devsecops-engine-tools 1.14.2__py3-none-any.whl → 1.14.4__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py +1 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py +1 -0
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py +3 -2
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py +3 -2
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py +3 -6
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py +25 -15
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/RECORD +12 -12
- {devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/top_level.txt +0 -0
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py
CHANGED
|
@@ -42,7 +42,7 @@ class RuntimeLocal(DevopsPlatformGateway):
|
|
|
42
42
|
return os.environ.get("DET_SOURCE_CODE_MANAGEMENT_URI")
|
|
43
43
|
|
|
44
44
|
def get_base_compact_remote_config_url(self, remote_config_repo):
|
|
45
|
-
return f"{os.environ.get(
|
|
45
|
+
return f"{os.environ.get('DET_BASE_COMPACT_REMOTE_CONFIG_URL')}?path=/"
|
|
46
46
|
|
|
47
47
|
def get_variable(self, variable):
|
|
48
48
|
env_variables = {
|
|
@@ -12,3 +12,4 @@ class DeserializeConfigTool:
|
|
|
12
12
|
self.enable_custom_rules = json_data[tool]["ENABLE_CUSTOM_RULES"]
|
|
13
13
|
self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"]
|
|
14
14
|
self.external_dir_repo = json_data[tool]["EXTERNAL_DIR_REPOSITORY"]
|
|
15
|
+
self.tool_version = json_data[tool]["VERSION"]
|
|
@@ -3,7 +3,7 @@ from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.Deseriali
|
|
|
3
3
|
|
|
4
4
|
class ToolGateway(metaclass=ABCMeta):
|
|
5
5
|
@abstractmethod
|
|
6
|
-
def install_tool(self, agent_os: str, agent_temp_dir:str) -> any:
|
|
6
|
+
def install_tool(self, agent_os: str, agent_temp_dir:str, version: str) -> any:
|
|
7
7
|
"install tool"
|
|
8
8
|
@abstractmethod
|
|
9
9
|
def run_tool_secret_scan(self,
|
|
@@ -13,5 +13,6 @@ class ToolGateway(metaclass=ABCMeta):
|
|
|
13
13
|
repository_name: str,
|
|
14
14
|
config_tool: DeserializeConfigTool,
|
|
15
15
|
secret_tool,
|
|
16
|
-
secret_external_checks
|
|
16
|
+
secret_external_checks,
|
|
17
|
+
agent_tem_dir:str) -> str:
|
|
17
18
|
"run tool secret scan"
|
|
@@ -34,7 +34,7 @@ class SecretScan:
|
|
|
34
34
|
file_path_findings = ""
|
|
35
35
|
secret_external_checks=dict_args["token_external_checks"]
|
|
36
36
|
if skip_tool == False:
|
|
37
|
-
self.tool_gateway.install_tool(self.devops_platform_gateway.get_variable("os"), self.devops_platform_gateway.get_variable("temp_directory"))
|
|
37
|
+
self.tool_gateway.install_tool(self.devops_platform_gateway.get_variable("os"), self.devops_platform_gateway.get_variable("temp_directory"), config_tool.tool_version)
|
|
38
38
|
files_pullrequest = self.git_gateway.get_files_pull_request(
|
|
39
39
|
self.devops_platform_gateway.get_variable("path_directory"),
|
|
40
40
|
self.devops_platform_gateway.get_variable("target_branch"),
|
|
@@ -52,7 +52,8 @@ class SecretScan:
|
|
|
52
52
|
self.devops_platform_gateway.get_variable("repository"),
|
|
53
53
|
config_tool,
|
|
54
54
|
secret_tool,
|
|
55
|
-
secret_external_checks
|
|
55
|
+
secret_external_checks,
|
|
56
|
+
self.devops_platform_gateway.get_variable("temp_directory"))
|
|
56
57
|
finding_list = self.tool_deserialize.get_list_vulnerability(
|
|
57
58
|
findings,
|
|
58
59
|
self.devops_platform_gateway.get_variable("os"),
|
|
@@ -14,20 +14,17 @@ class SecretScanDeserealizator(DeseralizatorGateway):
|
|
|
14
14
|
|
|
15
15
|
for result in results_scan_list:
|
|
16
16
|
where_text, raw_data = self.get_where_correctly(result, os, path_directory)
|
|
17
|
-
|
|
18
|
-
rule_name = extra_data.get("name") if extra_data else None
|
|
17
|
+
rule_name = result.get("Id", {})
|
|
19
18
|
|
|
20
|
-
if
|
|
19
|
+
if "MISCONFIGURATION_SCANNING" in rule_name:
|
|
21
20
|
description = "Actuator misconfiguration can leak sensitive information"
|
|
22
|
-
finding_id = "MISCONFIGURATION_SCANNING"
|
|
23
21
|
where = f"{where_text}, Misconfiguration: {raw_data}"
|
|
24
22
|
else:
|
|
25
23
|
description = "Sensitive information in source code"
|
|
26
|
-
finding_id = "SECRET_SCANNING"
|
|
27
24
|
where = f"{where_text}, Secret: {raw_data}"
|
|
28
25
|
|
|
29
26
|
vulnerability_open = Finding(
|
|
30
|
-
id=
|
|
27
|
+
id=result.get("Id", {}),
|
|
31
28
|
cvss=None,
|
|
32
29
|
where=where,
|
|
33
30
|
description=description,
|
|
@@ -19,26 +19,35 @@ result = []
|
|
|
19
19
|
|
|
20
20
|
|
