devsecops-engine-tools 1.59.0__py3-none-any.whl → 1.60.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +15 -0
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_risk.py +6 -3
- devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +8 -0
- devsecops_engine_tools/engine_core/src/infrastructure/entry_points/entry_point_core.py +4 -1
- devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +2 -2
- devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +4 -2
- devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py +2 -1
- devsecops_engine_tools/engine_risk/src/applications/runner_engine_risk.py +2 -0
- devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py +4 -2
- devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py +4 -2
- devsecops_engine_tools/engine_sast/engine_code/src/applications/runner_engine_code.py +2 -1
- devsecops_engine_tools/engine_sast/engine_code/src/domain/usecases/code_scan.py +4 -2
- devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/entry_points/entry_point_tool.py +2 -2
- devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py +2 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/context_iac.py +2 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py +4 -5
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py +18 -15
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py +11 -8
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +230 -206
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +123 -85
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py +80 -65
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py +2 -2
- devsecops_engine_tools/engine_sast/engine_secret/src/applications/runner_secret_scan.py +2 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py +3 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py +3 -1
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py +4 -4
- devsecops_engine_tools/engine_sca/engine_container/src/applications/runner_container_scan.py +2 -1
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/context_container.py +2 -1
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py +7 -2
- devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py +53 -52
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py +3 -3
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py +50 -31
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py +12 -7
- devsecops_engine_tools/engine_sca/engine_dependencies/src/applications/runner_dependencies_scan.py +2 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py +3 -2
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.59.0.dist-info → devsecops_engine_tools-1.60.1.dist-info}/METADATA +7 -7
- {devsecops_engine_tools-1.59.0.dist-info → devsecops_engine_tools-1.60.1.dist-info}/RECORD +41 -41
- {devsecops_engine_tools-1.59.0.dist-info → devsecops_engine_tools-1.60.1.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.59.0.dist-info → devsecops_engine_tools-1.60.1.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.59.0.dist-info → devsecops_engine_tools-1.60.1.dist-info}/top_level.txt +0 -0
|
@@ -65,6 +65,14 @@ def get_inputs_from_cli(args):
|
|
|
65
65
|
required=True,
|
|
66
66
|
help="Platform where is executed",
|
|
67
67
|
)
|
|
68
|
+
parser.add_argument(
|
|
69
|
+
"-rcs",
|
|
70
|
+
"--remote_config_source",
|
|
71
|
+
choices=["azure", "github", "local"],
|
|
72
|
+
type=str,
|
|
73
|
+
required=True,
|
|
74
|
+
help="Source of the remote config repo",
|
|
75
|
+
)
|
|
68
76
|
parser.add_argument(
|
|
69
77
|
"-rcf",
|
|
70
78
|
"--remote_config_repo",
|
|
@@ -236,6 +244,7 @@ def get_inputs_from_cli(args):
|
|
|
236
244
|
"platform_devops": args.platform_devops,
|
|
237
245
|
