devsecops-engine-tools 1.61.0__py3-none-any.whl → 1.61.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py +24 -20
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/RECORD +7 -7
- {devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/top_level.txt +0 -0
|
@@ -65,22 +65,23 @@ class TrufflehogRun(ToolGateway):
|
|
|
65
65
|
tool,
|
|
66
66
|
folder_path
|
|
67
67
|
):
|
|
68
|
+
path = agent_work_folder if folder_path is None else folder_path
|
|
68
69
|
trufflehog_command = "trufflehog"
|
|
69
70
|
if "Windows" in agent_os:
|
|
70
71
|
trufflehog_command = f"{agent_temp_dir}/trufflehog.exe"
|
|
71
|
-
with open(f"{
|
|
72
|
+
with open(f"{path}/excludedPath.txt", "w") as file:
|
|
72
73
|
file.write("\n".join(config_tool[tool]["EXCLUDE_PATH"]))
|
|
73
|
-
exclude_path = f"{
|
|
74
|
-
include_paths = self.config_include_path(files_commits,
|
|
74
|
+
exclude_path = f"{path}/excludedPath.txt"
|
|
75
|
+
include_paths = self.config_include_path(files_commits, path, agent_os, folder_path)
|
|
75
76
|
enable_custom_rules = config_tool[tool]["ENABLE_CUSTOM_RULES"]
|
|
76
77
|
if enable_custom_rules:
|
|
77
|
-
Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks,
|
|
78
|
+
Utils().configurate_external_checks(tool, config_tool, secret_tool, secret_external_checks, path)
|
|
78
79
|
|
|
79
80
|
with concurrent.futures.ThreadPoolExecutor(max_workers=config_tool[tool]["NUMBER_THREADS"]) as executor:
|
|
80
81
|
results = executor.map(
|
|
81
82
|
self.run_trufflehog,
|
|
82
83
|
[trufflehog_command] * len(include_paths),
|
|
83
|
-
[
|
|
84
|
+
[path] * len(include_paths),
|
|
84
85
|
[exclude_path] * len(include_paths),
|
|
85
86
|
include_paths,
|
|
86
87
|
[repository_name] * len(include_paths),
|
|
@@ -88,10 +89,10 @@ class TrufflehogRun(ToolGateway):
|
|
|
88
89
|
[agent_os] * len(include_paths),
|
|
89
90
|
[folder_path] * len(include_paths)
|
|
90
91
|
)
|
|
91
|
-
findings, file_findings = self.create_file(self.decode_output(results),
|
|
92
|
+
findings, file_findings = self.create_file(self.decode_output(results), path, config_tool, tool)
|
|
92
93
|
return findings, file_findings
|
|
93
94
|
|
|
94
|
-
def config_include_path(self, files,
|
|
95
|
+
def config_include_path(self, files, path, agent_os, folder_path):
|
|
95
96
|
chunks = []
|
|
96
97
|
if len(files) != 0:
|
|
97
98
|
chunk_size = (len(files) + 3) // 4
|
|
@@ -102,19 +103,22 @@ class TrufflehogRun(ToolGateway):
|
|
|
102
103
|
for i, chunk in enumerate(chunks):
|
|
103
104
|
if not chunk:
|
|
104
105
|
continue
|
|
105
|
-
file_path = f"{
|
|
106
|
+
file_path = f"{path}/includePath{i}.txt"
|
|
106
107
|
include_paths.append(file_path)
|
|
107
108
|
with open(file_path, "w") as file:
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
109
|
+
if folder_path is None:
|
|
110
|
+
for file_pr_path in chunk:
|
|
111
|
+
if "Windows" in agent_os:
|
|
112
|
+
file_pr_path = str(file_pr_path).replace("/","\\\\")
|
|
113
|
+
file.write(f"{file_pr_path.strip()}\n")
|
|
114
|
+
else:
|
|
115
|
+
file.write(".\n")
|
|
112
116
|
return include_paths
|
|
113
117
|
|
|
114
118
|
def run_trufflehog(
|
|
115
119
|
self,
|
|
116
120
|
trufflehog_command,
|
|
117
|
-
|
|
121
|
+
path,
|
|
118
122
|
exclude_path,
|
|
119
123
|
include_path,
|
|
120
124
|
repository_name,
|
|
@@ -122,11 +126,11 @@ class TrufflehogRun(ToolGateway):
|
|
|
122
126
|
agent_os,
|
|
123
127
|
folder_path
|
|
124
128
|
):
|
|
125
|
-
|
|
126
|
-
command = f"{trufflehog_command} filesystem {
|
|
129
|
+
path_folder = folder_path if folder_path is not None else f"{path}/{repository_name}"
|
|
130
|
+
command = f"{trufflehog_command} filesystem {path_folder} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --no-update --json"
|
|
127
131
|
if enable_custom_rules:
|
|
128
