boman-cli 2.1__tar.gz → 2.2.0__tar.gz

{boman-cli-2.1 → boman-cli-2.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.1
+Version: 2.2.0
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -83,6 +83,12 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.2.0
+    - New scan added: IaC.
+
+### V2.1.1
+    - Ignore files or directory for SAST and SCA
+
 ### V2.1
     - New scan added: SBOM.
 

{boman-cli-2.1 → boman-cli-2.2.0}/README.md

@@ -68,6 +68,12 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.2.0
+    - New scan added: IaC.
+
+### V2.1.1
+    - Ignore files or directory for SAST and SCA
+
 ### V2.1
     - New scan added: SBOM.
 

{boman-cli-2.1 → boman-cli-2.2.0}/boman_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.1
+Version: 2.2.0
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -83,6 +83,12 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.2.0
+    - New scan added: IaC.
+
+### V2.1.1
+    - Ignore files or directory for SAST and SCA
+
 ### V2.1
     - New scan added: SBOM.
 

{boman-cli-2.1 → boman-cli-2.2.0}/bomancli/Config.py

@@ -25,6 +25,7 @@ class Config:
     sast_upload_status = None
     sast_message = None
     sast_errors = None
+    sast_ignore = False
 
     dast_present = None
     dast_target = None
@@ -56,6 +57,8 @@ class Config:
     sca_upload_status = None
     sca_message = None
     sca_errors = None
+    sca_ignore = False
+    sca_exclude_paths=None
 
     app_token = None
     customer_token = None
@@ -115,7 +118,7 @@ class Config:
 
     log_level = "INFO"
 
-    version = 'v2.1'
+    version = 'v2.2.0'
 
     boman_config_file = 'boman.yaml'
     
@@ -159,4 +162,16 @@ class Config:
     sbom_errors=None
     sbom_upload_status=None
     sbom_scan_status=None
-    sbom_target=None
+    sbom_target=None
+    
+    #IAC scanning
+    iac_scan_present=None
+    iac_scan_build_dir=None
+    iac_scan_message=None
+    iac_scan_response=None
+    iac_scan_errors=None
+    iac_scan_upload_status=None
+    iac_scan_status=None
+    iac_scan_type=None
+    iac_scan_target=None
+    iac_valid_exit_status = [0,60,50,40,30,20]

{boman-cli-2.1 → boman-cli-2.2.0}/bomancli/auth.py

@@ -46,8 +46,9 @@ def authorize():
         
         logging.info(f"Boman opted for: {Config.sca_lang} scan")
     logging.info('Authenticating with boman server')    
-    data = {'app_token': Config.app_token, 'customer_token': Config.customer_token, 'sast':Config.sast_present,"dast":Config.dast_present,"dast_type":Config.dast_type,"dast_auth_enabled":Config.dast_auth_present,"sast_langs":Config.sast_lang,"sca":Config.sca_present,"sca_langs":Config.sca_lang,"sca_scan_type":Config.sca_type,"secret_scan":Config.secret_scan_present,'container_scan': Config.con_scan_present,'container_scan_type': Config.con_scan_type,"sbom":Config.sbom_present}
+    data = {'app_token': Config.app_token, 'customer_token': Config.customer_token, 'sast':Config.sast_present,"dast":Config.dast_present,"dast_type":Config.dast_type,"dast_auth_enabled":Config.dast_auth_present,"sast_langs":Config.sast_lang,"sca":Config.sca_present,"sca_langs":Config.sca_lang,"sca_scan_type":Config.sca_type,"secret_scan":Config.secret_scan_present,'container_scan': Config.con_scan_present,'container_scan_type': Config.con_scan_type,"sbom":Config.sbom_present,'iac':Config.iac_scan_present}
     headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}
+    # logging.info(data)
     try:
         res = requests.post(url, json=data, headers=headers)
         #print('req:', json.dumps(data))
@@ -60,6 +61,7 @@ def authorize():
             try:
                 json_response = json.loads(res.content)
                 logging.info('Authentication Done')
+                # logging.info(json_response)
             except:
                 logging.info('Authentication Failure')
             try:
@@ -70,7 +72,8 @@ def authorize():
                 Config.scan_token = json_response['data']['scan_token']    
                 Config.scan_name = json_response['data']['scan_name']
                 Config.con_scan_response = json_response['data']['cs']
-                Config.sbom_response = json_response['data']['sbom']    
+                Config.sbom_response = json_response['data']['sbom']
+                Config.iac_scan_response = json_response['data']['iac']   
 
                 return 1    
             except:

{boman-cli-2.1 → boman-cli-2.2.0}/bomancli/main.py

@@ -125,6 +125,12 @@ def runImage(data=None,type=None):
 
 
     if type == 'SAST':
+        if Config.sast_ignore:
+            if Utils.copy_file('.bomanignore','.semgrepignore'):
+                logging.info("Files and Folders to be ignored is added to .semgrepignore file")
+            else:
+                logging.error(".bomanignore file was not found")
+                exit(4)
         target_file = Config.sast_target
         Utils.checkImageAlreadyExsist(docker_image)
 
@@ -220,7 +226,8 @@ def runImage(data=None,type=None):
 
 
         try:
-
+            if Config.sast_ignore:
+                os.remove('.semgrepignore')
             if will_generate_output == 1:
                 #logging.info('WILL GENERATE OUTPUT')
                 if uploadReport(output_file,tool_name,tool_id,scan_details_id,'SAST'):
@@ -446,7 +453,12 @@ def runImage(data=None,type=None):
                     container_output = docker.containers.run(docker_image, command_line, volumes={Config.sca_build_dir: {
                             'bind': data['bind']}}, user=uid)
                     logging.info('[SUCCESS]: %s Scan Completed',tool_name)
-            else:   
+            else:
+                if Config.sca_ignore:
+                    Config.sca_exclude_files = Utils.read_bomanignore('.bomanignore')
+                    if Config.sca_exclude_files:
+                        command_line = f'{command_line} {Config.sca_exclude_files}'
+                        logging.info('Comment for SCA with ignore %s',command_line)
                 Config.build_dir = Config.sca_build_dir
                 container_output = docker.containers.run(docker_image, command_line, volumes={Config.sca_build_dir: {
                         'bind': data['bind']}}, user=uid)
@@ -508,7 +520,7 @@ def runImage(data=None,type=None):
         except errors.ContainerError as exc:
             logging.error('Some Error recorded while scanning %s',tool_name)
             logging.error('%s',str(exc))
-            msg='\n The following error has been recorded while scanning sca'
+            msg='\n The following error has been recorded while scanning Container'
             Config.con_scan_status ='Failed'
             Config.con_scan_errors ='Some Error recorded while scanning [',str(exc),']'
             Utils.logError(msg,str(exc))
@@ -576,6 +588,54 @@ def runImage(data=None,type=None):
             Config.sbom_message ='Error recorded while uploading the report of SBOM, Please check your directory for the files.'           ## need to change logic here -- MM
             msg = 'Error recorded while uploading the report'
             Utils.logError(msg,str(e))    
+
+    if type == 'iac':
+        Utils.checkImageAlreadyExsist(docker_image)
+        logging.info('Running %s',tool_name)
+        
+        try:
+            command_line = "% s" % command_line.format(target = '/src'+Config.iac_scan_target)   
+            Config.build_dir = Config.iac_scan_build_dir
+            container_output = docker.containers.run(docker_image, command_line, volumes={Config.iac_scan_build_dir: {
+                        'bind': data['bind']}}, user=uid)
+            logging.info('[SUCCESS]: %s Scan Completed',tool_name)
+            Config.iac_scan_message ='IaC Scan completed'
+            Config.iac_scan_status ='Completed'
+        except errors.ContainerError as exc:
+            if exc.exit_status in Config.iac_valid_exit_status:
+                Config.iac_scan_message ='IaC scan completed'
+                Config.iac_scan_status ='Completed'
+                logging.info('[SUCCESS]: %s Scan Completed',tool_name)
+                logging.info(f'IaC: {exc.stderr}')
+            else: 
+                logging.error('Some Error recorded while scanning %s',tool_name)
+                logging.error('%s',str(exc))
+                msg='\n The following error has been recorded while scanning IaC'
+                Config.iac_scan_status ='Failed'
+                Config.iac_scan_errors ='Some Error recorded while scanning [',str(exc),']'
+                Utils.logError(msg,str(exc))
+        
+        try:
+            if will_generate_output == 1:
+                logging.info('Uploading %s to the server',output_file)
+                if uploadReport(output_file,tool_name,tool_id,scan_details_id,'iac'):
+                    Config.iac_scan_status ='Completed'
+                    Config.iac_scan_upload_status = 'Completed'
+                    Config.iac_scan_message ='Scan Completed'
+                else:
+                    Config.iac_scan_status ='Failed'
+                    Config.iac_scan_upload_status = 'Failed'
+                    Config.iac_scan_message ='Error occured while uploading the report, Please check the cli logs'
+            else:
+                logging.error('Cant upload files to the server',tool_name)
+                Config.iac_scan_message ='Cant upload files to the server for IaC Scan,Please check your directory for the files.'
+
+        except EnvironmentError as e:
+            logging.error('Error recorded while uploading the report %s',tool_name)
+            logging.error('%s',str(e))
+            Config.iac_scan_message ='Error recorded while uploading the report of IaC Scan, Please check your directory for the files.'           ## need to change logic here -- MM
+            msg = 'Error recorded while uploading the report'
+            Utils.logError(msg,str(e))    
         
