devsecops-engine-tools 1.6.7__py3-none-any.whl

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azure_devops.py

@@ -0,0 +1,103 @@
+from dataclasses import dataclass
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway,
+)
+from devsecops_engine_tools.engine_utilities.azuredevops.models.AzurePredefinedVariables import (
+    BuildVariables,
+    SystemVariables,
+    ReleaseVariables,
+    AgentVariables,
+)
+from devsecops_engine_tools.engine_utilities.azuredevops.infrastructure.azure_devops_api import (
+    AzureDevopsApi,
+)
+from devsecops_engine_tools.engine_utilities.azuredevops.models.AzureMessageLoggingPipeline import (
+    AzureMessageLoggingPipeline,
+    AzureMessageResultPipeline,
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+
+@dataclass
+class AzureDevops(DevopsPlatformGateway):
+    def get_remote_config(self, repository, path):
+        base_compact_remote_config_url = (
+            f"https://{SystemVariables.System_TeamFoundationCollectionUri.value().rstrip('/').split('/')[-1].replace('.visualstudio.com','')}"
+            f".visualstudio.com/{SystemVariables.System_TeamProject.value()}/_git/"
+            f"{repository}?path={path}"
+        )
+        utils_azure = AzureDevopsApi(
+            personal_access_token=SystemVariables.System_AccessToken.value(),
+            compact_remote_config_url=base_compact_remote_config_url,
+        )
+        connection = utils_azure.get_azure_connection()
+        return utils_azure.get_remote_json_config(connection=connection)
+
+    def message(self, type, message):
+        if type == "succeeded":
+            return AzureMessageLoggingPipeline.SucceededLogging.get_message(message)
+        elif type == "info":
+            return AzureMessageLoggingPipeline.InfoLogging.get_message(message)
+        elif type == "warning":
+            return AzureMessageLoggingPipeline.WarningLogging.get_message(message)
+        elif type == "error":
+            return AzureMessageLoggingPipeline.ErrorLogging.get_message(message)
+
+    def result_pipeline(self, type):
+        if type == "failed":
+            return AzureMessageResultPipeline.Failed.value
+        elif type == "succeeded":
+            return AzureMessageResultPipeline.Succeeded.value
+        elif type == "succeeded_with_issues":
+            return AzureMessageResultPipeline.SucceededWithIssues.value
+
+    def get_source_code_management_uri(self):
+        source_code_management_uri = (
+            f"{SystemVariables.System_TeamFoundationCollectionUri.value()}"
+            f"{SystemVariables.System_TeamProject.value()}/_git/{BuildVariables.Build_Repository_Name.value()}"
+        )
+        return source_code_management_uri.replace(" ", "%20")
+
+    def get_base_compact_remote_config_url(self, remote_config_repo):
+        return (
+            f"https://{SystemVariables.System_TeamFoundationCollectionUri.value().rstrip('/').split('/')[-1].replace('.visualstudio.com','')}"
+            f".visualstudio.com/{SystemVariables.System_TeamProject.value()}/_git/"
+            f"{remote_config_repo}?path=/"
+        )
+
+    def get_variable(self, variable):
+
+            variable_map = {
+                "branch_name": BuildVariables.Build_SourceBranchName,
+                "build_id": BuildVariables.Build_BuildNumber,
+                "build_execution_id": BuildVariables.Build_BuildId,
+                "commit_hash": BuildVariables.Build_SourceVersion,
+                "environment": ReleaseVariables.Environment,
+                "release_id": ReleaseVariables.Release_Releaseid,
+                "branch_tag": BuildVariables.Build_SourceBranch,
+                "access_token": SystemVariables.System_AccessToken,
+                "organization": SystemVariables.System_TeamFoundationCollectionUri,
+                "project_name": SystemVariables.System_TeamProject,
+                "repository": BuildVariables.Build_Repository_Name,
+                "pipeline_name": (
+                    BuildVariables.Build_DefinitionName
+                    if SystemVariables.System_HostType.value() == "build"
+                    else ReleaseVariables.Release_Definitionname
+                ),
+                "stage": SystemVariables.System_HostType,
+                "path_directory": SystemVariables.System_DefaultWorkingDirectory,
+                "os": AgentVariables.Agent_OS,
+                "work_folder": AgentVariables.Agent_WorkFolder,
+                "temp_directory": AgentVariables.Agent_TempDirectory,
+                "agent_directory": AgentVariables.Agent_BuildDirectory,
+                "target_branch": SystemVariables.System_TargetBranchName,
+                "source_branch": SystemVariables.System_SourceBranch,
+                "repository_provider": BuildVariables.Build_Repository_Provider,
+            }
+            try:
+                return variable_map.get(variable).value()
+            except ValueError:
+                return None

