devsecops-engine-tools 1.6.7__py3-none-any.whl

devsecops_engine_tools/engine_utilities/utils/api_error.py

@@ -0,0 +1,14 @@
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from marshmallow import ValidationError
+from requests import Response
+
+
+class ApiError(ValidationError):
+    def __init__(self, message):
+        m = ""
+        if isinstance(message, dict):
+            m = str(message.get("message")) if message.get("message") else ""
+            m += str(message.get("detail")) if message.get("detail") else ""
+        else:
+            m = str(message)
+        super().__init__({"message": str(m)})

devsecops_engine_tools/engine_utilities/utils/dataclass_classmethod.py

@@ -0,0 +1,84 @@
+import dataclasses
+import typing
+import datetime
+import enum
+from inspect import isclass
+from .name_conversion import camel_case_to_snake_case, snake_case_to_camel_case
+from .datetime_parsing import iso_from_datetime, parse_iso_datetime
+
+
+class FromDictMixin:
+    @staticmethod
+    def attribute_to_dict(attribute):
+        if hasattr(attribute, "to_dict") and callable(attribute.to_dict):
+            return getattr(attribute, "to_dict")()
+        return attribute
+
+    def to_dict(self):
+        if self == {}:
+            return self
+        available_fields = {field.name: field for field in dataclasses.fields(self)}
+        transformed_data = {}
+        for field_name, field_type in available_fields.items():
+            navitaire_key = snake_case_to_camel_case(field_name)
+            attribute = getattr(self, field_name)
+            if isinstance(attribute, list):
+                transformed_data[navitaire_key] = []
+                for element in attribute:
+                    transformed_data[navitaire_key].append(FromDictMixin.attribute_to_dict(element))
+            elif isinstance(attribute, dict):
+                transformed_data[navitaire_key] = {}
+                for key, element in attribute.items():
+                    transformed_data[navitaire_key][key] = FromDictMixin.attribute_to_dict(element)
+            elif isinstance(attribute, enum.Enum):
+                transformed_data[navitaire_key] = attribute.value
+            elif isinstance(attribute, datetime.datetime):
+                transformed_data[navitaire_key] = iso_from_datetime(attribute)
+            else:
+                transformed_data[navitaire_key] = FromDictMixin.attribute_to_dict(attribute)
+        return transformed_data
+
+    @classmethod
+    def from_dict(cls, data):
+        built_in_types = (int, str, bool, float)
+        available_fields = {field.name: field for field in dataclasses.fields(cls)}
+        transformed_data = {}
+        for key, value in data.items():
+            internal_key = camel_case_to_snake_case(key)
+            if internal_key in available_fields.keys() and value:
+                matching_internal_field = available_fields[internal_key]
+                if matching_internal_field.type in built_in_types:
+                    internal_value = value
+                elif matching_internal_field.type == datetime.datetime and value:
+                    internal_value = parse_iso_datetime(value)
+                elif isclass(matching_internal_field.type) and issubclass(matching_internal_field.type, enum.Enum):
+                    internal_value = matching_internal_field.type(value)
+                elif hasattr(matching_internal_field.type, "from_dict") and callable(
+                    matching_internal_field.type.from_dict
+                ):
+                    internal_value = matching_internal_field.type.from_dict(value)
+                elif (
+                    isinstance(matching_internal_field.type, typing._GenericAlias)
+                    and matching_internal_field.type.__origin__ == list
+                ):
+                    value_class = matching_internal_field.type.__args__[0]
+                    internal_value = []
+                    if hasattr(value_class, "from_dict") and callable(value_class.from_dict):
+                        internal_value = [value_class.from_dict(v) for v in value]
+                    else:
+                        internal_value = [v for v in value]
+                elif (
+                    isinstance(matching_internal_field.type, typing._GenericAlias)
+                    and matching_internal_field.type.__origin__ == dict
+                ):
+                    value_class = matching_internal_field.type.__args__[1]
+                    internal_value = {}
+                    if hasattr(value_class, "from_dict") and callable(value_class.from_dict):
+                        internal_value = {k: value_class.from_dict(v) for k, v in value.items()}
+                    else:
+                        internal_value = value
+                else:
+                    internal_value = None
+                if internal_value:
+                    transformed_data[internal_key] = internal_value
+        return cls(**transformed_data)

devsecops_engine_tools/engine_utilities/utils/datetime_parsing.py

@@ -0,0 +1,10 @@
+import datetime
+import dateutil.parser
+
+
+def parse_iso_datetime(datetime_string: str):
+    return dateutil.parser.isoparse(datetime_string)
+
+
+def iso_from_datetime(dt: datetime.datetime):
+    return dt.isoformat()

