devsecops-engine-tools 1.32.5__py3-none-any.whl → 1.33.0__py3-none-any.whl

devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

@@ -170,6 +170,12 @@ def get_inputs_from_cli(args):
         required=False,
         help="Name of image to scan for engine_container",
     )
+    parser.add_argument(
+        "--dast_file_path",
+        required=False,
+        help="File path containing the configuration, structured according to the documentation, \
+        for the API or web application to be scanned by the DAST tool."
+    )
     args = parser.parse_args()
     return {
         "platform_devops": args.platform_devops,
@@ -187,7 +193,8 @@ def get_inputs_from_cli(args):
         "token_engine_dependencies": args.token_engine_dependencies,
         "token_external_checks": args.token_external_checks,
         "xray_mode": args.xray_mode,
-        "image_to_scan": args.image_to_scan
+        "image_to_scan": args.image_to_scan,
+        "dast_file_path": args.dast_file_path
     }
 
 

devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py

@@ -36,10 +36,12 @@ from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_
 from devsecops_engine_tools.engine_sca.engine_dependencies.src.applications.runner_dependencies_scan import (
     runner_engine_dependencies,
 )
+from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import (
+    runner_engine_dast
+)
 from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import (
     define_env,
 )
-
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
 from devsecops_engine_tools.engine_utilities import settings
 
@@ -98,7 +100,16 @@ class HandleScan:
             )
             return findings_list, input_core
         elif "engine_dast" in dict_args["tool"]:
-            print(MESSAGE_ENABLED)
+            findings_list, input_core = runner_engine_dast(
+                dict_args,
+                config_tool["ENGINE_DAST"],
+                secret_tool,
+                self.devops_platform_gateway
+            )
+            self._use_vulnerability_management(
+                config_tool, input_core, dict_args, secret_tool, env
+            )
+            return findings_list, input_core
         elif "engine_code" in dict_args["tool"]:
             findings_list, input_core = runner_engine_code(
                 dict_args,

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py

@@ -82,7 +82,8 @@ class DefectDojoPlatform(VulnerabilityManagementGateway):
                 "BEARER": "Bearer CLI",
                 "DEPENDENCY_CHECK": "Dependency Check Scan",
                 "SONARQUBE": "SonarQube API Import",
-                "GITLEAKS": "Gitleaks Scan"
+                "GITLEAKS": "Gitleaks Scan",
+                "NUCLEI": "Nuclei Scan"
             }
 
             if any(

devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py

@@ -0,0 +1,100 @@
+from typing import List
+from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.entry_point_dast import (
+    init_engine_dast,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool import (
+    NucleiTool,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_object import (
+    JwtObject,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool import (
+    JwtTool,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth import (
+    GenericOauth,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.http.client.auth_client import (
+    AuthClientCredential,
+)
+from devsecops_engine_tools.engine_dast.src.domain.model.api_config import (
+    ApiConfig
+)
+from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import (
+    ApiOperation
+)
+from devsecops_engine_tools.engine_dast.src.domain.model.wa_config import (
+    WaConfig
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.helpers.json_handler import (
+    load_json_file
+)
+
+def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway):
+    if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool
+        tool_run = NucleiTool()
+    extra_tools = []
+    target_config = None
+
+    # Filling operations list with adapters
+    data = load_json_file(dict_args["dast_file_path"])
+
+    try:
+        if "operations" in data: # Api
+            operations: List = []
+            for elem in data["operations"]:
+                security_type = elem["operation"]["security_auth"]["type"].lower()
+                if security_type == "jwt":
+                    operations.append(
+                        ApiOperation(
+                            elem,
+                            JwtObject(
+                                elem["operation"]["security_auth"]
+                            )
+                        )
+                    )
+                elif security_type == "oauth":
+                    operations.append(
+                        ApiOperation(
+                            elem,
+                            GenericOauth(
+                                elem["operation"]["security_auth"],
+                                data["endpoint"]
+                            )
+                        )
+                    )
+                else:
+                    operations.append(
+                        ApiOperation(
+                            elem,
+                            AuthClientCredential(
+                                elem["operation"]["security_auth"]
+                            )
+                        )
+                    )
+            data["operations"] = operations
+            target_config = ApiConfig(data)
+        elif "WA" in data: # Web Application
+            if data["data"].get["security_auth"] == "oauth":
+                authentication_gateway =  GenericOauth(
+                        data["data"]["security_auth"]
+                    )
+            target_config = WaConfig(data, authentication_gateway)
+        else:
+            raise ValueError("Can't match if the target type is an api or a web application")
+
+        if any((k.lower() == "jwt") for k in config_tool["EXTRA_TOOLS"]) and any(isinstance(operation.authentication_gateway, JwtObject) for operation in data["operations"] ):
+            extra_tools.append(JwtTool(target_config))
+
+        return init_engine_dast(
+            devops_platform_gateway=devops_platform_gateway,
+            tool_gateway=tool_run,
+            dict_args=dict_args,
+            secret_tool=secret_tool,
+            config_tool=config_tool,
+            extra_tools=extra_tools,
+            target_data=target_config
+        )
+    except Exception as e:
+        raise Exception(f"Error engine_dast: {e}")
+        

