Skip to content

Add guardrail in case manifest file does not exist #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 30, 2025
Merged

Add guardrail in case manifest file does not exist #93

merged 1 commit into from
Jun 30, 2025

Conversation

dacoburn
Copy link
Collaborator

Root Cause

Logic for only creating the license file if a diff scan was ran was incorrect

Fix

Changed logic for detection

Public Changelog

N/A

@dacoburn dacoburn requested a review from a team as a code owner June 30, 2025 14:15
@dacoburn dacoburn requested review from cenobitedk and philidem and removed request for a team June 30, 2025 14:15
@socket-security-staging
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedpytest@​8.3.483100100100100
Updatedcoverage@​7.9.1 ⏵ 7.6.1094 +1100100100100
Addedhatch@​1.14.095100100100100
Updatedurllib3@​2.5.0 ⏵ 2.3.097100100100100
Addedprettytable@​3.12.098100100100100
Addedrequests@​2.32.399100100100100
Updatedcertifi@​2025.6.15 ⏵ 2024.12.1410010010010070
Addedpython-dotenv@​1.0.199100100100100
Addedsocket-sdk-python@​2.0.1599100100100100
Addedpackaging@​24.299100100100100
Updatedcharset-normalizer@​3.4.2 ⏵ 3.4.199 +1100100100100
Addedmdutils@​1.6.099100100100100
Updatedtyping-extensions@​4.14.0 ⏵ 4.12.2100 +1100100100100
Addedargparse@​1.4.0100100100100100
Addeddocopt@​0.6.2100100100100100
Addedpytest-cov@​6.0.0100100100100100
Addedpytest-asyncio@​0.25.1100100100100100
Updatediniconfig@​2.1.0 ⏵ 2.0.0100100100100100
Addedpytest-mock@​3.14.0100100100100100
Updatedpluggy@​1.6.0 ⏵ 1.5.0100 +1100100100100

View full report

@github-actions GitHub Actions
Copy link

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.1.15.dev1

Docker image: socketdev/cli:pr-93

@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedpytest@​8.3.483100100100100
Updatedcoverage@​7.9.1 ⏵ 7.6.1094 +1100100100100
Addedhatch@​1.14.095100100100100
Updatedurllib3@​2.5.0 ⏵ 2.3.097100100100100
Addedrequests@​2.32.399100100100100
Updatedcertifi@​2025.6.15 ⏵ 2024.12.1410010010010070
Addedpython-dotenv@​1.0.199100100100100
Addedpackaging@​24.299100100100100
Updatedcharset-normalizer@​3.4.2 ⏵ 3.4.199 +1100100100100
Addedmdutils@​1.6.099100100100100
Updatedtyping-extensions@​4.14.0 ⏵ 4.12.2100 +1100100100100
Addedargparse@​1.4.0100100100100100
Addeddocopt@​0.6.2100100100100100
Addedsocket-sdk-python@​2.0.15100100100100100
Addedpytest-cov@​6.0.0100100100100100
Addedpytest-asyncio@​0.25.1100100100100100
Updatediniconfig@​2.1.0 ⏵ 2.0.0100100100100100
Addedpytest-mock@​3.14.0100100100100100
Updatedpluggy@​1.6.0 ⏵ 1.5.0100 +1100100100100
Addedprettytable@​3.12.0100100100100100

View full report

@dacoburn dacoburn merged commit c2183b5 into main Jun 30, 2025
6 checks passed
@dacoburn dacoburn deleted the doug/fix-skip-logic branch June 30, 2025 14:24
@dacoburn dacoburn restored the doug/fix-skip-logic branch June 30, 2025 14:25
Planeshifter
Planeshifter reviewed Jun 30, 2025
View reviewed changes
socketsecurity/core/__init__.py
for manifest_data in package.manifestFiles:
manifest_file = manifest_data.get("file")
manifests += f"{manifest_file};"
if hasattr(package, "manifestFiles"):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be simplified to else:, no?

dacoburn added a commit that referenced this pull request Jun 30, 2025
@dacoburn
Revert "Add guardrail in case manifest file does not exist (#93)"
87363a7 
This reverts commit c2183b5.
@dacoburn dacoburn mentioned this pull request Jun 30, 2025
Merged
Planeshifter
Planeshifter reviewed Jun 30, 2025
View reviewed changes
socketsecurity/socketcli.py
@@ -260,7 +260,7 @@ def main_code():
output_handler.handle_output(diff)

# Handle license generation
if diff is not None and diff.id != "no_diff_id" and config.generate_license:
if should_skip_scan and diff.id != "no_diff_id" and config.generate_license:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this correct? Or did you mean to check for whether NOT should_skip_scan here?

dacoburn added a commit that referenced this pull request Jun 30, 2025
@dacoburn
Revert "Add guardrail in case manifest file does not exist (#93)" (#94)
3095944 
This reverts commit c2183b5.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Planeshifter Planeshifter Planeshifter left review comments

@pvdz pvdz pvdz approved these changes

@cenobitedk cenobitedk Awaiting requested review from cenobitedk cenobitedk is a code owner automatically assigned from SocketDev/eng

@philidem philidem Awaiting requested review from philidem philidem is a code owner automatically assigned from SocketDev/eng

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dacoburn @pvdz @Planeshifter