PyPI - devsecops-engine-tools - Versions diffs - 1.30.2__tar.gz → 1.32.0__tar.gz - Mend

devsecops-engine-tools 1.30.2tar.gz → 1.32.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (337) hide show

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.30.2
+Version: 1.32.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -36,6 +36,7 @@ Requires-Dist: packageurl-python==0.15.6
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=bancolombia_devsecops-engine-tools&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=bancolombia_devsecops-engine-tools)
 [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=bancolombia_devsecops-engine-tools&metric=coverage)](https://sonarcloud.io/summary/new_code?id=bancolombia_devsecops-engine-tools)
 [![Python Version](https://img.shields.io/badge/python%20-%203.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20-blue)](#)
+[![PyPI](https://img.shields.io/pypi/v/devsecops-engine-tools)](https://pypi.org/project/devsecops-engine-tools/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/bancolombia/devsecops-engine-tools
 )](https://hub.docker.com/r/bancolombia/devsecops-engine-tools)
@@ -133,10 +134,14 @@ For more information visit [here](https://github.com/bancolombia/devsecops-engin
     <td>Free</td>
   </tr>
   <tr>
-    <td>ENGINE_SECRET</td>
+    <td rowspan="2">ENGINE_SECRET</td>
     <td><a href="https://trufflesecurity.com/trufflehog">TRUFFLEHOG</a></td>
     <td>Free</td>
   </tr>
+  <tr>
+    <td><a href="https://gitleaks.io/">GITLEAKS</a></td>
+    <td>Free</td>
+  </tr>
   <tr>
     <td rowspan="2">ENGINE_CONTAINER</td>
     <td><a href="https://www.paloaltonetworks.com/prisma/cloud">PRISMA</a></td>

