From 0edac82b8bb24f380813b61060774476153a0970 Mon Sep 17 00:00:00 2001 From: Douglas Coburn Date: Mon, 31 Mar 2025 21:00:19 -0700 Subject: [PATCH] Version bump --- README.md | 85 ++++++++++++++-------------- pyproject.toml | 2 +- socketsecurity/__init__.py | 2 +- socketsecurity/config.py | 10 +++- socketsecurity/core/__init__.py | 10 +++- socketsecurity/core/socket_config.py | 13 ++++- 6 files changed, 74 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index 0521ca5..d03b812 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Socket Security CLI -The Socket Security CLI was created to enable integrations with other tools like Github Actions, Gitlab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code. +The Socket Security CLI was created to enable integrations with other tools like GitHub Actions, Gitlab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code. ## Usage @@ -18,62 +18,63 @@ If you don't want to provide the Socket API Token every time then you can use th ### Parameters #### Authentication -| Parameter | Required | Default | Description | -|:-------------|:---------|:--------|:--------------------------------------------------------------------------------------| -| --api-token | False | | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var) | +| Parameter | Required | Default | Description | +|:------------|:---------|:--------|:--------------------------------------------------------------------------------| +| --api-token | False | | Socket Security API token (can also be set via SOCKET_SECURITY_API_KEY env var) | #### Repository -| Parameter | Required | Default | Description | -|:-------------|:---------|:--------|:-------------------------------------------------------------------------| -| --repo | False | | Repository name in owner/repo format | -| --integration| False | api | Integration type (api, github, gitlab) | -| --owner | False | | Name of the integration owner, defaults to the socket organization slug | -| --branch | False | "" | Branch name | -| --committers | False | | Committer(s) to filter by | +| Parameter | Required | Default | Description | +|:--------------|:---------|:--------|:------------------------------------------------------------------------| +| --repo | False | | Repository name in owner/repo format | +| --integration | False | api | Integration type (api, github, gitlab) | +| --owner | False | | Name of the integration owner, defaults to the socket organization slug | +| --branch | False | "" | Branch name | +| --committers | False | | Committer(s) to filter by | #### Pull Request and Commit -| Parameter | Required | Default | Description | -|:----------------|:---------|:--------|:-------------------| -| --pr-number | False | "0" | Pull request number| -| --commit-message| False | | Commit message | -| --commit-sha | False | "" | Commit SHA | +| Parameter | Required | Default | Description | +|:-----------------|:---------|:--------|:--------------------| +| --pr-number | False | "0" | Pull request number | +| --commit-message | False | | Commit message | +| --commit-sha | False | "" | Commit SHA | #### Path and File -| Parameter | Required | Default | Description | -|:-------------|:---------|:--------|:-------------------------------------------| -| --target-path| False | ./ | Target path for analysis | -| --sbom-file | False | | SBOM file path | -| --files | False | [] | Files to analyze (JSON array string) | +| Parameter | Required | Default | Description | +|:--------------|:---------|:--------|:-------------------------------------| +| --target-path | False | ./ | Target path for analysis | +| --sbom-file | False | | SBOM file path | +| --files | False | [] | Files to analyze (JSON array string) | #### Branch and Scan Configuration -| Parameter | Required | Default | Description | -|:---------------|:---------|:--------|:----------------------------------------------------------| -| --default-branch| False | False | Make this branch the default branch | -| --pending-head | False | False | If true, the new scan will be set as the branch's head scan| +| Parameter | Required | Default | Description | +|:-----------------|:---------|:--------|:------------------------------------------------------------| +| --default-branch | False | False | Make this branch the default branch | +| --pending-head | False | False | If true, the new scan will be set as the branch's head scan | #### Output Configuration -| Parameter | Required | Default | Description | -|:----------------------|:---------|:--------|:---------------------------------------------------------------| -| --generate-license | False | False | Generate license information | -| --enable-debug | False | False | Enable debug logging | -| --enable-json | False | False | Output in JSON format | -| --enable-sarif | False | False | Enable SARIF output of results instead of table or JSON format| -| --disable-overview | False | False | Disable overview output | +| Parameter | Required | Default | Description | +|:--------------------------|:---------|:--------|:----------------------------------------------------------------------------------| +| --generate-license | False | False | Generate license information | +| --enable-debug | False | False | Enable debug logging | +| --enable-json | False | False | Output in JSON format | +| --enable-sarif | False | False | Enable SARIF output of results instead of table or JSON format | +| --disable-overview | False | False | Disable overview output | | --exclude-license-details | False | False | Exclude license details from the diff report (boosts performance for large repos) | #### Security Configuration -| Parameter | Required | Default | Description | -|:-----------------------|:---------|:--------|:-------------------------------| -| --allow-unverified | False | False | Allow unverified packages | -| --disable-security-issue| False | False | Disable security issue checks | +| Parameter | Required | Default | Description | +|:-------------------------|:---------|:--------|:------------------------------| +| --allow-unverified | False | False | Allow unverified packages | +| --disable-security-issue | False | False | Disable security issue checks | #### Advanced Configuration -| Parameter | Required | Default | Description | -|:-------------------|:---------|:--------|:-----------------------------------------------| -| --ignore-commit-files| False | False | Ignore commit files | -| --disable-blocking | False | False | Disable blocking mode | -| --scm | False | api | Source control management type | -| --timeout | False | | Timeout in seconds for API requests | +| Parameter | Required | Default | Description | +|:-------------------------|:---------|:--------|:----------------------------------------------------------------------| +| --ignore-commit-files | False | False | Ignore commit files | +| --disable-blocking | False | False | Disable blocking mode | +| --scm | False | api | Source control management type | +| --timeout | False | | Timeout in seconds for API requests | +| --include-module-folders | False | False | If enabled will include manifest files from folders like node_modules | ## File Selection Behavior diff --git a/pyproject.toml b/pyproject.toml index e720e60..ef2a2d2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "hatchling.build" [project] name = "socketsecurity" -version = "2.0.32" +version = "2.0.33" requires-python = ">= 3.10" license = {"file" = "LICENSE"} dependencies = [ diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index f77c81f..948d0ca 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,3 +1,3 @@ __author__ = 'socket.dev' -__version__ = '2.0.32' +__version__ = '2.0.33' diff --git a/socketsecurity/config.py b/socketsecurity/config.py index f46a6aa..788c572 100644 --- a/socketsecurity/config.py +++ b/socketsecurity/config.py @@ -34,6 +34,7 @@ class CliConfig: pending_head: bool = False timeout: Optional[int] = 1200 exclude_license_details: bool = False + include_module_folders: bool = False @classmethod def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig': parser = create_argument_parser() @@ -73,6 +74,7 @@ def from_args(cls, args_list: Optional[List[str]] = None) -> 'CliConfig': 'pending_head': args.pending_head, 'timeout': args.timeout, 'exclude_license_details': args.exclude_license_details, + 'include_module_folders': args.include_module_folders, } if args.owner: @@ -234,7 +236,6 @@ def create_argument_parser() -> argparse.ArgumentParser: action="store_true", help=argparse.SUPPRESS ) - # Output Configuration output_group = parser.add_argument_group('Output Configuration') output_group.add_argument( @@ -351,5 +352,12 @@ def create_argument_parser() -> argparse.ArgumentParser: help="Timeout in seconds for API requests", required=False ) + config_group.add_argument( + "--include-module-folders", + dest="include_module_folders", + action="store_true", + default=False, + help="Enabling including module folders like node_modules" + ) return parser \ No newline at end of file diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py index 7fc4c80..d6d9805 100644 --- a/socketsecurity/core/__init__.py +++ b/socketsecurity/core/__init__.py @@ -146,6 +146,14 @@ def expand_brace_pattern(pattern: str) -> List[str]: return expanded_patterns + @staticmethod + def is_excluded(file_path: str, excluded_dirs: Set[str]) -> bool: + parts = os.path.normpath(file_path).split(os.sep) + for part in parts: + if part in excluded_dirs: + return True + return False + def find_files(self, path: str) -> List[str]: """ Finds supported manifest files in the given path. @@ -186,7 +194,7 @@ def find_files(self, path: str) -> List[str]: glob_files = glob(file_path, recursive=True) for glob_file in glob_files: - if os.path.isfile(glob_file): + if os.path.isfile(glob_file) and not Core.is_excluded(glob_file, self.config.excluded_dirs): files.add(glob_file) glob_end = time.time() diff --git a/socketsecurity/core/socket_config.py b/socketsecurity/core/socket_config.py index 4c25542..f05a382 100644 --- a/socketsecurity/core/socket_config.py +++ b/socketsecurity/core/socket_config.py @@ -1,11 +1,19 @@ -from dataclasses import dataclass +from dataclasses import dataclass, field from typing import Dict, Optional from urllib.parse import urlparse +from typing import Set import os from socketsecurity.core.issues import AllIssues +default_exclude_dirs = { + "node_modules", "bower_components", "jspm_packages", # JS/TS + "__pycache__", ".venv", "venv", "build", "dist", # Python + ".tox", ".mypy_cache", ".pytest_cache", "*.egg-info", + "vendor" +} + @dataclass class SocketConfig: api_key: str @@ -18,6 +26,7 @@ class SocketConfig: repository_path: Optional[str] = None security_policy: Dict = None all_issues: Optional['AllIssues'] = None + excluded_dirs: Set[str] = field(default_factory=lambda: default_exclude_dirs) def __post_init__(self): """Validate configuration after initialization""" @@ -45,7 +54,7 @@ def _validate_api_url(url: str) -> None: parsed = urlparse(url) if not all([parsed.scheme, parsed.netloc]): raise ValueError("Invalid URL format") - if parsed.scheme != "https": + if parsed.scheme != "https" and os.getenv("RUN_ENVIRONMENT", 'prod') != "dev": raise ValueError("API URL must use HTTPS") except Exception as e: raise ValueError(f"Invalid API URL: {str(e)}")