boman-cli 2.3.0__tar.gz → 2.4.0__tar.gz

{boman-cli-2.3.0 → boman-cli-2.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.3.0
+Version: 2.4.0
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -14,7 +14,7 @@ Classifier: Operating System :: OS Independent
 Description-Content-Type: text/markdown
 
 # Introduction 
-Boman CLI is a Orchestration script written in python to run security scans on the customer's local or CI/CD environment and upload the results to Boman.ai SaaS server.
+Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.
 
 
 # Installation
@@ -27,6 +27,13 @@ Boman CLI is a Orchestration script written in python to run security scans on t
 
 ` boman-cli -h` 
 
+### Authentication of project has been moved from boman.yaml to boman-cli
+
+`boman-cli -a run -at <project token> -ct <customer token>`
+
+To obtain `project token` and `customer token`. Go to SaaS platform. Click on Apps -> app menu of the particular app -> Get Scan Token 
+
+
 ### To test the boman cli server
 
 ` boman-cli -a test-saas`
@@ -68,9 +75,7 @@ Example: boman-cli -a run -config ./customboman.yaml
 Example: boman-cli -a run -zap_session_script ./session.js
 
 
-
-
-# Error codes & meannings
+# Error codes
 
 0  : Successfull scan
 1  : Server/SaaS error

{boman-cli-2.3.0 → boman-cli-2.4.0}/README.md

@@ -1,5 +1,5 @@
 # Introduction 
-Boman CLI is a Orchestration script written in python to run security scans on the customer's local or CI/CD environment and upload the results to Boman.ai SaaS server.
+Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.
 
 
 # Installation
@@ -12,6 +12,13 @@ Boman CLI is a Orchestration script written in python to run security scans on t
 
 ` boman-cli -h` 
 
+### Authentication of project has been moved from boman.yaml to boman-cli
+
+`boman-cli -a run -at <project token> -ct <customer token>`
+
+To obtain `project token` and `customer token`. Go to SaaS platform. Click on Apps -> app menu of the particular app -> Get Scan Token 
+
+
 ### To test the boman cli server
 
 ` boman-cli -a test-saas`
@@ -53,9 +60,7 @@ Example: boman-cli -a run -config ./customboman.yaml
 Example: boman-cli -a run -zap_session_script ./session.js
 
 
-
-
-# Error codes & meannings
+# Error codes
 
 0  : Successfull scan
 1  : Server/SaaS error

{boman-cli-2.3.0 → boman-cli-2.4.0}/boman_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.3.0
+Version: 2.4.0
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -14,7 +14,7 @@ Classifier: Operating System :: OS Independent
 Description-Content-Type: text/markdown
 
 # Introduction 
-Boman CLI is a Orchestration script written in python to run security scans on the customer's local or CI/CD environment and upload the results to Boman.ai SaaS server.
+Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.
 
 
 # Installation
@@ -27,6 +27,13 @@ Boman CLI is a Orchestration script written in python to run security scans on t
 
 ` boman-cli -h` 
 
+### Authentication of project has been moved from boman.yaml to boman-cli
+
+`boman-cli -a run -at <project token> -ct <customer token>`
+
+To obtain `project token` and `customer token`. Go to SaaS platform. Click on Apps -> app menu of the particular app -> Get Scan Token 
+
+
 ### To test the boman cli server
 
 ` boman-cli -a test-saas`
@@ -68,9 +75,7 @@ Example: boman-cli -a run -config ./customboman.yaml
 Example: boman-cli -a run -zap_session_script ./session.js
 
 
-
-
-# Error codes & meannings
+# Error codes
 
 0  : Successfull scan
 1  : Server/SaaS error

{boman-cli-2.3.0 → boman-cli-2.4.0}/boman_cli.egg-info/requires.txt

@@ -1,5 +1,6 @@
 coloredlogs<=15.0.1
 docker<=7.0.0
+pyfiglet<=1.0.2
 pyyaml
 requests<=2.31.0
 xmltodict<=0.13.0

{boman-cli-2.3.0 → boman-cli-2.4.0}/bomancli/Config.py

@@ -80,7 +80,7 @@ class Config:
     secret_scan_response = None
     # custom_zap_auth_method = False
     # zap_custom_auth_method = 'form'
-    # zap_plan_config = None
+    zap_plan_config = None
     # custom_zap_plan_present = False
     zap_script_config = None
     custom_zap_script_present = False
@@ -120,7 +120,7 @@ class Config:
 
     log_level = "INFO"
 
-    version = 'v2.3.0'
+    version = 'v2.4.0'
 
     boman_config_file = 'boman.yaml'
     

