Doug/add non blocking mode (#16)

* Add support to disable blocking with --disable-blocking

* Fixed issue with support for no_change causing the scan to not run

* Added full scan ID to results

Author: dacoburn

README.md

@@ -37,3 +37,4 @@ If you don't want to provide the Socket API Token every time then you can use th
 | --disable-security-issue |                | False    | False   | If enabled will disable Security Issue Comments                                                                                                            |
 | --files                  |                | False    |         | If provided in the format of `["file1", "file2"]` it will only look for those files and not glob the path                                                  |
 | --ignore-commit-files    |                | False    | False   | If enabled then the CLI will ignore what files are changed in the commit and look for all manifest files                                                   |
+| --disable-blocking       |                | False    | False   | Disables failing checks and will only exit with an exit code of 0                                                                                          |

socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '1.0.3'
+__version__ = '1.0.7'

socketsecurity/core/__init__.py

@@ -82,6 +82,9 @@
         "pyproject.toml": {
             "pattern": "pyproject.toml"
         },
+        "poetry.lock": {
+            "pattern": "poetry.lock"
+        },
         "requirements.txt": {
             "pattern": "*requirements.txt"
         },
@@ -394,12 +397,15 @@ def find_files(path: str, files: list = None) -> list:
         :return:
         """
         all_files = []
+        files_provided = False
+        if files is not None and len(files) > 0:
+            files_provided = True
         for ecosystem in socket_globs:
             patterns = socket_globs[ecosystem]
             for file_name in patterns:
                 pattern = patterns[file_name]["pattern"]
                 file_path = f"{path}/**/{pattern}"
-                if files is None or len(files) == 0:
+                if not files_provided:
                     files = glob(file_path, recursive=True)
                 else:
                     files = Core.match_supported_files(path, files)

socketsecurity/core/github.py

@@ -111,7 +111,7 @@ def __init__(self):
     @staticmethod
     def check_event_type() -> str:
         if github_event_name.lower() == "push":
-            if pr_number is None or pr_number == "":
+            if pr_number is None or pr_number == "" or pr_number == "0":
                 event_type = "main"
             else:
                 event_type = "diff"

socketsecurity/core/messages.py

@@ -18,7 +18,8 @@ def create_security_comment_json(diff: Diff) -> dict:
                     break
         output = {
             "scan_failed": scan_failed,
-            "new_alerts": []
+            "new_alerts": [],
+            "full_scan_id": diff.id
         }
         for alert in diff.new_alerts:
             alert: Issue

socketsecurity/socketcli.py

@@ -1,7 +1,7 @@
 import argparse
 import json
 from socketsecurity.core import Core, __version__
-from socketsecurity.core.classes import FullScanParams, Diff, Package, Alert
+from socketsecurity.core.classes import FullScanParams, Diff, Package, Issue
 from socketsecurity.core.messages import Messages
 from socketsecurity.core.scm_comments import Comments
 from socketsecurity.core.git_interface import Git
@@ -12,6 +12,7 @@
 
 logging.basicConfig(level=logging.INFO)
 log = logging.getLogger("socketcli")
+blocking_disabled = False
 
 parser = argparse.ArgumentParser(
     prog="socketcli",
@@ -142,15 +143,24 @@
     default=False
 )
 
+parser.add_argument(
+    '--disable-blocking',
+    help='Disables failing checks and will only exit with an exit code of 0',
+    action='store_true',
+    default=False
+)
+
 
 def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> None:
     console_security_comment = Messages.create_console_security_alert_table(diff_report)
     save_sbom_file(diff_report, sbom_file_name)
+    log.info(f"Socket Full Scan ID: {diff_report.id}")
     if not report_pass(diff_report):
         log.info("Security issues detected by Socket Security")
         msg = f"\n{console_security_comment}"
         log.info(msg)
-        sys.exit(1)
+        if not blocking_disabled:
+            sys.exit(1)
     else:
         log.info("No New Security issues detected by Socket Security")
 
