PyPI - devsecops-engine-tools - Versions diffs - 1.31.0__py3-none-any.whl → 1.32.0__py3-none-any.whl - Mend

devsecops-engine-tools 1.31.0py3-none-any.whl → 1.32.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (12) hide show

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py CHANGED Viewed

@@ -82,6 +82,7 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "BEARER": "Bearer CLI",
                 "DEPENDENCY_CHECK": "Dependency Check Scan",
                 "SONARQUBE": "SonarQube API Import",
+                "GITLEAKS": "Gitleaks Scan"
             }
             if any(

devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py CHANGED Viewed

@@ -7,6 +7,12 @@ from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_
 from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import (
     SecretScanDeserealizator
     )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.gitleaks.gitleaks_tool import (
+    GitleaksTool
+    )
+from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.gitleaks.gitleaks_deserealizator import (
+    GitleaksDeserealizator
+    )
 from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run import (
     GitRun
     )
@@ -19,6 +25,10 @@ def runner_secret_scan(dict_args, tool, devops_platform_gateway, secret_tool):
         if (tool == "TRUFFLEHOG"):
             tool_gateway = TrufflehogRun()
             tool_deserealizator = SecretScanDeserealizator()
+        elif (tool == "GITLEAKS"):
+            tool_gateway = GitleaksTool()
+            tool_deserealizator = GitleaksDeserealizator()
         return engine_secret_scan(
             devops_platform_gateway = devops_platform_gateway,
             tool_gateway = tool_gateway,

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/__init__.py ADDED Viewed

File without changes

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_deserealizator.py ADDED Viewed

@@ -0,0 +1,36 @@
+from datetime import datetime
+from dataclasses import dataclass
+from typing import List
+from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding, Category
+from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator import (
+    DeseralizatorGateway
+)
+@dataclass
+class GitleaksDeserealizator(DeseralizatorGateway):
+    def get_list_vulnerability(self, results_scan_list: List[dict], path_directory: str, os: str) -> List[Finding]:
+        list_open_vulnerabilities = []
+        current_date=datetime.now().strftime("%d%m%Y")
+        for result in results_scan_list:
+            vulnerability_open = Finding(
+                id=result.get("RuleID", "SECRET_SCANNING"),
+                cvss=None,
+                where=self.get_where_correctly(result, path_directory),
+                description=result.get("Description", "No description available"),
+                severity="critical",
+                identification_date=current_date,
+                published_date_cve=None,
+                module="engine_secret",
+                category=Category.VULNERABILITY,
+                requirements="",
+                tool="Gitleaks",
+            )
+            list_open_vulnerabilities.append(vulnerability_open)
+        return list_open_vulnerabilities
+    def get_where_correctly(self, result: dict, path_directory=""):
+        path = result.get("File", "").replace(path_directory, "")
+        hidden_secret = str(result.get("Secret"))[:3] + '*' * 9 + str(result.get("Secret"))[-3:]
+        return f"{path}, Secret: {hidden_secret}"

