devsecops-engine-tools 1.58.0__py3-none-any.whl → 1.60.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +26 -1
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py +6 -3
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +8 -0
- devsecops_engine_tools/engine_core/src/infrastructure/entry_points/entry_point_core.py +4 -1
- devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +2 -2
- devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +4 -2
- devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py +2 -1
- devsecops_engine_tools/engine_risk/src/applications/runner_engine_risk.py +2 -0
- devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py +4 -2
- devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py +4 -2
- devsecops_engine_tools/engine_sast/engine_code/src/applications/runner_engine_code.py +2 -1
- devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py +4 -2
- devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/entry_points/entry_point_tool.py +2 -2
- devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py +2 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/context_iac.py +13 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py +6 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py +11 -5
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py +6 -5
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +32 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +5 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py +4 -0
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py +2 -2
- devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py +2 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py +3 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py +3 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py +4 -4
- devsecops_engine_tools/engine_sca/engine_container/src/applications/runner_container_scan.py +2 -1
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/context_container.py +23 -0
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py +4 -0
- devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py +6 -0
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py +4 -0
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py +49 -2
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py +5 -3
- devsecops_engine_tools/engine_sca/engine_dependencies/src/applications/runner_dependencies_scan.py +2 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py +3 -2
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.58.0.dist-info → devsecops_engine_tools-1.60.0.dist-info}/METADATA +7 -7
- {devsecops_engine_tools-1.58.0.dist-info → devsecops_engine_tools-1.60.0.dist-info}/RECORD +41 -39
- {devsecops_engine_tools-1.58.0.dist-info → devsecops_engine_tools-1.60.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.58.0.dist-info → devsecops_engine_tools-1.60.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.58.0.dist-info → devsecops_engine_tools-1.60.0.dist-info}/top_level.txt +0 -0
|
@@ -65,6 +65,14 @@ def get_inputs_from_cli(args):
|
|
|
65
65
|
required=True,
|
|
66
66
|
help="Platform where is executed",
|
|
67
67
|
)
|
|
68
|
+
parser.add_argument(
|
|
69
|
+
"-rcs",
|
|
70
|
+
"--remote_config_source",
|
|
71
|
+
choices=["azure", "github", "local"],
|
|
72
|
+
type=str,
|
|
73
|
+
required=True,
|
|
74
|
+
help="Source of the remote config repo",
|
|
75
|
+
)
|
|
68
76
|
parser.add_argument(
|
|
69
77
|
"-rcf",
|
|
70
78
|
"--remote_config_repo",
|
|
@@ -203,6 +211,15 @@ def get_inputs_from_cli(args):
|
|
|
203
211
|
help="File path containing the configuration, structured according to the documentation, \
|
|
204
212
|
for the API or web application to be scanned by the DAST tool."
|
|
205
213
|
)
|
|
214
|
+
parser.add_argument(
|
|
215
|
+
"-c",
|
|
216
|
+
"--context",
|
|
217
|
+
choices=["true", "false"],
|
|
218
|
+
type=str,
|
|
219
|
+
required=False,
|
|
220
|
+
default="false",
|
|
221
|
+
help="Enable or disable context creation. Applies only to engine_iac and engine_container. Default is false."
