devsecops-engine-tools 1.81.1__py3-none-any.whl → 1.83.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devsecops-engine-tools might be problematic. Click here for more details.
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py +2 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py +2 -1
- devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py +32 -4
- devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/entry_point_report_sonar.py +11 -5
- devsecops_engine_tools/version.py +1 -1
- {devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/METADATA +1 -1
- {devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/RECORD +10 -12
- devsecops_engine_tools/engine_utilities/sonarqube/application/__init__.py +0 -0
- devsecops_engine_tools/engine_utilities/sonarqube/application/defect_dojo_report.py +0 -27
- {devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/WHEEL +0 -0
- {devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/entry_points.txt +0 -0
- {devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/top_level.txt +0 -0
|
@@ -142,8 +142,9 @@ class DependencyCheckTool(ToolGateway):
|
|
|
142
142
|
pattern = get_artifacts.excluded_files(
|
|
143
143
|
remote_config, pipeline_name, exclusion, "DEPENDENCY_CHECK"
|
|
144
144
|
)
|
|
145
|
+
ignore_files = remote_config.get("IGNORE_FILES", [])
|
|
145
146
|
to_scan = get_artifacts.find_artifacts(
|
|
146
|
-
to_scan, pattern, remote_config["DEPENDENCY_CHECK"]["PACKAGES_TO_SCAN"]
|
|
147
|
+
to_scan, pattern, remote_config["DEPENDENCY_CHECK"]["PACKAGES_TO_SCAN"], ignore_files
|
|
147
148
|
)
|
|
148
149
|
|
|
149
150
|
if not to_scan:
|
|
@@ -194,8 +194,9 @@ class XrayScan(ToolGateway):
|
|
|
194
194
|
pattern = get_artifacts.excluded_files(
|
|
195
195
|
remote_config, pipeline_name, exclusion, "XRAY"
|
|
196
196
|
)
|
|
197
|
+
ignore_files = remote_config.get("IGNORE_FILES", [])
|
|
197
198
|
to_scan = get_artifacts.find_artifacts(
|
|
198
|
-
to_scan, pattern, remote_config["XRAY"]["PACKAGES_TO_SCAN"]
|
|
199
|
+
to_scan, pattern, remote_config["XRAY"]["PACKAGES_TO_SCAN"], ignore_files
|
|
199
200
|
)
|
|
200
201
|
cwd = os.getcwd()
|
|
201
202
|
if not to_scan:
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py
CHANGED
|
@@ -33,6 +33,25 @@ class GetArtifacts:
|
|
|
33
33
|
|
|
34
34
|
return pattern
|
|
35
35
|
|
|
36
|
+
def filter_ignored_files(self, files_list, ignore_files):
|
|
37
|
+
if not ignore_files:
|
|
38
|
+
return files_list
|
|
39
|
+
|
|
40
|
+
filtered_files = []
|
|
41
|
+
for file_path in files_list:
|
|
42
|
+
should_ignore = False
|
|
43
|
+
file_name = os.path.basename(file_path)
|
|
44
|
+
|
|
45
|
+
for ignore_pattern in ignore_files:
|
|
46
|
+
if (re.search(ignore_pattern, file_name, re.IGNORECASE) or re.search(ignore_pattern, file_path, re.IGNORECASE)):
|
|
47
|
+
should_ignore = True
|
|
48
|
+
break
|
|
49
|
+
|
|
50
|
+
if not should_ignore:
|
|
51
|
+
filtered_files.append(file_path)
|
|
52
|
+
|
|
53
|
+
return filtered_files
|
|
54
|
+
|
|
36
55
|
def find_packages(self, pattern, packages, working_dir):
|
|
37
56
|
packages_list = []
|
|
38
57
|
files_list = []
|
|
@@ -69,7 +88,7 @@ class GetArtifacts:
|
|
|
69
88
|
shutil.copy2(file, target)
|
|
70
89
|
logger.debug(f"File to scan: {file}")
|
|
71
90
|
|
|
72
|
-
def find_artifacts(self, to_scan, pattern, packages):
|
|
91
|
+
def find_artifacts(self, to_scan, pattern, packages, ignore_files=None):
|
|
73
92
|
dir_to_scan_path = os.path.join(to_scan, "dependencies_to_scan")
|
|
74
93
|
if os.path.exists(dir_to_scan_path):
|
|
75
94
|
shutil.rmtree(dir_to_scan_path)
|
|
@@ -77,6 +96,11 @@ class GetArtifacts:
|
|
|
77
96
|
|
|
78
97
|
packages_list, files_list = self.find_packages(pattern, packages, to_scan)
|
|
79
98
|
|
|
99
|
+
if ignore_files:
|
|
100
|
+
filtered_files_list = self.filter_ignored_files(files_list, ignore_files)
|
|
101
|
+
else:
|
|
102
|
+
filtered_files_list = files_list
|
|
103
|
+
|
|
80
104
|
for package in packages_list:
|
|
81
105
|
tar_path = os.path.join(
|
|
82
106
|
dir_to_scan_path,
|
|
@@ -88,8 +112,8 @@ class GetArtifacts:
|
|
|
88
112
|
)
|
|
89
113
|
self.compress_and_mv(tar_path, package)
|
|
90
114
|
|
|
91
|
-
if len(
|
|
92
|
-
