boman-cli 2.4.2__tar.gz → 2.4.4__tar.gz

{boman-cli-2.4.2 → boman_cli-2.4.4}/PKG-INFO

@@ -1,17 +1,22 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.4.2
+Version: 2.4.4
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
 Author-email: support@boman.ai
 License: BSD 2-clause
-Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: BSD License
 Classifier: Operating System :: OS Independent
 Description-Content-Type: text/markdown
+Requires-Dist: docker<=7.0.0
+Requires-Dist: requests<=2.31.0
+Requires-Dist: pyyaml
+Requires-Dist: coloredlogs<=15.0.1
+Requires-Dist: xmltodict<=0.13.0
+Requires-Dist: pyfiglet<=1.0.2
 
 # Introduction 
 Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.
@@ -88,6 +93,18 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.4.4
+- Minor bug fix + V2.4.3
+
+### V2.4.3
+- **New:** SonarCloud API integration. Navigate to **Integrations -> SonarCloud** in the Boman SaaS to setup SonarCloud.
+
+### V2.4.2
+- **New:** Advanced ZAP setup. Navigate to **Integrations -> OWASP ZAP -> Integrate -> enable Advance Zap Authentication** in the Boman SaaS to enable Advanced Zap setup.
+
+### V2.4.0
+- **New:** optimized CLI and Progression indicator in Boman SaaS.
+
 ### V2.3.0
 - **New:** The pipeline configuration has been relocated from `boman.yaml` to the SaaS platform. Navigate to **Apps -> App menu -> Configure pipeline** to set it up. The current `boman.yaml` configuration will remain functional until it is officially deprecated.
 
@@ -137,5 +154,3 @@ Released on: 21 May 2024
 
 
 
-
-

{boman-cli-2.4.2 → boman_cli-2.4.4}/README.md

@@ -73,6 +73,18 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.4.4
+- Minor bug fix + V2.4.3
+
+### V2.4.3
+- **New:** SonarCloud API integration. Navigate to **Integrations -> SonarCloud** in the Boman SaaS to setup SonarCloud.
+
+### V2.4.2
+- **New:** Advanced ZAP setup. Navigate to **Integrations -> OWASP ZAP -> Integrate -> enable Advance Zap Authentication** in the Boman SaaS to enable Advanced Zap setup.
+
+### V2.4.0
+- **New:** optimized CLI and Progression indicator in Boman SaaS.
+
 ### V2.3.0
 - **New:** The pipeline configuration has been relocated from `boman.yaml` to the SaaS platform. Navigate to **Apps -> App menu -> Configure pipeline** to set it up. The current `boman.yaml` configuration will remain functional until it is officially deprecated.
 

{boman-cli-2.4.2 → boman_cli-2.4.4}/boman_cli.egg-info/PKG-INFO

@@ -1,17 +1,22 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.4.2
+Version: 2.4.4
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
 Author-email: support@boman.ai
 License: BSD 2-clause
-Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: BSD License
 Classifier: Operating System :: OS Independent
 Description-Content-Type: text/markdown
+Requires-Dist: docker<=7.0.0
+Requires-Dist: requests<=2.31.0
+Requires-Dist: pyyaml
+Requires-Dist: coloredlogs<=15.0.1
+Requires-Dist: xmltodict<=0.13.0
+Requires-Dist: pyfiglet<=1.0.2
 
 # Introduction 
 Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.
@@ -88,6 +93,18 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
+### V2.4.4
+- Minor bug fix + V2.4.3
+
+### V2.4.3
+- **New:** SonarCloud API integration. Navigate to **Integrations -> SonarCloud** in the Boman SaaS to setup SonarCloud.
+
+### V2.4.2
+- **New:** Advanced ZAP setup. Navigate to **Integrations -> OWASP ZAP -> Integrate -> enable Advance Zap Authentication** in the Boman SaaS to enable Advanced Zap setup.
+
+### V2.4.0
+- **New:** optimized CLI and Progression indicator in Boman SaaS.
+
 ### V2.3.0
 - **New:** The pipeline configuration has been relocated from `boman.yaml` to the SaaS platform. Navigate to **Apps -> App menu -> Configure pipeline** to set it up. The current `boman.yaml` configuration will remain functional until it is officially deprecated.
 
