devsecops-engine-tools 1.77.0__py3-none-any.whl → 1.78.0__py3-none-any.whl

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py

@@ -53,5 +53,6 @@ class KicsDeserealizator:
         high = severity_counters.get("HIGH", 0)
         medium = severity_counters.get("MEDIUM", 0)
         low = severity_counters.get("LOW", 0)
+        info = severity_counters.get("INFO", 0)
 
-        return critical + high + medium + low
+        return critical + high + medium + low + info

devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py

@@ -3,6 +3,8 @@ import json
 import platform
 import requests
 import os
+import shutil
+from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.context_iac import ContextIac
 from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
     ToolGateway,
 )
@@ -15,7 +17,6 @@ from devsecops_engine_tools.engine_utilities.utils.utils import Utils
 
 logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
 
-
 class KicsTool(ToolGateway):
     TOOL_KICS = "KICS"
     scan_type_platform_mapping = {
@@ -44,6 +45,7 @@ class KicsTool(ToolGateway):
         kics_version = config_tool[self.TOOL_KICS]["CLI_VERSION"]
         path_kics = config_tool[self.TOOL_KICS]["PATH_KICS"]
         download_kics_assets = config_tool[self.TOOL_KICS]["DOWNLOAD_KICS_ASSETS"]
+        exclude_paths = config_tool[self.TOOL_KICS]["EXCLUDE_PATHS"]
 
         os_platform = platform.system()
         path_kics = (
@@ -52,15 +54,13 @@ class KicsTool(ToolGateway):
         work_folder = (
             work_folder.replace("/", "\\") if os_platform == "Windows" else work_folder
         )
-
         command_prefix = (
             f"{work_folder}\\{path_kics}.exe"
             if os_platform == "Windows"
             else f"{work_folder}/{path_kics}"
         )
-
         if not self._validate_kics(command_prefix):
-            logger.info("KICS binary not found or invalid, downloading assets...")
+                return [], None
 
         if download_kics_assets:
             self._get_assets(kics_version, work_folder)
@@ -73,6 +73,7 @@ class KicsTool(ToolGateway):
             work_folder,
             os_platform,
             queries,
+            exclude_paths,
         )
         data = self._load_results(work_folder, queries)
 
@@ -93,19 +94,62 @@ class KicsTool(ToolGateway):
         return [], None
 
     def get_iac_context_from_results(self, path_file_results):
-        # TODO: Implement this method
-        pass
+        with open(path_file_results, "r") as file:
+            context_results_scan_list = json.load(file)
+            context_iac_list = []
+            failed_checks = context_results_scan_list.get("results", {}).get(
+                "failed_checks", []
+            )
+            for check in failed_checks:
+                file_line_range = check.get("file_line_range", ["unknown", "unknown"])
+                start_line = (
+                    file_line_range[0] if len(file_line_range) > 0 else "unknown"
+                )
+                end_line = file_line_range[1] if len(file_line_range) > 1 else "unknown"
+                line_range_str = (
+                    f"{start_line}-{end_line}"
+                    if start_line != end_line
+                    else str(start_line)
+                )
+
+                context_iac = ContextIac(
+                    id=check.get("check_id", "unknown"),
+                    check_name=check.get("check_name", "unknown"),
+                    check_class=check.get("check_class", "unknown"),
+                    severity=check.get("severity").lower(),
+                    where=f"{check.get('repo_file_path', 'unknown')}: {check.get('resource', 'unknown')} (line {line_range_str})",
+                    resource=check.get("resource", "unknown"),
+                    description=check.get("check_name", "unknown"),
+                    module="engine_iac",
+                    tool="Checkov",
+                )
+
+                context_iac_list.append(context_iac)
+
+            print("===== BEGIN CONTEXT OUTPUT =====")
+            print(
+                json.dumps(
+                    {"iac_context": [obj.__dict__ for obj in context_iac_list]},
+                    indent=4,
+                )
+            )
+            print("===== END CONTEXT OUTPUT =====")
 
     def _validate_kics(self, command_prefix):
         try:
-            result = subprocess.run(
-                [command_prefix, "version"], capture_output=True, text=True
-            )
-            if result.returncode == 0:
+            kics_in_path = shutil.which("kics.exe" if platform.system() == "Windows" else "kics")
+            if kics_in_path:
+                command_prefix = kics_in_path
                 return True
             else:
-                logger.error(f"KICS binary not valid: {result.stderr}")
-                return False
+                result = subprocess.run(
+                    [command_prefix, "version"], capture_output=True, text=True
+                )
+                if result.returncode == 0:
+                    return True
+                else:
+                    logger.error(f"KICS binary not valid: {result.stderr}")
+                    return False
         except Exception as e:
             logger.error(f"Error validating KICS binary: {e}")
 
