devsecops-engine-tools 1.13.3__py3-none-any.whl → 1.14.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py +11 -18
- devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py +4 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py +14 -7
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py +2 -2
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/RECORD +10 -10
- {devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/top_level.txt +0 -0
|
@@ -51,9 +51,7 @@ class HandleRisk:
|
|
|
51
51
|
"Error getting finding list in handle risk: {0}".format(str(e))
|
|
52
52
|
)
|
|
53
53
|
|
|
54
|
-
def _filter_engagements(
|
|
55
|
-
self, engagements, service, endings_to_exclude, risk_config
|
|
56
|
-
):
|
|
54
|
+
def _filter_engagements(self, engagements, service, risk_config):
|
|
57
55
|
filtered_engagements = []
|
|
58
56
|
min_word_length = risk_config["HANDLE_SERVICE_NAME"]["MIN_WORD_LENGTH"]
|
|
59
57
|
words = [
|
|
@@ -65,21 +63,22 @@ class HandleRisk:
|
|
|
65
63
|
]
|
|
66
64
|
check_words_regex = risk_config["HANDLE_SERVICE_NAME"]["REGEX_CHECK_WORDS"]
|
|
67
65
|
min_word_amount = risk_config["HANDLE_SERVICE_NAME"]["MIN_WORD_AMOUNT"]
|
|
66
|
+
endings = risk_config["HANDLE_SERVICE_NAME"]["CHECK_ENDING"]
|
|
68
67
|
|
|
69
68
|
for engagement in engagements:
|
|
70
|
-
if service.lower()
|
|
69
|
+
if service.lower() == engagement.name.lower():
|
|
71
70
|
filtered_engagements += [engagement.name]
|
|
72
71
|
elif re.search(check_words_regex, engagement.name.lower()) and (
|
|
73
72
|
sum(1 for word in words if word.lower() in engagement.name.lower())
|
|
74
73
|
>= min_word_amount
|
|
75
74
|
):
|
|
76
75
|
filtered_engagements += [engagement.name]
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
76
|
+
elif endings:
|
|
77
|
+
if any(
|
|
78
|
+
(service.lower() + ending.lower() == engagement.name.lower())
|
|
79
|
+
for ending in endings
|
|
80
|
+
):
|
|
81
|
+
filtered_engagements += [engagement.name]
|
|
83
82
|
|
|
84
83
|
return filtered_engagements
|
|
85
84
|
|
|
@@ -144,16 +143,10 @@ class HandleRisk:
|
|
|
144
143
|
service_list = []
|
|
145
144
|
|
|
146
145
|
if risk_config["HANDLE_SERVICE_NAME"]["ENABLED"].lower() == "true":
|
|
147
|
-
exclusive_endings = risk_config["HANDLE_SERVICE_NAME"]["EXCLUSIVE_ENDING"]
|
|
148
|
-
endings_to_exclude = [
|
|
149
|
-
ending
|
|
150
|
-
for ending in exclusive_endings
|
|
151
|
-
if not pipeline_name.endswith(ending)
|
|
152
|
-
]
|
|
153
146
|
service = next(
|
|
154
147
|
(
|
|
155
148
|
pipeline_name.replace(ending, "")
|
|
156
|
-
for ending in
|
|
149
|
+
for ending in risk_config["HANDLE_SERVICE_NAME"]["CHECK_ENDING"]
|
|
157
150
|
if pipeline_name.endswith(ending)
|
|
158
151
|
),
|
|
159
152
|
pipeline_name,
|
|
@@ -171,7 +164,7 @@ class HandleRisk:
|
|
|
171
164
|
service_code, dict_args, secret_tool, remote_config
|
|
172
165
|
)
|
|
173
166
|
service_list += self._filter_engagements(
|
|
174
|
-
engagements, service,
|
|
167
|
+
engagements, service, risk_config
|
|
175
168
|
)
|
|
176
169
|
|
|
177
170
|
service_list += [service]
|
|
@@ -244,7 +244,10 @@ class BreakBuild:
|
|
|
244
244
|
report.risk_score = round(
|
|
245
245
|
remote_config["WEIGHTS"]["severity"].get(report.severity.lower(), 0)
|
|
246
246
|
+ remote_config["WEIGHTS"]["epss_score"] * report.epss_score
|
|
247
|
-
+
|
|
247
|
+
+ min(
|
|
248
|
+
remote_config["WEIGHTS"]["age"] * report.age,
|
|
249
|
+
remote_config["WEIGHTS"]["max_age"],
|
|
250
|
+
)
|
|
248
251
|
+ sum(
|
|
249
252
|
remote_config["WEIGHTS"]["tags"].get(tag, 0)
|
|
250
253
|
for tag in report.tags
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import re
