devsecops-engine-tools 1.23.2__py3-none-any.whl → 1.24.1__py3-none-any.whl

devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/deserializator_gateway.py

@@ -4,5 +4,5 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding
 
 class DeserializatorGateway(metaclass=ABCMeta):
     @abstractmethod
-    def get_list_findings(self, results_scan_file) -> "list[Finding]":
+    def get_list_findings(self, results_scan_file, remote_config) -> "list[Finding]":
         "Deserializator"

devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py

@@ -48,4 +48,4 @@ class DependenciesScan:
         Process the results deserializer.
         Terun: list: Deserialized list of findings.
         """
-        return self.tool_deserializator.get_list_findings(dependencies_scanned)
+        return self.tool_deserializator.get_list_findings(dependencies_scanned, self.remote_config)

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py

@@ -7,8 +7,7 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import (
 )
 from dataclasses import dataclass
 from datetime import datetime
-import json
-import os
+import xml.etree.ElementTree as ET
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
 from devsecops_engine_tools.engine_utilities import settings
 
@@ -17,47 +16,74 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
 @dataclass
 class DependencyCheckDeserialize(DeserializatorGateway):
+    TOOL = "DEPENDENCY_CHECK"
 
-    def get_list_findings(self, dependencies_scanned_file) -> "list[Finding]":
-        filename, extension = os.path.splitext(dependencies_scanned_file)
-        if extension.lower() != ".json":
-            dependencies_scanned_file = f"{filename}.json"
-
-        data_result = self.load_results(dependencies_scanned_file)
+    def get_list_findings(self, dependencies_scanned_file, remote_config) -> "list[Finding]":
+        dependencies, namespace = self.filter_vulnerabilities_by_confidence(dependencies_scanned_file, remote_config)
 
         list_open_vulnerabilities = []
-        for dependency in data_result.get("dependencies", []):
-            for vulnerability in dependency.get("vulnerabilities", []):
-                vulnerable_software = vulnerability.get("vulnerableSoftware", [])
-                fix = (
-                    vulnerable_software[0]
-                    .get("software", {})
-                    .get("versionEndExcluding", None)
-                    if vulnerable_software
-                    else None
-                )
-                finding_open = Finding(
-                    id=vulnerability["name"][:20],
-                    cvss=str(vulnerability.get("cvssv3", {})),
-                    where=dependency.get("fileName").split(":")[-1].strip(),
-                    description=vulnerability["description"][:170].replace("\n\n", " "),
-                    severity=vulnerability["severity"].lower(),
-                    identification_date=datetime.now().strftime("%d%m%Y"),
-                    published_date_cve=None,
-                    module="engine_dependencies",
-                    category=Category.VULNERABILITY,
-                    requirements=fix,
-                    tool="DEPENDENCY_CHECK",
-                )
-                list_open_vulnerabilities.append(finding_open)
+
+        for dependency in dependencies:
+            vulnerabilities_node = dependency.find('ns:vulnerabilities', namespace)
+            if vulnerabilities_node:
+                vulnerabilities = vulnerabilities_node.findall('ns:vulnerability', namespace)
+                for vulnerability in vulnerabilities:
+                    fix = "Not found"
+                    vulnerable_software = vulnerability.find('ns:vulnerableSoftware', namespace)
+                    if vulnerable_software:
+                        software = vulnerable_software.findall('ns:software', namespace)
+                        if len(software) > 0:
+                            fix = software[0].get("versionEndExcluding", "Not found").lower()
+                    
+                    id = vulnerability.find('ns:name', namespace).text[:20]
+                    cvss = ", ".join(f"{child.tag.split('}')[-1]}: {child.text}" for child in vulnerability.find('ns:cvssV3', namespace)) if vulnerability.find('ns:cvssV3', namespace) else ""
+                    fileName = dependency.find('ns:fileName', namespace).text.split(":")[-1].strip()
+                    description = vulnerability.find('ns:description', namespace).text if vulnerability.find('ns:description', namespace).text else ""
+                    severity = vulnerability.find('ns:severity', namespace).text.lower()
+                    cvss
+                    finding_open = Finding(
+                        id=id,
+                        cvss=cvss,
+                        where=fileName,
+                        description=description[:120].replace("\n\n", " ").replace("\n", " ").strip() if len(description) > 0 else "No description available",
+                        severity=severity,
+                        identification_date=datetime.now().strftime("%d%m%Y"),
+                        published_date_cve=None,
+                        module="engine_dependencies",
+                        category=Category.VULNERABILITY,
+                        requirements=fix,
+                        tool="DEPENDENCY_CHECK",
+                    )
+                    list_open_vulnerabilities.append(finding_open)
 
