devsecops-engine-tools 1.47.2__py3-none-any.whl → 1.48.0__py3-none-any.whl

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py

@@ -1,4 +1,6 @@
 import yaml
+import requests
+import zipfile
 import subprocess
 import time
 import os
@@ -66,14 +68,14 @@ class CheckovTool(ToolGateway):
 
         installed = shutil.which(package)
         if installed:
-            return True
+            return "checkov"
 
         python_command = "python3" if platform.system() != "Windows" else "python"
 
         python_path = shutil.which(python_command)
         if python_path is None:
             logger.error("Python3 not found on the system.")
-            return False
+            return None
 
         def retry(attempt):
             if attempt < MAX_RETRIES:
@@ -98,17 +100,17 @@ class CheckovTool(ToolGateway):
                 result = subprocess.run(install_cmd, capture_output=True)
                 if result.returncode == 0:
                     logger.debug(INSTALL_SUCCESS_MSG)
-                    return True
+                    return "checkov"
             except Exception as e:
                 logger.error(f"Error during installation: {e}")
 
             retry(attempt)
 
-        return False
+        return None
 
-    def execute(self, checkov_config: CheckovConfig):
+    def execute(self, checkov_config: CheckovConfig, command_prefix):
         command = (
-            "checkov --config-file "
+            f"{command_prefix} --config-file "
             + checkov_config.path_config_file
             + checkov_config.config_file_name
             + self.CHECKOV_CONFIG_FILE
@@ -123,9 +125,9 @@ class CheckovTool(ToolGateway):
         error = result.stderr.strip()
         return output
 
-    def async_scan(self, queue, checkov_config: CheckovConfig):
+    def async_scan(self, queue, checkov_config: CheckovConfig, command_prefix):
         result = []
-        output = self.execute(checkov_config)
+        output = self.execute(checkov_config, command_prefix)
         result.append(json.loads(output))
         queue.put(result)
 
@@ -136,6 +138,7 @@ class CheckovTool(ToolGateway):
         agent_env,
         environment,
         platform_to_scan,
+        command_prefix
     ):
         output_queue = queue.Queue()
         # Crea una lista para almacenar los hilos
@@ -186,7 +189,7 @@ class CheckovTool(ToolGateway):
                     rules_run.update(config_tool[self.TOOL_CHECKOV]["RULES"][rule])
                     t = threading.Thread(
                         target=self.async_scan,
-                        args=(output_queue, checkov_config),
+                        args=(output_queue, checkov_config, command_prefix),
                     )
                     t.start()
                     threads.append(t)
@@ -212,13 +215,21 @@ class CheckovTool(ToolGateway):
         util = Utils()
         agent_env = util.configurate_external_checks(self.TOOL_CHECKOV,config_tool, secret_tool,secret_external_checks)
 
-        checkov_install = self.retryable_install_package(
-            "checkov", config_tool[self.TOOL_CHECKOV]["VERSION"]
-        )
 
-        if checkov_install:
+        install_type = config_tool[self.TOOL_CHECKOV].get("INSTALL_TYPE", "")
+
+        command_prefix = None
+
+        if install_type.casefold() == "remote-binary".casefold():
+            command_prefix = self.install_binary(config_tool[self.TOOL_CHECKOV])
+        else:
+            command_prefix = self.retryable_install_package(
+                "checkov", config_tool[self.TOOL_CHECKOV]["VERSION"]
+            )
+        
+        if command_prefix is not None:
             result_scans, rules_run = self.scan_folders(
-                folders_to_scan, config_tool, agent_env, environment, platform_to_scan
+                folders_to_scan, config_tool, agent_env, environment, platform_to_scan, command_prefix
             )
 
