devsecops-engine-tools 1.76.0__py3-none-any.whl → 1.78.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py +2 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +70 -31
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/RECORD +8 -8
- {devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/top_level.txt +0 -0
|
@@ -53,5 +53,6 @@ class KicsDeserealizator:
|
|
|
53
53
|
high = severity_counters.get("HIGH", 0)
|
|
54
54
|
medium = severity_counters.get("MEDIUM", 0)
|
|
55
55
|
low = severity_counters.get("LOW", 0)
|
|
56
|
+
info = severity_counters.get("INFO", 0)
|
|
56
57
|
|
|
57
|
-
return critical + high + medium + low
|
|
58
|
+
return critical + high + medium + low + info
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py
CHANGED
|
@@ -3,6 +3,8 @@ import json
|
|
|
3
3
|
import platform
|
|
4
4
|
import requests
|
|
5
5
|
import os
|
|
6
|
+
import shutil
|
|
7
|
+
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.context_iac import ContextIac
|
|
6
8
|
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
|
|
7
9
|
ToolGateway,
|
|
8
10
|
)
|
|
@@ -15,7 +17,6 @@ from devsecops_engine_tools.engine_utilities.utils.utils import Utils
|
|
|
15
17
|
|
|
16
18
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
17
19
|
|
|
18
|
-
|
|
19
20
|
class KicsTool(ToolGateway):
|
|
20
21
|
TOOL_KICS = "KICS"
|
|
21
22
|
scan_type_platform_mapping = {
|
|
@@ -44,6 +45,7 @@ class KicsTool(ToolGateway):
|
|
|
44
45
|
kics_version = config_tool[self.TOOL_KICS]["CLI_VERSION"]
|
|
45
46
|
path_kics = config_tool[self.TOOL_KICS]["PATH_KICS"]
|
|
46
47
|
download_kics_assets = config_tool[self.TOOL_KICS]["DOWNLOAD_KICS_ASSETS"]
|
|
48
|
+
exclude_paths = config_tool[self.TOOL_KICS]["EXCLUDE_PATHS"]
|
|
47
49
|
|
|
48
50
|
os_platform = platform.system()
|
|
49
51
|
path_kics = (
|
|
@@ -52,15 +54,13 @@ class KicsTool(ToolGateway):
|
|
|
52
54
|
work_folder = (
|
|
53
55
|
work_folder.replace("/", "\\") if os_platform == "Windows" else work_folder
|
|
54
56
|
)
|
|
55
|
-
|
|
56
57
|
command_prefix = (
|
|
57
58
|
f"{work_folder}\\{path_kics}.exe"
|
|
58
59
|
if os_platform == "Windows"
|
|
59
60
|
else f"{work_folder}/{path_kics}"
|
|
60
61
|
)
|
|
61
|
-
|
|
62
62
|
if not self._validate_kics(command_prefix):
|
|
63
|
-
|
|
63
|
+
return [], None
|
|
64
64
|
|
|
65
65
|
if download_kics_assets:
|
|
66
66
|
self._get_assets(kics_version, work_folder)
|
|
@@ -73,6 +73,7 @@ class KicsTool(ToolGateway):
|
|
|
73
73
|
work_folder,
|
|
74
74
|
os_platform,
|
|
75
75
|
queries,
|
|
76
|
+
exclude_paths,
|
|
76
77
|
)
|
|
77
78
|
data = self._load_results(work_folder, queries)
|
|
78
79
|
|
|
@@ -93,19 +94,62 @@ class KicsTool(ToolGateway):
|
|
|
93
94
|
return [], None
|
|
94
95
|
|
|
95
96
|
def get_iac_context_from_results(self, path_file_results):
|
|
96
|
-
|
|
97
|
-
|
|
97
|
+
with open(path_file_results, "r") as file:
|
|
98
|
+
context_results_scan_list = json.load(file)
|
|
99
|
+
context_iac_list = []
|
|
100
|
+
failed_checks = context_results_scan_list.get("results", {}).get(
|
|
101
|
+
"failed_checks", []
|
|
102
|
+
)
|
|
103
|
+
for check in failed_checks:
|
|
104
|
+
file_line_range = check.get("file_line_range", ["unknown", "unknown"])
|
|
105
|
+
start_line = (
|
|
106
|
+
file_line_range[0] if len(file_line_range) > 0 else "unknown"
