Skip to content

Commit 0980358

Browse files
dacoburndacoburn
authored
Doug/fix git commit files (#20)
* Added fix for files find via commit * Fix for slow scan times for large mono repos and fix for too long dependency overview
1 parent b96d25c commit 0980358

File tree

7 files changed

+89
-62
lines changed

7 files changed

+89
-62
lines changed

README.md

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -14,27 +14,27 @@ socketcli [-h] [--api_token API_TOKEN] [--repo REPO] [--branch BRANCH] [--commit
1414
If you don't want to provide the Socket API Token every time then you can use the environment variable `SOCKET_SECURITY_API_KEY`
1515

1616

17-
| Parameter | Alternate Name | Required | Default | Description |
18-
|:-------------------------|:---------------|:---------|:--------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------|
19-
| -h | --help | False | | Show the CLI help message |
20-
| --api_token | | False | | Provides the Socket API Token |
21-
| --repo | | True | | The string name in a git approved name for repositories. |
22-
| --branch | | False | | The string name in a git approved name for branches. |
23-
| --committer | | False | | The string name of the person doing the commit or running the CLI. Can be specified multiple times to have more than one committer |
24-
| --pr_number | | False | 0 | The integer for the PR or MR number |
25-
| --commit_message | | False | | The string for a commit message if there is one |
26-
| --default_branch | | False | False | If the flag is specified this will signal that this is the default branch. This needs to be enabled for a report to update Org Alerts and Org Dependencies |
27-
| --target_path | | False | ./ | This is the path to where the manifest files are location. The tool will recursively search for all supported manifest files |
28-
| --scm | | False | api | This is the mode that the tool is to run in. For local runs `api` would be the mode. Other options are `gitlab` and `github` |
29-
| --generate-license | | False | False | If this flag is specified it will generate a json file with the license per package and license text in the current working directory |
30-
| --version | -v | False | | Prints the version and exits |
31-
| --enable-debug | | False | False | Enables debug messaging for the CLI |
32-
| --sbom-file | | False | False | Creates a JSON file with all dependencies and alerts |
33-
| --commit-sha | | False | | The commit hash for the commit |
34-
| --generate-license | | False | False | If enabled with `--sbom-file` will include license details |
35-
| --enable-json | | False | False | If enabled will change the console output format to JSON |
36-
| --disable-overview | | False | False | If enabled will disable Dependency Overview comments |
37-
| --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
38-
| --files | | False | | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path |
39-
| --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
40-
| --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |
17+
| Parameter | Alternate Name | Required | Default | Description |
18+
|:-------------------------|:---------------|:---------|:--------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
19+
| -h | --help | False | | Show the CLI help message |
20+
| --api_token | | False | | Provides the Socket API Token |
21+
| --repo | | True | | The string name in a git approved name for repositories. |
22+
| --branch | | False | | The string name in a git approved name for branches. |
23+
| --committer | | False | | The string name of the person doing the commit or running the CLI. Can be specified multiple times to have more than one committer |
24+
| --pr_number | | False | 0 | The integer for the PR or MR number |
25+
| --commit_message | | False | | The string for a commit message if there is one |
26+
| --default_branch | | False | False | If the flag is specified this will signal that this is the default branch. This needs to be enabled for a report to update Org Alerts and Org Dependencies |
27+
| --target_path | | False | ./ | This is the path to where the manifest files are location. The tool will recursively search for all supported manifest files |
28+
| --scm | | False | api | This is the mode that the tool is to run in. For local runs `api` would be the mode. Other options are `gitlab` and `github` |
29+
| --generate-license | | False | False | If this flag is specified it will generate a json file with the license per package and license text in the current working directory |
30+
| --version | -v | False | | Prints the version and exits |
31+
| --enable-debug | | False | False | Enables debug messaging for the CLI |
32+
| --sbom-file | | False | False | Creates a JSON file with all dependencies and alerts |
33+
| --commit-sha | | False | | The commit hash for the commit |
34+
| --generate-license | | False | False | If enabled with `--sbom-file` will include license details |
35+
| --enable-json | | False | False | If enabled will change the console output format to JSON |
36+
| --disable-overview | | False | False | If enabled will disable Dependency Overview comments |
37+
| --disable-security-issue | | False | False | If enabled will disable Security Issue Comments |
38+
| --files | | False | | If provided in the format of `["file1", "file2"]` will be used to determine if there have been supported file changes. This is used if it isn't a git repo and you would like to only run if it supported files have changed. |
39+
| --ignore-commit-files | | False | False | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files |
40+
| --disable-blocking | | False | False | Disables failing checks and will only exit with an exit code of 0 |

scripts/build_container.sh

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -11,17 +11,26 @@ if [ -z $ENABLE_PYPI_BUILD ] || [ -z $STABLE_VERSION ]; then
1111
fi
1212

1313
if [ $ENABLE_PYPI_BUILD = "pypi-build=enable" ]; then
14+
echo "Doing production build"
1415
python -m build --wheel --sdist
1516
twine upload dist/*$VERSION*
1617
sleep 240
18+
docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION . \
19+
&& docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:latest . \
20+
&& docker push socketdev/cli:$VERSION \
21+
&& docker push socketdev/cli:latest
22+
if [ $STABLE_VERSION = "stable=true" ]; then
23+
docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:stable . \
24+
&& docker push socketdev/cli:stable
25+
fi
26+
else
27+
echo "Doing test build"
28+
python -m build --wheel --sdist
29+
twine upload --repository testpypi dist/*$VERSION*
30+
# sleep 240
31+
# docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION . \
32+
# && docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:latest . \
33+
# && docker push socketdev/cli:$VERSION-test \
34+
# && docker push socketdev/cli:test
1735
fi
1836

