devsecops-engine-tools 1.60.1__py3-none-any.whl → 1.61.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +34 -22
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py +24 -20
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/RECORD +8 -8
- {devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/top_level.txt +0 -0
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py
CHANGED
|
@@ -134,15 +134,15 @@ class KicsTool(ToolGateway):
|
|
|
134
134
|
if f"RULES_{platform}" not in config_tool[self.TOOL_KICS]["RULES"]:
|
|
135
135
|
logger.error(f"Platform {platform} not found in RULES")
|
|
136
136
|
queries = [
|
|
137
|
-
{key: value["checkID"]
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
]
|
|
137
|
+
{key: [value["checkID"], value["overrideID"]],
|
|
138
|
+
"severity": value["severity"]}
|
|
139
|
+
for key, value in config_tool[self.TOOL_KICS]["RULES"][f"RULES_{platform}"].items()
|
|
140
|
+
]
|
|
142
141
|
return queries
|
|
143
142
|
except Exception as e:
|
|
144
143
|
logger.error(f"Error writing queries file: {e}")
|
|
145
144
|
|
|
145
|
+
|
|
146
146
|
def _execute_kics(
|
|
147
147
|
self,
|
|
148
148
|
folders_to_scan,
|
|
@@ -152,13 +152,14 @@ class KicsTool(ToolGateway):
|
|
|
152
152
|
os_platform,
|
|
153
153
|
queries,
|
|
154
154
|
):
|
|
155
|
-
folders =
|
|
156
|
-
queries =
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
155
|
+
folders = ','.join(folders_to_scan)
|
|
156
|
+
queries = ','.join(
|
|
157
|
+
uuid for query in queries for uuid in list(query.values())[0]
|
|
158
|
+
) if queries else ""
|
|
159
|
+
mapped_platforms = [
|
|
160
|
+
self.scan_type_platform_mapping.get(platform.lower(), platform)
|
|
161
|
+
for platform in platform_to_scan ] if platform_to_scan != ["all"] else list(self.scan_type_platform_mapping.values())
|
|
162
|
+
platforms = ','.join(mapped_platforms)
|
|
162
163
|
|
|
163
164
|
command = [
|
|
164
165
|
prefix,
|
|
@@ -184,22 +185,33 @@ class KicsTool(ToolGateway):
|
|
|
184
185
|
subprocess.run(command, capture_output=True)
|
|
185
186
|
except subprocess.CalledProcessError as e:
|
|
186
187
|
logger.error(f"Error during KICS execution: {e}")
|
|
187
|
-
|
|
188
|
+
return []
|
|
189
|
+
|
|
188
190
|
def _load_results(self, work_folder, queries):
|
|
189
191
|
try:
|
|
190
192
|
results_path = os.path.join(work_folder, "results.json")
|
|
191
193
|
with open(results_path, "r") as f:
|
|
192
194
|
data = json.load(f)
|
|
193
195
|
|
|
196
|
+
query_id_to_info = {}
|
|
197
|
+
for query in queries:
|
|
198
|
+
severity = query.get("severity")
|
|
199
|
+
for custom_id, ids in query.items():
|
|
200
|
+
if custom_id == "severity":
|
|
201
|
+
continue
|
|
202
|
+
for query_id in ids:
|
|
203
|
+
if query_id != "":
|
|
204
|
+
query_id_to_info[query_id] = {
|
|
205
|
+
"severity": severity,
|
|
206
|
+
"custom_id": custom_id
|
|
207
|
+
}
|
|
208
|
+
|
|
194
209
|
for finding in data.get("queries", []):
|
|
195
|
-
|
|
196
|
-
if
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
for key, value in query.items()
|
|
201
|
-
if value == finding.get("query_id")
|
|
202
|
-
)
|
|
210
|
+
query_id = finding.get("query_id")
|
|
211
|
+
if query_id in query_id_to_info:
|
|
212
|
+
info = query_id_to_info[query_id]
|
|
213
|
+
finding["severity"] = info["severity"].upper()
|
|
214
|
+
finding["custom_id"] = info["custom_id"]
|
|
203
215
|
|
|
204
216
|
with open(results_path, "w") as f:
|
|
205
217
|
json.dump(data, f, indent=4)
|
|
@@ -207,4 +219,4 @@ class KicsTool(ToolGateway):
|
|
|
207
219
|
return data
|
|
208
220
|
except Exception as ex:
|
|
209
221
|
logger.error(f"An error occurred loading or modifying KICS results {ex}")
|
|
210
|
-
return None
|
|
222
|
+
return None
|
|
@@ -65,22 +65,23 @@ class TrufflehogRun(ToolGateway):
|
|
|
65
65
|
tool,
|
|
66
66
|
folder_path
|
|
67
67
|
):
|
|
68
|
+
