devsecops-engine-tools 1.67.0__py3-none-any.whl → 1.69.0__py3-none-any.whl

devsecops_engine_tools/engine_dast/src/domain/model/api_config.py

@@ -1,13 +1,17 @@
-from typing import List
+from typing import List, Optional
 from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import ApiOperation
 
-
 class ApiConfig():
     def __init__(self, api_data: dict):
         try:
             self.target_type: str = "API"
             self.endpoint: str = api_data["endpoint"]
-            self.rate_limit: str = api_data.get("rate_limit")
             self.operations: "List[ApiOperation]" = api_data["operations"]
+            self.concurrency: Optional[int] = None
+            self.rate_limit: Optional[int] = api_data.get("rate_limit", 150)
+            self.response_size: Optional[int] = None
+            self.bulk_size: Optional[int] = None
+            self.timeout: Optional[int] = None
+
         except KeyError:
             raise KeyError("Missing configuration, validate the endpoint and every single operation")

devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py

@@ -1,8 +1,15 @@
+from typing import Optional
+
 class WaConfig:
     def __init__(self, data: dict, authentication_gateway):
         self.target_type: str = "WA"
         self.url: str = data["endpoint"]
-        self.data: dict = data.wa_data
+        self.data: dict = data["data"]
+        self.concurrency: Optional[int] = None
+        self.rate_limit: Optional[int] = data.get("rate_limit", 150)
+        self.response_size: Optional[int] = None
+        self.bulk_size: Optional[int] = None
+        self.timeout: Optional[int] = None
 
     def authenticate(self):
         self.credentials = self.authentication_gateway.get_credentials()

devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py

@@ -52,6 +52,11 @@ class DastScan:
                 config_tool["SCOPE_PIPELINE"]
             ).get(tool)
 
+        self.data_target.concurrency = config_tool.get(tool, {}).get("CONCURRENCY", 25)
+        self.data_target.response_size = config_tool.get(tool, {}).get("RESPONSE_SIZE", 1048576)
+        self.data_target.bulk_size = config_tool.get(tool, {}).get("BULK_SIZE", 25)
+        self.data_target.timeout = config_tool.get(tool, {}).get("TIMEOUT", 10)
+
         data_target_config = self.data_target
         return config_tool, data_target_config
 

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py

@@ -9,6 +9,11 @@ class NucleiConfig:
         self.target_type: str = target_config.target_type.lower()
         self.custom_templates_dir: str = ""
         self.output_file: str = "result_dast_scan.json"
+        self.concurrency: int = target_config.concurrency
+        self.rate_limit: int = target_config.rate_limit
+        self.response_size: int = target_config.response_size
+        self.bulk_size: int = target_config.bulk_size
+        self.timeout: int = target_config.timeout
         self.yaml = YAML()
         if self.target_type == "api":
             self.data: List = target_config.operations

devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py

@@ -31,7 +31,7 @@ class NucleiTool(ToolGateway):
         self.data_config_cli = data_config_cli
         self.TOOL: str = "NUCLEI"
 
-    def download_tool(self, version):
+    def download_tool(self, version, binary_path):
         try:
             base_url = f"https://github.com/projectdiscovery/nuclei/releases/download/v{version}/"
             os_type = platform.system().lower()
@@ -49,35 +49,33 @@ class NucleiTool(ToolGateway):
             if response.status_code != 200:
                 raise Exception(f"Error [102]: Failed to download Nuclei version {version}. HTTP status code: {response.status_code}")
 
-            home_directory = os.path.expanduser("~")
-            zip_name = os.path.join(home_directory, file_name)
+            zip_name = os.path.join(binary_path, file_name)
             with open(zip_name, "wb") as f:
                 f.write(response.content)
 
-            Utils().unzip_file(zip_name, home_directory)
+            Utils().unzip_file(zip_name, binary_path)
             return 0
         except Exception as e:
             logger.error(f"Error [103]: An exception occurred during download: {e}")
             return e
 
-    def install_tool(self, version):
+    def install_tool(self, version, binary_path):
         try:
             nuclei_path = shutil.which("nuclei")
 
             if not nuclei_path:
-                download_result = self.download_tool(version)
+                download_result = self.download_tool(version, binary_path)
                 if download_result != 0:
                     raise Exception(f"Error [104]: Download failed with error: {download_result}")
 
             os_type = platform.system().lower()
-            home_directory = os.path.expanduser("~")
 
             if nuclei_path:
                 executable_path = nuclei_path
             elif os_type == "windows":
-                executable_path = os.path.join(home_directory, "nuclei.exe")
+                executable_path = os.path.join(binary_path, "nuclei.exe")
             else:
-                executable_path = os.path.join(home_directory, "nuclei")
+                executable_path = os.path.join(binary_path, "nuclei")
 
