devsecops-engine-tools 1.101.1__py3-none-any.whl → 1.103.0__py3-none-any.whl

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py

@@ -76,5 +76,6 @@ class RuntimeLocal(DevopsPlatformGateway):
             "vm_product_type_name" : "DET_VM_PRODUCT_TYPE_NAME",
             "vm_product_name" : "DET_VM_PRODUCT_NAME",
             "vm_product_description" : "DET_VM_PRODUCT_DESCRIPTION",
+            "build_task":  "DET_APPLICATION_BUILD_TASK",
         }
         return os.environ.get(env_variables[variable], None)

devsecops_engine_tools/engine_sast/engine_code/src/applications/runner_engine_code.py

@@ -7,13 +7,29 @@ from devsecops_engine_tools.engine_sast.engine_code.src.infrastructure.driven_ad
 from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run import (
     GitRun
 )
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+from devsecops_engine_tools.engine_sast.engine_code.src.infrastructure.driven_adapters.kiuwan.kiuwan_tool import get_kiuwan_instance
+
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
 def runner_engine_code(dict_args, tool, devops_platform_gateway, remote_config_source_gateway):
     try:
+        logger.info("Selecting tool...")
         tool_gateway = None
         git_gateway = GitRun()
         if (tool == "BEARER"):
+            logger.info("Bearer tool selected...")
             tool_gateway = BearerTool()
+        elif (tool == "KIUWAN"):
+            logger.info("Kiuwan tool selected...")
+            tool_gateway = get_kiuwan_instance(
+                dict_args=dict_args,
+                devops_platform_gateway=devops_platform_gateway,
+            )
+        
+        logger.info("Tool has been selected successfully")
 
         return init_engine_sast_code(
             devops_platform_gateway=devops_platform_gateway,
@@ -29,4 +45,4 @@ def runner_engine_code(dict_args, tool, devops_platform_gateway, remote_config_s
 
 
 if __name__ == "__main__":
-    runner_engine_code()
+    runner_engine_code()

devsecops_engine_tools/engine_sast/engine_code/src/domain/model/gateways/tool_gateway.py

@@ -1,15 +1,28 @@
 from abc import ABCMeta, abstractmethod
-from devsecops_engine_tools.engine_sast.engine_code.src.domain.model.config_tool import (
-    ConfigTool,
-)
+from typing import List, Optional, Any, Tuple
+from devsecops_engine_tools.engine_sast.engine_code.src.domain.model.config_tool import ConfigTool
 
 class ToolGateway(metaclass=ABCMeta):
-
     @abstractmethod
-    def run_tool(self, 
-                 folder_to_scan: str,
-                 pull_request_files: list,
-                 agent_work_folder: str,
-                 repository: str,
-                 config_tool: ConfigTool):
-        "run code scan tool"
+    def run_tool(
+        self,
+        folder_to_scan: str,
+        pull_request_files: List[str],
+        agent_work_folder: str,
+        repository: str,
+        config_tool: ConfigTool
+    ) -> Tuple[List[Any], Optional[str]]:
+        """
+        Run the code scan tool.
+        Args:
+            folder_to_scan: Path to the folder to scan
+            pull_request_files: List of files modified in the pull request
+            agent_work_folder: Directory for storing temporary files
+            repository: Name of the repository
+            config_tool: Configuration object for the tool
+        Returns:
+            Tuple containing:
+            - List of findings (vulnerabilities or defects).
+            - Path to the results file, or None if no file is generated.
+        """
+        pass

devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py

@@ -1,4 +1,5 @@
 import re
+from typing import Any, Dict, List, Tuple
 from devsecops_engine_tools.engine_sast.engine_code.src.domain.model.gateways.tool_gateway import (
     ToolGateway,
 )
@@ -33,9 +34,9 @@ class CodeScan:
         self.remote_config_source_gateway = remote_config_source_gateway
         self.git_gateway = git_gateway
 
-    def set_config_tool(self, dict_args):
+    def set_config_tool(self, dict_args: Dict[str, Any], config_tool_path: str):
         init_config_tool = self.remote_config_source_gateway.get_remote_config(
-            dict_args["remote_config_repo"], "engine_sast/engine_code/ConfigTool.json", dict_args["remote_config_branch"]
+            dict_args["remote_config_repo"], config_tool_path, dict_args["remote_config_branch"]
         )
         scope_pipeline = self.devops_platform_gateway.get_variable("pipeline_name")
         return ConfigTool(json_data=init_config_tool, scope=scope_pipeline)
@@ -88,35 +89,112 @@ class CodeScan:
                 return True
         return False
 
