devsecops-engine-tools 1.12.0__py3-none-any.whl → 1.13.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py +28 -12
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py +19 -5
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/RECORD +8 -8
- {devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/top_level.txt +0 -0
|
@@ -51,7 +51,9 @@ class HandleRisk:
|
|
|
51
51
|
"Error getting finding list in handle risk: {0}".format(str(e))
|
|
52
52
|
)
|
|
53
53
|
|
|
54
|
-
def _filter_engagements(
|
|
54
|
+
def _filter_engagements(
|
|
55
|
+
self, engagements, service, endings_to_exclude, risk_config
|
|
56
|
+
):
|
|
55
57
|
filtered_engagements = []
|
|
56
58
|
min_word_length = risk_config["HANDLE_SERVICE_NAME"]["MIN_WORD_LENGTH"]
|
|
57
59
|
words = [
|
|
@@ -63,6 +65,7 @@ class HandleRisk:
|
|
|
63
65
|
]
|
|
64
66
|
check_words_regex = risk_config["HANDLE_SERVICE_NAME"]["REGEX_CHECK_WORDS"]
|
|
65
67
|
min_word_amount = risk_config["HANDLE_SERVICE_NAME"]["MIN_WORD_AMOUNT"]
|
|
68
|
+
|
|
66
69
|
for engagement in engagements:
|
|
67
70
|
if service.lower() in engagement.name.lower():
|
|
68
71
|
filtered_engagements += [engagement.name]
|
|
@@ -71,6 +74,13 @@ class HandleRisk:
|
|
|
71
74
|
>= min_word_amount
|
|
72
75
|
):
|
|
73
76
|
filtered_engagements += [engagement.name]
|
|
77
|
+
if endings_to_exclude:
|
|
78
|
+
filtered_engagements = [
|
|
79
|
+
engagement
|
|
80
|
+
for engagement in filtered_engagements
|
|
81
|
+
if not any(engagement.endswith(ending) for ending in endings_to_exclude)
|
|
82
|
+
]
|
|
83
|
+
|
|
74
84
|
return filtered_engagements
|
|
75
85
|
|
|
76
86
|
def _exclude_services(self, dict_args, pipeline_name, service_list):
|
|
@@ -82,16 +92,18 @@ class HandleRisk:
|
|
|
82
92
|
and risk_exclusions[pipeline_name].get("SKIP_SERVICE", 0)
|
|
83
93
|
and risk_exclusions[pipeline_name]["SKIP_SERVICE"].get("services", 0)
|
|
84
94
|
):
|
|
85
|
-
services_to_exclude =
|
|
86
|
-
"services", []
|
|
95
|
+
services_to_exclude = set(
|
|
96
|
+
risk_exclusions[pipeline_name]["SKIP_SERVICE"].get("services", [])
|
|
87
97
|
)
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
98
|
+
service_set = set(service_list)
|
|
99
|
+
|
|
100
|
+
remaining_services = list(service_set - services_to_exclude)
|
|
101
|
+
service_excluded = list(service_set & services_to_exclude)
|
|
102
|
+
|
|
93
103
|
print(f"Services to exclude: {service_excluded}")
|
|
94
104
|
logger.info(f"Services to exclude: {service_excluded}")
|
|
105
|
+
|
|
106
|
+
return remaining_services
|
|
95
107
|
return service_list
|
|
96
108
|
|
|
97
109
|
def process(self, dict_args: any, remote_config: any):
|
|
@@ -108,12 +120,16 @@ class HandleRisk:
|
|
|
108
120
|
service_list = []
|
|
109
121
|
|
|
110
122
|
if risk_config["HANDLE_SERVICE_NAME"]["ENABLED"].lower() == "true":
|
|
123
|
+
exclusive_endings = risk_config["HANDLE_SERVICE_NAME"]["EXCLUSIVE_ENDING"]
|
|
124
|
+
endings_to_exclude = [
|
|
125
|
+
ending
|
|
126
|
+
for ending in exclusive_endings
|
|
127
|
+
if not pipeline_name.endswith(ending)
|
|
128
|
+
]
|
|
111
129
|
service = next(
|
|
112
130
|
(
|
|
113
131
|
pipeline_name.replace(ending, "")
|
|
114
|
-
for ending in
|
|
115
|
-
"ERASE_SERVICE_ENDING"
|
|
116
|
-
]
|
|
132
|
+
for ending in exclusive_endings
|
|
117
133
|
if pipeline_name.endswith(ending)
|
|
118
134
|
),
|
|
119
135
|
pipeline_name,
|
|
@@ -131,7 +147,7 @@ class HandleRisk:
|
|
|
131
147
|
service_code, dict_args, secret_tool, remote_config
|
|
132
148
|
)
|
|
133
149
|
service_list += self._filter_engagements(
|
|
134
|
-
engagements, service, risk_config
|
|
150
|
+
engagements, service, endings_to_exclude, risk_config
|
|
135
151
|
)
|
|
136
152
|
|
|
137
153
|
service_list += [service]
|
|
@@ -10,15 +10,29 @@ class SecretScanDeserealizator(DeseralizatorGateway):
|
|
|
10
10
|
|
|
11
11
|
def get_list_vulnerability(self, results_scan_list: List[dict], os, path_directory) -> List[Finding]:
|
|
12
12
|
list_open_vulnerabilities = []
|
|
13
|
+
current_date=datetime.now().strftime("%d%m%Y")
|
|
14
|
+
|
|
13
15
|
for result in results_scan_list:
|
|
14
|
-