"remote_config_repo": args.remote_config_repo,
|
|
238
246
|
"remote_config_branch": args.remote_config_branch,
|
|
247
|
+
"remote_config_source": args.remote_config_source,
|
|
239
248
|
"tool": args.tool,
|
|
240
249
|
"module": args.module,
|
|
241
250
|
"folder_path": args.folder_path,
|
|
@@ -269,6 +278,11 @@ def application_core():
|
|
|
269
278
|
"github": GithubActions(),
|
|
270
279
|
"local": RuntimeLocal(),
|
|
271
280
|
}.get(args["platform_devops"])
|
|
281
|
+
remote_config_source_gateway = {
|
|
282
|
+
"azure": AzureDevops(),
|
|
283
|
+
"github": GithubActions(),
|
|
284
|
+
"local": RuntimeLocal(),
|
|
285
|
+
}.get(args["remote_config_source"])
|
|
272
286
|
metrics_manager_gateway = S3Manager()
|
|
273
287
|
printer_table_gateway = PrinterPrettyTable()
|
|
274
288
|
sbom_tool_gateway = Syft()
|
|
@@ -277,6 +291,7 @@ def application_core():
|
|
|
277
291
|
vulnerability_management_gateway,
|
|
278
292
|
secrets_manager_gateway,
|
|
279
293
|
devops_platform_gateway,
|
|
294
|
+
remote_config_source_gateway,
|
|
280
295
|
printer_table_gateway,
|
|
281
296
|
metrics_manager_gateway,
|
|
282
297
|
sbom_tool_gateway,
|
|
@@ -31,11 +31,13 @@ class HandleRisk:
|
|
|
31
31
|
vulnerability_management: VulnerabilityManagementGateway,
|
|
32
32
|
secrets_manager_gateway: SecretsManagerGateway,
|
|
33
33
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
34
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
34
35
|
print_table_gateway: PrinterTableGateway,
|
|
35
36
|
):
|
|
36
37
|
self.vulnerability_management = vulnerability_management
|
|
37
38
|
self.secrets_manager_gateway = secrets_manager_gateway
|
|
38
39
|
self.devops_platform_gateway = devops_platform_gateway
|
|
40
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
39
41
|
self.print_table_gateway = print_table_gateway
|
|
40
42
|
|
|
41
43
|
def _get_all_from_vm(self, dict_args, secret_tool, remote_config, service):
|
|
@@ -85,7 +87,7 @@ class HandleRisk:
|
|
|
85
87
|
return filtered_engagements
|
|
86
88
|
|
|
87
89
|
def _exclude_services(self, dict_args, pipeline_name, service_list):
|
|
88
|
-
risk_exclusions = self.
|
|
90
|
+
risk_exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
89
91
|
dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
|
|
90
92
|
)
|
|
91
93
|
if (
|
|
@@ -128,10 +130,10 @@ class HandleRisk:
|
|
|
128
130
|
)
|
|
129
131
|
|
|
130
132
|
def process(self, dict_args: any, remote_config: any):
|
|
131
|
-
risk_config = self.
|
|
133
|
+
risk_config = self.remote_config_source_gateway.get_remote_config(
|
|
132
134
|
dict_args["remote_config_repo"], "engine_risk/ConfigTool.json", dict_args["remote_config_branch"]
|
|
133
135
|
)
|
|
134
|
-
risk_exclusions = self.
|
|
136
|
+
risk_exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
135
137
|
dict_args["remote_config_repo"], "engine_risk/Exclusions.json", dict_args["remote_config_branch"]
|
|
136
138
|
)
|
|
137
139
|
pipeline_name = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
@@ -227,6 +229,7 @@ class HandleRisk:
|
|
|
227
229
|
exclusions,
|
|
228
230
|
[service.name for service in new_service_list],
|
|
229
231
|
self.devops_platform_gateway,
|
|
232
|
+
self.remote_config_source_gateway,
|
|
230
233
|
self.print_table_gateway,
|
|
231
234
|
)
|
|
232
235
|
|
|
@@ -53,11 +53,13 @@ class HandleScan:
|
|
|
53
53
|
vulnerability_management: VulnerabilityManagementGateway,
|
|
54
54
|
secrets_manager_gateway: SecretsManagerGateway,
|
|
55
55
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
56
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
56
57
|
sbom_tool_gateway: SbomManagerGateway,
|
|
57
58
|
):
|
|
58
59
|
self.vulnerability_management = vulnerability_management
|
|
59
