devsecops-engine-tools 1.14.3__py3-none-any.whl → 1.14.5__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py +1 -0
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py +3 -2
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py +3 -2
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py +28 -16
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/RECORD +10 -10
- {devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/top_level.txt +0 -0
|
@@ -12,3 +12,4 @@ class DeserializeConfigTool:
|
|
|
12
12
|
self.enable_custom_rules = json_data[tool]["ENABLE_CUSTOM_RULES"]
|
|
13
13
|
self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"]
|
|
14
14
|
self.external_dir_repo = json_data[tool]["EXTERNAL_DIR_REPOSITORY"]
|
|
15
|
+
self.tool_version = json_data[tool]["VERSION"]
|
|
@@ -3,7 +3,7 @@ from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.Deseriali
|
|
|
3
3
|
|
|
4
4
|
class ToolGateway(metaclass=ABCMeta):
|
|
5
5
|
@abstractmethod
|
|
6
|
-
def install_tool(self, agent_os: str, agent_temp_dir:str) -> any:
|
|
6
|
+
def install_tool(self, agent_os: str, agent_temp_dir:str, version: str) -> any:
|
|
7
7
|
"install tool"
|
|
8
8
|
@abstractmethod
|
|
9
9
|
def run_tool_secret_scan(self,
|
|
@@ -13,5 +13,6 @@ class ToolGateway(metaclass=ABCMeta):
|
|
|
13
13
|
repository_name: str,
|
|
14
14
|
config_tool: DeserializeConfigTool,
|
|
15
15
|
secret_tool,
|
|
16
|
-
secret_external_checks
|
|
16
|
+
secret_external_checks,
|
|
17
|
+
agent_tem_dir:str) -> str:
|
|
17
18
|
"run tool secret scan"
|
|
@@ -34,7 +34,7 @@ class SecretScan:
|
|
|
34
34
|
file_path_findings = ""
|
|
35
35
|
secret_external_checks=dict_args["token_external_checks"]
|
|
36
36
|
if skip_tool == False:
|
|
37
|
-
self.tool_gateway.install_tool(self.devops_platform_gateway.get_variable("os"), self.devops_platform_gateway.get_variable("temp_directory"))
|
|
37
|
+
self.tool_gateway.install_tool(self.devops_platform_gateway.get_variable("os"), self.devops_platform_gateway.get_variable("temp_directory"), config_tool.tool_version)
|
|
38
38
|
files_pullrequest = self.git_gateway.get_files_pull_request(
|
|
39
39
|
self.devops_platform_gateway.get_variable("path_directory"),
|
|
40
40
|
self.devops_platform_gateway.get_variable("target_branch"),
|
|
@@ -52,7 +52,8 @@ class SecretScan:
|
|
|
52
52
|
self.devops_platform_gateway.get_variable("repository"),
|
|
53
53
|
config_tool,
|
|
54
54
|
secret_tool,
|
|
55
|
-
secret_external_checks
|
|
55
|
+
secret_external_checks,
|
|
56
|
+
self.devops_platform_gateway.get_variable("temp_directory"))
|
|
56
57
|
finding_list = self.tool_deserialize.get_list_vulnerability(
|
|
57
58
|
findings,
|
|
58
59
|
self.devops_platform_gateway.get_variable("os"),
|
|
@@ -19,26 +19,35 @@ result = []
|
|
|
19
19
|
|
|
20
20
|
|
|
21
21
|
class TrufflehogRun(ToolGateway):
|
|
22
|
-
def install_tool(self, agent_os, agent_temp_dir) -> any:
|
|
22
|
+
def install_tool(self, agent_os, agent_temp_dir, tool_version) -> any:
|
|
23
23
|
reg_exp_os = r"Windows"
|
|
24
24
|
check_os = re.search(reg_exp_os, agent_os)
|
|
25
|
+
reg_exp_tool = fr"{tool_version}"
|
|
25
26
|
if check_os:
|
|
26
|
-
|
|
27
|
+
command = f"{agent_temp_dir}/trufflehog.exe --version"
|
|
28
|
+
subprocess.run(command, shell=True)
|
|
29
|
+
result = subprocess.run(command, capture_output=True, shell=True)
|
|
30
|
+
output = result.stderr.strip()
|
|
31
|
+
check_tool = re.search(reg_exp_tool, output.decode("utf-8"))
|
|
32
|
+
if not check_tool:
|
|
33
|
+
self.run_install_win(agent_temp_dir, tool_version)
|
|
34
|
+
subprocess.run(command, shell=True)
|
|
27
35
|
else:
|
|
28
36
|
command = f"trufflehog --version"
|
|
37
|
+
subprocess.run(command, shell=True)
|
|
29
38
|
result = subprocess.run(command, capture_output=True, shell=True)
|
|
30
39
|
output = result.stderr.strip()
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
40
|
+
check_tool = re.search(reg_exp_tool, output.decode("utf-8"))
|
|
41
|
+
if not check_tool:
|
|
42
|
+
self.run_install(tool_version)
|
|
43
|
+
subprocess.run(command, shell=True)
|
|
35
44
|
|
|
36
|
-
def run_install(self):
|
|
37
|
-
command = f"curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin"
|
|
38
|
-
subprocess.run(command, capture_output=True, shell=True)
|
|
45
|
+
def run_install(self, tool_version):
|
|
46
|
+
command = f"curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin v{tool_version}"
|
|
47
|
+
res = subprocess.run(command, capture_output=True, shell=True)
|
|
39
48
|
|
|
40
|
-
def run_install_win(self, agent_temp_dir):
|
|
41
|
-
command_complete = f"powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; New-Item -Path {agent_temp_dir} -ItemType Directory -Force; Invoke-WebRequest -Uri 'https://
|
|
49
|
+
def run_install_win(self, agent_temp_dir, tool_version):
|
|
50
|
+
command_complete = f"powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; New-Item -Path {agent_temp_dir} -ItemType Directory -Force; Invoke-WebRequest -Uri 'https://github.com/trufflesecurity/trufflehog/releases/download/v{tool_version}/trufflehog_{tool_version}_windows_amd64.tar.gz' -OutFile {agent_temp_dir}/trufflehog.tar.gz -UseBasicParsing; tar -xzf {agent_temp_dir}/trufflehog.tar.gz -C {agent_temp_dir}; Remove-Item {agent_temp_dir}/trufflehog.tar.gz; $env:Path += '; + {agent_temp_dir}'; & {agent_temp_dir}/trufflehog.exe --version"
|
|
42
51
|
process = subprocess.Popen(
|
|
43
52
|
command_complete, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True
|
|
44
53
|
)
|
|
@@ -52,15 +61,16 @@ class TrufflehogRun(ToolGateway):
|
|
|
52
61
|
repository_name,
|
|
53
62
|
config_tool,
|
|
54
63
|
secret_tool,
|
|
55
|
-
secret_external_checks
|
|
64
|
+
secret_external_checks,
|
|
65
|
+
agent_temp_dir
|
|
56
66
|
):
|
|
57
67
|
trufflehog_command = "trufflehog"
|
|
58
68
|
if "Windows" in agent_os:
|
|
59
|
-
trufflehog_command = "
|
|
69
|
+
trufflehog_command = f"{agent_temp_dir}/trufflehog.exe"
|
|
60
70
|
with open(f"{agent_work_folder}/excludedPath.txt", "w") as file:
|
|
61
71
|
file.write("\n".join(config_tool.exclude_path))
|
|
62
72
|
exclude_path = f"{agent_work_folder}/excludedPath.txt"
|
|
63
|
-
include_paths = self.config_include_path(files_commits, agent_work_folder)
|
|
73
|
+
include_paths = self.config_include_path(files_commits, agent_work_folder, agent_os)
|
|
64
74
|
enable_custom_rules = config_tool.enable_custom_rules.lower()
|
|
65
75
|
secret = None
|
|
66
76
|
|
|
@@ -87,7 +97,7 @@ class TrufflehogRun(ToolGateway):
|
|
|
87
97
|
findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder)
|
|
88
98
|
return findings, file_findings
|
|
89
99
|
|
|
90
|
-
def config_include_path(self, files, agent_work_folder):
|
|
100
|
+
def config_include_path(self, files, agent_work_folder, agent_os):
|
|
91
101
|
chunks = []
|
|
92
102
|
if len(files) != 0:
|
|
93
103
|
chunk_size = (len(files) + 3) // 4
|
|
@@ -102,6 +112,8 @@ class TrufflehogRun(ToolGateway):
|
|
|
102
112
|
include_paths.append(file_path)
|
|
103
113
|
with open(file_path, "w") as file:
|
|
104
114
|
for file_pr_path in chunk:
|
|
115
|
+
if "Windows" in agent_os:
|
|
116
|
+
file_pr_path = str(file_pr_path).replace("/","\\\\")
|
|
105
117
|
file.write(f"{file_pr_path.strip()}\n")
|
|
106
118
|
return include_paths
|
|
107
119
|
|
|
@@ -119,7 +131,7 @@ class TrufflehogRun(ToolGateway):
|
|
|
119
131
|
if enable_custom_rules == "true":
|
|
120
132
|
command = command.replace("--no-verification --json", "--config /tmp/rules/trufflehog/custom-rules.yaml --no-verification --json")
|
|
121
133
|
|
|
122
|
-
result = subprocess.run(command, capture_output=True, shell=True, text=True)
|
|
134
|
+
result = subprocess.run(command, capture_output=True, shell=True, text=True, encoding='utf-8')
|
|
123
135
|
return result.stdout.strip()
|
|
124
136
|
|
|
125
137
|
def decode_output(self, results):
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.14.
|
|
1
|
+
version = '1.14.5'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=uy9W6zekNl77FZXiSrRUy8V36yn8DOoa_1rPXxHTEwE,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -140,19 +140,19 @@ devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_
|
|
|
140
140
|
devsecops_engine_tools/engine_sast/engine_secret/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
141
141
|
devsecops_engine_tools/engine_sast/engine_secret/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
142
142
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
143
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=
|
|
143
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=2YXBnWA3DGiEKNpRMgVk2CmgOFfJPzDbgexXHjJpaBU,884
|
|
144
144
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
145
145
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
146
146
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gateway_deserealizator.py,sha256=4fYPengHW3K0uVP6wHgOiNu-gRb08m78E7QZayZ2LC4,441
|
|
147
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=
|
|
147
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=0KIesfLrmRqRId9r-domGjca4oLNyDzSI4jajjjX_Qo,840
|
|
148
148
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
149
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=
|
|
149
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=unTB8GwpW45Mv0F4QBcUaVndovT0DdQjJKuFBiNCDhI,4357
|
|
150
150
|
devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=k0LZd9PJpqEDns6DLYRGu9DzpRZeFsxAnowcjP5Rml4,2838
|
|
151
151
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
152
152
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
153
153
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
154
154
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
|
|
155
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=
|
|
155
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=ALM9UNfXc2La9TbhCxJmO7yzxWCBk8ncZp_eLWMwz58,8172
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=NiA5-pRL6-tMuOa2Al-wIYq3uIMFBQrJd0w7ur16kgs,1049
|
|
158
158
|
devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -287,8 +287,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
287
287
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
288
288
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
289
289
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=esLnDBxP9MQBvV8noVohTrdWSVuljTKRpZgrn2kaD_c,192
|
|
290
|
-
devsecops_engine_tools-1.14.
|
|
291
|
-
devsecops_engine_tools-1.14.
|
|
292
|
-
devsecops_engine_tools-1.14.
|
|
293
|
-
devsecops_engine_tools-1.14.
|
|
294
|
-
devsecops_engine_tools-1.14.
|
|
290
|
+
devsecops_engine_tools-1.14.5.dist-info/METADATA,sha256=zQrb0gaGCqcXqGJVqBrYoNAeY9CAODIC45JoEm9YkpM,10854
|
|
291
|
+
devsecops_engine_tools-1.14.5.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
292
|
+
devsecops_engine_tools-1.14.5.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
|
|
293
|
+
devsecops_engine_tools-1.14.5.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
294
|
+
devsecops_engine_tools-1.14.5.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.14.3.dist-info → devsecops_engine_tools-1.14.5.dist-info}/top_level.txt
RENAMED
|
File without changes
|