 
 #### function to upload the test report to the server with other data -- MM ------------------------------------
@@ -607,6 +667,9 @@ def uploadReport(filename,toolname,tool_id,scan_details_id,type):
             elif type =="sbom":
                 message = Config.sbom_message
                 errors = Config.sbom_errors
+            elif type =="iac":
+                message = Config.iac_scan_message
+                errors = Config.iac_scan_errors
         except:
             message = 'NA'
             errors = 'NA'
@@ -787,7 +850,7 @@ def main():
 
     init()
     Validation.yamlValidation()
-    if Config.secret_scan_present == True or Config.sast_present is True or Config.dast_present is True or Config.sca_present is True or Config.con_scan_present is True or Config.sbom_present:
+    if Config.secret_scan_present == True or Config.sast_present is True or Config.dast_present is True or Config.sca_present is True or Config.con_scan_present is True or Config.sbom_present or Config.iac_scan_present:
         Utils.testServer()
     else:
         content = Auth.authorize()
@@ -939,6 +1002,19 @@ def main():
                 runImage(data=data,type='sbom')
     else:
         logging.info('Ignoring SBOM')
+        
+    if Config.iac_scan_present is True:
+        logging.info("Preparing IaC Scan requirements")
+        
+        for data in Config.iac_scan_response:
+
+            if data['scan_status'] == 0 :   
+                logging.info('No IaC Scan Configuration found from SaaS')    
+                logging.info('Ignoring IaC Scan')
+            else:
+                runImage(data=data,type='iac')
+    else:
+        logging.info('Ignoring IaC Scan')
     
     exitFunction()
     return 1

{boman-cli-2.1 → boman-cli-2.2.0}/bomancli/utils.py

@@ -339,8 +339,16 @@ def showSummary():
         logging.info('SCAN MESSAGE : %s', Config.sbom_message)   
     logging.info('-------------------------------------')
 
-
-
+    logging.info('-------- IaC SCAN STATUS --------- ')
+    if Config.iac_scan_present:
+        logging.info('SCAN STATUS: %s',Config.iac_scan_status)
+        logging.info('UPLOAD STATUS: %s',Config.iac_scan_upload_status)
+        logging.info('SCAN MESSAGE : %s', Config.iac_scan_message)
+        
+        logging.info('ERRORS: %s',Config.iac_scan_errors)
+    else:
+        logging.info('SCAN MESSAGE : %s', Config.iac_scan_message)   
+    logging.info('-------------------------------------')
     # logging.info(Config.sast_message)
     # logging.info(Config.dast_message)
     # logging.info(Config.sca_message)
@@ -889,4 +897,31 @@ def uploadLogs():
 