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py

@@ -0,0 +1,215 @@
+from dataclasses import dataclass
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_management_gateway import (
+    VulnerabilityManagementGateway,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import (
+    VulnerabilityManagement,
+)
+from devsecops_engine_tools.engine_utilities.defect_dojo import (
+    DefectDojo,
+    ImportScanRequest,
+    Connect,
+    Finding,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions
+from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager
+from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import (
+    ExceptionVulnerabilityManagement,
+    ExceptionFindingsExcepted,
+)
+from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import (
+    format_date,
+)
+from functools import partial
+
+
+@dataclass
+class DefectDojoPlatform(VulnerabilityManagementGateway):
+    def send_vulnerability_management(
+        self, vulnerability_management: VulnerabilityManagement
+    ):
+        try:
+            token_dd = (
+                vulnerability_management.dict_args["token_vulnerability_management"]
+                if vulnerability_management.dict_args["token_vulnerability_management"]
+                is not None
+                else vulnerability_management.secret_tool["token_defect_dojo"]
+            )
+            token_cmdb = (
+                vulnerability_management.dict_args["token_cmdb"]
+                if vulnerability_management.dict_args["token_cmdb"] is not None
+                else vulnerability_management.secret_tool["token_cmdb"]
+            )
+
+            enviroment_mapping = {
+                "dev": "Development",
+                "qa": "Staging",
+                "pdn": "Production",
+                "default": "Production",
+            }
+            scan_type_mapping = {
+                "CHECKOV": "Checkov Scan",
+                "PRISMA": "Twistlock Image Scan",
+                "XRAY": "JFrog Xray On Demand Binary Scan",
+            }
+
+            if any(
+                branch in str(vulnerability_management.branch_tag)
+                for branch in vulnerability_management.config_tool[
+                    "VULNERABILITY_MANAGER"
+                ]["BRANCH_FILTER"].split(",")
+            ):
+                request: ImportScanRequest = Connect.cmdb(
+                    cmdb_mapping={
+                        "product_type_name": "nombreevc",
+                        "product_name": "nombreapp",
+                        "tag_product": "nombreentorno",
+                        "product_description": "arearesponsableti",
+                        "codigo_app": "CodigoApp",
+                    },
+                    compact_remote_config_url=f'{vulnerability_management.base_compact_remote_config_url}{vulnerability_management.config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["CMDB_MAPPING_PATH"]}',
+                    personal_access_token=vulnerability_management.access_token,
+                    token_cmdb=token_cmdb,
+                    host_cmdb=vulnerability_management.config_tool[
+                        "VULNERABILITY_MANAGER"
+                    ]["DEFECT_DOJO"]["HOST_CMDB"],
+                    expression=vulnerability_management.config_tool[
+                        "VULNERABILITY_MANAGER"
+                    ]["DEFECT_DOJO"]["REGEX_EXPRESSION_CMDB"],
+                    token_defect_dojo=token_dd,
+                    host_defect_dojo=vulnerability_management.config_tool[
+                        "VULNERABILITY_MANAGER"
+                    ]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"],
+                    scan_type=scan_type_mapping[vulnerability_management.scan_type],
+                    engagement_name=vulnerability_management.input_core.scope_pipeline,
+                    service=vulnerability_management.input_core.scope_pipeline,
+                    file=vulnerability_management.input_core.path_file_results,
+                    version=vulnerability_management.version,
+                    build_id=vulnerability_management.build_id,
+                    source_code_management_uri=vulnerability_management.source_code_management_uri,
+                    branch_tag=vulnerability_management.branch_tag,
+                    commit_hash=vulnerability_management.commit_hash,
+                    environment=(
+                        enviroment_mapping[vulnerability_management.environment.lower()]
+                        if vulnerability_management.environment is not None
+                        and vulnerability_management.environment.lower()