|
|
107
|
+
)
|
|
108
|
+
end_line = file_line_range[1] if len(file_line_range) > 1 else "unknown"
|
|
109
|
+
line_range_str = (
|
|
110
|
+
f"{start_line}-{end_line}"
|
|
111
|
+
if start_line != end_line
|
|
112
|
+
else str(start_line)
|
|
113
|
+
)
|
|
114
|
+
|
|
115
|
+
context_iac = ContextIac(
|
|
116
|
+
id=check.get("check_id", "unknown"),
|
|
117
|
+
check_name=check.get("check_name", "unknown"),
|
|
118
|
+
check_class=check.get("check_class", "unknown"),
|
|
119
|
+
severity=check.get("severity").lower(),
|
|
120
|
+
where=f"{check.get('repo_file_path', 'unknown')}: {check.get('resource', 'unknown')} (line {line_range_str})",
|
|
121
|
+
resource=check.get("resource", "unknown"),
|
|
122
|
+
description=check.get("check_name", "unknown"),
|
|
123
|
+
module="engine_iac",
|
|
124
|
+
tool="Checkov",
|
|
125
|
+
)
|
|
126
|
+
|
|
127
|
+
context_iac_list.append(context_iac)
|
|
128
|
+
|
|
129
|
+
print("===== BEGIN CONTEXT OUTPUT =====")
|
|
130
|
+
print(
|
|
131
|
+
json.dumps(
|
|
132
|
+
{"iac_context": [obj.__dict__ for obj in context_iac_list]},
|
|
133
|
+
indent=4,
|
|
134
|
+
)
|
|
135
|
+
)
|
|
136
|
+
print("===== END CONTEXT OUTPUT =====")
|
|
98
137
|
|
|
99
138
|
def _validate_kics(self, command_prefix):
|
|
100
139
|
try:
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
if result.returncode == 0:
|
|
140
|
+
kics_in_path = shutil.which("kics.exe" if platform.system() == "Windows" else "kics")
|
|
141
|
+
if kics_in_path:
|
|
142
|
+
command_prefix = kics_in_path
|
|
105
143
|
return True
|
|
106
144
|
else:
|
|
107
|
-
|
|
108
|
-
|
|
145
|
+
result = subprocess.run(
|
|
146
|
+
[command_prefix, "version"], capture_output=True, text=True
|
|
147
|
+
)
|
|
148
|
+
if result.returncode == 0:
|
|
149
|
+
return True
|
|
150
|
+
else:
|
|
151
|
+
logger.error(f"KICS binary not valid: {result.stderr}")
|
|
152
|
+
return False
|
|
109
153
|
except Exception as e:
|
|
110
154
|
logger.error(f"Error validating KICS binary: {e}")
|
|
111
155
|
|
|
@@ -151,6 +195,7 @@ class KicsTool(ToolGateway):
|
|
|
151
195
|
work_folder,
|
|
152
196
|
os_platform,
|
|
153
197
|
queries,
|
|
198
|
+
exclude_paths
|
|
154
199
|
):
|
|
155
200
|
folders = ','.join(folders_to_scan)
|
|
156
201
|
queries_flat = [
|
|
@@ -161,32 +206,25 @@ class KicsTool(ToolGateway):
|
|
|
161
206
|
] if queries else []
|
|
162
207
|
queries = ','.join(queries_flat)
|
|
163
208
|
mapped_platforms = [
|
|
164
|
-
|
|
165
|
-
|
|
209
|
+
self.scan_type_platform_mapping.get(platform.lower(), platform)
|
|
210
|
+
for platform in platform_to_scan ] if platform_to_scan != ["all"] else list(self.scan_type_platform_mapping.values())
|
|
166
211
|
platforms = ','.join(mapped_platforms)
|
|
212
|
+
exclude_paths_str = ",".join([path.strip().replace("'", "").replace('"', "") for path in exclude_paths]) if exclude_paths else ""
|
|
213
|
+
queries_path = f"{work_folder}\\kics-devsecops\\assets\\queries" if os_platform == "Windows" else f"{work_folder}/kics-devsecops/assets/queries"
|
|
167
214
|
|
|
168
215
|
command = [
|
|
169
216
|
prefix,
|
|
170
217
|
"scan",
|
|
171
|
-
"-p",
|
|
172
|
-
|
|
173
|
-
"-t",
|
|
174
|
-
|
|
175
|
-
"
|
|
176
|
-
|
|
177
|
-
"-
|
|
178
|
-
(
|
|
179
|
-
f"{work_folder}\\kics-devsecops\\assets\\queries"