60
|
self.secrets_manager_gateway = secrets_manager_gateway
|
|
60
61
|
self.devops_platform_gateway = devops_platform_gateway
|
|
62
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
61
63
|
self.sbom_tool_gateway = sbom_tool_gateway
|
|
62
64
|
|
|
63
65
|
def process(self, dict_args: any, config_tool: any):
|
|
@@ -74,6 +76,7 @@ class HandleScan:
|
|
|
74
76
|
config_tool["ENGINE_IAC"]["TOOL"],
|
|
75
77
|
secret_tool,
|
|
76
78
|
self.devops_platform_gateway,
|
|
79
|
+
self.remote_config_source_gateway,
|
|
77
80
|
env,
|
|
78
81
|
)
|
|
79
82
|
self._use_vulnerability_management(
|
|
@@ -86,6 +89,7 @@ class HandleScan:
|
|
|
86
89
|
config_tool["ENGINE_CONTAINER"]["TOOL"],
|
|
87
90
|
secret_tool,
|
|
88
91
|
self.devops_platform_gateway,
|
|
92
|
+
self.remote_config_source_gateway
|
|
89
93
|
)
|
|
90
94
|
self._use_vulnerability_management(
|
|
91
95
|
config_tool,
|
|
@@ -102,6 +106,7 @@ class HandleScan:
|
|
|
102
106
|
config_tool["ENGINE_DAST"],
|
|
103
107
|
secret_tool,
|
|
104
108
|
self.devops_platform_gateway,
|
|
109
|
+
self.remote_config_source_gateway,
|
|
105
110
|
)
|
|
106
111
|
self._use_vulnerability_management(
|
|
107
112
|
config_tool, input_core, dict_args, secret_tool, env
|
|
@@ -112,6 +117,7 @@ class HandleScan:
|
|
|
112
117
|
dict_args,
|
|
113
118
|
config_tool["ENGINE_CODE"]["TOOL"],
|
|
114
119
|
self.devops_platform_gateway,
|
|
120
|
+
self.remote_config_source_gateway
|
|
115
121
|
)
|
|
116
122
|
self._use_vulnerability_management(
|
|
117
123
|
config_tool, input_core, dict_args, secret_tool, env
|
|
@@ -122,6 +128,7 @@ class HandleScan:
|
|
|
122
128
|
dict_args,
|
|
123
129
|
config_tool["ENGINE_SECRET"]["TOOL"],
|
|
124
130
|
self.devops_platform_gateway,
|
|
131
|
+
self.remote_config_source_gateway,
|
|
125
132
|
secret_tool,
|
|
126
133
|
)
|
|
127
134
|
self._use_vulnerability_management(
|
|
@@ -134,6 +141,7 @@ class HandleScan:
|
|
|
134
141
|
config_tool,
|
|
135
142
|
secret_tool,
|
|
136
143
|
self.devops_platform_gateway,
|
|
144
|
+
self.remote_config_source_gateway,
|
|
137
145
|
self.sbom_tool_gateway,
|
|
138
146
|
)
|
|
139
147
|
self._use_vulnerability_management(
|
|
@@ -19,12 +19,13 @@ def init_engine_core(
|
|
|
19
19
|
vulnerability_management_gateway: any,
|
|
20
20
|
secrets_manager_gateway: any,
|
|
21
21
|
devops_platform_gateway: any,
|
|
22
|
+
remote_config_source_gateway: any,
|
|
22
23
|
print_table_gateway: any,
|
|
23
24
|
metrics_manager_gateway: any,
|
|
24
25
|
sbom_tool_gateway: any,
|
|
25
26
|
args: any
|
|
26
27
|
):
|
|
27
|
-
config_tool =
|
|
28
|
+
config_tool = remote_config_source_gateway.get_remote_config(
|
|
28
29
|
args["remote_config_repo"], "/engine_core/ConfigTool.json", args["remote_config_branch"]
|
|
29
30
|
)
|
|
30
31
|
Printers.print_logo_tool(config_tool["BANNER"])
|
|
@@ -35,6 +36,7 @@ def init_engine_core(
|
|
|
35
36
|
vulnerability_management_gateway,
|
|
36
37
|
secrets_manager_gateway,
|
|
37
38
|
devops_platform_gateway,
|
|
39
|
+
remote_config_source_gateway,
|
|
38
40
|
print_table_gateway,
|
|
39
41
|
).process(args, config_tool)
|
|
40
42
|
|
|
@@ -46,6 +48,7 @@ def init_engine_core(
|
|
|
46
48
|
vulnerability_management_gateway,
|
|
47
49
|
secrets_manager_gateway,
|
|
48
50
|
devops_platform_gateway,
|
|
51
|
+
remote_config_source_gateway,
|
|
49
52
|
sbom_tool_gateway
|
|
50
53
|
).process(args, config_tool)
|
|
51
54
|
|
|
@@ -37,7 +37,7 @@ from devsecops_engine_tools.engine_utilities import settings
|
|
|
37
37
|
|
|
38
38
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
39
39
|
|
|
40
|
-
def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway):
|
|
40
|
+
def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway, remote_config_source_gateway):
