def __init__(self):
self.bc_api_key = read_key()
self.s3_client = None
self.bucket = None
self.credentials = None
self.repo_path = None
self.repo_id = None
self.repo_branch = None
self.skip_fixes = False
self.skip_suppressions = False
self.skip_policy_download = False
self.timestamp = None
self.scan_reports = []
self.api_url = os.getenv('BC_API_URL', "https://www.bridgecrew.cloud")
self.prisma_url = normalize_prisma_url(os.getenv("PRISMA_API_URL"))
if self.prisma_url:
self.api_url = f"{self.prisma_url}/bridgecrew"
self.bc_source = None
self.bc_source_version = None
self.integrations_api_url = f"{self.api_url}/api/v1/integrations/types/checkov"
self.guidelines_api_url = f"{self.api_url}/api/v1/guidelines"
self.customer_all_guidelines_api_url = f"{self.api_url}/api/v1/guidelines/customer"
self.onboarding_url = f"{self.api_url}/api/v1/signup/checkov"
self.api_token_url = f"{self.api_url}/api/v1/integrations/apiToken"
self.suppressions_url = f"{self.api_url}/api/v1/suppressions"
self.guidelines = None
self.bc_id_mapping = None
self.ckv_to_bc_id_mapping = None
self.use_s3_integration = False
self.platform_integration_configured = False
self.http = None
self.excluded_paths = []
self.bc_skip_mapping = False
def test_normalize_prisma_url(self):
self.assertEqual('https://api0.prismacloud.io',
normalize_prisma_url('https://api0.prismacloud.io'))
self.assertEqual('https://api0.prismacloud.io',
normalize_prisma_url('https://app0.prismacloud.io'))
self.assertEqual('https://api0.prismacloud.io',
normalize_prisma_url('http://api0.prismacloud.io'))
self.assertEqual('https://api0.prismacloud.io',
normalize_prisma_url('https://api0.prismacloud.io/'))
self.assertIsNone(normalize_prisma_url(''))
self.assertIsNone(normalize_prisma_url(None))
def setup_bridgecrew_credentials(self,
repo_id,
skip_fixes=False,
skip_suppressions=False,
skip_policy_download=False,
source=None,
source_version=None,
repo_branch=None,
prisma_api_url=None):
"""
Setup credentials against Bridgecrew's platform.
:param source:
:param skip_fixes: whether to skip querying fixes from Bridgecrew
:param repo_id: Identity string of the scanned repository, of the form <repo_owner>/<repo_name>
"""
self.repo_id = repo_id
self.repo_branch = repo_branch
self.skip_fixes = skip_fixes
self.skip_suppressions = skip_suppressions
self.skip_policy_download = skip_policy_download
self.bc_source = source
self.bc_source_version = source_version
if prisma_api_url:
self.prisma_api_url = normalize_prisma_url(prisma_api_url)
self.api_url = f"{self.prisma_api_url}/bridgecrew"
self.api_token_url = f"{self.api_url}/api/v1/integrations/apiToken"
self.customer_all_guidelines_api_url = f"{self.api_url}/api/v1/guidelines/customer"
self.guidelines_api_url = f"{self.api_url}/api/v1/guidelines"
self.integrations_api_url = f"{self.api_url}/api/v1/integrations/types/checkov"
self.onboarding_url = f"{self.api_url}/api/v1/signup/checkov"
self.suppressions_url = f"{self.api_url}/api/v1/suppressions"
logging.info(f'Using Prisma API URL: {self.prisma_api_url}')
if self.bc_source.upload_results:
try:
self.skip_fixes = True # no need to run fixes on CI integration
repo_full_path, response = self.get_s3_role(repo_id)
self.bucket, self.repo_path = repo_full_path.split("/", 1)
self.timestamp = self.repo_path.split("/")[-1]
self.credentials = response["creds"]
self.s3_client = boto3.client(
"s3",
aws_access_key_id=self.credentials["AccessKeyId"],
aws_secret_access_key=self.credentials["SecretAccessKey"],
aws_session_token=self.credentials["SessionToken"],
region_name=DEFAULT_REGION)
self.platform_integration_configured = True
self.use_s3_integration = True
except MaxRetryError as e:
logging.error(
f"An SSL error occurred connecting to the platform. If you are on a VPN, please try "
f"disabling it and re-running the command.\n{e}")
raise e
except HTTPError as e:
logging.error(f"Failed to get customer assumed role\n{e}")
raise e
except ClientError as e:
logging.error(
f"Failed to initiate client with credentials {self.credentials}\n{e}"
)
raise e
except JSONDecodeError as e:
logging.error(
f"Response of {self.integrations_api_url} is not a valid JSON\n{e}"
)
raise e
except BridgecrewAuthError as e:
logging.error(
"Received an error response during authentication")
raise e
self.get_id_mapping()
self.platform_integration_configured = True