devsecops_engine_tools/engine_utilities/utils/logger_info.py

@@ -0,0 +1,109 @@
+# -*- coding: utf-8 -*-
+import logging
+import os
+import datetime
+
+log_records = []
+
+
+class CustomFormatter(logging.Formatter):
+    grey = "\x1b[38;20m"
+    yellow = "\x1b[33;20m"
+    red = "\x1b[31;20m"
+    bold_red = "\x1b[31;1m"
+    reset = "\x1b[0m"
+    format = "%(asctime)s [%(levelname)s | %(filename)s | %(funcName)s | %(lineno)d] > %(message)s"
+
+    FORMATS = {
+        logging.DEBUG: grey + format + reset,
+        logging.INFO: grey + format + reset,
+        logging.WARNING: yellow + format + reset,
+        logging.ERROR: red + format + reset,
+        logging.CRITICAL: bold_red + format + reset,
+    }
+
+    def format(self, record):
+        log_fmt = self.FORMATS.get(record.levelno)
+        formatter = logging.Formatter(log_fmt)
+        return formatter.format(record)
+
+
+class JsonFormatter(logging.Formatter):
+    def format(self, record):
+        log_data = {
+            "timestamp": self.formatTime(record),
+            "level": record.levelname,
+            "message": record.getMessage(),
+            "module": record.module,
+            "funcName": record.funcName,
+            "lineno": record.lineno
+        }
+        return log_data
+
+
+class ListHandler(logging.Handler):
+    def emit(self, record):
+        log_record = self.format(record)
+        log_records.append(log_record)
+
+
+class SingletonType(type):
+    _instances = {}
+
+    def __call__(cls, *args, **kwargs):
+        if cls not in cls._instances:
+            cls._instances[cls] = super(SingletonType, cls).__call__(*args, **kwargs)
+        return cls._instances[cls]
+
+
+class MyLogger(metaclass=SingletonType):
+    """resive como parametro bool si es
+    True cre un archivo de logs por default is False"""
+
+    _logger = None
+
+    def __init__(self, *args, **kwargs):
+        self._logger = logging.getLogger("crumbs")
+        if kwargs["debug"]:
+            self._logger.setLevel(logging.DEBUG)
+        else:
+            self._logger.setLevel(logging.WARNING)
+
+        if kwargs["log_file"]:
+            now = datetime.datetime.now()
+            dirname = "./log"
+            if not os.path.isdir(dirname):
+                os.mkdir(dirname)
+            if kwargs["log_file_format"] == "log":
+                # log with file log
+                file_handler = logging.FileHandler(
+                    dirname + "/log_" + now.strftime("%Y-%m-%d") + ".log"
+                )
+                formatter = logging.Formatter(
+                    "%(asctime)s [%(levelname)s | %(filename)s | %(funcName)s | %(lineno)d] > %(message)s"
+                )
+                file_handler.setFormatter(formatter)
+                self._logger.addHandler(file_handler)
+            elif kwargs["log_file_format"] == "json":
+                # log with file json
+                file_handler = ListHandler()
+                file_handler.setFormatter(JsonFormatter())
+                self._logger.addHandler(file_handler)
+        if kwargs["log_console"]:
+            # log whit console
+            stream_handler = logging.StreamHandler()
+            stream_handler.setFormatter(CustomFormatter())
+            self._logger.addHandler(stream_handler)
+
+    def get_logger(self):
+        return self._logger
+
+
+# forma de llamado
+# if __name__ == "__main__":
+#     logger = MyLogger.__call__(True)(True).get_logger()
+#     logger.info("debug message")
+#     logger.info("info message")
+#     logger.warning("warning message")
+#     logger.error("error message")
+#     logger.critical("critical message")

devsecops_engine_tools/engine_utilities/utils/name_conversion.py

@@ -0,0 +1,12 @@
+import re
+
+
+def camel_case_to_snake_case(value):
+    return re.sub(r"(?<=[a-z])(?=[A-Z])", "_", value).lower()
+
+
+def snake_case_to_camel_case(value):
+    parts = value.split("_")
+    parts[0] = parts[0].lower()
+    parts[1:] = [part.capitalize() for part in parts[1:]]
+    return "".join(parts)

devsecops_engine_tools/engine_utilities/utils/printers.py

@@ -0,0 +1,21 @@
+import pyfiglet
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+import logging
+
+logger = logging.getLogger(__name__)
+logging.basicConfig(format="%(message)s", level=logging.INFO)
+
+
+class Printers:
+    @staticmethod
+    def print_logo_tool(banner: str):
+        print(pyfiglet.figlet_format(banner, font="slant"))
+
+    @staticmethod
+    def print_title(title: str):
+        logger.info("\n")
+        logger.info("*" * len(title))
+        logger.info(title)
+        logger.info("*" * len(title))
+        logger.info("\n")