|
|
41
41
|
try:
|
|
42
42
|
if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool
|
|
43
43
|
tool_run = NucleiTool()
|
|
@@ -104,7 +104,7 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gate
|
|
|
104
104
|
)
|
|
105
105
|
except Exception as e:
|
|
106
106
|
logger.error(f"Error engine_dast: {e}")
|
|
107
|
-
config_tool_dast =
|
|
107
|
+
config_tool_dast = remote_config_source_gateway.get_remote_config(
|
|
108
108
|
dict_args["remote_config_repo"], "engine_dast/ConfigTool.json", dict_args["remote_config_branch"]
|
|
109
109
|
)
|
|
110
110
|
if config_tool_dast["IGNORE_ERRORS"]:
|
|
@@ -21,11 +21,13 @@ class DastScan:
|
|
|
21
21
|
self,
|
|
22
22
|
tool_gateway: ToolGateway,
|
|
23
23
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
24
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
24
25
|
data_target,
|
|
25
26
|
aditional_tools: "List[ToolGateway]"
|
|
26
27
|
):
|
|
27
28
|
self.tool_gateway = tool_gateway
|
|
28
29
|
self.devops_platform_gateway = devops_platform_gateway
|
|
30
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
29
31
|
self.data_target = data_target
|
|
30
32
|
self.other_tools = aditional_tools
|
|
31
33
|
|
|
@@ -56,11 +58,11 @@ class DastScan:
|
|
|
56
58
|
def process(
|
|
57
59
|
self, dict_args, secret_tool, config_tool
|
|
58
60
|
) -> "Tuple[List, InputCore]":
|
|
59
|
-
init_config_tool = self.
|
|
61
|
+
init_config_tool = self.remote_config_source_gateway.get_remote_config(
|
|
60
62
|
dict_args["remote_config_repo"], "engine_dast/ConfigTool.json"
|
|
61
63
|
)
|
|
62
64
|
|
|
63
|
-
exclusions = self.
|
|
65
|
+
exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
64
66
|
dict_args["remote_config_repo"],
|
|
65
67
|
"engine_dast/Exclusions.json"
|
|
66
68
|
)
|
|
@@ -4,6 +4,7 @@ from devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan import (
|
|
|
4
4
|
|
|
5
5
|
def init_engine_dast(
|
|
6
6
|
devops_platform_gateway,
|
|
7
|
+
remote_config_source_gateway,
|
|
7
8
|
tool_gateway,
|
|
8
9
|
dict_args,
|
|
9
10
|
secret_tool,
|
|
@@ -11,5 +12,5 @@ def init_engine_dast(
|
|
|
11
12
|
extra_tools,
|
|
12
13
|
target_data
|
|
13
14
|
):
|
|
14
|
-
dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools)
|
|
15
|
+
dast_scan = DastScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway, target_data, extra_tools)
|
|
15
16
|
return dast_scan.process(dict_args, secret_tool, config_tool)
|
|
@@ -18,6 +18,7 @@ def runner_engine_risk(
|
|
|
18
18
|
vm_exclusions,
|
|
19
19
|
services,
|
|
20
20
|
devops_platform_gateway,
|
|
21
|
+
remote_config_source_gateway,
|
|
21
22
|
print_table_gateway,
|
|
22
23
|
):
|
|
23
24
|
add_epss_gateway = FirstCsv()
|
|
@@ -25,6 +26,7 @@ def runner_engine_risk(
|
|
|
25
26
|
return init_engine_risk(
|
|
26
27
|
add_epss_gateway,
|
|
27
28
|
devops_platform_gateway,
|
|
29
|
+
remote_config_source_gateway,
|
|
28
30
|
print_table_gateway,
|
|
29
31
|
dict_args,
|
|
30
32
|
findings,
|
|
@@ -8,6 +8,7 @@ class GetExclusions:
|
|
|
8
8
|
def __init__(
|
|
9
9
|
self,
|
|
10
10
|
devops_platform_gateway,
|
|
11
|
+
remote_config_source_gateway,
|
|
11
12
|
dict_args,
|
|
12
13
|
findings,
|
|
13
14
|
risk_config,
|
|
@@ -16,6 +17,7 @@ class GetExclusions:
|
|
|
16
17
|
active_findings,
|
|
17
18
|
):
|
|
18
19
|
self.devops_platform_gateway = devops_platform_gateway
|
|
20
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
19
21
|
self.dict_args = dict_args
|
|
20
22
|
self.findings = findings
|
|
21
23
|
self.risk_config = risk_config
|
|
@@ -24,7 +26,7 @@ class GetExclusions:
|
|
|
24
26
|
self.active_findings = active_findings
|
|
25
27
|
|
|
26
28
|
def process(self):
|
|
27
|
-
core_config = self.
