Skip to content

Doug/fix run issue #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dacoburn merged 2 commits into from
Oct 3, 2024
Merged

Doug/fix run issue #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
26fe0ec
Fixed issue where diff scan was running when there were no changed ma…
dacoburn Oct 3, 2024
4f1a1ad
Fixes for run time detection of changed files
dacoburn Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion socketsecurity/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
__author__ = 'socket.dev'
__version__ = '1.0.24'
__version__ = '1.0.30'
10 changes: 5 additions & 5 deletions socketsecurity/core/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -410,7 +410,6 @@ def find_files(path: str) -> list:
Globs the path for supported manifest files.
Note: Might move the source to a JSON file
:param path: Str - path to where the manifest files are located
:param files: override finding the manifest files using the glob matcher
:return:
"""
log.debug("Starting Find Files")
Expand Down Expand Up @@ -750,10 +749,11 @@ def create_issue_alerts(package: Package, alerts: dict, packages: dict) -> dict:
if alert.type in security_policy:
action = security_policy[alert.type]['action']
setattr(issue_alert, action, True)
if issue_alert.key not in alerts:
alerts[issue_alert.key] = [issue_alert]
else:
alerts[issue_alert.key].append(issue_alert)
if issue_alert.type != 'licenseSpdxDisj':
if issue_alert.key not in alerts:
alerts[issue_alert.key] = [issue_alert]
else:
alerts[issue_alert.key].append(issue_alert)
return alerts

@staticmethod
Expand Down
9 changes: 7 additions & 2 deletions socketsecurity/core/classes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,10 +161,15 @@ def __init__(self, **kwargs):

if hasattr(self, "created_at"):
self.created_at = self.created_at.strip(" (Coordinated Universal Time)")
if not hasattr(self, "introduced_by"):
self.introduced_by = []
if not hasattr(self, "manifests"):
self.manifests = ""
if not hasattr(self, "introduced_by"):
self.introduced_by = []
else:
for item in self.introduced_by:
pkg, manifest = item
self.manifests += f"{manifest};"
self.manifests = self.manifests.rstrip(";")
if not hasattr(self, "error"):
self.error = False
if not hasattr(self, "warn"):
Expand Down
3 changes: 2 additions & 1 deletion socketsecurity/core/github.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,8 @@ def check_event_type() -> str:
else:
event_type = "diff"
elif github_event_name.lower() == "pull_request":
if event_action is not None and event_action != "" and event_action.lower() == "opened":
if event_action is not None and event_action != "" and (
event_action.lower() == "opened" or event_action.lower() == 'synchronize'):
event_type = "diff"
else:
log.info(f"Pull Request Action {event_action} is not a supported type")
Expand Down
52 changes: 32 additions & 20 deletions socketsecurity/socketcli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,25 +163,34 @@


def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> None:
console_security_comment = Messages.create_console_security_alert_table(diff_report)
save_sbom_file(diff_report, sbom_file_name)
log.info(f"Socket Full Scan ID: {diff_report.id}")
if not report_pass(diff_report):
log.info("Security issues detected by Socket Security")
msg = f"\n{console_security_comment}"
log.info(msg)
if not blocking_disabled:
sys.exit(1)
else:
log.info("No New Security issues detected by Socket Security")
if diff_report.id != "NO_DIFF_RAN":
console_security_comment = Messages.create_console_security_alert_table(diff_report)
save_sbom_file(diff_report, sbom_file_name)
log.info(f"Socket Full Scan ID: {diff_report.id}")
if len(diff_report.new_alerts) > 0:
log.info("Security issues detected by Socket Security")
msg = f"\n{console_security_comment}"
log.info(msg)
if not report_pass(diff_report) and not blocking_disabled:
sys.exit(1)
else:
# Means only warning alerts with no blocked
if not blocking_disabled:
sys.exit(5)
else:
log.info("No New Security issues detected by Socket Security")


def output_console_json(diff_report: Diff, sbom_file_name: str = None) -> None:
console_security_comment = Messages.create_security_comment_json(diff_report)
save_sbom_file(diff_report, sbom_file_name)
print(json.dumps(console_security_comment))
if not report_pass(diff_report) and not blocking_disabled:
sys.exit(1)
if diff_report.id != "NO_DIFF_RAN":
console_security_comment = Messages.create_security_comment_json(diff_report)
save_sbom_file(diff_report, sbom_file_name)
print(json.dumps(console_security_comment))
if not report_pass(diff_report) and not blocking_disabled:
sys.exit(1)
elif len(diff_report.new_alerts) > 0 and not blocking_disabled:
# Means only warning alerts with no blocked
sys.exit(5)


def report_pass(diff_report: Diff) -> bool:
Expand Down Expand Up @@ -299,11 +308,12 @@ def main_code():
default_branch = scm.is_default_branch

base_api_url = os.getenv("BASE_API_URL") or None
core = Core(token=api_token, request_timeout=1200, base_api_url=base_api_url)
core = Core(token=api_token, request_timeout=1200, base_api_url=base_api_url, allow_unverified=allow_unverified)
no_change = True
if ignore_commit_files:
no_change = False
elif is_repo and files is not None and len(files) > 0:
log.info(files)
no_change = core.match_supported_files(files)

set_as_pending_head = False
Expand All @@ -319,7 +329,8 @@ def main_code():
make_default_branch=default_branch,
set_as_pending_head=set_as_pending_head
)
diff = None
diff = Diff()
diff.id = "NO_DIFF_RAN"
if scm is not None and scm.check_event_type() == "comment":
log.info("Comment initiated flow")
log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
Expand All @@ -329,10 +340,11 @@ def main_code():
elif scm is not None and scm.check_event_type() != "comment":
log.info("Push initiated flow")
diff: Diff
diff = core.create_new_diff(target_path, params, workspace=target_path, no_change=no_change)
if no_change:
log.info("No dependency changes")
log.info("No manifest files changes, skipping scan")
# log.info("No dependency changes")
elif scm.check_event_type() == "diff":
diff = core.create_new_diff(target_path, params, workspace=target_path, no_change=no_change)
log.info("Starting comment logic for PR/MR event")
log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
comments = scm.get_comments_for_pr(repo, str(pr_number))
Expand Down