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py RENAMED Viewed

@@ -13,6 +13,7 @@ from devsecops_engine_tools.engine_utilities.defect_dojo import (
     Engagement,
     Product,
     Component,
+    FindingExclusion
 )
 from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
 from devsecops_engine_tools.engine_core.src.domain.model.report import Report
@@ -42,9 +43,11 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 @dataclass
 class DefectDojoPlatform(VulnerabilityManagementGateway):
+    RISK_ACCEPTED = "Risk Accepted"
     OUT_OF_SCOPE = "Out of Scope"
     FALSE_POSITIVE = "False Positive"
     TRANSFERRED_FINDING = "Transferred Finding"
+    ON_WHITELIST = "On Whitelist"
     def send_vulnerability_management(
         self, vulnerability_management: VulnerabilityManagement
@@ -79,6 +82,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "BEARER": "Bearer CLI",
                 "DEPENDENCY_CHECK": "Dependency Check Scan",
                 "SONARQUBE": "SonarQube API Import",
+                "GITLEAKS": "Gitleaks Scan"
             }
             if any(
@@ -203,6 +207,11 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "tags": tool,
                 "limit": dd_limits_query,
             }
+            white_list_query_params = {
+                "risk_status": self.ON_WHITELIST,
+                "tags": tool,
+                "limit": dd_limits_query,
+            }
             exclusions_risk_accepted = self._get_findings_with_exclusions(
                 session_manager,
@@ -211,7 +220,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 risk_accepted_query_params,
                 tool,
                 self._format_date_to_dd_format,
-                "Risk Accepted",
+                self.RISK_ACCEPTED,
             )
             exclusions_false_positive = self._get_findings_with_exclusions(
@@ -244,11 +253,29 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 self.TRANSFERRED_FINDING,
             )
+            white_list = self._get_finding_exclusion(
+                session_manager, dd_max_retries, {
+                    "type": "white_list",
+                }
+            )
+            exclusions_white_list = self._get_findings_with_exclusions(
+                session_manager,
+                service,
+                dd_max_retries,
+                white_list_query_params,
+                tool,
+                self._format_date_to_dd_format,
+                self.ON_WHITELIST,
+                white_list=white_list,
+            )
             return (
                 list(exclusions_risk_accepted)
                 + list(exclusions_false_positive)
                 + list(exclusions_out_of_scope)
                 + list(exclusions_transfer_finding)
+                + list(exclusions_white_list)
             )
         except Exception as ex:
             raise ExceptionFindingsExcepted(
@@ -272,8 +299,10 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "HOST_DEFECT_DOJO"
             ]
+            session_manager = self._get_session_manager(dict_args, secret_tool, config_tool)
             findings = self._get_findings(
-                self._get_session_manager(dict_args, secret_tool, config_tool),
+                session_manager,
                 service,
                 max_retries,
                 all_findings_query_params,
@@ -286,8 +315,14 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 )
             )
+            white_list = self._get_finding_exclusion(
+                session_manager, max_retries, {
+                    "type": "white_list",
+                }
+            )
             all_exclusions = self._get_report_exclusions(
-                all_findings, self._format_date_to_dd_format, host_dd=host_dd
+                all_findings, self._format_date_to_dd_format, host_dd=host_dd, white_list=white_list
             )
             return all_findings, all_exclusions
@@ -461,25 +496,25 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"],
         )
-    def _get_report_exclusions(self, total_findings, date_fn, host_dd):
+    def _get_report_exclusions(self, total_findings, date_fn, host_dd, **kwargs):
         exclusions = []
         for finding in total_findings:
             if finding.risk_accepted:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", "Risk Accepted", host_dd
+                        finding, date_fn, "engine_risk", self.RISK_ACCEPTED, host_dd, **kwargs
                     )
                 )
             elif finding.false_p:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.FALSE_POSITIVE, host_dd
+                        finding, date_fn, "engine_risk", self.FALSE_POSITIVE, host_dd, **kwargs
                     )
                 )
             elif finding.out_of_scope:
                 exclusions.append(
                     self._create_report_exclusion(
-                        finding, date_fn, "engine_risk", self.OUT_OF_SCOPE, host_dd
+                        finding, date_fn, "engine_risk", self.OUT_OF_SCOPE, host_dd, **kwargs
                     )
                 )
             elif finding.risk_status == "Transfer Accepted":
@@ -490,18 +525,26 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                         "engine_risk",
                         self.TRANSFERRED_FINDING,
                         host_dd,
+                        **kwargs
+                    )
+                )
+            elif finding.risk_status == self.ON_WHITELIST:
+                exclusions.append(
+                    self._create_report_exclusion(
+                        finding, date_fn, "engine_risk", self.ON_WHITELIST, host_dd, **kwargs
                     )
                 )
         return exclusions
     def _get_findings_with_exclusions(
-        self, session_manager, service, max_retries, query_params, tool, date_fn, reason
+        self, session_manager, service, max_retries, query_params, tool, date_fn, reason, **kwargs
     ):
         findings = self._get_findings(
             session_manager, service, max_retries, query_params
         )
         return map(
-            partial(self._create_exclusion, date_fn=date_fn, tool=tool, reason=reason),
+            partial(self._create_exclusion, date_fn=date_fn, tool=tool, reason=reason, **kwargs),
             findings,
         )
@@ -512,6 +555,14 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             ).results
         return self._retries_requests(request_func, max_retries, retry_delay=5)
+    def _get_finding_exclusion(self, session_manager, max_retries, query_params):
+        def request_func():
+            return FindingExclusion.get_finding_exclusion(
+                session=session_manager, **query_params
+            ).results
+        return self._retries_requests(request_func, max_retries, retry_delay=5)
     def _retries_requests(self, request_func, max_retries, retry_delay):
         for attempt in range(max_retries):
@@ -526,23 +577,34 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                     logger.error("Maximum number of retries reached, aborting.")
                     raise e
-    def _date_reason_based(self, finding, date_fn, reason):
-        if reason in [self.FALSE_POSITIVE, self.OUT_OF_SCOPE]:
-            create_date = date_fn(finding.last_status_update)
-            expired_date = date_fn(None)
-        elif reason == self.TRANSFERRED_FINDING:
-            create_date = date_fn(finding.transfer_finding.date)
-            expired_date = date_fn(finding.transfer_finding.expiration_date)
-        else:
-            last_accepted_risk = finding.accepted_risks[-1]
-            create_date = date_fn(last_accepted_risk["created"])
-            expired_date = date_fn(last_accepted_risk["expiration_date"])
-        return create_date, expired_date
+    def _date_reason_based(self, finding, date_fn, reason, tool, **kwargs):
+        def get_vuln_id(finding, tool):
+            if tool == "engine_risk":
+                return finding.id[0]["vulnerability_id"] if finding.id else finding.vuln_id_from_tool
+            else:
+                return finding.vulnerability_ids[0]["vulnerability_id"] if finding.vulnerability_ids else finding.vuln_id_from_tool
+        def get_dates_from_whitelist(vuln_id, white_list):
+            matching_finding = next(filter(lambda x: x.unique_id_from_tool == vuln_id, white_list), None)
+            if matching_finding:
+                return date_fn(matching_finding.create_date), date_fn(matching_finding.expiration_date)
+            return date_fn(None), date_fn(None)
+        reason_to_dates = {
+            self.FALSE_POSITIVE: lambda: (date_fn(finding.last_status_update), date_fn(None)),
+            self.OUT_OF_SCOPE: lambda: (date_fn(finding.last_status_update), date_fn(None)),
+            self.TRANSFERRED_FINDING: lambda: (date_fn(finding.transfer_finding.date), date_fn(finding.transfer_finding.expiration_date)),
+            self.RISK_ACCEPTED: lambda: (date_fn(finding.accepted_risks[-1]["created"]), date_fn(finding.accepted_risks[-1]["expiration_date"])),
+            self.ON_WHITELIST: lambda: get_dates_from_whitelist(get_vuln_id(finding, tool), kwargs.get("white_list", [])),
+        }
-    def _create_exclusion(self, finding, date_fn, tool, reason):
-        create_date, expired_date = self._date_reason_based(finding, date_fn, reason)
+        create_date, expired_date = reason_to_dates.get(reason, lambda: (date_fn(None), date_fn(None)))()
+        return create_date, expired_date
+    def _create_exclusion(self, finding, date_fn, tool, reason, **kwargs):
+        create_date, expired_date = self._date_reason_based(finding, date_fn, reason, tool, **kwargs)
         return Exclusions(
             id=(
                 finding.vuln_id_from_tool
@@ -560,8 +622,8 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
             reason=reason,
         )
-    def _create_report_exclusion(self, finding, date_fn, tool, reason, host_dd):
-        create_date, expired_date = self._date_reason_based(finding, date_fn, reason)
+    def _create_report_exclusion(self, finding, date_fn, tool, reason, host_dd, **kwargs):
+        create_date, expired_date = self._date_reason_based(finding, date_fn, reason, tool, **kwargs)
         return Exclusions(
             id=(