path = agent_work_folder if folder_path is None else folder_path
|
|
68
69
|
trufflehog_command = "trufflehog"
|
|
69
70
|
if "Windows" in agent_os:
|
|
70
71
|
trufflehog_command = f"{agent_temp_dir}/trufflehog.exe"
|
|
71
|
-
with open(f"{
|
|
72
|
+
with open(f"{path}/excludedPath.txt", "w") as file:
|
|
72
73
|
file.write("\n".join(config_tool[tool]["EXCLUDE_PATH"]))
|
|
73
|
-
exclude_path = f"{
|
|
74
|
-
include_paths = self.config_include_path(files_commits,
|
|
74
|
+
exclude_path = f"{path}/excludedPath.txt"
|
|
75
|
+
include_paths = self.config_include_path(files_commits, path, agent_os, folder_path)
|
|
75
76
|
enable_custom_rules = config_tool[tool]["ENABLE_CUSTOM_RULES"]
|
|
76
77
|
if enable_custom_rules:
|
|
77
|
-
Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks,
|
|
78
|
+
Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks, path)
|
|
78
79
|
|
|
79
80
|
with concurrent.futures.ThreadPoolExecutor(max_workers=config_tool[tool]["NUMBER_THREADS"]) as executor:
|
|
80
81
|
results = executor.map(
|
|
81
82
|
self.run_trufflehog,
|
|
82
83
|
[trufflehog_command] * len(include_paths),
|
|
83
|
-
[
|
|
84
|
+
[path] * len(include_paths),
|
|
84
85
|
[exclude_path] * len(include_paths),
|
|
85
86
|
include_paths,
|
|
86
87
|
[repository_name] * len(include_paths),
|
|
@@ -88,10 +89,10 @@ class TrufflehogRun(ToolGateway):
|
|
|
88
89
|
[agent_os] * len(include_paths),
|
|
89
90
|
[folder_path] * len(include_paths)
|
|
90
91
|
)
|
|
91
|
-
findings, file_findings = self.create_file(self.decode_output(results),
|
|
92
|
+
findings, file_findings = self.create_file(self.decode_output(results), path, config_tool, tool)
|
|
92
93
|
return findings, file_findings
|
|
93
94
|
|
|
94
|
-
def config_include_path(self, files,
|
|
95
|
+
def config_include_path(self, files, path, agent_os, folder_path):
|
|
95
96
|
chunks = []
|
|
96
97
|
if len(files) != 0:
|
|
97
98
|
chunk_size = (len(files) + 3) // 4
|
|
@@ -102,19 +103,22 @@ class TrufflehogRun(ToolGateway):
|
|
|
102
103
|
for i, chunk in enumerate(chunks):
|
|
103
104
|
if not chunk:
|
|
104
105
|
continue
|
|
105
|
-
file_path = f"{
|
|
106
|
+
file_path = f"{path}/includePath{i}.txt"
|
|
106
107
|
include_paths.append(file_path)
|
|
107
108
|
with open(file_path, "w") as file:
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
109
|
+
if folder_path is None:
|
|
110
|
+
for file_pr_path in chunk:
|
|
111
|
+
if "Windows" in agent_os:
|
|
112
|
+
file_pr_path = str(file_pr_path).replace("/","\\\\")
|
|
113
|
+
file.write(f"{file_pr_path.strip()}\n")
|
|
114
|
+
else:
|
|
115
|
+
file.write(".\n")
|
|
112
116
|
return include_paths
|
|
113
117
|
|
|
114
118
|
def run_trufflehog(
|
|
115
119
|
self,
|
|
116
120
|
trufflehog_command,
|
|
117
|
-
|
|
121
|
+
path,
|
|
118
122
|
exclude_path,
|
|
119
123
|
include_path,
|
|
120
124
|
repository_name,
|
|
@@ -122,11 +126,11 @@ class TrufflehogRun(ToolGateway):
|
|
|
122
126
|
agent_os,
|
|
123
127
|
folder_path
|
|
124
128
|
):
|
|
125
|
-
|
|
126
|
-
command = f"{trufflehog_command} filesystem {
|
|
129
|
+
path_folder = folder_path if folder_path is not None else f"{path}/{repository_name}"
|
|
130
|
+
command = f"{trufflehog_command} filesystem {path_folder} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
|
|
127
131
|
if enable_custom_rules:
|
|
128
|
-
command = command.replace("--no-verification --no-update --json", f"--config {
|
|
129
|
-
f"--config {
|
|
132
|
+
command = command.replace("--no-verification --no-update --json", f"--config {path}//rules//trufflehog//custom-rules.yaml --no-verification --no-update --json" if "Windows" in agent_os else
|
|
133
|
+
f"--config {path}/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json" if "Linux" in agent_os else
|
|
130
134
|
"--no-verification --no-update --json")
|
|
131
135
|
|
|
132
136
|
result = subprocess.run(command, capture_output=True, shell=True, text=True, encoding='utf-8')
