def _get_suppressions_from_platform(self): headers = merge_dicts( get_default_get_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version), get_auth_header(self.bc_integration.get_auth_token())) response = requests.request('GET', self.suppressions_url, headers=headers) if response.status_code != 200: error_message = extract_error_message(response) raise Exception( f'Get suppressions request failed with response code {response.status_code}: {error_message}' ) # filter out suppressions that we know just don't apply suppressions = [ s for s in json.loads(response.content) if self._suppression_valid_for_run(s) ] for suppression in suppressions: if suppression['policyId'] in self.bc_integration.bc_id_mapping: suppression[ 'checkovPolicyId'] = self.bc_integration.bc_id_mapping[ suppression['policyId']] else: suppression['checkovPolicyId'] = suppression[ 'policyId'] # custom policy return suppressions
def _get_policies_from_platform(self): headers = merge_dicts(get_default_get_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version), get_auth_header(self.bc_integration.bc_api_key)) response = requests.request('GET', self.policies_url, headers=headers) if response.status_code != 200: error_message = extract_error_message(response) raise Exception(f'Get custom policies request failed with response code {response.status_code}: {error_message}') policies = response.json().get('data', []) return policies
def download_twistcli(self, cli_file_name): os_type = platform.system().lower() headers = merge_dicts( get_default_get_headers(bc_integration.bc_source, bc_integration.bc_source_version), get_auth_header(bc_integration.bc_api_key)) response = requests.request( 'GET', f"{self.docker_image_scanning_base_url}/twistcli/download?os={os_type}", headers=headers) open(cli_file_name, 'wb').write(response.content) st = os.stat(cli_file_name) os.chmod(cli_file_name, st.st_mode | stat.S_IEXEC) logging.debug(f'TwistCLI downloaded and has execute permission')
def report_results(self, docker_image_name, dockerfile_path, dockerfile_content, twistcli_scan_result): headers = merge_dicts( get_default_post_headers(bc_integration.bc_source, bc_integration.bc_source_version), get_auth_header(bc_integration.bc_api_key)) vulnerabilities = list( map( lambda x: { 'cveId': x['id'], 'status': x.get('status', 'open'), 'severity': x['severity'], 'packageName': x['packageName'], 'packageVersion': x['packageVersion'], 'link': x['link'], 'cvss': x.get('cvss'), 'vector': x.get('vector'), 'description': x.get('description'), 'riskFactors': x.get('riskFactors'), 'publishedDate': x.get('publishedDate') or (datetime.now() - timedelta( days=x.get('publishedDays', 0))).isoformat() }, twistcli_scan_result['results'][0].get('vulnerabilities', []))) payload = { 'sourceId': bc_integration.repo_id, 'branch': bc_integration.repo_branch, 'dockerImageName': docker_image_name, 'dockerFilePath': dockerfile_path, 'dockerFileContent': dockerfile_content, 'sourceType': bc_integration.bc_source, 'vulnerabilities': vulnerabilities } response = requests.request( 'POST', f"{self.docker_image_scanning_base_url}/report", headers=headers, json=payload) response.raise_for_status()
def _get_fixes_for_file(self, check_type, filename, file_contents, failed_checks): errors = list( map( lambda c: { 'resourceId': c.resource, 'policyId': self.bc_integration.ckv_to_bc_id_mapping[c.check_id], 'startLine': c.file_line_range[0], 'endLine': c.file_line_range[1] }, failed_checks)) payload = { 'filePath': filename, 'fileContent': file_contents, 'framework': check_type, 'errors': errors } headers = merge_dicts( get_default_post_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version), get_auth_header(self.bc_integration.bc_api_key)) response = requests.request('POST', self.fixes_url, headers=headers, json=payload) if response.status_code != 200: error_message = extract_error_message(response) raise Exception( f'Get fixes request failed with response code {response.status_code}: {error_message}' ) logging.debug(f'Response from fixes API: {response.content}') fixes = json.loads(response.content) if response.content else None if not fixes or type(fixes) != list: logging.warning( f'Unexpected fixes API response for file {filename}; skipping fixes for this file' ) return None return fixes[0]
def _get_fixes_for_file(self, filename, file_contents, failed_checks): errors = list( map( lambda c: { 'resourceId': c.resource, 'policyId': self.bc_integration.ckv_to_bc_id_mapping[c.check_id], 'startLine': c.file_line_range[0], 'endLine': c.file_line_range[1] }, failed_checks)) payload = { 'filePath': filename, 'fileContent': file_contents, 'errors': errors } headers = merge_dicts( get_default_post_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version), get_auth_header(self.bc_integration.bc_api_key)) response = requests.request('POST', self.fixes_url, headers=headers, json=payload) if response.status_code != 200: error_message = extract_error_message(response) raise Exception( f'Get fixes request failed with response code {response.status_code}: {error_message}' ) fixes = json.loads(response.content) return fixes[0]