|
|
222
|
+
)
|
|
206
223
|
|
|
207
224
|
TOOLS = {
|
|
208
225
|
"engine_iac": ["checkov", "kics", "kubescape"],
|
|
@@ -227,6 +244,7 @@ def get_inputs_from_cli(args):
|
|
|
227
244
|
"platform_devops": args.platform_devops,
|
|
228
245
|
"remote_config_repo": args.remote_config_repo,
|
|
229
246
|
"remote_config_branch": args.remote_config_branch,
|
|
247
|
+
"remote_config_source": args.remote_config_source,
|
|
230
248
|
"tool": args.tool,
|
|
231
249
|
"module": args.module,
|
|
232
250
|
"folder_path": args.folder_path,
|
|
@@ -242,7 +260,8 @@ def get_inputs_from_cli(args):
|
|
|
242
260
|
"token_external_checks": args.token_external_checks,
|
|
243
261
|
"xray_mode": args.xray_mode,
|
|
244
262
|
"image_to_scan": args.image_to_scan,
|
|
245
|
-
"dast_file_path": args.dast_file_path
|
|
263
|
+
"dast_file_path": args.dast_file_path,
|
|
264
|
+
"context": args.context
|
|
246
265
|
}
|
|
247
266
|
|
|
248
267
|
|
|
@@ -259,6 +278,11 @@ def application_core():
|
|
|
259
278
|
"github": GithubActions(),
|
|
260
279
|
"local": RuntimeLocal(),
|
|
261
280
|
}.get(args["platform_devops"])
|
|
281
|
+
remote_config_source_gateway = {
|
|
282
|
+
"azure": AzureDevops(),
|
|
283
|
+
"github": GithubActions(),
|
|
284
|
+
"local": RuntimeLocal(),
|
|
285
|
+
}.get(args["remote_config_source"])
|
|
262
286
|
metrics_manager_gateway = S3Manager()
|
|
263
287
|
printer_table_gateway = PrinterPrettyTable()
|
|
264
288
|
sbom_tool_gateway = Syft()
|
|
@@ -267,6 +291,7 @@ def application_core():
|
|
|
267
291
|
vulnerability_management_gateway,
|
|
268
292
|
secrets_manager_gateway,
|
|
269
293
|
devops_platform_gateway,
|
|
294
|
+
remote_config_source_gateway,
|
|
270
295
|
printer_table_gateway,
|
|
271
296
|
metrics_manager_gateway,
|
|
272
297
|
sbom_tool_gateway,
|
|
@@ -31,11 +31,13 @@ class HandleRisk:
|
|
|
31
31
|
vulnerability_management: VulnerabilityManagementGateway,
|
|
32
32
|
secrets_manager_gateway: SecretsManagerGateway,
|
|
33
33
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
34
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
34
35
|
print_table_gateway: PrinterTableGateway,
|
|
35
36
|
):
|
|
36
37
|
self.vulnerability_management = vulnerability_management
|
|
37
38
|
self.secrets_manager_gateway = secrets_manager_gateway
|
|
38
39
|
self.devops_platform_gateway = devops_platform_gateway
|
|
40
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
39
41
|
self.print_table_gateway = print_table_gateway
|
|
40
42
|
|
|
41
43
|
def _get_all_from_vm(self, dict_args, secret_tool, remote_config, service):
|
|
@@ -85,7 +87,7 @@ class HandleRisk:
|
|
|
85
87
|
return filtered_engagements
|
|
86
88
|
|
|
87
89
|
def _exclude_services(self, dict_args, pipeline_name, service_list):
|
|
88
|
-
risk_exclusions = self.
|
|
90
|
+
risk_exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
89
91
|
dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
|
|
90
92
|
)
|
|
91
93
|
if (
|
|
@@ -128,10 +130,10 @@ class HandleRisk:
|
|
|
128
130
|
)
|
|
129
131
|
|
|
130
132
|
def process(self, dict_args: any, remote_config: any):
|
|
131
|
-
risk_config = self.
|
|
133
|
+
risk_config = self.remote_config_source_gateway.get_remote_config(
|
|
132
134
|
dict_args["remote_config_repo"], "engine_risk/ConfigTool.json", dict_args["remote_config_branch"]
|
|
133
135
|
)
|
|
134
|
-
risk_exclusions = self.
|
|
136
|
+
risk_exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
135
137
|
dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
|
|
136
138
|
)
|
|
137
139
|
pipeline_name = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
@@ -227,6 +229,7 @@ class HandleRisk:
|
|
|
227
229
|
exclusions,
|
|
228
230
|
[service.name for service in new_service_list],
|
|
229
231
|
self.devops_platform_gateway,
|
|
232
|
+
self.remote_config_source_gateway,
|
|
230
233
|
self.print_table_gateway,
|
|
231
234
|
)
|
|
232
235
|
|
|
@@ -53,11 +53,13 @@ class HandleScan:
|
|
|
53
53
|
vulnerability_management: VulnerabilityManagementGateway,
|
|
54
54
|
secrets_manager_gateway: SecretsManagerGateway,
|
|
55
55
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
56
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
56
57
|
sbom_tool_gateway: SbomManagerGateway,
|
|
57
58
|
):
|
|
58
59
|
self.vulnerability_management = vulnerability_management
|
|
59
60
|
self.secrets_manager_gateway = secrets_manager_gateway
|
|
60
61
|
self.devops_platform_gateway = devops_platform_gateway
|
|
62
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
61
63
|
self.sbom_tool_gateway = sbom_tool_gateway
|
|
62
64
|
|
|
63
65
|
def process(self, dict_args: any, config_tool: any):
|
|
@@ -74,6 +76,7 @@ class HandleScan:
|
|
|
74
76
|
config_tool["ENGINE_IAC"]["TOOL"],
|
|
75
77
|
secret_tool,
|
|
76
78
|
self.devops_platform_gateway,
|
|
79
|
+
self.remote_config_source_gateway,
|
|
77
80
|
env,
|
|
78
81
|
)
|
|
79
82
|
self._use_vulnerability_management(
|
|
@@ -86,6 +89,7 @@ class HandleScan:
|
|
|
86
89
|
config_tool["ENGINE_CONTAINER"]["TOOL"],
|
|
87
90
|
secret_tool,
|
|
88
91
|
self.devops_platform_gateway,
|
|
92
|
+
self.remote_config_source_gateway
|
|
89
93
|
)
|
|
90
94
|
self._use_vulnerability_management(
|
|
91
95
|
config_tool,
|
|
@@ -102,6 +106,7 @@ class HandleScan:
|
|
|
102
106
|
config_tool["ENGINE_DAST"],
|
|
103
107
|
secret_tool,
|
|
104
108
|
self.devops_platform_gateway,
|
|
109
|
+
self.remote_config_source_gateway,
|
|
105
110
|
)
|
|
106
111
|
self._use_vulnerability_management(
|
|
107
112
|
config_tool, input_core, dict_args, secret_tool, env
|
|
@@ -112,6 +117,7 @@ class HandleScan:
|
|
|
112
117
|
dict_args,
|
|
113
118
|
config_tool["ENGINE_CODE"]["TOOL"],
|
|
114
119
|
self.devops_platform_gateway,
|
|
120
|
+
self.remote_config_source_gateway
|
|
115
121
|
)
|
|
116
122
|
self._use_vulnerability_management(
|
|
117
123
|
config_tool, input_core, dict_args, secret_tool, env
|
|
@@ -122,6 +128,7 @@ class HandleScan:
|
|
|
122
128
|
dict_args,
|
|
123
129
|
config_tool["ENGINE_SECRET"]["TOOL"],
|
|
124
130
|
self.devops_platform_gateway,
|
|
131
|
+
self.remote_config_source_gateway,
|
|
125
132
|
secret_tool,
|
|
126
133
|
)
|
|
127
134
|
self._use_vulnerability_management(
|
|
@@ -134,6 +141,7 @@ class HandleScan:
|
|
|
134
141
|
config_tool,
|
|
135
142
|
secret_tool,
|
|
136
143
|
self.devops_platform_gateway,
|
|
144
|
+
self.remote_config_source_gateway,
|
|
137
145
|
self.sbom_tool_gateway,
|
|
138
146
|
)
|
|
139
147
|
self._use_vulnerability_management(
|
|
@@ -19,12 +19,13 @@ def init_engine_core(
|
|
|
19
19
|
vulnerability_management_gateway: any,
|
|
20
20
|
secrets_manager_gateway: any,
|
|
21
21
|
devops_platform_gateway: any,
|
|
22
|
+
remote_config_source_gateway: any,
|
|
22
23
|
print_table_gateway: any,
|
|
23
24
|
metrics_manager_gateway: any,
|
|
24
25
|
sbom_tool_gateway: any,
|
|
25
26
|
args: any
|
|
26
27
|
):
|
|
27
|
-
config_tool =
|
|
28
|
+
config_tool = remote_config_source_gateway.get_remote_config(
|
|
28
29
|
args["remote_config_repo"], "/engine_core/ConfigTool.json", args["remote_config_branch"]
|
|
29
30
|
)
|
|
30
31
|
Printers.print_logo_tool(config_tool["BANNER"])
|
|
@@ -35,6 +36,7 @@ def init_engine_core(
|
|
|
35
36
|
vulnerability_management_gateway,
|
|
36
37
|
secrets_manager_gateway,
|
|
37
38
|
devops_platform_gateway,
|
|
39
|
+
remote_config_source_gateway,
|
|
38
40
|
print_table_gateway,
|
|
39
41
|
).process(args, config_tool)
|
|
40
42
|
|
|
@@ -46,6 +48,7 @@ def init_engine_core(
|
|
|
46
48
|
vulnerability_management_gateway,
|
|
47
49
|
secrets_manager_gateway,
|
|
48
50
|
devops_platform_gateway,
|
|
51
|
+
remote_config_source_gateway,
|
|
49
52
|
sbom_tool_gateway
|
|
50
53
|
).process(args, config_tool)
|
|
51
54
|
|
|
@@ -37,7 +37,7 @@ from devsecops_engine_tools.engine_utilities import settings
|
|
|
37
37
|
|
|
