devsecops-engine-tools 1.67.0__py3-none-any.whl → 1.68.0__py3-none-any.whl

devsecops_engine_tools/engine_dast/src/domain/model/api_config.py

@@ -1,13 +1,17 @@
-from typing import List
+from typing import List, Optional
 from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import ApiOperation
 
-
 class ApiConfig():
     def __init__(self, api_data: dict):
         try:
             self.target_type: str = "API"
             self.endpoint: str = api_data["endpoint"]
-            self.rate_limit: str = api_data.get("rate_limit")
             self.operations: "List[ApiOperation]" = api_data["operations"]
+            self.concurrency: Optional[int] = None
+            self.rate_limit: Optional[int] = None
+            self.response_size: Optional[int] = None
+            self.bulk_size: Optional[int] = None
+            self.timeout: Optional[int] = None
+
         except KeyError:
             raise KeyError("Missing configuration, validate the endpoint and every single operation")

devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py

@@ -1,8 +1,15 @@
+from typing import Optional
+
 class WaConfig:
     def __init__(self, data: dict, authentication_gateway):
         self.target_type: str = "WA"
         self.url: str = data["endpoint"]
-        self.data: dict = data.wa_data
+        self.data: dict = data["data"]
+        self.concurrency: Optional[int] = None
+        self.rate_limit: Optional[int] = None
+        self.response_size: Optional[int] = None
+        self.bulk_size: Optional[int] = None
+        self.timeout: Optional[int] = None
 
     def authenticate(self):
         self.credentials = self.authentication_gateway.get_credentials()

devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py

@@ -52,6 +52,12 @@ class DastScan:
                 config_tool["SCOPE_PIPELINE"]
             ).get(tool)
 
+        self.data_target.concurrency = config_tool.get(tool, {}).get("CONCURRENCY", 25)
+        self.data_target.rate_limit = config_tool.get(tool, {}).get("RATE_LIMIT", 150)
+        self.data_target.response_size = config_tool.get(tool, {}).get("RESPONSE_SIZE", 1048576)
+        self.data_target.bulk_size = config_tool.get(tool, {}).get("BULK_SIZE", 25)
+        self.data_target.timeout = config_tool.get(tool, {}).get("TIMEOUT", 10)
+
         data_target_config = self.data_target
         return config_tool, data_target_config
 

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py

@@ -9,6 +9,11 @@ class NucleiConfig:
         self.target_type: str = target_config.target_type.lower()
         self.custom_templates_dir: str = ""
         self.output_file: str = "result_dast_scan.json"
+        self.concurrency: int = target_config.concurrency
+        self.rate_limit: int = target_config.rate_limit
+        self.response_size: int = target_config.response_size
+        self.bulk_size: int = target_config.bulk_size
+        self.timeout: int = target_config.timeout
         self.yaml = YAML()
         if self.target_type == "api":
             self.data: List = target_config.operations

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py

@@ -104,11 +104,17 @@ class NucleiTool(ToolGateway):
             + (f" -ud {target_config.custom_templates_dir}" if target_config.custom_templates_dir else "")
             + " -ni "  # disable interactsh server
             + "-dc "  # disable clustering of requests
+            + "-sr " # use system DNS resolving as error fallback
+            + "-or " #  omit request/response pairs in the output
             + "-tags " # Excute only templates with the especified tag
             + target_config.target_type
+            + (f" -c {target_config.concurrency}" if target_config.concurrency else "") # concurrency
+            + (f" -rl {target_config.rate_limit}" if target_config.rate_limit else "") # rate limit
+            + (f" -rss {target_config.response_size}" if target_config.response_size else "") # max response size to save in bytes
+            + (f" -bs {target_config.bulk_size}" if target_config.bulk_size else "") #  max number of hosts to analyze
+            + (f" -timeout {target_config.timeout}" if target_config.timeout else "") # timeout for each request
             + " -je "  # file to export results in JSON format
             + str(target_config.output_file)
-            + " -sr"
         )
 
         if command is not None:

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.67.0'
+version = '1.68.0'

{devsecops_engine_tools-1.67.0.dist-info → devsecops_engine_tools-1.68.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.67.0
+Version: 1.68.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.67.0.dist-info → devsecops_engine_tools-1.68.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=pW6odyAAIXpyZnXF1meTUihP9ukaI7-fCpAVtDCmgrs,19
+devsecops_engine_tools/version.py,sha256=0o3wb8Kq2MOIYEtbiq61QXeABztDVADtQSeuM-aB6Vs,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -62,14 +62,14 @@ devsecops_engine_tools/engine_dast/src/deployment/__init__.py,sha256=47DEQpj8HBS
 devsecops_engine_tools/engine_dast/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_dast/src/domain/model/api_config.py,sha256=9B-pSTT58Bb1ysK6MIOpAxsGrn_AdrevOnQYmsLyNvU,548
+devsecops_engine_tools/engine_dast/src/domain/model/api_config.py,sha256=n2fvXgVlcxhPWNep9f1WM5zw5tP16uS-xb95Pp8pgwk,746
 devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py,sha256=mQbmTlB0UxCJGEmw21Z0c9ObQF72Gl8N1qK21H5H81o,621
-devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py,sha256=DovmiRO9l50P25N91lG3BpSwc6R9OVQIw89Nv1RpXcc,411
+devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py,sha256=d9adxeq-XdZoUDPih6OK557zoFf9CbRdiF8njRddXP0,670
 devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_gateway.py,sha256=JSi2LAK8kPctqPmh3KfxIkXeDY5sSRsXoPWqudlmyYQ,175
 devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py,sha256=F9Xusc7bQo25GpRvCMWPPQ_hlILbGF1yZKMAnm15Axs,255
 devsecops_engine_tools/engine_dast/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py,sha256=LmR00yyC-DmFflBks6bB13nDK6xqMWvYHCtFpsB9Cbo,5125
+devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py,sha256=C-4mj7NWfpOzhnHYiKGP4wbW0onzWc84CqWUQG4ff8Q,5568
 devsecops_engine_tools/engine_dast/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -79,9 +79,9 @@ devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/__init
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py,sha256=p0_rDDjdsyAa_ar-HgZE_SQE-beua0oK3KBnwj8EmPo,1998
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py,sha256=9Yh7lOd6lsHcvl8exgWW7N8qTP55w-Znl0kid7IlKrM,5431
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py,sha256=oGjL0qvu1zVvYjXg3oZMDTSPWshvD0f_kLKCUvs-a94,3449
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py,sha256=am955PLHU8OBEiKwUsv8G_1wWZPFFi61-lRSgX-kAOY,3734
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py,sha256=qqoBMXr350ItzabSU6a_fD2-9kB6pAmtWioFP5AvCIE,1346
-devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py,sha256=Bk2JTwzTqrU9N84C_GTIf2vF_IpxuvLbvaygVIWOXdI,6066
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py,sha256=M26uh6pWrZH54pd6lOsYHhjknqBenCxc7tca67o7HPM,6748
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py,sha256=fdQ6L7uiDsOol9unGL12l0O47LuOVkg5574Li7aqR24,2913
 devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.67.0.dist-info/METADATA,sha256=gpZBzCX2NhRkOb7ZrZBaW5JQzInuDpxkCP-qk8Afk_s,12052
-devsecops_engine_tools-1.67.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.67.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.67.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.67.0.dist-info/RECORD,,
+devsecops_engine_tools-1.68.0.dist-info/METADATA,sha256=X3HjDM30iEAi1VsPdcGZQ35Ro6tiON3J3n0kDgto97c,12052
+devsecops_engine_tools-1.68.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.68.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.68.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.68.0.dist-info/RECORD,,