+                        in enviroment_mapping
+                        else enviroment_mapping["default"]
+                    ),
+                    tags="evc",
+                )
+
+                response = DefectDojo.send_import_scan(request)
+                if hasattr(response, "url"):
+                    url_parts = response.url.split("//")
+                    test_string = "//".join([url_parts[0] + "/", url_parts[1]])
+                    print(
+                        "Report sent to vulnerability management: ",
+                        f"{test_string}?tags={vulnerability_management.dict_args['tool']}",
+                    )
+                else:
+                    raise ExceptionVulnerabilityManagement(response)
+        except Exception as ex:
+            raise ExceptionVulnerabilityManagement(
+                "Error sending report to vulnerability management with the following error: {0} ".format(
+                    ex
+                )
+            )
+
+    def get_findings_excepted(self, service, dict_args, secret_tool, config_tool):
+        try:
+            token_dd = dict_args.get(
+                "token_vulnerability_management"
+            ) or secret_tool.get("token_defect_dojo")
+            session_manager = SessionManager(
+                token_dd,
+                config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"],
+            )
+
+            dd_limits_query = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][
+                "LIMITS_QUERY"
+            ]
+            tool = dict_args["tool"]
+
+            risk_accepted_query_params = {
+                "risk_accepted": True,
+                "tags": tool,
+                "limit": dd_limits_query,
+            }
+            false_positive_query_params = {
+                "false_p": True,
+                "tags": tool,
+                "limit": dd_limits_query,
+            }
+
+            exclusions_risk_accepted = self._get_findings_with_exclusions(
+                session_manager,
+                service,
+                risk_accepted_query_params,
+                tool,
+                self._format_date_to_dd_format,
+                "Risk Accepted",
+            )
+
+            exclusions_false_positive = self._get_findings_with_exclusions(
+                session_manager,
+                service,
+                false_positive_query_params,
+                tool,
+                self._format_date_to_dd_format,
+                "False Positive",
+            )
+
+            return list(exclusions_risk_accepted) + list(exclusions_false_positive)
+        except Exception as ex:
+            raise ExceptionFindingsExcepted(
+                "Error getting excepted findings with the following error: {0} ".format(
+                    ex
+                )
+            )
+
+    def _get_findings_with_exclusions(
+        self, session_manager, service, query_params, tool, date_fn, reason
+    ):
+        findings = self._get_findings(session_manager, service, query_params)
+        return map(
+            partial(self._create_exclusion, date_fn=date_fn, tool=tool, reason=reason),
+            findings,
+        )
+
+    def _get_findings(self, session_manager, service, query_params):
+        return Finding.get_finding(
+            session=session_manager, service=service, **query_params
+        ).results
+
+    def _create_exclusion(self, finding, date_fn, tool, reason):
+        return Exclusions(
+            id=finding.vuln_id_from_tool,
+            where=self._get_where(finding, tool),
+            create_date=date_fn(
+                finding.last_status_update
+                if reason == "False Positive"
+                else finding.accepted_risks[-1]["created"]
+            ),
+            expired_date=date_fn(
+                None
+                if reason == "False Positive"
+                else finding.accepted_risks[-1]["expiration_date"]
+            ),
+            reason=reason,
+        )
+
+    def _format_date_to_dd_format(self, date_string):
+        return (
+            format_date(date_string.split("T")[0], "%Y-%m-%d", "%d%m%Y")
+            if date_string
+            else None
+        )
+
+    def _get_where(self, finding, tool):
+        if tool in ["engine_iac", "engine_secret"]:
+            return finding.file_path
+        elif tool in ["engine_container", "engine_dependencies"]:
+            return finding.component_name + ":" + finding.component_version
+        elif tool == "engine_dast":
+            return finding.endpoints

