devsecops-engine-tools 1.19.2__py3-none-any.whl → 1.20.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py +6 -5
- devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py +19 -0
- devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py +9 -0
- devsecops_engine_tools/engine_utilities/utils/utils.py +10 -5
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/RECORD +10 -9
- {devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/top_level.txt +0 -0
|
@@ -25,6 +25,7 @@ class BreakBuild:
|
|
|
25
25
|
vm_exclusions: "list[Exclusions]",
|
|
26
26
|
report_list: "list[Report]",
|
|
27
27
|
all_report: "list[Report]",
|
|
28
|
+
threshold: any,
|
|
28
29
|
):
|
|
29
30
|
self.devops_platform_gateway = devops_platform_gateway
|
|
30
31
|
self.printer_table_gateway = printer_table_gateway
|
|
@@ -33,6 +34,7 @@ class BreakBuild:
|
|
|
33
34
|
self.vm_exclusions = vm_exclusions
|
|
34
35
|
self.report_list = report_list
|
|
35
36
|
self.all_report = all_report
|
|
37
|
+
self.threshold = threshold
|
|
36
38
|
self.break_build = False
|
|
37
39
|
self.warning_build = False
|
|
38
40
|
self.report_breaker = []
|
|
@@ -117,13 +119,12 @@ class BreakBuild:
|
|
|
117
119
|
print(self.devops_platform_gateway.result_pipeline("succeeded"))
|
|
118
120
|
|
|
119
121
|
def _remediation_rate_control(self, all_report: "list[Report]"):
|
|
120
|
-
remote_config = self.remote_config
|
|
121
122
|
mitigated = sum(1 for report in all_report if report.mitigated)
|
|
122
123
|
total = len(all_report)
|
|
123
124
|
print(f"Mitigated count: {mitigated} Total count: {total}")
|
|
124
125
|
remediation_rate_value = self._get_percentage(mitigated / total)
|
|
125
126
|
|
|
126
|
-
risk_threshold =
|
|
127
|
+
risk_threshold = self.threshold["REMEDIATION_RATE"]
|
|
127
128
|
self.remediation_rate = remediation_rate_value
|
|
128
129
|
|
|
129
130
|
if remediation_rate_value >= (risk_threshold + 5):
|
|
@@ -202,8 +203,8 @@ class BreakBuild:
|
|
|
202
203
|
def _tag_blacklist_control(self, report_list: "list[Report]"):
|
|
203
204
|
remote_config = self.remote_config
|
|
204
205
|
if report_list:
|
|
205
|
-
tag_blacklist = set(remote_config["
|
|
206
|
-
tag_age_threshold =
|
|
206
|
+
tag_blacklist = set(remote_config["TAG_BLACKLIST"])
|
|
207
|
+
tag_age_threshold = self.threshold["TAG_MAX_AGE"]
|
|
207
208
|
|
|
208
209
|
filtered_reports_above_threshold = [
|
|
209
210
|
(report, tag)
|
|
@@ -247,7 +248,7 @@ class BreakBuild:
|
|
|
247
248
|
|
|
248
249
|
def _risk_score_control(self, report_list: "list[Report]"):
|
|
249
250
|
remote_config = self.remote_config
|
|
250
|
-
risk_score_threshold =
|
|
251
|
+
risk_score_threshold = self.threshold["RISK_SCORE"]
|
|
251
252
|
break_build = False
|
|
252
253
|
if report_list:
|
|
253
254
|
for report in report_list:
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import re
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
class CheckThreshold:
|
|
5
|
+
def __init__(self, pipeline_name, threshold, risk_exclusions):
|
|
6
|
+
self.pipeline_name = pipeline_name
|
|
7
|
+
self.threshold = threshold
|
|
8
|
+
self.risk_exclusions = risk_exclusions
|
|
9
|
+
|
|
10
|
+
def process(self):
|
|
11
|
+
if (self.pipeline_name in self.risk_exclusions.keys()) and (
|
|
12
|
+
self.risk_exclusions[self.pipeline_name].get("THRESHOLD", None)
|
|
13
|
+
):
|
|
14
|
+
return self.risk_exclusions[self.pipeline_name]["THRESHOLD"]
