conviso-ast 3.0.0__tar.gz

conviso_ast-3.0.0/PKG-INFO

@@ -0,0 +1,37 @@
+Metadata-Version: 2.2
+Name: conviso-ast
+Version: 3.0.0
+Maintainer: Conviso
+Maintainer-email: development@convisoappsec.com
+Project-URL: Source, https://github.com/convisoappsec/convisocli/
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: GitPython==3.1.45
+Requires-Dist: click==8.1.8
+Requires-Dist: requests==2.32.5
+Requires-Dist: urllib3==2.4.0
+Requires-Dist: semantic-version==2.10.0
+Requires-Dist: docker==7.1.0
+Requires-Dist: PyYAML==6.0.3
+Requires-Dist: click-log==0.4.0
+Requires-Dist: transitions==0.9.2
+Requires-Dist: jsonschema==4.25.1
+Requires-Dist: giturlparse<=0.12.0
+Requires-Dist: jmespath==1.0.1
+Requires-Dist: setuptools==78.1.0
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: maintainer
+Dynamic: maintainer-email
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+
+# AST
+
+This is a command line tool to execute Conviso AST.
+
+# Documentation
+Please visit the [official documentation] for further information.
+
+[official documentation]: <https://docs.convisoappsec.com/security-scans/conviso-ast/>

conviso_ast-3.0.0/README.md

@@ -0,0 +1,8 @@
+# AST
+
+This is a command line tool to execute Conviso AST.
+
+# Documentation
+Please visit the [official documentation] for further information.
+
+[official documentation]: <https://docs.convisoappsec.com/security-scans/conviso-ast/>

conviso_ast-3.0.0/conviso_ast.egg-info/PKG-INFO

@@ -0,0 +1,37 @@
+Metadata-Version: 2.2
+Name: conviso-ast
+Version: 3.0.0
+Maintainer: Conviso
+Maintainer-email: development@convisoappsec.com
+Project-URL: Source, https://github.com/convisoappsec/convisocli/
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: GitPython==3.1.45
+Requires-Dist: click==8.1.8
+Requires-Dist: requests==2.32.5
+Requires-Dist: urllib3==2.4.0
+Requires-Dist: semantic-version==2.10.0
+Requires-Dist: docker==7.1.0
+Requires-Dist: PyYAML==6.0.3
+Requires-Dist: click-log==0.4.0
+Requires-Dist: transitions==0.9.2
+Requires-Dist: jsonschema==4.25.1
+Requires-Dist: giturlparse<=0.12.0
+Requires-Dist: jmespath==1.0.1
+Requires-Dist: setuptools==78.1.0
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: maintainer
+Dynamic: maintainer-email
+Dynamic: project-url
+Dynamic: requires-dist
+Dynamic: requires-python
+
+# AST
+
+This is a command line tool to execute Conviso AST.
+
+# Documentation
+Please visit the [official documentation] for further information.
+
+[official documentation]: <https://docs.convisoappsec.com/security-scans/conviso-ast/>