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py

@@ -0,0 +1,84 @@
+from dataclasses import dataclass
+
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.printer_table_gateway import (
+    PrinterTableGateway,
+)
+from devsecops_engine_tools.engine_core.src.domain.model.finding import (
+    Finding,
+)
+from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import (
+    format_date
+)
+from prettytable import PrettyTable, DOUBLE_BORDER
+
+
+@dataclass
+class PrinterPrettyTable(PrinterTableGateway):
+    def _create_table(self, headers, finding_list):
+        table = PrettyTable(headers)
+
+        for finding in finding_list:
+            row_data = [
+                finding.severity,
+                finding.id,
+                finding.description,
+                finding.where,
+            ]
+            if (finding.module == "engine_container") or (
+                finding.module == "engine_dependencies"
+            ):
+                row_data.append(finding.requirements)
+
+            table.add_row(row_data)
+
+        severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3, "unknown": 4}
+        sorted_table = PrettyTable()
+        sorted_table.field_names = table.field_names
+        sorted_table.add_rows(
+            sorted(table._rows, key=lambda row: severity_order[row[0]])
+        )
+
+        for column in table.field_names:
+            sorted_table.align[column] = "l"
+
+        sorted_table.set_style(DOUBLE_BORDER)
+        return sorted_table
+
+    def print_table_findings(self, finding_list: "list[Finding]"):
+        if (
+            finding_list
+            and (finding_list[0].module != "engine_container")
+            and (finding_list[0].module != "engine_dependencies")
+        ):
+            headers = ["Severity", "ID", "Description", "Where"]
+        else:
+            headers = ["Severity", "ID", "Description", "Where", "Fixed in"]
+
+        sorted_table = self._create_table(headers, finding_list)
+
+        if len(sorted_table.rows) > 0:
+            print(sorted_table)
+    
+    def print_table_exclusions(self, exclusions):
+        if (exclusions):
+            headers = ["Severity", "ID", "Where", "Create Date", "Expired Date", "Reason"]
+
+        table = PrettyTable(headers)
+
+        for exclusion in exclusions:
+            row_data = [
+                exclusion["severity"],
+                exclusion["id"],
+                exclusion["where"],
+                format_date(exclusion["create_date"], "%d%m%Y", "%d/%m/%Y"),
+                format_date(exclusion["expired_date"], "%d%m%Y", "%d/%m/%Y") if exclusion["expired_date"] and exclusion["expired_date"] != "undefined" else "NA",
+                exclusion["reason"],
+            ]
+            table.add_row(row_data)
+
+        for column in table.field_names:
+            table.align[column] = "l"
+   
+        table.set_style(DOUBLE_BORDER)
+        if len(table.rows) > 0:
+            print(table)

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/runtime_local/runtime_local.py

@@ -0,0 +1,71 @@
+from dataclasses import dataclass
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway,
+)
+import json
+import os
+
+
+@dataclass
+class RuntimeLocal(DevopsPlatformGateway):
+
+    OKGREEN = "\033[92m"
+    WARNING = "\033[93m"
+    FAIL = "\033[91m"
+    ENDC = "\033[0m"
+    BOLD = "\033[1m"
+    ICON_FAIL = "\u2718"
+    ICON_SUCCESS = "\u2714"
+
+
+    def get_remote_config(self, repository, path):
+        with open(f"{repository}/{path}") as f:
+            return json.load(f)
+
+    def message(self, type, message):
+        if type == "succeeded":
+            return f"{self.OKGREEN}{message}{self.ENDC}"
+        elif type == "info":
+            return f"{self.BOLD}{message}{self.ENDC}"
+        elif type == "warning":
+            return f"{self.WARNING}{message}{self.ENDC}"
+        elif type == "error":
+            return f"{self.FAIL}{message}{self.ENDC}"
+
+    def result_pipeline(self, type):
+        if type == "failed":
+            return f"{self.FAIL}{self.ICON_FAIL}Failed{self.ENDC}"
+        elif type == "succeeded":
+            return f"{self.OKGREEN}{self.ICON_SUCCESS}Succeeded{self.ENDC}"
+
+    def get_source_code_management_uri(self):
+        return os.environ.get("DET_SOURCE_CODE_MANAGEMENT_URI")
+
+    def get_base_compact_remote_config_url(self, remote_config_repo):
+        return os.environ.get("DET_BASE_COMPACT_REMOTE_CONFIG_URL")
+
+    def get_variable(self, variable):
+        env_variables = {
+            "branch_name" : "DET_BRANCH_NAME",
+            "build_id" : "DET_BUILD_ID",
+            "build_execution_id" : "DET_BUILD_EXECUTION_ID",
+            "commit_hash" : "DET_COMMIT_HASH",
+            "environment" : "DET_ENVIRONMENT",
+            "release_id" : "DET_RELEASE_ID",
+            "branch_tag" : "DET_BRANCH_TAG",
+            "access_token" : "DET_ACCESS_TOKEN",
+            "organization" : "DET_ORGANIZATION",
+            "project_name" : "DET_PROJECT_NAME",
+            "repository" : "DET_REPOSITORY",
+            "pipeline_name" : "DET_PIPELINE_NAME",
+            "stage" : "DET_STAGE",
+            "path_directory" : "DET_PATH_DIRECTORY",
+            "os" : "DET_OS",
+            "work_folder" : "DET_WORK_FOLDER",
+            "temp_directory" : "DET_TEMP_DIRECTORY",
+            "agent_directory" : "DET_AGENT_DIRECTORY",
+            "target_branch" : "DET_TARGET_BRANCH",
+            "source_branch" : "DET_SOURCE_BRANCH",
+            "repository_provider" : "DET_REPOSITORY_PROVIDER"
+        }
+        return os.environ.get(env_variables[variable], None)