|
21
21
|
class TrufflehogRun(ToolGateway):
|
|
22
|
-
def install_tool(self, agent_os, agent_temp_dir) -> any:
|
|
22
|
+
def install_tool(self, agent_os, agent_temp_dir, tool_version) -> any:
|
|
23
23
|
reg_exp_os = r"Windows"
|
|
24
24
|
check_os = re.search(reg_exp_os, agent_os)
|
|
25
|
+
reg_exp_tool = fr"{tool_version}"
|
|
25
26
|
if check_os:
|
|
26
|
-
|
|
27
|
+
command = f"{agent_temp_dir}/trufflehog.exe --version"
|
|
28
|
+
subprocess.run(command, shell=True)
|
|
29
|
+
result = subprocess.run(command, capture_output=True, shell=True)
|
|
30
|
+
output = result.stderr.strip()
|
|
31
|
+
check_tool = re.search(reg_exp_tool, output.decode("utf-8"))
|
|
32
|
+
if not check_tool:
|
|
33
|
+
self.run_install_win(agent_temp_dir, tool_version)
|
|
34
|
+
subprocess.run(command, shell=True)
|
|
27
35
|
else:
|
|
28
36
|
command = f"trufflehog --version"
|
|
37
|
+
subprocess.run(command, shell=True)
|
|
29
38
|
result = subprocess.run(command, capture_output=True, shell=True)
|
|
30
39
|
output = result.stderr.strip()
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
40
|
+
check_tool = re.search(reg_exp_tool, output.decode("utf-8"))
|
|
41
|
+
if not check_tool:
|
|
42
|
+
self.run_install(tool_version)
|
|
43
|
+
subprocess.run(command, shell=True)
|
|
35
44
|
|
|
36
|
-
def run_install(self):
|
|
37
|
-
command = f"curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin"
|
|
38
|
-
subprocess.run(command, capture_output=True, shell=True)
|
|
45
|
+
def run_install(self, tool_version):
|
|
46
|
+
command = f"curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin v{tool_version}"
|
|
47
|
+
res = subprocess.run(command, capture_output=True, shell=True)
|
|
39
48
|
|
|
40
|
-
def run_install_win(self, agent_temp_dir):
|
|
41
|
-
command_complete = f"powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; New-Item -Path {agent_temp_dir} -ItemType Directory -Force; Invoke-WebRequest -Uri 'https://
|
|
49
|
+
def run_install_win(self, agent_temp_dir, tool_version):
|
|
50
|
+
command_complete = f"powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; New-Item -Path {agent_temp_dir} -ItemType Directory -Force; Invoke-WebRequest -Uri 'https://github.com/trufflesecurity/trufflehog/releases/download/v{tool_version}/trufflehog_{tool_version}_windows_amd64.tar.gz' -OutFile {agent_temp_dir}/trufflehog.tar.gz -UseBasicParsing; tar -xzf {agent_temp_dir}/trufflehog.tar.gz -C {agent_temp_dir}; Remove-Item {agent_temp_dir}/trufflehog.tar.gz; $env:Path += '; + {agent_temp_dir}'; & {agent_temp_dir}/trufflehog.exe --version"
|
|
42
51
|
process = subprocess.Popen(
|
|
43
52
|
command_complete, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True
|
|
44
53
|
)
|
|
@@ -52,11 +61,12 @@ class TrufflehogRun(ToolGateway):
|
|
|
52
61
|
repository_name,
|
|
53
62
|
config_tool,
|
|
54
63
|
secret_tool,
|
|
55
|
-
secret_external_checks
|
|
64
|
+
secret_external_checks,
|
|
65
|
+
agent_temp_dir
|
|
56
66
|
):
|
|
57
67
|
trufflehog_command = "trufflehog"
|
|
58
68
|
if "Windows" in agent_os:
|
|
59
|
-
trufflehog_command = "
|
|
69
|
+
trufflehog_command = f"{agent_temp_dir}/trufflehog.exe"
|
|
60
70
|
with open(f"{agent_work_folder}/excludedPath.txt", "w") as file:
|
|
61
71
|
file.write("\n".join(config_tool.exclude_path))
|
|
62
72
|
exclude_path = f"{agent_work_folder}/excludedPath.txt"
|
|
@@ -102,6 +112,7 @@ class TrufflehogRun(ToolGateway):
|
|
|
102
112
|
include_paths.append(file_path)
|
|
103
113
|
with open(file_path, "w") as file:
|
|
104
114
|
for file_pr_path in chunk:
|
|
115
|
+
file_pr_path = str(file_pr_path).replace("/","\\\\")
|
|
105
116
|
file.write(f"{file_pr_path.strip()}\n")
|
|
106
117
|
return include_paths
|
|
107
118
|
|
|
@@ -140,8 +151,7 @@ class TrufflehogRun(ToolGateway):
|
|
|
140
151
|
original_where = original_where.replace("\\", "/")
|
|
141
152
|
where_text = original_where.replace(agent_work_folder, "")
|
|
142
153
|
find["SourceMetadata"]["Data"]["Filesystem"]["file"] = where_text
|
|
143
|
-
|
|
144
|
-
find["Id"] = "MISSCONFIGURATION_SCANNING" if name != None and "Actuator" in name else "SECRET_SCANNING"
|
|
154
|
+
find["Id"] = "MISSCONFIGURATION_SCANNING" if "exposure" in find["Raw"] else "SECRET_SCANNING"
|
|
145
155
|
json_str = json.dumps(find)
|
|
146
156
|
file.write(json_str + '\n')
|
|
147
157
|
return findings, file_findings
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.14.