38
38
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
39
39
|
|
|
40
|
-
def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway):
|
|
40
|
+
def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway, remote_config_source_gateway):
|
|
41
41
|
try:
|
|
42
42
|
if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool
|
|
43
43
|
tool_run = NucleiTool()
|
|
@@ -104,7 +104,7 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gate
|
|
|
104
104
|
)
|
|
105
105
|
except Exception as e:
|
|
106
106
|
logger.error(f"Error engine_dast: {e}")
|
|
107
|
-
config_tool_dast =
|
|
107
|
+
config_tool_dast = remote_config_source_gateway.get_remote_config(
|
|
108
108
|
dict_args["remote_config_repo"], "engine_dast/ConfigTool.json", dict_args["remote_config_branch"]
|
|
109
109
|
)
|
|
110
110
|
if config_tool_dast["IGNORE_ERRORS"]:
|
|
@@ -21,11 +21,13 @@ class DastScan:
|
|
|
21
21
|
self,
|
|
22
22
|
tool_gateway: ToolGateway,
|
|
23
23
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
24
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
24
25
|
data_target,
|
|
25
26
|
aditional_tools: "List[ToolGateway]"
|
|
26
27
|
):
|
|
27
28
|
self.tool_gateway = tool_gateway
|
|
28
29
|
self.devops_platform_gateway = devops_platform_gateway
|
|
30
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
29
31
|
self.data_target = data_target
|
|
30
32
|
self.other_tools = aditional_tools
|
|
31
33
|
|
|
@@ -56,11 +58,11 @@ class DastScan:
|
|
|
56
58
|
def process(
|
|
57
59
|
self, dict_args, secret_tool, config_tool
|
|
58
60
|
) -> "Tuple[List, InputCore]":
|
|
59
|
-
init_config_tool = self.
|
|
61
|
+
init_config_tool = self.remote_config_source_gateway.get_remote_config(
|
|
60
62
|
dict_args["remote_config_repo"], "engine_dast/ConfigTool.json"
|
|
61
63
|
)
|
|
62
64
|
|
|
63
|
-
exclusions = self.
|
|
65
|
+
exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
64
66
|
dict_args["remote_config_repo"],
|
|
65
67
|
"engine_dast/Exclusions.json"
|
|
66
68
|
)
|
|
@@ -4,6 +4,7 @@ from devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan import (
|
|
|
4
4
|
|
|
5
5
|
def init_engine_dast(
|
|
6
6
|
devops_platform_gateway,
|
|
7
|
+
remote_config_source_gateway,
|
|
7
8
|
tool_gateway,
|
|
8
9
|
dict_args,
|
|
9
10
|
secret_tool,
|
|
@@ -11,5 +12,5 @@ def init_engine_dast(
|
|
|
11
12
|
extra_tools,
|
|
12
13
|
target_data
|
|
13
14
|
):
|
|
14
|
-
dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools)
|
|
15
|
+
dast_scan = DastScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway, target_data, extra_tools)
|
|
15
16
|
return dast_scan.process(dict_args, secret_tool, config_tool)
|
|
@@ -18,6 +18,7 @@ def runner_engine_risk(
|
|
|
18
18
|
vm_exclusions,
|
|
19
19
|
services,
|
|
20
20
|
devops_platform_gateway,
|
|
21
|
+
remote_config_source_gateway,
|
|
21
22
|
print_table_gateway,
|
|
22
23
|
):
|
|
23
24
|
add_epss_gateway = FirstCsv()
|
|
@@ -25,6 +26,7 @@ def runner_engine_risk(
|
|
|
25
26
|
return init_engine_risk(
|
|
26
27
|
add_epss_gateway,
|
|
27
28
|
devops_platform_gateway,
|
|
29
|
+
remote_config_source_gateway,
|
|
28
30
|
print_table_gateway,
|
|
29
31
|
dict_args,
|
|
30
32
|
findings,
|
|
@@ -8,6 +8,7 @@ class GetExclusions:
|
|
|
8
8
|
def __init__(
|
|
9
9
|
self,
|
|
10
10
|
devops_platform_gateway,
|
|
11
|
+
remote_config_source_gateway,
|
|
11
12
|
dict_args,
|
|
12
13
|
findings,
|
|
13
14
|
risk_config,
|
|
@@ -16,6 +17,7 @@ class GetExclusions:
|
|
|
16
17
|
active_findings,
|
|
17
18
|
):
|
|
18
19
|
self.devops_platform_gateway = devops_platform_gateway
|
|
20
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
19
21
|
self.dict_args = dict_args
|
|
20
22
|
self.findings = findings
|
|
21
23
|
self.risk_config = risk_config
|
|
@@ -24,7 +26,7 @@ class GetExclusions:
|
|
|
24
26
|
self.active_findings = active_findings
|
|
25
27
|
|
|
26
28
|
def process(self):
|
|
27
|
-
core_config = self.