devsecops_engine_tools/engine_dast/src/domain/model/api_config.py

@@ -0,0 +1,13 @@
+from typing import List
+from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import ApiOperation
+
+
+class ApiConfig():
+    def __init__(self, api_data: dict):
+        try:
+            self.target_type: str = "API"
+            self.endpoint: str = api_data["endpoint"]
+            self.rate_limit: str = api_data.get("rate_limit")
+            self.operations: "List[ApiOperation]" = api_data["operations"]
+        except KeyError:
+            raise KeyError("Missing configuration, validate the endpoint and every single operation")

devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py

@@ -0,0 +1,13 @@
+from devsecops_engine_tools.engine_dast.src.domain.model.gateways.authentication_gateway import (
+    AuthenticationGateway
+)
+class ApiOperation():
+    def __init__(self, operation, authentication_gateway):
+        self.authentication_gateway: AuthenticationGateway = authentication_gateway
+        self.data: dict = operation
+        self.credentials = ("auth_header", "token")
+
+    def authenticate(self):
+        self.credentials = self.authentication_gateway.get_credentials()
+        if self.credentials is not None:
+            self.data["operation"]["headers"][f'{self.credentials[0]}'] = f'{self.credentials[1]}'

devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_gateway.py

@@ -0,0 +1,7 @@
+from abc import ABCMeta, abstractmethod
+
+
+class AuthenticationGateway(metaclass=ABCMeta):
+    @abstractmethod
+    def get_credentials(self) -> dict:
+        "get_credentials"

devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py

@@ -0,0 +1,9 @@
+from abc import ABCMeta, abstractmethod
+
+
+class ToolGateway(metaclass=ABCMeta):
+    @abstractmethod
+    def run_tool(
+        self, target_data, config_tool, secret_tool, secret_external_checks, agent_work_folder
+    ) -> str:
+        "run_tool"

devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py

@@ -0,0 +1,10 @@
+class WaConfig:
+    def __init__(self, data: dict, authentication_gateway):
+        self.target_type: str = "WA"
+        self.url: str = data["endpoint"]
+        self.data: dict = data.wa_data
+
+    def authenticate(self):
+        self.credentials = self.authentication_gateway.get_credentials()
+        if self.credentials is not None:
+            self.data["headers"][self.credentials[0]] = self.credentials[1]

devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py

@@ -0,0 +1,128 @@
+from typing import (
+    List, Tuple, Any
+)
+from devsecops_engine_tools.engine_dast.src.domain.model.gateways.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.input_core import (
+    InputCore,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.exclusions import (
+    Exclusions,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold
+
+class DastScan:
+    def __init__(
+        self,
+        tool_gateway: ToolGateway,
+        devops_platform_gateway: DevopsPlatformGateway,
+        data_target,
+        aditional_tools: "List[ToolGateway]"
+    ):
+        self.tool_gateway = tool_gateway
+        self.devops_platform_gateway = devops_platform_gateway
+        self.data_target = data_target
+        self.other_tools = aditional_tools
+
+    def complete_config_tool(
+        self, data_file_tool, exclusions, tool
+    ) -> "Tuple[Any, Any]":
+        
+        config_tool = data_file_tool
+
+        config_tool["SCOPE_PIPELINE"] = self.devops_platform_gateway.get_variable(
+            "pipeline_name"
+        )
+
+        config_tool["EXCLUSIONS"] = exclusions
+
+        config_exclusions = config_tool["EXCLUSIONS"]
+
+        if config_exclusions.get("All") is not None:
+            config_tool["EXCLUSIONS_ALL"] = config_exclusions.get("All").get(tool)
+        if config_exclusions.get(config_tool["SCOPE_PIPELINE"]) is not None:
+            config_tool["EXCLUSIONS_SCOPE"] = config_exclusions.get(
+                config_tool["SCOPE_PIPELINE"]
+            ).get(tool)
+
+        data_target_config = self.data_target
+        return config_tool, data_target_config
+
+    def process(
+        self, dict_args, secret_tool, config_tool
+    ) -> "Tuple[List, InputCore]":
+        init_config_tool = self.devops_platform_gateway.get_remote_config(
+            dict_args["remote_config_repo"], "engine_dast/ConfigTool.json"
+        )
+
+        exclusions = self.devops_platform_gateway.get_remote_config(
+            dict_args["remote_config_repo"],
+            "engine_dast/Exclusions.json"
+        )
+
+        agent_work_folder = self.devops_platform_gateway.get_variable("path_directory")
+
+        config_tool, data_target = self.complete_config_tool(
+            data_file_tool=init_config_tool,
+            exclusions=exclusions,
+            tool=config_tool["TOOL"],
+        )
+
+        finding_list, path_file_results = self.tool_gateway.run_tool(
+            target_data=data_target,
+            config_tool=config_tool,
+            secret_tool=secret_tool,
+            secret_external_checks=dict_args["token_external_checks"],
+            agent_work_folder=agent_work_folder
+        )
+
+        #Here execute other tools and append to finding list
+        if len(self.other_tools) > 0:
+            for i in range(len(self.other_tools)):
+                extra_config_tool, data_target = self.complete_config_tool(
+                data_file_tool=init_config_tool,
+                exclusions=exclusions,
+                tool=self.other_tools[i].TOOL
+                )
+                extra_finding_list = self.other_tools[i].run_tool(
+                    target_data=data_target,
+                    config_tool=extra_config_tool
+                )
+                if len(extra_finding_list) > 0:
+                    finding_list.extend(extra_finding_list)
+
+        totalized_exclusions = []
+        (
+            totalized_exclusions.extend(
+                map(
+                    lambda elem: Exclusions(**elem), config_tool.get("EXCLUSIONS_ALL")
+                )
+            )
+            if config_tool.get("EXCLUSIONS_ALL") is not None
+            else None
+        )
+        (
+            totalized_exclusions.extend(
+                map(
+                    lambda elem: Exclusions(**elem),
+                    config_tool.get("EXCLUSIONS_SCOPE"),
+                )
+            )
+            if config_tool.get("EXCLUSIONS_SCOPE") is not None
+            else None
+        )
+
+        input_core = InputCore(
+            totalized_exclusions=totalized_exclusions,
+            threshold_defined=Threshold(config_tool.get("THRESHOLD")),
+            path_file_results=path_file_results,
+            custom_message_break_build=config_tool.get("MESSAGE_INFO_DAST"),
+            scope_pipeline=config_tool.get("SCOPE_PIPELINE"),
+            stage_pipeline=self.devops_platform_gateway.get_variable("stage"),
+        )
+
+        return finding_list, input_core