where_text,
|
|
16
|
+
where_text, raw_data = self.get_where_correctly(result, os, path_directory)
|
|
17
|
+
extra_data = result.get("ExtraData", {})
|
|
18
|
+
rule_name = extra_data.get("name") if extra_data else None
|
|
19
|
+
|
|
20
|
+
if rule_name and "Actuator" in rule_name:
|
|
21
|
+
description = "Actuator misconfiguration can leak sensitive information"
|
|
22
|
+
finding_id = "MISCONFIGURATION_SCANNING"
|
|
23
|
+
where = f"{where_text}, Misconfiguration: {raw_data}"
|
|
24
|
+
else:
|
|
25
|
+
description = "Sensitive information in source code"
|
|
26
|
+
finding_id = "SECRET_SCANNING"
|
|
27
|
+
where = f"{where_text}, Secret: {raw_data}"
|
|
28
|
+
|
|
15
29
|
vulnerability_open = Finding(
|
|
16
|
-
id=
|
|
30
|
+
id=finding_id,
|
|
17
31
|
cvss=None,
|
|
18
|
-
where=
|
|
19
|
-
description=
|
|
32
|
+
where=where,
|
|
33
|
+
description=description,
|
|
20
34
|
severity="critical",
|
|
21
|
-
identification_date=
|
|
35
|
+
identification_date=current_date,
|
|
22
36
|
published_date_cve=None,
|
|
23
37
|
module="engine_secret",
|
|
24
38
|
category=Category.VULNERABILITY,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.13.1'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=YQCm_iQg8r7tRfnANvMQq0h6p_X3Ysnx1OSne36q_9Y,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -26,7 +26,7 @@ devsecops_engine_tools/engine_core/src/domain/model/gateway/secrets_manager_gate
|
|
|
26
26
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py,sha256=c98JSdYYPyr82VZR4MRy49xSBVxueERbAS1mWwKqV6g,878
|
|
27
27
|
devsecops_engine_tools/engine_core/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
28
28
|
devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py,sha256=JP-i5SFaMN7Yi4uDCe_AE1kJ197g1IJGcwQdq-RYbk4,16198
|
|
29
|
-
devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py,sha256=
|
|
29
|
+
devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py,sha256=JWVYBs3O89r2WDv1R_Ww0G4RxruFslsX_th4_UykOLI,7585
|
|
30
30
|
devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py,sha256=yrPQdNvFNDeS4g4UxdxFDj-yw17K_OZ3T-HDEiePknE,7041
|
|
31
31
|
devsecops_engine_tools/engine_core/src/domain/usecases/metrics_manager.py,sha256=Xi0iNnPrFgqd2cBdAA5E_tgouhxs-BTo016aolnGgv8,2413
|
|
32
32
|
devsecops_engine_tools/engine_core/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -152,7 +152,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_c
|
|
|
152
152
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
153
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
154
154
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
155
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=
|
|
155
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=MdE76XrltkegHjVnDdHWJptUNUZg_bJnsUynVG0MEKI,2565
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=8rLnIpvPeWNgujOO03q0GzjXhv_BAGicf7vyUqOe8jA,7157
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
158
158
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=TAEZ2HquyM_0ZWMh5_8-qE0OI5EMG0VfyOlypZswbLI,1019
|
|
@@ -286,8 +286,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
286
286
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
287
287
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
288
288
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=esLnDBxP9MQBvV8noVohTrdWSVuljTKRpZgrn2kaD_c,192
|
|
289
|
-
devsecops_engine_tools-1.
|
|
290
|
-
devsecops_engine_tools-1.
|
|
291
|
-
devsecops_engine_tools-1.
|
|
292
|
-
devsecops_engine_tools-1.
|
|
293
|
-
devsecops_engine_tools-1.
|
|
289
|
+
devsecops_engine_tools-1.13.1.dist-info/METADATA,sha256=qhUXejOEk3l_1Wm9gcw5da2CiwuxFouXOGmJRQbd4BE,10854
|
|
290
|
+
devsecops_engine_tools-1.13.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
291
|
+
devsecops_engine_tools-1.13.1.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
|
|
292
|
+
devsecops_engine_tools-1.13.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
293
|
+
devsecops_engine_tools-1.13.1.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.12.0.dist-info → devsecops_engine_tools-1.13.1.dist-info}/top_level.txt
RENAMED
|
File without changes
|