 def remove_leading_slash(s):
     # Check if the first character is a slash and remove it
-    return s[1:] if s.startswith('/') else s
+    return s[1:] if s.startswith('/') else s
+
+def read_bomanignore(file_path):
+    exclude_paths = []
+    try:
+        with open(file_path, 'r') as file:
+            for line in file:
+                # Skip comments and empty lines
+                line = line.strip()
+                if line and not line.startswith('#'):
+                    full_command = " --exclude "+line
+                    exclude_paths.append(full_command)
+    except FileNotFoundError:
+        logging.info(f"Error: {file_path} not found.")
+        return False
+    # Join the list into a space separated string
+    return ''.join(exclude_paths)
+
+def copy_file(source_path, dest_path):
+    try:
+        with open(source_path, 'r') as source_file:
+            source_content = source_file.read()
+        with open(dest_path, 'w') as dest_file:
+            dest_file.write(source_content)
+        return True  # Successfully copied
+    except FileNotFoundError:
+        logging.info(f"Error: {source_path} not found.")
+        return False  # Source file not found

{boman-cli-2.1 → boman-cli-2.2.0}/bomancli/validation.py

@@ -61,6 +61,13 @@ def yamlValidation():
             except KeyError: 
                 logging.info('work dir not specified in config, choosing the default sast working directory')
                 Config.sast_build_dir = os.getcwd()+'/'
+                
+            try:
+                logging.info('Ignoring file and folder check')
+                Config.sast_ignore =  Config.config_data['SAST']['ignore_files']
+            except KeyError: 
+                logging.info('ignore_files config was not found')
+                
 
             #logging.info('snyk is choosen, and the env var declared was %s', str('s'))
 
@@ -170,6 +177,11 @@ def yamlValidation():
             #     ##after sbom and lockfile type check
             #     Config.sca_build_dir = os.getcwd()+'/'
                 
+            try:
+                logging.info('Ignoring file and folder check')
+                Config.sca_ignore =  Config.config_data['SCA']['ignore_files']
+            except KeyError: 
+                logging.info('ignore_files config was not found')    
                 
             try:
                 logging.info('Configuring target for SCA')
@@ -282,7 +294,36 @@ def yamlValidation():
         Config.sbom_present = False  
         logging.warning('SBOM is not properly configured. Cant read the "sbom" configuration.')   
         Config.sbom_message ='sbom is not properly configured'
-        
+    
+    # Validation of boman.yaml for IaC scanning
+    try:
+        if "IAC" in Config.config_data:
+            Config.iac_scan_present = True
+            Config.iac_scan_build_dir= os.getcwd()+'/'
+                
+            try:
+                logging.info('Configuring target for IaC Scan.')
+                Config.iac_scan_target = Config.config_data['IAC']['target']
+                logging.info(f'Target configured for IaC Scan: {Config.iac_scan_target}')
+            except KeyError:
+                Config.iac_scan_target="/"
+                logging.info("KEY ERROR")
+                logging.info('target is missing for IaC Scan. target configured to default path')
+            except TypeError:
+                Config.iac_scan_target="/"
+                logging.info("TYPE ERROR")
+                logging.info('target is missing for IaC Scan. target configured to default path')
+            
+            logging.info('IaC Scan is properly configured and ready to scan')
+            Config.iac_scan_message ='IaC Scan is properly configured and ready to scan'
+        else:
+            Config.iac_scan_present = False
+            logging.warning('IaC Scan is not properly configured. Cant read the "IAC" configuration.')   
+            Config.iac_scan_message ='IaC Scan is not properly configured'
+    except:
+        Config.iac_scan_present = False
+        logging.warning('IaC Scan is not properly configured. Cant read the "IAC" configuration.')   
+        Config.iac_scan_message ='IaC Scan is not properly configured'    
    
 
 ## need to use lingudetect here, but the results are not trustable and misleading ------ MM -------------------

{boman-cli-2.1 → boman-cli-2.2.0}/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 environment = prod
-version = 2.1
+version = 2.2.0
 name = boman-cli
 saas_base_url = 
 https = //dashboard.boman.ai/