devsecops-engine-tools 1.8.13__py3-none-any.whl → 1.8.14__py3-none-any.whl

devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/git_gateway.py

@@ -5,7 +5,11 @@ class GitGateway(metaclass=ABCMeta):
     @abstractmethod
     def get_files_pull_request(self, sys_working_dir: str,
                                target_branch: str,
+                               config_target_branch: dict,
                                source_branch: str,
-                               message_info_engine_secret: str
-                               ) -> dict:
+                               access_token: str,
+                               collection_uri: str,
+                               team_project: str,
+                               repository_name: str,
+                               repository_provider: str) -> dict:
         "get_files_pull_request"

devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py

@@ -11,5 +11,6 @@ class ToolGateway(metaclass=ABCMeta):
                             exclude_path: dict,
                             agent_os: str,
                             agent_work_folder: str,
-                            num_threads: int) -> str:
+                            num_threads: int,
+                            repository_name: str) -> str:
         "run tool secret scan"

devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py

@@ -36,14 +36,20 @@ class SecretScan:
             files_pullrequest = self.git_gateway.get_files_pull_request(
                 self.devops_platform_gateway.get_variable("path_directory"),
                 self.devops_platform_gateway.get_variable("target_branch"),
+                config_tool.target_branches,
                 self.devops_platform_gateway.get_variable("source_branch"),
-                config_tool.message_info_engine_secret)
+                self.devops_platform_gateway.get_variable("access_token"),
+                self.devops_platform_gateway.get_variable("organization"),
+                self.devops_platform_gateway.get_variable("project_name"),
+                self.devops_platform_gateway.get_variable("repository"),
+                self.devops_platform_gateway.get_variable("repository_provider"))
             findings, file_path_findings = self.tool_gateway.run_tool_secret_scan(
                     files_pullrequest,
                     config_tool.exclude_path,
                     self.devops_platform_gateway.get_variable("os"),
                     self.devops_platform_gateway.get_variable("path_directory"),
-                    config_tool.number_threads
+                    config_tool.number_threads,
+                    self.devops_platform_gateway.get_variable("repository")
                     )
             finding_list = self.tool_deserialize.get_list_vulnerability(
                 findings,

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py

@@ -1,6 +1,7 @@
 from dataclasses import dataclass
 import os
 import subprocess
+from urllib.parse import quote
 from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway import GitGateway
 
