devsecops-engine-tools 1.12.0__py3-none-any.whl → 1.13.0__py3-none-any.whl

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py

@@ -10,15 +10,29 @@ class SecretScanDeserealizator(DeseralizatorGateway):
 
     def get_list_vulnerability(self, results_scan_list: List[dict], os, path_directory) -> List[Finding]:
         list_open_vulnerabilities = []
+        current_date=datetime.now().strftime("%d%m%Y")
+
         for result in results_scan_list:
-            where_text, raw = self.get_where_correctly(result, os, path_directory)
+            where_text, raw_data = self.get_where_correctly(result, os, path_directory)
+            extra_data = result.get("ExtraData", {})
+            rule_name = extra_data.get("name") if extra_data else None
+
+            if rule_name and "Actuator" in rule_name:
+                description = "Actuator misconfiguration can leak sensitive information"
+                finding_id = "MISCONFIGURATION_SCANNING"
+                where = f"{where_text}, Misconfiguration: {raw_data}"
+            else:
+                description = "Sensitive information in source code"
+                finding_id = "SECRET_SCANNING"
+                where = f"{where_text}, Secret: {raw_data}"
+            
             vulnerability_open = Finding(
-                id="SECRET_SCANNING",
+                id=finding_id,
                 cvss=None,
-                where=f"{where_text}, Secret: {raw}",
-                description="Sensitive information in source code",
+                where=where,
+                description=description,
                 severity="critical",
-                identification_date=datetime.now().strftime("%d%m%Y"),
+                identification_date=current_date,
                 published_date_cve=None,
                 module="engine_secret",
                 category=Category.VULNERABILITY,

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.12.0'
+version = '1.13.0'

{devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.12.0
+Version: 1.13.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=_hM9gYjHieUUv92NWz7PuNTHTkGMFFY3PU1jjcd7tWM,19
+devsecops_engine_tools/version.py,sha256=S4z57D4tCF2zQOCzX87aN82c6BiKe5R6Ksq5xJTJULo,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -152,7 +152,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_c
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=WpFFswOmP38cLvfZHCrPDiRtdwH86n1CqVNS3K4s6uA,1968
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=MdE76XrltkegHjVnDdHWJptUNUZg_bJnsUynVG0MEKI,2565
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=8rLnIpvPeWNgujOO03q0GzjXhv_BAGicf7vyUqOe8jA,7157
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=TAEZ2HquyM_0ZWMh5_8-qE0OI5EMG0VfyOlypZswbLI,1019
@@ -286,8 +286,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=esLnDBxP9MQBvV8noVohTrdWSVuljTKRpZgrn2kaD_c,192
-devsecops_engine_tools-1.12.0.dist-info/METADATA,sha256=5vQsyP7UszBQcM0I_60LWiR_mwdP_rDtOZuDf6rose8,10854
-devsecops_engine_tools-1.12.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.12.0.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
-devsecops_engine_tools-1.12.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.12.0.dist-info/RECORD,,
+devsecops_engine_tools-1.13.0.dist-info/METADATA,sha256=HfgT5SJ2YGQX4-QwS0nnt9Rc65WvTgscd3SGMrn9LZI,10854
+devsecops_engine_tools-1.13.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.13.0.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
+devsecops_engine_tools-1.13.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.13.0.dist-info/RECORD,,