ignore_options(unprocessed_comments)
+
+        assert not ignore_all
+        assert ("npm/express", "4.18.2") in ignore_commands
+        assert ("npm/axios", "1.6.0") in ignore_commands
+        assert ("npm/lodash", "4.17.21") not in ignore_commands
+
+    def test_ignore_all_from_unprocessed(self):
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=1, comment_id=1),
+            _make_comment("SocketSecurity ignore-all", thumbs_up=0, comment_id=2),
+        ]
+        unprocessed = _filter_unprocessed(comments)
+        unprocessed_comments = {"ignore": unprocessed}
+        ignore_all, ignore_commands = Comments.get_ignore_options(unprocessed_comments)
+
+        assert ignore_all
+
+    def test_no_unprocessed_means_no_telemetry(self):
+        comments = [
+            _make_comment("SocketSecurity ignore npm/lodash@4.17.21", thumbs_up=1, comment_id=1),
+            _make_comment("SocketSecurity ignore npm/express@4.18.2", thumbs_up=2, comment_id=2),
+        ]
+        unprocessed = _filter_unprocessed(comments)
+        assert len(unprocessed) == 0
+
+
+def _build_event(comment, ignore_all=False, ignore_commands=None, artifact_input=None, artifact_purl=None):
+    """Mirrors the event construction logic in socketcli.py."""
+    from datetime import datetime, timezone
+    from uuid import uuid4
+
+    user = getattr(comment, "user", None) or getattr(comment, "author", None) or {}
+    shared_fields = {
+        "event_kind": "user-action",
+        "client_action": "ignore",
+        "alert_action": "error",
+        "event_sender_created_at": datetime.now(timezone.utc).isoformat(),
+        "vcs_provider": "github",
+        "owner": "test-owner",
+        "repo": "test-owner/test-repo",
+        "pr_number": 1,
+        "ignore_all": ignore_all,
+        "sender_name": user.get("login") or user.get("username", ""),
+        "sender_id": str(user.get("id", "")),
+    }
+    if artifact_input:
+        return {**shared_fields, "event_id": str(uuid4()), "artifact_input": artifact_input}
+    if artifact_purl:
+        return {**shared_fields, "event_id": str(uuid4()), "artifact_purl": artifact_purl}
+    return {**shared_fields, "event_id": str(uuid4())}
+
+
+class TestTelemetryEventPayloadShape:
+    """Tests that telemetry event payloads contain the required fields."""
+
+    def test_per_artifact_event_has_required_fields(self):
+        c = _make_comment("SocketSecurity ignore npm/lodash@4.17.21", user={"login": "alice", "id": 1})
+        event = _build_event(c, artifact_input="npm/lodash@4.17.21")
+
+        assert event["event_kind"] == "user-action"
+        assert event["client_action"] == "ignore"
+        assert event["alert_action"] == "error"
+        assert event["vcs_provider"] == "github"
+        assert event["sender_name"] == "alice"
+        assert event["sender_id"] == "1"
+        assert event["artifact_input"] == "npm/lodash@4.17.21"
+        assert "event_id" in event
+        assert "event_sender_created_at" in event
+
+    def test_ignore_all_event_has_required_fields(self):
+        c = _make_comment("SocketSecurity ignore-all", user={"login": "bob", "id": 2})
+        event = _build_event(c, ignore_all=True)
+
+        assert event["event_kind"] == "user-action"
+        assert event["client_action"] == "ignore"
+        assert event["alert_action"] == "error"
+        assert event["ignore_all"] is True
+        assert event["sender_name"] == "bob"
+        assert "artifact_input" not in event
+        assert "artifact_purl" not in event
+
+    def test_push_flow_event_uses_artifact_purl(self):
+        c = _make_comment("SocketSecurity ignore npm/lodash@4.17.21", user={"login": "alice", "id": 1})
+        event = _build_event(c, artifact_purl="pkg:npm/lodash@4.17.21")
+
+        assert event["artifact_purl"] == "pkg:npm/lodash@4.17.21"
+        assert event["alert_action"] == "error"
+        assert "artifact_input" not in event
+
+    def test_gitlab_author_populates_sender(self):
+        c = Comment(
+            id=1, body="SocketSecurity ignore npm/foo@1.0.0",
+            body_list=["SocketSecurity ignore npm/foo@1.0.0"],
+            reactions={"+1": 0},
+            author={"username": "gitlab-dev", "id": 42},
+        )
+        event = _build_event(c, artifact_input="npm/foo@1.0.0")
+
+        assert event["sender_name"] == "gitlab-dev"
+        assert event["sender_id"] == "42"

{socketsecurity-2.2.83 → socketsecurity-2.2.85}/uv.lock

@@ -1168,7 +1168,7 @@ wheels = [
 
 [[package]]
 name = "socketsecurity"
-version = "2.2.82"
+version = "2.2.84"
 source = { editable = "." }
 dependencies = [
     { name = "bs4" },