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py RENAMED Viewed

@@ -7,6 +7,12 @@ from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_
 from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import (
     SecretScanDeserealizator
     )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.gitleaks.gitleaks_tool import (
+    GitleaksTool
+    )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.gitleaks.gitleaks_deserealizator import (
+    GitleaksDeserealizator
+    )
 from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run import (
     GitRun
     )
@@ -19,6 +25,10 @@ def runner_secret_scan(dict_args, tool, devops_platform_gateway, secret_tool):
         if (tool == "TRUFFLEHOG"):
             tool_gateway = TrufflehogRun()
             tool_deserealizator = SecretScanDeserealizator()
+        elif (tool == "GITLEAKS"):
+            tool_gateway = GitleaksTool()
+            tool_deserealizator = GitleaksDeserealizator()
         return engine_secret_scan(
             devops_platform_gateway = devops_platform_gateway,
             tool_gateway = tool_gateway,

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_deserealizator.py ADDED Viewed

@@ -0,0 +1,36 @@
+from datetime import datetime
+from dataclasses import dataclass
+from typing import List
+from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding, Category
+from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator import (
+    DeseralizatorGateway
+)
+@dataclass
+class GitleaksDeserealizator(DeseralizatorGateway):
+    def get_list_vulnerability(self, results_scan_list: List[dict], path_directory: str, os: str) -> List[Finding]:
+        list_open_vulnerabilities = []
+        current_date=datetime.now().strftime("%d%m%Y")
+        for result in results_scan_list:
+            vulnerability_open = Finding(
+                id=result.get("RuleID", "SECRET_SCANNING"),
+                cvss=None,
+                where=self.get_where_correctly(result, path_directory),
+                description=result.get("Description", "No description available"),
+                severity="critical",
+                identification_date=current_date,
+                published_date_cve=None,
+                module="engine_secret",
+                category=Category.VULNERABILITY,
+                requirements="",
+                tool="Gitleaks",
+            )
+            list_open_vulnerabilities.append(vulnerability_open)
+        return list_open_vulnerabilities
+    def get_where_correctly(self, result: dict, path_directory=""):
+        path = result.get("File", "").replace(path_directory, "")
+        hidden_secret = str(result.get("Secret"))[:3] + '*' * 9 + str(result.get("Secret"))[-3:]
+        return f"{path}, Secret: {hidden_secret}"