|
|
29
|
+
core_config = self.remote_config_source_gateway.get_remote_config(
|
|
28
30
|
self.dict_args["remote_config_repo"],
|
|
29
31
|
"engine_core/ConfigTool.json",
|
|
30
32
|
self.dict_args["remote_config_branch"],
|
|
@@ -49,7 +51,7 @@ class GetExclusions:
|
|
|
49
51
|
return self._get_exclusions(self.risk_exclusions, "RISK")
|
|
50
52
|
|
|
51
53
|
def _get_exclusions_by_practice(self, core_config, practice, path):
|
|
52
|
-
exclusions_config = self.
|
|
54
|
+
exclusions_config = self.remote_config_source_gateway.get_remote_config(
|
|
53
55
|
self.dict_args["remote_config_repo"],
|
|
54
56
|
path,
|
|
55
57
|
self.dict_args["remote_config_branch"],
|
|
@@ -24,18 +24,19 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
|
24
24
|
def init_engine_risk(
|
|
25
25
|
add_epss_gateway,
|
|
26
26
|
devops_platform_gateway,
|
|
27
|
+
remote_config_source_gateway,
|
|
27
28
|
print_table_gateway,
|
|
28
29
|
dict_args,
|
|
29
30
|
findings,
|
|
30
31
|
services,
|
|
31
32
|
vm_exclusions,
|
|
32
33
|
):
|
|
33
|
-
remote_config =
|
|
34
|
+
remote_config = remote_config_source_gateway.get_remote_config(
|
|
34
35
|
dict_args["remote_config_repo"],
|
|
35
36
|
"engine_risk/ConfigTool.json",
|
|
36
37
|
dict_args["remote_config_branch"],
|
|
37
38
|
)
|
|
38
|
-
risk_exclusions =
|
|
39
|
+
risk_exclusions = remote_config_source_gateway.get_remote_config(
|
|
39
40
|
dict_args["remote_config_repo"],
|
|
40
41
|
"engine_risk/Exclusions.json",
|
|
41
42
|
dict_args["remote_config_branch"],
|
|
@@ -61,6 +62,7 @@ def init_engine_risk(
|
|
|
61
62
|
|
|
62
63
|
get_exclusions = GetExclusions(
|
|
63
64
|
devops_platform_gateway,
|
|
65
|
+
remote_config_source_gateway,
|
|
64
66
|
dict_args,
|
|
65
67
|
data_added,
|
|
66
68
|
remote_config,
|
|
@@ -8,7 +8,7 @@ from devsecops_engine_tools.engine_utilities.git_cli.infrastructure.git_run impo
|
|
|
8
8
|
GitRun
|
|
9
9
|
)
|
|
10
10
|
|
|
11
|
-
def runner_engine_code(dict_args, tool, devops_platform_gateway):
|
|
11
|
+
def runner_engine_code(dict_args, tool, devops_platform_gateway, remote_config_source_gateway):
|
|
12
12
|
try:
|
|
13
13
|
tool_gateway = None
|
|
14
14
|
git_gateway = GitRun()
|
|
@@ -17,6 +17,7 @@ def runner_engine_code(dict_args, tool, devops_platform_gateway):
|
|
|
17
17
|
|
|
18
18
|
return init_engine_sast_code(
|
|
19
19
|
devops_platform_gateway=devops_platform_gateway,
|
|
20
|
+
remote_config_source_gateway=remote_config_source_gateway,
|
|
20
21
|
tool_gateway=tool_gateway,
|
|
21
22
|
dict_args=dict_args,
|
|
22
23
|
git_gateway=git_gateway,
|
|
@@ -25,14 +25,16 @@ class CodeScan:
|
|
|
25
25
|
self,
|
|
26
26
|
tool_gateway: ToolGateway,
|
|
27
27
|
devops_platform_gateway: DevopsPlatformGateway,
|
|
28
|
+
remote_config_source_gateway: DevopsPlatformGateway,
|
|
28
29
|
git_gateway: GitGateway,
|
|
29
30
|
):
|
|
30
31
