fix: propagate --exclude-license-details to the full-scan diff request

lelia · lelia · commit 7aacf8235898 · 2026-05-29T16:46:21.000-04:00
The full-scan diff comparison ignored --exclude-license-details: the flag was applied to full-scan params and report URLs but never forwarded to the fullscans.stream_diff request, so diff comparisons always fetched license details regardless of the flag. Thread it through get_added_and_removed_packages -> stream_diff via a new include_license_details param (defaulting True to preserve current behavior). Non-breaking: the APIFailure handling at this call site is deliberately left as-is (exit 1, --disable-blocking -> 0). Re-routing diff APIFailures through the top-level exit-3 path is part of the 3.0 exit-code change, not this one. Originally from the unreleased PR #195 branch; the timeout-propagation half already landed in the preceding commit. Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py
@@ -920,7 +920,8 @@ def get_license_text_via_purl(self, packages: dict[str, Package], batch_size: in
     def get_added_and_removed_packages(
             self,
             head_full_scan_id: str,
-            new_full_scan_id: str
+            new_full_scan_id: str,
+            include_license_details: bool = True
     ) -> Tuple[Dict[str, Package], Dict[str, Package], Dict[str, Package]]:
         """
         Get packages that were added and removed between scans.
@@ -937,12 +938,12 @@ def get_added_and_removed_packages(
         diff_start = time.time()
         try:
             diff_report = (
-                self.sdk.fullscans.stream_diff
-                           (
+                self.sdk.fullscans.stream_diff(
                     self.config.org_slug,
                     head_full_scan_id,
                     new_full_scan_id,
-                    use_types=True
+                    use_types=True,
+                    include_license_details=str(include_license_details).lower()
                 ).data
             )
         except APIFailure as e:
@@ -1154,7 +1155,11 @@ def create_new_diff(
             added_packages,
             removed_packages,
             packages
-        ) = self.get_added_and_removed_packages(head_full_scan_id, new_full_scan.id)
+        ) = self.get_added_and_removed_packages(
+            head_full_scan_id,
+            new_full_scan.id,
+            include_license_details=getattr(params, "include_license_details", True)
+        )
 
         # Separate unchanged packages from added/removed for --strict-blocking support
         unchanged_packages = {
diff --git a/tests/core/test_sdk_methods.py b/tests/core/test_sdk_methods.py
@@ -101,6 +101,7 @@ def test_get_added_and_removed_packages(core):
         "head",
         "new",
         use_types=True,
+        include_license_details="true",
     )
     
     # Verify the results

Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,7 @@ def test_get_added_and_removed_packages(core):`
`101`	`101`	`"head",`
`102`	`102`	`"new",`
`103`	`103`	`use_types=True,`
	`104`	`+ include_license_details="true",`
`104`	`105`	`)`
`105`	`106`
`106`	`107`	`# Verify the results`