PyPI - devsecops-engine-tools - Versions diffs - 1.81.0__py3-none-any.whl → 1.82.0__py3-none-any.whl - Mend

devsecops-engine-tools 1.81.0py3-none-any.whl → 1.82.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (11) hide show

devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py CHANGED Viewed

@@ -7,45 +7,6 @@ class HandleFilters:
         self._get_priority_vulnerability(active_findings)
         return active_findings
-    def filter_duplicated(self, findings):
-        unique_findings = []
-        findings_map = {}
-        for finding in findings:
-            key = (finding.where, tuple(finding.id), finding.vuln_id_from_tool)
-            if key in findings_map:
-                existing_finding = findings_map[key]
-                combined_services = existing_finding.service.split() + [
-                    s
-                    for s in finding.service.split()
-                    if s not in existing_finding.service.split()
-                ]
-                combined_vm_ids = existing_finding.vm_id.split() + [
-                    vm
-                    for vm in finding.vm_id.split()
-                    if vm not in existing_finding.vm_id.split()
-                ]
-                combined_vm_id_urls = existing_finding.vm_id_url.split() + [
-                    vm_url
-                    for vm_url in finding.vm_id_url.split()
-                    if vm_url not in existing_finding.vm_id_url.split()
-                ]
-                if finding.age >= existing_finding.age:
-                    new_finding = copy.deepcopy(finding)
-                    new_finding.service = " ".join(combined_services)
-                    new_finding.vm_id = " ".join(combined_vm_ids)
-                    new_finding.vm_id_url = " ".join(combined_vm_id_urls)
-                    findings_map[key] = new_finding
-                else:
-                    existing_finding.service = " ".join(combined_services)
-                    existing_finding.vm_id = " ".join(combined_vm_ids)
-                    existing_finding.vm_id_url = " ".join(combined_vm_id_urls)
-            else:
-                findings_map[key] = copy.deepcopy(finding)
-        unique_findings = list(findings_map.values())
-        return unique_findings
     def filter_tags_days(self, devops_platform_gateway, remote_config, findings):
         tag_exclusion_days = remote_config["TAG_EXCLUSION_DAYS"]
         filtered_findings = []

devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py CHANGED Viewed

@@ -52,10 +52,8 @@ def init_engine_risk(
     active_findings = handle_filters.filter(findings)
-    unique_findings = handle_filters.filter_duplicated(active_findings)
     filtered_findings, len_tag_filtered = handle_filters.filter_tags_days(
-        devops_platform_gateway, remote_config, unique_findings
+        devops_platform_gateway, remote_config, active_findings
     )
     data_added = AddData(add_epss_gateway, filtered_findings).process()

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py CHANGED Viewed

@@ -142,8 +142,9 @@ class DependencyCheckTool(ToolGateway):
         pattern = get_artifacts.excluded_files(
             remote_config, pipeline_name, exclusion, "DEPENDENCY_CHECK"
         )
+        ignore_files = remote_config.get("IGNORE_FILES", [])
         to_scan = get_artifacts.find_artifacts(
-            to_scan, pattern, remote_config["DEPENDENCY_CHECK"]["PACKAGES_TO_SCAN"]
+            to_scan, pattern, remote_config["DEPENDENCY_CHECK"]["PACKAGES_TO_SCAN"], ignore_files
         )
         if not to_scan:

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py CHANGED Viewed

@@ -194,8 +194,9 @@ class XrayScan(ToolGateway):
             pattern = get_artifacts.excluded_files(
                 remote_config, pipeline_name, exclusion, "XRAY"
             )
+            ignore_files = remote_config.get("IGNORE_FILES", [])
             to_scan = get_artifacts.find_artifacts(
-                to_scan, pattern, remote_config["XRAY"]["PACKAGES_TO_SCAN"]
+                to_scan, pattern, remote_config["XRAY"]["PACKAGES_TO_SCAN"], ignore_files
             )
             cwd = os.getcwd()
             if not to_scan:

devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py CHANGED Viewed

@@ -33,6 +33,25 @@ class GetArtifacts:
         return pattern
+    def filter_ignored_files(self, files_list, ignore_files):
+        if not ignore_files:
+            return files_list
+        filtered_files = []
+        for file_path in files_list:
+            should_ignore = False
+            file_name = os.path.basename(file_path)
+            for ignore_pattern in ignore_files:
+                if (re.search(ignore_pattern, file_name, re.IGNORECASE) or re.search(ignore_pattern, file_path, re.IGNORECASE)):
+                    should_ignore = True
+                    break
+            if not should_ignore:
+                filtered_files.append(file_path)
+        return filtered_files
     def find_packages(self, pattern, packages, working_dir):
         packages_list = []
         files_list = []
@@ -69,7 +88,7 @@ class GetArtifacts:
             shutil.copy2(file, target)
             logger.debug(f"File to scan: {file}")
-    def find_artifacts(self, to_scan, pattern, packages):
+    def find_artifacts(self, to_scan, pattern, packages, ignore_files=None):
         dir_to_scan_path = os.path.join(to_scan, "dependencies_to_scan")
         if os.path.exists(dir_to_scan_path):
             shutil.rmtree(dir_to_scan_path)
@@ -77,6 +96,11 @@ class GetArtifacts:
         packages_list, files_list = self.find_packages(pattern, packages, to_scan)
+        if ignore_files:
+            filtered_files_list = self.filter_ignored_files(files_list, ignore_files)
+        else:
+            filtered_files_list = files_list
         for package in packages_list:
             tar_path = os.path.join(
                 dir_to_scan_path,
@@ -88,8 +112,8 @@ class GetArtifacts:
             )
             self.compress_and_mv(tar_path, package)
-        if len(files_list):
-            self.move_files(dir_to_scan_path, files_list)
+        if len(filtered_files_list):
+            self.move_files(dir_to_scan_path, filtered_files_list)
         files = os.listdir(dir_to_scan_path)
         files = [
@@ -102,8 +126,12 @@ class GetArtifacts:
             file_to_scan = os.path.join(dir_to_scan_path, "file_to_scan.tar")
             self.compress_and_mv(file_to_scan, dir_to_scan_path)
             files_string = ", ".join(files)
-            logger.debug(f"Files to scan: {files_string}")
             print(f"Files to scan: {files_string}")
+            if ignore_files and len(filtered_files_list) < len(files_list):
+                ignored_files = set([os.path.basename(f) for f in files_list if f not in filtered_files_list])
+                files_ignore_string = ", ".join(ignored_files)
+                print(f"Files ignored: {files_ignore_string}")
         else:
             logger.warning("No artifacts found")

