Initial socket basics commit

Author: dacoburn

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @SocketDev/customer-success 

.gitignore

@@ -0,0 +1,102 @@
+
+.idea
+venv
+.venv
+build
+dist
+*.build
+*.dist
+*.egg-info
+test
+*.env
+run_container.sh
+*.zip
+bin
+scripts/*.py
+*.json
+markdown_overview_temp.md
+markdown_security_temp.md
+.DS_Store
+*.pyc
+test.py
+
+# Note: requirements.txt is no longer needed - using pyproject.toml + uv.lock instead
+# Version files are auto-managed by .hooks/version-check.py
+*.cpython-312.pyc
+file_generator.py
+.env
+*.md
+test_results
+local_tests/
+
+# Common Python ignores
+__pycache__/
+*.py[cod]
+*$py.class
+.pytest_cache/
+.mypy_cache/
+.coverage
+.coverage.*
+htmlcov/
+pip-wheel-metadata/
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Virtual environments
+env/
+ENV/
+env.bak/
+venv.bak/
+
+# IDEs and editors
+.vscode/
+.idea/
+*.sublime-workspace
+*.sublime-project
+*.swp
+*~
+
+# Node
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnp/
+
+# Build and distribution
+.eggs/
+*.egg
+dist/
+build/
+
+# Coverage and test output
+coverage/
+coverage.xml
+nosetests.xml
+test-results/
+
+# Logs and runtime files
+logs/
+
+*.pid
+*.sock
+
+# OS files
+.DS_Store
+
+# Binary and compiled
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Jupyter
+.ipynb_checkpoints/
+
+# Local temporary files
+*.tmp
+*.temp
+# Ignore output logs and generated src files
+*.log
+
+.python-version

.hooks/setup.py

@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+"""
+Setup script to install pre-commit hooks for version management.
+"""
+import pathlib
+import subprocess
+import sys
+
+def setup_pre_commit_hook():
+    """Set up the pre-commit hook for version checking."""
+    git_hooks_dir = pathlib.Path(".git/hooks")
+    pre_commit_hook = git_hooks_dir / "pre-commit"
+    
+    if not git_hooks_dir.exists():
+        print("❌ .git/hooks directory not found. Are you in a git repository?")
+        sys.exit(1)
+    
+    hook_content = '''#!/bin/bash
+# Version check pre-commit hook
+python3 .hooks/version-check.py
+'''
+    
+    # Create or update the pre-commit hook
+    if pre_commit_hook.exists():
+        print("⚠️ Pre-commit hook already exists.")
+        response = input("Do you want to overwrite it? (y/N): ")
+        if response.lower() != 'y':
+            print("❌ Aborted.")
+            sys.exit(1)
+    
+    pre_commit_hook.write_text(hook_content)
+    pre_commit_hook.chmod(0o755)
+    
+    print("✅ Pre-commit hook installed successfully!")
+    print("Now version changes will be automatically checked on each commit.")
+    print("")
+    print("Usage:")
+    print("  Normal commit: Will auto-bump patch version if unchanged")
+    print("  Dev mode: python3 .hooks/version-check.py --dev")
+
+def main():
+    if "--install-hook" in sys.argv:
+        setup_pre_commit_hook()
+    else:
+        print("Version management setup script")
+        print("")
+        print("Options:")
+        print("  --install-hook    Install pre-commit hook for version checking")
+        print("")
+        print("Manual usage:")
+        print("  python3 .hooks/version-check.py       # Check and auto-bump if needed")
+        print("  python3 .hooks/version-check.py --dev # Use dev versioning")
+
+if __name__ == "__main__":
+    main()