|
|
1
2
|
from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore
|
|
2
3
|
from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import (
|
|
3
4
|
DeserializeConfigTool,
|
|
@@ -66,18 +67,24 @@ class SecretScan:
|
|
|
66
67
|
)
|
|
67
68
|
config_tool = DeserializeConfigTool(json_data=init_config_tool, tool=tool)
|
|
68
69
|
config_tool.scope_pipeline = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
69
|
-
|
|
70
|
+
|
|
71
|
+
skip_tool = bool(re.match(config_tool.ignore_search_pattern, config_tool.scope_pipeline, re.IGNORECASE))
|
|
72
|
+
|
|
73
|
+
return config_tool, skip_tool
|
|
70
74
|
|
|
71
|
-
def skip_from_exclusion(self, exclusions):
|
|
75
|
+
def skip_from_exclusion(self, exclusions, skip_tool_isp):
|
|
72
76
|
"""
|
|
73
77
|
Handle skip tool.
|
|
74
78
|
|
|
75
79
|
Return: bool: True -> skip tool, False -> not skip tool.
|
|
76
80
|
"""
|
|
77
|
-
|
|
78
|
-
if (pipeline_name in exclusions) and (
|
|
79
|
-
exclusions[pipeline_name].get("SKIP_TOOL", 0)
|
|
80
|
-
):
|
|
81
|
+
if(skip_tool_isp):
|
|
81
82
|
return True
|
|
82
83
|
else:
|
|
83
|
-
|
|
84
|
+
pipeline_name = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
85
|
+
if (pipeline_name in exclusions) and (
|
|
86
|
+
exclusions[pipeline_name].get("SKIP_TOOL", 0)
|
|
87
|
+
):
|
|
88
|
+
return True
|
|
89
|
+
else:
|
|
90
|
+
return False
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py
CHANGED
|
@@ -9,8 +9,8 @@ def engine_secret_scan(devops_platform_gateway, tool_gateway, dict_args, tool, t
|
|
|
9
9
|
dict_args["remote_config_repo"], "engine_sast/engine_secret/Exclusions.json"
|
|
10
10
|
)
|
|
11
11
|
secret_scan = SecretScan(tool_gateway, devops_platform_gateway, tool_deserealizator, git_gateway)
|
|
12
|
-
config_tool = secret_scan.complete_config_tool(dict_args, tool)
|
|
13
|
-
skip_tool = secret_scan.skip_from_exclusion(exclusions)
|
|
12
|
+
config_tool, skip_tool_isp = secret_scan.complete_config_tool(dict_args, tool)
|
|
13
|
+
skip_tool = secret_scan.skip_from_exclusion(exclusions, skip_tool_isp)
|
|
14
14
|
finding_list, file_path_findings = secret_scan.process(skip_tool, config_tool, secret_tool, dict_args)
|
|
15
15
|
input_core = SetInputCore(devops_platform_gateway, dict_args, tool, config_tool)
|
|
16
16
|
return finding_list, input_core.set_input_core(file_path_findings)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.14.1'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=xv2wmLelfn460ABKZW6zS5-YHtS6u54h1jksuJQyBJw,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -26,7 +26,7 @@ devsecops_engine_tools/engine_core/src/domain/model/gateway/secrets_manager_gate
|
|
|
26
26
|
devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py,sha256=c98JSdYYPyr82VZR4MRy49xSBVxueERbAS1mWwKqV6g,878
|
|
27
27
|
devsecops_engine_tools/engine_core/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
28
28
|
devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py,sha256=JP-i5SFaMN7Yi4uDCe_AE1kJ197g1IJGcwQdq-RYbk4,16198
|
|
29
|
-
devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py,sha256=
|
|
29
|
+
devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py,sha256=1vctNN5aSPGsSgrldPiYg2Fq86q6Z9DzFdazjWAm2Do,8133
|
|
30
30
|
devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py,sha256=yrPQdNvFNDeS4g4UxdxFDj-yw17K_OZ3T-HDEiePknE,7041
|
|
31
31
|
devsecops_engine_tools/engine_core/src/domain/usecases/metrics_manager.py,sha256=Xi0iNnPrFgqd2cBdAA5E_tgouhxs-BTo016aolnGgv8,2413
|
|
32
32
|
devsecops_engine_tools/engine_core/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -73,7 +73,7 @@ devsecops_engine_tools/engine_risk/src/domain/model/gateways/__init__.py,sha256=
