devsecops-engine-tools 1.78.0__py3-none-any.whl → 1.80.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +15 -3
- devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py +4 -0
- devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py +18 -1
- devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py +11 -0
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/RECORD +10 -10
- {devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/top_level.txt +0 -0
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py
CHANGED
|
@@ -186,7 +186,19 @@ class KicsTool(ToolGateway):
|
|
|
186
186
|
except Exception as e:
|
|
187
187
|
logger.error(f"Error writing queries file: {e}")
|
|
188
188
|
|
|
189
|
-
|
|
189
|
+
def _find_exclude_paths(self, base_path, exclude_paths):
|
|
190
|
+
exclude_dirs = []
|
|
191
|
+
try:
|
|
192
|
+
for root, dirs, files in os.walk(base_path):
|
|
193
|
+
for dir_name in dirs:
|
|
194
|
+
if dir_name.lower() in exclude_paths:
|
|
195
|
+
rel_path = os.path.relpath(os.path.join(root, dir_name), base_path)
|
|
196
|
+
exclude_dirs.append(rel_path)
|
|
197
|
+
return exclude_dirs
|
|
198
|
+
except Exception as e:
|
|
199
|
+
logger.error(f"Error finding exclude paths: {e}")
|
|
200
|
+
return []
|
|
201
|
+
|
|
190
202
|
def _execute_kics(
|
|
191
203
|
self,
|
|
192
204
|
folders_to_scan,
|
|
@@ -209,7 +221,7 @@ class KicsTool(ToolGateway):
|
|
|
209
221
|
self.scan_type_platform_mapping.get(platform.lower(), platform)
|
|
210
222
|
for platform in platform_to_scan ] if platform_to_scan != ["all"] else list(self.scan_type_platform_mapping.values())
|
|
211
223
|
platforms = ','.join(mapped_platforms)
|
|
212
|
-
exclude_paths_str = ",".join(
|
|
224
|
+
exclude_paths_str = ",".join(self._find_exclude_paths(folders, exclude_paths)) if exclude_paths else ""
|
|
213
225
|
queries_path = f"{work_folder}\\kics-devsecops\\assets\\queries" if os_platform == "Windows" else f"{work_folder}/kics-devsecops/assets/queries"
|
|
214
226
|
|
|
215
227
|
command = [
|
|
@@ -224,7 +236,7 @@ class KicsTool(ToolGateway):
|
|
|
224
236
|
"-o", work_folder
|
|
225
237
|
]
|
|
226
238
|
try:
|
|
227
|
-
subprocess.run(command, capture_output=True, text=True, cwd=
|
|
239
|
+
subprocess.run(command, capture_output=True, text=True, cwd=folders)
|
|
228
240
|
except subprocess.CalledProcessError as e:
|
|
229
241
|
logger.error(f"Error during KICS execution: {e}")
|
|
230
242
|
return []
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py
CHANGED
|
@@ -12,4 +12,8 @@ class ImagesGateway(metaclass=ABCMeta):
|
|
|
12
12
|
|
|
13
13
|
@abstractmethod
|
|
14
14
|
def validate_base_image_date(self, image_to_scan, referenced_date) -> str:
|
|
15
|
+
"validate base image date"
|
|
16
|
+
|
|
17
|
+
@abstractmethod
|
|
18
|
+
def validate_black_list_base_image(self, base_image, black_list) -> str:
|
|
15
19
|
"validate base image date"
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py
CHANGED
|
@@ -38,7 +38,6 @@ class ContainerScaScan:
|
|
|
38
38
|
self.pipeline_name = pipeline_name
|
|
39
39
|
self.context = context
|
|
40
40
|
|
|
41
|
-
|
|
42
41
|
def process(self):
|
|
43
42
|
"""
|
|
44
43
|
Process SCA scanning.
|
|
@@ -60,6 +59,15 @@ class ContainerScaScan:
|
|
|
60
59
|
matching_image,
|
|
61
60
|
self.remote_config["VALIDATE_BASE_IMAGE_DATE"]["REFERENCE_IMAGE_DATE"],
|
|
62
61
|
)
|
|
62
|
+
if self.remote_config["BLACK_LIST_BASE_IMAGE"][
|
|
63
|
+
"ENABLED"
|
|
64
|
+
] and not self.exclusions.get(self.pipeline_name, {}).get(
|
|
65
|
+
"BLACK_LIST_BASE_IMAGE"
|
|
66
|
+
):
|
|
67
|
+
self._validate_black_list_base_image(
|
|
68
|
+
base_image, self.remote_config["BLACK_LIST_BASE_IMAGE"]["BLACK_LIST"]
|
|
69
|
+
)
|
|
70
|
+
|
|
63
71
|
sbom_components = None
|
|
64
72
|
generate_sbom = self.remote_config["SBOM"]["ENABLED"] and any(
|
|
65
73
|
branch in str(self.branch)
|
|
@@ -128,6 +136,15 @@ class ContainerScaScan:
|
|
|
128
136
|
matching_image, referenced_date
|
|
129
137
|
)
|
|
130
138
|
|
|
139
|
+
def _validate_black_list_base_image(self, base_image, black_list):
|
|
140
|
+
"""
|
|
141
|
+
Process the black list image base validation.