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py ADDED Viewed

@@ -0,0 +1,150 @@
+import json
+import os
+import re
+import subprocess
+import requests
+from concurrent.futures import ThreadPoolExecutor, as_completed
+from devsecops_engine_tools.engine_utilities.utils.utils import Utils
+from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+from devsecops_engine_tools.engine_utilities.utils.utils import Utils
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+class GitleaksTool(ToolGateway):
+    _COMMAND = None
+    def install_tool(self, agent_os, agent_temp_dir, tool_version) -> any:
+        is_windows_os = re.search(r"Windows", agent_os)
+        is_linux_os = re.search(r"Linux", agent_os)
+        if is_windows_os:
+            file_extension = "windows_x64.zip"
+        elif is_linux_os:
+            file_extension = "linux_x64.tar.gz"
+        else:
+            file_extension = "darwin_x64.tar.gz"
+        command = f"{agent_temp_dir}{os.sep}gitleaks"
+        command = f"{command}.exe" if is_windows_os else command
+        self._COMMAND = command
+        result = subprocess.run(f"{command} --version", capture_output=True, shell=True, text=True)
+        is_tool_installed = re.search(fr"{tool_version}", result.stdout.strip())
+        if is_tool_installed: return
+        try:
+            url = f"https://github.com/gitleaks/gitleaks/releases/download/v{tool_version}/gitleaks_{tool_version}_{file_extension}"
+            response = requests.get(url, allow_redirects=True)
+            compressed_name = os.path.join(
+                agent_temp_dir, f"gitleaks_{tool_version}_{file_extension}"
+            )
+            with open(compressed_name, "wb") as f:
+                f.write(response.content)
+            if is_windows_os:
+                Utils().unzip_file(compressed_name, agent_temp_dir)
+            else:
+                Utils().extract_targz_file(compressed_name, agent_temp_dir)
+        except Exception as ex:
+            logger.error(f"An error ocurred downloading Gitleaks: {ex}")
+    def _extract_json_data(self, file_path):
+        if os.path.exists(file_path):
+            with open(file_path, 'r', encoding='utf-8') as f:
+                return json.load(f)
+        else:
+            print(f"File {file_path} does not exist")
+            return []
+    def _create_report(self, output_file, combined_data):
+        with open(output_file, 'w', encoding='utf-8') as f:
+            json.dump(combined_data, f, ensure_ascii=False, indent=4)
+    def _check_path(self, path, excluded_paths):
+        parts = path.split(os.sep)
+        for part in parts:
+            if part in excluded_paths: return True
+        return False
+    def _add_flags(self, config_tool, tool, agent_work_folder):
+        flags = []
+        if not config_tool[tool]["ALLOW_IGNORE_LEAKS"]:
+            flags.append("--ignore-gitleaks-allow")
+        if config_tool[tool]["ENABLE_CUSTOM_RULES"]:
+            flags.extend(["--config", f"{agent_work_folder}{os.sep}rules{os.sep}gitleaks{os.sep}gitleaks.toml"])
+        return flags
+    def run_tool_secret_scan(
+        self,
+        files,
+        agent_os,
+        agent_work_folder,
+        repository_name,
+        config_tool,
+        secret_tool,  # For external checks
+        secret_external_checks,  # For external checks
+        agent_temp_dir,
+        tool
+    ):
+        command = [self._COMMAND, "dir"]
+        finding_path = os.path.join(agent_work_folder, "gitleaks_report.json")
+        excluded_paths = config_tool[tool]["EXCLUDE_PATH"]
+        if config_tool[tool]["ENABLE_CUSTOM_RULES"]:
+            Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks, agent_work_folder)
+        try:
+            findings = []
+            flags = self._add_flags(config_tool, tool, agent_work_folder)
+            if len(files) > 1:
+                with ThreadPoolExecutor(max_workers=config_tool[tool]["NUMBER_THREADS"]) as executor:
+                    futures = []
+                    for pull_file in files:
+                        if self._check_path(pull_file, excluded_paths): continue
+                        aux_finding_path = os.path.join(
+                            agent_work_folder, f"gitleaks_aux_report_{pull_file.replace(os.sep, '_')}.json"
+                        )
+                        command_aux = command.copy()
+                        command_aux.extend([
+                            os.path.join(agent_work_folder, repository_name, pull_file),
+                            "--report-path", aux_finding_path
+                        ])
+                        command_aux.extend(flags)
+                        futures.append(executor.submit(self._run_subprocess_command, command_aux, aux_finding_path))
+                    for future in as_completed(futures):
+                        result = future.result()
+                        findings.extend(result)
+                self._create_report(finding_path, findings)
+            else:
+                command.extend([files[0], "--report-path", finding_path])
+                command.extend(flags)
+                subprocess.run(command, capture_output=True, text=True)
+                findings = self._extract_json_data(finding_path)
+            return findings, finding_path
+        except Exception as e:
+            logger.error(f"Error executing gitleaks scan: {e}")
+    def _run_subprocess_command(self, command_aux, aux_finding_path):
+        try:
+            subprocess.run(command_aux, capture_output=True, text=True)
+            return self._extract_json_data(aux_finding_path)
+        except Exception as e:
+            logger.error(f"Error executing gitleaks on {command_aux}: {e}")
+            return []