|
-
command = command.replace("--no-verification --no-update --json", f"--config {
|
|
129
|
-
f"--config {
|
|
132
|
+
command = command.replace("--no-verification --no-update --json", f"--config {path}//rules//trufflehog//custom-rules.yaml --no-verification --no-update --json" if "Windows" in agent_os else
|
|
133
|
+
f"--config {path}/rules/trufflehog/custom-rules.yaml --no-verification --no-update --json" if "Linux" in agent_os else
|
|
130
134
|
"--no-verification --no-update --json")
|
|
131
135
|
|
|
132
136
|
result = subprocess.run(command, capture_output=True, shell=True, text=True, encoding='utf-8')
|
|
@@ -142,13 +146,13 @@ class TrufflehogRun(ToolGateway):
|
|
|
142
146
|
result.append(json_obj)
|
|
143
147
|
return result
|
|
144
148
|
|
|
145
|
-
def create_file(self, findings,
|
|
146
|
-
file_findings = os.path.join(
|
|
149
|
+
def create_file(self, findings, path, config_tool, tool):
|
|
150
|
+
file_findings = os.path.join(path, "secret_scan_result.json")
|
|
147
151
|
with open(file_findings, "w") as file:
|
|
148
152
|
for find in findings:
|
|
149
153
|
original_where = str(find.get("SourceMetadata").get("Data").get("Filesystem").get("file"))
|
|
150
154
|
original_where = original_where.replace("\\", "/")
|
|
151
|
-
where_text = original_where.replace(
|
|
155
|
+
where_text = original_where.replace(path, "")
|
|
152
156
|
find["SourceMetadata"]["Data"]["Filesystem"]["file"] = where_text
|
|
153
157
|
find["Id"] = "MISCONFIGURATION_SCANNING" if "exposure" in find["Raw"] else "SECRET_SCANNING"
|
|
154
158
|
find["References"] = config_tool[tool]["RULES"][find["Id"]]["References"] if "SECRET_SCANNING" not in find["Id"] else "N.A"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.61.
|
|
1
|
+
version = '1.61.1'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=M7ktlomi-CM1K63hkc3T1QEsOK54pt2anEUe-vEgj_8,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -185,7 +185,7 @@ devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapt
|
|
|
185
185
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py,sha256=tSsX5gtv_EzMYnhTzpRdxXT__eiqWELj1hS61N5t5ek,6006
|
|
186
186
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
187
187
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=mrSqPrkMiikxQ_uY-rF2I8QvicsOMdMBzTC8CTV3Wk8,2392
|
|
188
|
-
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=
|
|
188
|
+
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=icO8so_bB92hilWknivQPt1qi0QHGzZNDBIXMwVfMII,8160
|
|
189
189
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
190
190
|
devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=61OnP4ehmzh-tRbACgZsB4IJi6J6HT9E6KCOcuhvnRw,1185
|
|
191
191
|
devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -351,8 +351,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
351
351
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
352
352
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
353
353
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
354
|
-
devsecops_engine_tools-1.61.
|
|
355
|
-
devsecops_engine_tools-1.61.
|
|
356
|
-
devsecops_engine_tools-1.61.
|
|
357
|
-
devsecops_engine_tools-1.61.
|
|
358
|
-
devsecops_engine_tools-1.61.
|
|
354
|
+
devsecops_engine_tools-1.61.1.dist-info/METADATA,sha256=UAuwH0chYCGCeJo-bRKWcp64vNnJDFvVwRUuZpoAGvk,12005
|
|
355
|
+
devsecops_engine_tools-1.61.1.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
|
|
356
|
+
devsecops_engine_tools-1.61.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
357
|
+
devsecops_engine_tools-1.61.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
358
|
+
devsecops_engine_tools-1.61.1.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.61.0.dist-info → devsecops_engine_tools-1.61.1.dist-info}/top_level.txt
RENAMED
|
File without changes
|