devsecops-engine-tools 1.106.0__py3-none-any.whl → 1.107.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (8) hide show
  1. devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py +11 -3
  2. devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py +34 -30
  3. devsecops_engine_tools/version.py +1 -1
  4. {devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/METADATA +1 -1
  5. {devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/RECORD +8 -8
  6. {devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/WHEEL +0 -0
  7. {devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/entry_points.txt +0 -0
  8. {devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/top_level.txt +0 -0
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py CHANGED
@@ -79,6 +79,8 @@ class TrufflehogRun(ToolGateway):
79
79
  exclude_detectors = config_tool[tool]["EXCLUDE_DETECTORS"]
80
80
  if exclude_detectors:
81
81
  exclude_detectors = ",".join(exclude_detectors)
82
+ filter_entropy = config_tool[tool].get("FILTER_ENTROPY")
83
+
82
84
 
83
85
  with concurrent.futures.ThreadPoolExecutor(max_workers=config_tool[tool]["NUMBER_THREADS"]) as executor:
84
86
  results = executor.map(
@@ -91,7 +93,8 @@ class TrufflehogRun(ToolGateway):
91
93
  [enable_custom_rules] * len(include_paths),
92
94
  [agent_os] * len(include_paths),
93
95
  [folder_path] * len(include_paths),
94
- [exclude_detectors] * len(include_paths)
96
+ [exclude_detectors] * len(include_paths),
97
+ [filter_entropy] * len(include_paths)
95
98
  )
96
99
  findings, file_findings = self.create_file(self.decode_output(results), path, config_tool, tool)
97
100
  return findings, file_findings
@@ -129,18 +132,23 @@ class TrufflehogRun(ToolGateway):
129
132
  enable_custom_rules,
130
133
  agent_os,
131
134
  folder_path,
132
- exclude_detectors
135
+ exclude_detectors,
136
+ filter_entropy
133
137
  ):
134
138
  path_folder = folder_path if folder_path is not None else f"{path}/{repository_name}"
135
139
  command = f"{trufflehog_command} filesystem {path_folder} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
140
+
136
141
  if enable_custom_rules:
137
142
  command = command.replace("--no-verification --no-update --json", f"--config {path}//rules//trufflehog//custom-rules.yaml --no-verification --no-update --json" if "Windows" in agent_os else
138
143
  f"--config {path}/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json" if "Linux" or "Darwin" in agent_os else
139
- "--no-verification --no-update --json")
144
+ "--no-verification --no-update --json")
140
145
 
141
146
  if exclude_detectors:
142
147
  command = f"{command} --exclude-detectors {exclude_detectors}"
143
148
 
149
+ if filter_entropy:
150
+ command = f"{command} --filter-entropy={filter_entropy}"
151
+
144
152
  result = subprocess.run(command, capture_output=True, shell=True, text=True, encoding='utf-8')
145
153
  return result.stdout.strip()
146
154
 
devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py CHANGED
@@ -21,36 +21,40 @@ class TrivyDeserializator(DeseralizatorGateway):
21
21
  with open(image_scanned, "rb") as file:
22
22
  image_object = file.read()
23
23
  json_data = json.loads(image_object)
24
- vulnerabilities_data = json_data.get("Results", [{}])[0].get("Vulnerabilities", [])
25
- vulnerabilities = [
26
- Finding(
27
- id=vul.get("VulnerabilityID", ""),
28
- cvss=str(
29
- next(
30
- (
31
- v["V3Score"]
32
- for v in vul["CVSS"].values()
33
- if "V3Score" in v
34
- ),
35
- None,
36
- )
37
- ),
38
- where=vul.get("PkgName", "")
39
- + ":"
40
- + vul.get("InstalledVersion", ""),
41
- description=vul.get("Description", "").replace("\n", "")[:150],
42
- severity=vul.get("Severity", "").lower(),
43
- identification_date=datetime.now().strftime("%Y-%m-%dT%H:%M:%S%z"),
44
- published_date_cve=self._check_date_format(vul),
45
- module=module,
46
- category=Category.VULNERABILITY,
47
- requirements=vul.get("FixedVersion") or vul.get("Status", ""),
48
- tool="Trivy",
49
- )
50
- for vul in vulnerabilities_data
51
- if vul.get("CVSS") and vul.get("PublishedDate")
52
- ]
53
- list_open_vulnerabilities.extend(vulnerabilities)
24
+ results = json_data.get("Results", [{}])
25
+
26
+ for result in results:
27
+ vulnerabilities_data = result.get("Vulnerabilities", [])
28
+ vulnerabilities = [
29
+ Finding(
30
+ id=vul.get("VulnerabilityID", ""),
31
+ cvss=str(
32
+ next(
33
+ (
34
+ v["V3Score"]
35
+ for v in vul["CVSS"].values()
36
+ if "V3Score" in v
37
+ ),
38
+ None,
39
+ )
40
+ ),
41
+ where=vul.get("PkgName", "")
42
+ + ":"
43
+ + vul.get("InstalledVersion", ""),
44
+ description=vul.get("Description", "").replace("\n", "")[:150],
45
+ severity=vul.get("Severity", "").lower(),
46
+ identification_date=datetime.now().strftime("%Y-%m-%dT%H:%M:%S%z"),
47
+ published_date_cve=self._check_date_format(vul),
48
+ module=module,
49
+ category=Category.VULNERABILITY,
50
+ requirements=vul.get("FixedVersion") or vul.get("Status", ""),
51
+ tool="Trivy",
52
+ )
53
+ for vul in vulnerabilities_data
54
+ if vul.get("CVSS") and vul.get("PublishedDate")
55
+ ]
56
+ list_open_vulnerabilities.extend(vulnerabilities)
57
+
54
58
  return list_open_vulnerabilities
55
59
 