|
self.tool_gateway = tool_gateway
|
|
31
32
|
self.devops_platform_gateway = devops_platform_gateway
|
|
33
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
32
34
|
self.git_gateway = git_gateway
|
|
33
35
|
|
|
34
36
|
def set_config_tool(self, dict_args):
|
|
35
|
-
init_config_tool = self.
|
|
37
|
+
init_config_tool = self.remote_config_source_gateway.get_remote_config(
|
|
36
38
|
dict_args["remote_config_repo"], "engine_sast/engine_code/ConfigTool.json", dict_args["remote_config_branch"]
|
|
37
39
|
)
|
|
38
40
|
scope_pipeline = self.devops_platform_gateway.get_variable("pipeline_name")
|
|
@@ -88,7 +90,7 @@ class CodeScan:
|
|
|
88
90
|
|
|
89
91
|
def process(self, dict_args, tool):
|
|
90
92
|
config_tool = self.set_config_tool(dict_args)
|
|
91
|
-
exclusions_data = self.
|
|
93
|
+
exclusions_data = self.remote_config_source_gateway.get_remote_config(
|
|
92
94
|
dict_args["remote_config_repo"], "engine_sast/engine_code/Exclusions.json"
|
|
93
95
|
)
|
|
94
96
|
list_exclusions, skip_tool = self.get_exclusions(tool, exclusions_data)
|
devsecops_engine_tools/engine_sast/engine_code/src/infrastructure/entry_points/entry_point_tool.py
CHANGED
|
@@ -2,5 +2,5 @@ from devsecops_engine_tools.engine_sast.engine_code.src.domain.usecases.code_sca
|
|
|
2
2
|
CodeScan,
|
|
3
3
|
)
|
|
4
4
|
|
|
5
|
-
def init_engine_sast_code(devops_platform_gateway, tool_gateway, dict_args, git_gateway, tool):
|
|
6
|
-
return CodeScan(tool_gateway, devops_platform_gateway, git_gateway).process(dict_args, tool)
|
|
5
|
+
def init_engine_sast_code(devops_platform_gateway, remote_config_source_gateway, tool_gateway, dict_args, git_gateway, tool):
|
|
6
|
+
return CodeScan(tool_gateway, devops_platform_gateway, remote_config_source_gateway, git_gateway).process(dict_args, tool)
|
|
@@ -12,7 +12,7 @@ from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_ada
|
|
|
12
12
|
)
|
|
13
13
|
|
|
14
14
|
|
|
15
|
-
def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env):
|
|
15
|
+
def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, remote_config_source_gateway, env):
|
|
16
16
|
try:
|
|
17
17
|
# Define driven adapters for gateways
|
|
18
18
|
tool_gateway = None
|
|
@@ -28,6 +28,7 @@ def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env
|
|
|
28
28
|
|
|
29
29
|
return init_engine_sast_rm(
|
|
30
30
|
devops_platform_gateway=devops_platform_gateway,
|
|
31
|
+
remote_config_source_gateway=remote_config_source_gateway,
|
|
31
32
|
tool_gateway=tool_gateway,
|
|
32
33
|
dict_args=dict_args,
|
|
33
34
|
secret_tool=secret_tool,
|
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
from abc import ABCMeta, abstractmethod
|
|
2
2
|
|
|
3
|
+
|
|
3
4
|
class ToolGateway(metaclass=ABCMeta):
|
|
4
5
|
@abstractmethod
|
|
5
6
|
def run_tool(self, config_tool, folders_to_scan, **kwargs):
|
|
6
7
|
"run_tool"
