From a9b53b4a59c7c64267fe6b0275fd31ccb59b8838 Mon Sep 17 00:00:00 2001 From: Eric Hibbs Date: Thu, 6 Mar 2025 11:59:32 -0800 Subject: [PATCH 1/3] updated file behavior docs and skipping dirs in file search --- README.md | 15 +++++---------- socketsecurity/core/__init__.py | 4 +++- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 017544c..3e51330 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,10 @@ The Socket Security CLI was created to enable integrations with other tools like ## Usage ```` shell -socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH] - [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA] - [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head] - [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue] +socketcli [-h] [--api-token API_TOKEN] [--repo REPO] [--integration {api,github,gitlab}] [--owner OWNER] [--branch BRANCH] + [--committers [COMMITTERS ...]] [--pr-number PR_NUMBER] [--commit-message COMMIT_MESSAGE] [--commit-sha COMMIT_SHA] + [--target-path TARGET_PATH] [--sbom-file SBOM_FILE] [--files FILES] [--default-branch] [--pending-head] + [--generate-license] [--enable-debug] [--enable-json] [--enable-sarif] [--disable-overview] [--disable-security-issue] [--allow-unverified] [--ignore-commit-files] [--disable-blocking] [--scm SCM] [--timeout TIMEOUT] [--exclude-license-details] ```` @@ -77,7 +77,7 @@ If you don't want to provide the Socket API Token every time then you can use th ## Development -This project uses `pyproject.toml` as the primary dependency specification. +This project uses `pyproject.toml` as the primary dependency specification. ### Development Workflows @@ -132,8 +132,3 @@ Implementation targets: ### Environment Variables - `SOCKET_SDK_PATH`: Path to local socket-sdk-python repository (default: ../socket-sdk-python) - -### Running tests: - -#### Run all tests: -``` \ No newline at end of file diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py index 4ea9312..10548f5 100644 --- a/socketsecurity/core/__init__.py +++ b/socketsecurity/core/__init__.py @@ -1,4 +1,5 @@ import logging +import os import sys import time from dataclasses import asdict @@ -146,7 +147,8 @@ def find_files(path: str) -> List[str]: glob_start = time.time() glob_files = glob(file_path, recursive=True) for glob_file in glob_files: - if glob_file not in files: + # Only add if it's a file, not a directory + if glob_file not in files and os.path.isfile(glob_file): files.add(glob_file) glob_end = time.time() glob_total_time = glob_end - glob_start From 81284ceb518c3f2976928addfddd94d2e246771d Mon Sep 17 00:00:00 2001 From: Eric Hibbs Date: Thu, 6 Mar 2025 12:02:25 -0800 Subject: [PATCH 2/3] bumped version --- socketsecurity/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index 27b5366..121b7fc 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,2 +1,2 @@ __author__ = 'socket.dev' -__version__ = '2.0.8' +__version__ = '2.0.9' From 8dd66276f06c3a7510c18db055aa1acfaec1b618 Mon Sep 17 00:00:00 2001 From: Eric Hibbs Date: Thu, 6 Mar 2025 12:04:39 -0800 Subject: [PATCH 3/3] actually committing doc changes --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 3e51330..0521ca5 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,27 @@ If you don't want to provide the Socket API Token every time then you can use th | --scm | False | api | Source control management type | | --timeout | False | | Timeout in seconds for API requests | +## File Selection Behavior + +The CLI determines which files to scan based on the following logic: + +1. **Git Commit Files**: By default, the CLI checks files changed in the current git commit first. If any of these files match supported manifest patterns (like package.json, requirements.txt, etc.), a scan is triggered. + +2. **`--files` Parameter**: If no git commit exists, or no manifest files are found in the commit changes, the CLI checks files specified via the `--files` parameter. This parameter accepts a JSON array of file paths. + +3. **`--ignore-commit-files`**: When this flag is set, git commit files are ignored completely, and only files specified in `--files` are considered. This also forces a scan regardless of whether manifest files are present. + +4. **No Manifest Files**: If no manifest files are found in either git commit changes or `--files` (and `--ignore-commit-files` is not set), the scan is skipped. + +> **Note**: The CLI does not scan only the specified files - it uses them to determine whether a scan should be performed. When a scan is triggered, it searches the entire `--target-path` for all supported manifest files. + +### Examples + +- **Commit with manifest file**: If your commit includes changes to `package.json`, a scan will be triggered automatically. +- **Commit without manifest files**: If your commit only changes non-manifest files (like `.github/workflows/socket.yaml`), no scan will be performed unless you use `--files` or `--ignore-commit-files`. +- **Using `--files`**: If you specify `--files '["package.json"]'`, the CLI will check if this file exists and is a manifest file before triggering a scan. +- **Using `--ignore-commit-files`**: This forces a scan of all manifest files in the target path, regardless of what's in your commit. + ## Development This project uses `pyproject.toml` as the primary dependency specification.