56
60
  def get_container_context_from_results(
devsecops_engine_tools/version.py CHANGED
@@ -1 +1 @@
1
- version = '1.106.0'
1
+ version = '1.107.0'
{devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: devsecops-engine-tools
3
- Version: 1.106.0
3
+ Version: 1.107.0
4
4
  Summary: Tool for DevSecOps strategy
5
5
  Home-page: https://github.com/bancolombia/devsecops-engine-tools
6
6
  Author: Bancolombia DevSecOps Team
{devsecops_engine_tools-1.106.0.dist-info → devsecops_engine_tools-1.107.0.dist-info}/RECORD RENAMED
@@ -1,5 +1,5 @@
1
1
  devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
2
- devsecops_engine_tools/version.py,sha256=uNHlwFQzz1Ejya9vk5HWeS31G3xUHugM9uTD5V4C29A,20
2
+ devsecops_engine_tools/version.py,sha256=qbCx58WFfHecldYeOVxl0MDg3e6TaWnrwW7DzZ6hNcM,20
3
3
  devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
4
4
  devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
5
5
  devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -200,7 +200,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapt
200
200
  devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py,sha256=HTrbIronNbasyALapm0j3ZEaJCs7X7CRPS6uE_xPAMc,6049
201
201
  devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
202
202
  devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
203
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=23nTGgwFn_-fNKXJEy2iTV1gIFPE_VdQWX_d8XVEeus,8544
203
+ devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=mnQBDVbNghJgLIJDmvnn9PGZoOUVeXz7d9_gxm5-8Rg,8805
204
204
  devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
205
205
  devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=61OnP4ehmzh-tRbACgZsB4IJi6J6HT9E6KCOcuhvnRw,1185
206
206
  devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -372,7 +372,7 @@ devsecops_engine_tools/engine_utilities/ssh/managment_private_key.py,sha256=Tbe_
372
372
  devsecops_engine_tools/engine_utilities/trivy_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
373
373
  devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
374
374
  devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
375
- devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py,sha256=7jiZ3FRKEnWw542ei6g4ZnGkpX8RInWND_dGwJVgbrs,5321
375
+ devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_deserialize_output.py,sha256=Y2X4B9qgNRn1GdRfDHv-rb-v7dNP2Aifmqzq7R3BZFA,5512
376
376
  devsecops_engine_tools/engine_utilities/trivy_utils/infrastructure/driven_adapters/trivy_manager_scan_utils.py,sha256=9bUT0V-EFhdik8aNuGTI2i4OnT1YvFT7s7xu5M5sejM,2888
377
377
  devsecops_engine_tools/engine_utilities/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
378
378
  devsecops_engine_tools/engine_utilities/utils/api_error.py,sha256=yRbad5gNUHh5nALBKkRDi-d98JPmqAhw-QJEGW4psrw,528
@@ -383,8 +383,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
383
383
  devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
384
384
  devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
385
385
  devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
386
- devsecops_engine_tools-1.106.0.dist-info/METADATA,sha256=YRb9FlvrBq26rua87UyyUN-RvTJrDRGTpbMilyx7goo,3233
387
- devsecops_engine_tools-1.106.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
388
- devsecops_engine_tools-1.106.0.dist-info/entry_points.txt,sha256=OWAww5aBsGeMv0kWhSgVNB0ySKKpYuJd4dly0ikFPkc,283
389
- devsecops_engine_tools-1.106.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
390
- devsecops_engine_tools-1.106.0.dist-info/RECORD,,
386
+ devsecops_engine_tools-1.107.0.dist-info/METADATA,sha256=qwIOiQXMiKxBz6vHizJvphP5geGe_-x3jfyf75Gnn0k,3233
387
+ devsecops_engine_tools-1.107.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
388
+ devsecops_engine_tools-1.107.0.dist-info/entry_points.txt,sha256=OWAww5aBsGeMv0kWhSgVNB0ySKKpYuJd4dly0ikFPkc,283
389
+ devsecops_engine_tools-1.107.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
390
+ devsecops_engine_tools-1.107.0.dist-info/RECORD,,