devsecops_engine_tools/engine_utilities/utils/session_manager.py

@@ -0,0 +1,14 @@
+import requests
+
+
+class SessionManager:
+    _instance = None
+    _token = None
+    _host = None
+
+    def __new__(cls, token=None, host=None):
+        cls._token = token
+        cls._host = host
+        if not cls._instance:
+            cls._instance = requests.Session()
+        return cls

devsecops_engine_tools/version.py

@@ -0,0 +1 @@
+version = '1.6.7'

devsecops_engine_tools-1.6.7.dist-info/METADATA

@@ -0,0 +1,156 @@
+Metadata-Version: 2.1
+Name: devsecops-engine-tools
+Version: 1.6.7
+Summary: Tool for DevSecOps strategy
+Home-page: https://github.com/bancolombia/devsecops-engine-tools
+Author: Bancolombia DevSecOps Team
+Author-email: devsecops@bancolombia.com.co
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: requests ==2.31.0
+Requires-Dist: multipledispatch ==0.6.0
+Requires-Dist: PyYAML ==6.0.1
+Requires-Dist: checkov ==2.3.296
+Requires-Dist: pyfiglet ==0.7
+Requires-Dist: prettytable ==3.8.0
+Requires-Dist: azure-devops ==7.1.0b3
+Requires-Dist: marshmallow ==3.19.0
+Requires-Dist: pytz ==2023.3
+Requires-Dist: python-decouple ==3.8
+Requires-Dist: requests-toolbelt ==1.0.0
+Requires-Dist: python-dateutil ==2.8.2
+Requires-Dist: pexpect ==4.9.0
+
+# DevSecOps Engine Tools
+
+[![Maintained by Bancolombia](https://img.shields.io/badge/maintained_by-Bancolombia-yellow)](#)
+[![Build](https://github.com/bancolombia/devsecops-engine-tools/actions/workflows/build.yml/badge.svg)](https://github.com/bancolombia/devsecops-engine-tools/actions/workflows/build.yml)
+[![Python Version](https://img.shields.io/badge/python%20-%203.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20-blue)](#)
+
+# Objective
+
+Tool that unifies the evaluation of the different devsecops practices being agnostic to the devops platform, using both open source and market tools.
+
+# Component
+
+📦 [tools](https://github.com/bancolombia/devsecops-engine-tools/tree/trunk/tools): DevSecOps Practice Modules
+
+# Communications channel
+
+Here are the channels we use to communicate about the project:
+
+**1. Mailing list:** You can join our mailing list to always be informed at the following link: [CommunityDevsecopsEngine](https://groups.google.com/g/CommunityDevsecopsEngine)
+
+**2. Email:** You can write to us by email:  MaintainersDevsecopsEngine@googlegroups.com
+
+# Getting started
+
+### Requirements
+
+- Python >= 3.8
+
+### Installation
+
+```bash
+pip3 install devsecops-engine-tools
+```
+
+### Scan running - flags (CLI)
+
+```bash
+devsecops-engine-tools --platform_devops ["local","azure"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container"] --folder_path ["Folder path scan engine_iac"] --platform ["eks","openshift"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] 
+```
+
+### Structure Remote Config
+[example_remote_config_local](https://github.com/bancolombia/devsecops-engine-tools/blob/trunk/example_remote_config_local/)
+```bash
+📦Remote_Config
+   ┣ 📂engine_core
+   ┃ ┗ 📜ConfigTool.json
+   ┣ 📂engine_sast
+   ┃ ┗ 📂engine_iac
+   ┃   ┗ 📜ConfigTool.json
+   ┃   ┗ 📜Exclusions.json
+   ┃ ┗ 📂engine_secret
+   ┃   ┗ 📜ConfigTool.json
+   ┣ 📂engine_sca
+   ┃ ┗ 📂engine_container
+   ┃   ┗ 📜ConfigTool.json
+   ┃   ┗ 📜Exclusions.json
+   ┃ ┗ 📂engine_dependencies
+   ┃   ┗ 📜ConfigTool.json
+   ┃   ┗ 📜Exclusions.json
+```
+### Scan running sample (CLI) - Local
+
+> Complete the value in **.envdetlocal** file a set in execution environment
+```
+$ set -a
+$ source .envdetlocal
+$ set +a
+```
+
+
+```bash
+devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Remote_Config --tool engine_iac
+
+```
+### Scan result sample (CLI)
+
+```bash
+    ____            _____           ____                ______            _               ______            __    
+   / __ \___ _   __/ ___/___  _____/ __ \____  _____   / ____/___  ____ _(_)___  ___     /_  __/___  ____  / /____
