Doug/fix gitlab issues (#7)

* Added support to pull information from the .git folder

* Fixed the logic for detecting changed manifest files

* Updating requests version

* Added pip lock file

* New version for build

* Updated required dependencies and CLI version

* Updated build script and added fix for detached branch

* Moved start message to earlier

* Add case to handle detached head for gitlab

* Update version for build

* Updated build script to bypass building pypi artifacts on demand

Author: dacoburn

Dockerfile

@@ -1,6 +1,8 @@
 FROM python:3-alpine
 LABEL org.opencontainers.image.authors="socket.dev"
-
+ARG CLI_VERSION
 RUN apk update \
     && apk add --no-cache git nodejs npm yarn
-RUN pip install socketsecurity --upgrade
+RUN pip install socketsecurity --upgrade \
+    && socketcli -v \
+    && socketcli -v | grep -q $CLI_VERSION

Pipfile

@@ -0,0 +1,16 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+requests = ">=2.32.0"
+mdutils = "~=1.6.0"
+prettytable = "*"
+argparse = "*"
+gitpython = "*"
+
+[dev-packages]
+
+[requires]
+python_version = "3.12"

Pipfile.lock

@@ -10,7 +10,8 @@ dependencies = [
     'requests',
     'mdutils',
     'prettytable',
-    'argparse'
+    'argparse',
+    'GitPython'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"

pyproject.toml

@@ -1,4 +1,5 @@
-requests~=2.31.0
+requests>=2.32.0
 mdutils~=1.6.0
 prettytable
-argparse
+argparse
+gitpython>=3.1.43

requirements.txt

@@ -0,0 +1,14 @@
+#!/bin/sh
+VERSION=$(grep -o "__version__.*" socketsecurity/__init__.py | awk '{print $3}' | tr -d "'")
+BYPASS_PYPI_BUILD=$1
+echo $VERSION
+
+if [ -z $BYPASS_PYPI_BUILD ] || [ $BYPASS_PYPI_BUILD -eq 0 ]; then
+  python -m build --wheel --sdist
+  twine upload dist/*$VERSION*
+  sleep 180
+fi
+docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:$VERSION . \
+&& docker build --no-cache --build-arg CLI_VERSION=$VERSION --platform linux/amd64,linux/arm64 -t socketdev/cli:latest . \
+&& docker push socketdev/cli:$VERSION \
+&& docker push socketdev/cli:latest

scripts/build_container.sh

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '0.0.80'
+__version__ = '0.0.86'

socketsecurity/__init__.py

@@ -22,6 +22,7 @@
 )
 import platform
 from glob import glob
+import fnmatch
 import time
 
 __all__ = [
@@ -306,25 +307,15 @@ def create_sbom_output(diff: Diff) -> list:
         return sbom
 
     @staticmethod
-    def find_files(path: str) -> list:
+    def find_files(path: str, new_files: list = None) -> list:
         """
         Globs the path for supported manifest files.
         Note: Might move the source to a JSON file
         :param path: Str - path to where the manifest files are located
+        :param new_files:
         :return:
         """
         socket_globs = {
-            "general": {
-                "readme": {
-                    "pattern": "*readme*"
-                },
-                "notice": {
-                    "pattern": "*notice*"
-                },
-                "license": {
-                    "pattern": "{licen{s,c}e{,-*},copying}"
-                }
-            },
             "npm": {
                 "package.json": {
                     "pattern": "package.json"
@@ -399,6 +390,12 @@ def find_files(path: str) -> list:
                 file_path = f"{path}/**/{pattern}"
                 files = glob(file_path, recursive=True)
                 for file in files:
+                    if "/" in file:
+                        _, base_name = file.rsplit("/", 1)
+                    else:
+                        base_name = file
+                    if new_files is not None and base_name not in new_files:
+                        continue
                     if platform.system() == "Windows":
                         file = file.replace("\\", "/")
                     found_path, file_name = file.rsplit("/", 1)
@@ -478,7 +475,7 @@ def get_full_scan(full_scan_id: str) -> FullScan:
         return full_scan
 
     @staticmethod
-    def create_new_diff(path: str, params: FullScanParams, workspace: str) -> Diff:
+    def create_new_diff(path: str, params: FullScanParams, workspace: str, new_files: list = None) -> Diff:
         """
         1. Get the head full scan. If it isn't present because this repo doesn't exist yet return an Empty full scan.
         2. Create a new Full scan for the current run
@@ -487,9 +484,10 @@ def create_new_diff(path: str, params: FullScanParams, workspace: str) -> Diff:
         :param path: Str - path of where to look for manifest files for the new Full Scan
         :param params: FullScanParams - Query params for the Full Scan endpoint
         :param workspace: str - Path for workspace
+        :param new_files:
         :return:
         """
-        files = Core.find_files(path)
+        files = Core.find_files(path, new_files)
         try:
             head_full_scan_id = Core.get_head_scan_for_repo(params.repo)
             if head_full_scan_id is None or head_full_scan_id == "":

socketsecurity/core/__init__.py

@@ -13,7 +13,7 @@
     "Repository",
     "Diff",
     "Purl",
-    "GithubComment"
+    "Comment"
 ]
 
 
@@ -423,3 +423,17 @@ def __init__(self, **kwargs):
     def __str__(self):
         return json.dumps(self.__dict__)
 
+class Comment:
+    id: int
+    body: str
+    body_list: list
+
+    def __init__(self, **kwargs):
+        if kwargs:
+            for key, value in kwargs.items():
+                setattr(self, key, value)
+        if not hasattr(self, "body_list"):
+            self.body_list = []
+
+    def __str__(self):
+        return json.dumps(self.__dict__)