PyPI - devsecops-engine-tools - Versions diffs - 1.7.26__py3-none-any.whl → 1.7.28__py3-none-any.whl - Mend

devsecops-engine-tools 1.7.26py3-none-any.whl → 1.7.28py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (13) hide show

devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py CHANGED Viewed

@@ -66,7 +66,7 @@ def get_inputs_from_cli(args):
     )
     parser.add_argument("-fp", "--folder_path", type=str, required=False, help="Folder Path to scan, only apply engine_iac tool")
     parser.add_argument("-p",
-        "--platform", type=parse_choices({"all", "docker", "k8s", "cloudformation"}), required=False, default="all" ,help="Platform to scan, only apply engine_iac tool"
+        "--platform", type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi"}), required=False, default="all" ,help="Platform to scan, only apply engine_iac tool"
     )
     parser.add_argument(
         "--use_secrets_manager",

devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py CHANGED Viewed

@@ -4,14 +4,23 @@ from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.entry_poin
 from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import (
     CheckovTool
 )
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import (
+    KubescapeTool
+)
 def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env):
     try:
         # Define driven adapters for gateways
         tool_gateway = None
-        if (tool == "CHECKOV"):
-            tool_gateway = CheckovTool()
+        tools = {
+            "CHECKOV": CheckovTool(),
+            "KUBESCAPE": KubescapeTool(),
+        }
+        if tool in tools:
+            tool_gateway = tools[tool]
         return init_engine_sast_rm(
             devops_platform_gateway=devops_platform_gateway,

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py CHANGED Viewed

@@ -37,8 +37,8 @@ logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 class CheckovTool(ToolGateway):
     CHECKOV_CONFIG_FILE = "checkov_config.yaml"
     TOOL = "CHECKOV"
-    framework_mapping = {"RULES_DOCKER": "dockerfile", "RULES_K8S": "kubernetes", "RULES_CLOUDFORMATION": "cloudformation"}
-    framework_external_checks = ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER"]
+    framework_mapping = {"RULES_DOCKER": "dockerfile", "RULES_K8S": "kubernetes", "RULES_CLOUDFORMATION": "cloudformation", "RULES_OPENAPI": "openapi"}
+    framework_external_checks = ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER", "RULES_OPENAPI"]
     def create_config_file(self, checkov_config: CheckovConfig):

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py ADDED Viewed

File without changes

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py ADDED Viewed

@@ -0,0 +1,75 @@
+from devsecops_engine_tools.engine_core.src.domain.model.finding import (
+    Category,
+    Finding,
+)
+from datetime import datetime
+from dataclasses import dataclass
+@dataclass
+class KubescapeDeserealizator:
+    def get_list_finding(self, results_scan_list: list) -> "list[Finding]":
+        list_open_findings = []
+        for result in results_scan_list:
+            finding_open = Finding(
+                id=result.get("id"),
+                cvss=None,
+                where=result.get("where"),
+                description=result.get("description"),
+                severity=result.get("severity").lower(),
+                identification_date=datetime.now().strftime("%d%m%Y"),
+                published_date_cve=None,
+                module="engine_iac",
+                category=Category.VULNERABILITY,
+                requirements=None,
+                tool="kubescape"
+            )
+            list_open_findings.append(finding_open)
+        return list_open_findings
+    def extract_failed_controls(self, data):
+        result_extracted_data = []
+        results = data.get("results", [])
+        resources = {resource.get("resourceID"): resource for resource in data.get("resources", [])}
+        frameworks = data.get("summaryDetails", {}).get("frameworks", [])
+        for result in results:
+            resource_id = result.get("resourceID")
+            controls = result.get("controls", [])
+            for control in controls:
+                if control.get("status", {}).get("status") == "failed":
+                    control_id = control.get("controlID")
+                    name = control.get("name")
+                    resource = resources.get(resource_id)
+                    if resource:
+                        relative_path = resource.get("source", {}).get("path", "").replace("\\", "/")
+                        severity_score = self.get_severity_score(frameworks, control_id)
+                        result_extracted_data.append({
+                            "id": control_id,
+                            "description": name,
+                            "where": relative_path,
+                            "severity": severity_score
+                        })
+        return result_extracted_data
+    def get_severity_score(self, frameworks, control_id):
+        classifications = {
+            (0.0, 0.0): "none",
+            (0.1, 3.9): "low",
+            (4.0, 6.9): "medium",
+            (7.0, 8.9): "high",
+            (9.0, 10.0): "critical"
+        }
+        for framework in frameworks:
+            control_object = framework.get("controls", {}).get(control_id, {})
+            if control_object:
+                for range_tuple, classification in classifications.items():
+                    if range_tuple[0] <= control_object.get("scoreFactor", 0.0) <= range_tuple[1]:
+                        return classification
+        return None

