Doug/fix GitHub reported issues (#6)

* Fixed the issue with the Dependencies Overview being empty

* Fixed invalid package purl links in comments. Centralized the source of truce to the Package class.

* Fixed the call to the new property name for package

* Added debug logging for do_request to track API errors

* Changed pyproject.toml to get dynamic module version from package. Moved version to root  for dyanmic support.

* Fixed stuck for loop due to logic error

* Build new version of cli for PyPi

* Fixed an issue for Gitlab and Github that would break removing alerts from the detected alerts comment

* Rev of new build version for Github/Gitlab comment fix

* Fix 'duplicate alerts' for security issues in comments. Although these are unique alerts it isn't obvious from the UI and will be obvious if the package link is followed

Author: dacoburn

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "socketsecurity"
-version = "0.0.77"
+dynamic = ["version"]
 requires-python = ">= 3.9"
 dependencies = [
     'requests',
@@ -40,4 +40,7 @@ Homepage = "https://socket.dev"
 include = [
     "socketsecurity",
     "socketsecurity.core"
-]
+]
+
+[tool.setuptools.dynamic]
+version = {attr = "socketsecurity.__version__"}

socketsecurity/__init__.py

@@ -1,4 +1,2 @@
-import socketsecurity.core
-
 __author__ = 'socket.dev'
-__version = socketsecurity.core.__version__
+__version__ = '0.0.80'

socketsecurity/core/__init__.py

@@ -6,6 +6,7 @@
 from socketsecurity.core.exceptions import (
     APIFailure, APIKeyMissing, APIAccessDenied, APIInsufficientQuota, APIResourceNotFound, APICloudflareError
 )
+from socketsecurity import __version__
 from socketsecurity.core.licenses import Licenses
 from socketsecurity.core.issues import AllIssues
 from socketsecurity.core.classes import (
@@ -23,9 +24,6 @@
 from glob import glob
 import time
 
-
-__author__ = 'socket.dev'
-__version__ = '0.0.77'
 __all__ = [
     "Core",
     "log",
@@ -93,6 +91,18 @@ def do_request(
         files=files,
         timeout=timeout
     )
+    output_headers = headers
+    output_headers['Authorization'] = "Basic API_KEY_REDACTED"
+    output = {
+        "url": url,
+        "headers": output_headers,
+        "status_code": response.status_code,
+        "body": response.text,
+        "payload": payload,
+        "files": files,
+        "timeout": timeout
+    }
+    log.debug(output)
     if response.status_code <= 399:
         return response
     elif response.status_code == 400:
@@ -672,7 +682,9 @@ def create_issue_alerts(package: Package, alerts: dict, packages: dict) -> dict:
                 title=title,
                 suggestion=suggestion,
                 next_step_title=next_step_title,
-                introduced_by=introduced_by
+                introduced_by=introduced_by,
+                purl=package.purl,
+                url=package.url
             )
             if issue_alert.key not in alerts:
                 alerts[issue_alert.key] = [issue_alert]
@@ -732,7 +744,9 @@ def create_purl(package_id: str, packages: dict) -> (Purl, Package):
             introduced_by=introduced_by,
             author=package.author or [],
             size=package.size,
-            transitives=package.transitives
+            transitives=package.transitives,
+            url=package.url,
+            purl=package.purl
         )
         return purl, package
 

socketsecurity/core/classes.py

@@ -86,6 +86,7 @@ class Package:
     transitives: int
     license: str
     license_text: str
+    purl: str
 
     def __init__(self, **kwargs):
         if kwargs:
@@ -122,6 +123,8 @@ def __init__(self, **kwargs):
             self.license = "NoLicenseFound"
         if not hasattr(self, "license_text"):
             self.license_text = ""
+        self.url = f"https://socket.dev/{self.type}/package/{self.name}/overview/{self.version}"
+        self.purl = f"{self.type}/{self.name}@{self.version}"
 
     def __str__(self):
         return json.dumps(self.__dict__)
@@ -159,8 +162,6 @@ def __init__(self, **kwargs):
             self.introduced_by = []
         if not hasattr(self, "manifests"):
             self.manifests = ""
-        self.url = f"https://socket.dev/{self.pkg_type}/{self.pkg_name}/overview/{self.pkg_version}"
-        self.purl = f"{self.pkg_type}/{self.pkg_name}@{self.pkg_version}"
 
