PyPI - devsecops-engine-tools - Versions diffs - 1.40.1__py3-none-any.whl → 1.41.0__py3-none-any.whl - Mend

devsecops-engine-tools 1.40.1py3-none-any.whl → 1.41.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (11) hide show

devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py CHANGED Viewed

@@ -26,6 +26,7 @@ class BreakBuild:
         report_list: "list[Report]",
         all_report: "list[Report]",
         threshold: any,
+        policy_excluded: int,
     ):
         self.devops_platform_gateway = devops_platform_gateway
         self.printer_table_gateway = printer_table_gateway
@@ -35,6 +36,7 @@ class BreakBuild:
         self.report_list = report_list
         self.all_report = all_report
         self.threshold = threshold
+        self.policy_excluded = policy_excluded
         self.break_build = False
         self.warning_build = False
         self.report_breaker = []
@@ -50,11 +52,9 @@ class BreakBuild:
         }
     def process(self):
-        self._remediation_rate_control(self.all_report)
         new_report_list, applied_exclusions = self._apply_exclusions(self.report_list)
-        if self.break_build:
-            self.report_breaker.extend(copy.deepcopy(new_report_list))
         self._tag_blacklist_control(new_report_list)
+        self._remediation_rate_control(self.all_report, new_report_list)
         self._risk_score_control(new_report_list)
         all_exclusions = list(self.vm_exclusions) + list(applied_exclusions)
         self._print_exclusions(self._map_applied_exclusion(all_exclusions))
@@ -118,10 +118,19 @@ class BreakBuild:
         else:
             print(self.devops_platform_gateway.result_pipeline("succeeded"))
-    def _remediation_rate_control(self, all_report: "list[Report]"):
+    def _remediation_rate_control(
+        self, all_report: "list[Report]", new_report_list: "list[Report]"
+    ):
         mitigated = sum(1 for report in all_report if report.mitigated)
-        total = len(all_report)
-        print(f"Mitigated count: {mitigated}   Total count: {total}")
+        white_list = sum(
+            1
+            for report in all_report
+            if "white_list" in report.tags and not report.mitigated
+        )
+        total = len(all_report) - self.policy_excluded - white_list
+        print(
+            f"Mitigated count: {mitigated}   Total count: {len(all_report)}   Policy excluded: {self.policy_excluded + white_list}"
+        )
         remediation_rate_value = self._get_percentage(mitigated / total)
         risk_threshold = self._get_remediation_rate_threshold(total)
@@ -150,10 +159,18 @@ class BreakBuild:
                 )
             )
             self.break_build = True
+            [
+                setattr(report, "reason", "Remediation Rate")
+                for report in new_report_list
+            ]
+            self.report_breaker.extend(copy.deepcopy(new_report_list))
     def _get_remediation_rate_threshold(self, total):
         remediation_rate = self.threshold["REMEDIATION_RATE"]
-        for key in sorted(remediation_rate.keys(), key=lambda x: int(x) if x.isdigit() else float('inf')):
+        for key in sorted(
+            remediation_rate.keys(),
+            key=lambda x: int(x) if x.isdigit() else float("inf"),
+        ):
             if key.isdigit() and total <= int(key):
                 return remediation_rate[key]
         return remediation_rate["other"]
@@ -209,7 +226,6 @@ class BreakBuild:
                         applied_exclusions.append(exclusion_copy)
                         break
             if not exclude:
-                report.reason = "Remediation Rate"
                 filtered_reports.append(report)
         return filtered_reports, applied_exclusions
@@ -217,21 +233,22 @@ class BreakBuild:
     def _tag_blacklist_control(self, report_list: "list[Report]"):
         remote_config = self.remote_config
         if report_list:
-            tag_blacklist = set(remote_config["TAG_BLACKLIST"])
-            tag_age_threshold = self.threshold["TAG_MAX_AGE"]
+            tag_blacklist = set(remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"].keys())
             filtered_reports_above_threshold = [
                 (report, tag)
                 for report in report_list
                 for tag in report.tags
-                if tag in tag_blacklist and report.age >= tag_age_threshold
+                if tag in tag_blacklist
+                and report.age >= remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"][tag]
             ]
             filtered_reports_below_threshold = [
                 (report, tag)
                 for report in report_list
                 for tag in report.tags
-                if tag in tag_blacklist and report.age < tag_age_threshold
+                if tag in tag_blacklist
+                and report.age < remote_config["TAG_BLACKLIST_EXCLUSION_DAYS"][tag]
             ]
             for report, tag in filtered_reports_above_threshold:
@@ -239,7 +256,7 @@ class BreakBuild:
                 print(
                     self.devops_platform_gateway.message(
                         "error",
-                        f"Report {report.vm_id} with tag {tag} is blacklisted and age {report.age} is above threshold {tag_age_threshold}",
+                        f"Report {report.vm_id} with tag '{tag}' is blacklisted and age {report.age} is above threshold {remote_config['TAG_BLACKLIST_EXCLUSION_DAYS'][tag]}",
                     )
                 )
@@ -247,9 +264,10 @@ class BreakBuild:
                 print(
                     self.devops_platform_gateway.message(
                         "warning",
-                        f"Report {report.vm_id} with tag {tag} is blacklisted but age {report.age} is below threshold {tag_age_threshold}",
+                        f"Report {report.vm_id} with tag '{tag}' is blacklisted but age {report.age} is below threshold {remote_config['TAG_BLACKLIST_EXCLUSION_DAYS'][tag]}",
                     )
                 )
+                self.policy_excluded += 1
             if filtered_reports_above_threshold:
                 self.break_build = True

devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py CHANGED Viewed

@@ -1,6 +1,7 @@
 from devsecops_engine_tools.engine_core.src.domain.model.exclusions import (
     Exclusions,
 )
+from datetime import datetime, timedelta
 class GetExclusions:
@@ -12,6 +13,7 @@ class GetExclusions:
         risk_config,
         risk_exclusions,
         services,
+        active_findings,
     ):
         self.devops_platform_gateway = devops_platform_gateway
         self.dict_args = dict_args
@@ -19,10 +21,13 @@ class GetExclusions:
         self.risk_config = risk_config
         self.risk_exclusions = risk_exclusions
         self.services = services
+        self.active_findings = active_findings
     def process(self):
         core_config = self.devops_platform_gateway.get_remote_config(
-            self.dict_args["remote_config_repo"], "engine_core/ConfigTool.json", self.dict_args["remote_config_branch"]
+            self.dict_args["remote_config_repo"],
+            "engine_core/ConfigTool.json",
+            self.dict_args["remote_config_branch"],
         )
         unique_tags = self._get_unique_tags()
         exclusions = []
@@ -35,14 +40,19 @@ class GetExclusions:
                     )
                 )
-        return exclusions
+        new_vuln_exclusions, len_new_vuln_exclusions = self._get_exclusions_new_vuln()
+        exclusions.extend(new_vuln_exclusions)
+        return exclusions, len_new_vuln_exclusions
     def _get_risk_exclusions(self):
         return self._get_exclusions(self.risk_exclusions, "RISK")
     def _get_exclusions_by_practice(self, core_config, practice, path):
         exclusions_config = self.devops_platform_gateway.get_remote_config(
-            self.dict_args["remote_config_repo"], path, self.dict_args["remote_config_branch"]
+            self.dict_args["remote_config_repo"],
+            path,
+            self.dict_args["remote_config_branch"],
         )
         tool = core_config[practice.upper()]["TOOL"]
         return self._get_exclusions(exclusions_config, tool)
@@ -69,3 +79,26 @@ class GetExclusions:
             tags = finding.tags
             unique_tags.update(tags)
         return list(unique_tags)
+    def _get_exclusions_new_vuln(self):
+        cutoff_date = datetime.now() - timedelta(days=5)
+        exclusions = []
+        for finding in self.active_findings:
+            if finding.publish_date:
+                try:
+                    finding_publish_date = datetime.strptime(
+                        finding.publish_date, "%Y-%m-%d"
+                    )
+                except ValueError:
+                    continue
+                if finding_publish_date >= cutoff_date and hasattr(finding, "id"):
+                    exclusion_data = finding.__dict__.copy()
+                    exclusion_data["create_date"] = finding_publish_date.strftime(
+                        "%d%m%Y"
+                    )
+                    exclusion_data["expired_date"] = (
+                        finding_publish_date + timedelta(days=5)
+                    ).strftime("%d%m%Y")
+                    exclusion_data["reason"] = "New vulnerability in the industry"
+                    exclusions.append(Exclusions(**exclusion_data))
+        return exclusions, len(exclusions)

devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py CHANGED Viewed

@@ -49,11 +49,13 @@ class HandleFilters:
     def filter_tags_days(self, devops_platform_gateway, remote_config, findings):
         tag_exclusion_days = remote_config["TAG_EXCLUSION_DAYS"]
         filtered_findings = []
+        filtered = 0
         for finding in findings:
             exclude = False
             for tag in finding.tags:
                 if tag in tag_exclusion_days and finding.age < tag_exclusion_days[tag]:
+                    filtered += 1
                     exclude = True
                     print(
                         devops_platform_gateway.message(
@@ -65,7 +67,7 @@ class HandleFilters:
             if not exclude:
                 filtered_findings.append(finding)
-        return filtered_findings
+        return filtered_findings, filtered
     def _get_active_findings(self, findings):
         return list(

devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py CHANGED Viewed

@@ -31,10 +31,14 @@ def init_engine_risk(
     vm_exclusions,
 ):
     remote_config = devops_platform_gateway.get_remote_config(
-        dict_args["remote_config_repo"], "engine_risk/ConfigTool.json", dict_args["remote_config_branch"]
+        dict_args["remote_config_repo"],
+        "engine_risk/ConfigTool.json",
+        dict_args["remote_config_branch"],
     )
     risk_exclusions = devops_platform_gateway.get_remote_config(
-        dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
+        dict_args["remote_config_repo"],
+        "engine_risk/Exclusions.json",
+        dict_args["remote_config_branch"],
     )
     pipeline_name = devops_platform_gateway.get_variable("pipeline_name")
@@ -49,7 +53,7 @@ def init_engine_risk(
     unique_findings = handle_filters.filter_duplicated(active_findings)
-    filtered_findings = handle_filters.filter_tags_days(
+    filtered_findings, len_tag_filtered = handle_filters.filter_tags_days(
         devops_platform_gateway, remote_config, unique_findings
     )
@@ -62,8 +66,11 @@ def init_engine_risk(
         remote_config,
         risk_exclusions,
         services,
+        active_findings,
     )
-    exclusions = get_exclusions.process()
+    exclusions, len_new_vuln = get_exclusions.process()
+    policy_excluded = len_tag_filtered + len_new_vuln
     threshold = CheckThreshold(
         pipeline_name, remote_config["THRESHOLD"], risk_exclusions
@@ -78,6 +85,7 @@ def init_engine_risk(
         data_added,
         findings,
         threshold,
+        policy_excluded,
     )
     return break_build.process()

devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/finding.py CHANGED Viewed

@@ -77,7 +77,7 @@ class Finding(FromDictMixin):
     sast_source_line = None
     sast_source_file_path = None
     nb_occurences = None
-    publish_date = None
+    publish_date: str = ""
     planned_remediation_date = None
     planned_remediation_version = None
     effort_for_fixing = None

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.40.1'
1	+ version = '1.41.0'