|
|
29
|
+
core_config = self.remote_config_source_gateway.get_remote_config(
|
|
28
30
|
self.dict_args["remote_config_repo"],
|
|
29
31
|
"engine_core/ConfigTool.json",
|
|
30
32
|
self.dict_args["remote_config_branch"],
|
|
@@ -49,7 +51,7 @@ class GetExclusions:
|
|
|
49
51
|
return self._get_exclusions(self.risk_exclusions, "RISK")
|
|
50
52
|
|
|
51
53
|
def _get_exclusions_by_practice(self, core_config, practice, path):
|
|
52
|
-
exclusions_config = self.
|
|
54
|
+
exclusions_config = self.remote_config_source_gateway.get_remote_config(
|
|
53
55
|
self.dict_args["remote_config_repo"],
|
|
54
56
|
path,
|
|
55
57
|
self.dict_args["remote_config_branch"],
|
|
@@ -24,18 +24,19 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
|
24
24
|
def init_engine_risk(
|
|
25
25
|
add_epss_gateway,
|
|
26
26
|
devops_platform_gateway,
|
|
27
|
+
remote_config_source_gateway,
|
|
27
28
|
print_table_gateway,
|
|
28
29
|
dict_args,
|
|
29
30
|
findings,
|
|
30
31
|
services,
|
|
31
32
|
vm_exclusions,
|
|
32
33
|
):
|
|
33
|
-
remote_config =
|
|
34
|
+
remote_config = remote_config_source_gateway.get_remote_config(
|
|
34
35
|
dict_args["remote_config_repo"],
|
|
35
36
|
"engine_risk/ConfigTool.json",
|
|
36
37
|
dict_args["remote_config_branch"],
|
|
37
38
|
)
|
|
38
|
-
risk_exclusions =
|
|
39
|
+
risk_exclusions = remote_config_source_gateway.get_remote_config(
|
|
39
40
|
dict_args["remote_config_repo"],
|
|
40
41
|
"engine_risk/Exclusions.json",
|
|
41
42
|
dict_args["remote_config_branch"],
|
|
@@ -61,6 +62,7 @@ def init_engine_risk(
|
|
|
61
62
|
|
|
62
63
|
get_exclusions = GetExclusions(
|
|
63
64
|
devops_platform_gateway,
|
|
65
|
+
remote_config_source_gateway,
|
|
64
66
|
dict_args,
|
|
65
67
|
data_added,
|
|
66
68
|
remote_config,
|
|
@@ -8,7 +8,7 @@ from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run impo
|
|
|
8
8
|
GitRun
|
|
9
9
|
)
|
|
10
10
|
|
|
11
|
-
def runner_engine_code(dict_args, tool, devops_platform_gateway):
|
|
11
|
+
def runner_engine_code(dict_args, tool, devops_platform_gateway, remote_config_source_gateway):
|
|
12
12
|
try:
|
|
13
13
|
tool_gateway = None
|
|
14
14
|
git_gateway = GitRun()
|
|
@@ -17,6 +17,7 @@ def runner_engine_code(dict_args, tool, devops_platform_gateway):
|
|
|
17
17
|
|
|
18
18
|
return init_engine_sast_code(
|
|
19
19
|
devops_platform_gateway=devops_platform_gateway,
|
|
20
|
+
remote_config_source_gateway=remote_config_source_gateway,
|
|
20
21
|
tool_gateway=tool_gateway,
|
|
21
22
|
dict_args=dict_args,
|
|
22
23
|
git_gateway=git_gateway,
|
|
@@ -25,14 +25,16 @@ class CodeScan:
|
|
|
25
25
|
self,
|
|
26
26
|
tool_gateway: ToolGateway,
|
|
27
27
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
28
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
28
29
|
git_gateway: GitGateway,
|
|
29
30
|
):
|
|
30
31
|
self.tool_gateway = tool_gateway
|
|
31
32
|
self.devops_platform_gateway = devops_platform_gateway
|
|
33
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
32
34
|
self.git_gateway = git_gateway
|
|
33
35
|
|
|
34
36
|
def set_config_tool(self, dict_args):
|
|
35
|
-
init_config_tool = self.
|
|
37
|
+
init_config_tool = self.remote_config_source_gateway.get_remote_config(
|
|
36
38
|
dict_args["remote_config_repo"], "engine_sast/engine_code/ConfigTool.json", dict_args["remote_config_branch"]
|
|
37
39
|
)
|
|
38
40
|
scope_pipeline = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
@@ -88,7 +90,7 @@ class CodeScan:
|
|
|
88
90
|
|
|
89
91
|
def process(self, dict_args, tool):
|
|
90
92
|
config_tool = self.set_config_tool(dict_args)
|
|
91
|
-
exclusions_data = self.