|
|
|
73
73
|
devsecops_engine_tools/engine_risk/src/domain/model/gateways/add_epss_gateway.py,sha256=cTm4QSxiaUt7ETCdXWZxKEus8pmEDA3e9k5b39SLDDE,178
|
|
74
74
|
devsecops_engine_tools/engine_risk/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
75
75
|
devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-q7hJfJscvrbMDcy7tONqxdxl-CSl_TWTRUGKA,402
|
|
76
|
-
devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=
|
|
76
|
+
devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=sYcsReL3FF_9_NTEcK-sFCFHK5Hi9zJrMpD4cDLAX4w,11380
|
|
77
77
|
devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=o4vMpmgt5q1BsaWpGZWdCHPVs1CFyj-P3TrgOSEBcqM,2327
|
|
78
78
|
devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=w18CVVSs0mkfLYo7f-wZJv1afoPWzEU-IBKUzk7LMYI,832
|
|
79
79
|
devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -147,7 +147,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/__init
|
|
|
147
147
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gateway_deserealizator.py,sha256=4fYPengHW3K0uVP6wHgOiNu-gRb08m78E7QZayZ2LC4,441
|
|
148
148
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=KncnzIAmjmnt3qNWiRY0bnEvk_L68V16xQIILsWjhUg,778
|
|
149
149
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
150
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=
|
|
150
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=oo1_vnrWagU1u6W9-xA_3OrviFNgzucT2phzcWwE7zw,4249
|
|
151
151
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=k0LZd9PJpqEDns6DLYRGu9DzpRZeFsxAnowcjP5Rml4,2838
|
|
152
152
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
153
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -155,7 +155,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapt
|
|
|
155
155
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=MdE76XrltkegHjVnDdHWJptUNUZg_bJnsUynVG0MEKI,2565
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=r3JvkTE8injqbFcymevPw4rn-5w6dsOGxWz0NRKx4kg,7367
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
158
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=
|
|
158
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=NiA5-pRL6-tMuOa2Al-wIYq3uIMFBQrJd0w7ur16kgs,1049
|
|
159
159
|
devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
160
160
|
devsecops_engine_tools/engine_sca/engine_container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
161
161
|
devsecops_engine_tools/engine_sca/engine_container/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -286,8 +286,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
286
286
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
287
287
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
288
288
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=esLnDBxP9MQBvV8noVohTrdWSVuljTKRpZgrn2kaD_c,192
|
|
289
|
-
devsecops_engine_tools-1.
|
|
290
|
-
devsecops_engine_tools-1.
|
|
291
|
-
devsecops_engine_tools-1.
|
|
292
|
-
devsecops_engine_tools-1.
|
|
293
|
-
devsecops_engine_tools-1.
|
|
289
|
+
devsecops_engine_tools-1.14.1.dist-info/METADATA,sha256=dFexub6hqzGqPL3h5tGnPpGj14w0D3WJZi034J0tZrE,10854
|
|
290
|
+
devsecops_engine_tools-1.14.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
291
|
+
devsecops_engine_tools-1.14.1.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
|
|
292
|
+
devsecops_engine_tools-1.14.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
293
|
+
devsecops_engine_tools-1.14.1.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.13.3.dist-info → devsecops_engine_tools-1.14.1.dist-info}/top_level.txt
RENAMED
|
File without changes
|