conviso_ast-3.0.0/conviso_ast.egg-info/SOURCES.txt

@@ -0,0 +1,131 @@
+README.md
+setup.py
+conviso_ast.egg-info/PKG-INFO
+conviso_ast.egg-info/SOURCES.txt
+conviso_ast.egg-info/dependency_links.txt
+conviso_ast.egg-info/entry_points.txt
+conviso_ast.egg-info/requires.txt
+conviso_ast.egg-info/top_level.txt
+convisoappsec/__init__.py
+convisoappsec/logger.py
+convisoappsec/version.py
+convisoappsec/common/__init__.py
+convisoappsec/common/box.py
+convisoappsec/common/cleaner.py
+convisoappsec/common/docker.py
+convisoappsec/common/exceptions.py
+convisoappsec/common/git_data_parser.py
+convisoappsec/common/retry_handler.py
+convisoappsec/common/strings.py
+convisoappsec/common/graphql/__init__.py
+convisoappsec/common/graphql/error_handlers.py
+convisoappsec/common/graphql/errors.py
+convisoappsec/common/graphql/low_client.py
+convisoappsec/flow/__init__.py
+convisoappsec/flow/api.py
+convisoappsec/flow/cleaner.py
+convisoappsec/flow/version_control_system_adapter.py
+convisoappsec/flow/graphql_api/__init__.py
+convisoappsec/flow/graphql_api/beta/__init__.py
+convisoappsec/flow/graphql_api/beta/client.py
+convisoappsec/flow/graphql_api/beta/resources_api.py
+convisoappsec/flow/graphql_api/beta/models/__init__.py
+convisoappsec/flow/graphql_api/beta/models/issues/__init__.py
+convisoappsec/flow/graphql_api/beta/models/issues/container.py
+convisoappsec/flow/graphql_api/beta/models/issues/iac.py
+convisoappsec/flow/graphql_api/beta/models/issues/normalize.py
+convisoappsec/flow/graphql_api/beta/models/issues/sast.py
+convisoappsec/flow/graphql_api/beta/models/issues/sca.py
+convisoappsec/flow/graphql_api/beta/schemas/__init__.py
+convisoappsec/flow/graphql_api/beta/schemas/mutations/__init__.py
+convisoappsec/flow/graphql_api/beta/schemas/resolvers/__init__.py
+convisoappsec/flow/graphql_api/v1/__init__.py
+convisoappsec/flow/graphql_api/v1/client.py
+convisoappsec/flow/graphql_api/v1/resources_api.py
+convisoappsec/flow/graphql_api/v1/models/__init__.py
+convisoappsec/flow/graphql_api/v1/models/asset.py
+convisoappsec/flow/graphql_api/v1/models/issues.py
+convisoappsec/flow/graphql_api/v1/models/project.py
+convisoappsec/flow/graphql_api/v1/schemas/__init__.py
+convisoappsec/flow/graphql_api/v1/schemas/mutations/__init__.py
+convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py
+convisoappsec/flow/source_code_scanner/__init__.py
+convisoappsec/flow/source_code_scanner/exceptions.py
+convisoappsec/flow/source_code_scanner/scc.py
+convisoappsec/flow/source_code_scanner/source_code_scanner.py
+convisoappsec/flow/util/__init__.py
+convisoappsec/flow/util/ci_provider.py
+convisoappsec/flow/util/metrics.py
+convisoappsec/flow/util/source_code_compressor.py
+convisoappsec/flow/version_searchers/__init__.py
+convisoappsec/flow/version_searchers/sorted_by_versioning_style.py
+convisoappsec/flow/version_searchers/timebased_version_seacher.py
+convisoappsec/flow/version_searchers/version_searcher_result.py
+convisoappsec/flow/versioning_style/__init__.py
+convisoappsec/flow/versioning_style/semantic_versioning.py
+convisoappsec/flowcli/__init__.py
+convisoappsec/flowcli/__main__.py
+convisoappsec/flowcli/common.py
+convisoappsec/flowcli/context.py
+convisoappsec/flowcli/entrypoint.py
+convisoappsec/flowcli/environment_checker.py
+convisoappsec/flowcli/help_option.py
+convisoappsec/flowcli/requirements_verifier.py
+convisoappsec/flowcli/assets/__init__.py
+convisoappsec/flowcli/assets/create.py
+convisoappsec/flowcli/assets/entrypoint.py
+convisoappsec/flowcli/assets/ls.py
+convisoappsec/flowcli/ast/__init__.py
+convisoappsec/flowcli/ast/entrypoint.py
+convisoappsec/flowcli/companies/__init__.py
+convisoappsec/flowcli/companies/ls.py
+convisoappsec/flowcli/container/__init__.py
+convisoappsec/flowcli/container/entrypoint.py
+convisoappsec/flowcli/container/run.py
+convisoappsec/flowcli/deploy/__init__.py
+convisoappsec/flowcli/deploy/create/__init__.py
+convisoappsec/flowcli/deploy/create/context.py
+convisoappsec/flowcli/deploy/create/entrypoint.py
+convisoappsec/flowcli/deploy/create/with_/__init__.py
+convisoappsec/flowcli/deploy/create/with_/entrypoint.py
+convisoappsec/flowcli/deploy/create/with_/values.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/__init__.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/context.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/entrypoint.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/__init__.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/entrypoint.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/time_.py
+convisoappsec/flowcli/deploy/create/with_/tag_tracker/sort_by/versioning_style.py
+convisoappsec/flowcli/findings/__init__.py
+convisoappsec/flowcli/findings/entrypoint.py
+convisoappsec/flowcli/findings/create/__init__.py
+convisoappsec/flowcli/findings/create/entrypoint.py
+convisoappsec/flowcli/findings/create/with_/__init__.py
+convisoappsec/flowcli/findings/create/with_/entrypoint.py
+convisoappsec/flowcli/findings/create/with_/version_tracker.py
+convisoappsec/flowcli/findings/import_sarif/__init__.py
+convisoappsec/flowcli/findings/import_sarif/entrypoint.py
+convisoappsec/flowcli/iac/__init__.py
+convisoappsec/flowcli/iac/entrypoint.py
+convisoappsec/flowcli/iac/run.py
+convisoappsec/flowcli/sast/__init__.py
+convisoappsec/flowcli/sast/entrypoint.py
+convisoappsec/flowcli/sast/run.py
+convisoappsec/flowcli/sbom/__init__.py
+convisoappsec/flowcli/sbom/entrypoint.py
+convisoappsec/flowcli/sbom/generate.py
+convisoappsec/flowcli/sca/__init__.py
+convisoappsec/flowcli/sca/entrypoint.py
+convisoappsec/flowcli/sca/run.py
+convisoappsec/flowcli/vulnerability/__init__.py
+convisoappsec/flowcli/vulnerability/assert_security_rules.py
+convisoappsec/flowcli/vulnerability/container_vulnerability_manager.py
+convisoappsec/flowcli/vulnerability/entrypoint.py
+convisoappsec/flowcli/vulnerability/rules_schema.json
+convisoappsec/flowcli/vulnerability/run.py
+convisoappsec/sast/__init__.py
+convisoappsec/sast/decision.py
+convisoappsec/sast/sastbox.py
+scripts/shell_completer/flow_bash_completer.sh
+scripts/shell_completer/flow_fish_completer.fish
+scripts/shell_completer/flow_zsh_completer.sh

conviso_ast-3.0.0/conviso_ast.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

conviso_ast-3.0.0/conviso_ast.egg-info/entry_points.txt

@@ -0,0 +1,3 @@
+[console_scripts]
+conviso = convisoappsec.flowcli.entrypoint:cli
+flow = convisoappsec.flowcli.entrypoint:cli

conviso_ast-3.0.0/conviso_ast.egg-info/requires.txt

@@ -0,0 +1,13 @@
+GitPython==3.1.45
+click==8.1.8
+requests==2.32.5
+urllib3==2.4.0
+semantic-version==2.10.0
+docker==7.1.0
+PyYAML==6.0.3
+click-log==0.4.0
+transitions==0.9.2
+jsonschema==4.25.1
+giturlparse<=0.12.0
+jmespath==1.0.1
+setuptools==78.1.0

conviso_ast-3.0.0/conviso_ast.egg-info/top_level.txt

@@ -0,0 +1 @@
+convisoappsec

conviso_ast-3.0.0/convisoappsec/common/__init__.py

@@ -0,0 +1,5 @@
+from urllib.parse import urljoin
+
+
+def safe_join_url(base_url, path):
+    return urljoin(base_url, path)

conviso_ast-3.0.0/convisoappsec/common/box.py

@@ -0,0 +1,251 @@
+import docker
+import tarfile
+import tempfile
+import time
+from concurrent.futures import ThreadPoolExecutor
+
+from transitions import Machine
+from transitions.extensions.states import Timeout, add_state_features
+
+from convisoappsec.common.docker import SCSCommon
+from convisoappsec.logger import LOGGER
+
+RAW_STATE_MSG = 'Scanner {} entered on {} state'
+
+
+class SARIFParsingError(BaseException):
+    pass
+
+
+class PropertyRequiredError(SARIFParsingError):
+    def __init__(self, stderr_log=''):
+        pretty_error = self.__parse_pretty_property_error(stderr_log)
+        print('Error:', pretty_error)
+
+    def __parse_pretty_property_error(self, stderr_logs):
+        expected_error_line = ''
+
+        for log_line in stderr_logs.split('\n'):
+            expected_error_text = 'PropertyRequiredError'
+            if expected_error_text in log_line:
+                expected_error_line = log_line
+                break
+
+        error = self.__extract_text_after_colon(expected_error_line)
+
+        return error.strip()
+
+    def __extract_text_after_colon(self, text):
+        try:
+            return text.split(':', 3)[-1]
+        except IndexError:
+            return ''
+
+
+@add_state_features(Timeout)
+class ScannerMachine(Machine):
+    pass
+
+
+class ScannerEntity:
+
+    def __init__(self, token, scanner, logger=None, timeout=7200):
+        self.logger = logger or LOGGER
+        self.token = token
+
+        self.scanner = self.__setup_scanner(scanner)
+        self.name = self.scanner.name
+        self.results = None
+
+        self.states = [
+            'waiting',
+            {'name': 'pulling', 'timeout': timeout, 'on_timeout': self._on_timeout},
+            {'name': 'running', 'timeout': timeout, 'on_timeout': self._on_timeout},
+            {'name': 'sending', 'timeout': timeout, 'on_timeout': self._on_timeout},
+            'done'
+        ]
+        self.machine = ScannerMachine(
+            model=self,
+            states=self.states,
+            initial='waiting'
+        )
+        self.machine.add_ordered_transitions()
+        self._set_callbacks()
+        self.to_waiting()
+
+    def __setup_scanner(self, scanner):
+        if isinstance(scanner, SCSCommon):
+            return scanner
+        else:
+            return self._instanciate_scanner(scanner)
+
+    def _set_callbacks(self):
+        self.machine.on_enter_waiting('_on_waiting')
+        self.machine.on_enter_pulling('_on_pulling')
+        self.machine.on_enter_running('_on_running')
+        self.machine.on_enter_sending('_on_sending')
+        self.machine.on_enter_done('_on_done')
+
+    def _instanciate_scanner(self, data):
+        return SCSCommon(
+            **data,
+            token=self.token,
+            logger=self.logger,
+        )
+
+    def _on_timeout(self):
+        self.logger.debug('Scanner {} timeout on state {}'.format(
+            self.name, self.state
+        ))
+
+    def _on_waiting(self):
+        self.logger.debug(RAW_STATE_MSG.format(
+            self.name, self.state
+        ))
+
+    def _on_pulling(self):
+        self.logger.debug(RAW_STATE_MSG.format(
+            self.name, self.state
+        ))
+        image = self.scanner.pull()
+        if image:
+            self.logger.debug('Image: {}'.format(image))
+            self.next_state()
+        else:
+            raise RuntimeError("Image not found.")
+
+    def _on_running(self):