-    def process(self, dict_args, tool):
-        config_tool = self.set_config_tool(dict_args)
+    def _get_config_tool_and_exclusions_data(self, dict_args, tool) -> Tuple[Dict[str, Any], Dict[str, str]]:
+        
+        """
+            Get the information related to configuracion and exclusiones for the selected tool.
+            
+            Parameters:
+                dict_args: Dictionary with properties setting up from the extension.
+                tool: String name of the tool that will be used to run scan.    
+
+            Returns:
+                config_tool: Dictionary with the configuration of the tool.
+                excusions_data: Dictionary with the exclusions configured for an specific tool and pipelines.
+        """
+        logger.info("Getting engine_code config tool and exclusions...")
+        config_tool = self.set_config_tool(dict_args, "engine_sast/engine_code/ConfigTool.json")
         exclusions_data = self.remote_config_source_gateway.get_remote_config(
-            dict_args["remote_config_repo"], "engine_sast/engine_code/Exclusions.json"
+            dict_args["remote_config_repo"], "engine_sast/engine_code/Exclusions.json", dict_args["remote_config_branch"]
+        )
+        return config_tool, exclusions_data
+    
+    def _get_filtered_pr_files(self, dict_args: Dict[str,str], config_tool: Dict[str, Any]) -> List[str]:
+        """
+        Retrieve and filter pull request files based on exclusion rules.
+        
+        Parameters:
+            config_tool: Configuration dictionary for the SAST tool.
+        
+        Returns:
+            List of filtered pull request file paths.
+        """
+        pull_request_files = []
+        if not dict_args["folder_path"]:
+            pull_request_files = self.get_pull_request_files(
+                config_tool.target_branches
+            )
+            pull_request_files = [
+                pf
+                for pf in pull_request_files
+                if not self.apply_exclude_path(
+                    config_tool.exclude_folder,
+                    config_tool.ignore_search_pattern,
+                    pf,
+                )
+            ]
+        return pull_request_files
+    
+    def _create_input_core(self, list_exclusions: List[str], config_tool: Dict[str, Any], exclusions_data: Dict[str, str], path_file_results: str) -> 'InputCore':
+        """
+        Create an InputCore object with pipeline and tool configuration.
+        
+        Parameters:
+            list_exclusions: List of excluded files or patterns.
+            config_tool: Configuration dictionary for the SAST tool.
+            exclusions_data: Exclusion data for the tool.
+            path_file_results: Path to the results file.
+        
+        Returns:
+            InputCore object with pipeline and tool configuration.
+        """
+        return InputCore(
+            totalized_exclusions=list_exclusions,
+            threshold_defined=Utils.update_threshold(
+                self,
+                config_tool.threshold,
+                exclusions_data,
+                config_tool.scope_pipeline,
+            ),
+            path_file_results=path_file_results,
+            custom_message_break_build=config_tool.message_info_engine_code,
+            scope_pipeline=config_tool.scope_pipeline,
+            scope_service=config_tool.scope_pipeline,
+            stage_pipeline=self.devops_platform_gateway.get_variable("stage").capitalize(),
         )
+    
+    def process(self, dict_args, tool):
+        
+        """
+        This function process the request to a new scan code. 
+        
+        Parameters:
+            dict_args: Dictionary with properties setting up from the extension.
+            tool: String name of the tool that will be used to run scan.    
+
+        Returns:
+            findings_list: List with the defects founded during analysis.
+            input_core: InputCore instance with properties related to scan proccess.
+        """
+        
+        # Retrieve the config tool and exclusions data for the tool used during scan
+        config_tool, exclusions_data = self._get_config_tool_and_exclusions_data(
+            dict_args, tool
+        )
+        
         list_exclusions, skip_tool = self.get_exclusions(tool, exclusions_data)
         findings_list, path_file_results = [], ""
 
         if not skip_tool:
-            pull_request_files = []
-            if not dict_args["folder_path"]:
-                pull_request_files = self.get_pull_request_files(
-                    config_tool.target_branches
-                )
-                pull_request_files = [
-                    pf
-                    for pf in pull_request_files
-                    if not self.apply_exclude_path(
-                        config_tool.exclude_folder,
-                        config_tool.ignore_search_pattern,
-                        pf,
-                    )
-                ]
+            # Retrieve the pull requests files
+            # If folder path was not added in dict args, the pr files will be downloaded excluding the paths excluded 
+            pull_request_files = self._get_filtered_pr_files(dict_args, config_tool)
 
             findings_list, path_file_results = self.tool_gateway.run_tool(
                 dict_args["folder_path"],
                 pull_request_files,
                 self.devops_platform_gateway.get_variable("path_directory"),
-                self.devops_platform_gateway.get_variable("repository"),
+                dict_args.get("repo_name", False) if dict_args.get("repo_name", False) else self.devops_platform_gateway.get_variable("repository"),
                 config_tool,
             )
 