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py ADDED Viewed

@@ -0,0 +1,150 @@
+import json
+import os
+import re
+import subprocess
+import requests
+from concurrent.futures import ThreadPoolExecutor, as_completed
+from devsecops_engine_tools.engine_utilities.utils.utils import Utils
+from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+from devsecops_engine_tools.engine_utilities.utils.utils import Utils
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+class GitleaksTool(ToolGateway):
+    _COMMAND = None
+    def install_tool(self, agent_os, agent_temp_dir, tool_version) -> any:
+        is_windows_os = re.search(r"Windows", agent_os)
+        is_linux_os = re.search(r"Linux", agent_os)
+        if is_windows_os:
+            file_extension = "windows_x64.zip"
+        elif is_linux_os:
+            file_extension = "linux_x64.tar.gz"
+        else:
+            file_extension = "darwin_x64.tar.gz"
+        command = f"{agent_temp_dir}{os.sep}gitleaks"
+        command = f"{command}.exe" if is_windows_os else command
+        self._COMMAND = command
+        result = subprocess.run(f"{command} --version", capture_output=True, shell=True, text=True)
+        is_tool_installed = re.search(fr"{tool_version}", result.stdout.strip())
+        if is_tool_installed: return
+        try:
+            url = f"https://github.com/gitleaks/gitleaks/releases/download/v{tool_version}/gitleaks_{tool_version}_{file_extension}"
+            response = requests.get(url, allow_redirects=True)
+            compressed_name = os.path.join(
+                agent_temp_dir, f"gitleaks_{tool_version}_{file_extension}"
+            )
+            with open(compressed_name, "wb") as f:
+                f.write(response.content)
+            if is_windows_os:
+                Utils().unzip_file(compressed_name, agent_temp_dir)
+            else:
+                Utils().extract_targz_file(compressed_name, agent_temp_dir)
+        except Exception as ex:
+            logger.error(f"An error ocurred downloading Gitleaks: {ex}")
+    def _extract_json_data(self, file_path):
+        if os.path.exists(file_path):
+            with open(file_path, 'r', encoding='utf-8') as f:
+                return json.load(f)
+        else:
+            print(f"File {file_path} does not exist")
+            return []
+    def _create_report(self, output_file, combined_data):
+        with open(output_file, 'w', encoding='utf-8') as f:
+            json.dump(combined_data, f, ensure_ascii=False, indent=4)
+    def _check_path(self, path, excluded_paths):
+        parts = path.split(os.sep)
+        for part in parts:
+            if part in excluded_paths: return True
+        return False
+    def _add_flags(self, config_tool, tool, agent_work_folder):
+        flags = []
+        if not config_tool[tool]["ALLOW_IGNORE_LEAKS"]:
+            flags.append("--ignore-gitleaks-allow")
+        if config_tool[tool]["ENABLE_CUSTOM_RULES"]:
+            flags.extend(["--config", f"{agent_work_folder}{os.sep}rules{os.sep}gitleaks{os.sep}gitleaks.toml"])
+        return flags
+    def run_tool_secret_scan(
+        self,
+        files,
+        agent_os,
+        agent_work_folder,
+        repository_name,
+        config_tool,
+        secret_tool,  # For external checks
+        secret_external_checks,  # For external checks
+        agent_temp_dir,
+        tool
+    ):
+        command = [self._COMMAND, "dir"]
+        finding_path = os.path.join(agent_work_folder, "gitleaks_report.json")
+        excluded_paths = config_tool[tool]["EXCLUDE_PATH"]
+        if config_tool[tool]["ENABLE_CUSTOM_RULES"]:
+            Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks, agent_work_folder)
+        try:
+            findings = []
+            flags = self._add_flags(config_tool, tool, agent_work_folder)
+            if len(files) > 1:
+                with ThreadPoolExecutor(max_workers=config_tool[tool]["NUMBER_THREADS"]) as executor:
+                    futures = []
+                    for pull_file in files:
+                        if self._check_path(pull_file, excluded_paths): continue
+                        aux_finding_path = os.path.join(
+                            agent_work_folder, f"gitleaks_aux_report_{pull_file.replace(os.sep, '_')}.json"
+                        )
+                        command_aux = command.copy()
+                        command_aux.extend([
+                            os.path.join(agent_work_folder, repository_name, pull_file),
+                            "--report-path", aux_finding_path
+                        ])
+                        command_aux.extend(flags)
+                        futures.append(executor.submit(self._run_subprocess_command, command_aux, aux_finding_path))
+                    for future in as_completed(futures):
+                        result = future.result()
+                        findings.extend(result)
+                self._create_report(finding_path, findings)
+            else:
+                command.extend([files[0], "--report-path", finding_path])
+                command.extend(flags)
+                subprocess.run(command, capture_output=True, text=True)
+                findings = self._extract_json_data(finding_path)
+            return findings, finding_path
+        except Exception as e:
+            logger.error(f"Error executing gitleaks scan: {e}")
+    def _run_subprocess_command(self, command_aux, aux_finding_path):
+        try:
+            subprocess.run(command_aux, capture_output=True, text=True)
+            return self._extract_json_data(aux_finding_path)
+        except Exception as e:
+            logger.error(f"Error executing gitleaks on {command_aux}: {e}")
+            return []

devsecops_engine_tools/engine_utilities/utils/utils.py CHANGED Viewed

@@ -1,4 +1,5 @@
 import zipfile
+import tarfile
 import platform
 from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import (
     GithubApi,
@@ -29,6 +30,10 @@ class Utils:
     def unzip_file(self, zip_file_path, extract_path):
         with zipfile.ZipFile(zip_file_path, "r") as zip_ref:
             zip_ref.extractall(extract_path)
+    def extract_targz_file(self, tar_file_path, extract_path):
+        with tarfile.open(tar_file_path, "r:gz") as tar_ref:
+            tar_ref.extractall(path=extract_path)
     def configurate_external_checks(self, tool, config_tool, secret_tool, secret_external_checks, agent_work_folder="/tmp"):
         try:
@@ -103,7 +108,7 @@ class Utils:
                         config_tool[tool]["EXTERNAL_DIR_OWNER"],
                         config_tool[tool]["EXTERNAL_DIR_REPOSITORY"],
                         github_token,
-                        agent_work_folder if platform.system() in "Windows" else "/tmp"
+                        agent_work_folder
                     )
         except Exception as ex:

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.31.0'
1	+ version = '1.32.0'

{devsecops_engine_tools-1.31.0.dist-info → devsecops_engine_tools-1.32.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.31.0
+Version: 1.32.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -134,10 +134,14 @@ For more information visit [here](https://github.com/bancolombia/devsecops-engin
     <td>Free</td>
   </tr>
   <tr>
-    <td>ENGINE_SECRET</td>
+    <td rowspan="2">ENGINE_SECRET</td>
     <td><a href="https://trufflesecurity.com/trufflehog">TRUFFLEHOG</a></td>
     <td>Free</td>
   </tr>
+  <tr>
+    <td><a href="https://gitleaks.io/">GITLEAKS</a></td>
+    <td>Free</td>
+  </tr>
   <tr>
     <td rowspan="2">ENGINE_CONTAINER</td>
     <td><a href="https://www.paloaltonetworks.com/prisma/cloud">PRISMA</a></td>

{devsecops_engine_tools-1.31.0.dist-info → devsecops_engine_tools-1.32.0.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=dORcM9p3Gq4eeQIYB7RelGt7lAEzbOinMO8jaEM2CLo,19
+devsecops_engine_tools/version.py,sha256=qh7fu1xeNri8o7YY1UAeXzATcZjiVeXYKv8u5NDpHlM,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -38,7 +38,7 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/secret
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=buCBJ6kAg-5b_7P-gWzem6NEMbk5lK9Hx0Zuf-BQfXQ,5090
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=kUGFYhCm4-gZajqZCdhsyDecILWQtFj3dmcIT07pNXU,27745
+devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=zBfd4zI_5fAHsIX3ZKt-WJmESkHkfUeIzAZO3O6adHo,27789
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=KCg6tTDncasrRZbB20QiLZNE6TKYkfgQ9zP0wPd3xe0,3925
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -143,7 +143,7 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_ge
 devsecops_engine_tools/engine_sast/engine_secret/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py,sha256=Th6koLvl0fn5SUAXTZ4cy9PEPKMjYpbB9A2S5rSYWxU,1394
+devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py,sha256=Su73AZxnbKX1JhJf7u6ZhQJWdhR9t3pNpi6aBmr6Ipo,1849
 devsecops_engine_tools/engine_sast/engine_secret/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -156,6 +156,9 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=VbpiXDHIGeFAGHWb6FBR1axRvh5R2vCOzeYsDkQoHAE,3189
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_deserealizator.py,sha256=IERIxeHhtQj0npBoL4_qb2mRlNgEUjg603DqGA49RQ4,1617
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py,sha256=FTkxlZu9PSX53wri7I0zN6iNdbXEioEvjmLm_ZqxUiM,5978
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=EEwKXvn8H4fTLZCuJC8CCJPvclqqrT0s3XDCU5xFd5o,7901
@@ -320,9 +323,9 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
 devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
-devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=_yaXWHN1pi2xFFKg0yKbb4fsK_ZRv7Dk_9N1FtPS72k,5964
-devsecops_engine_tools-1.31.0.dist-info/METADATA,sha256=pvTlUKMErHnqovHTD6U9B8lHN9TSbSXj_H8B9D00HeI,11276
-devsecops_engine_tools-1.31.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.31.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.31.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.31.0.dist-info/RECORD,,
+devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=dAklY11OGNDODjZyt9dO68Xiwu9pLJmqLOslqQ7rXa8,6112
+devsecops_engine_tools-1.32.0.dist-info/METADATA,sha256=y8wf8DXMNfi4wI6IVKw2AuXAq5A0C1aeMWwkz6ISD-c,11378
+devsecops_engine_tools-1.32.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.32.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.32.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.32.0.dist-info/RECORD,,

{devsecops_engine_tools-1.31.0.dist-info → devsecops_engine_tools-1.32.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.31.0.dist-info → devsecops_engine_tools-1.32.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.31.0.dist-info → devsecops_engine_tools-1.32.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.31.0__py3-none-any.whl → 1.32.0__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.31.0py3-none-any.whl → 1.32.0py3-none-any.whl