@@ -159,15 +169,15 @@ def output_console_json(diff_report: Diff, sbom_file_name: str = None) -> None:
     console_security_comment = Messages.create_security_comment_json(diff_report)
     save_sbom_file(diff_report, sbom_file_name)
     print(json.dumps(console_security_comment))
-    if not report_pass(diff_report):
+    if not report_pass(diff_report) and not blocking_disabled:
         sys.exit(1)
 
 
 def report_pass(diff_report: Diff) -> bool:
     report_passed = True
     if len(diff_report.new_alerts) > 0:
         for alert in diff_report.new_alerts:
-            alert: Alert
+            alert: Issue
             if report_passed and alert.error:
                 report_passed = False
                 break
@@ -184,11 +194,17 @@ def cli():
         main_code()
     except KeyboardInterrupt:
         log.info("Keyboard Interrupt detected, exiting")
-        sys.exit(2)
+        if not blocking_disabled:
+            sys.exit(2)
+        else:
+            sys.exit(0)
     except Exception as error:
         log.error("Unexpected error when running the cli")
         log.error(error)
-        sys.exit(3)
+        if not blocking_disabled:
+            sys.exit(3)
+        else:
+            sys.exit(0)
 
 
 def main_code():
@@ -214,6 +230,10 @@ def main_code():
     disable_overview = arguments.disable_overview
     disable_security_issue = arguments.disable_security_issue
     ignore_commit_files = arguments.ignore_commit_files
+    disable_blocking = arguments.disable_blocking
+    if disable_blocking:
+        global blocking_disabled
+        blocking_disabled = True
     files = arguments.files
     log.info(f"Starting Socket Security Scan version {__version__}")
     api_token = os.getenv("SOCKET_SECURITY_API_KEY") or arguments.api_token
@@ -244,6 +264,7 @@ def main_code():
             is_repo = True
     except InvalidGitRepositoryError:
         is_repo = False
+        ignore_commit_files = True
         pass
     except NoSuchPathError:
         raise Exception(f"Unable to find path {target_path}")
@@ -265,12 +286,15 @@ def main_code():
     if scm is not None:
         default_branch = scm.is_default_branch
 
-    if is_repo and files is not None and len(files) == 0 and not ignore_commit_files:
-        no_change = True
-    else:
-        no_change = False
     base_api_url = os.getenv("BASE_API_URL") or None
     core = Core(token=api_token, request_timeout=6000, base_api_url=base_api_url)
+    no_change = True
+    if ignore_commit_files:
+        no_change = False
+    elif is_repo and files is not None and len(files) > 0:
+        if len(core.match_supported_files(target_path, files)) > 0:
+            no_change = False
+
     set_as_pending_head = False
     if default_branch:
         set_as_pending_head = True
@@ -295,7 +319,9 @@ def main_code():
         log.info("Push initiated flow")
         diff: Diff
         diff = core.create_new_diff(target_path, params, workspace=target_path, new_files=files, no_change=no_change)
-        if scm.check_event_type() == "diff":
+        if no_change:
+            log.info("No dependency changes")
+        elif scm.check_event_type() == "diff":
             log.info("Starting comment logic for PR/MR event")
             log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
             comments = scm.get_comments_for_pr(repo, str(pr_number))
@@ -307,14 +333,24 @@ def main_code():
             security_comment = Messages.security_comment_template(diff)
             new_security_comment = True
             new_overview_comment = True
+            update_old_security_comment = (
+                security_comment is None or
+                security_comment == "" or
+                (len(comments) != 0 and comments.get("security") is not None)
+            )
+            update_old_overview_comment = (
+                overview_comment is None or
+                overview_comment == "" or
+                (len(comments) != 0 and comments.get("overview") is not None)
+            )
             if len(diff.new_alerts) == 0 or disable_security_issue:
-                if security_comment is None or security_comment == "":
+                if not update_old_security_comment:
                     new_security_comment = False
                     log.debug("No new alerts or security issue comment disabled")
                 else:
                     log.debug("Updated security comment with no new alerts")
             if (len(diff.new_packages) == 0 and len(diff.removed_packages) == 0) or disable_overview:
-                if overview_comment is None or overview_comment == "":
+                if not update_old_overview_comment:
                     new_overview_comment = False
                     log.debug("No new/removed packages or Dependency Overview comment disabled")
                 else: