conviso-ast 3.0.1rc3__py3-none-any.whl → 3.0.2rc0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {conviso_ast-3.0.1rc3.dist-info → conviso_ast-3.0.2rc0.dist-info}/METADATA +1 -1
- {conviso_ast-3.0.1rc3.dist-info → conviso_ast-3.0.2rc0.dist-info}/RECORD +12 -12
- convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py +8 -0
- convisoappsec/flowcli/iac/run.py +0 -7
- convisoappsec/flowcli/vulnerability/run.py +63 -15
- convisoappsec/version.py +1 -1
- {conviso_ast-3.0.1rc3.data → conviso_ast-3.0.2rc0.data}/scripts/flow_bash_completer.sh +0 -0
- {conviso_ast-3.0.1rc3.data → conviso_ast-3.0.2rc0.data}/scripts/flow_fish_completer.fish +0 -0
- {conviso_ast-3.0.1rc3.data → conviso_ast-3.0.2rc0.data}/scripts/flow_zsh_completer.sh +0 -0
- {conviso_ast-3.0.1rc3.dist-info → conviso_ast-3.0.2rc0.dist-info}/WHEEL +0 -0
- {conviso_ast-3.0.1rc3.dist-info → conviso_ast-3.0.2rc0.dist-info}/entry_points.txt +0 -0
- {conviso_ast-3.0.1rc3.dist-info → conviso_ast-3.0.2rc0.dist-info}/top_level.txt +0 -0
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
conviso_ast-3.0.
|
|
2
|
-
conviso_ast-3.0.
|
|
3
|
-
conviso_ast-3.0.
|
|
1
|
+
conviso_ast-3.0.2rc0.data/scripts/flow_bash_completer.sh,sha256=9q3HPuXq_FCUUV3IFGcOefsOLhPWatUkLY7txiBM7Uo,624
|
|
2
|
+
conviso_ast-3.0.2rc0.data/scripts/flow_fish_completer.fish,sha256=-wiuarawDJkms5N-rh99brIOzhy-ktsM1mi1ohQ3Mtg,147
|
|
3
|
+
conviso_ast-3.0.2rc0.data/scripts/flow_zsh_completer.sh,sha256=cAtTDGUs5sY4NAA7AjscmLWj0dbNZ9iZhLP6BTz6dEQ,844
|
|
4
4
|
convisoappsec/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
convisoappsec/logger.py,sha256=aTNebqOau9nEadBySMTXtnbGkOkJ_q2kyFlX1mzizeg,1132
|
|
6
|
-
convisoappsec/version.py,sha256=
|
|
6
|
+
convisoappsec/version.py,sha256=GnndlAXQvhYs3pVBtlsldtjm-6BhjGYuUmT4jZh5UbI,27
|
|
7
7
|
convisoappsec/common/__init__.py,sha256=QN7tV2C_jhTiWUrJHv2jbeq6ae3MssgLUWpQZwe8O2s,105
|
|
8
8
|
convisoappsec/common/box.py,sha256=WTtPF3YWxkcdblPmFTzrzQlPPPUwVsDt2zoi6xFMy1U,7561
|
|
9
9
|
convisoappsec/common/cleaner.py,sha256=Iy8BWCXj_v51oovcYzI_uhaJzLL-fCUyDxrbBglfwEs,2680
|
|
@@ -43,7 +43,7 @@ convisoappsec/flow/graphql_api/v1/models/issues.py,sha256=ZAM_aPwj20I7cApX1leCDV
|
|
|
43
43
|
convisoappsec/flow/graphql_api/v1/models/project.py,sha256=CDZlufsT-_iQIOgpOPAtdmcv0JvHWFd6TjcDIAj6w7c,972
|
|
44
44
|
convisoappsec/flow/graphql_api/v1/schemas/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
45
45
|
convisoappsec/flow/graphql_api/v1/schemas/mutations/__init__.py,sha256=R9LgniQyj694h1MD7cn1-HJRDjI4PLiOrCmsqjp16ho,3251
|
|
46
|
-
convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py,sha256=
|
|
46
|
+
convisoappsec/flow/graphql_api/v1/schemas/resolvers/__init__.py,sha256=QRqSriwq2x0p78jSdz86KybhOetq8FSVlGI1VNM1tK8,2868
|
|
47
47
|
convisoappsec/flow/util/__init__.py,sha256=32E3AbPrBf0stKOzCIvz7BeWtBjAScIt7FNyERjN-p4,99
|
|
48
48
|
convisoappsec/flow/util/ci_provider.py,sha256=VYDESwNFbtrRcWDtTEb8tYDN5qbnLksmQI_ntsciJ4I,2093
|
|
49
49
|
convisoappsec/flow/util/source_code_compressor.py,sha256=b2iA8Exf8wVbxR1mnvwTbruDjdpYyVloUmSlyYLSJQU,508
|
|
@@ -99,7 +99,7 @@ convisoappsec/flowcli/findings/import_sarif/entrypoint.py,sha256=MIHi9ZWU2Jn2o7o
|
|
|
99
99
|
convisoappsec/flowcli/iac/__init__.py,sha256=a3IZzSKpm987fMEliTECDeXO_Eduk7eg-aQzmaWvUXQ,47
|
|
100
100
|
convisoappsec/flowcli/iac/dry_run.py,sha256=xvC0Wb2Sxl37yEjFaFMGcRvLJ4Q8evrNQoUXuahHtCg,2990
|
|
101
101
|
convisoappsec/flowcli/iac/entrypoint.py,sha256=WMlSwHd7cLxhUfy643OquQhUHEy4yNf7s0K5bkrXYno,295
|
|
102
|
-
convisoappsec/flowcli/iac/run.py,sha256=
|
|
102
|
+
convisoappsec/flowcli/iac/run.py,sha256=Y86MYTM8kTcF3TdvZuGgGLmNOEx7EPVaidKnStSbVpE,11203
|
|
103
103
|
convisoappsec/flowcli/sast/__init__.py,sha256=S4O78eZGhgpT2lZY3GSUIUTQJB5a62uAVirEqbf4EQY,49
|
|
104
104
|
convisoappsec/flowcli/sast/dry_run.py,sha256=lUi9LCfBlBjcAYm4v_Etl3raPZcTHVr5fVxGnB1eVSM,5787
|
|
105
105
|
convisoappsec/flowcli/sast/entrypoint.py,sha256=XMu8WpZNwSujWOwbHUThk3JK_WtRWHau9kYD2ttjULY,300
|
|
@@ -116,12 +116,12 @@ convisoappsec/flowcli/vulnerability/assert_security_rules.py,sha256=j7VcondMeZSR
|
|
|
116
116
|
convisoappsec/flowcli/vulnerability/container_vulnerability_manager.py,sha256=EkJhbUm1DTP14mIg_ZC4SKFSlvTtfPpSpNAMWPkwrsc,6897
|
|
117
117
|
convisoappsec/flowcli/vulnerability/entrypoint.py,sha256=WsQkEJSbb9CwPm_deUtata9omEYYcaZnssYKTAybtjA,386
|
|
118
118
|
convisoappsec/flowcli/vulnerability/rules_schema.json,sha256=OBkj9RMXltGoJYsyPqOsrJDfcyrQDlQHk9b5i9rMhoc,948
|
|
119
|
-
convisoappsec/flowcli/vulnerability/run.py,sha256=
|
|
119
|
+
convisoappsec/flowcli/vulnerability/run.py,sha256=A43g4rB2tqaCFSXM55Twe0ggXt_KtAkR3KVkTYa0x8k,18842
|
|
120
120
|
convisoappsec/sast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
121
121
|
convisoappsec/sast/decision.py,sha256=d7dcNr9yZMzyccpFS_peAmDo0ZtfsE1qXDdYrvCux2U,1025
|
|
122
122
|
convisoappsec/sast/sastbox.py,sha256=hXZLiYh_F3f6yd1ydPYVOMKg-tNOQOZiBvKmWyedagI,11031
|
|
123
|
-
conviso_ast-3.0.
|
|
124
|
-
conviso_ast-3.0.
|
|
125
|
-
conviso_ast-3.0.
|
|
126
|
-
conviso_ast-3.0.
|
|
127
|
-
conviso_ast-3.0.
|
|
123
|
+
conviso_ast-3.0.2rc0.dist-info/METADATA,sha256=s6Y107PspXj0WR6fvxhJcBL7eeXuL6rC4X8gKtC2RGI,1078
|
|
124
|
+
conviso_ast-3.0.2rc0.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
|
|
125
|
+
conviso_ast-3.0.2rc0.dist-info/entry_points.txt,sha256=0IvamweR_V0uG4O5Fo9NpVHTHfpZRwUE9kn7KEVZ668,109
|
|
126
|
+
conviso_ast-3.0.2rc0.dist-info/top_level.txt,sha256=ju5r0RSCF1HA7m9JOG10jrQS4SnqQEJzl6-YMCxbSl4,14
|
|
127
|
+
conviso_ast-3.0.2rc0.dist-info/RECORD,,
|
convisoappsec/flowcli/iac/run.py
CHANGED
|
@@ -183,13 +183,6 @@ def deploy_results_to_conviso(
|
|
|
183
183
|
if error.code == 'RECORD_NOT_UNIQUE':
|
|
184
184
|
continue
|
|
185
185
|
elif error.code == "Record not found" or "Record not found" in str(error):
|
|
186
|
-
LOGGER.warning(
|
|
187
|
-
f"\n⚠️ [Record Not Found] Falha ao vincular vulnerabilidade (Asset ou Sync ID inválido). Item ignorado.\n"
|
|
188
|
-
f" - Issue: {issue.get('title')}\n"
|
|
189
|
-
f" - Hash: {issue.get('hash_issue')}"
|
|
190
|
-
f" - Asset: {asset_id}"
|
|
191
|
-
f" - control sync: {control_sync_status_id}"
|
|
192
|
-
)
|
|
193
186
|
continue
|
|
194
187
|
else:
|
|
195
188
|
retry_handler = RetryHandler(
|
|
@@ -233,28 +233,56 @@ def run(context, flow_context, asset_id, company_id, end_commit, start_commit, r
|
|
|
233
233
|
# Starting executing the ast again
|
|
234
234
|
sast_hash_issues = perform_sastbox_scan(sastbox_registry, sastbox_repository_name, sastbox_tag, repository_dir)
|
|
235
235
|
|
|
236
|
-
|
|
236
|
+
vulnerabilities = perform_sca_scan(repository_dir=repository_dir)
|
|
237
237
|
iac_hash_issues = perform_iac_scan(repository_dir=repository_dir)
|
|
238
238
|
|
|
239
239
|
# we need to append the two lists because at the moment this was made, iac and sast has sast as type on cp.
|
|
240
240
|
sast_hash_issues = sast_hash_issues + iac_hash_issues
|
|
241
241
|
# end ast execution
|
|
242
242
|
|
|
243
|
+
current_sca_hashes = set()
|
|
244
|
+
current_sca_tuples = set()
|
|
245
|
+
|
|
246
|
+
for vulnerability in vulnerabilities:
|
|
247
|
+
if vulnerability.get('hash_issue'):
|
|
248
|
+
current_sca_hashes.add(vulnerability['hash_issue'])
|
|
249
|
+
|
|
250
|
+
cve_list = vulnerability.get('cve')
|
|
251
|
+
|
|
252
|
+
if isinstance(cve_list, list) and len(cve_list) > 0:
|
|
253
|
+
cve_str = str(cve_list[0])
|
|
254
|
+
else:
|
|
255
|
+
cve_str = str(cve_list) if cve_list is not None else ""
|
|
256
|
+
|
|
257
|
+
if vulnerability.get('package') and vulnerability.get('version'):
|
|
258
|
+
current_sca_tuples.add((vulnerability['package'], vulnerability['version'], cve_str))
|
|
259
|
+
|
|
243
260
|
set_of_sast_hash_issues = set(sast_hash_issues)
|
|
244
|
-
set_of_sca_hash_issues = set(sca_hash_issues)
|
|
245
261
|
|
|
246
262
|
close_sast_issues(conviso_api, sast_issues_without_fix_accepted, set_of_sast_hash_issues, control_sync_status_id)
|
|
247
|
-
close_sca_issues(conviso_api, sca_issues_without_fix_accepted,
|
|
263
|
+
close_sca_issues(conviso_api, sca_issues_without_fix_accepted, current_sca_hashes, current_sca_tuples, control_sync_status_id)
|
|
248
264
|
|
|
249
265
|
sast_issues_to_reopen = [
|
|
250
266
|
{'id': item['id'], 'originalIssueIdFromTool': item['originalIssueIdFromTool']}
|
|
251
267
|
for item in sast_issues_with_fix_accepted if item['originalIssueIdFromTool'] in sast_hash_issues
|
|
252
268
|
]
|
|
253
269
|
|
|
254
|
-
sca_issues_to_reopen = [
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