self.move_files(dir_to_scan_path,
|
|
115
|
+
if len(filtered_files_list):
|
|
116
|
+
self.move_files(dir_to_scan_path, filtered_files_list)
|
|
93
117
|
|
|
94
118
|
files = os.listdir(dir_to_scan_path)
|
|
95
119
|
files = [
|
|
@@ -102,8 +126,12 @@ class GetArtifacts:
|
|
|
102
126
|
file_to_scan = os.path.join(dir_to_scan_path, "file_to_scan.tar")
|
|
103
127
|
self.compress_and_mv(file_to_scan, dir_to_scan_path)
|
|
104
128
|
files_string = ", ".join(files)
|
|
105
|
-
logger.debug(f"Files to scan: {files_string}")
|
|
106
129
|
print(f"Files to scan: {files_string}")
|
|
130
|
+
|
|
131
|
+
if ignore_files and len(filtered_files_list) < len(files_list):
|
|
132
|
+
ignored_files = set([os.path.basename(f) for f in files_list if f not in filtered_files_list])
|
|
133
|
+
files_ignore_string = ", ".join(ignored_files)
|
|
134
|
+
print(f"Files ignored: {files_ignore_string}")
|
|
107
135
|
else:
|
|
108
136
|
logger.warning("No artifacts found")
|
|
109
137
|
|
|
@@ -37,11 +37,17 @@ def init_report_sonar(
|
|
|
37
37
|
pipeline_name = devops_platform_gateway.get_variable("pipeline_name")
|
|
38
38
|
branch = devops_platform_gateway.get_variable("branch_tag")
|
|
39
39
|
|
|
40
|
-
is_valid_pipeline = not
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
40
|
+
is_valid_pipeline = pipeline_name not in excluded_pipelines and not any(
|
|
41
|
+
[
|
|
42
|
+
re.match(
|
|
43
|
+
pattern,
|
|
44
|
+
pipeline_name,
|
|
45
|
+
re.IGNORECASE
|
|
46
|
+
) for pattern in
|
|
47
|
+
[report_config_tool["IGNORE_SEARCH_PATTERN"]] +
|
|
48
|
+
list(excluded_pipelines.get("BY_PATTERN_SEARCH", {}).keys())
|
|
49
|
+
]
|
|
50
|
+
)
|
|
45
51
|
|
|
46
52
|
is_valid_branch = any(
|
|
47
53
|
target_branch in str(branch).split("/")
|
|
@@ -1 +1 @@
|
|
|
1
|
-
version = '1.
|
|
1
|
+
version = '1.83.0'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
devsecops_engine_tools/version.py,sha256=
|
|
2
|
+
devsecops_engine_tools/version.py,sha256=39ywnshMZSQAqe2Dho34rt7AfS0GvwnmcO27AN2kj7c,19
|
|
3
3
|
devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
4
4
|
devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
5
5
|
devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -239,14 +239,14 @@ devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/__init_
|
|
|
239
239
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
240
240
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
241
241
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_deserialize.py,sha256=yT8C4bGIMii8XE8wnJW0bv6NI2DP-fpvGZTnG5H7gSg,8875
|
|
242
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=
|
|
242
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/dependency_check/dependency_check_tool.py,sha256=5KF8gplfB0sqr9i9_dkmeiV6q-diyQWK7JjS59msY4w,7317
|
|
243
243
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
244
244
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_deserialize_output.py,sha256=ZUk-e1PKzV7uRAT7BpET363pgl2eMnXMCGSpewsOpKg,2236
|
|
245
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=
|
|
245
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py,sha256=kT4Qwahl4HKVMwwwB3mJS5JlIi2jv3ajGV_8zmGfnhs,11607
|
|
246
246
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
247
247
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py,sha256=t2nAJ86ZyL6nz_tdrcWZ3cf5pnXhJ_q1AfVAbNhcrSk,3772
|
|
248
248
|
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
249
|
-
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py,sha256=
|
|
249
|
+
devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/helpers/get_artifacts.py,sha256=ECczGxi-neekJAJkMBaRCE_1NTqmcv-5tB90F3GKz7w,5234
|
|
250
250
|
devsecops_engine_tools/engine_utilities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
251
251
|
devsecops_engine_tools/engine_utilities/settings.py,sha256=CPnDndwVeRgQNml3HVzvytVruDd8dTd1ICHbkMDSgTM,2144
|
|
252
252
|
devsecops_engine_tools/engine_utilities/azuredevops/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -322,8 +322,6 @@ devsecops_engine_tools/engine_utilities/input_validations/validate_input_with_re
|
|
|
322
322
|
devsecops_engine_tools/engine_utilities/sbom/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
323
323
|
