Doug/fix run issue (#26)

* Fixed issue where diff scan was running when there were no changed manifest files

* Fixes for run time detection of changed files

Author: dacoburn

socketsecurity/__init__.py

@@ -1,2 +1,2 @@
 __author__ = 'socket.dev'
-__version__ = '1.0.24'
+__version__ = '1.0.30'

socketsecurity/core/__init__.py

@@ -410,7 +410,6 @@ def find_files(path: str) -> list:
         Globs the path for supported manifest files.
         Note: Might move the source to a JSON file
         :param path: Str - path to where the manifest files are located
-        :param files: override finding the manifest files using the glob matcher
         :return:
         """
         log.debug("Starting Find Files")
@@ -750,10 +749,11 @@ def create_issue_alerts(package: Package, alerts: dict, packages: dict) -> dict:
             if alert.type in security_policy:
                 action = security_policy[alert.type]['action']
                 setattr(issue_alert, action, True)
-            if issue_alert.key not in alerts:
-                alerts[issue_alert.key] = [issue_alert]
-            else:
-                alerts[issue_alert.key].append(issue_alert)
+            if issue_alert.type != 'licenseSpdxDisj':
+                if issue_alert.key not in alerts:
+                    alerts[issue_alert.key] = [issue_alert]
+                else:
+                    alerts[issue_alert.key].append(issue_alert)
         return alerts
 
     @staticmethod

socketsecurity/core/classes.py

@@ -161,10 +161,15 @@ def __init__(self, **kwargs):
 
         if hasattr(self, "created_at"):
             self.created_at = self.created_at.strip(" (Coordinated Universal Time)")
-        if not hasattr(self, "introduced_by"):
-            self.introduced_by = []
         if not hasattr(self, "manifests"):
             self.manifests = ""
+        if not hasattr(self, "introduced_by"):
+            self.introduced_by = []
+        else:
+            for item in self.introduced_by:
+                pkg, manifest = item
+                self.manifests += f"{manifest};"
+            self.manifests = self.manifests.rstrip(";")
         if not hasattr(self, "error"):
             self.error = False
         if not hasattr(self, "warn"):

socketsecurity/core/github.py

@@ -116,7 +116,8 @@ def check_event_type() -> str:
             else:
                 event_type = "diff"
         elif github_event_name.lower() == "pull_request":
-            if event_action is not None and event_action != "" and event_action.lower() == "opened":
+            if event_action is not None and event_action != "" and (
+                    event_action.lower() == "opened" or event_action.lower() == 'synchronize'):
                 event_type = "diff"
             else:
                 log.info(f"Pull Request Action {event_action} is not a supported type")

socketsecurity/socketcli.py

@@ -163,25 +163,34 @@
 
 
 def output_console_comments(diff_report: Diff, sbom_file_name: str = None) -> None:
-    console_security_comment = Messages.create_console_security_alert_table(diff_report)
-    save_sbom_file(diff_report, sbom_file_name)
-    log.info(f"Socket Full Scan ID: {diff_report.id}")
-    if not report_pass(diff_report):
-        log.info("Security issues detected by Socket Security")
-        msg = f"\n{console_security_comment}"
-        log.info(msg)
-        if not blocking_disabled:
-            sys.exit(1)
-    else:
-        log.info("No New Security issues detected by Socket Security")
+    if diff_report.id != "NO_DIFF_RAN":
+        console_security_comment = Messages.create_console_security_alert_table(diff_report)
+        save_sbom_file(diff_report, sbom_file_name)
+        log.info(f"Socket Full Scan ID: {diff_report.id}")
+        if len(diff_report.new_alerts) > 0:
+            log.info("Security issues detected by Socket Security")
+            msg = f"\n{console_security_comment}"
+            log.info(msg)
+            if not report_pass(diff_report) and not blocking_disabled:
+                sys.exit(1)
+            else:
+                # Means only warning alerts with no blocked
+                if not blocking_disabled:
+                    sys.exit(5)
+        else:
+            log.info("No New Security issues detected by Socket Security")
 
 
 def output_console_json(diff_report: Diff, sbom_file_name: str = None) -> None:
-    console_security_comment = Messages.create_security_comment_json(diff_report)
-    save_sbom_file(diff_report, sbom_file_name)
-    print(json.dumps(console_security_comment))
-    if not report_pass(diff_report) and not blocking_disabled:
-        sys.exit(1)
+    if diff_report.id != "NO_DIFF_RAN":
+        console_security_comment = Messages.create_security_comment_json(diff_report)
+        save_sbom_file(diff_report, sbom_file_name)
+        print(json.dumps(console_security_comment))
+        if not report_pass(diff_report) and not blocking_disabled:
+            sys.exit(1)
+        elif len(diff_report.new_alerts) > 0 and not blocking_disabled:
+            # Means only warning alerts with no blocked
+            sys.exit(5)
 
 
 def report_pass(diff_report: Diff) -> bool:
@@ -299,11 +308,12 @@ def main_code():
         default_branch = scm.is_default_branch
 
     base_api_url = os.getenv("BASE_API_URL") or None
-    core = Core(token=api_token, request_timeout=1200, base_api_url=base_api_url)
+    core = Core(token=api_token, request_timeout=1200, base_api_url=base_api_url, allow_unverified=allow_unverified)
     no_change = True
     if ignore_commit_files:
         no_change = False
     elif is_repo and files is not None and len(files) > 0:
+        log.info(files)
         no_change = core.match_supported_files(files)
 
     set_as_pending_head = False
@@ -319,7 +329,8 @@ def main_code():
         make_default_branch=default_branch,
         set_as_pending_head=set_as_pending_head
     )
-    diff = None
+    diff = Diff()
+    diff.id = "NO_DIFF_RAN"
     if scm is not None and scm.check_event_type() == "comment":
         log.info("Comment initiated flow")
         log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
@@ -329,10 +340,11 @@ def main_code():
     elif scm is not None and scm.check_event_type() != "comment":
         log.info("Push initiated flow")
         diff: Diff
-        diff = core.create_new_diff(target_path, params, workspace=target_path, no_change=no_change)
         if no_change:
-            log.info("No dependency changes")
+            log.info("No manifest files changes, skipping scan")
+            # log.info("No dependency changes")
         elif scm.check_event_type() == "diff":
+            diff = core.create_new_diff(target_path, params, workspace=target_path, no_change=no_change)
             log.info("Starting comment logic for PR/MR event")
             log.debug(f"Getting comments for Repo {scm.repository} for PR {scm.pr_number}")
             comments = scm.get_comments_for_pr(repo, str(pr_number))