|
|
15
|
+
elif "BY_PATTERN_SEARCH" in self.risk_exclusions.keys():
|
|
16
|
+
for pattern, values in self.risk_exclusions["BY_PATTERN_SEARCH"].items():
|
|
17
|
+
if re.match(pattern, self.pipeline_name):
|
|
18
|
+
return values["THRESHOLD"]
|
|
19
|
+
return self.threshold
|
|
@@ -10,6 +10,9 @@ from devsecops_engine_tools.engine_risk.src.domain.usecases.add_data import (
|
|
|
10
10
|
from devsecops_engine_tools.engine_risk.src.domain.usecases.get_exclusions import (
|
|
11
11
|
GetExclusions,
|
|
12
12
|
)
|
|
13
|
+
from devsecops_engine_tools.engine_risk.src.domain.usecases.check_threshold import (
|
|
14
|
+
CheckThreshold,
|
|
15
|
+
)
|
|
13
16
|
|
|
14
17
|
|
|
15
18
|
from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
|
|
@@ -33,6 +36,7 @@ def init_engine_risk(
|
|
|
33
36
|
risk_exclusions = devops_platform_gateway.get_remote_config(
|
|
34
37
|
dict_args["remote_config_repo"], "engine_risk/Exclusions.json"
|
|
35
38
|
)
|
|
39
|
+
pipeline_name = devops_platform_gateway.get_variable("pipeline_name")
|
|
36
40
|
|
|
37
41
|
if not findings:
|
|
38
42
|
print("No findings found in Vulnerability Management Platform")
|
|
@@ -61,6 +65,10 @@ def init_engine_risk(
|
|
|
61
65
|
)
|
|
62
66
|
exclusions = get_exclusions.process()
|
|
63
67
|
|
|
68
|
+
threshold = CheckThreshold(
|
|
69
|
+
pipeline_name, remote_config["THRESHOLD"], risk_exclusions
|
|
70
|
+
).process()
|
|
71
|
+
|
|
64
72
|
break_build = BreakBuild(
|
|
65
73
|
devops_platform_gateway,
|
|
66
74
|
print_table_gateway,
|
|
@@ -69,6 +77,7 @@ def init_engine_risk(
|
|
|
69
77
|
vm_exclusions,
|
|
70
78
|
data_added,
|
|
71
79
|
findings,
|
|
80
|
+
threshold,
|
|
72
81
|
)
|
|
73
82
|
|
|
74
83
|
return break_build.process()
|
|
@@ -6,6 +6,9 @@ from devsecops_engine_tools.engine_core.src.domain.model.threshold import Thresh
|
|
|
6
6
|
from devsecops_engine_tools.engine_core.src.domain.model.level_vulnerability import (
|
|
7
7
|
LevelVulnerability,
|
|
8
8
|
)
|
|
9
|
+
from devsecops_engine_tools.engine_core.src.domain.model.level_compliance import (
|
|
10
|
+
LevelCompliance,
|
|
11
|
+
)
|
|
9
12
|
|
|
10
13
|
|
|
11
14
|
class Utils:
|
|
@@ -20,21 +23,23 @@ class Utils:
|
|
|
20
23
|
return base64_token
|
|
21
24
|
|
|
22
25
|
def update_threshold(self, threshold: Threshold, exclusions_data, pipeline_name):
|
|
23
|
-
def
|
|
24
|
-
threshold.vulnerability = LevelVulnerability(
|
|
26
|
+
def set_threshold(new_threshold):
|
|
27
|
+
threshold.vulnerability = LevelVulnerability(new_threshold.get("VULNERABILITY"))
|
|
28
|
+
threshold.compliance = LevelCompliance(new_threshold.get("COMPLIANCE")) if new_threshold.get("COMPLIANCE") else threshold.compliance
|
|
29
|
+
threshold.cve = new_threshold.get("CVE") if new_threshold.get("CVE") is not None else threshold.cve
|
|
25
30
|
return threshold
|
|
26
31
|
|
|
27
32
|
threshold_pipeline = exclusions_data.get(pipeline_name, {}).get("THRESHOLD", {})
|
|
28
33
|
if threshold_pipeline:
|
|
29
|
-
return
|
|
34
|
+
return set_threshold(threshold_pipeline)
|
|
30
35
|
|
|
31
36
|
search_patterns = exclusions_data.get("BY_PATTERN_SEARCH", {})
|
|
32
37
|
|
|
33
38
|
match_pattern = next(
|
|
34
|
-
(v["THRESHOLD"]
|
|
39
|
+
(v["THRESHOLD"]
|
|
35
40
|
for pattern, v in search_patterns.items()
|
|
36
41
|
if re.match(pattern, pipeline_name, re.IGNORECASE)),
|
|
37
42
|
None
|
|
38
43
|
)
|
|
39
44
|
|
|
40
|
-
return
