devsecops-engine-tools 1.7.17__py3-none-any.whl → 1.7.18__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +15 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py +0 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py +1 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +39 -46
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py +19 -19
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/RECORD +11 -11
- {devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/top_level.txt +0 -0
|
@@ -28,6 +28,20 @@ from devsecops_engine_tools.version import version
|
|
|
28
28
|
|
|
29
29
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
30
30
|
|
|
31
|
+
def parse_separated_list(value, choices):
|
|
32
|
+
values = value.split(',')
|
|
33
|
+
# Validar cada elemento de la lista
|
|
34
|
+
for val in values:
|
|
35
|
+
if val not in choices:
|
|
36
|
+
raise argparse.ArgumentTypeError(f"Invalid value: {val}. Valid values are: {', '.join(choices)}")
|
|
37
|
+
|
|
38
|
+
return values
|
|
39
|
+
|
|
40
|
+
def parse_choices(choices):
|
|
41
|
+
def parse_with_choices(value):
|
|
42
|
+
return parse_separated_list(value, choices)
|
|
43
|
+
return parse_with_choices
|
|
44
|
+
|
|
31
45
|
def get_inputs_from_cli(args):
|
|
32
46
|
parser = argparse.ArgumentParser()
|
|
33
47
|
parser.add_argument("-v", "--version", action='version', version='{version}'.format(version=version))
|
|
@@ -49,7 +63,7 @@ def get_inputs_from_cli(args):
|
|
|
49
63
|
)
|
|
50
64
|
parser.add_argument("-fp", "--folder_path", type=str, required=False, help="Folder Path to scan, only apply engine_iac tool")
|
|
51
65
|
parser.add_argument("-p",
|
|
52
|
-
"--platform",
|
|
66
|
+
"--platform", type=parse_choices({"all", "docker", "k8s", "cloudformation"}), required=False, default="all" ,help="Platform to scan, only apply engine_iac tool"
|
|
53
67
|
)
|
|
54
68
|
parser.add_argument(
|
|
55
69
|
"--use_secrets_manager",
|
|
@@ -6,7 +6,6 @@ class ConfigTool:
|
|
|
6
6
|
self.version = json_data[tool]["VERSION"]
|
|
7
7
|
self.search_pattern = json_data["SEARCH_PATTERN"]
|
|
8
8
|
self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"]
|
|
9
|
-
self.exclusions_path = json_data["EXCLUSIONS_PATH"]
|
|
10
9
|
self.use_external_checks_git = json_data[tool]["USE_EXTERNAL_CHECKS_GIT"]
|
|
11
10
|
self.external_checks_git = json_data[tool]["EXTERNAL_CHECKS_GIT"]
|
|
12
11
|
self.repository_ssh_host = json_data[tool]["EXTERNAL_GIT_SSH_HOST"]
|
|
@@ -2,5 +2,5 @@ from abc import ABCMeta, abstractmethod
|
|
|
2
2
|
|
|
3
3
|
class ToolGateway(metaclass=ABCMeta):
|
|
4
4
|
@abstractmethod
|
|
5
|
-
def run_tool(self, config_tool, folders_to_scan, environment,
|
|
5
|
+
def run_tool(self, config_tool, folders_to_scan, environment, platform_to_scan, secret_tool):
|
|
6
6
|
"run_tool"
|
|
@@ -38,6 +38,7 @@ class CheckovTool(ToolGateway):
|
|
|
38
38
|
CHECKOV_CONFIG_FILE = "checkov_config.yaml"
|
|
39
39
|
TOOL = "CHECKOV"
|
|
40
40
|
framework_mapping = {"RULES_DOCKER": "dockerfile", "RULES_K8S": "kubernetes", "RULES_CLOUDFORMATION": "cloudformation"}
|
|
41
|
+
framework_external_checks = ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER"]
|
|
41
42
|
|
|
42
43
|
|
|
43
44
|
def create_config_file(self, checkov_config: CheckovConfig):
|
|
@@ -113,58 +114,50 @@ class CheckovTool(ToolGateway):
|
|
|
113
114
|
output = self.execute(checkov_config)
|
|
114
115
|
result.append(json.loads(output))
|
|
115
116
|
queue.put(result)
|
|
116
|
-
|
|
117
|
-
def if_platform(self,value,container_platform):
|
|
118
|
-
if value.get("platform_not_apply"):
|
|
119
|
-
if value.get("platform_not_apply") != container_platform:
|
|
120
|
-
return True
|
|
121
|
-
else:
|
|
122
|
-
return False
|
|
123
|
-
else:
|
|
124
|
-
return True
|
|
125
117
|
|
|
126
118
|
def scan_folders(
|
|
127
|
-
self, folders_to_scan, config_tool: ConfigTool, agent_env, environment,