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py

@@ -0,0 +1,69 @@
+from typing import List
+import os
+from ruamel.yaml import YAML
+from json import dumps as json_dumps
+
+class NucleiConfig:
+    def __init__(self, target_config):
+        self.url: str = target_config.endpoint
+        self.target_type: str = target_config.target_type.lower()
+        self.custom_templates_dir: str = ""
+        self.output_file: str = "result_dast_scan.json"
+        self.yaml = YAML()
+        if self.target_type == "api":
+            self.data: List = target_config.operations
+        elif self.target_type == "wa":
+            self.data: dict = target_config.data
+        else:
+            raise ValueError("ERROR: The objective is not an api or web application type")
+
+    def process_template_file(
+        self,
+        dest_folder: str,
+        template_name: str,
+        new_template_data: dict,
+        template_counter: int,
+    ) -> None:
+        new_template_name: str = "nuclei_template_" + str(template_counter) + ".yaml"
+        with open(template_name, "r") as template_file:  # abrir  archivo
+            template_data = self.yaml.load(template_file)
+            if "http" in template_data:
+                template_data["http"][0]["method"] = new_template_data["operation"]["method"]
+                template_data["http"][0]["path"] = [
+                    "{{BaseURL}}" + new_template_data["operation"]["path"]
+                ]
+                if "headers" in template_data.get("http", [{}])[0]:
+                    template_data["http"][0]["headers"] = new_template_data["operation"]["headers"]
+                if "payload" in new_template_data["operation"]:
+                    body = json_dumps(new_template_data["operation"]["payload"])
+                    template_data["http"][0]["body"] = body
+
+        new_template_path = os.path.join(dest_folder, new_template_name)
+
+        with open(new_template_path, "w") as nf:
+            self.yaml.dump(template_data, nf)
+
+    def process_templates_folder(self, base_folder: str) -> None:
+        if not os.path.exists(self.custom_templates_dir):
+            os.makedirs(self.custom_templates_dir)
+
+        t_counter = 0
+        for operation in self.data:
+            operation.authenticate() #Api Authentication
+            for root, _, files in os.walk(f"{base_folder}{os.sep}rules{os.sep}nuclei"):
+                for file in files:
+                    if file.endswith(".yaml"):
+                        self.process_template_file(
+                            dest_folder=self.custom_templates_dir,
+                            template_name=os.path.join(root, file),
+                            new_template_data=operation.data,
+                            template_counter=t_counter,
+                        )
+                        t_counter += 1
+
+    def customize_templates(self, directory: str) -> None:
+        if self.target_type == "api":
+            self.custom_templates_dir = f"{directory}{os.sep}customized-nuclei-templates"
+            self.process_templates_folder(
+                base_folder=directory
+            )

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py

@@ -0,0 +1,39 @@
+from dataclasses import (
+    dataclass,
+)
+from datetime import (
+    datetime,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.finding import (
+    Category,
+    Finding,
+)
+
+
+@dataclass
+class NucleiDesealizator:
+    @classmethod
+    def get_list_finding(
+        cls,
+        results_scan_list: "list[dict]",
+    ) -> "list[Finding]":
+        list_open_findings = []
+        if len(results_scan_list) > 0:
+            for scan in results_scan_list:
+                finding_open = Finding(
+                    id=scan.get("template-id"),
+                    cvss=scan["info"].get("classification", {}).get("cvss-score", ""),
+                    where=scan.get("matched-at"),
+                    description=scan["info"].get("description"),
+                    severity=scan["info"].get("severity").lower() if scan["info"].get("severity").lower() != "info" else "low",
+                    identification_date=datetime.now().strftime("%d%m%Y"),
+                    module="engine_dast",
+                    category=Category("vulnerability"),
+                    requirements=scan["info"].get("remediation"),
+                    tool="Nuclei",
+                    published_date_cve=None
+                )
+                list_open_findings.append(finding_open)
+
+        return list_open_findings
+

