PyPI - conviso-ast - Versions diffs - 3.0.0__py3-none-any.whl - Mend

conviso-ast 3.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

conviso_ast-3.0.0.data/scripts/flow_bash_completer.sh +21 -0
conviso_ast-3.0.0.data/scripts/flow_fish_completer.fish +1 -0
conviso_ast-3.0.0.data/scripts/flow_zsh_completer.sh +32 -0
conviso_ast-3.0.0.dist-info/METADATA +37 -0
conviso_ast-3.0.0.dist-info/RECORD +128 -0
conviso_ast-3.0.0.dist-info/WHEEL +5 -0
conviso_ast-3.0.0.dist-info/entry_points.txt +3 -0
conviso_ast-3.0.0.dist-info/top_level.txt +1 -0
convisoappsec/__init__.py +0 -0
convisoappsec/common/__init__.py +5 -0
convisoappsec/common/box.py +251 -0
convisoappsec/common/cleaner.py +78 -0
convisoappsec/common/docker.py +399 -0
convisoappsec/common/exceptions.py +8 -0
convisoappsec/common/git_data_parser.py +76 -0
convisoappsec/common/graphql/__init__.py +0 -0
convisoappsec/common/graphql/error_handlers.py +75 -0
convisoappsec/common/graphql/errors.py +16 -0
convisoappsec/common/graphql/low_client.py +51 -0
convisoappsec/common/retry_handler.py +40 -0
convisoappsec/common/strings.py +8 -0
convisoappsec/flow/__init__.py +3 -0
convisoappsec/flow/api.py +104 -0
convisoappsec/flow/cleaner.py +118 -0
convisoappsec/flow/graphql_api/__init__.py +0 -0
convisoappsec/flow/graphql_api/beta/__init__.py +0 -0
convisoappsec/flow/graphql_api/beta/client.py +18 -0
convisoappsec/flow/graphql_api/beta/models/__init__.py +0 -0
convisoappsec/flow/graphql_api/beta/models/issues/__init__.py +0 -0
convisoappsec/flow/graphql_api/beta/models/issues/container.py +72 -0
convisoappsec/flow/graphql_api/beta/models/issues/iac.py +6 -0
convisoappsec/flow/graphql_api/beta/models/issues/normalize.py +13 -0
convisoappsec/flow/graphql_api/beta/models/issues/sast.py +53 -0
convisoappsec/flow/graphql_api/beta/models/issues/sca.py +78 -0
convisoappsec/flow/graphql_api/beta/resources_api.py +142 -0
convisoappsec/flow/graphql_api/beta/schemas/__init__.py +0 -0
convisoappsec/flow/graphql_api/beta/schemas/mutations/__init__.py +61 -0
convisoappsec/flow/graphql_api/beta/schemas/resolvers/__init__.py +0 -0
convisoappsec/flow/graphql_api/v1/__init__.py +0 -0
convisoappsec/flow/graphql_api/v1/client.py +46 -0
convisoappsec/flow/graphql_api/v1/models/__init__.py +0 -0
convisoappsec/flow/graphql_api/v1/models/asset.py +14 -0
convisoappsec/flow/graphql_api/v1/models/issues.py +16 -0
convisoappsec/flow/graphql_api/v1/models/project.py +35 -0
convisoappsec/flow/graphql_api/v1/resources_api.py +489 -0
convisoappsec/flow/graphql_api/v1/schemas/__init__.py +0 -0
convisoappsec/flow/graphql_api/v1/schemas/mutations/__init__.py +212 -0
convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py +180 -0
convisoappsec/flow/source_code_scanner/__init__.py +9 -0
convisoappsec/flow/source_code_scanner/exceptions.py +2 -0
convisoappsec/flow/source_code_scanner/scc.py +68 -0
convisoappsec/flow/source_code_scanner/source_code_scanner.py +177 -0
convisoappsec/flow/util/__init__.py +7 -0
convisoappsec/flow/util/ci_provider.py +99 -0
convisoappsec/flow/util/metrics.py +16 -0
convisoappsec/flow/util/source_code_compressor.py +22 -0
convisoappsec/flow/version_control_system_adapter.py +528 -0
convisoappsec/flow/version_searchers/__init__.py +9 -0
convisoappsec/flow/version_searchers/sorted_by_versioning_style.py +85 -0
convisoappsec/flow/version_searchers/timebased_version_seacher.py +39 -0
convisoappsec/flow/version_searchers/version_searcher_result.py +33 -0
convisoappsec/flow/versioning_style/__init__.py +0 -0
