Added support for when set in the security policy. Also added to sp…

README.md

@@ -23,12 +23,16 @@ Some SIEM tools have different ways of getting the data into their system.
 The connectors supported by this script have some shared configuration in order to pull the data from Socket.
 
 ### Options
-| Option          | Required | Format           | Description                                                                                                                           |
-|-----------------|----------|------------------|---------------------------------------------------------------------------------------------------------------------------------------|
-| api_key         | True     | string           | This is the Socket API Key created in the Socket dashboard. This should have the scoped permissions to access reports                 |
-| from_time       | False    | int              | This is the number of seconds to pull reports from. If this is not defined then it will pull the last 30 days of reports.             |
-| report_id       | False    | Socket Report ID | If this is provided then only the specified report ID will be processed                                                               |
-| request_timeout | False    | int              | This is the number of seconds to wait for an API request to complete before killing it and returning an error. Defaults to 30 seconds |
+| Option              | Required | Format           | Description                                                                                                                                 |
+|---------------------|----------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
+| api_key             | True     | string           | This is the Socket API Key created in the Socket dashboard. This should have the scoped permissions to access reports                       |
+| from_time           | False    | int              | This is the number of seconds to pull reports from. If this is not defined then it will pull the last 30 days of reports.                   |
+| report_id           | False    | Socket Report ID | If this is provided then only the specified report ID will be processed                                                                     |
+| request_timeout     | False    | int              | This is the number of seconds to wait for an API request to complete before killing it and returning an error. Defaults to 30 seconds       |
+| default_branches    | False    | list[str]        | Only required if `default_branch_only` is set to specify the names patterns of default branches like `main` or `master`                     |
+| default_branch_only | False    | boolean          | If enabled only reports where the branch name matches what is in `default_branches` will be kept                                            |
+| from_time           | False    | int              | Period in seconds to pull reports when not specifying a specific `report_id`. If not set defaults to 30 days                                |
+| actions_override    | False    | list[str]        | List of acceptable values to override the security policy configuration of issues to include. I.E. `error`, `warn`, `monitor`, and `ignore` |
 
 
 ### Example

socket-integration-example.py

@@ -22,8 +22,9 @@
         from_time=from_time,
         default_branch_only=False,
         request_timeout=300,
+        actions_override=["warn"]
     )
-    logging.basicConfig(level=logging.DEBUG)
+    # logging.basicConfig(level=logging.DEBUG)
     # core.set_log_level(logging.DEBUG)
     issue_data = core.get_issues()
 

socketsync/__init__.py

@@ -2,7 +2,7 @@
 
 
 __author__ = 'socket.dev'
-__version__ = '1.0.7'
+__version__ = '1.0.8'
 __all__ = [
     "log",
     "__version__",
@@ -27,7 +27,8 @@
     "severity",
     "pr",
     "commit",
-    "created_at"
+    "created_at",
+    "action"
 ]
 
 default_headers = {

socketsync/classes.py

@@ -147,6 +147,11 @@ class Issue:
     introduced_by: list
     manifests: str
     pkg_url: str
+    warn: bool
+    error: bool
+    ignore: bool
+    monitor: bool
+    action: str
 
     def __init__(self, **kwargs):
         if kwargs:
@@ -159,6 +164,14 @@ def __init__(self, **kwargs):
             self.introduced_by = []
         if not hasattr(self, "manifests"):
             self.manifests = ""
+        if not hasattr(self, "warn"):
+            self.warn = False
+        if not hasattr(self, "error"):
+            self.error = False
+        if not hasattr(self, "ignore"):
+            self.ignore = False
+        if not hasattr(self, "monitor"):
+            self.monitor = False
         self.pkg_url = f"https://socket.dev/{self.pkg_type}/package/{self.pkg_name}/overview/{self.pkg_version}"
 
     def __str__(self):

socketsync/core.py

@@ -17,10 +17,12 @@
 global socket
 global org_id
 global report_from_time
+global actions
 socket: socketdev
 org_id: str
 org_slug: str
 report_from_time: int
+actions: list[str]
 timeout = 30
 full_scan_path = ""
 repository_path = ""
@@ -55,6 +57,8 @@ class Core:
     default_branch_only: bool
     report_id: str
     from_time: int
+    actions_override: list[str]
+    enable_all_alerts: bool
 
     def __init__(
             self,
@@ -66,8 +70,12 @@ def __init__(
             default_branches: list = None,
             default_branch_only: bool = False,
             report_id: str = None,
-            from_time: int = 300
+            from_time: int = 300,
+            actions_override: list = None
     ):
+        self.actions_override = actions_override
+        global actions
+        actions = self.actions_override
         self.api_key = api_key
         self.report_id = report_id
         self.default_branches = default_branches
@@ -301,9 +309,19 @@ def create_issue_alerts(package: Package, alerts: list, packages: dict, report:
                 introduced_by=introduced_by,
                 is_error=is_error
             )
-            if (not all_new_alerts and is_error) or all_new_alerts:
+            if alert.type in security_policy:
+                action = security_policy[alert.type]['action']
+                setattr(issue_alert, action, True)
+                setattr(issue_alert, "action", action)
+            if (not all_new_alerts and actions is None and (issue_alert.error or issue_alert.warn)) or all_new_alerts:
                 log.debug(f"Found issue {issue_alert.title} for scan {report.id}")
-                alerts.append(issue_alert)
+                if issue_alert not in alerts:
+                    alerts.append(issue_alert)
+            elif actions is not None:
+                for override in actions:
+                    if issue_alert.action == override.lower():
+                        log.debug(f"Found issue {issue_alert.title} for scan {report.id}")
+                        alerts.append(issue_alert)
         return alerts
 
     @staticmethod