diff --git a/.gitignore b/.gitignore index a4d6257..5738fef 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,5 @@ markdown_security_temp.md .DS_Store *.pyc test.py -*.cpython-312.pyc \ No newline at end of file +*.cpython-312.pyc` +file_generator.py \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 7568ed7..2c8ddf8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,7 +11,8 @@ dependencies = [ 'mdutils', 'prettytable', 'argparse', - 'GitPython' + 'GitPython', + 'packaging' ] readme = "README.md" description = "Socket Security CLI for CI/CD" diff --git a/requirements.txt b/requirements.txt index dfd906d..896774a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,4 +2,5 @@ requests>=2.32.0 mdutils~=1.6.0 prettytable argparse -gitpython>=3.1.43 \ No newline at end of file +gitpython>=3.1.43 +packaging>=24.1 \ No newline at end of file diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index 29709fd..e239fae 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,2 +1,2 @@ __author__ = 'socket.dev' -__version__ = '1.0.7' +__version__ = '1.0.15' diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py index 8a0e29a..f24480f 100644 --- a/socketsecurity/core/__init__.py +++ b/socketsecurity/core/__init__.py @@ -46,6 +46,8 @@ all_new_alerts = False security_policy = {} log = logging.getLogger("socketdev") +# log_format = "%(asctime)s %(funcName)20s() %(message)s" +# logging.basicConfig(format=log_format) log.addHandler(logging.NullHandler()) socket_globs = { @@ -396,29 +398,35 @@ def find_files(path: str, files: list = None) -> list: :param files: override finding the manifest files using the glob matcher :return: """ - all_files = [] files_provided = False + log.debug("Starting Find Files") + start_time = time.time() if files is not None and len(files) > 0: files_provided = True for ecosystem in socket_globs: + if files is None: + files = [] patterns = socket_globs[ecosystem] for file_name in patterns: pattern = patterns[file_name]["pattern"] file_path = f"{path}/**/{pattern}" + if not files_provided: - files = glob(file_path, recursive=True) + log.debug(f"Globbing {file_path}") + glob_start = time.time() + test = glob(file_path, recursive=True) + files = files + test + glob_end = time.time() + glob_total_time = glob_end - glob_start + log.debug(f"Glob for pattern {file_path} took {glob_total_time:.2f} seconds") else: + log.debug("Files found from commit") files = Core.match_supported_files(path, files) - for file in files: - if platform.system() == "Windows": - file = file.replace("\\", "/") - if path not in file: - file = f"{path}/{file}" - found_path, file_name = file.rsplit("/", 1) - details = (found_path, file_name) - if details not in all_files: - all_files.append(details) - return all_files + log.debug("Finished Find Files") + end_time = time.time() + total_time = end_time - start_time + log.info(f"Found {len(files)} in {total_time:.2f} seconds") + return files @staticmethod def create_full_scan(files: list, params: FullScanParams, workspace: str) -> FullScan: @@ -430,7 +438,16 @@ def create_full_scan(files: list, params: FullScanParams, workspace: str) -> Ful :return: """ send_files = [] - for path, name in files: + create_full_start = time.time() + log.debug("Creating new full scan") + for file in files: + if platform.system() == "Windows": + file = file.replace("\\", "/") + if "/" in file: + path, name = file.rsplit("/", 1) + else: + path = "." + name = file full_path = f"{path}/{name}" if full_path.startswith(workspace): key = full_path[len(workspace):] @@ -452,6 +469,9 @@ def create_full_scan(files: list, params: FullScanParams, workspace: str) -> Ful results = response.json() full_scan = FullScan(**results) full_scan.sbom_artifacts = Core.get_sbom_data(full_scan.id) + create_full_end = time.time() + total_time = create_full_end - create_full_start + log.debug(f"New Full Scan created in {total_time:.2f} seconds") return full_scan @staticmethod diff --git a/socketsecurity/socketcli.py b/socketsecurity/socketcli.py index 722c587..8a3db52 100644 --- a/socketsecurity/socketcli.py +++ b/socketsecurity/socketcli.py @@ -1,5 +1,7 @@ import argparse import json + +import socketsecurity.core from socketsecurity.core import Core, __version__ from socketsecurity.core.classes import FullScanParams, Diff, Package, Issue from socketsecurity.core.messages import Messages @@ -10,7 +12,9 @@ import sys import logging -logging.basicConfig(level=logging.INFO) +log_format = "%(asctime)s: %(message)s" +logging.basicConfig(level=logging.INFO, format=log_format) +socketsecurity.core.log.setLevel(level=logging.INFO) log = logging.getLogger("socketcli") blocking_disabled = False @@ -211,7 +215,7 @@ def main_code(): arguments = parser.parse_args() debug = arguments.enable_debug if debug: - logging.basicConfig(level=logging.DEBUG) + logging.basicConfig(level=logging.DEBUG, format=log_format) log.setLevel(logging.DEBUG) Core.enable_debug_log(logging.DEBUG) log.debug("Debug logging enabled") @@ -287,7 +291,7 @@ def main_code(): default_branch = scm.is_default_branch base_api_url = os.getenv("BASE_API_URL") or None - core = Core(token=api_token, request_timeout=6000, base_api_url=base_api_url) + core = Core(token=api_token, request_timeout=1200, base_api_url=base_api_url) no_change = True if ignore_commit_files: no_change = False