|
|
93
|
+
exclusions_data = self.remote_config_source_gateway.get_remote_config(
|
|
92
94
|
dict_args["remote_config_repo"], "engine_sast/engine_code/Exclusions.json"
|
|
93
95
|
)
|
|
94
96
|
list_exclusions, skip_tool = self.get_exclusions(tool, exclusions_data)
|
devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/entry_points/entry_point_tool.py
CHANGED
|
@@ -2,5 +2,5 @@ from devsecops_engine_tools.engine_sast.engine_code.src.domain.usecases.code_sca
|
|
|
2
2
|
CodeScan,
|
|
3
3
|
)
|
|
4
4
|
|
|
5
|
-
def init_engine_sast_code(devops_platform_gateway, tool_gateway, dict_args, git_gateway, tool):
|
|
6
|
-
return CodeScan(tool_gateway, devops_platform_gateway, git_gateway).process(dict_args, tool)
|
|
5
|
+
def init_engine_sast_code(devops_platform_gateway, remote_config_source_gateway, tool_gateway, dict_args, git_gateway, tool):
|
|
6
|
+
return CodeScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway, git_gateway).process(dict_args, tool)
|
|
@@ -12,7 +12,7 @@ from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_ada
|
|
|
12
12
|
)
|
|
13
13
|
|
|
14
14
|
|
|
15
|
-
def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env):
|
|
15
|
+
def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, remote_config_source_gateway, env):
|
|
16
16
|
try:
|
|
17
17
|
# Define driven adapters for gateways
|
|
18
18
|
tool_gateway = None
|
|
@@ -28,6 +28,7 @@ def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env
|
|
|
28
28
|
|
|
29
29
|
return init_engine_sast_rm(
|
|
30
30
|
devops_platform_gateway=devops_platform_gateway,
|
|
31
|
+
remote_config_source_gateway=remote_config_source_gateway,
|
|
31
32
|
tool_gateway=tool_gateway,
|
|
32
33
|
dict_args=dict_args,
|
|
33
34
|
secret_tool=secret_tool,
|
|
@@ -20,17 +20,18 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
|
20
20
|
|
|
21
21
|
class IacScan:
|
|
22
22
|
def __init__(
|
|
23
|
-
self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway
|
|
23
|
+
self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway, remote_config_source_gateway: DevopsPlatformGateway
|
|
24
24
|
):
|
|
25
25
|
self.tool_gateway = tool_gateway
|
|
26
26
|
self.devops_platform_gateway = devops_platform_gateway
|
|
27
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
27
28
|
|
|
28
29
|
def process(self, dict_args, secret_tool, tool, env):
|
|
29
|
-
config_tool_iac = self.
|
|
30
|
+
config_tool_iac = self.remote_config_source_gateway.get_remote_config(
|
|
30
31
|
dict_args["remote_config_repo"], "engine_sast/engine_iac/ConfigTool.json", dict_args["remote_config_branch"]
|
|
31
32
|
)
|
|
32
33
|
|
|
33
|
-
exclusions = self.