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py

@@ -0,0 +1,145 @@
+import os
+import subprocess
+import json
+import platform
+import requests
+import shutil
+from devsecops_engine_tools.engine_dast.src.domain.model.gateways.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config import (
+    NucleiConfig,
+)
+from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_deserealizer import (
+    NucleiDesealizator,
+)
+from devsecops_engine_tools.engine_utilities.utils.utils import Utils
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+from devsecops_engine_tools.engine_utilities.utils.utils import Utils
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+class NucleiTool(ToolGateway):
+
+    """A class that wraps the nuclei scanner functionality"""
+
+    def __init__(self, target_config=None, data_config_cli=None):
+        """Initialize the class with the data from the config file and the cli"""
+        self.target_config = target_config
+        self.data_config_cli = data_config_cli
+        self.TOOL: str = "NUCLEI"
+
+    def download_tool(self, version):
+        try:
+            base_url = f"https://github.com/projectdiscovery/nuclei/releases/download/v{version}/"
+            os_type = platform.system().lower()
+
+            os_types = {"darwin": "macOS", "linux": "linux", "windows": "windows"}
+            if os_type in os_types:
+                curr_os = os_types[os_type]
+            else:
+                raise Exception(f"Error [101]: {os_type} is an unsupported OS type!")
+
+            file_name = f"nuclei_{version}_{curr_os}_amd64.zip"
+            url = f"{base_url}{file_name}"
+
+            response = requests.get(url, allow_redirects=True)
+            if response.status_code != 200:
+                raise Exception(f"Error [102]: Failed to download Nuclei version {version}. HTTP status code: {response.status_code}")
+
+            home_directory = os.path.expanduser("~")
+            zip_name = os.path.join(home_directory, file_name)
+            with open(zip_name, "wb") as f:
+                f.write(response.content)
+
+            Utils().unzip_file(zip_name, home_directory)
+            return 0
+        except Exception as e:
+            logger.error(f"Error [103]: An exception occurred during download: {e}")
+            return e
+
+    def install_tool(self, version):
+        try:
+            nuclei_path = shutil.which("nuclei")
+
+            if not nuclei_path:
+                download_result = self.download_tool(version)
+                if download_result != 0:
+                    raise Exception(f"Error [104]: Download failed with error: {download_result}")
+
+            os_type = platform.system().lower()
+            home_directory = os.path.expanduser("~")
+
+            if nuclei_path:
+                executable_path = nuclei_path
+            elif os_type == "windows":
+                executable_path = os.path.join(home_directory, "nuclei.exe")
+            else:
+                executable_path = os.path.join(home_directory, "nuclei")
+
+            if os_type == "darwin" or os_type == "linux":
+                subprocess.run(["chmod", "+x", executable_path], check=True)
+                return {"status": 201, "path": executable_path}  # Installation successful
+            elif os_type == "windows":
+                return {"status": 202, "path":executable_path}
+            else:
+                raise Exception(f"Error [105]: {os_type} is an unsupported OS type!")
+            
+        except subprocess.CalledProcessError as e:
+            logger.error(f"Error [106]: Command execution failed: {e}")
+            return {"status": 106}
+        except Exception as e:
+            logger.error(f"Error [107]: An exception occurred during installation: {e}")
+            return {"status": 107}
+
+    def execute(self, command_prefix: str, target_config: NucleiConfig) -> dict:
+        """Interact with nuclei's core application"""
+
+        command = (
+            command_prefix
+            + " -u "  # target URLs/hosts to scan
+            + target_config.url
+            + (f" -ud {target_config.custom_templates_dir}" if target_config.custom_templates_dir else "")
+            + " -ni "  # disable interactsh server
+            + "-dc "  # disable clustering of requests
+            + "-tags " # Excute only templates with the especified tag
+            + target_config.target_type
+            + " -je "  # file to export results in JSON format
+            + str(target_config.output_file)
+            + " -sr"
+        )
+
+        if command is not None:
+            result = subprocess.run(
+                command,
+                shell=True,
+                capture_output=True,
+            )
+            error = result.stderr.decode().strip() if result.stderr else ""
+            if result.returncode != 0:
+                raise Exception(f"Error executing nuclei: {error}")
+        with open(target_config.output_file, "r") as f:
+            json_response = json.load(f)
+        return json_response
+
+    def run_tool(self, 
+        target_data, 
+        config_tool,
+        secret_tool, 
+        secret_external_checks,
+        agent_work_folder
+    ):
+        result_install = self.install_tool(config_tool[self.TOOL]["VERSION"])
+        if result_install["status"] < 200:
+            return [], None
+        
+        nuclei_config = NucleiConfig(target_data)
+        if config_tool[self.TOOL]["ENABLE_CUSTOM_RULES"]:
+            Utils().configurate_external_checks(self.TOOL, config_tool, secret_tool, secret_external_checks, agent_work_folder)
+            nuclei_config.customize_templates(agent_work_folder)
+
+        result_scans = self.execute(result_install["path"], nuclei_config)
+        findings_list = NucleiDesealizator().get_list_finding(result_scans)
+        return findings_list, nuclei_config.output_file