devsecops_engine_tools/engine_core/src/infrastructure/entry_points/entry_point_core.py

@@ -0,0 +1,50 @@
+from devsecops_engine_tools.engine_core.src.domain.usecases.break_build import (
+    BreakBuild,
+)
+from devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan import (
+    HandleScan,
+)
+from devsecops_engine_tools.engine_core.src.domain.usecases.metrics_manager import (
+    MetricsManager,
+)
+from devsecops_engine_tools.engine_utilities.utils.printers import (
+    Printers,
+)
+
+
+def init_engine_core(
+    vulnerability_management_gateway: any,
+    secrets_manager_gateway: any,
+    devops_platform_gateway: any,
+    print_table_gateway: any,
+    metrics_manager_gateway: any,
+    args: any
+):
+    config_tool = devops_platform_gateway.get_remote_config(
+        args["remote_config_repo"], "/engine_core/ConfigTool.json"
+    )
+    Printers.print_logo_tool(config_tool["BANNER"])
+
+    if config_tool[args["tool"].upper()]["ENABLED"] == "true":
+        findings_list, input_core = HandleScan(
+            vulnerability_management_gateway,
+            secrets_manager_gateway,
+            devops_platform_gateway,
+        ).process(args, config_tool)
+
+        scan_result = BreakBuild(devops_platform_gateway, print_table_gateway).process(
+            findings_list,
+            input_core,
+            args
+        )
+        if args["send_metrics"] == "true":
+            MetricsManager(devops_platform_gateway, metrics_manager_gateway).process(
+                config_tool, input_core, args, scan_result
+            )
+    else:
+        print(
+            devops_platform_gateway.message(
+                "warning",
+                "DevSecOps Engine Tool - {0} in maintenance...".format(args["tool"]),
+            )
+        )

devsecops_engine_tools/engine_core/src/infrastructure/helpers/aws.py

@@ -0,0 +1,9 @@
+import boto3
+
+def assume_role(role_arn):
+    sts_client = boto3.client("sts")
+    response = sts_client.assume_role(
+        RoleArn=role_arn, RoleSessionName="DevSecOpsTools"
+    )
+    temporal_credentials = response["Credentials"]
+    return temporal_credentials

devsecops_engine_tools/engine_core/src/infrastructure/helpers/util.py

@@ -0,0 +1,15 @@
+from datetime import datetime
+
+
+def format_date(date, to_format, from_format):
+    return datetime.strptime(date, to_format).strftime(from_format)
+
+
+def define_env(variable_env, branch):
+    if variable_env is not None:
+        return variable_env.lower()
+    return (
+        "pdn"
+        if branch in ["trunk", "master"]
+        else "qa" if branch in "release" else "dev"
+    )

devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py

@@ -0,0 +1,30 @@
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.entry_points.entry_point_tool import (
+    init_engine_sast_rm,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import (
+    CheckovTool
+)
+
+
+def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env):
+    try:
+        # Define driven adapters for gateways
+        tool_gateway = None
+        if (tool == "CHECKOV"):
+            tool_gateway = CheckovTool()
+
+        return init_engine_sast_rm(
+            devops_platform_gateway=devops_platform_gateway,
+            tool_gateway=tool_gateway,
+            dict_args=dict_args,
+            secret_tool=secret_tool,
+            tool=tool,
+            env=env,
+        )
+
+    except Exception as e:
+        raise Exception(f"Error engine_iac : {str(e)}")
+
+
+if __name__ == "__main__":
+    runner_engine_iac()