Skip to content

Commit 206efe9

Browse files
authored
fix: bump Socket SDK version, handle missing diff scores (#193)
* fix: handle missing diff scores in dependency overview Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * chore: bump release version for CLI Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> * chore: bump SDK version for release Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --------- Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
1 parent 82d3e90 commit 206efe9

6 files changed

Lines changed: 99 additions & 15 deletions

File tree

pyproject.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
66

77
[project]
88
name = "socketsecurity"
9-
version = "2.2.85"
9+
version = "2.2.86"
1010
requires-python = ">= 3.11"
1111
license = {"file" = "LICENSE"}
1212
dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
1616
'GitPython',
1717
'packaging',
1818
'python-dotenv',
19-
"socketdev>=3.0.32,<4.0.0",
19+
"socketdev>=3.0.33,<4.0.0",
2020
"bs4>=0.0.2",
2121
"markdown>=3.10",
2222
]

socketsecurity/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
__author__ = 'socket.dev'
2-
__version__ = '2.2.85'
2+
__version__ = '2.2.86'
33
USER_AGENT = f'SocketPythonCLI/{__version__}'

socketsecurity/core/classes.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@ def from_diff_artifact(cls, data: dict) -> "Package":
207207
name=data["name"],
208208
version=data["version"],
209209
type=data["type"],
210-
score=data.get("score", data.get("scores", {})),
210+
score=data.get("score") or data.get("scores") or {},
211211
alerts=data.get("alerts", []),
212212
author=data.get("author", []),
213213
size=data.get("size"),
@@ -236,7 +236,7 @@ def from_diff_artifact(cls, data: dict) -> "Package":
236236
name=data["name"],
237237
version=data["version"],
238238
type=data["type"],
239-
score=data.get("score", data.get("scores", {})),
239+
score=data.get("score") or data.get("scores") or {},
240240
alerts=data.get("alerts", []),
241241
author=data.get("author", []),
242242
size=data.get("size"),
@@ -448,6 +448,8 @@ def __init__(self, **kwargs):
448448
self.capabilities = []
449449
if not hasattr(self, "is_new"):
450450
self.is_new = False
451+
if not hasattr(self, "scores") or self.scores is None:
452+
self.scores = {}
451453
self.author_url = Purl.generate_author_data(self.author, self.ecosystem)
452454

453455
@staticmethod

socketsecurity/core/messages.py

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1179,12 +1179,27 @@ def score_to_badge(score):
11791179
score_percent = int(score * 100) # Convert to integer percentage
11801180
return f"[![{score_percent}](https://github-app-statics.socket.dev/score-{score_percent}.svg)]({added.url})"
11811181

1182+
def get_score_for_badge(score_name: str) -> float:
1183+
scores = getattr(added, "scores", None)
1184+
if isinstance(scores, dict):
1185+
raw_score = scores.get(score_name)
1186+
else:
1187+
raw_score = getattr(scores, score_name, None) if scores is not None else None
1188+
1189+
if raw_score is None:
1190+
return 1.0
1191+
1192+
score = float(raw_score)
1193+
if score > 1:
1194+
score = score / 100
1195+
return max(0.0, min(score, 1.0))
1196+
11821197
# Generate badges for each score type
1183-
supply_chain_risk_badge = score_to_badge(added.scores.get("supplyChain", 100))
1184-
vulnerability_badge = score_to_badge(added.scores.get("vulnerability", 100))
1185-
quality_badge = score_to_badge(added.scores.get("quality", 100))
1186-
maintenance_badge = score_to_badge(added.scores.get("maintenance", 100))
1187-
license_badge = score_to_badge(added.scores.get("license", 100))
1198+
supply_chain_risk_badge = score_to_badge(get_score_for_badge("supplyChain"))
1199+
vulnerability_badge = score_to_badge(get_score_for_badge("vulnerability"))
1200+
quality_badge = score_to_badge(get_score_for_badge("quality"))
1201+
maintenance_badge = score_to_badge(get_score_for_badge("maintenance"))
1202+
license_badge = score_to_badge(get_score_for_badge("license"))
11881203

11891204
# Add the row for this package
11901205
row = [
Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
from socketsecurity.core.classes import Diff, Package, Purl
2+
from socketsecurity.core.messages import Messages
3+
4+
5+
def _make_purl(name: str, scores) -> Purl:
6+
return Purl(
7+
id=f"pkg:npm/{name}@1.0.0",
8+
name=name,
9+
version="1.0.0",
10+
ecosystem="npm",
11+
direct=True,
12+
introduced_by=[("direct", "package.json")],
13+
author=["test-author"],
14+
size=1000,
15+
transitives=0,
16+
url=f"https://socket.dev/npm/package/{name}/overview/1.0.0",
17+
purl=f"pkg:npm/{name}@1.0.0",
18+
scores=scores,
19+
)
20+
21+
22+
def test_package_from_diff_artifact_normalizes_null_score():
23+
package = Package.from_diff_artifact(
24+
{
25+
"id": "pkg:npm/example@1.0.0",
26+
"name": "example",
27+
"version": "1.0.0",
28+
"type": "npm",
29+
"diffType": "added",
30+
"score": None,
31+
"alerts": [],
32+
"author": [],
33+
"topLevelAncestors": [],
34+
"direct": True,
35+
"manifestFiles": [],
36+
}
37+
)
38+
39+
assert package.score == {}
40+
41+
42+
def test_dependency_overview_template_defaults_missing_or_null_scores(tmp_path, monkeypatch):
43+
monkeypatch.chdir(tmp_path)
44+
45+
diff = Diff(
46+
id="test-diff",
47+
diff_url="https://socket.dev/test-diff",
48+
new_packages=[
49+
_make_purl("missing-scores", None),
50+
_make_purl(
51+
"partial-scores",
52+
{
53+
"supplyChain": 0.42,
54+
"vulnerability": None,
55+
},
56+
),
57+
],
58+
removed_packages=[],
59+
new_alerts=[],
60+
)
61+
62+
comment = Messages.dependency_overview_template(diff)
63+
64+
assert "Socket Security: Dependency Overview" in comment
65+
assert "score-42.svg" in comment
66+
assert "score-100.svg" in comment
67+
assert "score-10000.svg" not in comment

uv.lock

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)