+        self.scanner.run()
+        self.end_time = time.time()
+        self.logger.debug('Total execution time for {} was {:2f}'.format(
+            self.scanner.repository_name,
+            self.end_time - self.start_time
+        ))
+        self.next_state()
+
+    def _on_sending(self):
+        self.logger.debug(RAW_STATE_MSG.format(
+            self.name, self.state
+        ))
+        self.results = self.scanner.get_container_reports()
+        self.next_state()
+
+    def _on_done(self):
+        self.logger.debug(RAW_STATE_MSG.format(
+            self.scanner.repository_name, self.state
+        ))
+        self.scanner.container.remove(v=True, force=True)
+
+    def start(self):
+        self.start_time = time.time()
+        self.to_pulling()
+
+
+class ContainerWrapper:
+
+    def __init__(self, token, containers_map, logger, timeout, max_workers=5):
+        self.token = token
+        self.logger = logger or LOGGER
+        self.max_workers = max_workers
+        self.scanners = [
+            ScannerEntity(
+                token=token,
+                scanner=scanner,
+                logger=logger,
+                timeout=timeout
+            )
+            for scanner in containers_map.values()
+        ]
+
+    def run(self):
+        self.logger.debug("Starting Execution")
+        with ThreadPoolExecutor(max_workers=self.max_workers) as exeggutor:
+            for scanner in self.scanners:
+                exeggutor.submit(scanner.start)
+
+
+def convert_sarif_to_sastbox1(report_filepath, repository_dir, container_registry_token, scanner_timeout=7200):
+    """
+    Args:
+        report_filepath (str): filepath to the report to be converted
+        repository_dir (str): filepath to the repository being tested
+        token (str): Conviso container registry token
+        scanner_timeout (int): container timeout
+
+    Returns:
+        string: filepath to the converted report
+    """
+    CONTAINER_IMAGE_NAME = 'sastbox-converter-tool'
+    CONTAINER_IMAGE_TAG = 'cc50dee'
+
+    CONTAINER_INPUT_FILEPATH = '/code{}'.format(
+        report_filepath.replace(repository_dir, '')
+    )
+    CONTAINER_OUTPUT_FILENAME = CONTAINER_INPUT_FILEPATH.replace(
+        'sarif', 'json'
+    )
+
+    CONTAINERS_MAP = {
+        CONTAINER_IMAGE_NAME: {
+            'repository_dir': repository_dir,
+            'repository_name': CONTAINER_IMAGE_NAME,
+            'tag': CONTAINER_IMAGE_TAG, 
+            'command': [
+                '--format', 'sastbox1',
+                '--input', CONTAINER_INPUT_FILEPATH,
+                '--output', CONTAINER_OUTPUT_FILENAME
+            ],
+        },
+    }
+    converter_wrapped = ContainerWrapper(
+        token=container_registry_token,
+        containers_map=CONTAINERS_MAP,
+        logger=None,
+        timeout=scanner_timeout
+    )
+
+    converter_wrapped.logger.setLevel('WARN')
+    converter_wrapped.run()
+    converter_wrapped.logger.setLevel('INFO')
+
+    scanner = converter_wrapped.scanners[0].scanner
+    last_scan_name = scanner.name
+    last_container = scanner.docker.containers.get(
+        last_scan_name
+    )
+
+    try:
+        chunks, _ = last_container.get_archive(CONTAINER_OUTPUT_FILENAME)
+        output_filepath = __extract_tarball_chunks(
+            chunks, report_filepath.replace('sarif', 'json')
+        )
+    except docker.errors.APIError as error:
+        stderr_log = last_container.logs(stderr=True).decode('utf-8')
+        raise PropertyRequiredError(stderr_log)
+
+    return output_filepath
+
+
+def __extract_tarball_chunks(tarball_chunks, report_absolute_filepath):
+    """
+
+    Args:
+        tarball_chunks (int): The number of bytes returned by each iteration of the generator
+        report_filename (string): The name of the extracted report
+
+    Returns:
+        string: Report absolute filepath in local filesystem
+    """
+    output_dirpath = report_absolute_filepath[
+        :report_absolute_filepath.rfind('/')
+    ]
+
+    with tempfile.TemporaryFile() as tmp_wrapper_file:
+        for chunk in tarball_chunks:
+            tmp_wrapper_file.write(chunk)
+        tmp_wrapper_file.seek(0)
+
+        with tarfile.open(mode="r|", fileobj=tmp_wrapper_file) as talball_file:
+            talball_file.extractall(path=output_dirpath)
+
+    return report_absolute_filepath

conviso_ast-3.0.0/convisoappsec/common/cleaner.py

@@ -0,0 +1,78 @@
+import os
+import shutil
+import tempfile
+import docker
+
+class Cleaner:
+    """Responsible for cleaning temporary files, Docker containers, images, and volumes."""
+
+    def __init__(self):
+        try:
+            self.client = docker.from_env()
+        except Exception as e:
+            print(f"Error initializing Docker client: {e}")
+            self.client = None
+
+    def cleanup(self):
+        """ Responsable to clean dirs, docker images and containers after all executions,
+            removes all stopped containers, unused networks, dangling images, and build cache.
+        """
+        try:
+            client = docker.from_env()
+            self.perform_cleanup()
+
+            for container in client.containers.list(all=True):
+                try:
+                    container.remove()
+                except Exception:
+                    continue
+
+            for image in client.images.list():
+                if image.tags and any(tag.startswith("public.ecr.aws/convisoappsec/") for tag in image.tags):
+                    try:
+                        client.images.remove(image.id)
+                    except Exception as e:
+                        print(f"Error removing image {image.tags}: {e}")
+                        continue
+
+            volumes = client.volumes.list()
+            for volume in volumes:
+                try:
+                    volume.remove()
+                except Exception:
+                    continue
+
+        except Exception as e:
+            print(f"An unexpected error occurred: {e}")
+            return
+
+    def perform_cleanup(self):
+       """Method to clean the tmp directory and remove 'conviso-output-' directories in the current directory."""
+
+       tmp_dir = tempfile.gettempdir()
+
+       # Clear system temp directory
+       try:
+           for filename in os.listdir(tmp_dir):
+               file_path = os.path.join(tmp_dir, filename)
+               try:
+                   if os.path.isfile(file_path) or os.path.islink(file_path):
+                       os.remove(file_path)
+                   elif os.path.isdir(file_path):
+                       shutil.rmtree(file_path)
+               except Exception:
+                   pass
+       except Exception:
+           pass
+
+       # Clear 'conviso-output-' directories in the current directory
+       try:
+           for filename in os.listdir("."):
+               dir_path = os.path.join(".", filename)
+               if os.path.isdir(dir_path) and filename.startswith("conviso-output-"):
+                   try:
+                       shutil.rmtree(dir_path)
+                   except Exception:
+                       pass
+       except Exception:
+           pass