@@ -137,5 +154,3 @@ Released on: 21 May 2024
 
 
 
-
-

{boman-cli-2.4.2 → boman_cli-2.4.4}/boman_cli.egg-info/entry_points.txt

@@ -1,3 +1,2 @@
 [console_scripts]
 boman-cli = bomancli.main:default
-

{boman-cli-2.4.2 → boman_cli-2.4.4}/bomancli/Config.py

@@ -120,7 +120,7 @@ class Config:
 
     log_level = "INFO"
 
-    version = 'v2.4.2'
+    version = 'v2.4.4'
 
     boman_config_file = 'boman.yaml'
     

{boman-cli-2.4.2 → boman_cli-2.4.4}/bomancli/auth.py

@@ -35,7 +35,7 @@ def new_authorize():
                     Config.dast_adv_auth_enabled = True  
                 else:
                     Config.dast_adv_auth_enabled = False
-                logging.info(json_response)
+                # logging.info(json_response)
                 
             except:
                 logging.info('New Authorization: Failed!!! exit code: 2 (AUTH ERROR) Message: Authorization Failed unable to load json response')

{boman-cli-2.4.2 → boman_cli-2.4.4}/bomancli/main.py

@@ -570,6 +570,30 @@ def runImage(data=None,type=None):
 
 #### function to upload the test report to the server with other data -- MM ------------------------------------
 def uploadReport(filename,toolname,tool_id,scan_details_id,type):
+    
+    # if toolname.lower() == 'sonarcloud':
+    #     message = Config.sast_message
+    #     errors = Config.sast_errors
+    #     values = {'tool_name': toolname, 'time': time.time(),'scan_token':Config.scan_token, 'app_token':Config.app_token,'customer_token':Config.customer_token,'tool_id':tool_id,'scan_details_id':scan_details_id,"tool_results":None,"message":message,"errors":errors,"app_loc":Config.app_loc}
+    #     logging.info(values)
+    #     url = Config.boman_url+"/api/app/upload" 
+    #     # with open(path) as f: 
+    #     #     file_obj = f
+    #     r = requests.post(url,json=values)
+    #     #print(r.status_code)
+    #     if r.status_code == 200:
+    #         logging.info('[COMPLETED]: %s Report uploaded Successfully! Report Name: %s',toolname,filename)
+    #         logging.info('Removing the result file')
+    #         os.remove(path)
+    #         return 1
+    #     elif r.status_code == 401 :
+    #         logging.error('Unauthorized Access while uploading the results. Please check the app/customer tokens')
+    #         exit(2)  ## Auth error
+    #     else:
+    #         logging.error('Problem While uploading the results.')
+    #         logging.error('response code is %s',r.status_code)
+    #         return 0
+        
 
     logging.info('Uploading %s report with filename: %s', toolname,filename)
     if True:
@@ -833,24 +857,38 @@ def main():
 
     if Config.sast_present is True:
 
+        if Config.sast_lang != 'sonar':
 
-        logging.info('SAST: Preparing SAST Scan')
-        logging.info('SAST: Working directory is %s',Config.sast_build_dir)
-        if Config.sast_lang is None:
-            #findLang()
-            logging.error('SAST: Language was not defined. Exiting')
-            exit(4) ## misconfig error
+            logging.info('SAST: Preparing SAST Scan')
+            logging.info('SAST: Working directory is %s',Config.sast_build_dir)
+            if Config.sast_lang is None:
+                #findLang()
+                logging.error('SAST: Language was not defined. Exiting')
+                exit(4) ## misconfig error
 
 
 
-        for data in Config.sast_response:
+            for data in Config.sast_response:
 