270
|
+
sca_issues_to_reopen = []
|
|
271
|
+
for item in sca_issues_with_fix_accepted:
|
|
272
|
+
tool_id = item.get('originalIssueIdFromTool')
|
|
273
|
+
should_reopen = False
|
|
274
|
+
|
|
275
|
+
if tool_id:
|
|
276
|
+
if tool_id in current_sca_hashes:
|
|
277
|
+
should_reopen = True
|
|
278
|
+
else:
|
|
279
|
+
detail = item.get('detail', {})
|
|
280
|
+
item_tuple = (detail.get('package'), detail.get('affectedVersion'), detail.get('cve'))
|
|
281
|
+
if item_tuple in current_sca_tuples:
|
|
282
|
+
should_reopen = True
|
|
283
|
+
|
|
284
|
+
if should_reopen:
|
|
285
|
+
sca_issues_to_reopen.append({'id': item['id'], 'originalIssueIdFromTool': tool_id})
|
|
258
286
|
|
|
259
287
|
if sast_issues_to_reopen:
|
|
260
288
|
log_func("SAST: reopening {issues} vulnerability/vulnerabilities on conviso platform ...".format(
|
|
@@ -303,14 +331,25 @@ def close_sast_issues(conviso_api, issues_from_cp, issues_from_current_scan, con
|
|
|
303
331
|
)
|
|
304
332
|
|
|
305
333
|
|
|
306
|
-
def close_sca_issues(conviso_api, issues_from_cp,
|
|
334
|
+
def close_sca_issues(conviso_api, issues_from_cp, current_hashes, current_tuples, control_sync_status_id):
|
|
307
335
|
""" method to close sca issues on conviso platform """
|
|
308
336
|
|
|
309
337
|
log_func("SCA: Verifying if any vulnerability was solved...")
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
338
|
+
|
|
339
|
+
differences = []
|
|
340
|
+
|
|
341
|
+
for item in issues_from_cp:
|
|
342
|
+
tool_id = item.get('originalIssueIdFromTool')
|
|
343
|
+
|
|
344
|
+
if tool_id:
|
|
345
|
+
if tool_id not in current_hashes:
|
|
346
|
+
differences.append({'id': item['id'], 'originalIssueIdFromTool': tool_id})
|
|
347
|
+
else:
|
|
348
|
+
detail = item.get('detail', {})
|
|
349
|
+
item_tuple = (detail.get('package'), detail.get('affectedVersion'), detail.get('cve'))
|
|
350
|
+
|
|
351
|
+
if item_tuple not in current_tuples:
|
|
352
|
+
differences.append({'id': item['id'], 'originalIssueIdFromTool': None})
|
|
314
353
|
|
|
315
354
|
if len(differences) == 0:
|
|
316
355
|
log_func("No vulnerabilities have been fixed yet...")
|
|
@@ -407,19 +446,28 @@ def perform_sca_scan(flow_context, repository_dir):
|
|
|
407
446
|
if file_path:
|
|
408
447
|
results_filepaths.append(file_path)
|
|
409
448
|
|
|
410
|
-
|
|
449
|
+
detected_vulnerabilities = []
|
|
411
450
|
|
|
412
451
|
for report_path in results_filepaths:
|
|
413
452
|
try:
|
|
414
453
|
with open(report_path, 'r') as report_file:
|
|
415
454
|
report_content = json.load(report_file)
|
|
416
455
|
issues = report_content.get("issues", [])
|
|
417
|
-
|
|
456
|
+
|
|
457
|
+
for issue in issues:
|
|
458
|
+
vuln_data = {
|
|
459
|
+
"hash_issue": issue.get("hash_issue"),
|
|
460
|
+
"package": issue.get("component"),
|
|
461
|
+
"version": issue.get("version"),
|
|
462
|
+
"cve": issue.get("cve")
|
|
463
|
+
}
|
|
464
|
+
|
|
465
|
+
detected_vulnerabilities.append(vuln_data)
|
|
418
466
|
|
|
419
467
|
except (FileNotFoundError, json.JSONDecodeError) as e:
|
|
420
468
|
print(f"Error processing {report_path}: {e}")
|
|
421
469
|
|
|
422
|
-
return
|
|
470
|
+
return detected_vulnerabilities
|
|
423
471
|
|
|
424
472
|
except Exception as e:
|
|
425
473
|
on_http_error(e)
|
convisoappsec/version.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
__version__ = '3.0.
|
|
1
|
+
__version__ = '3.0.2-rc.0'
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|