feat: added safety firewall (#671)

Co-authored-by: jakub-safetycli <[email protected]>

Author: yeisonvargasf

.devcontainer/devcontainer.json

@@ -13,7 +13,8 @@
 
   "mounts": [
     "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind",
-    "source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh,target=/home/developer/.ssh,type=bind,consistency=cached"
+    "source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh,target=/home/developer/.ssh,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.safety,target=/home/developer/.safety,type=bind,consistency=cached"
   ],
 
   "remoteEnv": {

.github/workflows/pr.yml

@@ -43,20 +43,23 @@ jobs:
             #### Quick Test with Python Package
             \`\`\`bash
             # Download and run with uv
-            gh run download ${context.runId} -n dist
+            gh run download ${context.runId} -n dist -R pyupio/safety
             uv run --with safety-${version}-py3-none-any.whl safety --version
             \`\`\`
 
             #### Binary Installation
             \`\`\`bash
             # Linux
-            gh run download ${context.runId} -n safety-linux -D linux
+            gh run download ${context.runId} -n safety-linux -D linux -R pyupio/safety
             cd linux && mv safety safety-pr && chmod +x safety-pr
 
             # macOS
-            gh run download ${context.runId} -n safety-macos -D macos
+            gh run download ${context.runId} -n safety-macos -D macos -R pyupio/safety
             cd macos && mv safety safety-pr && chmod +x safety-pr
             
+            # Windows
+            gh run download ${context.runId} -n safety-windows -D windows -R pyupio/safety
+            cd windows && mv safety.exe safety-pr.exe
             
             ./safety-pr --version
             \`\`\`

.github/workflows/reusable-build.yml

@@ -49,7 +49,7 @@ jobs:
           exit 1
         fi
         BRANCH_NAME="${{ inputs.branch-name }}"
-        SLUG=$(echo "$BRANCH_NAME" | iconv -t ascii//TRANSLIT | sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g | tr A-Z a-z)
+        SLUG=$(echo "$BRANCH_NAME" | iconv -t ascii//TRANSLIT | sed -r 's/[^a-zA-Z0-9]+/./g' | sed -r 's/^.+\|.+$//g' | tr A-Z a-z)
         echo "SLUG=$SLUG" >> $GITHUB_OUTPUT
 
     - name: Version bump (PR)

.vscode/launch.json

@@ -10,7 +10,8 @@
             // This uses the default environment which is a virtual environment
             // created by Hatch
             "python": "${workspaceFolder}/.hatch/bin/python",
-            "console": "integratedTerminal"
+            "console": "integratedTerminal",
+            "justMyCode": false,
         }
     ],
     "inputs": [
@@ -64,23 +65,37 @@
                 "auth login",
                 "auth login --headless",
                 "auth logout",
+                "auth status",
 
                 // Scan commands
                 "scan",
-                "--key ADD-YOUR-API-KEY scan",
+                "--key $SAFETY_API_KEY scan",
+                "--stage cicd --key $SAFETY_API_KEY scan",
                 "scan --use-server-matching",
                 "scan --detailed-output",
                 "--debug scan",
                 "--disable-optional-telemetry scan",
                 "scan --output json --output-file json",
+                "scan --help",
+
+                // Firewall commands
+                "init --help",
+                "init local_prj", // Directory has to be created manually
+                "init",
+                "pip list",
+                "pip install insecure-package",
+                "pip install fastapi",
 
                 // Check commands
                 "check",
                 "--debug check",
 
                 // Other commands
                 "license",
-                "--help"
+                "--help",
+                "validate --help",
+                "--key foo --help",
+                "configure"
             ],
             "default": "scan"
         }                

docs/.ipynb_checkpoints/Safety-CLI-Quickstart-checkpoint.ipynb

@@ -1,5 +1,12 @@
 {
- "cells": [],
+ "cells": [
+  {
+   "metadata": {},
+   "cell_type": "raw",
+   "source": "",
+   "id": "e4a30302820cf149"
+  }
+ ],
  "metadata": {},
  "nbformat": 4,
  "nbformat_minor": 5

pyproject.toml

@@ -49,6 +49,7 @@ dependencies = [
   "setuptools>=65.5.1",
   "typer>=0.12.1",
   "typing-extensions>=4.7.1",
+  "python-levenshtein>=0.25.1",
 ]
 license = "MIT"
 license-files = ["LICENSES/*"]
@@ -255,6 +256,8 @@ reportMissingTypeStubs = false
 addopts = "--strict-markers"
 markers = [
     "basic: requires no extras",
+    "windows_only: mark test to run only on Windows platforms",
+    "unix_only: mark test to run only on Unix platforms"
 ]
 