{boman-cli-2.3.0 → boman-cli-2.4.0}/bomancli/auth.py

@@ -7,6 +7,8 @@ from bomancli import utils as Utils
 import os
 import json 
 
+logging.basicConfig(format='%(asctime)s — %(name)s — %(levelname)s — %(funcName)s:%(lineno)d — %(message)s')
+
 # new authorization which just authorize the cli run using app token and customer token. 
 # This api gets SCA configuration as well to decide which tool to be used (OSV or owasp dependency check)
 def new_authorize():
@@ -16,33 +18,35 @@ def new_authorize():
     headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}
     try:
         # logging.info(data_new)
+        logging.info("New Authorization: Communicating with SaaS for Authorization")
         res = requests.post(url_new, json=data_new, headers=headers)
         # logging.info(res.content)
         #print('req:', json.dumps(data))
         #print('res:',json.loads(res.content))
     except requests.ConnectionError:
-       logging.error("Can't connect to the Server while authorizing, Please check your Internet connection.")
+       logging.error("New Authorization: Failed!!! Message: Can't connect to the Server while authorizing, Please check your Internet connection.")
        exit(1) #server/saas error
     else:
         if res.status_code == 200:
             try:
                 json_response = json.loads(res.content)
-                logging.info('Authentication Done')
+                logging.info("New Authorization: Success!!! Message: Successfully Authorized")
                 # logging.info(json_response)
             except:
-                logging.info('Authentication Failure')
+                logging.info('New Authorization: Failed!!! exit code: 2 (AUTH ERROR) Message: Authorization Failed unable to load json response')
+                exit(2) ##auth error
             try:
                 sca_configuration = json_response['sca']
                 
             except:
-                logging.error('Problem when authenticating with server, Check with boman.ai team id scan doesnt completed') 
+                logging.error('New Authorization: Failed!!! exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team') 
                 #uploadLogs() this wont work because the scan is not initated.
                 exit(1) ## server error
         elif res.status_code == 401:
-            logging.error('Unauthorized Access. Check the tokens')
+            logging.error('New Authorization: Failed!!! exit code: 2 (Server ERROR) Message: Problem occured while authorizing the scan , Please check authorization tokens correct. If you are still facing the same problem.')
             exit(2) ##auth error
         else: 
-            logging.error(f'Boman returned status code: {res.status_code}({res.reason})')	       
+            logging.error(f'New Authorization: Failed!!! exit code: 2 (Server ERROR) Message: Boman returned status code: {res.status_code}({res.reason})')	       
             exit(2) ##auth error
     Config.sca_present = (sca_configuration['configured'])
     Config.sca_build_dir = os.getcwd()+'/'           
@@ -58,29 +62,29 @@ def new_authorize():
                     if recursive_file_present_check(Config.sca_build_dir,filename):
                         file_present =True
                         Config.sca_target= ""
-                        logging.info(f"Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
+                        logging.info(f"New Authorization: Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
                         break                
                 else:    
                     if recursive_file_present_check(os.path.join(Config.sca_build_dir,Config.sca_target),filename):
                         file_present =True
                         Config.sca_target= os.path.join(Config.sca_target,filename)
-                        logging.info(f"Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
+                        logging.info(f"New Authorization: Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
                         break
             if file_present:
                 Config.sca_lang ="osv"
             else:
-                logging.warning(f"Boman has not found the dependency file")
+                logging.warning(f"New Authorization: Boman has not found the dependency file which OSV supports.")
                 if Config.sca_target is not None:
                     Config.sca_build_dir = os.path.join(Config.sca_build_dir,Config.sca_target)
-                logging.info(f"build dir: {Config.sca_build_dir} ")
+                logging.info(f"New Authorization: build dir: {Config.sca_build_dir} ")
                 Config.sca_lang = "owasp dependency check"
         elif file_present_check(os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))):
             Config.sca_lang ="osv"
         else:
-            logging.error(f"No such file found: {os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))}")
+            logging.error(f"New Authorization: No such file found: {os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))}")
             exit(4)
         
-        logging.info(f"Boman opted for: {Config.sca_lang} scan")
+        logging.info(f"Boman opted for: {Config.sca_lang} scan.")
         
                 
                
@@ -98,48 +102,50 @@ def authorize():
                     if recursive_file_present_check(Config.sca_build_dir,filename):
                         file_present =True
                         Config.sca_target= ""
-                        logging.info(f"Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
+                        logging.info(f"Authorization: Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
                         break                
                 else:    
                     if recursive_file_present_check(os.path.join(Config.sca_build_dir,Config.sca_target),filename):
                         file_present =True
                         Config.sca_target= os.path.join(Config.sca_target,filename)
-                        logging.info(f"Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
+                        logging.info(f"Authorization: Boman has found the dependency file: {filename} in the path: {os.path.join(Config.sca_build_dir,Config.sca_target)}")
                         break
             if file_present:
                 Config.sca_lang ="osv"
             else:
-                logging.warning(f"Boman has not found the dependency file")
+                logging.warning(f"Authorization: Boman has not found the dependency file")
                 if Config.sca_target is not None:
                     Config.sca_build_dir = os.path.join(Config.sca_build_dir,Config.sca_target)
-                logging.info(f"build dir: {Config.sca_build_dir} ")
+                logging.info(f"Authorization: build dir: {Config.sca_build_dir} ")
                 Config.sca_lang = "owasp dependency check"
         elif file_present_check(os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))):
             Config.sca_lang ="osv"
         else:
-            logging.error(f"No such file found: {os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))}")
+            logging.error(f"Authorization: Failed!!! Message: No such file found: {os.path.join(Config.sca_build_dir,Utils.remove_leading_slash(Config.sca_target))}")
             exit(4)
         
