PyPI - devsecops-engine-tools - Versions diffs - 1.17.0__py3-none-any.whl → 1.17.1__py3-none-any.whl - Mend

devsecops-engine-tools 1.17.0py3-none-any.whl → 1.17.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (8) hide show

devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py CHANGED Viewed

@@ -13,3 +13,4 @@ class DeserializeConfigTool:
         self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"]
         self.external_dir_repo = json_data[tool]["EXTERNAL_DIR_REPOSITORY"]
         self.tool_version = json_data[tool]["VERSION"]
+        self.extradata_rules = json_data[tool]["RULES"]

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py CHANGED Viewed

@@ -94,7 +94,7 @@ class TrufflehogRun(ToolGateway):
                 [repository_name] * len(include_paths),
                 [enable_custom_rules] * len(include_paths),
             )
-        findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder)
+        findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder, config_tool)
         return  findings, file_findings
     def config_include_path(self, files, agent_work_folder, agent_os):
@@ -128,8 +128,8 @@ class TrufflehogRun(ToolGateway):
     ):
         command = f"{trufflehog_command} filesystem {agent_work_folder + '/' + repository_name} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
-        if enable_custom_rules == "true":
-            command = command.replace("--no-verification --json", "--config /tmp/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json")
+        if str(enable_custom_rules).lower() == "true":
+            command = command.replace("--no-verification --no-update --json", "--config /tmp/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json")
         result = subprocess.run(command, capture_output=True, shell=True, text=True, encoding='utf-8')
         return result.stdout.strip()
@@ -144,7 +144,7 @@ class TrufflehogRun(ToolGateway):
                         result.append(json_obj)
         return result
-    def create_file(self, findings, agent_work_folder):
+    def create_file(self, findings, agent_work_folder, config_tool):
         file_findings = os.path.join(agent_work_folder, "secret_scan_result.json")
         with open(file_findings, "w") as file:
             for find in findings:
@@ -152,7 +152,9 @@ class TrufflehogRun(ToolGateway):
                 original_where = original_where.replace("\\", "/")
                 where_text = original_where.replace(agent_work_folder, "")
                 find["SourceMetadata"]["Data"]["Filesystem"]["file"] = where_text
-                find["Id"] = "MISSCONFIGURATION_SCANNING" if "exposure" in find["Raw"] else "SECRET_SCANNING"
+                find["Id"] = "MISCONFIGURATION_SCANNING" if "exposure" in find["Raw"] else "SECRET_SCANNING"
+                find["References"] = config_tool.extradata_rules[find["Id"]]["References"] if "SECRET_SCANNING" not in find["Id"] else "N.A"
+                find["Mitigation"] = config_tool.extradata_rules[find["Id"]]["Mitigation"] if "SECRET_SCANNING" not in find["Id"] else "N.A"
                 json_str = json.dumps(find)
                 file.write(json_str + '\n')
         return findings, file_findings

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.17.0'
1	+ version = '1.17.1'

{devsecops_engine_tools-1.17.0.dist-info → devsecops_engine_tools-1.17.1.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.17.0
+Version: 1.17.1
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.17.0.dist-info → devsecops_engine_tools-1.17.1.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=MzQoSPABd45fuiVSL0Hxyz3S5B7-9HeNc1g4a1oKlOY,19
+devsecops_engine_tools/version.py,sha256=0sNIVdGl6teHLyJfh55ulmHcFArD6sztXiZevppt-Do,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -142,7 +142,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_
 devsecops_engine_tools/engine_sast/engine_secret/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=2YXBnWA3DGiEKNpRMgVk2CmgOFfJPzDbgexXHjJpaBU,884
+devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeConfigTool.py,sha256=vwV7OoH943fQvwSgoKqLnnB8XcuMwQsebrIXvQIgiTs,941
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gateway_deserealizator.py,sha256=4fYPengHW3K0uVP6wHgOiNu-gRb08m78E7QZayZ2LC4,441
@@ -154,7 +154,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
-devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=Q8KKDu-rFBxmsMnqRRtYMhO3u6e3Uumj61msKQDHVLs,8196
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=GcO8r_LjIjhPlyiUujAM23AK2ks1xl6hy3owyNXk5WI,8530
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=NiA5-pRL6-tMuOa2Al-wIYq3uIMFBQrJd0w7ur16kgs,1049
 devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -307,8 +307,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=r_mng-OVWeqQyy6yIFsCeJrvH81VUPI3o1zdJO0JS0I,397
-devsecops_engine_tools-1.17.0.dist-info/METADATA,sha256=f-E-4AUfAQIKU1HUjIVKBd_d5X4IcETjUTl1BFIOlKA,10895
-devsecops_engine_tools-1.17.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.17.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.17.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.17.0.dist-info/RECORD,,
+devsecops_engine_tools-1.17.1.dist-info/METADATA,sha256=AsMazqyFZJ1BF1l_CRjCRmIKMMITk17008LevuRWAy4,10895
+devsecops_engine_tools-1.17.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.17.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.17.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.17.1.dist-info/RECORD,,

{devsecops_engine_tools-1.17.0.dist-info → devsecops_engine_tools-1.17.1.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.17.0.dist-info → devsecops_engine_tools-1.17.1.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.17.0.dist-info → devsecops_engine_tools-1.17.1.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.17.0__py3-none-any.whl → 1.17.1__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.17.0py3-none-any.whl → 1.17.1py3-none-any.whl