|
|
@@ -142,13 +146,13 @@ class TrufflehogRun(ToolGateway):
|
|
|
142
146
|
result.append(json_obj)
|
|
143
147
|
return result
|
|
144
148
|
|
|
145
|
-
def create_file(self, findings,
|
|
146
|
-
file_findings = os.path.join(
|
|
149
|
+
def create_file(self, findings, path, config_tool, tool):
|
|
150
|
+
file_findings = os.path.join(path, "secret_scan_result.json")
|
|
147
151
|
with open(file_findings, "w") as file:
|
|
148
152
|
for find in findings:
|
|
149
153
|
original_where = str(find.get("SourceMetadata").get("Data").get("Filesystem").get("file"))
|
|
150
154
|
original_where = original_where.replace("\\", "/")
|
|
151
|
-
where_text = original_where.replace(
|
|
155
|
+
where_text = original_where.replace(path, "")
|
|
152
156
|
find["SourceMetadata"]["Data"]["Filesystem"]["file"] = where_text
|
|
153
157
|
find["Id"] = "MISCONFIGURATION_SCANNING" if "exposure" in find["Raw"] else "SECRET_SCANNING"
|
|
154
158
|
find["References"] = config_tool[tool]["RULES"][find["Id"]]["References"] if "SECRET_SCANNING" not in find["Id"] else "N.A"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.61.1'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=M7ktlomi-CM1K63hkc3T1QEsOK54pt2anEUe-vEgj_8,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -156,7 +156,7 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
|
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=JP_NZfnddbGYRyiLGCpQ8kNI0t7v1TNxt7sp6jBG98w,15183
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
158
158
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=tZq3jutZL2M9XIxm5K_xd3mWwTCMVmHQPFNvrslCqCM,2092
|
|
159
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=
|
|
159
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=XFixGb1AAvcBQIJkB5E5j59bMbevkNsv7oN9skETBss,7961
|
|
160
160
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
161
161
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=bGOGmsIpJcQzTMxptJPwZCA9_2Woaua3pXmMs4kTnX8,2893
|
|
162
162
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=1CpaqzDaXinPxM1lSceoaBpccJ3feHwkIdYe3SQjero,4870
|
|
@@ -185,7 +185,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapt
|
|
|
185
185
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py,sha256=tSsX5gtv_EzMYnhTzpRdxXT__eiqWELj1hS61N5t5ek,6006
|
|
186
186
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
187
187
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
|
|
188
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=
|
|
188
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=icO8so_bB92hilWknivQPt1qi0QHGzZNDBIXMwVfMII,8160
|
|
189
189
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
190
190
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=61OnP4ehmzh-tRbACgZsB4IJi6J6HT9E6KCOcuhvnRw,1185
|
|
191
191
|
devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -351,8 +351,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
351
351
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
352
352
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
353
353
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
354
|
-
devsecops_engine_tools-1.
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
357
|
-
devsecops_engine_tools-1.
|
|
358
|
-
devsecops_engine_tools-1.
|
|
354
|
+
devsecops_engine_tools-1.61.1.dist-info/METADATA,sha256=UAuwH0chYCGCeJo-bRKWcp64vNnJDFvVwRUuZpoAGvk,12005
|
|
355
|
+
devsecops_engine_tools-1.61.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
356
|
+
devsecops_engine_tools-1.61.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
357
|
+
devsecops_engine_tools-1.61.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
358
|
+
devsecops_engine_tools-1.61.1.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.60.1.dist-info → devsecops_engine_tools-1.61.1.dist-info}/top_level.txt
RENAMED
|
File without changes
|