     def __str__(self):
         return json.dumps(self.__dict__)
@@ -324,12 +325,15 @@ class Purl:
     version: str
     ecosystem: str
     direct: bool
-    author: str
+    author: list
     size: int
     transitives: int
     introduced_by: list
     capabilities: dict
     is_new: bool
+    author_url: str
+    url: str
+    purl: str
 
     def __init__(self, **kwargs):
         if kwargs:
@@ -341,6 +345,22 @@ def __init__(self, **kwargs):
             self.capabilities = {}
         if not hasattr(self, "is_new"):
             self.is_new = False
+        self.author_url = Purl.generate_author_data(self.author, self.ecosystem)
+
+    @staticmethod
+    def generate_author_data(authors: list, ecosystem: str) -> str:
+        """
+        Creates the Author links for the package
+        :param authors:
+        :param ecosystem:
+        :return:
+        """
+        authors_str = ""
+        for author in authors:
+            author_url = f"https://socket.dev/{ecosystem}/user/{author}"
+            authors_str += f"[{author}]({author_url}),"
+        authors_str = authors_str.rstrip(",")
+        return authors_str
 
     def __str__(self):
         return json.dumps(self.__dict__)

socketsecurity/core/github.py

@@ -324,6 +324,7 @@ def process_security_comment(comment: GithubComment, comments) -> str:
             line = line.strip()
             if "start-socket-alerts-table" in line:
                 start = True
+                lines.append(line)
             elif start and "end-socket-alerts-table" not in line and not Github.is_heading_line(line) and line != '':
                 title, package, introduced_by, manifest = line.strip("|").split("|")
                 details, _ = package.split("](")

socketsecurity/core/gitlab.py

@@ -303,6 +303,7 @@ def process_security_comment(comment: GitlabComment, comments) -> str:
             line = line.strip()
             if "start-socket-alerts-table" in line:
                 start = True
+                lines.append(line)
             elif start and "end-socket-alerts-table" not in line and not Gitlab.is_heading_line(line) and line != '':
                 title, package, introduced_by, manifest = line.lstrip("|").rstrip("|").split("|")
                 details, _ = package.split("](")

socketsecurity/core/messages.py

@@ -153,7 +153,8 @@ def create_security_alert_table(diff: Diff, md: MdUtils) -> (MdUtils, list, dict
                 ", ".join(sources),
                 manifest_str
             ]
-            alert_table.extend(row)
+            if row not in alert_table:
+                alert_table.extend(row)
         num_of_alert_rows = len(diff.new_alerts) + 1
         md.new_table(
             columns=num_of_alert_columns,
@@ -220,17 +221,16 @@ def create_added_table(diff: Diff, md: MdUtils) -> MdUtils:
             added: Purl
             package_url = Messages.create_purl_link(added)
             capabilities = ", ".join(added.capabilities)
-            if capabilities is not None and capabilities != "":
-                row = [
-                    package_url,
-                    added.direct,
-                    capabilities,
-                    added.transitives,
-                    f"{added.size} KB",
-                    Messages.generate_author_data(added)
-                ]
-                overview_table.extend(row)
-                count += 1
+            row = [
+                package_url,
+                added.direct,
+                capabilities,
+                added.transitives,
+                f"{added.size} KB",
+                added.author_url
+            ]
+            overview_table.extend(row)
+            count += 1
         num_of_overview_rows = count + 1
         md.new_table(
             columns=num_of_overview_columns,
@@ -240,29 +240,14 @@ def create_added_table(diff: Diff, md: MdUtils) -> MdUtils:
         )
         return md
 
-    @staticmethod
-    def generate_author_data(package: Purl):
-        """
-        Creates the Author links for the Dependency Overview Template
-        :param package:
-        :return:
-        """
-        authors = ""
-        for author in package.author:
-            author_url = f"https://socket.dev/{package.ecosystem}/user/{author}"
-            authors += f"[{author}]({author_url}),"
-        authors = authors.rstrip(",")
-        return authors
-
     @staticmethod
     def create_purl_link(details: Purl) -> str:
         """
         Creates the Purl link for the Dependency Overview Comment for the added packages
         :param details: Purl - Details about the package needed to create the URLs
         :return:
         """
-        purl = f"{details.ecosystem}/{details.name}@{details.version}"
-        package_url = f"[{purl}](https://socket.dev/{details.ecosystem}/{details.name}/overview/{details.version})"
+        package_url = f"[{details.purl}]({details.url})"
         return package_url
 
     @staticmethod