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py ADDED Viewed

@@ -0,0 +1,123 @@
+import json
+import subprocess
+import platform
+import requests
+import distro
+import os
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
+    ToolGateway,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import (
+    ConfigTool,
+)
+from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import (
+    KubescapeDeserealizator,
+)
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+class KubescapeTool(ToolGateway):
+    def download_tool(self, file, url):
+        try:
+            response = requests.get(url, allow_redirects=True)
+            with open(file, "wb") as binary_file:
+                binary_file.write(response.content)
+        except Exception as e:
+            logger.error(f"Error downloading Kubescape: {e}")
+    def install_tool(self, file, url):
+        installed = subprocess.run(
+            ["which", f"./{file}"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+        )
+        if installed.returncode == 1:
+            try:
+                self.download_tool(file, url)
+                subprocess.run(["chmod", "+x", f"./{file}"])
+            except Exception as e:
+                logger.error(f"Error installing Kubescape: {e}")
+    def install_tool_windows(self, file, url):
+        try:
+            subprocess.run(
+                [f"./{file}", "version"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+        except:
+            try:
+                self.download_tool(file, url)
+            except Exception as e:
+                logger.error(f"Error installing Kubescape: {e}")
+    def execute_kubescape(self, folders_to_scan, prefix):
+        command = [prefix, "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output",
+                                                        "results_kubescape.json", "-v"]
+        try:
+            subprocess.run(command, capture_output=True)
+        except subprocess.CalledProcessError as e:
+            logger.error(f"Error during Kubescape execution: {e}")
+    def load_json(self, json_name):
+        try:
+            with open(json_name) as file:
+                return json.load(file)
+        except FileNotFoundError:
+            logger.error(f"The file {json_name} does not exist.")
+        except json.JSONDecodeError:
+            logger.error("The JSON result is empty.")
+        return None
+    def select_operative_system(self, os_platform, folders_to_scan, base_url):
+        if os_platform == "Linux":
+            distro_name = distro.name()
+            if distro_name == "Ubuntu":
+                file = "kubescape-ubuntu-latest"
+                self.install_tool(file, base_url + file)
+                command_prefix = f"./{file}"
+            else:
+                logger.warning(f"{distro_name} is not supported.")
+                return None
+        elif os_platform == "Windows":
+            file = "kubescape-windows-latest.exe"
+            self.install_tool_windows(file, base_url + file)
+            command_prefix = f"./{file}"
+        elif os_platform == "Darwin":
+            file = "kubescape-macos-latest"
+            self.install_tool(file, base_url + file)
+            command_prefix = f"./{file}"
+        else:
+            logger.warning(f"{os_platform} is not supported.")
+            return [], None
+        self.execute_kubescape(folders_to_scan, command_prefix)
+    def run_tool(self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool):
+        if folders_to_scan and "k8s" in platform_to_scan:
+            kubescape_version = config_tool.version
+            os_platform = platform.system()
+            base_url = f"https://github.com/kubescape/kubescape/releases/download/v{kubescape_version}/"
+            self.select_operative_system(os_platform, folders_to_scan, base_url)
+            json_name = "results_kubescape.json"
+            data = self.load_json(json_name)
+            if not data:
+                return [], None
+            else:
+                kubescape_deserealizator = KubescapeDeserealizator()
+                result_extracted_data = kubescape_deserealizator.extract_failed_controls(data)
+                finding_list = kubescape_deserealizator.get_list_finding(result_extracted_data)
+                path_results = os.path.abspath(json_name)
+            return finding_list, path_results
+        else:
+            return [], None

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py CHANGED Viewed

@@ -71,4 +71,4 @@ def update_fields(check_result, rules_doc):
     if "category" in rule_info:
         check_result["bc_category"] = rule_info["category"]
-    return check_result
+    return check_result