|
|
7
8
|
|
|
8
|
-
@
|
|
9
|
-
def get_iac_context_from_results(
|
|
10
|
-
|
|
11
|
-
) -> None:
|
|
12
|
-
"get_iac_context_from_results"
|
|
9
|
+
@abstractmethod
|
|
10
|
+
def get_iac_context_from_results(self, path_file_results) -> None:
|
|
11
|
+
"get_iac_context_from_results"
|
|
@@ -20,21 +20,26 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
|
20
20
|
|
|
21
21
|
class IacScan:
|
|
22
22
|
def __init__(
|
|
23
|
-
self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway
|
|
23
|
+
self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway, remote_config_source_gateway: DevopsPlatformGateway
|
|
24
24
|
):
|
|
25
25
|
self.tool_gateway = tool_gateway
|
|
26
26
|
self.devops_platform_gateway = devops_platform_gateway
|
|
27
|
+
self.remote_config_source_gateway = remote_config_source_gateway
|
|
27
28
|
|
|
28
29
|
def process(self, dict_args, secret_tool, tool, env):
|
|
29
|
-
config_tool_iac = self.
|
|
30
|
-
dict_args["remote_config_repo"],
|
|
30
|
+
config_tool_iac = self.remote_config_source_gateway.get_remote_config(
|
|
31
|
+
dict_args["remote_config_repo"],
|
|
32
|
+
"engine_sast/engine_iac/ConfigTool.json",
|
|
33
|
+
dict_args["remote_config_branch"],
|
|
31
34
|
)
|
|
32
35
|
|
|
33
|
-
exclusions = self.
|
|
34
|
-
dict_args["remote_config_repo"],
|
|
36
|
+
exclusions = self.remote_config_source_gateway.get_remote_config(
|
|
37
|
+
dict_args["remote_config_repo"],
|
|
38
|
+
"engine_sast/engine_iac/Exclusions.json",
|
|
39
|
+
dict_args["remote_config_branch"],
|
|
35
40
|
)
|
|
36
41
|
|
|
37
|
-
config_tool_core, folders_to_scan, skip_tool = self.
|
|
42
|
+
config_tool_core, folders_to_scan, skip_tool = self._complete_config_tool(
|
|
38
43
|
config_tool_iac, exclusions, tool, dict_args
|
|
39
44
|
)
|
|
40
45
|
|
|
@@ -54,12 +59,10 @@ class IacScan:
|
|
|
54
59
|
print("Tool skipped by DevSecOps policy")
|
|
55
60
|
dict_args["send_metrics"] = "false"
|
|
56
61
|
dict_args["use_vulnerability_management"] = "false"
|
|
57
|
-
|
|
62
|
+
|
|
58
63
|
if dict_args.get("context") == "true":
|
|
59
|
-
self.tool_gateway.get_iac_context_from_results(
|
|
60
|
-
|
|
61
|
-
)
|
|
62
|
-
|
|
64
|
+
self.tool_gateway.get_iac_context_from_results(path_file_results)
|
|
65
|
+
|
|
63
66
|
totalized_exclusions = []
|
|
64
67
|
(
|
|
65
68
|
totalized_exclusions.extend(
|
|
@@ -95,7 +98,7 @@ class IacScan:
|
|
|
95
98
|
|
|
96
99
|
return findings_list, input_core
|
|
97
100
|
|
|
98
|
-
def
|
|
101
|
+
def _complete_config_tool(self, data_file_tool, exclusions, tool, dict_args):
|
|
99
102
|
config_tool = ConfigTool(json_data=data_file_tool)
|
|
100
103
|
|
|
101
104
|
config_tool.exclusions = exclusions
|
|
@@ -137,7 +140,7 @@ class IacScan:
|
|
|
137
140
|
|
|
138
141
|
folders_to_scan = [dict_args["folder_path"]]
|
|
139
142
|
else:
|
|
140
|
-
folders_to_scan = self.
