devsecops-engine-tools 1.15.0__py3-none-any.whl → 1.16.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +1 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py +17 -7
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +18 -3
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py +5 -6
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/METADATA +2 -2
- {devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/RECORD +10 -10
- {devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/top_level.txt +0 -0
|
@@ -97,7 +97,7 @@ def get_inputs_from_cli(args):
|
|
|
97
97
|
parser.add_argument(
|
|
98
98
|
"-p",
|
|
99
99
|
"--platform",
|
|
100
|
-
type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi"}),
|
|
100
|
+
type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi", "terraform"}),
|
|
101
101
|
required=False,
|
|
102
102
|
default="all",
|
|
103
103
|
help="Platform to scan, only apply engine_iac tool",
|
|
@@ -10,23 +10,33 @@ from dataclasses import dataclass
|
|
|
10
10
|
class CheckovDeserealizator:
|
|
11
11
|
@classmethod
|
|
12
12
|
def get_list_finding(
|
|
13
|
-
cls, results_scan_list: list, rules
|
|
13
|
+
cls, results_scan_list: list, rules, default_severity, default_category
|
|
14
14
|
) -> "list[Finding]":
|
|
15
|
-
list_open_findings = []
|
|
16
15
|
|
|
16
|
+
list_open_findings = []
|
|
17
17
|
for result in results_scan_list:
|
|
18
18
|
if "failed_checks" in str(result):
|
|
19
19
|
for scan in result["results"]["failed_checks"]:
|
|
20
|
+
check_id = scan.get("check_id")
|
|
21
|
+
if not rules.get(check_id):
|
|
22
|
+
description = scan.get("check_name")
|
|
23
|
+
severity = default_severity.lower()
|
|
24
|
+
category = default_category.lower()
|
|
25
|
+
else:
|
|
26
|
+
description = rules[check_id].get("checkID", scan.get("check_name"))
|
|
27
|
+
severity = rules[check_id].get("severity").lower()
|
|
28
|
+
category = rules[check_id].get("category").lower()
|
|
29
|
+
|
|
20
30
|
finding_open = Finding(
|
|
21
|
-
id=
|
|
31
|
+
id=check_id,
|
|
22
32
|
cvss=None,
|
|
23
|
-
where
|
|
24
|
-
description=
|
|
25
|
-
severity=
|
|
33
|
+
where=scan.get("repo_file_path") + ": " + str(scan.get("resource")),
|
|
34
|
+
description=description,
|
|
35
|
+
severity=severity,
|
|
26
36
|
identification_date=datetime.now().strftime("%d%m%Y"),
|
|
27
37
|
published_date_cve=None,
|
|
28
38
|
module="engine_iac",
|
|
29
|
-
category=Category(
|
|
39
|
+
category=Category(category),
|
|
30
40
|
requirements=scan.get("guideline"),
|
|
31
41
|
tool="Checkov"
|
|
32
42
|
)
|
|
@@ -42,12 +42,14 @@ class CheckovTool(ToolGateway):
|
|
|
42
42
|
"RULES_K8S": "kubernetes",
|
|
43
43
|
"RULES_CLOUDFORMATION": "cloudformation",
|
|
44
44
|
"RULES_OPENAPI": "openapi",
|
|
45
|
+
"RULES_TERRAFORM": "terraform"
|
|
45
46
|
}
|
|
46
47
|
framework_external_checks = [
|
|
47
48
|
"RULES_K8S",
|
|
48
49
|
"RULES_CLOUDFORMATION",
|
|
49
50
|
"RULES_DOCKER",
|
|
50
51
|
"RULES_OPENAPI",
|
|
52
|
+
"RULES_TERRAFORM"
|
|
51
53
|
]
|
|
52
54
|
|
|
53
55
|
def create_config_file(self, checkov_config: CheckovConfig):
|
|
@@ -191,10 +193,14 @@ class CheckovTool(ToolGateway):
|
|
|
191
193
|
if "all" in platform_to_scan or any(
|
|
192
194
|
elem.upper() in rule for elem in platform_to_scan
|
|
193
195
|
):
|
|
196
|
+
framework = [self.framework_mapping[rule]]
|
|
197
|
+
if "terraform" in platform_to_scan or ("all" in platform_to_scan and self.framework_mapping[rule] == "terraform"):
|
|
198
|
+
framework.append("terraform_plan")
|
|
199
|
+
|
|
194
200
|
checkov_config = CheckovConfig(
|
|
195
201
|
path_config_file="",
|
|
196
202
|
config_file_name=rule,
|
|
197
|
-
framework=
|
|
203
|
+