|
|
180
|
-
if os_platform == "Windows"
|
|
181
|
-
else f"{work_folder}/kics-devsecops/assets/queries"
|
|
182
|
-
),
|
|
183
|
-
"--report-formats",
|
|
184
|
-
"json",
|
|
185
|
-
"-o",
|
|
186
|
-
work_folder,
|
|
218
|
+
"-p", folders,
|
|
219
|
+
"--exclude-paths", exclude_paths_str,
|
|
220
|
+
"-t", platforms,
|
|
221
|
+
"--include-queries", queries,
|
|
222
|
+
"-q", queries_path,
|
|
223
|
+
"--report-formats", "json",
|
|
224
|
+
"-o", work_folder
|
|
187
225
|
]
|
|
188
226
|
try:
|
|
189
|
-
subprocess.run(command, capture_output=True)
|
|
227
|
+
subprocess.run(command, capture_output=True, text=True, cwd=work_folder)
|
|
190
228
|
except subprocess.CalledProcessError as e:
|
|
191
229
|
logger.error(f"Error during KICS execution: {e}")
|
|
192
230
|
return []
|
|
@@ -216,6 +254,7 @@ class KicsTool(ToolGateway):
|
|
|
216
254
|
info = query_id_to_info[query_id]
|
|
217
255
|
finding["severity"] = info["severity"].upper()
|
|
218
256
|
finding["custom_id"] = info["custom_id"]
|
|
257
|
+
finding["query_name"] = f"{info['custom_id']}: {finding.get('query_name', '')}"
|
|
219
258
|
|
|
220
259
|
with open(results_path, "w") as f:
|
|
221
260
|
json.dump(data, f, indent=4)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.78.0'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=NP7LyDEVEWouVn7PeTV6M6R_7M1g_1_p3GfYsRoW6xo,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -155,8 +155,8 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
|
|
|
155
155
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=KOZKHSNwwVyUl9OMiNysaq8b0L_q1XB93lYTVj247Nk,1940
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=JP_NZfnddbGYRyiLGCpQ8kNI0t7v1TNxt7sp6jBG98w,15183
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
158
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=
|
|
159
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=
|
|
158
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=hUc5Rl92Bq9UltXSbyWRWIa_2HDSd1oPBctAkeXcQKE,2147
|
|
159
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=1m9ucjMj2bp9Qv02nhMMd1ZTy_KcGBeokrHwyfVhDfo,10405
|
|
160
160
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
161
161
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=bGOGmsIpJcQzTMxptJPwZCA9_2Woaua3pXmMs4kTnX8,2893
|
|
162
162
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=1CpaqzDaXinPxM1lSceoaBpccJ3feHwkIdYe3SQjero,4870
|
|
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
352
352
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
353
353
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
354
354
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
357
|
-
devsecops_engine_tools-1.
|
|
358
|
-
devsecops_engine_tools-1.
|
|
359
|
-
devsecops_engine_tools-1.
|
|
355
|
+
devsecops_engine_tools-1.78.0.dist-info/METADATA,sha256=gO_XPQz-MocHNxb1sunP5ryVaqbngCn0_GTYkENziaQ,12093
|
|
356
|
+
devsecops_engine_tools-1.78.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
|
|
357
|
+
devsecops_engine_tools-1.78.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
358
|
+
devsecops_engine_tools-1.78.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
359
|
+
devsecops_engine_tools-1.78.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.76.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|