conviso-ast 3.0.0__py3-none-any.whl

convisoappsec/flow/graphql_api/v1/schemas/mutations/__init__.py

@@ -0,0 +1,212 @@
+CREATE_ASSET = """ 
+mutation (
+  $companyId: Int!,
+  $name: String!,
+  $scanType: AssetScan!
+) {
+  createAsset(
+    input: {
+      companyId: $companyId,
+      name: $name,
+      scanType: $scanType
+    }
+  ) {
+    asset {
+      id
+      name
+      createdAt
+    }
+    errors
+  }
+}
+"""
+
+UPDATE_ASSET = """
+mutation (
+  $id: ID!,
+  $companyId: Int!,
+  $name: String!,
+  $tecnologyList: [String!],
+  $repoUrl: String
+) {
+  updateAsset(
+    input: {
+      id: $id,
+      companyId: $companyId,
+      name: $name,
+      tecnologyList: $tecnologyList,
+      repoUrl: $repoUrl
+    }
+  ) {
+    asset {
+      id
+    }
+  }
+}
+"""
+
+IMPORT_SBOM = """
+mutation (
+  $file: Upload!,
+  $assetId: ID!,
+  $companyId: ID!
+) {
+  importSbom(
+    input: {
+      file: $file,
+      assetId: $assetId,
+      companyId: $companyId
+    }
+  ) {
+    success
+  }
+}
+"""
+
+IMPORT_CONTAINER = """
+mutation (
+  $file: Upload!,
+  $assetId: ID!,
+  $companyId: ID!
+) {
+  importContainerFindingsFile(
+    input: {
+      file: $file,
+      assetId: $assetId,
+      companyId: $companyId
+    }
+  ) {
+    success
+  }
+}
+"""
+
+LOG_AST_ERROR = """
+mutation (
+  $companyId: ID!,
+  $assetId: ID!,
+  $log: String!
+) {
+  logAstError(
+    input: {
+      companyId: $companyId,
+      assetId: $assetId,
+      log: $log
+    }
+  ) {
+    success
+  }
+}
+"""
+
+CREATE_DEPLOY = """
+mutation (
+  $assetId: ID!,
+  $previousCommit: String!,
+  $currentCommit: String!,
+  $branchName: String,
+  $diffContent: Upload!,
+  $commitHistory: Upload!
+) {
+  createDeploy(
+    input: {
+      assetId: $assetId,
+      previousCommit: $previousCommit,
+      currentCommit: $currentCommit,
+      branchName: $branchName,
+      diffContent: $diffContent,
+      commitHistory: $commitHistory
+    }
+  ) {
+    deploy {
+      id
+    }
+  }
+}
+"""
+
+IMPORT_FINDINGS = """
+mutation (
+  $file: Upload!,
+  $assetId: ID!,
+  $companyId: ID!
+  $vulnerabilityTypes: [Issue!]!
+  $deployId: ID
+  $commitRef: String
+  $controlSyncStatusId: ID
+) {
+  importAstFindingsFile(
+    input: {
+      file: $file,
+      assetId: $assetId,
+      companyId: $companyId,
+      vulnerabilityTypes: $vulnerabilityTypes,
+      deployId: $deployId,
+      commitRef: $commitRef
+      controlSyncStatusId: $controlSyncStatusId
+    }
+  ) {
+    success
+  }
+}
+"""
+
+CREATE_CONTROL_SYNC_STATUS = """
+mutation ($assetId: ID!) {
+  createControlSyncStatus(
+    input: {
+      assetId: $assetId,
+      integration: CONVISO_AST,
+      externalVulnerabilityCount: 0
+    }
+  ) {
+    controlSyncStatus {
+      id
+    }
+    success
+  }
+}
+"""
+
+UPDATE_CONTROL_SYNC_STATUS = """
+mutation (
+    $id: ID!
+    $externalVulnerabilityCount: Int!
+) {
+  updateControlSyncStatus(
+    input: {
+      id: $id
+      externalVulnerabilityCount: $externalVulnerabilityCount
+    }
+  ) {
+    controlSyncStatus {
+      id
+    }
+  }
+}
+"""
+
+INCREASE_ISSUE_SCAN_COUNT = """
+mutation (
+  $controlSyncStatusId: ID!
+  $assetId: ID!
+  $successCount: Int
+  $failureCount: Int
+  $failureReason: String
+) {
+  increaseIssueScanCount(
+    input: {
+      controlSyncStatusId: $controlSyncStatusId
+      assetId: $assetId
+      successCount: $successCount
+      failureCount: $failureCount
+      failureReason: $failureReason
+      integration: CONVISO_AST
+    }
+  ) {
+    controlSyncStatus {
+	  id
+	}
+  }
+}
+"""

convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py

@@ -0,0 +1,180 @@
+GET_ASSETS = """ 
+query (
+  $id: ID!,
+  $name: String!,
+  $page: Int,
+  $limit: Int
+) {
+  assets(
+    companyId: $id
+    page: $page
+    limit: $limit
+    search: {
+      name: $name
+    }
+  ) {
+    collection {
+      id
+      name
+      createdAt
+      projects(includeAst: true) {
+        type
+        apiCode
+        label
+      }
+    }
+
+    metadata {
+      currentPage
+      limitValue
+      totalCount
+      totalPages
+    }
+  }
+}
+"""
+
+GET_ISSUES_STATS = """
+query (
+  $asset_id: [ID!],
+  $company_id: ID!,
+  $statuses: [IssueStatusLabel!],
+  $end_date: ISO8601DateTime
+) {
+  issuesStats(
+    companyId: $company_id
+    filters: {
+      assetIds: $asset_id
+      statuses: $statuses
+      createdAtRange: {
+        endDate: $end_date
+      }
+    }
+  ) {
+    severities {
+      value
+      count
+    }
+  }
+}
+"""
+
+GET_PROJECTS = """
+query (
+  $project_code: String!,
+  $project_label: String!,
+  $company_id: ID!,
+  $page: Int,
+  $limit: Int
+) {
+  projects(
+    page: $page
+    limit: $limit
+    params: {
+      apiCodeEq: $project_code
+      labelEq: $project_label
+      scopeIdEq: $company_id
+      showHidden: true
+      projectTypeLabelEq: "ast"
+    }
+  ) {
+    collection {
+      id
+      apiCode
+      assets {
+        id
+        name
+      }
+      company {
+        id
+        customFeatures
+      }
+    }
+    metadata {
+      currentPage
+      limitValue
+      totalCount
+      totalPages
+    }
+  }
+}
+"""
+
+GET_COMPANY = """
+query get_company($company_id: ID!) {
+    company(id: $company_id) {
+      id
+      label
+      customFeatures
+    }
+}
+"""
+
+GET_COMPANIES = """
+query Companies {
+  companies (
+    limit: 50, 
+    order: label,
+    orderType: ASC
+  )  {
+    collection {
+      id
+      label
+      customFeatures
+    }
+  }
+}
+"""
+
+GET_ISSUES_FINGERPRINT = """
+query GetIssuesFingerprint(
+    $company_id: ID!,
+    $page: Int,
+    $per_page: Int,
+    $asset_id: [ID!],
+    $statuses: [IssueStatusLabel!]
+    $failure_types: [Issue!]
+) {
+    issues(
+        companyId: $company_id,
+        pagination: {
+            page: $page,
+            perPage: $per_page
+        },
+        filters: {
+            assetIds: $asset_id,
+            statuses: $statuses,
+            failureTypes: $failure_types
+        }
+    ) {
+        collection {
+            id
+            type
+            ... on FindingInterface {
+                originalIssueIdFromTool
+                scanSource
+            }
+            status
+        }
+        metadata {
+            totalCount
+            totalPages
+        }
+    }
+}
+"""
+
+GET_DEPLOYS_BY_ASSET = """
+query GetDeploysByAsset(
+  $asset_id: ID!
+) {
+  deploysByAsset(
+    assetId: $asset_id
+  ) {
+    collection {
+      currentCommit
+      previousCommit
+    }
+  }
+}
+"""

convisoappsec/flow/source_code_scanner/__init__.py

@@ -0,0 +1,9 @@
+from .source_code_scanner import SourceCodeScanner # noqa
+from .exceptions import SourceCodeScannerException # noqa
+from .scc import SCC # noqa
+
+__all_ = [
+    'SourceCodeScanner',
+    'SourceCodeScannerException',
+    'SCC'
+]

convisoappsec/flow/source_code_scanner/exceptions.py

@@ -0,0 +1,2 @@
+class SourceCodeScannerException(RuntimeError):
+    pass

convisoappsec/flow/source_code_scanner/scc.py

@@ -0,0 +1,68 @@
+import yaml
+import tempfile
+
+from .source_code_scanner import SourceCodeScanner
+from .exceptions import SourceCodeScannerException
+
+
+class SCC(SourceCodeScanner):
+
+    def __init__(
+        self, 
+        source_code_dir, 
+        container_source_dir = '/code', 
+        create_source_code_volume = True
+    ):
+        super().__init__(
+            source_code_dir, 
+            create_source_code_volume=create_source_code_volume
+        )
+        self.__scan_result = {}
+        self.__container_source_dir = container_source_dir
+
+    @property
+    def repository(self):
+        return 'convisoappsec/scc'
+
+    @property
+    def tag(self):
+        return 'latest'
+
+    @property
+    def container_source_dir(self):
+        return self.__container_source_dir
+
+    def _read_scan_stdout(self, stdout_generator):
+        with tempfile.TemporaryFile() as yaml_output:
+            for chunk in stdout_generator:
+                yaml_output.write(chunk)
+
+            yaml_output.seek(0)
+
+            self.__scan_result = yaml.load(
+                yaml_output,
+                Loader=yaml.FullLoader
+            )
+
+    @property
+    def summary(self):
+        summary = self.__scan_result.get('SUM')
+        if not summary:
+            raise SourceCodeScannerException(
+                'Unexpected error retrienving source code summary metrics'
+            )
+
+        return summary
+
+    @property
+    def total_source_code_lines(self):
+        return self.summary.get('code')
+
+    @property
+    def command(self):
+        return [
+            '--no-cocomo',
+            '--no-complexity',
+            '--format',
+            'cloc-yaml'
+        ]

