devsecops-engine-tools 1.77.0__py3-none-any.whl → 1.79.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py +2 -1
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +82 -32
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/RECORD +8 -8
- {devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/top_level.txt +0 -0
|
@@ -53,5 +53,6 @@ class KicsDeserealizator:
|
|
|
53
53
|
high = severity_counters.get("HIGH", 0)
|
|
54
54
|
medium = severity_counters.get("MEDIUM", 0)
|
|
55
55
|
low = severity_counters.get("LOW", 0)
|
|
56
|
+
info = severity_counters.get("INFO", 0)
|
|
56
57
|
|
|
57
|
-
return critical + high + medium + low
|
|
58
|
+
return critical + high + medium + low + info
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py
CHANGED
|
@@ -3,6 +3,8 @@ import json
|
|
|
3
3
|
import platform
|
|
4
4
|
import requests
|
|
5
5
|
import os
|
|
6
|
+
import shutil
|
|
7
|
+
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.context_iac import ContextIac
|
|
6
8
|
from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import (
|
|
7
9
|
ToolGateway,
|
|
8
10
|
)
|
|
@@ -15,7 +17,6 @@ from devsecops_engine_tools.engine_utilities.utils.utils import Utils
|
|
|
15
17
|
|
|
16
18
|
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
17
19
|
|
|
18
|
-
|
|
19
20
|
class KicsTool(ToolGateway):
|
|
20
21
|
TOOL_KICS = "KICS"
|
|
21
22
|
scan_type_platform_mapping = {
|
|
@@ -44,6 +45,7 @@ class KicsTool(ToolGateway):
|
|
|
44
45
|
kics_version = config_tool[self.TOOL_KICS]["CLI_VERSION"]
|
|
45
46
|
path_kics = config_tool[self.TOOL_KICS]["PATH_KICS"]
|
|
46
47
|
download_kics_assets = config_tool[self.TOOL_KICS]["DOWNLOAD_KICS_ASSETS"]
|
|
48
|
+
exclude_paths = config_tool[self.TOOL_KICS]["EXCLUDE_PATHS"]
|
|
47
49
|
|
|
48
50
|
os_platform = platform.system()
|
|
49
51
|
path_kics = (
|
|
@@ -52,15 +54,13 @@ class KicsTool(ToolGateway):
|
|
|
52
54
|
work_folder = (
|
|
53
55
|
work_folder.replace("/", "\\") if os_platform == "Windows" else work_folder
|
|
54
56
|
)
|
|
55
|
-
|
|
56
57
|
command_prefix = (
|
|
57
58
|
f"{work_folder}\\{path_kics}.exe"
|
|
58
59
|
if os_platform == "Windows"
|
|
59
60
|
else f"{work_folder}/{path_kics}"
|
|
60
61
|
)
|
|
61
|
-
|
|
62
62
|
if not self._validate_kics(command_prefix):
|
|
63
|
-
|
|
63
|
+
return [], None
|
|
64
64
|
|
|
65
65
|
if download_kics_assets:
|
|
66
66
|
self._get_assets(kics_version, work_folder)
|
|
@@ -73,6 +73,7 @@ class KicsTool(ToolGateway):
|
|
|
73
73
|
work_folder,
|
|
74
74
|
os_platform,
|
|
75
75
|
queries,
|
|
76
|
+
exclude_paths,
|
|
76
77
|
)
|
|
77
78
|
data = self._load_results(work_folder, queries)
|
|
78
79
|
|
|
@@ -93,19 +94,62 @@ class KicsTool(ToolGateway):
|
|
|
93
94
|
return [], None
|
|
94
95
|
|
|
95
96
|
def get_iac_context_from_results(self, path_file_results):
|
|
96
|
-
|
|
97
|
-
|
|
97
|
+
with open(path_file_results, "r") as file:
|
|
98
|
+
context_results_scan_list = json.load(file)
|
|
99
|
+
context_iac_list = []
|
|
100
|
+
failed_checks = context_results_scan_list.get("results", {}).get(
|
|
101
|
+
"failed_checks", []
|
|
102
|
+
)
|
|
103
|
+
for check in failed_checks:
|
|
104
|
+
file_line_range = check.get("file_line_range", ["unknown", "unknown"])
|
|
105
|
+
start_line = (
|
|
106
|
+
file_line_range[0] if len(file_line_range) > 0 else "unknown"
|
|
107
|
+
)
|
|
108
|
+
end_line = file_line_range[1] if len(file_line_range) > 1 else "unknown"
|
|
109