             checkov_deserealizator = CheckovDeserealizator()
@@ -240,4 +251,78 @@ class CheckovTool(ToolGateway):
                 ),
             )
         else:
-            return [], None
+            return [], None
+        
+
+    def install_binary(self,config_tool):
+        os_platform = platform.system()
+        if os_platform == "Linux":
+            architecture = platform.machine()
+            if architecture == "aarch64":
+                url = config_tool["URL_FILE_LINUX_ARM64"]
+            else:
+                url = config_tool["URL_FILE_LINUX"]
+            file = os.path.basename(url)
+            self.install_tool_unix(file, url)
+            return "./checkov"
+        elif os_platform == "Darwin":
+            url = config_tool["URL_FILE_DARWIN"]
+            file = os.path.basename(url)
+            self.install_tool_unix(file, url)
+            return "./checkov"
+        elif os_platform == "Windows":
+            url = config_tool["URL_FILE_WINDOWS"]
+            file = os.path.basename(url)
+            self.install_tool_windows(file, url)
+            return "checkov.exe"
+        else:
+            logger.warning(f"{os_platform} is not supported.")
+            return None
+    
+        
+    def download_tool(self, file, url):
+        try:
+            response = requests.get(url, allow_redirects=True)
+            with open(file, "wb") as compress_file:
+                compress_file.write(response.content)
+        except Exception as e:
+            logger.error(f"Error downloading Checkov: {e}")
+
+    def install_tool_unix(self, file, url):
+        installed = subprocess.run(
+            ["which", "./checkov"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+        )
+        if installed.returncode == 1:
+            command = ["chmod", "+x", "./checkov"]
+            try:
+                self.download_tool(file, url)
+                with zipfile.ZipFile(file, 'r') as zip_file:
+                    zip_file.extract(member="dist/checkov")
+                source = os.path.join("dist", "checkov")
+                destination = "checkov"
+                shutil.move(source, destination)
+                subprocess.run(
+                    command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
+                )
+            except Exception as e:
+                logger.error(f"Error installing Checkov: {e}")
+        
+    def install_tool_windows(self, file, url):
+        try:
+            subprocess.run(
+                ["checkov.exe", "--version"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+        except:
+            try:
+                self.download_tool(file, url)
+                with zipfile.ZipFile(file, 'r') as zip_file:
+                    zip_file.extract(member="dist/checkov.exe")
+                source = os.path.join("dist", "checkov.exe")
+                destination = "checkov.exe"
+                shutil.move(source, destination)
+            except Exception as e:
+                logger.error(f"Error installing Checkov: {e}")

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py

@@ -5,6 +5,7 @@ import subprocess
 import logging
 import base64
 import json
+import platform
 from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.tool_gateway import (
     ToolGateway,
 )
@@ -25,7 +26,25 @@ class PrismaCloudManagerScan(ToolGateway):
         prisma_console_url,
         prisma_api_version,
     ):
-        url = f"{prisma_console_url}/api/{prisma_api_version}/util/twistcli"
+        
+        machine = platform.machine()
+        system = platform.system()
+
+        base_url = f"{prisma_console_url}/api/{prisma_api_version}/util"
+
+        os_mapping = {
+            "Linux": "twistcli",
+            "Windows": "windows/twistcli.exe",
+            "Darwin": "osx/twistcli",
+        }
+
+        url = f"{base_url}/{os_mapping[system]}"
+
+        if system == "Linux" and machine == "aarch64":
+            url = f"{base_url}/arm64/twistcli"
+        elif system == "Darwin" and machine == "aarch64":
+            url = f"{base_url}/osx/arm64/twistcli"
+
         credentials = base64.b64encode(
             prisma_key.encode()
         ).decode()

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.47.2'
+version = '1.48.0'

{devsecops_engine_tools-1.47.2.dist-info → devsecops_engine_tools-1.48.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.47.2
+Version: 1.48.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.47.2.dist-info → devsecops_engine_tools-1.48.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=7262FgNYL3hM24PK_3vk6b3t3uxDq-cTYSl2H0FUxXA,19
+devsecops_engine_tools/version.py,sha256=2skE_lDWEKresFwtHjzfsSlo7-NtpqA6kCzf9NQTLRc,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -152,7 +152,7 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=qbE6wUO5_WFXF_QolL0JYelaRGEOUakPEZR_6HAKzzI,4355
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=l_opY909gh1m3k2ud2xDrCVnDTBe3ApYT75juBf_uMk,1836
-devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=MzyAJlZcZxAU77TqFiOHqYKSFUy21XjArT5Pd6dj-VM,8684
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=bMcPri5oZkQdzjz2cIWIb-JA3xpdsFwD7LPBp_IDUnQ,11991
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=b1X5GWz2snJtsKZcGEsILNc178hv9p-lg-el0Jc-_Eo,2084
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=8lda0A7huVSWgq2zMAN92vQv4ug0HiQMATGdXV5lgyA,5202
@@ -209,7 +209,7 @@ devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_ada
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=0yWqo6AoHFKKGg8rbFOx-BWDra448HEOaWSP5G0B1dg,4991
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=tf33YFYB47th4Zu0WtWpsrAm5I6_xCON4yOwFacTQLA,6758
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=Qjp5oswbH8y7yVoJ1g6CZjbUybS5XNf0LSOB1pUzSnE,7286
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=oK0NKuPODm38qDgQjf6w40lfNG6NFJS43p5k44wDoMA,2562
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py,sha256=LGqnO10Zt-0-TxUW6F1S46jVktlIwxWSYATKSVblCWI,2535
@@ -347,8 +347,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.47.2.dist-info/METADATA,sha256=RhOqdkwgNyoQjMYKxGsvVjImEjKL5v2eMkk6TiWvQcE,11779
-devsecops_engine_tools-1.47.2.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.47.2.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.47.2.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.47.2.dist-info/RECORD,,
+devsecops_engine_tools-1.48.0.dist-info/METADATA,sha256=eu8IUIZGJhYXTQMDUwtbb7wbMbvDcakLEG8wnGSVfsE,11779
+devsecops_engine_tools-1.48.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.48.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.48.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.48.0.dist-info/RECORD,,