@@ -151,6 +195,7 @@ class KicsTool(ToolGateway):
         work_folder,
         os_platform,
         queries,
+        exclude_paths
     ):
         folders = ','.join(folders_to_scan)
         queries_flat = [
@@ -161,32 +206,25 @@ class KicsTool(ToolGateway):
         ] if queries else []
         queries = ','.join(queries_flat)
         mapped_platforms = [ 
-                            self.scan_type_platform_mapping.get(platform.lower(), platform) 
-                            for platform in platform_to_scan ] if platform_to_scan != ["all"] else list(self.scan_type_platform_mapping.values())
+            self.scan_type_platform_mapping.get(platform.lower(), platform) 
+            for platform in platform_to_scan ] if platform_to_scan != ["all"] else list(self.scan_type_platform_mapping.values())
         platforms = ','.join(mapped_platforms)
+        exclude_paths_str = ",".join([path.strip().replace("'", "").replace('"', "") for path in exclude_paths]) if exclude_paths else ""
+        queries_path = f"{work_folder}\\kics-devsecops\\assets\\queries" if os_platform == "Windows" else f"{work_folder}/kics-devsecops/assets/queries"
 
         command = [
             prefix,
             "scan",
-            "-p",
-            folders,
-            "-t",
-            platforms,
-            "--include-queries",
-            queries,
-            "-q",
-            (
-                f"{work_folder}\\kics-devsecops\\assets\\queries"
-                if os_platform == "Windows"
-                else f"{work_folder}/kics-devsecops/assets/queries"
-            ),
-            "--report-formats",
-            "json",
-            "-o",
-            work_folder,
+            "-p", folders,
+            "--exclude-paths", exclude_paths_str,
+            "-t", platforms,
+            "--include-queries", queries,
+            "-q", queries_path,
+            "--report-formats", "json",
+            "-o", work_folder
         ]
         try:
-            subprocess.run(command, capture_output=True)
+            subprocess.run(command, capture_output=True, text=True, cwd=work_folder)
         except subprocess.CalledProcessError as e:
             logger.error(f"Error during KICS execution: {e}")
             return []

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.77.0'
+version = '1.78.0'

{devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.77.0
+Version: 1.78.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.78.0.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=sXdcSyNZ_mEJnwAQ1dQNuAvWM40rb4JzZPslyGMGtDw,19
+devsecops_engine_tools/version.py,sha256=NP7LyDEVEWouVn7PeTV6M6R_7M1g_1_p3GfYsRoW6xo,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -155,8 +155,8 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=KOZKHSNwwVyUl9OMiNysaq8b0L_q1XB93lYTVj247Nk,1940
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=JP_NZfnddbGYRyiLGCpQ8kNI0t7v1TNxt7sp6jBG98w,15183
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=tZq3jutZL2M9XIxm5K_xd3mWwTCMVmHQPFNvrslCqCM,2092
-devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=pYHgGJBxOqqYJoWQdcJyZ7vDIBep8LRph9IBi0h7ha4,8139
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=hUc5Rl92Bq9UltXSbyWRWIa_2HDSd1oPBctAkeXcQKE,2147
+devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=1m9ucjMj2bp9Qv02nhMMd1ZTy_KcGBeokrHwyfVhDfo,10405
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=bGOGmsIpJcQzTMxptJPwZCA9_2Woaua3pXmMs4kTnX8,2893
 devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=1CpaqzDaXinPxM1lSceoaBpccJ3feHwkIdYe3SQjero,4870
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.77.0.dist-info/METADATA,sha256=9BkxCZgMEcBn7V7QGyaDJOF4r3mS335MctCcSp8PIb4,12093
-devsecops_engine_tools-1.77.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
-devsecops_engine_tools-1.77.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.77.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.77.0.dist-info/RECORD,,
+devsecops_engine_tools-1.78.0.dist-info/METADATA,sha256=gO_XPQz-MocHNxb1sunP5ryVaqbngCn0_GTYkENziaQ,12093
+devsecops_engine_tools-1.78.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
+devsecops_engine_tools-1.78.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.78.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.78.0.dist-info/RECORD,,