 from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
@@ -14,28 +15,61 @@ class GitRun(GitGateway):
     def get_files_pull_request(self,
                                sys_working_dir,
                                target_branch,
+                               config_target_branch,
                                source_branch,
-                               message_info_engine_secret
-                               ):
+                               access_token,
+                               collection_uri,
+                               team_project,
+                               repository_name,
+                               repository_provider):
         try:
-            source_branch = source_branch.replace("refs/heads/", "")
+            if repository_provider == 'GitHub' or target_branch not in config_target_branch:
+                os.chdir(sys_working_dir)
+                subprocess.run(['git', 'checkout', '-b', source_branch, f'origin/{source_branch}'], capture_output=True, text=True)
+                env = os.environ.copy()
+                env["GIT_COMMITTER_NAME"] = "Your Name"
+                env["GIT_COMMITTER_EMAIL"] = "your.email@example.com"
+                env["GIT_AUTHOR_NAME"] = "Your Name"
+                env["GIT_AUTHOR_EMAIL"] = "your.email@example.com"
+                command = ["git", "rebase", f"origin/{target_branch}", "-X", "theirs"]
+                subprocess.run(command, env=env, capture_output=True, text=True)
+
+                diff = subprocess.run(['git', 'diff', f'origin/{target_branch}..{source_branch}', '--name-only'], capture_output=True, text=True)
+                if diff.returncode == 0:
+                    diff_files = diff.stdout.strip().split("\n")
+                    print("Pull Requests Associated Files:",diff_files)
+                    return diff_files
+                return []
+            base_compact_url = (
+            f"https://{collection_uri.rstrip('/').split('/')[-1].replace('.visualstudio.com','')}"
+            f".visualstudio.com/{quote(team_project)}/_git/"
+            f"{repository_name}"
+            )
+            
+            url_without_https = base_compact_url.replace("https://", "")
+            url_with_token = f"https://x-access-token:{access_token}@{url_without_https}"
+
+            path_new_folder = sys_working_dir + '/' + repository_name
+            
+            if os.path.exists(path_new_folder):
+                logger.warning(f"Error: folder {repository_name} already exist")
+                return []
+            os.makedirs(path_new_folder)
             os.chdir(sys_working_dir)
-            subprocess.run(['git', 'checkout', '-b', source_branch, f'origin/{source_branch}'], text=True, capture_output=True, check=True)    
-            env = os.environ.copy()
-            env["GIT_COMMITTER_NAME"] = "Your Name"
-            env["GIT_COMMITTER_EMAIL"] = "your.email@example.com"
-            env["GIT_AUTHOR_NAME"] = "Your Name"
-            env["GIT_AUTHOR_EMAIL"] = "your.email@example.com"
-            command = ["git", "rebase", f"origin/{target_branch}", "-X", "theirs"]
-            subprocess.run(command, env=env, text=True, capture_output=True)
+            subprocess.run(["git", "clone", "--branch", target_branch, url_with_token, path_new_folder], capture_output=True, text=True)
+            os.chdir(path_new_folder)
+ 
+            source_branch = source_branch.replace("refs/heads/", "")
+            subprocess.run(["git", "checkout", "-b", source_branch], capture_output=True, text=True)
+            command = ["git","-c","user.email=you@example.com","-c","user.name=Your Name","pull","--rebase","-X", "theirs","--no-edit","origin",source_branch]
+            subprocess.run(command, capture_output=True, text=True)
 
-            diff = subprocess.run(['git', 'diff', f'origin/{target_branch}..{source_branch}', '--name-only'], capture_output=True, text=True)
-            if diff.returncode == 0:
-                diff_files = diff.stdout.strip().split("\n")
-                print("Pull Requests Associated Files:",diff_files)
+            if source_branch != None:
+                diff = subprocess.run(['git', 'diff', '--name-only', f'{source_branch}..{target_branch}'], capture_output=True, text=True)
+                if diff:
+                    diff_files = diff.stdout.strip().split("\n")
+                print("Pull Requests Associated Files:",len(diff_files))
                 return diff_files
-        except subprocess.CalledProcessError as e:
-            raise Exception(f"Error in pipeline configuration, {message_info_engine_secret}") from e
         except Exception as e:
             logger.warning(f"Error getting files PullRequest: {e}")
             return []

devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py

@@ -43,7 +43,8 @@ class TrufflehogRun(ToolGateway):
         exclude_paths,
         agent_os,
         agent_work_folder,
-        num_threads
+        num_threads,
+        repository_name,
     ):
         trufflehog_command = "trufflehog"
         if "Windows" in agent_os:
@@ -59,6 +60,7 @@ class TrufflehogRun(ToolGateway):
                 [agent_work_folder] * len(include_paths),
                 [exclude_path] * len(include_paths),
                 include_paths,
+                [repository_name] * len(include_paths),
             )
         findings, file_findings = self.create_file(self.decode_output(results), agent_work_folder)
         return  findings, file_findings
@@ -86,9 +88,10 @@ class TrufflehogRun(ToolGateway):
         trufflehog_command,
         agent_work_folder,
         exclude_path,
-        include_path
+        include_path,
+        repository_name,
     ):
-        command = f"{trufflehog_command} filesystem {agent_work_folder} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --json"
+        command = f"{trufflehog_command} filesystem {agent_work_folder + '/' + repository_name} --include-paths {include_path} --exclude-paths {exclude_path} --no-verification --json"
         result = subprocess.run(command, capture_output=True, shell=True, text=True)
         return result.stdout.strip()
 

devsecops_engine_tools/version.py

@@ -1 +1 @@
-version = '1.8.13'
+version = '1.8.14'