@@ -125,21 +203,6 @@ class CodeScan:
             dict_args["send_metrics"] = "false"
             dict_args["use_vulnerability_management"] = "false"
 
-        input_core = InputCore(
-            totalized_exclusions=list_exclusions,
-            threshold_defined=Utils.update_threshold(
-                self,
-                config_tool.threshold,
-                exclusions_data,
-                config_tool.scope_pipeline,
-            ),
-            path_file_results=path_file_results,
-            custom_message_break_build=config_tool.message_info_engine_code,
-            scope_pipeline=config_tool.scope_pipeline,
-            scope_service=config_tool.scope_pipeline,
-            stage_pipeline=self.devops_platform_gateway.get_variable(
-                "stage"
-            ).capitalize(),
-        )
+        input_core = self._create_input_core(list_exclusions, config_tool, exclusions_data, path_file_results)
 
-        return findings_list, input_core
+        return findings_list, input_core

devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/driven_adapters/bearer/bearer_deserealizator.py

@@ -1,6 +1,6 @@
 from devsecops_engine_tools.engine_core.src.domain.model.finding import (
     Category,
-    Finding,
+    EngineCodeFinding,
 )
 from datetime import datetime
 from dataclasses import dataclass
@@ -12,7 +12,7 @@ class BearerDeserealizator:
     @classmethod
     def get_list_finding(cls,
                          scan_result_path,
-                         agent_work_folder) -> "list[Finding]":
+                         agent_work_folder) -> "list[EngineCodeFinding]":
         findings = []
         with open(scan_result_path, encoding='utf-8') as arc:
             try:
@@ -30,7 +30,7 @@ class BearerDeserealizator:
                     chunks = [description[i : i + 70] for i in range(0, len(description), 70)]
                     formatted_description = "\n".join(chunks) + "\n"
 
-                    finding = Finding(
+                    finding = EngineCodeFinding(
                         id=vul["id"],
                         cvss="",
                         where=vul["full_filename"].replace(agent_work_folder, "").replace("/copy_files_bearer", ""),
@@ -41,7 +41,12 @@ class BearerDeserealizator:
                         module="engine_code",
                         category=Category.VULNERABILITY,
                         requirements="",
-                        tool="Bearer"
+                        tool="Bearer",
+                        analysis_url=None,
+                        analysis_code=None,
+                        label=None,
+                        application_business_value=None,
+                        defect_type=None
                     )
                     findings.append(finding)
         

devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/driven_adapters/kiuwan/kiuwan_deserealizator.py

@@ -0,0 +1,59 @@
+from datetime import datetime
+from typing import Dict, Any, List
+
+from devsecops_engine_tools.engine_core.src.domain.model.finding import Category, EngineCodeFinding
+
+
+class KiuwanDeserealizator:
+    
+    """
+        This class has the functions to deserealize the defects found in kiuwan analysis scan.
+    """
+    
+    @staticmethod
+    def get_findings(
+        last_analysis: Dict[str, Any],
+        defects_data: Dict[str, Any],
+        analysis_code: str,
+        severity_mapper: Dict[str,str],
+    ) -> List[EngineCodeFinding]:
+        """
+        Map Kiuwan defects to KiuwanFinding objects.
+
+        Args:
+            last_analysis: Dictionary containing the last analysis data.
+            defects_data: Dictionary containing the defects data.
+            analysis_code: The code of the analysis.
+
+        Returns:
+            List of KiuwanFinding objects representing the mapped defects.
+        """
+        analysis_date = last_analysis.get("date", datetime.now().strftime("%d/%m/%Y"))
+        application_business_value = last_analysis.get("applicationBusinessValue", "")
+        
+        findings = []
+        for defect in defects_data.get("defects", []):
+            # Mapear characteristic a Category
+            characteristic = defect.get("characteristic", "").lower()
+           
+            finding = EngineCodeFinding(
+                id=str(defect.get("defectId", "")),
+                cvss=defect.get("ruleCode", ""),
+                where=f"{defect.get('file', '')}:{defect.get('line', '')}",
+                description=defect.get("rule", ""),
+                severity=severity_mapper.get(defect.get("priority", ""), "Undefined"),
+                identification_date=analysis_date,
+                published_date_cve="",
+                module="engine_code",
+                category=Category.VULNERABILITY if characteristic == "security" else Category.COMPLIANCE,
+                requirements="",
+                tool="kiuwan",
+                analysis_url=last_analysis.get("analysisURL", "No available"),
+                analysis_code=analysis_code,
+                label=defect.get("label", ""),
+                application_business_value=application_business_value,
+                defect_type=characteristic
+            )
+            findings.append(finding)
+        
+        return findings