 [tool.coverage.run]

safety/alerts/__init__.py

@@ -6,6 +6,8 @@
 
 from dataclasses import dataclass
 
+from safety.constants import CONTEXT_COMMAND_TYPE
+
 from . import github
 from safety.util import SafetyPolicyFile
 from safety.scan.constants import CLI_ALERT_COMMAND_HELP
@@ -17,6 +19,10 @@ def get_safety_cli_legacy_group():
     from safety.cli_util import SafetyCLILegacyGroup
     return SafetyCLILegacyGroup
 
+def get_context_settings():
+    from safety.cli_util import CommandType
+    return {CONTEXT_COMMAND_TYPE: CommandType.UTILITY}
+
 @dataclass
 class Alert:
     """
@@ -33,7 +39,8 @@ class Alert:
     policy: Any = None
     requirements_files: Any = None
 
-@click.group(cls=get_safety_cli_legacy_group(), help=CLI_ALERT_COMMAND_HELP, deprecated=True, utility_command=True)
+@click.group(cls=get_safety_cli_legacy_group(), help=CLI_ALERT_COMMAND_HELP,
+             deprecated=True, context_settings=get_context_settings())
 @click.option('--check-report', help='JSON output of Safety Check to work with.', type=click.File('r'), default=sys.stdin, required=True)
 @click.option("--key", envvar="SAFETY_API_KEY",
               help="API Key for safetycli.com's vulnerability database. Can be set as SAFETY_API_KEY "

safety/auth/cli.py

@@ -1,11 +1,12 @@
-from datetime import datetime
 import logging
 import sys
-from safety.auth.models import Auth
+from datetime import datetime
 
-from safety.auth.utils import is_email_verified
+from safety.auth.models import Auth
+from safety.auth.utils import initialize, is_email_verified
 from safety.console import main_console as console
 from safety.constants import MSG_FINISH_REGISTRATION_TPL, MSG_VERIFICATION_HINT
+from safety.meta import get_version
 
 try:
     from typing import Annotated
@@ -15,22 +16,38 @@
 from typing import Optional
 
 import click
-from typer import Typer
 import typer
+from rich.padding import Padding
+from typer import Typer
 
-from safety.auth.main import get_auth_info, get_authorization_data, get_token, clean_session
+from safety.auth.main import (
+    clean_session,
+    get_auth_info,
+    get_authorization_data,
+    get_token,
+)
 from safety.auth.server import process_browser_callback
-from ..cli_util import get_command_for, pass_safety_cli_obj, SafetyCLISubGroup
-
-from .constants import MSG_FAIL_LOGIN_AUTHED, MSG_FAIL_REGISTER_AUTHED, MSG_LOGOUT_DONE, MSG_LOGOUT_FAILED, MSG_NON_AUTHENTICATED
-from safety.scan.constants import CLI_AUTH_COMMAND_HELP, CLI_AUTH_HEADLESS_HELP, DEFAULT_EPILOG, CLI_AUTH_LOGIN_HELP, CLI_AUTH_LOGOUT_HELP, CLI_AUTH_STATUS_HELP
-
-
-from rich.padding import Padding
+from safety.scan.constants import (
+    CLI_AUTH_COMMAND_HELP,
+    CLI_AUTH_HEADLESS_HELP,
+    CLI_AUTH_LOGIN_HELP,
+    CLI_AUTH_LOGOUT_HELP,
+    CLI_AUTH_STATUS_HELP,
+    DEFAULT_EPILOG,
+)
+
+from ..cli_util import SafetyCLISubGroup, get_command_for, pass_safety_cli_obj
+from .constants import (
+    MSG_FAIL_LOGIN_AUTHED,
+    MSG_FAIL_REGISTER_AUTHED,
+    MSG_LOGOUT_DONE,
+    MSG_LOGOUT_FAILED,
+    MSG_NON_AUTHENTICATED,
+)
 
 LOG = logging.getLogger(__name__)
 
-auth_app = Typer(rich_markup_mode="rich")
+auth_app = Typer(rich_markup_mode="rich", name="auth")
 
 
 
@@ -183,6 +200,8 @@ def login(
 
             render_successful_login(ctx.obj.auth, organization=organization)
 
+            initialize(ctx, refresh=True)
+
             console.print()
             if ctx.obj.auth.org or ctx.obj.auth.email_verified:
                 console.print(
@@ -249,12 +268,13 @@ def status(ctx: typer.Context, ensure_auth: bool = False,
     """
     LOG.info('status started')
     current_time = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
-    from safety.util import get_safety_version
-    safety_version = get_safety_version()
+    safety_version = get_version()
     console.print(f"[{current_time}]: Safety {safety_version}")
 
     info = get_auth_info(ctx)
 
+    initialize(ctx, refresh=True)
+
     if ensure_auth:
         console.print("running: safety auth status --ensure-auth")
         console.print()