{devsecops_engine_tools-1.8.13.dist-info → devsecops_engine_tools-1.8.14.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.8.13
+Version: 1.8.14
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.8.13.dist-info → devsecops_engine_tools-1.8.14.dist-info}/RECORD

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=S6HhgJQgheBBHlWAIeACo1IcPFltqmDNBAdPRB4ya-8,18
+devsecops_engine_tools/version.py,sha256=NMsYsyi0Mr3c0ZwNOnlQv7t4OcdOet7o69p2QQyEXDg,18
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -123,18 +123,18 @@ devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/DeserializeCon
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/gateway_deserealizator.py,sha256=4fYPengHW3K0uVP6wHgOiNu-gRb08m78E7QZayZ2LC4,441
-devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/git_gateway.py,sha256=d6hT4AAyRCqckbEGKEzXRAgT8766tOyxAeUn0foJvpc,409
-devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=2kHgUus04M2kpFfVvwcRrhglN8JI3w3JfB-qjfJvoKk,542
+devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/git_gateway.py,sha256=x6LFK8wZuVix-ZCBdBQTzvjQi59nZYVrSOTatCOQbxc,638
+devsecops_engine_tools/engine_sast/engine_secret/src/domain/model/gateway/tool_gateway.py,sha256=juharYjy__KyB0fFCbU30k_aLd_9cQgsoCMeodq9ebA,593
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=I8YKSw5rsKimBukCC3eoN8TACwZFgD42okvYNeG115Y,3464
+devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/secret_scan.py,sha256=9DAX-3cJB5JmK7ZV3s0NQlGLMaPBiP7UbCOJ8OYlH3A,3916
 devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py,sha256=k0LZd9PJpqEDns6DLYRGu9DzpRZeFsxAnowcjP5Rml4,2838
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py,sha256=DzdBmwA2-3b5OBkjdOmiF9UcHwD8b7HJNboCdmSxJ7Q,1993
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py,sha256=ZCPsII6lkUutRJ3MdjD2vTc1lq6DgvHHMtXoaiIadk4,3844
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_deserealizator.py,sha256=WpFFswOmP38cLvfZHCrPDiRtdwH86n1CqVNS3K4s6uA,1968
-devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=1TvGYg65KX3Af-AxH73UNlUr0BnxmvFha0r3AZeqBYg,5210
+devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/trufflehog/trufflehog_run.py,sha256=cvCSKTDN-4oL9H5EZF_-WrP5bNamFt0WfeCwaMO_Nfo,5345
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/entry_points/entry_point_tool.py,sha256=WJJVGqE0PJMoATi8ubTGsqyrx4KqEQluXCg9Hk-NiOw,982
 devsecops_engine_tools/engine_sca/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -256,8 +256,8 @@ devsecops_engine_tools/engine_utilities/utils/logger_info.py,sha256=4Mz8Bwlm9Mku
 devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGaxYSDe0ZRh6VHRf53H4sXPcb-vNP_i81PUn3I,307
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=yNtlT-8Legz1sHbGPH8LNYjL-LgDUE0zXG2rYjiab7U,290
-devsecops_engine_tools-1.8.13.dist-info/METADATA,sha256=kB8OX0SJ7ui2I2XSWlwC8cUOZhAJ5d-Au5tPWp_DV9E,10444
-devsecops_engine_tools-1.8.13.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.8.13.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
-devsecops_engine_tools-1.8.13.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.8.13.dist-info/RECORD,,
+devsecops_engine_tools-1.8.14.dist-info/METADATA,sha256=9dUf9xXbCrzPWzoBiwpvv_oQLd8c9YkXtJuV7WkEqqQ,10444
+devsecops_engine_tools-1.8.14.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.8.14.dist-info/entry_points.txt,sha256=9IjXF_7Zpgowq_SY6OSmsA9vZze18a8_AeHwkQVrgKk,131
+devsecops_engine_tools-1.8.14.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.8.14.dist-info/RECORD,,