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_utilities/defect_dojo/__init__.py RENAMED Viewed

@@ -5,4 +5,5 @@ from .applications.finding import Finding
 from .applications.connect import Connect
 from .applications.engagement import Engagement
 from .applications.product import Product
-from .applications.component import Component
+from .applications.component import Component
+from .applications.finding_exclusion import FindingExclusion

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_utilities/defect_dojo/applications/component.py RENAMED Viewed

@@ -25,5 +25,4 @@ class Component:
             uc = ComponentUserCase(rest_component)
             return uc.post(request)
         except ApiError as e:
-            logger.error(f"Error during create component: {e}")
             raise e

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_utilities/defect_dojo/applications/finding.py RENAMED Viewed

@@ -1,9 +1,6 @@
-from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.finding import FindingRequest
 from devsecops_engine_tools.engine_utilities.defect_dojo.domain.serializers.finding import FindingSerializer
 from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.finding import FindingRestConsumer
 from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.finding import FindingUserCase, FindingGetUserCase
-from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager
-from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
 from devsecops_engine_tools.engine_utilities import settings

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_utilities/defect_dojo/applications/finding_exclusion.py ADDED Viewed

@@ -0,0 +1,14 @@
+from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.finding_exclusion import FindingExclusionUserCase
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.finding_exclusion import FindingExclusionRestConsumer
+class FindingExclusion:
+    @staticmethod
+    def get_finding_exclusion(session, **request):
+        try:
+            rest_finding_exclusion = FindingExclusionRestConsumer(session=session)
+            uc = FindingExclusionUserCase(rest_finding_exclusion)
+            return uc.execute(request)
+        except ApiError as e:
+            raise e

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/finding_exclusion.py ADDED Viewed

@@ -0,0 +1,20 @@
+import dataclasses
+from typing import List
+from devsecops_engine_tools.engine_utilities.utils.dataclass_classmethod import FromDictMixin
+@dataclasses.dataclass
+class FindingExclusion(FromDictMixin):
+    uuid: str = ""
+    unique_id_from_tool: str = ""
+    type: str = ""
+    create_date: str = ""
+    expiration_date: str = ""
+@dataclasses.dataclass
+class FindingExclusionList(FromDictMixin):
+    count: int = 0
+    next = None
+    previous = None
+    results: List[FindingExclusion] = dataclasses.field(default_factory=list)

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_utilities/defect_dojo/domain/serializers/finding.py RENAMED Viewed

@@ -63,7 +63,7 @@ class FindingSerializer(Schema):
     reviewers = fields.List(fields.Int, requerided=False)
     risk_accetance = fields.Int(requerided=False)
     risk_status = fields.Str(
-        required=False, validate=validate.OneOf(["Risk Pending", "Risk Rejected", "Risk Expired", "Risk Accepted", "Risk Active", "Transfer Pending", "Transfer Rejected", "Transfer Expired", "Transfer Accepted"])
+        required=False, validate=validate.OneOf(["Risk Pending", "Risk Rejected", "Risk Expired", "Risk Accepted", "Risk Active", "Transfer Pending", "Transfer Rejected", "Transfer Expired", "Transfer Accepted", "On Whitelist", "On Blacklist"])
     )
     risk_accepted = fields.Bool(requerided=False)
     sast_sink_object = fields.Str(requeride=False)