         return list_open_vulnerabilities
 
-    def load_results(self, dependencies_scanned_file):
-        try:
-            with open(dependencies_scanned_file) as f:
-                data = json.load(f)
-            return data
-        except Exception as ex:
-            logger.error(f"An error ocurred loading dependency-check results {ex}")
-            return None
+    def filter_vulnerabilities_by_confidence(self, dependencies_scanned_file, remote_config):
+        data_result = ET.parse(dependencies_scanned_file)
+        root = data_result.getroot()
+
+        namespace_uri = root.tag.split('}')[0].strip('{')
+        namespace = {'ns': namespace_uri}
+        ET.register_namespace('', namespace_uri)
+
+        confidence_levels = ["low", "medium", "high", "highest"]
+        confidences = remote_config[self.TOOL]["VULNERABILITY_CONFIDENCE"]
+
+        dependencies = root.find('ns:dependencies', namespace)
+        if dependencies:
+            to_remove = []
+            for dep in dependencies.findall('ns:dependency', namespace):
+                identifiers = dep.find('ns:identifiers', namespace)
+                if identifiers:
+                    vulnerability_ids = identifiers.findall('ns:vulnerabilityIds', namespace)
+                    if vulnerability_ids:
+                        vul_ids_confidences = [conf.get("confidence", "").lower() for conf in vulnerability_ids]
+                        if len(vul_ids_confidences) > 0:
+                            if not max(vul_ids_confidences, key=lambda c: confidence_levels.index(c)) in confidences: 
+                                to_remove.append(dep)
+                    elif not "no_confidence" in confidences:
+                        to_remove.append(dep)
+            for dep in to_remove: dependencies.remove(dep)
+            data_result.write(dependencies_scanned_file, encoding="utf-8", xml_declaration=True)
+        
+        return dependencies, namespace

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py

@@ -19,8 +19,12 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
 
 class DependencyCheckTool(ToolGateway):
+    def __init__(self):
+        self.download_tool_called = False
+
     def download_tool(self, cli_version):
         try:
+            self.download_tool_called = True
             url = f"https://github.com/jeremylong/DependencyCheck/releases/download/v{cli_version}/dependency-check-{cli_version}-release.zip"
             response = requests.get(url, allow_redirects=True)
             home_directory = os.path.expanduser("~")
@@ -66,13 +70,12 @@ class DependencyCheckTool(ToolGateway):
             command = [
                 command_prefix,
                 "--format",
-                "JSON",
-                "--format",
                 "XML",
                 "--nvdApiKey",
                 token,
                 "--scan",
                 file_to_scan,
+                "--noupdate"
             ]
 
             if not token:
@@ -82,11 +85,10 @@ class DependencyCheckTool(ToolGateway):
                 command = [
                     command_prefix,
                     "--format",
-                    "JSON",
-                    "--format",
                     "XML",
                     "--scan",
                     file_to_scan,
+                    "--noupdate"
                 ]
 
             subprocess.run(command, capture_output=True, check=True)

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py

@@ -46,7 +46,7 @@ class XrayDeserializator(DeserializatorGateway):
         ]
         return vulnerabilities
 
-    def get_list_findings(self, dependencies_scanned_file) -> "list[Finding]":
+    def get_list_findings(self, dependencies_scanned_file, remote_config) -> "list[Finding]":
         list_open_vulnerabilities = []
         with open(dependencies_scanned_file, "rb") as file:
             json_data = json.loads(file.read())

devsecops_engine_tools/engine_utilities/azuredevops/infrastructure/azure_devops_api.py

@@ -49,7 +49,7 @@ class AzureDevopsApi:
         except Exception as e:
             raise ApiError("Error getting Azure DevOps connection: " + str(e))
 
-    def get_remote_json_config(self, connection: Connection, branch):
+    def get_remote_json_config(self, connection: Connection, branch=""):
         try:
             git_client = connection.clients.get_git_client()
             version_descriptor = None

devsecops_engine_tools/engine_utilities/sonarqube/src/domain/usecases/report_sonar.py

@@ -190,7 +190,7 @@ class ReportSonar:
                 logger.warning(f"It was not possible to synchronize Sonar and Vulnerability Manager: {e}")
 
             input_core.scope_pipeline = project_key
-            if re.match(report_config_tool["SCOPE_VALIDATION_REGEX"], source_code_management_uri, re.IGNORECASE):
+            if re.match(report_config_tool["SCOPE_VALIDATION_REGEX"], self.devops_platform_gateway.get_variable("repository_provider"), re.IGNORECASE):
                 input_core.scope_pipeline = pipeline_name
 
             self.vulnerability_management_gateway.send_vulnerability_management(

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.23.2'
+version = '1.24.1'