devsecops_engine_tools/engine_utilities/sbom/deserealizator.py,sha256=6mFNI0B-MBoxDa3l33pZhrfHHBcNIPS6W83yxmpkqn8,880
|
|
324
324
|
devsecops_engine_tools/engine_utilities/sonarqube/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
325
|
-
devsecops_engine_tools/engine_utilities/sonarqube/application/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
326
|
-
devsecops_engine_tools/engine_utilities/sonarqube/application/defect_dojo_report.py,sha256=q7CYTNHMhlud1Zc5dY5hZDQ1_plwoUfElWuXtz8hza0,857
|
|
327
325
|
devsecops_engine_tools/engine_utilities/sonarqube/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
328
326
|
devsecops_engine_tools/engine_utilities/sonarqube/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
329
327
|
devsecops_engine_tools/engine_utilities/sonarqube/src/applications/runner_report_sonar.py,sha256=NYXNgxjH-bzpBB0eOY-kaKX0ZqKyEakw2Khads3tRmo,4099
|
|
@@ -338,7 +336,7 @@ devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adap
|
|
|
338
336
|
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adapters/sonarqube/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
339
337
|
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/driven_adapters/sonarqube/sonarqube_report.py,sha256=BpCLMgFQjytZc1HfZ5hXqX44E8T0JhLpAaNOVq5pFjo,4909
|
|
340
338
|
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
341
|
-
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/entry_point_report_sonar.py,sha256=
|
|
339
|
+
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/entry_points/entry_point_report_sonar.py,sha256=72jwdpOuuvfT5ItBmBom30C968iEmvfOG422uvslyB8,2801
|
|
342
340
|
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
343
341
|
devsecops_engine_tools/engine_utilities/sonarqube/src/infrastructure/helpers/utils.py,sha256=SGOWrkzQrvOt9bRhhSfgiMzj1695e1W0B9ox9C1ihQI,294
|
|
344
342
|
devsecops_engine_tools/engine_utilities/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -352,8 +350,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
|
|
|
352
350
|
devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
|
|
353
351
|
devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
|
|
354
352
|
devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
|
|
355
|
-
devsecops_engine_tools-1.
|
|
356
|
-
devsecops_engine_tools-1.
|
|
357
|
-
devsecops_engine_tools-1.
|
|
358
|
-
devsecops_engine_tools-1.
|
|
359
|
-
devsecops_engine_tools-1.
|
|
353
|
+
devsecops_engine_tools-1.83.0.dist-info/METADATA,sha256=khYq9O8m8GlR7aPVHHRmmIuc1MvEk1ukFUHG0L3K6S8,12093
|
|
354
|
+
devsecops_engine_tools-1.83.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
|
|
355
|
+
devsecops_engine_tools-1.83.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
|
|
356
|
+
devsecops_engine_tools-1.83.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
|
|
357
|
+
devsecops_engine_tools-1.83.0.dist-info/RECORD,,
|
|
File without changes
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
# Description: This file is used to report the vulnerabilities to sonarqube vultracker.
|
|
2
|
-
from engine_utilities.utils.logger_info import MyLogger
|
|
3
|
-
from engine_utilities import settings
|
|
4
|
-
from engine_utilities.sonarqube.infraestructure.entry_point.entry_point_report_defect_dojo import(
|
|
5
|
-
init_report_defect_dojo
|
|
6
|
-
)
|
|
7
|
-
from engine_core.src.infrastructure.driven_adapters.aws.secrets_manager import(
|
|
8
|
-
SecretsManager
|
|
9
|
-
)
|
|
10
|
-
from engine_core.src.infrastructure.driven_adapters.azure.azure_devops import(
|
|
11
|
-
AzureDevops
|
|
12
|
-
)
|
|
13
|
-
from engine_utilities.sonarqube.infraestructure.driven_adapter.defect_dojo import(
|
|
14
|
-
DefectDojoAdapter
|
|
15
|
-
)
|
|
16
|
-
|
|
17
|
-
logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
|
|
18
|
-
|
|
19
|
-
def task_core():
|
|
20
|
-
init_report_defect_dojo(
|
|
21
|
-
SecretsManager(),
|
|
22
|
-
AzureDevops(),
|
|
23
|
-
DefectDojoAdapter()
|
|
24
|
-
)
|
|
25
|
-
|
|
26
|
-
if __name__ == "__main__":
|
|
27
|
-
task_core()
|
|
File without changes
|
{devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{devsecops_engine_tools-1.81.1.dist-info → devsecops_engine_tools-1.83.0.dist-info}/top_level.txt
RENAMED
|
File without changes
|