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py

@@ -0,0 +1,70 @@
+import requests
+from devsecops_engine_tools.engine_dast.src.domain.model.gateways.authentication_gateway import (
+    AuthenticationGateway
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+class GenericOauth(AuthenticationGateway):
+    def __init__(self, data, endpoint):
+        self.data: dict = data
+        self.endpoint = endpoint
+        self.config = {}
+
+    def process_data(self):
+
+        self.config = {
+            "method": self.data.get("method", "POST"),
+            "path": self.data.get("path", ""),
+            "grant_type": self.data.get("grant_type",""),
+            "scope": self.data.get("scope", None),
+            "headers": self.data.get("headers", {}),
+            "client_secret": self.data.get("client_secret", ""),
+            "client_id": self.data.get("client_id", "")
+        }
+        return self.config
+
+    def get_access_token(self):
+        auth_config = self.process_data()
+
+        if auth_config["grant_type"].lower() == "client_credentials":
+            return self.get_access_token_client_credentials()
+        else:
+            raise ValueError("OAuth: Grant type is not supported yet")
+
+    def get_credentials(self):
+        return self.get_access_token()
+
+    def get_access_token_client_credentials(self):
+        """Obtain access token using client credentials flow."""
+        try:
+            required_keys = ["client_id", "client_secret"]
+            if not all(key in self.config for key in required_keys):
+                raise ValueError("One or more keys is missing in OAuth config")
+
+            data = {
+                "client_id": self.config["client_id"],
+                "client_secret": self.config["client_secret"],
+                "grant_type": "client_credentials",
+                "scope": self.config["scope"]
+            }
+
+            url = self.endpoint + self.config["path"]
+            headers = self.config["headers"]
+            response = requests.request(
+                self.config["method"], url, headers=headers, data=data, timeout=5
+            )
+            if 200 <= response.status_code < 300:
+                result = response.json()["access_token"]
+                return ("Authorization",f"Bearer {result}")
+            else:
+                print(
+                    "OAuth: Can't obtain access token"
+                    "token Unknown status "
+                    "code {0}: -> {1}".format(response.status_code, response.text)
+                )
+        except (ConnectionError, ValueError, KeyError) as e:
+            logger.warning("OAuth: Can't obtain access token: {0}".format(e))

devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py

@@ -0,0 +1,15 @@
+from devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan import (
+    DastScan,
+)
+
+def init_engine_dast(
+    devops_platform_gateway,
+    tool_gateway,
+    dict_args,
+    secret_tool,
+    config_tool,
+    extra_tools,
+    target_data
+):
+    dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools)
+    return dast_scan.process(dict_args, secret_tool, config_tool)

devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py

@@ -0,0 +1,61 @@
+import json
+import json
+from datetime import datetime
+
+def generate_file_from_tool(tool_name, result_scans, config_tool):
+    if tool_name == "JWT":
+        sarif_report = {
+            "version": "2.1.0",
+            "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
+            "runs": [
+                {
+                    "tool": {
+                        "driver": {
+                            "name": tool_name,
+                            "version": "1.0.0",
+                            "rules": [
+                                {
+                                    "id": rule_id,
+                                    "shortDescription": {"text": rule["description"]},
+                                    "helpUri": rule.get("helpUri", ""),
+                                    "properties": {
+                                        "severity": rule.get("severity", "medium"),
+                                        "cvss": rule.get("cvss", 0)
+                                    }
+                                }
+                                for rule_id, rule in config_tool.get("RULES", {}).items()
+                            ]
+                        }
+                    },
+                    "results": [
+                        {
+                            "ruleId": result["check_id"],
+                            "message": {"text": result["description"]},
+                            "locations": [
+                                {
+                                    "physicalLocation": {
+                                        "artifactLocation": {
+                                            "uri": result["matched-at"]
+                                        }
+                                    }
+                                }
+                            ],
+                            "properties": {
+                                "severity": result["severity"],
+                                "cvss": result["cvss"],
+                                "remediation": result.get("remediation", "No remediation provided")
+                            }
+                        }
+                        for result in result_scans
+                    ]
+                }
+            ]
+        }
+
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        sarif_file_path = f"{tool_name}_report_{timestamp}.sarif"
+        
+        with open(sarif_file_path, "w", encoding="utf-8") as sarif_file:
+            json.dump(sarif_report, sarif_file, indent=4)
+
+        return sarif_file_path

devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py

@@ -0,0 +1,13 @@
+import json
+
+
+def load_json_file(file_path: str):
+    try:
+        with open(file_path, 'r') as file:
+            return json.load(file)
+    except FileNotFoundError:
+        raise FileNotFoundError(f"Error: The file '{file_path}' was not found.")
+    except json.JSONDecodeError:
+        raise json.JSONDecodeError(f"Error: The file '{file_path}' does not contain valid JSON.")
+    except IOError as e:
+        raise IOError(f"I/O Error: {e}")

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.32.5'
+version = '1.33.0'

{devsecops_engine_tools-1.32.5.dist-info → devsecops_engine_tools-1.33.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.32.5
+Version: 1.33.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team
@@ -28,6 +28,9 @@ Requires-Dist: setuptools==72.1.0
 Requires-Dist: rich==13.9.4
 Requires-Dist: cpe==1.3.1
 Requires-Dist: packageurl-python==0.15.6
+Requires-Dist: ruamel.yaml==0.18.6
+Requires-Dist: Authlib==1.3.2
+Requires-Dist: PyJWT==2.9.0
 
 # DevSecOps Engine Tools
 
@@ -71,7 +74,7 @@ pip3 install devsecops-engine-tools
 ### Scan running - flags (CLI)
 
 ```bash
-devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"]
+devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --remote_config_branch ["remote_config_branch"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"] --folder_path ["Folder path scan engine_iac, engine_code, engine_dependencies and engine_secret"] --platform ["k8s","cloudformation","docker", "openapi", "terraform"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"]
 ```
 
 ### Structure Remote Config
@@ -83,6 +86,9 @@ devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_con
    ┣ 📂engine_risk
    ┃ ┗ 📜ConfigTool.json
    ┃ ┗ 📜Exclusions.json
+   ┣ 📂engine_dast
+   ┃ ┗ 📜ConfigTool.json
+   ┃ ┗ 📜Exclusions.json
    ┣ 📂engine_sast
    ┃ ┗ 📂engine_iac
    ┃   ┗ 📜ConfigTool.json

{devsecops_engine_tools-1.32.5.dist-info → devsecops_engine_tools-1.33.0.dist-info}/RECORD