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.81.0'
1	+ version = '1.82.0'

{devsecops_engine_tools-1.81.0.dist-info → devsecops_engine_tools-1.82.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.81.0
+Version: 1.82.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.81.0.dist-info → devsecops_engine_tools-1.82.0.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=u072QCaCtS931pJYi48X385PnfpT9oB1ysIyygRVXh4,19
+devsecops_engine_tools/version.py,sha256=vL5Lm-NSzzA8AwePtmNmf3k1XSspUDxm9fFe5uddV00,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -104,13 +104,13 @@ devsecops_engine_tools/engine_risk/src/domain/usecases/add_data.py,sha256=4wqDj-
 devsecops_engine_tools/engine_risk/src/domain/usecases/break_build.py,sha256=nCUvHa4azCfQSdVzoJcyWOn3vzdSlgibzBS2J3Qqfsc,17011
 devsecops_engine_tools/engine_risk/src/domain/usecases/check_threshold.py,sha256=VYdmcbAuNNvdHCegRfvza7YJ8FHbFNyDosrKJrMW93I,765
 devsecops_engine_tools/engine_risk/src/domain/usecases/get_exclusions.py,sha256=UNULFNbGAgQKxUQ7buEgL8uIzyVP3GEpGKguDIuZTUc,4113
-devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=R53fnuIQYfr7YbpMz1BGPJ1d5z9jY_Hnm7EmPt99wlE,3608
+devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py,sha256=vluqHpEgzbsh1fyuE-UX41u2yj8TYiRX3UabiwrEcbw,1810
 devsecops_engine_tools/engine_risk/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_risk/src/infrastructure/driven_adapters/first_csv/first_epss_csv.py,sha256=puyoD1csvsJJTmTlJELS97NMoWC4hHAIbYuu916hvQY,2160
 devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=gBuEYcHVPJv0PEUpBcwsAHXOFn9AUrfn5pIo_PPvIqk,2712
+devsecops_engine_tools/engine_risk/src/infrastructure/entry_points/entry_point_risk.py,sha256=6-qnhftZ8bH0KGt_-KhD1lRO2ft71JaSqAPOiX_e1s0,2639
 devsecops_engine_tools/engine_risk/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sast/engine_code/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -239,14 +239,14 @@ devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/__init_
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py,sha256=yT8C4bGIMii8XE8wnJW0bv6NI2DP-fpvGZTnG5H7gSg,8875
-devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=2gRtoVWbgv-5tdg2fedsGO5a5AI__qjbFHCytu9WMF0,7242
+devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=5KF8gplfB0sqr9i9_dkmeiV6q-diyQWK7JjS59msY4w,7317
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py,sha256=ZUk-e1PKzV7uRAT7BpET363pgl2eMnXMCGSpewsOpKg,2236
-devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=Z69iiuMJBYViSsBjTza-n59-jlevI1ydEGpIwifPPWs,11528
+devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=kT4Qwahl4HKVMwwwB3mJS5JlIi2jv3ajGV_8zmGfnhs,11607
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py,sha256=t2nAJ86ZyL6nz_tdrcWZ3cf5pnXhJ_q1AfVAbNhcrSk,3772
 devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py,sha256=CpzyUJyO2bRtv6mZJODV5NL5ea79_VRqsYKC0oYDsNU,4077
+devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py,sha256=ECczGxi-neekJAJkMBaRCE_1NTqmcv-5tB90F3GKz7w,5234
 devsecops_engine_tools/engine_utilities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_utilities/settings.py,sha256=CPnDndwVeRgQNml3HVzvytVruDd8dTd1ICHbkMDSgTM,2144
 devsecops_engine_tools/engine_utilities/azuredevops/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -352,8 +352,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.81.0.dist-info/METADATA,sha256=6xNDWSnPe_SKjQIOTdgEWgWNEdYC1FLN22XgK_vwHuI,12093
-devsecops_engine_tools-1.81.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
-devsecops_engine_tools-1.81.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.81.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.81.0.dist-info/RECORD,,
+devsecops_engine_tools-1.82.0.dist-info/METADATA,sha256=xQCnIVzAPBfiuoVW3GmVV-eQseZi2B69nsR_L9KhGV8,12093
+devsecops_engine_tools-1.82.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
+devsecops_engine_tools-1.82.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.82.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.82.0.dist-info/RECORD,,

{devsecops_engine_tools-1.81.0.dist-info → devsecops_engine_tools-1.82.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.81.0.dist-info → devsecops_engine_tools-1.82.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.81.0.dist-info → devsecops_engine_tools-1.82.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.81.0__py3-none-any.whl → 1.82.0__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.81.0py3-none-any.whl → 1.82.0py3-none-any.whl