|
|
142
|
+
|
|
143
|
+
Returns:
|
|
144
|
+
string: blacklist.
|
|
145
|
+
"""
|
|
146
|
+
return self.tool_images.validate_black_list_base_image(base_image, black_list)
|
|
147
|
+
|
|
131
148
|
def _get_images_already_scanned(self):
|
|
132
149
|
"""
|
|
133
150
|
Create images scanned file if it does not exist and get the images that have already been scanned.
|
|
@@ -124,3 +124,14 @@ class DockerImages(ImagesGateway):
|
|
|
124
124
|
f"Compliance issue: the source base image date ({date.strftime('%Y-%m-%d')}) is older than the referenced date ({reference_date.strftime('%Y-%m-%d')})."
|
|
125
125
|
)
|
|
126
126
|
return True
|
|
127
|
+
|
|
128
|
+
def validate_black_list_base_image(self, base_image, black_list):
|
|
129
|
+
if not isinstance(base_image, str) or not isinstance(black_list, list):
|
|
130
|
+
logger.error("Invalid input types: expected a string and a list of strings.")
|
|
131
|
+
return False
|
|
132
|
+
for black in black_list:
|
|
133
|
+
if black in base_image:
|
|
134
|
+
raise ValueError(
|
|
135
|
+
f"Compliance issue: the image: {base_image} is blacklisted for {black}"
|
|
136
|
+
)
|
|
137
|
+
return True
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.80.0'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=Mt6IpPvcFpNpjHQDD673DmvMordj-vXT2F8kpyGZoas,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -156,7 +156,7 @@ devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters
|
|
|
156
156
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py,sha256=JP_NZfnddbGYRyiLGCpQ8kNI0t7v1TNxt7sp6jBG98w,15183
|
|
157
157
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
158
158
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py,sha256=hUc5Rl92Bq9UltXSbyWRWIa_2HDSd1oPBctAkeXcQKE,2147
|
|
159
|
-
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=
|
|
159
|
+
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py,sha256=0bJ5q72QJ1zA-8Ckf7KfbES_tnV3W5NIpLrEmopoaAY,10926
|
|
160
160
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
161
161
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py,sha256=bGOGmsIpJcQzTMxptJPwZCA9_2Woaua3pXmMs4kTnX8,2893
|
|
162
162
|
devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py,sha256=1CpaqzDaXinPxM1lSceoaBpccJ3feHwkIdYe3SQjero,4870
|
|
@@ -200,16 +200,16 @@ devsecops_engine_tools/engine_sca/engine_container/src/domain/model/__init__.py,
|
|
|
200
200
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/context_container.py,sha256=_BSNeHSWJHS-G1pdkOvrO2fA2UTUlI8N3KYEUI3Uh-c,602
|
|
201
201
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
202
202
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py,sha256=AVPZvwwhV-Vns7cM58vHzd4_no2xSdzHUKiI6-2lpNM,576
|
|
203
|
-
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py,sha256=
|
|
203
|
+
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py,sha256=AG9FrEXrs_FJliURwmzPEa354Ec5EEsFs_QDLIOGxbI,548
|
|
204
204
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/tool_gateway.py,sha256=2fT2DFb4IPqQczCrAI0qEuWQUb3XsqFhI5M0OzNYalo,286
|
|
205
205
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
206
|
-
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=
|
|
206
|
+
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=lRDEPPQgU3MTBLnQKK_TM5CwSm8m3FQaSxfs4MrKqTg,5778
|
|
207
207
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py,sha256=4wgBTQSDE-C5v01C3Vxzeq0DJKZUSqQ5TVLG7yPZPKs,926
|
|
208
208
|
devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py,sha256=_JolwotLLrrac1EdO0D86ZduO6XQROhGpsIXC7eyOgs,2666
|
|
209
209
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
210
210
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
211
211
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
212
|
-
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=
|
|
212
|
+
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=W5OTPL_t1Go7BVooHAubunrHIH5W1j5zFB7TrJI8D0g,5481
|
|
213
213
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
214
214
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=Qjp5oswbH8y7yVoJ1g6CZjbUybS5XNf0LSOB1pUzSnE,7286
|
|
215
215
|
devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=Eb7eRLyKQizPvaeX9uH8E1wxIKXCaAyNKUpmldw_iL8,2680
|
|
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
352
352
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
353
353
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
354
354
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
357
|
-
devsecops_engine_tools-1.
|
|
358
|
-
devsecops_engine_tools-1.
|
|
359
|
-
devsecops_engine_tools-1.
|
|
355
|
+
devsecops_engine_tools-1.80.0.dist-info/METADATA,sha256=cEwn8u1duR7cBIPBkVZcRfn1vpW3Lg68NicDS6K8bMY,12093
|
|
356
|
+
devsecops_engine_tools-1.80.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
|
|
357
|
+
devsecops_engine_tools-1.80.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
358
|
+
devsecops_engine_tools-1.80.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
359
|
+
devsecops_engine_tools-1.80.0.dist-info/RECORD,,
|
|
File without changes
|
{devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.78.0.dist-info → devsecops_engine_tools-1.80.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|