{devsecops_engine_tools-1.40.1.dist-info → devsecops_engine_tools-1.41.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.40.1
+Version: 1.41.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.40.1.dist-info → devsecops_engine_tools-1.41.0.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=CzOchPN3BP6JxBIpFBs1_bjOHUmWZIroALSUWXop0r4,19
+devsecops_engine_tools/version.py,sha256=-B41LzxW9MaDd_gk-GaUDRhpW1fsMeynOvaN5fZXPV4,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -101,16 +101,16 @@ devsecops_engine_tools/engine_risk/src/domain/model/gateways/__init__.py,sha256=
 devsecops_engine_tools/engine_risk/src/domain/model/gateways/add_epss_gateway.py,sha256=cTm4QSxiaUt7ETCdXWZxKEus8pmEDA3e9k5b39SLDDE,178
 devsecops_engine_tools/engine_risk/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-q7hJfJscvrbMDcy7tONqxdxl-CSl_TWTRUGKA,402
-devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=qE9giBOR19rI7W084uE0OoPHpYGwKq0yRm4Tz6R10vw,12536
+devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=k24X9gipSiFQNp4V8guW4hCWUtCzxyKq-eo2FwGW2b8,13216
 devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py,sha256=VYdmcbAuNNvdHCegRfvza7YJ8FHbFNyDosrKJrMW93I,765
-devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=1ekBmLK36R3ddkQ40s8teAYvaldG8hnVsacXnWdkKrg,2460
-devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=JmeBtO6CMufjYSRpGQU1kPZoW3PnXwVXnl33LSIU3n8,3543
+devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=O6LoALXzQq0kB4TUuDdF1g5JUO0vtCeXF8txEkHYb6I,3850
+devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=R53fnuIQYfr7YbpMz1BGPJ1d5z9jY_Hnm7EmPt99wlE,3608
 devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py,sha256=pWaRmIwVyiB5mlmWySHIx-DUgN9vtKQc-MqyRNVlTJo,2150
 devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=tiXRqWcehAoFn-HrvteOKTYemwlfTJHCqIGYDGAk28Q,2459
+devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=3SIhdvy0_fEuN-w2_KNvwklo5mL3rCr5Zb2SV6HY77k,2630
 devsecops_engine_tools/engine_risk/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_code/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -267,7 +267,7 @@ devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/__init__.py,sh
 devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/cmdb.py,sha256=7EAzKzBJaDqP4Q57cyu_nCpl9WqcTZFjXydkYCh8h-k,320
 devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/component.py,sha256=KYyWMUQcPsraqRaw0KY9eBaZPfajfBiskgOuwTI8mnA,483
 devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/engagement.py,sha256=MXb7c526tz0zSDS8xGPC5IjTMF9g9qtzcEKLyfcY89c,1393
-devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/finding.py,sha256=0Xj7BOlC30LCdBjIkviB2QmmdSj0GlDvT1-TbnaT8nE,3201
+devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/finding.py,sha256=fOlKeGPf9gMjz6RyRVWRyEZWxwm7XFE6eEQ5bIBmTBs,3204
 devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/finding_exclusion.py,sha256=mz6RDW3Xk3VHNQcUHm9cCMAyX6Ultcb-IZy9N59qPI4,530
 devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/product.py,sha256=KL5ue6icA8HH1xKkmAJzElAat3OOYU3_lt3xuNfo7Mc,1272
 devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/product_list.py,sha256=yFo8eYOGJiJMkU5pGpW0r1o5uVaNP5iA80-5w_MyWxU,664
@@ -348,8 +348,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=XFap4yOK7ItLWsqbwDhvLd7NpDhs7i-UGJAMD6jjd7w,6687
-devsecops_engine_tools-1.40.1.dist-info/METADATA,sha256=tW-9wImZKsHAxUSScW2dAyqQAzhc7bUS65oohhY1-6Y,11750
-devsecops_engine_tools-1.40.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.40.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.40.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.40.1.dist-info/RECORD,,
+devsecops_engine_tools-1.41.0.dist-info/METADATA,sha256=aYG37gdm8hbtdPKsGJpfQqcjO2rOldAfqfWhANIh5ps,11750
+devsecops_engine_tools-1.41.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.41.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.41.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.41.0.dist-info/RECORD,,

{devsecops_engine_tools-1.40.1.dist-info → devsecops_engine_tools-1.41.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.40.1.dist-info → devsecops_engine_tools-1.41.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.40.1.dist-info → devsecops_engine_tools-1.41.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.40.1__py3-none-any.whl → 1.41.0__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.40.1py3-none-any.whl → 1.41.0py3-none-any.whl