-        logging.info(f"Boman opted for: {Config.sca_lang} scan")
-    logging.info('Authenticating with boman server')    
+        logging.info(f"Authorization: Boman opted for: {Config.sca_lang} scan")
+    logging.info('Authorization: Authenticating with boman server')    
     data = {'app_token': Config.app_token, 'customer_token': Config.customer_token, 'sast':Config.sast_present,"dast":Config.dast_present,"dast_type":Config.dast_type,"dast_auth_enabled":Config.dast_auth_present,"sast_langs":Config.sast_lang,"sca":Config.sca_present,"sca_langs":Config.sca_lang,"sca_scan_type":Config.sca_type,"secret_scan":Config.secret_scan_present,'container_scan': Config.con_scan_present,'container_scan_type': Config.con_scan_type,"sbom":Config.sbom_present,'iac':Config.iac_scan_present}
     headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}
     # logging.info(data)
     try:
+        logging.info("Authorization: Communicating with SaaS for Authorization")
         res = requests.post(url, json=data, headers=headers)
         #print('req:', json.dumps(data))
         #print('res:',json.loads(res.content))
     except requests.ConnectionError:
-       logging.error("Can't connect to the Server while authorizing, Please check your Internet connection.")
+       logging.error("Authorization: Failed!!! Message: Can't connect to the Server while authorizing, Please check your Internet connection.")
        exit(1) #server/saas error
     else:
         if res.status_code == 200:
             try:
                 json_response = json.loads(res.content)
-                logging.info('Authentication Done')
+                logging.info("Authorization: Success!!! Message: Successfully Authorized")
                 # logging.info(json_response)
             except:
-                logging.info('Authentication Failure')
+                logging.info("Authorization: Failed!!!  exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team")
+                exit(1) #Server error
             try:
                 Config.dast_response = json_response['data']['dast']
                 Config.sast_response = json_response['data']['sast']
@@ -153,16 +159,16 @@ def authorize():
 
                 return 1    
             except:
-                logging.error('Problem when authenticating with server, Check with boman.ai team id scan doesnt completed') 
-                #uploadLogs() this wont work because the scan is not initated.
+                logging.info("Authorization: Failed!!!  exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team")
                 exit(1) ## server error  
                     
 
         elif res.status_code == 401:
-            logging.error('Unauthorized Access. Check the tokens')
+            logging.error('Authorization: Failed!!! Message: Unauthorized Access. Check the tokens')
+            exit(2) ##auth error
         else: 
-            logging.error(f'Boman returned status code: {res.status_code}({res.reason})')	       
-    exit(2) ##auth error
+            logging.error(f'Authorization: Failed!!! Message: Boman returned status code: {res.status_code}({res.reason})')	       
+            exit(2) ##auth error
 
 # whether file present in the directory or not
 def recursive_file_present_check(root_dir, file_name):

{boman-cli-2.3.0 → boman-cli-2.4.0}/bomancli/base_logger.py

@@ -1,5 +1,6 @@
 import coloredlogs, logging
 # from Config import Config
+import sys
 
 from bomancli.Config import Config
 
@@ -38,9 +39,15 @@ class LogStream:
 # Set up logging to use our custom stream
 Config.log_stream = LogStream()
 
-logging.basicConfig(stream=Config.log_stream,  
-                level=logging.DEBUG,format='%(asctime)s-%(message)s',
+logging.basicConfig(stream=Config.log_stream,
+                level=logging.DEBUG,format='%(asctime)s — %(name)s — %(levelname)s — %(funcName)s:%(lineno)d — %(message)s',
                 datefmt='%Y-%m-%d %H:%M:%S')
 
 
-coloredlogs.install(level='DEBUG')    
+coloredlogs.install(level='DEBUG',fmt='%(asctime)s  %(name)s  %(levelname)s %(funcName)s:%(lineno)d  %(message)s', level_styles = {
+    'debug': {'color': 'blue'},
+    'info': {'color': 'green'},
+    'warning': {'color': 'yellow'},
+    'error': {'color': 'red', 'bold': True},
+    'critical': {'color': 'red', 'bold': True, 'background': 'white'}
+})