19-
docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION . \
20-
&& docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:latest . \
21-
&& docker push socketdev/cli:$VERSION \
22-
&& docker push socketdev/cli:latest
23-
24-
if [ $STABLE_VERSION = "stable=true" ]; then
25-
docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:stable . \
26-
&& docker push socketdev/cli:stable
27-
fi

socketsecurity/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
__author__ = 'socket.dev'
2-
__version__ = '1.0.18'
2+
__version__ = '1.0.22'

socketsecurity/core/__init__.py

Lines changed: 28 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -375,8 +375,9 @@ def create_sbom_output(diff: Diff) -> dict:
375375
return sbom
376376

377377
@staticmethod
378-
def match_supported_files(path: str, files: list) -> list:
379-
matched = []
378+
def match_supported_files(files: list) -> bool:
379+
matched_files = []
380+
not_matched = False
380381
for ecosystem in socket_globs:
381382
patterns = socket_globs[ecosystem]
382383
for file_name in patterns:
@@ -386,42 +387,39 @@ def match_supported_files(path: str, files: list) -> list:
386387
if "\\" in file:
387388
file = file.replace("\\", "/")
388389
if PurePath(file).match(pattern):
389-
matched.append(file)
390-
return matched
390+
matched_files.append(file)
391+
if len(matched_files) == 0:
392+
not_matched = True
393+
return not_matched
391394

392395
@staticmethod
393-
def find_files(path: str, files: list = None) -> list:
396+
def find_files(path: str) -> list:
394397
"""
395398
Globs the path for supported manifest files.
396399
Note: Might move the source to a JSON file
397400
:param path: Str - path to where the manifest files are located
398401
:param files: override finding the manifest files using the glob matcher
399402
:return:
400403
"""
401-
files_provided = False
402404
log.debug("Starting Find Files")
403405
start_time = time.time()
404-
if files is not None and len(files) > 0:
405-
files_provided = True
406+
files = []
406407
for ecosystem in socket_globs:
407-
if files is None:
408-
files = []
409408
patterns = socket_globs[ecosystem]
410409
for file_name in patterns:
411410
pattern = patterns[file_name]["pattern"]
412411
file_path = f"{path}/**/{pattern}"
413412

414-
if not files_provided:
415-
log.debug(f"Globbing {file_path}")
416-
glob_start = time.time()
417-
test = glob(file_path, recursive=True)
418-
files = files + test
419-
glob_end = time.time()
420-
glob_total_time = glob_end - glob_start
421-
log.debug(f"Glob for pattern {file_path} took {glob_total_time:.2f} seconds")
422-
else:
423-
log.debug("Files found from commit")
424-
files = Core.match_supported_files(path, files)
413+
log.debug(f"Globbing {file_path}")
414+
glob_start = time.time()
415+
glob_files = glob(file_path, recursive=True)
416+
for glob_file in glob_files:
417+
if glob_file not in files:
418+
files.append(glob_file)
419+
glob_end = time.time()
420+
glob_total_time = glob_end - glob_start
421+
log.debug(f"Glob for pattern {file_path} took {glob_total_time:.2f} seconds")
422+
425423
log.debug("Finished Find Files")
426424
end_time = time.time()
427425
total_time = end_time - start_time
@@ -516,7 +514,6 @@ def create_new_diff(
516514
path: str,
517515
params: FullScanParams,
518516
workspace: str,
519-
new_files: list = None,
520517
no_change: bool = False
521518
) -> Diff:
522519
"""
@@ -527,15 +524,14 @@ def create_new_diff(
527524
:param path: Str - path of where to look for manifest files for the new Full Scan
528525
:param params: FullScanParams - Query params for the Full Scan endpoint
529526
:param workspace: str - Path for workspace
530-
:param new_files:
531527
:param no_change:
532528
:return:
533529
"""
534530
if no_change:
535531
diff = Diff()
536532
diff.id = "no_diff_id"
537533
return diff
538-
files = Core.find_files(path, new_files)
534+
files = Core.find_files(path)
539535
if files is None or len(files) == 0:
540536
diff = Diff()
541537
diff.id = "no_diff_id"
@@ -551,6 +547,7 @@ def create_new_diff(
551547
total_head_time = head_end - head_start
552548
log.info(f"Total time to get head full-scan {total_head_time: .2f}")
553549
except APIResourceNotFound:
550+
head_full_scan_id = None
554551
head_full_scan = []
555552
new_scan_start = time.time()
556553
new_full_scan = Core.create_full_scan(files, params, workspace)
@@ -560,7 +557,14 @@ def create_new_diff(
560557
log.info(f"Total time to get new full-scan {total_new_time: .2f}")
561558
diff_report = Core.compare_sboms(new_full_scan.sbom_artifacts, head_full_scan)
562559
diff_report.packages = new_full_scan.packages
560+
# Set the diff ID and URLs
561+
base_socket = "https://socket.dev/dashboard/org"
563562
diff_report.id = new_full_scan.id
563+
diff_report.report_url = f"{base_socket}/{org_slug}/sbom/{diff_report.id}"
564+
if head_full_scan_id is not None:
565+
diff_report.diff_url = f"{base_socket}/{org_slug}/diff/{diff_report.id}/{head_full_scan_id}"
566+
else:
567+
diff_report.diff_url = diff_report.report_url
564568
return diff_report
565569

566570
@staticmethod

socketsecurity/core/classes.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -312,6 +312,8 @@ class Diff:
312312
id: str
313313
sbom: str
314314
packages: dict
315+
report_url: str
316+
diff_url: str
315317

316318
def __init__(self, **kwargs):
317319
if kwargs:

0 commit comments

Comments
 (0)