|
|
34
|
+
exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
34
35
|
dict_args["remote_config_repo"], "engine_sast/engine_iac/Exclusions.json", dict_args["remote_config_branch"]
|
|
35
36
|
)
|
|
36
37
|
|
|
@@ -48,13 +49,18 @@ class IacScan:
|
|
|
48
49
|
secret_tool=secret_tool,
|
|
49
50
|
secret_external_checks=dict_args["token_external_checks"],
|
|
50
51
|
work_folder=self.devops_platform_gateway.get_variable("temp_directory"),
|
|
51
|
-
dict_args=dict_args
|
|
52
|
+
dict_args=dict_args,
|
|
52
53
|
)
|
|
53
54
|
else:
|
|
54
55
|
print("Tool skipped by DevSecOps policy")
|
|
55
56
|
dict_args["send_metrics"] = "false"
|
|
56
57
|
dict_args["use_vulnerability_management"] = "false"
|
|
57
|
-
|
|
58
|
+
|
|
59
|
+
if dict_args.get("context") == "true":
|
|
60
|
+
self.tool_gateway.get_iac_context_from_results(
|
|
61
|
+
path_file_results
|
|
62
|
+
)
|
|
63
|
+
|
|
58
64
|
totalized_exclusions = []
|
|
59
65
|
(
|
|
60
66
|
totalized_exclusions.extend(
|
|
@@ -5,7 +5,6 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import (
|
|
|
5
5
|
from datetime import datetime
|
|
6
6
|
from dataclasses import dataclass
|
|
7
7
|
|
|
8
|
-
|
|
9
8
|
@dataclass
|
|
10
9
|
class CheckovDeserealizator:
|
|
11
10
|
@classmethod
|
|
@@ -17,7 +16,7 @@ class CheckovDeserealizator:
|
|
|
17
16
|
for result in results_scan_list:
|
|
18
17
|
if "failed_checks" in str(result):
|
|
19
18
|
for scan in result["results"]["failed_checks"]:
|
|
20
|
-
check_id = scan.get("check_id")
|
|
19
|
+
check_id = scan.get("check_id")
|
|
21
20
|
if not rules.get(check_id):
|
|
22
21
|
description = scan.get("check_name")
|
|
23
22
|
severity = default_severity.lower()
|
|
@@ -40,6 +39,8 @@ class CheckovDeserealizator:
|
|
|
40
39
|
requirements=scan.get("guideline"),
|
|
41
40
|
tool="Checkov"
|
|
42
41
|
)
|
|
43
|
-
list_open_findings.append(finding_open)
|
|
44
|
-
|
|
45
|
-
return list_open_findings
|
|
42
|
+
list_open_findings.append(finding_open)
|
|
43
|
+
|
|
44
|
+
return list_open_findings
|
|
45
|
+
|
|
46
|
+
|
|
@@ -9,6 +9,7 @@ import threading
|
|
|
9
9
|
import json
|
|
10
10
|
import shutil
|
|
11
11
|
import platform
|
|
12
|
+
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.context_iac import ContextIac
|
|
12
13
|
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
|
|
13
14
|
ToolGateway,
|
|
14
15
|
)
|
|
@@ -273,6 +274,37 @@ class CheckovTool(ToolGateway):
|
|
|
273
274
|
else:
|
|
274
275
|
return [], None
|
|
275
276
|
|
|
277
|
+
def get_iac_context_from_results(
|
|
278
|
+
self, path_file_results: str
|
|
279
|
+
):
|
|
280
|
+
with open(path_file_results, "r") as file:
|
|
281
|
+
context_results_scan_list = json.load(file)
|
|
282
|
+
context_iac_list = []
|
|
283
|
+
failed_checks = context_results_scan_list.get("results", {}).get("failed_checks", [])
|
|
284
|
+
for check in failed_checks:
|
|
285
|
+
file_line_range = check.get("file_line_range", ["unknown", "unknown"])
|
|
286
|
+
start_line = file_line_range[0] if len(file_line_range) > 0 else "unknown"
|
|
287
|
+
end_line = file_line_range[1] if len(file_line_range) > 1 else "unknown"
|
|
288
|
+
line_range_str = f"{start_line}-{end_line}" if start_line != end_line else str(start_line)
|
|
289
|
+
|
|
290
|
+
context_iac = ContextIac(
|
|
291
|
+
id=check.get("check_id", "unknown"),
|
|
292
|
+
check_name=check.get("check_name", "unknown"),
|
|
293
|
+
check_class=check.get("check_class", "unknown"),
|
|
294
|
+
severity=check.get("severity").lower(),
|
|
295
|
+
where=f"{check.get('repo_file_path', 'unknown')}: {check.get('resource', 'unknown')} (line {line_range_str})",
|
|
296
|
+
resource=check.get("resource", "unknown"),
|
|
297
|
+
description=check.get("check_name", "unknown"),
|
|
298
|
+
module="engine_iac",
|
|
299
|
+
tool="Checkov"
|
|
300
|
+
)
|
|
301
|
+
|
|
302
|
+
context_iac_list.append(context_iac)
|
|
303
|
+
|
|
304
|
+
print("===== BEGIN CONTEXT OUTPUT =====")
|
|
305
|
+
print(json.dumps({"iac_context": [obj.__dict__ for obj in context_iac_list]}, indent=4))
|
|
306
|
+