|
|
143
|
+
folders_to_scan = self._search_folders(config_tool.search_pattern)
|
|
141
144
|
|
|
142
145
|
if len(folders_to_scan) == 0:
|
|
143
146
|
logger.warning(
|
|
@@ -147,7 +150,7 @@ class IacScan:
|
|
|
147
150
|
|
|
148
151
|
return config_tool, folders_to_scan, skip_tool
|
|
149
152
|
|
|
150
|
-
def
|
|
153
|
+
def _search_folders(self, search_pattern):
|
|
151
154
|
current_directory = os.getcwd()
|
|
152
155
|
patron = "(?i).*?(" + "|".join(search_pattern) + ").*$"
|
|
153
156
|
folders = [
|
|
@@ -160,4 +163,4 @@ class IacScan:
|
|
|
160
163
|
for folder in folders
|
|
161
164
|
if re.match(patron, folder)
|
|
162
165
|
]
|
|
163
|
-
return matching_folders
|
|
166
|
+
return matching_folders
|
|
@@ -5,6 +5,7 @@ from devsecops_engine_tools.engine_core.src.domain.model.finding import (
|
|
|
5
5
|
from datetime import datetime
|
|
6
6
|
from dataclasses import dataclass
|
|
7
7
|
|
|
8
|
+
|
|
8
9
|
@dataclass
|
|
9
10
|
class CheckovDeserealizator:
|
|
10
11
|
@classmethod
|
|
@@ -16,20 +17,24 @@ class CheckovDeserealizator:
|
|
|
16
17
|
for result in results_scan_list:
|
|
17
18
|
if "failed_checks" in str(result):
|
|
18
19
|
for scan in result["results"]["failed_checks"]:
|
|
19
|
-
check_id = scan.get("check_id")
|
|
20
|
+
check_id = scan.get("check_id")
|
|
20
21
|
if not rules.get(check_id):
|
|
21
22
|
description = scan.get("check_name")
|
|
22
23
|
severity = default_severity.lower()
|
|
23
24
|
category = default_category.lower()
|
|
24
25
|
else:
|
|
25
|
-
description = rules[check_id].get(
|
|
26
|
+
description = rules[check_id].get(
|
|
27
|
+
"checkID", scan.get("check_name")
|
|
28
|
+
)
|
|
26
29
|
severity = rules[check_id].get("severity").lower()
|
|
27
30
|
category = rules[check_id].get("category").lower()
|
|
28
31
|
|
|
29
32
|
finding_open = Finding(
|
|
30
33
|
id=check_id,
|
|
31
34
|
cvss=None,
|
|
32
|
-
where=scan.get("repo_file_path")
|
|
35
|
+
where=scan.get("repo_file_path")
|
|
36
|
+
+ ": "
|
|
37
|
+
+ str(scan.get("resource")),
|
|
33
38
|
description=description,
|
|
34
39
|
severity=severity,
|
|
35
40
|
identification_date=datetime.now().strftime("%d%m%Y"),
|
|
@@ -37,10 +42,8 @@ class CheckovDeserealizator:
|
|
|
37
42
|
module="engine_iac",
|
|
38
43
|
category=Category(category),
|
|
39
44
|
requirements=scan.get("guideline"),
|
|
40
|
-
tool="Checkov"
|
|
45
|
+
tool="Checkov",
|
|
41
46
|
)
|
|
42
|
-
list_open_findings.append(finding_open)
|
|
43
|
-
|
|
47
|
+
list_open_findings.append(finding_open)
|
|
48
|
+
|
|
44
49
|
return list_open_findings
|
|
45
|
-
|
|
46
|
-
|