Doug/fix skip logic (#95)

* Add guardrail in case manifest file does not exist

* Fixed if logic for generate license

Author: dacoburn

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.1.14"
+version = "2.1.16"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [

requirements-dev.txt

@@ -0,0 +1,73 @@
+# generated by rye
+# use `rye lock` or `rye sync` to update this lockfile
+#
+# last locked with the following flags:
+#   pre: false
+#   features: ["test"]
+#   all-features: false
+#   with-sources: false
+#   generate-hashes: false
+#   universal: false
+
+hatchling==1.27.0
+hatch==1.14.0
+argparse==1.4.0
+    # via socketsecurity
+certifi==2024.12.14
+    # via requests
+charset-normalizer==3.4.1
+    # via requests
+colorama==0.4.6
+    # via pytest-watch
+coverage==7.6.10
+    # via pytest-cov
+docopt==0.6.2
+    # via pytest-watch
+gitdb==4.0.12
+    # via gitpython
+gitpython==3.1.44
+    # via socketsecurity
+idna==3.10
+    # via requests
+iniconfig==2.0.0
+    # via pytest
+mdutils==1.6.0
+    # via socketsecurity
+packaging==24.2
+    # via pytest
+    # via socketsecurity
+pluggy==1.5.0
+    # via pytest
+prettytable==3.12.0
+    # via socketsecurity
+pytest==8.3.4
+    # via pytest-asyncio
+    # via pytest-cov
+    # via pytest-mock
+    # via pytest-watch
+    # via socketsecurity
+pytest-asyncio==0.25.1
+    # via socketsecurity
+pytest-cov==6.0.0
+    # via socketsecurity
+pytest-mock==3.14.0
+    # via socketsecurity
+pytest-watch==4.2.0
+    # via socketsecurity
+python-dotenv==1.0.1
+    # via socketsecurity
+requests==2.32.3
+    # via socket-sdk-python
+    # via socketsecurity
+smmap==5.0.2
+    # via gitdb
+socket-sdk-python==2.0.15
+    # via socketsecurity
+typing-extensions==4.12.2
+    # via socket-sdk-python
+urllib3==2.3.0
+    # via requests
+watchdog==6.0.0
+    # via pytest-watch
+wcwidth==0.2.13
+    # via prettytable

requirements.txt

@@ -0,0 +1,71 @@
+# generated by rye
+# use `rye lock` or `rye sync` to update this lockfile
+#
+# last locked with the following flags:
+#   pre: false
+#   features: ["test"]
+#   all-features: false
+#   with-sources: false
+#   generate-hashes: false
+#   universal: false
+
+argparse==1.4.0
+    # via socketsecurity
+certifi==2024.12.14
+    # via requests
+charset-normalizer==3.4.1
+    # via requests
+colorama==0.4.6
+    # via pytest-watch
+coverage==7.6.10
+    # via pytest-cov
+docopt==0.6.2
+    # via pytest-watch
+gitdb==4.0.12
+    # via gitpython
+gitpython==3.1.44
+    # via socketsecurity
+idna==3.10
+    # via requests
+iniconfig==2.0.0
+    # via pytest
+mdutils==1.6.0
+    # via socketsecurity
+packaging==24.2
+    # via pytest
+    # via socketsecurity
+pluggy==1.5.0
+    # via pytest
+prettytable==3.12.0
+    # via socketsecurity
+pytest==8.3.4
+    # via pytest-asyncio
+    # via pytest-cov
+    # via pytest-mock
+    # via pytest-watch
+    # via socketsecurity
+pytest-asyncio==0.25.1
+    # via socketsecurity
+pytest-cov==6.0.0
+    # via socketsecurity
+pytest-mock==3.14.0
+    # via socketsecurity
+pytest-watch==4.2.0
+    # via socketsecurity
+python-dotenv==1.0.1
+    # via socketsecurity
+requests==2.32.3
+    # via socket-sdk-python
+    # via socketsecurity
+smmap==5.0.2
+    # via gitdb
+socket-sdk-python==2.0.15
+    # via socketsecurity
+typing-extensions==4.12.2
+    # via socket-sdk-python
+urllib3==2.3.0
+    # via requests
+watchdog==6.0.0
+    # via pytest-watch
+wcwidth==0.2.13
+    # via prettytable

socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '2.1.14'
+__version__ = '2.1.16'

socketsecurity/config.py

@@ -42,7 +42,7 @@ class CliConfig:
     enable_sarif: bool = False
     disable_overview: bool = False
     disable_security_issue: bool = False
-    files: str = "[]"
+    files: str = None
     ignore_commit_files: bool = False
     disable_blocking: bool = False
     integration_type: IntegrationType = "api"

socketsecurity/core/__init__.py

@@ -860,9 +860,10 @@ def get_source_data(package: Package, packages: dict) -> list:
             manifests = ""
             if not hasattr(package, "manifestFiles"):
                 return introduced_by
-            for manifest_data in package.manifestFiles:
-                manifest_file = manifest_data.get("file")
-                manifests += f"{manifest_file};"
+            if hasattr(package, "manifestFiles"):
+                for manifest_data in package.manifestFiles:
+                    manifest_file = manifest_data.get("file")
+                    manifests += f"{manifest_file};"
             manifests = manifests.rstrip(";")
             source = ("direct", manifests)
             introduced_by.append(source)

socketsecurity/socketcli.py

@@ -130,7 +130,7 @@ def main_code():
     files_to_check = set(json.loads(config.files))  # Start with manually specified files
 
     # Add git changes if this is a repo and we're not ignoring commit files
-    if is_repo and not config.ignore_commit_files:
+    if is_repo and not config.ignore_commit_files and not files_to_check:
         files_to_check.update(git_repo.changed_files)
 
     # Determine if we need to scan based on manifest files
@@ -260,7 +260,7 @@ def main_code():
         output_handler.handle_output(diff)
 
         # Handle license generation
-    if diff is not None and diff.id != "no_diff_id" and config.generate_license:
+    if not should_skip_scan and diff.id != "no_diff_id" and config.generate_license:
         all_packages = {}
         for purl in diff.packages:
             package = diff.packages[purl]