             if os_type == "darwin" or os_type == "linux":
                 subprocess.run(["chmod", "+x", executable_path], check=True)
@@ -104,11 +102,17 @@ class NucleiTool(ToolGateway):
             + (f" -ud {target_config.custom_templates_dir}" if target_config.custom_templates_dir else "")
             + " -ni "  # disable interactsh server
             + "-dc "  # disable clustering of requests
+            + "-sr " # use system DNS resolving as error fallback
+            + "-or " #  omit request/response pairs in the output
             + "-tags " # Excute only templates with the especified tag
             + target_config.target_type
+            + (f" -c {target_config.concurrency}" if target_config.concurrency else "") # concurrency
+            + (f" -rl {target_config.rate_limit}" if target_config.rate_limit else "") # rate limit
+            + (f" -rss {target_config.response_size}" if target_config.response_size else "") # max response size to save in bytes
+            + (f" -bs {target_config.bulk_size}" if target_config.bulk_size else "") #  max number of hosts to analyze
+            + (f" -timeout {target_config.timeout}" if target_config.timeout else "") # timeout for each request
             + " -je "  # file to export results in JSON format
             + str(target_config.output_file)
-            + " -sr"
         )
 
         if command is not None:
@@ -131,7 +135,11 @@ class NucleiTool(ToolGateway):
         secret_external_checks,
         agent_work_folder
     ):
-        result_install = self.install_tool(config_tool[self.TOOL]["VERSION"])
+        binary_path = agent_work_folder
+        if config_tool[self.TOOL].get("BINARY_PATH"):
+            binary_path = config_tool[self.TOOL]["BINARY_PATH"]
+
+        result_install = self.install_tool(config_tool[self.TOOL]["VERSION"], binary_path)
         if result_install["status"] < 200:
             return [], None
         

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.67.0'
+version = '1.69.0'

{devsecops_engine_tools-1.67.0.dist-info → devsecops_engine_tools-1.69.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.67.0
+Version: 1.69.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.67.0.dist-info → devsecops_engine_tools-1.69.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=pW6odyAAIXpyZnXF1meTUihP9ukaI7-fCpAVtDCmgrs,19
+devsecops_engine_tools/version.py,sha256=KQLoZcx51jQLw6biD8z2jpnV4STvMNzfe61Xm7v00g4,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -62,14 +62,14 @@ devsecops_engine_tools/engine_dast/src/deployment/__init__.py,sha256=47DEQpj8HBS
 devsecops_engine_tools/engine_dast/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_dast/src/domain/model/api_config.py,sha256=9B-pSTT58Bb1ysK6MIOpAxsGrn_AdrevOnQYmsLyNvU,548
+devsecops_engine_tools/engine_dast/src/domain/model/api_config.py,sha256=36zOqCRbY-YD-eOmG5SMbIeHAS46A1_l0HCmRGR_hwA,773
 devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py,sha256=mQbmTlB0UxCJGEmw21Z0c9ObQF72Gl8N1qK21H5H81o,621
-devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py,sha256=DovmiRO9l50P25N91lG3BpSwc6R9OVQIw89Nv1RpXcc,411
+devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py,sha256=KnJ43dxJH5dzLS5SgqybPCnrCqplHblmQ9tEv7pr1_E,693
 devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_gateway.py,sha256=JSi2LAK8kPctqPmh3KfxIkXeDY5sSRsXoPWqudlmyYQ,175
 devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py,sha256=F9Xusc7bQo25GpRvCMWPPQ_hlILbGF1yZKMAnm15Axs,255
 devsecops_engine_tools/engine_dast/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py,sha256=LmR00yyC-DmFflBks6bB13nDK6xqMWvYHCtFpsB9Cbo,5125
+devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py,sha256=iIQToOk38dbF04gZ6XvJk7A2sdpN3iOQ13VYLHO0ci8,5480
 devsecops_engine_tools/engine_dast/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -79,9 +79,9 @@ devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/__init
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py,sha256=p0_rDDjdsyAa_ar-HgZE_SQE-beua0oK3KBnwj8EmPo,1998
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py,sha256=9Yh7lOd6lsHcvl8exgWW7N8qTP55w-Znl0kid7IlKrM,5431
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py,sha256=oGjL0qvu1zVvYjXg3oZMDTSPWshvD0f_kLKCUvs-a94,3449
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py,sha256=am955PLHU8OBEiKwUsv8G_1wWZPFFi61-lRSgX-kAOY,3734
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py,sha256=qqoBMXr350ItzabSU6a_fD2-9kB6pAmtWioFP5AvCIE,1346
-devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py,sha256=Bk2JTwzTqrU9N84C_GTIf2vF_IpxuvLbvaygVIWOXdI,6066
+devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py,sha256=KQKEq06izKut2VMhD9nfc-CFPdvT8wOcar3COB7x6ZA,6843
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py,sha256=fdQ6L7uiDsOol9unGL12l0O47LuOVkg5574Li7aqR24,2913
 devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.67.0.dist-info/METADATA,sha256=gpZBzCX2NhRkOb7ZrZBaW5JQzInuDpxkCP-qk8Afk_s,12052
-devsecops_engine_tools-1.67.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.67.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.67.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.67.0.dist-info/RECORD,,
+devsecops_engine_tools-1.69.0.dist-info/METADATA,sha256=tea62eR8HLKZUGinRmojgCOjREwyuZXfYtVWrQFqkAs,12052
+devsecops_engine_tools-1.69.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.69.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.69.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.69.0.dist-info/RECORD,,