-            if data['scan_status'] == 2 :   
-                logging.warning('SAST: No Configuration found from SaaS')    
-                logging.info('SAST: Ignoring Scan')
-            else:
-                runImage(data=data,type='SAST')
-                logging.info("SAST: Successfull !!!")
+                if data['scan_status'] == 2 :   
+                    logging.warning('SAST: No Configuration found from SaaS')    
+                    logging.info('SAST: Ignoring Scan')
+                else:
+                    runImage(data=data,type='SAST')
+                    logging.info("SAST: Successfull !!!")
+        else:
+            logging.warning('SAST: Configured with Sonar it will run on SaaS')
+            Config.sast_scan_status = 'SUCCESS'
+            Config.sast_message = f'SAST Scan: Success. Sonar is configured and will run on SaaS'
+            # data = Config.sast_response[0]
+            # tool_name =data['tool']
+            # output_file= data['output_file']
+            # tool_id= data['tool_id']
+            # scan_details_id= data['scan_details_id']
+            # if uploadReport(output_file,tool_name,tool_id,scan_details_id,'SAST'):
+            #     Config.sast_upload_status ='SuCCESS'
+                
+                
 
     else:
         logging.warning('SAST: Ignoring Scan. Message: Not Configured')

{boman-cli-2.4.2 → boman_cli-2.4.4}/bomancli/templates/template_plan.yaml

@@ -1,139 +1,139 @@
----
-env:
-  contexts:
-    - name: "Boman Authenticated Scan"
-      urls:
-        - "https://demo.testfire.net/"
-      authentication:
-        method: "form"
-        parameters: # May include any required for scripts. All of the parameters support vars except for the port
-          loginPageUrl: "https://demo.testfire.net/login.jsp"
-          loginRequestUrl: "https://demo.testfire.net/doLogin"
-          loginRequestBody: "uid={%username%}&passw={%password%}&btnSubmit=Login"
-        verification:
-          method: "both" # String, one of 'response', 'request', 'both', 'poll'
-          loggedOutRegex: ".*Sign In.*" # String, regex pattern for determining if logged
-      sessionManagement:
-        method: ""
-        parameters:
-          script: ""
-          scriptEngine: ""
-      users: # List of one or more users available to use for authentication
-        - name: "demoadmin" # String, the name to be used by the jobs
-          credentials: # List of user credentials - may include any required for scripts
-            username: "admin" # String, the username to use when authenticating, vars supported
-            password: "admin"
-      includePaths: []
-      excludePaths: []
-      technology:
-        exclude:
-          - "C"
-          - "ASP"
-          - "IBM DB2"
-          - "PHP"
-          - "CouchDB"
-          - "XML"
-          - "Microsoft SQL Server"
-          - "JSP/Servlet"
-          - "Firebird"
-          - "MongoDB"
-          - "HypersonicSQL"
-          - "SAP MaxDB"
-          - "Ruby"
-          - "SCM"
-          - "WS"
-          - "Microsoft Access"
-          - "Sybase"
-          - "Python"
-  parameters:
-    failOnError: true
-    failOnWarning: false
-    progressToStdout: true
-  vars: {}
-jobs:
-  - parameters:
-      scanOnlyInScope: true
-      enableTags: false
-      disableAllRules: false
-    rules: []
-    name: "passiveScan-config"
-    type: "passiveScan-config"
-  - parameters:
-      context: "Demo testfire"
-      user: "demoadmin"
-      url: "https://demo.testfire.net"
-      maxDuration: 1
-      maxDepth: 2
-      maxChildren: 0
-    name: "spider"
-    type: "spider"
-    tests:
-      - onFail: "INFO"
-        statistic: "automation.spider.urls.added"
-        site: ""
-        operator: ">="
-        value: 100
-        name: "At least 100 URLs found"
-        type: "stats"
-      - name: "spider logged in" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.success" # Name of an integer / long statistic
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-      - name: "spider failed" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.failure" # Name of an integer / long statisti
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-  - parameters: {}
-    name: "passiveScan-wait"
-    type: "passiveScan-wait"
-  - parameters:
-      context: "Demo testfire"
-      user: "demoadmin"
-      policy: ""
-      maxRuleDurationInMins: 0
-      maxScanDurationInMins: 5
-      maxAlertsPerRule: 0
-    policyDefinition:
-      defaultStrength: "medium"
-      defaultThreshold: "medium"
-      rules: []
-    tests:
-      - name: "spider logged in" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.success" # Name of an integer / long statistic