|
|
119
|
+
self, folders_to_scan, config_tool: ConfigTool, agent_env, environment, platform_to_scan
|
|
128
120
|
):
|
|
129
121
|
output_queue = queue.Queue()
|
|
130
122
|
# Crea una lista para almacenar los hilos
|
|
131
123
|
threads = []
|
|
132
124
|
for folder in folders_to_scan:
|
|
133
125
|
for rule in config_tool.rules_data_type:
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
126
|
+
if "all" in platform_to_scan or any(elem.upper() in rule for elem in platform_to_scan):
|
|
127
|
+
checkov_config = CheckovConfig(
|
|
128
|
+
path_config_file="",
|
|
129
|
+
config_file_name=rule,
|
|
130
|
+
framework=self.framework_mapping[rule],
|
|
131
|
+
checks=[
|
|
132
|
+
key
|
|
133
|
+
for key, value in config_tool.rules_data_type[rule].items()
|
|
134
|
+
if value["environment"].get(environment)
|
|
135
|
+
],
|
|
136
|
+
soft_fail=False,
|
|
137
|
+
directories=folder,
|
|
138
|
+
external_checks_git=[
|
|
139
|
+
f"{config_tool.external_checks_git}/{self.framework_mapping[rule]}"
|
|
140
|
+
]
|
|
141
|
+
if config_tool.use_external_checks_git == "True"
|
|
142
|
+
and agent_env is not None
|
|
143
|
+
and rule in self.framework_external_checks
|
|
144
|
+
else [],
|
|
145
|
+
env=agent_env,
|
|
146
|
+
external_checks_dir=f"/tmp/rules/{self.framework_mapping[rule]}"
|
|
147
|
+
if config_tool.use_external_checks_dir == "True"
|
|
148
|
+
and rule in self.framework_external_checks
|
|
149
|
+
else [],
|
|
150
|
+
)
|
|
151
|
+
|
|
152
|
+
checkov_config.create_config_dict()
|
|
153
|
+
self.create_config_file(checkov_config)
|
|
154
|
+
config_tool.rules_all.update(config_tool.rules_data_type[rule])
|
|
155
|
+
t = threading.Thread(
|
|
156
|
+
target=self.async_scan,
|
|
157
|
+
args=(output_queue, checkov_config),
|
|
158
|
+
)
|
|
159
|
+
t.start()
|
|
160
|
+
threads.append(t)
|
|
168
161
|
# Espera a que todos los hilos terminen
|
|
169
162
|
for t in threads:
|
|
170
163
|
t.join()
|
|
@@ -176,12 +169,12 @@ class CheckovTool(ToolGateway):
|
|
|
176
169
|
return result_scans
|
|
177
170
|
|
|
178
171
|
def run_tool(
|
|
179
|
-
self, config_tool: ConfigTool, folders_to_scan, environment,
|
|
172
|
+
self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool
|
|
180
173
|
):
|
|
181
174
|
agent_env = self.configurate_external_checks(config_tool, secret_tool)
|
|
182
175
|
|
|
183
176
|
result_scans = self.scan_folders(
|
|
184
|
-
folders_to_scan, config_tool, agent_env, environment,
|
|
177
|
+
folders_to_scan, config_tool, agent_env, environment, platform_to_scan
|
|
185
178
|
)
|
|
186
179
|
|
|
187
180
|
checkov_deserealizator = CheckovDeserealizator()
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py
CHANGED
|
@@ -35,27 +35,27 @@ def generate_file_from_tool(tool, result_list, rules_doc):
|
|
|
35
35
|
"checkov_version", None
|
|
36
36
|
)
|
|
37
37
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
38
|
+
file_name = "results.json"
|
|
39
|
+
results_data = {
|
|
40
|
+
"check_type": "Dockerfile, Kubernetes and CloudFormation",
|
|
41
|
+
"results": {
|
|
42
|
+
"failed_checks": all_failed_checks,
|
|
43
|
+
},
|
|
44
|
+
"summary": {
|
|
45
|
+
"passed": summary_passed,
|
|
46
|
+
"failed": summary_failed,
|
|
47
|
+
"skipped": summary_skipped,
|
|
48
|
+
"parsing_errors": summary_parsing_errors,
|
|
49
|
+
"resource_count": summary_resource_count,
|
|
50
|
+
"checkov_version": checkov_version,
|
|
51
|
+
},
|
|
52
|
+
}
|
|
53
53
|
|
|
54
|
-
|
|
55
|
-
|
|
54
|
+
with open(file_name, "w") as json_file:
|
|
55
|
+
json.dump(results_data, json_file, indent=4)
|
|
56
56
|
|
|
57
|
-
|
|
58
|
-
|
|
57
|
+
absolute_path = os.path.abspath(file_name)
|
|
58
|
+
return absolute_path
|
|
59
59
|
except Exception as ex:
|
|
60
60
|
logger.error(f"Error during handling checkov json integrator {ex}")
|
|
61
61
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.7.