|
|
45
|
+
return set_threshold(match_pattern) if match_pattern else threshold
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.20.0'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=YYeXSw7JjRqi5jpPVZq7i04XOPerli8sVoH9kHjc3eo,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -74,7 +74,8 @@ devsecops_engine_tools/engine_risk/src/domain/model/gateways/__init__.py,sha256=
|
|
|
74
74
|
devsecops_engine_tools/engine_risk/src/domain/model/gateways/add_epss_gateway.py,sha256=cTm4QSxiaUt7ETCdXWZxKEus8pmEDA3e9k5b39SLDDE,178
|
|
75
75
|
devsecops_engine_tools/engine_risk/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
76
76
|
devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-q7hJfJscvrbMDcy7tONqxdxl-CSl_TWTRUGKA,402
|
|
77
|
-
devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=
|
|
77
|
+
devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=BS4oRY0-ZK59xaVxMHxyEs4IRxLSq_lkjvYwH2BmgtE,11814
|
|
78
|
+
devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py,sha256=VYdmcbAuNNvdHCegRfvza7YJ8FHbFNyDosrKJrMW93I,765
|
|
78
79
|
devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=7_qbPOoTa5up9zymGQ9ancqR_J7JhMyOXDWqjq_Pdh0,2380
|
|
79
80
|
devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=JmeBtO6CMufjYSRpGQU1kPZoW3PnXwVXnl33LSIU3n8,3543
|
|
80
81
|
devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -82,7 +83,7 @@ devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/__init__.p
|
|
|
82
83
|
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
83
84
|
devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py,sha256=pWaRmIwVyiB5mlmWySHIx-DUgN9vtKQc-MqyRNVlTJo,2150
|
|
84
85
|
devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
85
|
-
devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=
|
|
86
|
+
devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=wM6j4HmiKhw7wt7JKxlE576QYdwcFK1nZHv64HRwXD4,2389
|
|
86
87
|
devsecops_engine_tools/engine_risk/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
87
88
|
devsecops_engine_tools/engine_sast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
88
89
|
devsecops_engine_tools/engine_sast/engine_code/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -306,9 +307,9 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
|
|
|
306
307
|
devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
|
|
307
308
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
308
309
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
309
|
-
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=
|
|
310
|
-
devsecops_engine_tools-1.
|
|
311
|
-
devsecops_engine_tools-1.
|
|
312
|
-
devsecops_engine_tools-1.
|
|
313
|
-
devsecops_engine_tools-1.
|
|
314
|
-
devsecops_engine_tools-1.
|
|
310
|
+
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=79nXjjRjR64xvXmQzJqFpDj5xByrqQbc6OnowHqBEz4,1756
|
|
311
|
+
devsecops_engine_tools-1.20.0.dist-info/METADATA,sha256=_TKyRHkSblGgi4MyxVpVEy1zh6AfVa1PlwlRm3eITQs,10895
|
|
312
|
+
devsecops_engine_tools-1.20.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
313
|
+
devsecops_engine_tools-1.20.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
314
|
+
devsecops_engine_tools-1.20.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
315
|
+
devsecops_engine_tools-1.20.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.19.2.dist-info → devsecops_engine_tools-1.20.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|