convisoappsec/flow/source_code_scanner/source_code_scanner.py

@@ -0,0 +1,177 @@
+import docker
+from contextlib import suppress
+import tempfile
+from uuid import uuid4
+
+from convisoappsec.flow.util import SourceCodeCompressor
+from .exceptions import SourceCodeScannerException
+
+
+class SourceCodeScanner(object):
+    SUCCESS_EXIT_CODE = 0
+    '''
+    hooks:
+      def _pre_pull(self):
+          :return: void
+
+      def _capture_stdout(self, stdout_bytes)
+        :param stdout_bytes: chunks generated by stdout
+        :paramtype stdout_bytes: bytes
+        :return: void
+    _pre_scan
+    _scan_stdout
+    _post_scan
+    '''
+
+    def __init__(self, source_code_dir, create_source_code_volume = True):
+        uuid = str(uuid4())
+        self.docker = docker.from_env(version="auto")
+        self.__container_name = "source_code_scanner_{0}".format(
+            uuid
+        )
+        self.__source_code_dir = source_code_dir
+        self.__create_source_code_volume = create_source_code_volume
+
+        if self.__create_source_code_volume:
+            self.__source_code_volume_name = "source_code_scanner_src_{0}".format(
+                uuid
+            )
+        else:
+            self.__source_code_volume_name = None
+
+    @property
+    def repository(self):
+        raise Exception('Not implemented yet!')
+
+    @property
+    def tag(self):
+        raise Exception('Not implemented yet!')
+
+    @property
+    def command(self):
+        raise Exception('Not implemented yet!')
+
+    @property
+    def container_source_dir(self):
+        raise Exception('Not implemented yet!')
+
+    @property
+    def image(self):
+        return "{repository}:{tag}".format(
+            repository=self.repository,
+            tag=self.tag,
+        )
+
+    @property
+    def volumes(self):
+        if not self.__create_source_code_volume:
+            return {}
+
+        return {
+            self.__source_code_volume_name: {
+                'bind': self.container_source_dir,
+                'mode': 'rw',
+            }
+        }
+
+    def __get_container(self):
+        return self.docker.containers.get(
+            self.__container_name
+        )
+
+    def __get_source_code_volume(self):
+        return self.docker.volumes.get(
+            self.__source_code_volume_name
+        )
+
+    @property
+    def __container(self):
+        try:
+            return self.__get_container()
+        except docker.errors.NotFound:
+            return self.__create_container()
+
+    def __create_container(self):
+        return self.docker.containers.create(
+            self.image,
+            name=self.__container_name,
+            volumes=self.volumes,
+            detach=True,
+            command=self.command,
+            working_dir=self.container_source_dir if self.container_source_dir != '/code' else '/code'
+        )
+
+    def __pull_image(self):
+        if self.has_pre_pull:
+            self._pre_pull()
+
+        self.docker.images.pull(self.repository, self.tag)
+
+    def __load_source_code(self):
+        container = self.__container
+
+        with tempfile.TemporaryFile() as fileobj:
+            compressor = SourceCodeCompressor(
+                self.__source_code_dir
+            )
+
+            compressor.write_to(fileobj)
+            fileobj.seek(0)
+
+            container.put_archive(
+                self.container_source_dir,
+                fileobj
+            )
+
+    def scan(self):
+        self.__pull_image()
+        self.__load_source_code()
+        container = self.__container
+
+        container.start()
+
+        if self.has_read_scan_stderr:
+            self._read_scan_stderr(
+                container.logs(
+                    stream=True, stdout=False, stderr=True
+                )
+            )
+
+        if self.has_read_scan_stdout:
+            self._read_scan_stdout(
+                container.logs(
+                    stream=True, stdout=True, stderr=False
+                )
+            )
+
+        wait_result = container.wait()
+        status_code = wait_result.get('StatusCode')
+
+        if not status_code == self.SUCCESS_EXIT_CODE:
+            raise SourceCodeScannerException(
+                'Source code scanning fail'
+            )
+
+    def __has_method(self, method_name):
+        return hasattr(self, method_name)
+
+    @property
+    def has_read_scan_stdout(self):
+        return self.__has_method('_read_scan_stdout')
+
+    @property
+    def has_read_scan_stderr(self):
+        return self.__has_method('_read_scan_stderr')
+
+    @property
+    def has_pre_pull(self):
+        return self.__has_method('_pre_pull')
+
+    def __del__(self):
+        with suppress(Exception):
+            container = self.__get_container()
+            container.remove()
+
+        with suppress(Exception):
+            source_code_volume = self.__get_source_code_volume()
+            source_code_volume.remove()

convisoappsec/flow/util/__init__.py

@@ -0,0 +1,7 @@
+from .source_code_compressor import SourceCodeCompressor
+from .metrics import project_metrics
+
+__all__ = [
+    'SourceCodeCompressor',
+    'project_metrics',
+]