def exec_tool(args, cwd=None, env=os.environ.copy(), stdout=subprocess.DEVNULL): """ Convenience method to invoke cli tools Args: args cli command and args cwd Current working directory env Environment variables stdout stdout configuration for run command Returns: CompletedProcess instance """ try: env = use_java(env) LOG.info("=" * 80) LOG.debug('⚡︎ Executing "{}"'.format(" ".join(args))) cp = subprocess.run( args, stdout=stdout, stderr=subprocess.STDOUT, cwd=cwd, env=env, check=False, shell=False, encoding="utf-8", ) return cp except Exception as e: LOG.error(e) return None
def fetch_findings(app_name, version, report_fname): """ Fetch findings from the NG SAST Cloud """ sl_org = config.get("SHIFTLEFT_ORG_ID", config.get("SHIFTLEFT_ORGANIZATION_ID")) sl_org_token = config.get( "SHIFTLEFT_ORG_TOKEN", config.get("SHIFTLEFT_ORGANIZATION_TOKEN") ) if not sl_org_token: sl_org_token = config.get("SHIFTLEFT_API_TOKEN") findings_api = config.get("SHIFTLEFT_VULN_API") findings_list = [] if sl_org and sl_org_token: findings_api = findings_api % dict( sl_org=sl_org, app_name=app_name, version=version ) query_obj = { "query": { "returnRuntimeData": False, "orderByDirection": "VULNERABILITY_ORDER_DIRECTION_DESC", } } headers = { "Content-Type": "application/json", "Authorization": "Bearer " + sl_org_token, } try: r = requests.post(findings_api, headers=headers, json=query_obj) if r.status_code == 200: findings_data = r.json() if findings_data: findings_list += findings_data.get("vulnerabilities", []) nextPageBookmark = findings_data.get("nextPageBookmark") # Recurse and fetch all pages while nextPageBookmark: LOG.debug("Retrieving findings from next page") r = requests.post( findings_api, headers=headers, json={"pageBookmark": nextPageBookmark}, ) if r.status_code == 200: findings_data = r.json() if findings_data: findings_list += findings_data.get( "vulnerabilities", [] ) nextPageBookmark = findings_data.get("nextPageBookmark") else: nextPageBookmark = None with open(report_fname, mode="w") as rp: json.dump({"vulnerabilities": findings_list}, rp) LOG.debug( "Data written to {}, {}".format( report_fname, len(findings_list) ) ) return findings_list else: if not findings_list: LOG.warning( "Unable to retrieve any findings from NG SAST Cloud. Status {}".format( r.status_code ) ) else: LOG.debug( "Unable to retrieve some findings from NG SAST Cloud. Proceeding with partial list. Status {}".format( r.status_code ) ) return findings_list except Exception as e: LOG.error(e) else: return findings_list