framework=framework,
|
|
198
204
|
checks=[
|
|
199
205
|
key
|
|
200
206
|
for key, value in config_tool[self.TOOL_CHECKOV]["RULES"][
|
|
@@ -287,12 +293,21 @@ class CheckovTool(ToolGateway):
|
|
|
287
293
|
|
|
288
294
|
checkov_deserealizator = CheckovDeserealizator()
|
|
289
295
|
findings_list = checkov_deserealizator.get_list_finding(
|
|
290
|
-
result_scans,
|
|
296
|
+
result_scans,
|
|
297
|
+
rules_run,
|
|
298
|
+
config_tool[self.TOOL_CHECKOV]["DEFAULT_SEVERITY"],
|
|
299
|
+
config_tool[self.TOOL_CHECKOV]["DEFAULT_CATEGORY"]
|
|
291
300
|
)
|
|
292
301
|
|
|
293
302
|
return (
|
|
294
303
|
findings_list,
|
|
295
|
-
generate_file_from_tool(
|
|
304
|
+
generate_file_from_tool(
|
|
305
|
+
self.TOOL_CHECKOV,
|
|
306
|
+
result_scans,
|
|
307
|
+
rules_run,
|
|
308
|
+
config_tool[self.TOOL_CHECKOV]["DEFAULT_SEVERITY"],
|
|
309
|
+
config_tool[self.TOOL_CHECKOV]["DEFAULT_CATEGORY"]
|
|
310
|
+
),
|
|
296
311
|
)
|
|
297
312
|
else:
|
|
298
313
|
return [], None
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py
CHANGED
|
@@ -6,7 +6,7 @@ from devsecops_engine_tools.engine_utilities import settings
|
|
|
6
6
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
7
7
|
|
|
8
8
|
|
|
9
|
-
def generate_file_from_tool(tool, result_list, rules_doc):
|
|
9
|
+
def generate_file_from_tool(tool, result_list, rules_doc, default_severity, default_category):
|
|
10
10
|
if tool == "CHECKOV":
|
|
11
11
|
try:
|
|
12
12
|
if len(result_list) > 0:
|
|
@@ -20,7 +20,7 @@ def generate_file_from_tool(tool, result_list, rules_doc):
|
|
|
20
20
|
for result in result_list:
|
|
21
21
|
failed_checks = result.get("results", {}).get("failed_checks", [])
|
|
22
22
|
all_failed_checks.extend(
|
|
23
|
-
map(lambda x: update_fields(x, rules_doc), failed_checks)
|
|
23
|
+
map(lambda x: update_fields(x, rules_doc, default_severity, default_category), failed_checks)
|
|
24
24
|
)
|
|
25
25
|
summary_passed += result.get("summary", {}).get("passed", 0)
|
|
26
26
|
summary_failed += result.get("summary", {}).get("failed", 0)
|
|
@@ -60,15 +60,14 @@ def generate_file_from_tool(tool, result_list, rules_doc):
|
|
|
60
60
|
logger.error(f"Error during handling checkov json integrator {ex}")
|
|
61
61
|
|
|
62
62
|
|
|
63
|
-
def update_fields(check_result, rules_doc):
|
|
63
|
+
def update_fields(check_result, rules_doc, default_severity, default_category):
|
|
64
64
|
rule_info = rules_doc.get(check_result.get("check_id"), {})
|
|
65
65
|
|
|
66
|
-
check_result["severity"] = rule_info
|
|
66
|
+
check_result["severity"] = rule_info.get("severity", default_severity)
|
|
67
|
+
check_result["bc_category"] = rule_info.get("category", default_category)
|
|
67
68
|
if "customID" in rule_info:
|
|
68
69
|
check_result["custom_vuln_id"] = rule_info["customID"]
|
|
69
70
|
if "guideline" in rule_info:
|
|
70
71
|
check_result["guideline"] = rule_info["guideline"]
|
|
71
|
-
if "category" in rule_info:
|
|
72
|
-
check_result["bc_category"] = rule_info["category"]
|
|
73
72
|
|
|
74
73
|
return check_result
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.16.0'
|
{devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/METADATA
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: devsecops-engine-tools
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.16.0
|
|
4
4
|
Summary: Tool for DevSecOps strategy
|
|
5
5
|
Home-page: https://github.com/bancolombia/devsecops-engine-tools
|
|
6
6
|
Author: Bancolombia DevSecOps Team
|
|
@@ -67,7 +67,7 @@ pip3 install devsecops-engine-tools
|
|
|
67
67
|
### Scan running - flags (CLI)
|
|
68
68
|
|
|
69
69
|
```bash
|
|
70
|
-
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code and engine_dependencies"] --platform ["k8s","cloudformation","docker", "openapi"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"]
|
|
70
|
+
devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code and engine_dependencies"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"]
|
|
71
71
|
```
|
|
72
72
|
|
|
73
73
|
### Structure Remote Config
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=tT_8ISLXFdCq-Rgso5Q9lk3Q5eDlHoUO7dbUcqFExA0,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=
|
|
6
|
+
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=9QaRFl_QYXSLxK_Qo5B84Jyeq7iZP9WeLc2ioSdkLOc,7209
|
|
7
7
|
devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
8
|
devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
9
|
devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -121,8 +121,8 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/__init__.py,sha
|
|
|
121
121
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
122
122
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
123
123
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=qbE6wUO5_WFXF_QolL0JYelaRGEOUakPEZR_6HAKzzI,4355
|
|
124
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=
|
|
125
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=
|
|
124
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=l_opY909gh1m3k2ud2xDrCVnDTBe3ApYT75juBf_uMk,1836
|
|
125
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=8gbf4nGWxjaF6c9H6rEvPZg3JksZ8rn8ShEZRaxGgUI,11506
|
|
126
126
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
127
127
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=b1X5GWz2snJtsKZcGEsILNc178hv9p-lg-el0Jc-_Eo,2084
|
|
128
128
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=8lda0A7huVSWgq2zMAN92vQv4ug0HiQMATGdXV5lgyA,5202
|
|
@@ -132,7 +132,7 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
|
|
|
132
132
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
133
133
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py,sha256=60iaHYZZp5uTngD7a8vsQaQYsTfBzP_kp0xflfPNnk4,305
|
|
134
134
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
135
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py,sha256=
|
|
135
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py,sha256=O81l8ID6-1ozaL4qzbBLZINFyTV1sQiL1PurxPOpnc8,3192
|
|
136
136
|
devsecops_engine_tools/engine_sast/engine_secret/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
137
137
|
devsecops_engine_tools/engine_sast/engine_secret/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
138
138
|
devsecops_engine_tools/engine_sast/engine_secret/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -305,8 +305,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
305
305
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
306
306
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
307
307
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=r_mng-OVWeqQyy6yIFsCeJrvH81VUPI3o1zdJO0JS0I,397
|
|
308
|
-
devsecops_engine_tools-1.
|
|
309
|
-
devsecops_engine_tools-1.
|
|
310
|
-
devsecops_engine_tools-1.
|
|
311
|
-
devsecops_engine_tools-1.
|
|
312
|
-
devsecops_engine_tools-1.
|
|
308
|
+
devsecops_engine_tools-1.16.0.dist-info/METADATA,sha256=YXRISLfqURRXsKhLnN19CzANuAERAVKU_tNuUoCBoF4,10867
|
|
309
|
+
devsecops_engine_tools-1.16.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
310
|
+
devsecops_engine_tools-1.16.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
311
|
+
devsecops_engine_tools-1.16.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
312
|
+
devsecops_engine_tools-1.16.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.15.0.dist-info → devsecops_engine_tools-1.16.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|