|
+
line_range_str = (
|
|
110
|
+
f"{start_line}-{end_line}"
|
|
111
|
+
if start_line != end_line
|
|
112
|
+
else str(start_line)
|
|
113
|
+
)
|
|
114
|
+
|
|
115
|
+
context_iac = ContextIac(
|
|
116
|
+
id=check.get("check_id", "unknown"),
|
|
117
|
+
check_name=check.get("check_name", "unknown"),
|
|
118
|
+
check_class=check.get("check_class", "unknown"),
|
|
119
|
+
severity=check.get("severity").lower(),
|
|
120
|
+
where=f"{check.get('repo_file_path', 'unknown')}: {check.get('resource', 'unknown')} (line {line_range_str})",
|
|
121
|
+
resource=check.get("resource", "unknown"),
|
|
122
|
+
description=check.get("check_name", "unknown"),
|
|
123
|
+
module="engine_iac",
|
|
124
|
+
tool="Checkov",
|
|
125
|
+
)
|
|
126
|
+
|
|
127
|
+
context_iac_list.append(context_iac)
|
|
128
|
+
|
|
129
|
+
print("===== BEGIN CONTEXT OUTPUT =====")
|
|
130
|
+
print(
|
|
131
|
+
json.dumps(
|
|
132
|
+
{"iac_context": [obj.__dict__ for obj in context_iac_list]},
|
|
133
|
+
indent=4,
|
|
134
|
+
)
|
|
135
|
+
)
|
|
136
|
+
print("===== END CONTEXT OUTPUT =====")
|
|
98
137
|
|
|
99
138
|
def _validate_kics(self, command_prefix):
|
|
100
139
|
try:
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
if result.returncode == 0:
|
|
140
|
+
kics_in_path = shutil.which("kics.exe" if platform.system() == "Windows" else "kics")
|
|
141
|
+
if kics_in_path:
|
|
142
|
+
command_prefix = kics_in_path
|
|
105
143
|
return True
|
|
106
144
|
else:
|
|
107
|
-
|
|
108
|
-
|
|
145
|
+
result = subprocess.run(
|
|
146
|
+
[command_prefix, "version"], capture_output=True, text=True
|
|
147
|
+
)
|
|
148
|
+
if result.returncode == 0:
|
|
149
|
+
return True
|
|
150
|
+
else:
|
|
151
|
+
logger.error(f"KICS binary not valid: {result.stderr}")
|
|
152
|
+
return False
|
|
109
153
|
except Exception as e:
|
|
110
154
|
logger.error(f"Error validating KICS binary: {e}")
|
|
111
155
|
|
|
@@ -142,7 +186,19 @@ class KicsTool(ToolGateway):
|
|
|
142
186
|
except Exception as e:
|
|
143
187
|
logger.error(f"Error writing queries file: {e}")
|
|
144
188
|
|
|
145
|
-
|
|
189
|
+
def _find_exclude_paths(self, base_path, exclude_paths):
|
|
190
|
+
exclude_dirs = []
|
|
191
|
+
try:
|
|
192
|
+
for root, dirs, files in os.walk(base_path):
|
|
193
|
+
for dir_name in dirs:
|
|
194
|
+
if dir_name.lower() in exclude_paths:
|
|
195
|
+
rel_path = os.path.relpath(os.path.join(root, dir_name), base_path)
|
|
196
|
+
exclude_dirs.append(rel_path)
|
|
197
|
+
return exclude_dirs
|
|
198
|
+
except Exception as e:
|
|
199
|
+
logger.error(f"Error finding exclude paths: {e}")
|
|
200
|
+
return []
|
|
201
|
+
|
|
146
202
|
def _execute_kics(
|
|
147
203
|
self,
|
|
148
204
|
folders_to_scan,
|
|
@@ -151,6 +207,7 @@ class KicsTool(ToolGateway):
|
|
|
151
207
|
work_folder,
|
|
152
208
|
os_platform,
|
|
153
209
|
queries,
|
|
210
|
+
exclude_paths
|
|
154
211
|
):
|
|
155
212
|
folders = ','.join(folders_to_scan)
|
|
156
213
|
queries_flat = [
|
|
@@ -161,32 +218,25 @@ class KicsTool(ToolGateway):
|
|
|
161
218
|
] if queries else []
|
|
162
219
|
queries = ','.join(queries_flat)
|
|
163
220
|
mapped_platforms = [
|
|
164
|
-
|
|
165
|
-
|
|
221
|
+
self.scan_type_platform_mapping.get(platform.lower(), platform)
|
|
222
|
+
for platform in platform_to_scan ] if platform_to_scan != ["all"] else list(self.scan_type_platform_mapping.values())
|
|
166
223
|
platforms = ','.join(mapped_platforms)
|
|
224
|
+