convisoappsec/flow/versioning_style/semantic_versioning.py +44 -0
convisoappsec/flowcli/__init__.py +3 -0
convisoappsec/flowcli/__main__.py +4 -0
convisoappsec/flowcli/assets/__init__.py +4 -0
convisoappsec/flowcli/assets/create.py +88 -0
convisoappsec/flowcli/assets/entrypoint.py +20 -0
convisoappsec/flowcli/assets/ls.py +63 -0
convisoappsec/flowcli/ast/__init__.py +3 -0
convisoappsec/flowcli/ast/entrypoint.py +427 -0
convisoappsec/flowcli/common.py +175 -0
convisoappsec/flowcli/companies/__init__.py +0 -0
convisoappsec/flowcli/companies/ls.py +25 -0
convisoappsec/flowcli/container/__init__.py +3 -0
convisoappsec/flowcli/container/entrypoint.py +17 -0
convisoappsec/flowcli/container/run.py +306 -0
convisoappsec/flowcli/context.py +49 -0
convisoappsec/flowcli/deploy/__init__.py +0 -0
convisoappsec/flowcli/deploy/create/__init__.py +4 -0
convisoappsec/flowcli/deploy/create/context.py +12 -0
convisoappsec/flowcli/deploy/create/entrypoint.py +31 -0
convisoappsec/flowcli/deploy/create/with_/__init__.py +3 -0
convisoappsec/flowcli/deploy/create/with_/entrypoint.py +20 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/__init__.py +4 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/context.py +11 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/entrypoint.py +30 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/__init__.py +4 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/entrypoint.py +21 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/time_.py +84 -0
convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/versioning_style.py +115 -0
convisoappsec/flowcli/deploy/create/with_/values.py +133 -0
convisoappsec/flowcli/entrypoint.py +103 -0
convisoappsec/flowcli/environment_checker.py +45 -0
convisoappsec/flowcli/findings/__init__.py +4 -0
convisoappsec/flowcli/findings/create/__init__.py +4 -0
convisoappsec/flowcli/findings/create/entrypoint.py +18 -0
convisoappsec/flowcli/findings/create/with_/__init__.py +3 -0
convisoappsec/flowcli/findings/create/with_/entrypoint.py +19 -0
convisoappsec/flowcli/findings/create/with_/version_tracker.py +93 -0
convisoappsec/flowcli/findings/entrypoint.py +19 -0
convisoappsec/flowcli/findings/import_sarif/__init__.py +4 -0
convisoappsec/flowcli/findings/import_sarif/entrypoint.py +430 -0
convisoappsec/flowcli/help_option.py +18 -0
convisoappsec/flowcli/iac/__init__.py +3 -0
convisoappsec/flowcli/iac/entrypoint.py +17 -0
convisoappsec/flowcli/iac/run.py +328 -0
convisoappsec/flowcli/requirements_verifier.py +132 -0
convisoappsec/flowcli/sast/__init__.py +3 -0
convisoappsec/flowcli/sast/entrypoint.py +17 -0
convisoappsec/flowcli/sast/run.py +485 -0
convisoappsec/flowcli/sbom/__init__.py +3 -0
convisoappsec/flowcli/sbom/entrypoint.py +17 -0
convisoappsec/flowcli/sbom/generate.py +235 -0
convisoappsec/flowcli/sca/__init__.py +3 -0
convisoappsec/flowcli/sca/entrypoint.py +17 -0
convisoappsec/flowcli/sca/run.py +479 -0
convisoappsec/flowcli/vulnerability/__init__.py +3 -0
convisoappsec/flowcli/vulnerability/assert_security_rules.py +201 -0
convisoappsec/flowcli/vulnerability/container_vulnerability_manager.py +175 -0
convisoappsec/flowcli/vulnerability/entrypoint.py +18 -0
convisoappsec/flowcli/vulnerability/rules_schema.json +53 -0
convisoappsec/flowcli/vulnerability/run.py +487 -0
convisoappsec/logger.py +29 -0
convisoappsec/sast/__init__.py +0 -0
convisoappsec/sast/decision.py +45 -0
convisoappsec/sast/sastbox.py +296 -0
convisoappsec/version.py +1 -0