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/finding_exclusion.py ADDED Viewed

@@ -0,0 +1,9 @@
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.finding_exclusion import FindingExclusionRestConsumer
+class FindingExclusionUserCase:
+    def __init__(self, rest_finding_exclusion: FindingExclusionRestConsumer):
+        self.__rest_finding_exclusion = rest_finding_exclusion
+    def execute(self, request):
+        response = self.__rest_finding_exclusion.get_finding_exclusions(request)
+        return response

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/import_scan.py RENAMED Viewed

@@ -66,12 +66,12 @@ class ImportScanUserCase:
                         with id {product_type_id}"
                 )
-                product = self.__rest_product.post_product(request, product_type_id)
-                product_id = product.id
-                logger.info(
-                    f"product created: {product.name}\
-                        found with id: {product.id}"
-                )
+            product = self.__rest_product.post_product(request, product_type_id)
+            product_id = product.id
+            logger.info(
+                f"product created: {product.name}\
+                    found with id: {product.id}"
+            )
         api_scan_bool = re.search(" API ", request.scan_type)
         if api_scan_bool:

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/driver_adapters/finding_exclusion.py ADDED Viewed

@@ -0,0 +1,28 @@
+from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.models.finding_exclusion import FindingExclusionList
+from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.settings.settings import VERIFY_CERTIFICATE
+from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager
+from devsecops_engine_tools.engine_utilities.settings import SETTING_LOGGER
+logger = MyLogger.__call__(**SETTING_LOGGER).get_logger()
+class FindingExclusionRestConsumer:
+    def __init__(self, session: SessionManager):
+        self.__token = session._token
+        self.__host = session._host
+        self.__session = session._instance
+    def get_finding_exclusions(self, request) -> FindingExclusionList:
+        url = f"{self.__host}/api/v2/finding_exclusions/"
+        headers = {"Authorization": f"Token {self.__token}", "Content-Type": "application/json"}
+        try:
+            response = self.__session.get(url, headers=headers, params=request, verify=VERIFY_CERTIFICATE)
+            if response.status_code != 200:
+                raise ApiError(response.json())
+            finding_exclusions_object = FindingExclusionList.from_dict(response.json())
+        except Exception as e:
+            logger.error(f"from dict FindingExclusion: {e}")
+            raise ApiError(e)
+        return finding_exclusions_object

devsecops_engine_tools-1.32.0/devsecops_engine_tools/engine_utilities/utils/__init__.py ADDED Viewed

File without changes

{devsecops_engine_tools-1.30.2 → devsecops_engine_tools-1.32.0}/devsecops_engine_tools/engine_utilities/utils/utils.py RENAMED Viewed

@@ -1,4 +1,5 @@
 import zipfile
+import tarfile
 import platform
 from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import (
     GithubApi,
@@ -29,6 +30,10 @@ class Utils:
     def unzip_file(self, zip_file_path, extract_path):
         with zipfile.ZipFile(zip_file_path, "r") as zip_ref:
             zip_ref.extractall(extract_path)
+    def extract_targz_file(self, tar_file_path, extract_path):
+        with tarfile.open(tar_file_path, "r:gz") as tar_ref:
+            tar_ref.extractall(path=extract_path)
     def configurate_external_checks(self, tool, config_tool, secret_tool, secret_external_checks, agent_work_folder="/tmp"):
         try:
@@ -103,7 +108,7 @@ class Utils:
                         config_tool[tool]["EXTERNAL_DIR_OWNER"],
                         config_tool[tool]["EXTERNAL_DIR_REPOSITORY"],
                         github_token,
-                        agent_work_folder if platform.system() in "Windows" else "/tmp"
+                        agent_work_folder
                     )
         except Exception as ex:

devsecops_engine_tools-1.32.0/devsecops_engine_tools/version.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ version = '1.32.0'

devsecops-engine-tools 1.30.2__tar.gz → 1.32.0__tar.gz

Potentially problematic release.

devsecops-engine-tools 1.30.2tar.gz → 1.32.0tar.gz