exclude_paths_str = ",".join(self._find_exclude_paths(folders, exclude_paths)) if exclude_paths else ""
|
|
225
|
+
queries_path = f"{work_folder}\\kics-devsecops\\assets\\queries" if os_platform == "Windows" else f"{work_folder}/kics-devsecops/assets/queries"
|
|
167
226
|
|
|
168
227
|
command = [
|
|
169
228
|
prefix,
|
|
170
229
|
"scan",
|
|
171
|
-
"-p",
|
|
172
|
-
|
|
173
|
-
"-t",
|
|
174
|
-
|
|
175
|
-
"
|
|
176
|
-
|
|
177
|
-
"-
|
|
178
|
-
(
|
|
179
|
-
f"{work_folder}\\kics-devsecops\\assets\\queries"
|
|
180
|
-
if os_platform == "Windows"
|
|
181
|
-
else f"{work_folder}/kics-devsecops/assets/queries"
|
|
182
|
-
),
|
|
183
|
-
"--report-formats",
|
|
184
|
-
"json",
|
|
185
|
-
"-o",
|
|
186
|
-
work_folder,
|
|
230
|
+
"-p", folders,
|
|
231
|
+
"--exclude-paths", exclude_paths_str,
|
|
232
|
+
"-t", platforms,
|
|
233
|
+
"--include-queries", queries,
|
|
234
|
+
"-q", queries_path,
|
|
235
|
+
"--report-formats", "json",
|
|
236
|
+
"-o", work_folder
|
|
187
237
|
]
|
|
188
238
|
try:
|
|
189
|
-
subprocess.run(command, capture_output=True)
|
|
239
|
+
subprocess.run(command, capture_output=True, text=True, cwd=folders)
|
|
190
240
|
except subprocess.CalledProcessError as e:
|
|
191
241
|
logger.error(f"Error during KICS execution: {e}")
|
|
192
242
|
return []
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.79.0'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=G9BCSs5qkGAFBL7_RSsgpwj0SAHfAZnVoMptbJiri8I,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -155,8 +155,8 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
|
|
|
155
155
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py,sha256=KOZKHSNwwVyUl9OMiNysaq8b0L_q1XB93lYTVj247Nk,1940
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=JP_NZfnddbGYRyiLGCpQ8kNI0t7v1TNxt7sp6jBG98w,15183
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
158
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=
|
|
159
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=
|
|
158
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=hUc5Rl92Bq9UltXSbyWRWIa_2HDSd1oPBctAkeXcQKE,2147
|
|
159
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=0bJ5q72QJ1zA-8Ckf7KfbES_tnV3W5NIpLrEmopoaAY,10926
|
|
160
160
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
161
161
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=bGOGmsIpJcQzTMxptJPwZCA9_2Woaua3pXmMs4kTnX8,2893
|
|
162
162
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=1CpaqzDaXinPxM1lSceoaBpccJ3feHwkIdYe3SQjero,4870
|
|
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
352
352
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
353
353
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
354
354
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
357
|
-
devsecops_engine_tools-1.
|
|
358
|
-
devsecops_engine_tools-1.
|
|
359
|
-
devsecops_engine_tools-1.
|
|
355
|
+
devsecops_engine_tools-1.79.0.dist-info/METADATA,sha256=I7EOCao07TriIKETSDAqDw6KbknPOiQdQayj5Wp-G5s,12093
|
|
356
|
+
devsecops_engine_tools-1.79.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
|
|
357
|
+
devsecops_engine_tools-1.79.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
358
|
+
devsecops_engine_tools-1.79.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
359
|
+
devsecops_engine_tools-1.79.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.77.0.dist-info → devsecops_engine_tools-1.79.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|