|
|
1
|
+
version = '1.14.4'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=2J_f8M3bR3TFcOr2DGcx7X2B3u7YprPscf1C8c4F4sk,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -42,7 +42,7 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/git
|
|
|
42
42
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
43
43
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py,sha256=oEhsYOS5dmTtNOzpWNurWgLxth6vBhWVvVlKul9Heys,3884
|
|
44
44
|
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
45
|
-
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py,sha256=
|
|
45
|
+
devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py,sha256=qKINENZGbfV8XFF7fzUK6grQ5Jx7Nwv9xOqjjKlXp3o,2475
|
|
46
46
|
devsecops_engine_tools/engine_core/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
47
47
|
devsecops_engine_tools/engine_core/src/infrastructure/entry_points/entry_point_core.py,sha256=k6WLcv2NQj-OzV8lqmXef-Nyi9MLTzKWSWSM3qPFjvc,2081
|
|
48
48
|
devsecops_engine_tools/engine_core/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -140,19 +140,19 @@ devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_
|
|
|
140
140
|
devsecops_engine_tools/engine_sast/engine_secret/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
141
141
|
devsecops_engine_tools/engine_sast/engine_secret/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
142
142
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
143
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=
|
|
143
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=2YXBnWA3DGiEKNpRMgVk2CmgOFfJPzDbgexXHjJpaBU,884
|
|
144
144
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
145
145
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
146
146
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gateway_deserealizator.py,sha256=4fYPengHW3K0uVP6wHgOiNu-gRb08m78E7QZayZ2LC4,441
|
|
147
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=
|
|
147
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=0KIesfLrmRqRId9r-domGjca4oLNyDzSI4jajjjX_Qo,840
|
|
148
148
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
149
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=
|
|
149
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=unTB8GwpW45Mv0F4QBcUaVndovT0DdQjJKuFBiNCDhI,4357
|
|
150
150
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=k0LZd9PJpqEDns6DLYRGu9DzpRZeFsxAnowcjP5Rml4,2838
|
|
151
151
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
152
152
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
153
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
154
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=
|
|
155
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=
|
|
154
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
|
|
155
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=Xzl87yMsgha3_xHva9xHrPI2tiMwCucyUp3I8hK-sKQ,8083
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=NiA5-pRL6-tMuOa2Al-wIYq3uIMFBQrJd0w7ur16kgs,1049
|
|
158
158
|
devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -287,8 +287,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
287
287
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
288
288
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
289
289
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=esLnDBxP9MQBvV8noVohTrdWSVuljTKRpZgrn2kaD_c,192
|
|
290
|
-
devsecops_engine_tools-1.14.
|
|
291
|
-
devsecops_engine_tools-1.14.
|
|
292
|
-
devsecops_engine_tools-1.14.
|
|
293
|
-
devsecops_engine_tools-1.14.
|
|
294
|
-
devsecops_engine_tools-1.14.
|
|
290
|
+
devsecops_engine_tools-1.14.4.dist-info/METADATA,sha256=aTFaG18VFzp55D8Ks975P9kxRcUpr-Ltp2qHMFpr9os,10854
|
|
291
|
+
devsecops_engine_tools-1.14.4.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
292
|
+
devsecops_engine_tools-1.14.4.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
|
|
293
|
+
devsecops_engine_tools-1.14.4.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
294
|
+
devsecops_engine_tools-1.14.4.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.14.2.dist-info → devsecops_engine_tools-1.14.4.dist-info}/top_level.txt
RENAMED
|
File without changes
|