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-      - name: "spider failed" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.failure" # Name of an integer / long statisti
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-    name: "activeScan"
-    type: "activeScan"
-  - parameters:
-      template: "traditional-json"
-      reportDir: ""
-      reportFile: ""
-      reportTitle: "Boman_Scanning_Report"
-      reportDescription: ""
-      displayReport: false
-    risks:
-      - "info"
-      - "low"
-      - "medium"
-      - "high"
-    confidences:
-      - "falsepositive"
-      - "low"
-      - "medium"
-      - "high"
-      - "confirmed"
-    sites: []
-    name: "report"
-    type: "report"
+---
+env:
+  contexts:
+    - name: "Boman Authenticated Scan"
+      urls:
+        - "https://demo.testfire.net/"
+      authentication:
+        method: "form"
+        parameters: # May include any required for scripts. All of the parameters support vars except for the port
+          loginPageUrl: "https://demo.testfire.net/login.jsp"
+          loginRequestUrl: "https://demo.testfire.net/doLogin"
+          loginRequestBody: "uid={%username%}&passw={%password%}&btnSubmit=Login"
+        verification:
+          method: "both" # String, one of 'response', 'request', 'both', 'poll'
+          loggedOutRegex: ".*Sign In.*" # String, regex pattern for determining if logged
+      sessionManagement:
+        method: ""
+        parameters:
+          script: ""
+          scriptEngine: ""
+      users: # List of one or more users available to use for authentication
+        - name: "demoadmin" # String, the name to be used by the jobs
+          credentials: # List of user credentials - may include any required for scripts
+            username: "admin" # String, the username to use when authenticating, vars supported
+            password: "admin"
+      includePaths: []
+      excludePaths: []
+      technology:
+        exclude:
+          - "C"
+          - "ASP"
+          - "IBM DB2"
+          - "PHP"
+          - "CouchDB"
+          - "XML"
+          - "Microsoft SQL Server"
+          - "JSP/Servlet"
+          - "Firebird"
+          - "MongoDB"
+          - "HypersonicSQL"
+          - "SAP MaxDB"
+          - "Ruby"
+          - "SCM"
+          - "WS"
+          - "Microsoft Access"
+          - "Sybase"
+          - "Python"
+  parameters:
+    failOnError: true
+    failOnWarning: false
+    progressToStdout: true
+  vars: {}
+jobs:
+  - parameters:
+      scanOnlyInScope: true
+      enableTags: false
+      disableAllRules: false
+    rules: []
+    name: "passiveScan-config"
+    type: "passiveScan-config"
+  - parameters:
+      context: "Demo testfire"
+      user: "demoadmin"
+      url: "https://demo.testfire.net"
+      maxDuration: 1
+      maxDepth: 2
+      maxChildren: 0
+    name: "spider"
+    type: "spider"
+    tests:
+      - onFail: "INFO"
+        statistic: "automation.spider.urls.added"
+        site: ""
+        operator: ">="
+        value: 100
+        name: "At least 100 URLs found"
+        type: "stats"
+      - name: "spider logged in" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.success" # Name of an integer / long statistic
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+      - name: "spider failed" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.failure" # Name of an integer / long statisti
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+  - parameters: {}
+    name: "passiveScan-wait"
+    type: "passiveScan-wait"
+  - parameters:
+      context: "Demo testfire"
+      user: "demoadmin"
+      policy: ""
+      maxRuleDurationInMins: 0
+      maxScanDurationInMins: 5
+      maxAlertsPerRule: 0
+    policyDefinition:
+      defaultStrength: "medium"
+      defaultThreshold: "medium"
+      rules: []
+    tests:
+      - name: "spider logged in" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.success" # Name of an integer / long statistic
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+      - name: "spider failed" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.failure" # Name of an integer / long statisti
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+    name: "activeScan"
+    type: "activeScan"
+  - parameters:
+      template: "traditional-json"
+      reportDir: ""
+      reportFile: ""
+      reportTitle: "Boman_Scanning_Report"
+      reportDescription: ""
+      displayReport: false
+    risks:
+      - "info"
+      - "low"
+      - "medium"
+      - "high"
+    confidences:
+      - "falsepositive"
+      - "low"
+      - "medium"
+      - "high"
+      - "confirmed"
+    sites: []
+    name: "report"
+    type: "report"