.hooks/version-check.py

@@ -0,0 +1,128 @@
+#!/usr/bin/env python3
+import subprocess
+import pathlib
+import re
+import sys
+import urllib.request
+import json
+
+VERSION_FILE = pathlib.Path("socket_basics/version.py")
+PYPROJECT_FILE = pathlib.Path("pyproject.toml")
+
+VERSION_PATTERN = re.compile(r"__version__\s*=\s*['\"]([^'\"]+)['\"]")
+PYPROJECT_PATTERN = re.compile(r'^version\s*=\s*"([^"]+)"$', re.MULTILINE)
+# Update this URL to match your actual PyPI package if you publish it
+PYPI_API = "https://pypi.org/pypi/security-wrapper/json"
+
+def read_version_from_version_file(path: pathlib.Path) -> str:
+    if not path.exists():
+        print(f"❌ Version file {path} does not exist")
+        sys.exit(1)
+    content = path.read_text()
+    match = VERSION_PATTERN.search(content)
+    if not match:
+        print(f"❌ Could not find __version__ in {path}")
+        sys.exit(1)
+    return match.group(1)
+
+def read_version_from_pyproject(path: pathlib.Path) -> str:
+    if not path.exists():
+        print(f"❌ pyproject.toml file {path} does not exist")
+        sys.exit(1)
+    content = path.read_text()
+    match = PYPROJECT_PATTERN.search(content)
+    if not match:
+        print(f"❌ Could not find version in {path}")
+        sys.exit(1)
+    return match.group(1)
+
+def read_version_from_git(path: str) -> str:
+    try:
+        output = subprocess.check_output(["git", "show", f"HEAD:{path}"], text=True)
+        match = VERSION_PATTERN.search(output)
+        if not match:
+            return None
+        return match.group(1)
+    except subprocess.CalledProcessError:
+        return None
+
+def bump_patch_version(version: str) -> str:
+    if ".dev" in version:
+        version = version.split(".dev")[0]
+    parts = version.split(".")
+    parts[-1] = str(int(parts[-1]) + 1)
+    return ".".join(parts)
+
+def fetch_existing_versions() -> set:
+    try:
+        with urllib.request.urlopen(PYPI_API) as response:
+            data = json.load(response)
+            return set(data.get("releases", {}).keys())
+    except Exception as e:
+        print(f"⚠️ Warning: Failed to fetch existing versions from PyPI: {e}")
+        return set()
+
+def find_next_available_dev_version(base_version: str) -> str:
+    existing_versions = fetch_existing_versions()
+    for i in range(1, 100):
+        candidate = f"{base_version}.dev{i}"
+        if candidate not in existing_versions:
+            return candidate
+    print("❌ Could not find available .devN slot after 100 attempts.")
+    sys.exit(1)
+
+def inject_version(version: str):
+    print(f"🔁 Updating version to: {version}")
+
+    # Update version.py
+    VERSION_FILE.write_text(f'__version__ = "{version}"\n')
+
+    # Update pyproject.toml
+    pyproject = PYPROJECT_FILE.read_text()
+    if PYPROJECT_PATTERN.search(pyproject):
+        new_pyproject = PYPROJECT_PATTERN.sub(f'version = "{version}"', pyproject)
+        PYPROJECT_FILE.write_text(new_pyproject)
+        print(f"✅ Updated {PYPROJECT_FILE}")
+    else:
+        print(f"⚠️ Could not find version field in {PYPROJECT_FILE}")
+
+def check_version_sync():
+    """Ensure version.py and pyproject.toml are in sync"""
+    version_py = read_version_from_version_file(VERSION_FILE)
+    version_toml = read_version_from_pyproject(PYPROJECT_FILE)
+    
+    if version_py != version_toml:
+        print(f"❌ Version mismatch: {VERSION_FILE} has {version_py}, {PYPROJECT_FILE} has {version_toml}")
+        print("🔁 Syncing versions...")
+        inject_version(version_toml)  # Use pyproject.toml as source of truth
+        return version_toml
+    
+    return version_py
+
+def main():
+    dev_mode = "--dev" in sys.argv
+    
+    # Ensure versions are synced
+    current_version = check_version_sync()
+    previous_version = read_version_from_git("src/version.py")
+
+    print(f"Current: {current_version}, Previous: {previous_version}")
+
+    if current_version == previous_version:
+        if dev_mode:
+            base_version = current_version.split(".dev")[0] if ".dev" in current_version else current_version
+            new_version = find_next_available_dev_version(base_version)
+            inject_version(new_version)
+            print("⚠️ Version was unchanged — auto-bumped. Please git add + commit again.")
+            sys.exit(0)
+        else:
+            new_version = bump_patch_version(current_version)
+            inject_version(new_version)
+            print("⚠️ Version was unchanged — auto-bumped. Please git add + commit again.")
+            sys.exit(1)
+    else:
+        print("✅ Version already bumped — proceeding.")
+        sys.exit(0)
+
+if __name__ == "__main__":
+    main()

Dockerfile

@@ -0,0 +1,48 @@
+# Use the official Python image as a base
+FROM python:3.12
+
+# Create application directory
+WORKDIR /socket-security-tools
+ENV PATH=$PATH:/usr/local/go/bin
+
+# Install uv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+
+# Install Trivy
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3
+
+# Install Trufflehog
+RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
+
+
+RUN apt-get update && apt-get install -y curl git wget
+
+# Install Trivy
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3
+
+# Install Trufflehog
+RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
+
+# Install OpenGrep (connector/runtime dependency)
+RUN curl -fsSL https://raw.githubusercontent.com/opengrep/opengrep/main/install.sh | bash
+
+# Copy socket_basics package so we can install the CLI entrypoint
+COPY socket_basics /socket-security-tools/socket_basics
+# Also copy the project root so editable install has access to all files
+COPY . /socket-security-tools/
+
+COPY pyproject.toml uv.lock LICENSE README.md /scripts/
+# Install Python dependencies using uv
+WORKDIR /scripts
+RUN uv sync --frozen && uv pip install light-s3-client
+ENV PATH="/scripts/.venv/bin:/root/.opengrep/cli/latest:$PATH"
+
+# Install this package so the `socket-basics` CLI entrypoint is available
+WORKDIR /socket-security-tools
+# Ensure python can import package if install doesn't run; prefer installed package
+ENV PYTHONPATH="/socket-security-tools:${PYTHONPATH}"
+# Ensure pyproject is present for editable install; fail loudly if install fails
+RUN uv pip install -e . || pip install -e .
+
+# Use socket-basics as the default entrypoint
+ENTRYPOINT ["socket-basics"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Douglas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.