convisoappsec/flowcli/sbom/generate.py ADDED Viewed

@@ -0,0 +1,235 @@
+import shutil
+import click
+import subprocess
+import tempfile
+import os
+from convisoappsec.flowcli.context import pass_flow_context
+from datetime import datetime
+from convisoappsec.flowcli.requirements_verifier import RequirementsVerifier
+from convisoappsec.flowcli import help_option
+from convisoappsec.flowcli.common import asset_id_option
+@click.command()
+@asset_id_option(required=False)
+@click.option(
+    '-r',
+    '--repository-dir',
+    default=".",
+    show_default=True,
+    type=click.Path(
+        exists=True,
+        resolve_path=True,
+    ),
+    required=False,
+    help="The source code repository directory.",
+)
+@click.option(
+    "--send-to-flow/--no-send-to-flow",
+    default=True,
+    show_default=True,
+    required=False,
+    help="""Enable or disable the ability of send analysis result
+    reports to flow.""",
+    hidden=True
+)
+@click.option(
+    "--custom-sca-tags",
+    hidden=True,
+    required=False,
+    multiple=True,
+    type=(str, str),
+    help="""It should be passed as <repository_name> <image_tag>. It accepts multiple values"""
+)
+@click.option(
+    "--scanner-timeout",
+    hidden=True,
+    required=False,
+    default=7200,
+    type=int,
+    help="Set timeout for each scanner"
+)
+@click.option(
+    "--parallel-workers",
+    hidden=True,
+    required=False,
+    default=2,
+    type=int,
+    help="Set max parallel workers"
+)
+@click.option(
+    "--deploy-id",
+    default=None,
+    required=False,
+    hidden=True,
+    envvar=("CONVISO_DEPLOY_ID", "FLOW_DEPLOY_ID")
+)
+@click.option(
+    '--experimental',
+    default=False,
+    is_flag=True,
+    hidden=True,
+    help="Enable experimental features.",
+)
+@click.option(
+    "--company-id",
+    required=False,
+    envvar=("CONVISO_COMPANY_ID", "FLOW_COMPANY_ID"),
+    help="Company ID on Conviso Platform",
+)
+@click.option(
+    '--asset-name',
+    required=False,
+    envvar=("CONVISO_ASSET_NAME", "FLOW_ASSET_NAME"),
+    help="Provides a asset name.",
+)
+@click.option(
+    '--vulnerability-auto-close',
+    default=False,
+    is_flag=True,
+    hidden=True,
+    help="Enable auto fixing vulnerabilities on cp.",
+)
+@click.option(
+    '--from-ast',
+    default=False,
+    is_flag=True,
+    hidden=True,
+    help="Internal use only.",
+)
+@click.option(
+    '--control-sync-status-id',
+    required=False,
+    hidden=True,
+    help="Control sync status id.",
+)
+@help_option
+@pass_flow_context
+@click.pass_context
+def generate(context, flow_context, asset_id, company_id, repository_dir, send_to_flow, custom_sca_tags,
+             scanner_timeout, parallel_workers, deploy_id, experimental, asset_name, vulnerability_auto_close,
+             from_ast, control_sync_status_id):
+    # Prepare context if not coming from AST
+    if not from_ast:
+        try:
+            prepared_context = RequirementsVerifier.prepare_context(context)
+        except Exception as e:
+            log_func(f"⚠️ Error preparing context: {e}. Exiting.")
+            return
+        # Copy parameters from locals or prepared_context
+        params_to_copy = [
+            'asset_id', 'company_id', 'repository_dir', 'send_to_flow',
+            'deploy_id', 'custom_sca_tags', 'scanner_timeout', 'parallel_workers',
+            'experimental', 'asset_name', 'vulnerability_auto_close'
+        ]
+        for param_name in params_to_copy:
+            context.params[param_name] = (
+                locals()[param_name] or prepared_context.params[param_name]
+            )
+    # Generate SBOM file
+    log_func("💬 Generating SBOM file...")
+    try:
+        asset_name = context.params['asset_name']
+        temp_dir = tempfile.gettempdir()
+        timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