+  / / / / _ \ | / /\__ \/ _ \/ ___/ / / / __ \/ ___/  / __/ / __ \/ __ `/ / __ \/ _ \     / / / __ \/ __ \/ / ___/
+ / /_/ /  __/ |/ /___/ /  __/ /__/ /_/ / /_/ (__  )  / /___/ / / / /_/ / / / / /  __/    / / / /_/ / /_/ / (__  ) 
+/_____/\___/|___//____/\___/\___/\____/ .___/____/  /_____/_/ /_/\__, /_/_/ /_/\___/    /_/  \____/\____/_/____/  
+                                     /_/                        /____/                                            
+
+Secrets manager is not enabled to configure external checks
+
+Below are all vulnerabilities detected.
+╔══════════╦════════════╦════════════════════════════════════════════════════════════════════════════════════╦════════════════════════╗
+║ Severity ║ ID         ║ Description                                                                        ║ Where                  ║
+╠══════════╬════════════╬════════════════════════════════════════════════════════════════════════════════════╬════════════════════════╣
+║ critical ║ CKV_K8S_37 ║ IAC-CKV_K8S_37 Minimize the admission of containers with capabilities assigned     ║ /_AW1234/app.yaml      ║
+║ critical ║ CKV_K8S_20 ║ IAC-CKV_K8S_20 Containers should not run with allowPrivilegeEscalation             ║ /_AW1234/app.yaml      ║
+║ critical ║ CKV_K8S_30 ║ IAC-CKV_K8S_30 Apply security context to your containers                           ║ /_AW1234/app.yaml      ║
+║ critical ║ CKV_K8S_23 ║ IAC-CKV_K8S_23 Minimize the admission of root containers                           ║ /_AW1234/app.yaml      ║
+║ high     ║ CKV_AWS_20 ║ C-S3-005-AWS S3 buckets are accessible to public                                   ║ /_AW1234/template.yaml ║
+║ high     ║ CKV_K8S_22 ║ IAC-CKV_K8S_22 Use read-only filesystem for containers where possible              ║ /_AW1234/app.yaml      ║
+║ high     ║ CKV_K8S_28 ║ IAC-CKV_K8S_28 Minimize the admission of containers with the NET_RAW capability    ║ /_AW1234/app.yaml      ║
+║ high     ║ CKV_K8S_38 ║ IAC-CKV_K8S_38 Ensure that Service Account Tokens are only mounted where necessary ║ /_AW1234/app.yaml      ║
+╚══════════╩════════════╩════════════════════════════════════════════════════════════════════════════════════╩════════════════════════╝
+Security count issues (critical: 4, high: 4, medium: 0, low: 0) is greater than or equal to failure criteria (critical: 1, high: 8, medium: 10, low:15, operator: or)
+✘Failed
+
+Below are all compliances issues detected.
+╔══════════╦═══════════╦════════════════════════════════════════════════════╦═══════════════════╗
+║ Severity ║ ID        ║ Description                                        ║ Where             ║
+╠══════════╬═══════════╬════════════════════════════════════════════════════╬═══════════════════╣
+║ critical ║ CKV_K8S_8 ║ IAC-CKV_K8S_8 Liveness Probe Should be Configured  ║ /_AW1234/app.yaml ║
+║ critical ║ CKV_K8S_9 ║ IAC-CKV_K8S_9 Readiness Probe Should be Configured ║ /_AW1234/app.yaml ║
+╚══════════╩═══════════╩════════════════════════════════════════════════════╩═══════════════════╝
+Compliance issues count (critical: 2) is greater than or equal to failure criteria (critical: 1)
+✘Failed
+
+Bellow are all the findings that were accepted.
+╔══════════╦════════════╦═══════════════════╦═════════════╦══════════════╦══════════════════╗
+║ Severity ║ ID         ║ Where             ║ Create Date ║ Expired Date ║ Reason           ║
+╠══════════╬════════════╬═══════════════════╬═════════════╬══════════════╬══════════════════╣
+║ high     ║ CKV_K8S_38 ║ /_AW1234/app.yaml ║ 18/11/2023  ║ 18/03/2024   ║ False Positive   ║
+╚══════════╩════════════╩═══════════════════╩═════════════╩══════════════╩══════════════════╝
+
+message custom
+```
+
+# How can I help?
+
+Review the issues, we hear new ideas. Read more [Contributing](https://github.com/bancolombia/devsecops-engine-tools/blob/trunk/docs/CONTRIBUTING.md)
+
+
+
+
+