{devsecops_engine_tools-1.23.2.dist-info → devsecops_engine_tools-1.24.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.23.2
+Version: 1.24.1
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.23.2.dist-info → devsecops_engine_tools-1.24.1.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=WhBlxj7zPvgn7L0tTf0vHC7F7bzYaXubWH1FyqpgbKQ,19
+devsecops_engine_tools/version.py,sha256=60Kvr0rSTJ9SYGMHHXTlDAGMXhJK6ufRBv4rEfAZtXE,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -197,19 +197,19 @@ devsecops_engine_tools/engine_sca/engine_dependencies/src/deployment/infrastruct
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/deserializator_gateway.py,sha256=WOJbKbeFIbQ0IR6lic2JheTPUJPPzAYsGykU1DiMmHw,286
+devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/deserializator_gateway.py,sha256=A4WPW-cNMlitI7-P2L-W2hFUPvIU7Ejk6JxRJGATfwc,301
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py,sha256=KVHx_8A7hSUQqZdq0S8-yX2f_L2wYDC6TodSV96f3ww,273
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py,sha256=ZsNl4K4hXC4H2VGu4UEe2yRA6HvMRxQ2Jrs0rE8KezU,1542
+devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py,sha256=0JYY5g3bSSiEqFdsN5phglX76z3YpiyGTL_CvBvO274,1562
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py,sha256=cTM8IQRZJBr5zG5nhCkTxuw2fCHDZ3wrPgQhRjG88pg,968
 devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py,sha256=0M53iuI0VEDcYk9G4EuAFTc1Iok3xqiWLHYuKaU3dqg,2250
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py,sha256=ihsWd10JnYmnhsm22KbND_GvBKGwAeEuPbiBe0Wx1kQ,2582
-devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=a63ny6Jt8tZzcb7dS8Nes2DqOHs9oQuLFhzz7nEMhHQ,5059
+devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py,sha256=iI9nkJVJaagEGFaZ9AABYflla1PvCgu6afl9LYm35AU,4654
+devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=T34iL4zFjyWYrRKDR0I6dfrXCyzIRM1nrqck4ubXm_w,5121
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py,sha256=Vm0pj1i6a34xXouXUU95Y04hzR--9tcMQuycR7IMUnQ,2221
+devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py,sha256=ZUk-e1PKzV7uRAT7BpET363pgl2eMnXMCGSpewsOpKg,2236
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=u8SAtVuTqJ6o2B6jC-gMNG2Pn7a_bHWT_B1a_55iYZ4,7408
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py,sha256=3EJ00WleYziW_EenXsJQ_OLOV1hAulSuVXjc42sGUIQ,2606
@@ -219,7 +219,7 @@ devsecops_engine_tools/engine_utilities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5J
 devsecops_engine_tools/engine_utilities/settings.py,sha256=CPnDndwVeRgQNml3HVzvytVruDd8dTd1ICHbkMDSgTM,2144
 devsecops_engine_tools/engine_utilities/azuredevops/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/azuredevops/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_utilities/azuredevops/infrastructure/azure_devops_api.py,sha256=yhZaXC2RQEhGfXt-ULTdDLG9PI9WjV7iscxhDHwfm8w,2965
+devsecops_engine_tools/engine_utilities/azuredevops/infrastructure/azure_devops_api.py,sha256=l_sRaktn51NEeJowtEJWfUnUmjaU9uRTqXo4jcNR24E,2968
 devsecops_engine_tools/engine_utilities/azuredevops/models/AzureMessageLoggingPipeline.py,sha256=pCwlPDDl-hgvZ9gvceuC8GsKbsMhRm3ykhFFVByVqcI,664
 devsecops_engine_tools/engine_utilities/azuredevops/models/AzurePredefinedVariables.py,sha256=r-PpcKlyuXzKHx6ao4SuVI9dOKMVnjL1U_b-yfJK0o4,2387
 devsecops_engine_tools/engine_utilities/azuredevops/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -288,7 +288,7 @@ devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/__init__.py,s
 devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/gateways/sonar_gateway.py,sha256=PCrGq7NOINAFPvmX-5V5191MGhahsnQeWXUB1-xL4Xw,1279
 devsecops_engine_tools/engine_utilities/sonarqube/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_utilities/sonarqube/src/domain/usecases/report_sonar.py,sha256=iAmogxLTYLWgN524--8IT33T_p54rdvQdRymAHGK-C0,9048
+devsecops_engine_tools/engine_utilities/sonarqube/src/domain/usecases/report_sonar.py,sha256=SOqTVfbzFZ8ZAaLh_cynAFwT8_FlFYCcrMKTLwWJURo,9086
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adapters/sonarqube/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -308,8 +308,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=yvCbPKAWa7wxk5S-s_Xkvx9VtnIpv9eWUMG8wtlmrhs,5870
-devsecops_engine_tools-1.23.2.dist-info/METADATA,sha256=N5-qql91wwAB1MAWeyNOeCNaA8kbabphHq0yJ94eC9U,10943
-devsecops_engine_tools-1.23.2.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.23.2.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.23.2.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.23.2.dist-info/RECORD,,
+devsecops_engine_tools-1.24.1.dist-info/METADATA,sha256=eh484HcoNCg1p-ztHmAlG3EaO6t2VLcFjXgJHSX3LyI,10943
+devsecops_engine_tools-1.24.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.24.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.24.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.24.1.dist-info/RECORD,,