boman-cli 1.9__tar.gz → 2.0__tar.gz

{boman-cli-1.9 → boman-cli-2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 1.9
+Version: 2.0
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -83,6 +83,10 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.0
+
+    - New scan added: Container scan.
+    - New Tool added for SCA scan type.
 
 ### V1.9:
 

{boman-cli-1.9 → boman-cli-2.0}/README.md

@@ -68,6 +68,10 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.0
+
+    - New scan added: Container scan.
+    - New Tool added for SCA scan type.
 
 ### V1.9:
 

{boman-cli-1.9 → boman-cli-2.0}/boman_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 1.9
+Version: 2.0
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -83,6 +83,10 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.0
+
+    - New scan added: Container scan.
+    - New Tool added for SCA scan type.
 
 ### V1.9:
 

{boman-cli-1.9 → boman-cli-2.0}/bomancli/Config.py

@@ -49,6 +49,8 @@ class Config:
     
     sca_present = None
     sca_lang = None
+    sca_type= None
+    sca_target= None
     
     sca_scan_status = None
     sca_upload_status = None
@@ -113,6 +115,38 @@ class Config:
 
     log_level = "INFO"
 
-    version = 'v1.9'
+    version = 'v2.0'
 
     boman_config_file = 'boman.yaml'
+    
+    osv_supported_files = [
+    "buildscript-gradle.lockfile",
+    "gradle.lockfile",
+    "pom.xml",
+    "go.mod",
+    "mix.lock",
+    "pubspec.lock",
+    "conan.lock",
+    "package-lock.json",
+    "pnpm-lock.yaml",
+    "yarn.lock",
+    "composer.lock",
+    "Pipfile.lock",
+    "poetry.lock",
+    "requirements.txt",
+    "pdm.lock",
+    "Cargo.lock",
+    "Gemfile.lock",
+    "renv.lock"
+]
+
+    #Container scan
+    con_scan_present=None
+    con_scan_build_dir=None
+    con_scan_message=None
+    con_scan_response=None
+    con_scan_errors=None
+    con_scan_upload_status=None
+    con_scan_status=None
+    con_scan_type=None
+    con_scan_target=None

boman-cli-2.0/bomancli/auth.py

@@ -0,0 +1,98 @@
+import requests
+# from base_logger import logging
+# from Config import Config
+from bomancli.base_logger import logging
+from bomancli.Config import Config
+from bomancli import utils as Utils
+import os
+import json 
+
+
+
+## function to authorize and get the images form SAAS --------------------------------------------------------
+def authorize():
+    
+    url = Config.boman_url+"/api/app/authorize"
+    
+    if Config.sca_present:
+        if Config.sca_type == "directory":
+            file_present = False     
+            for filename in Config.osv_supported_files:
+                if Config.sca_target is None:
+                    if recursive_file_present_check(Config.sca_build_dir,filename):
+                        file_present =True
+                        Config.sca_target= ""
+                        logging.info(f"Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
+                        break                
+                else:    
+                    if recursive_file_present_check(os.path.join(Config.sca_build_dir,Config.sca_target),filename):
+                        file_present =True
+                        Config.sca_target= os.path.join(Config.sca_target,filename)
+                        logging.info(f"Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
+                        break
+            if file_present:
+                Config.sca_lang ="osv"
+            else:
+                logging.warning(f"Boman has not found the dependency file")
+                if Config.sca_target is not None:
+                    Config.sca_build_dir = os.path.join(Config.sca_build_dir,Config.sca_target)
+                logging.info(f"build dir: {Config.sca_build_dir} ")
+                Config.sca_lang = "owasp dependency check"
+        elif file_present_check(os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))):
+            Config.sca_lang ="osv"
+        else:
+            logging.error(f"No such file found: {os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))}")
+            exit(4)
+        
+        logging.info(f"Boman opted for: {Config.sca_lang} scan")
+    logging.info('Authenticating with boman server')    
+    data = {'app_token': Config.app_token, 'customer_token': Config.customer_token, 'sast':Config.sast_present,"dast":Config.dast_present,"dast_type":Config.dast_type,"dast_auth_enabled":Config.dast_auth_present,"sast_langs":Config.sast_lang,"sca":Config.sca_present,"sca_langs":Config.sca_lang,"sca_scan_type":Config.sca_type,"secret_scan":Config.secret_scan_present,'container_scan': Config.con_scan_present,'container_scan_type': Config.con_scan_type}
+    headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}
+    try:
+        res = requests.post(url, json=data, headers=headers)
+        #print('req:', json.dumps(data))
+        #print('res:',json.loads(res.content))
+    except requests.ConnectionError:
+       logging.error("Can't connect to the Server while authorizing, Please check your Internet connection.")
+       exit(1) #server/saas error
+    else:
+        if res.status_code == 200:
+            try:
+                json_response = json.loads(res.content)
+                logging.info('Authentication Done')
+            except:
+                logging.info('Authentication Failure')
+            try:
+                Config.dast_response = json_response['data']['dast']
+                Config.sast_response = json_response['data']['sast']
+                Config.sca_response = json_response['data']['sca']
+                Config.secret_scan_response = json_response['data']['secret_scan']
+                Config.scan_token = json_response['data']['scan_token']    
+                Config.scan_name = json_response['data']['scan_name']
+                Config.con_scan_response = json_response['data']['cs']    
+
+                return 1    
+            except:
+                logging.error('Problem when authenticating with server, Check with boman.ai team id scan doesnt completed') 
+                #uploadLogs() this wont work because the scan is not initated.
+                exit(1) ## server error  
+                    
+
+        elif res.status_code == 401:
+            logging.error('Unauthorized Access. Check the tokens')
+        else: 
+            logging.error(f'Boman returned status code: {res.status_code}({res.reason})')	       
+    exit(2) ##auth error
+
+# whether file present in the directory or not
+def recursive_file_present_check(root_dir, file_name):
+    for root, dirs, files in os.walk(root_dir):
+        if file_name in files:
+            return os.path.join(root, file_name)
+    return None
+
+# whether file present in the directory or not
+def file_present_check(filename):
+    if os.path.isfile(filename):
+        return True
+    return False