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.7.26'
1	+ version = '1.7.28'

{devsecops_engine_tools-1.7.26.dist-info → devsecops_engine_tools-1.7.28.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.7.26
+Version: 1.7.28
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.7.26.dist-info → devsecops_engine_tools-1.7.28.dist-info}/RECORD RENAMED Viewed

@@ -1,9 +1,9 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=ntcVIGU3rTaTr7jBva_BCEg_M16GEcRd0AGKfA-k8Ew,19
+devsecops_engine_tools/version.py,sha256=Q3PJdDdf_B2gJ6IaUQN395iTa-ObROrwbBzv1uMvPfQ,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=4eJwsuSRAD3psUBvWZVWu9XR9rwvagFs6FqnKFz0eEU,5965
+devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py,sha256=qvpDSHuuTamuD_NOgDxyVJjhPRMzpbtp516NF7_-26w,5976
 devsecops_engine_tools/engine_core/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -81,7 +81,7 @@ devsecops_engine_tools/engine_sast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQe
 devsecops_engine_tools/engine_sast/engine_iac/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py,sha256=WDHRpcbF80gv6Rv4U0l0HtM85_H4WrY-YCW6JfpuRPo,909
+devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py,sha256=6iHwgOQLu3rXyyQrlt7gxAsfOlLwupvyum7ejziX-dg,1151
 devsecops_engine_tools/engine_sast/engine_iac/src/deployment/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/deployment/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/domain/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -96,11 +96,14 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_config.py,sha256=qbE6wUO5_WFXF_QolL0JYelaRGEOUakPEZR_6HAKzzI,4355
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=gBwnQ20QExHTrN1nvErUUqb_IMHvYKJijqc55XwZHQk,1404
-devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=SrEH7SnPLIMjP4OgSXvuntZJFfttgoTVjaitwLCCGhU,7619
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=ddPjhbOe2w-kQmiBLP6udBPmXZhVZqQLwOEdgvt1r1s,7664
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=i-hKFmR-OriwiiBg-3E3RKc7hjI1E8jv8Z7dQ8_Q0qE,2885
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=wcornvTaU5o2MtZj_KkgWvNABW2rCd08sZkaMbbZoTI,4707
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/entry_points/entry_point_tool.py,sha256=60iaHYZZp5uTngD7a8vsQaQYsTfBzP_kp0xflfPNnk4,305
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py,sha256=lim8ARYvVT6a2Affqw4QVxhV_wq3aKiGf-2VUskSXII,3083
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py,sha256=stC0z4e20DGRAjKMp7q7cYSYkEXssvnSeGEB0xhbXSo,3084
 devsecops_engine_tools/engine_sast/engine_secret/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -244,8 +247,8 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
 devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=GAslbWaBpwP3mP6fBsgVl07TTBgcCggQTy8h2M9ibeo,612
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
-devsecops_engine_tools-1.7.26.dist-info/METADATA,sha256=gy3XB7jW9FcTnhy_76T90F0YWhGfHoB26UJi2sHhf8Y,4881
-devsecops_engine_tools-1.7.26.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-devsecops_engine_tools-1.7.26.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
-devsecops_engine_tools-1.7.26.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.7.26.dist-info/RECORD,,
+devsecops_engine_tools-1.7.28.dist-info/METADATA,sha256=Kb4NxYtrqyX7L5poctyomqPCKEj_Ahri9PdWg2R3XVM,4881
+devsecops_engine_tools-1.7.28.dist-info/WHEEL,sha256=y4mX-SOX4fYIkonsAGA5N0Oy-8_gI4FXw5HNI1xqvWg,91
+devsecops_engine_tools-1.7.28.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
+devsecops_engine_tools-1.7.28.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.7.28.dist-info/RECORD,,

{devsecops_engine_tools-1.7.26.dist-info → devsecops_engine_tools-1.7.28.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.43.0)
+Generator: setuptools (70.2.0)
 Root-Is-Purelib: true
 Tag: py3-none-any

{devsecops_engine_tools-1.7.26.dist-info → devsecops_engine_tools-1.7.28.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.7.26.dist-info → devsecops_engine_tools-1.7.28.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.7.26__py3-none-any.whl → 1.7.28__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.7.26py3-none-any.whl → 1.7.28py3-none-any.whl