+        sanitized_asset_name = (asset_name or "").replace(" ", "_").replace("(", "").replace(")", "")
+        file_name = os.path.join(temp_dir, f"sbom_{sanitized_asset_name}_{timestamp}.json")
+        exclude_patterns = [
+            "**/.github/**",
+            "**/node_modules/**",
+            "**/target/**",
+            "**/vendor/**",
+            "**/build/**",
+            "**/dist/**",
+            "**/test/**",
+            "**/tests/**",
+            "**/__pycache__/**",
+            "**/*.dll",
+            "**/*.exe",
+            "**/*.so"
+        ]
+        exclude_string = ",".join(exclude_patterns)
+        command = f'cdxgen -o {file_name} --exclude "{exclude_string}"'
+        catalogers = [
+            '-github-actions',
+            '-python-installed-package-cataloger',
+            '-sbom-cataloger',
+            '-file-content-cataloger',
+            '-file-digest-cataloger',
+            '-file-executable-cataloger',
+            '-file-metadata-cataloger'
+        ]
+        try:
+            if command_exists('cdxgen'):
+                subprocess.run(command, shell=True, check=True, capture_output=True)
+            else:
+                raise FileNotFoundError("cdxgen not found")
+        except (subprocess.CalledProcessError, FileNotFoundError) as e:
+            print(f"[!] cdxgen failed ({e}), falling back to syft...")
+            subprocess.run(
+                "curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b conviso/",
+                shell=True,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL
+            )
+            command = [f"./conviso/syft scan {repository_dir} -o cyclonedx-json={file_name} "
+                       f"--select-catalogers '{','.join(catalogers)}'"]
+            subprocess.run(command, shell=True, check=True, capture_output=True)
+        directory = 'conviso/'
+        if os.path.isdir(directory):
+            shutil.rmtree(directory)
+        log_func("✅ SBOM file generated successfully!")
+    except subprocess.CalledProcessError as error:
+        log_func(f"⚠️ Error generating SBOM file: {error}.")
+        return
+    except Exception as e:
+        log_func(f"⚠️ Unexpected error during SBOM generation: {e}")
+        return
+    # Ensure asset_id and company_id is available
+    asset_id = asset_id or context.params.get('asset_id')
+    company_id = company_id or context.params.get('company_id')
+    if not asset_id:
+        log_func(f"⚠️ Missing asset_id. Unable to send SBOM.")
+        return
+    # Send SBOM file to CSC (Conviso Platform)
+    try:
+        send_sbom_file_to_csc(company_id=company_id, asset_id=asset_id, file=file_name)
+    except Exception as e:
+        log_func(f"⚠️ Error sending SBOM file to Conviso: {e}")
+        return
+@pass_flow_context
+def send_sbom_file_to_csc(flow_context, company_id, asset_id, file):
+    try:
+        conviso_api = flow_context.create_conviso_graphql_client()
+        api_key = flow_context.key
+        log_func("💬 Sending SBOM to the Conviso Platform...")
+        conviso_api.sbom.send_sbom_file(company_id=company_id, asset_id=asset_id, file_path=file, api_key=api_key)
+        log_func("✅ SBOM file sent successfully!")
+    except Exception as e:
+        log_func(f"⚠️ Failed to send SBOM file: {e}")
+def command_exists(command):
+    return shutil.which(command) is not None
+def log_func(msg, new_line=True):
+    click.echo(click.style(msg), nl=new_line, err=True)

convisoappsec/flowcli/sca/__init__.py ADDED Viewed

@@ -0,0 +1,3 @@
+from .entrypoint import sca
+__all__ = ['sca']

convisoappsec/flowcli/sca/entrypoint.py ADDED Viewed

@@ -0,0 +1,17 @@
+import click
+from convisoappsec.flowcli import help_option
+from .run import run
+@click.group()
+@help_option
+def sca():
+    pass
+sca.add_command(run)
+sca.epilog = '''
+  Run flow sca COMMAND --help for more information on a command.
+'''