|
|
1
|
+
version = '1.7.18'
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=uHp5xMfNM22KDFIlPApHm9JbkzWEjgI-J44tqG0qvgY,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
6
|
-
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=
|
|
6
|
+
devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=17BPgOOIu21bsIsu319Q-7HUMYXjMUtxVf17tPA8BOU,5650
|
|
7
7
|
devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
8
8
|
devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
9
9
|
devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -84,9 +84,9 @@ devsecops_engine_tools/engine_sast/engine_iac/src/deployment/__init__.py,sha256=
|
|
|
84
84
|
devsecops_engine_tools/engine_sast/engine_iac/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
85
85
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
86
86
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
87
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py,sha256=
|
|
87
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py,sha256=NLV61UALqRWJHq4uvxcH4CugtQGMAwCr-RM5UvZuUC8,1243
|
|
88
88
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
89
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py,sha256=
|
|
89
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py,sha256=tqOkmy5fRMvCFjuQUSdGdWd-PrShtJi0YDlAQ8htMzM,216
|
|
90
90
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
91
91
|
devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py,sha256=ijFVq_acgzGJ58p-L9mApn7kmgJKiD8mih99Jncorcc,4995
|
|
92
92
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -94,11 +94,11 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
|
|
|
94
94
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
95
95
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=qbE6wUO5_WFXF_QolL0JYelaRGEOUakPEZR_6HAKzzI,4355
|
|
96
96
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=_TfAN504MBl17VsSMOymCWaAtQUvS1UKKuDwR2tIx3I,1367
|
|
97
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=
|
|
97
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=SrEH7SnPLIMjP4OgSXvuntZJFfttgoTVjaitwLCCGhU,7619
|
|
98
98
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
99
99
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py,sha256=60iaHYZZp5uTngD7a8vsQaQYsTfBzP_kp0xflfPNnk4,305
|
|
100
100
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
101
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py,sha256=
|
|
101
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py,sha256=lim8ARYvVT6a2Affqw4QVxhV_wq3aKiGf-2VUskSXII,3083
|
|
102
102
|
devsecops_engine_tools/engine_sast/engine_secret/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
103
103
|
devsecops_engine_tools/engine_sast/engine_secret/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
104
104
|
devsecops_engine_tools/engine_sast/engine_secret/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -241,8 +241,8 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
|
|
|
241
241
|
devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
|
|
242
242
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=GAslbWaBpwP3mP6fBsgVl07TTBgcCggQTy8h2M9ibeo,612
|
|
243
243
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
|
|
244
|
-
devsecops_engine_tools-1.7.
|
|
245
|
-
devsecops_engine_tools-1.7.
|
|
246
|
-
devsecops_engine_tools-1.7.
|
|
247
|
-
devsecops_engine_tools-1.7.
|
|
248
|
-
devsecops_engine_tools-1.7.
|
|
244
|
+
devsecops_engine_tools-1.7.18.dist-info/METADATA,sha256=rFH9e75HrUpTxJzgK9S2HKeBnDoqZJC5UEmEvSm-VVQ,4840
|
|
245
|
+
devsecops_engine_tools-1.7.18.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
|
|
246
|
+
devsecops_engine_tools-1.7.18.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
|
|
247
|
+
devsecops_engine_tools-1.7.18.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
248
|
+
devsecops_engine_tools-1.7.18.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.7.17.dist-info → devsecops_engine_tools-1.7.18.dist-info}/top_level.txt
RENAMED
|
File without changes
|