print("===== END CONTEXT OUTPUT =====")
|
|
307
|
+
|
|
276
308
|
|
|
277
309
|
def install_binary(self,config_tool):
|
|
278
310
|
os_platform = platform.system()
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py
CHANGED
|
@@ -165,4 +165,8 @@ class KicsTool(ToolGateway):
|
|
|
165
165
|
finding_list = kics_deserealizator.get_list_finding(filtered_results)
|
|
166
166
|
|
|
167
167
|
return finding_list, path_file
|
|
168
|
-
return [], None
|
|
168
|
+
return [], None
|
|
169
|
+
|
|
170
|
+
def get_iac_context_from_results(self, path_file_results):
|
|
171
|
+
#TODO: Implement this method
|
|
172
|
+
pass
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py
CHANGED
|
@@ -2,5 +2,5 @@ from devsecops_engine_tools.engine_sast.engine_iac.src.domain.usecases.iac_scan
|
|
|
2
2
|
IacScan,
|
|
3
3
|
)
|
|
4
4
|
|
|
5
|
-
def init_engine_sast_rm(devops_platform_gateway, tool_gateway, dict_args, secret_tool, tool, env):
|
|
6
|
-
return IacScan(tool_gateway, devops_platform_gateway).process(dict_args, secret_tool, tool, env)
|
|
5
|
+
def init_engine_sast_rm(devops_platform_gateway, remote_config_source_gateway, tool_gateway, dict_args, secret_tool, tool, env):
|
|
6
|
+
return IacScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway).process(dict_args, secret_tool, tool, env)
|
|
@@ -17,7 +17,7 @@ from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run impo
|
|
|
17
17
|
GitRun
|
|
18
18
|
)
|
|
19
19
|
|
|
20
|
-
def runner_secret_scan(dict_args, tool, devops_platform_gateway, secret_tool):
|
|
20
|
+
def runner_secret_scan(dict_args, tool, devops_platform_gateway, remote_config_source_gateway, secret_tool):
|
|
21
21
|
try:
|
|
22
22
|
tool_deserealizator = None
|
|
23
23
|
tool_gateway = None
|
|
@@ -31,6 +31,7 @@ def runner_secret_scan(dict_args, tool, devops_platform_gateway, secret_tool):
|
|
|
31
31
|
|
|
32
32
|
return engine_secret_scan(
|
|
33
33
|
devops_platform_gateway = devops_platform_gateway,
|
|
34
|
+
remote_config_source_gateway=remote_config_source_gateway,
|
|
34
35
|
tool_gateway = tool_gateway,
|
|
35
36
|
dict_args = dict_args,
|
|
36
37
|
tool=tool,
|
|
@@ -18,11 +18,13 @@ class SecretScan:
|
|
|
18
18
|
self,
|
|
19
19
|
tool_gateway: ToolGateway,
|
|
20
20
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
21
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
21
22
|
tool_deserialize: DeseralizatorGateway,
|
|
22
23
|
git_gateway: GitGateway
|
|
23
24
|
):
|
|
24
25
|
self.tool_gateway = tool_gateway
|
|
25
26
|
self.devops_platform_gateway = devops_platform_gateway
|
|
27
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
26
28
|
self.tool_deserialize = tool_deserialize
|
|
27
29
|
self.git_gateway = git_gateway
|
|
28
30
|
|
|
@@ -69,7 +71,7 @@ class SecretScan:
|
|
|
69
71
|
|
|
70
72
|
def complete_config_tool(self, dict_args, tool):
|
|
71
73
|
tool = str(tool).lower()
|
|
72
|
-
init_config_tool = self.
|
|
74
|
+
init_config_tool = self.remote_config_source_gateway.get_remote_config(
|
|
73
75
|
dict_args["remote_config_repo"], "engine_sast/engine_secret/ConfigTool.json", dict_args["remote_config_branch"]
|
|
74
76
|
)
|
|
75
77
|
init_config_tool['SCOPE_PIPELINE'] = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
@@ -10,11 +10,13 @@ class SetInputCore:
|
|
|
10
10
|
def __init__(
|
|
11
11
|
self,
|
|
12
12
|
tool_remote: DevopsPlatformGateway,
|
|
13
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
13
14
|
dict_args,
|
|
14
15
|
tool,
|
|
15
16
|
config_tool,
|
|
16
17
|
):
|
|
17
18
|
self.tool_remote = tool_remote
|
|
19
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
18
20
|
self.dict_args = dict_args
|
|
19
21
|
self.tool = tool
|
|
20
22
|
self.config_tool = config_tool
|
|
@@ -26,7 +28,7 @@ class SetInputCore:
|
|
|
26
28
|
Returns:
|
|
27
29
|
dict: Remote configuration.
|
|
28
30
|
"""
|
|
29
|
-
return self.
|
|
31
|
+
return self.remote_config_source_gateway.get_remote_config(
|
|
30
32
|
self.dict_args["remote_config_repo"], file_path, self.dict_args["remote_config_branch"]
|
|
31
33
|
)
|
|
32
34
|
|