@@ -1,9 +1,9 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=RANDpLFXBeOMxUGB5T0M5F0OW8X34R26gytSNFGlps8,19
+devsecops_engine_tools/version.py,sha256=slrJ8PjsmWhzds_t0aw7z9hMpKCAEOkgVl8LCAlXhwA,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=poPtyIEmOWjkE2L0l8l01O50dRG84xkp3V33zXDxU6g,7779
+devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=PcYxH6NQIPkFPMkeOEUs5iw2k-gL0HKuOek2uhR4gIQ,8080
 devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -28,7 +28,7 @@ devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_manage
 devsecops_engine_tools/engine_core/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py,sha256=0JK4U5LGxzrLVZOw68j1PMxmLTDPru7Kts_-RtAG0jA,15965
 devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py,sha256=RirHqsW5AhGjV7ITa13bW_BfM6VE99DffrPASoB9SN0,9403
-devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py,sha256=q1RGSDT7LSpPn7NyA9Pl4QGeQLQ3kvawzqmXrVQIKTs,9694
+devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py,sha256=XHLeVIVLrXv4oZF8GY6InEqWg0dszMb-0XBJFX7RZjY,10161
 devsecops_engine_tools/engine_core/src/domain/usecases/metrics_manager.py,sha256=Xi0iNnPrFgqd2cBdAA5E_tgouhxs-BTo016aolnGgv8,2413
 devsecops_engine_tools/engine_core/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -38,7 +38,7 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/secret
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py,sha256=buCBJ6kAg-5b_7P-gWzem6NEMbk5lK9Hx0Zuf-BQfXQ,5090
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=zBfd4zI_5fAHsIX3ZKt-WJmESkHkfUeIzAZO3O6adHo,27789
+devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=QnAy_7jnjd7BGzmkSnfsbsajkJ4Ap2pEguRChASNvdk,27830
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=KCg6tTDncasrRZbB20QiLZNE6TKYkfgQ9zP0wPd3xe0,3925
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -57,15 +57,32 @@ devsecops_engine_tools/engine_core/src/infrastructure/helpers/util.py,sha256=lDt
 devsecops_engine_tools/engine_dast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py,sha256=4RWkHfDm9WSzeLVE43XmQDC3osUoS4zwqhVo14piHxo,4004
 devsecops_engine_tools/engine_dast/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/domain/model/api_config.py,sha256=9B-pSTT58Bb1ysK6MIOpAxsGrn_AdrevOnQYmsLyNvU,548
+devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py,sha256=mQbmTlB0UxCJGEmw21Z0c9ObQF72Gl8N1qK21H5H81o,621
+devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py,sha256=DovmiRO9l50P25N91lG3BpSwc6R9OVQIw89Nv1RpXcc,411
+devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_gateway.py,sha256=JSi2LAK8kPctqPmh3KfxIkXeDY5sSRsXoPWqudlmyYQ,175
+devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py,sha256=F9Xusc7bQo25GpRvCMWPPQ_hlILbGF1yZKMAnm15Axs,255
 devsecops_engine_tools/engine_dast/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py,sha256=9zQhA8d9McGWNT2ZdvjmjWCIPN3UpST7RWve2QvyHu4,4693
 devsecops_engine_tools/engine_dast/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py,sha256=TxjdA5_KDmn-RqZQsPkrrqyjd9zPMweKH37pwnxSV8Q,3090
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py,sha256=qqoBMXr350ItzabSU6a_fD2-9kB6pAmtWioFP5AvCIE,1346
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py,sha256=Bk2JTwzTqrU9N84C_GTIf2vF_IpxuvLbvaygVIWOXdI,6066
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py,sha256=Je82JrXrM28lBJ0Z5ShySj8dqS47pmlWQwLmxvk6UsQ,2806
 devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py,sha256=Cbl-PH4BL4mT7JMkFRd3G9xKL4VatGDox3uyCGjxsKc,419
 devsecops_engine_tools/engine_dast/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py,sha256=usSGuFYziitOj3aGa9ifvpfJ-J3qX4c0GXbPm3PmTnQ,2604
+devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py,sha256=qQkSO0EXguVGZN6hSb356sB0HS0ZdcjfXsnPelfUnyg,444
 devsecops_engine_tools/engine_risk/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -324,8 +341,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=dAklY11OGNDODjZyt9dO68Xiwu9pLJmqLOslqQ7rXa8,6112
-devsecops_engine_tools-1.32.5.dist-info/METADATA,sha256=QUwi6wvkbITtiWwVHwlr6wGfPBw8f551jOmifzSvpUs,11378
-devsecops_engine_tools-1.32.5.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.32.5.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.32.5.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.32.5.dist-info/RECORD,,
+devsecops_engine_tools-1.33.0.dist-info/METADATA,sha256=JjNGfCUCAgdfAXsGiI-nqwmOehCbPKRKPQVaWhD2cHc,11592
+devsecops_engine_tools-1.33.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.33.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.33.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.33.0.dist-info/RECORD,,