feat: added safety firewall

.vscode/launch.json

@@ -73,6 +73,12 @@
                 "--debug scan",
                 "--disable-optional-telemetry scan",
                 "scan --output json --output-file json",
+
+                // Firewall commands
+                "init --help",
+                "init local_prj", // Directory has to be created manually
+                "pip list",
+                "pip install fastapi",
 
                 // Check commands
                 "check",

docs/.ipynb_checkpoints/Safety-CLI-Quickstart-checkpoint.ipynb

@@ -1,5 +1,12 @@
 {
- "cells": [],
+ "cells": [
+  {
+   "metadata": {},
+   "cell_type": "raw",
+   "source": "",
+   "id": "e4a30302820cf149"
+  }
+ ],
  "metadata": {},
  "nbformat": 4,
  "nbformat_minor": 5

pyproject.toml

@@ -49,6 +49,7 @@ dependencies = [
   "setuptools>=65.5.1",
   "typer>=0.12.1",
   "typing-extensions>=4.7.1",
+  "python-levenshtein>=0.25.1",
 ]
 license = "MIT"
 license-files = ["LICENSES/*"]

safety/constants.py

@@ -55,6 +55,8 @@ def get_user_dir() -> Path:
 CACHE_FILE_DIR = USER_CONFIG_DIR / f"{JSON_SCHEMA_VERSION.replace('.', '')}"
 DB_CACHE_FILE = CACHE_FILE_DIR / "cache.json"
 
+PIP_LOCK = USER_CONFIG_DIR / "pip.lock"
+
 CONFIG_FILE_NAME = "config.ini"
 CONFIG_FILE_SYSTEM = SYSTEM_CONFIG_DIR / CONFIG_FILE_NAME if SYSTEM_CONFIG_DIR else None
 CONFIG_FILE_USER = USER_CONFIG_DIR / CONFIG_FILE_NAME

safety/init/command.py

@@ -0,0 +1,96 @@
+from pathlib import Path
+
+from rich.prompt import Prompt
+from ..cli_util import SafetyCLICommand, SafetyCLISubGroup
+import typer
+import os
+
+from safety.scan.decorators import initialize_scan
+from safety.init.constants import PROJECT_INIT_CMD_NAME, PROJECT_INIT_HELP, PROJECT_INIT_DIRECTORY_HELP
+from safety.init.main import create_project
+from safety.console import main_console as console
+from ..scan.command import scan
+from ..scan.models import ScanOutput
+from ..tool.main import configure_system, configure_local_directory, has_local_tool_files, configure_alias
+
+try:
+    from typing import Annotated
+except ImportError:
+    from typing_extensions import Annotated
+
+init_app = typer.Typer(rich_markup_mode= "rich", cls=SafetyCLISubGroup)
+
+@init_app.command(
+        cls=SafetyCLICommand,
+        help=PROJECT_INIT_HELP,
+        name=PROJECT_INIT_CMD_NAME,
+        options_metavar="[OPTIONS]",
+        context_settings={
+            "allow_extra_args": True,
+            "ignore_unknown_options": True
+        },
+)
+def init(ctx: typer.Context,
+         directory: Annotated[
+             Path,
+             typer.Argument(
+                 exists=True,
+                 file_okay=False,
+                 dir_okay=True,
+                 writable=False,
+                 readable=True,
+                 resolve_path=True,
+                 show_default=False,
+                 help=PROJECT_INIT_DIRECTORY_HELP
+             ),
+         ] = Path(".")):
+
+    do_init(ctx, directory, False)
+
+
+def do_init(ctx: typer.Context, directory: Path, prompt_user: bool = True):
+    project_dir = directory if os.path.isabs(directory) else os.path.join(os.getcwd(), directory)
+    initialize_scan(ctx, console)
+    create_project(ctx, console, Path(project_dir))
+
+    answer = 'y' if not prompt_user else None
+    if prompt_user:
+        console.print(
+            "Safety prevents vulnerable or malicious packages from being installed on your computer. We do this by wrapping your package manager.")
+        prompt = "Do you want to enable proactive malicious package prevention?"
+        answer = Prompt.ask(prompt=prompt, choices=["y", "n"],
+                            default="y", show_default=True, console=console).lower()
+
+    if answer == 'y':
+        configure_system()
+
+    if prompt_user:
+        prompt = "Do you want to alias pip to Safety?"
+        answer = Prompt.ask(prompt=prompt, choices=["y", "n"],
+                            default="y", show_default=True, console=console).lower()
+
+    if answer == 'y':
+        configure_alias()
+
+    if has_local_tool_files(project_dir):
+        if prompt_user:
+            prompt = "Do you want to enable proactive malicious package prevention for any project in working directory?"
+            answer = Prompt.ask(prompt=prompt, choices=["y", "n"],
+                                default="y", show_default=True, console=console).lower()
+
+        if answer == 'y':
+            configure_local_directory(project_dir)
+
+        if prompt_user:
+            prompt = "It looks like your current directory contains a requirements.txt file. Would you like Safety to scan it?"
+            answer = Prompt.ask(prompt=prompt, choices=["y", "n"],
+                                default="y", show_default=True, console=console).lower()
+
+        if answer == 'y':
+            ctx.command.name = "scan"
+            ctx.params = {
+                "target": directory,
+                "output": ScanOutput.SCREEN,
+                "policy_file_path": None
+            }
+            scan(ctx=ctx, target=directory, output=ScanOutput.SCREEN, policy_file_path=None)

safety/init/constants.py

@@ -0,0 +1,6 @@
+# Project options
+PROJECT_INIT_CMD_NAME = "init"
+PROJECT_INIT_HELP = "Creates new Safety CLI project in the current working directory."\
+"\nExample: safety project init"
+PROJECT_INIT_DIRECTORY_HELP = "Defines a directory for creating a new project. (default: current directory)\n\n" \
+    "[bold]Example: safety project init /path/to/project[/bold]"