{boman-cli-2.4.2 → boman_cli-2.4.4}/bomancli/utils.py

@@ -906,7 +906,7 @@ def fetch_zap_advance_config():
 
             plan_file_present_in_adv_zap_config = False
             for file in config_files:
-                logging.info('Zap Advacne Config: Fetching from %s filename %s',file['file_path'], file['file_name'])
+                logging.info('Zap Advance Config: Fetching from %s filename %s',file['file_path'], file['file_name'])
                 download_file(file['file_path'], file['file_name'])
                 
                 

{boman-cli-2.4.2 → boman_cli-2.4.4}/bomancli/validation.py

@@ -354,10 +354,10 @@ def tool_configuration_validation():
                 logging.info("Tool Config: Failed!!!  exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team")
                 exit(1) #server error
             try:
-                logging.info( json_response['data'])
+                # logging.info( json_response['data'])
                
                 Config.dast_response = json_response['data']['dast']
-                logging.info(Config.dast_response)
+                # logging.info(Config.dast_response)
                 Config.sast_response = json_response['data']['sast']
                 Config.sca_response = json_response['data']['sca']
                 Config.secret_scan_response = json_response['data']['secret_scan']
@@ -415,11 +415,15 @@ def tool_configuration_validation():
     
     try:
         if Config.sast_present:
-            Config.sast_message = 'SAST is properly configured'
-            Config.sast_ignore = True if Config.sast_configuration['ignore_files'].lower() == "true" else False
-            Config.sast_target = Config.sast_configuration['target']
-            Config.sast_lang = "semgrep"
-            Config.sast_ignore_folders_and_files = Config.sast_configuration['sast_ignore_file_data']
+            if Config.sast_response[0]['lang'] != "sonar":
+                Config.sast_message = 'SAST is properly configured'
+                Config.sast_ignore = True if Config.sast_configuration['ignore_files'].lower() == "true" else False
+                Config.sast_target = Config.sast_configuration['target']
+                Config.sast_lang = "semgrep"
+                Config.sast_ignore_folders_and_files = Config.sast_configuration['sast_ignore_file_data']
+            else:
+                Config.sast_lang = "sonar"
+                logging.warning('Tool Config: SAST was properly configured on SaaS. It will be running Sonar from SaaS')
         else:
             Config.sast_message = 'SAST was not properly configured on SaaS'
             logging.warning('Tool Config: SAST was not properly configured on SaaS')

{boman-cli-2.4.2 → boman_cli-2.4.4}/setup.cfg

@@ -1,8 +1,9 @@
 [metadata]
 environment = prod
-version = 2.4.2
+version = 2.4.4
 name = boman-cli
-saas_base_url = https://dashboard.boman.ai/
+saas_base_url = 
+https = //dashboard.boman.ai/
 
 [egg_info]
 tag_build = 

{boman-cli-2.4.2 → boman_cli-2.4.4}/boman_cli.egg-info/requires.txt

@@ -1,6 +1,6 @@
-coloredlogs<=15.0.1
 docker<=7.0.0
-pyfiglet<=1.0.2
-pyyaml
 requests<=2.31.0
+pyyaml
+coloredlogs<=15.0.1
 xmltodict<=0.13.0
+pyfiglet<=1.0.2