def getApplicationEvaluationReports():
# get all application reports info
statusCode, applicationEvaluations = iq.getData(
'/api/v2/reports/applications')
if statusCode == 200:
# Write the json data to file
fileIO.writeJsonFile(appReportsJsonFile, applicationEvaluations)
for applicationEvaluation in applicationEvaluations:
applicationId = applicationEvaluation["applicationId"]
# only consider if the application has an override
if applicationHasOverride(applicationId):
applicationName = util.getApplicationName(
applicationEvaluation["reportDataUrl"])
applicationReportUrl = applicationEvaluation["reportDataUrl"]
stage = applicationEvaluation["stage"]
line = applicationName + "," + applicationId + "," + applicationReportUrl + "," + stage + "\n"
appsOverridenDb.append(line)
fileIO.writeCSVFile(appReportsUrlsCsvFile, "", appsOverridenDb)
return statusCode
def getOverRidesData():
# get security vulnerabilty override data
statusCode, overrides = iq.getData('/api/v2/securityOverrides')
if statusCode == 200:
# Write the json data to file
fileIO.writeJsonFile(overRidesJsonFile, overrides)
overrides = overrides['securityOverrides']
for override in overrides:
comment = override["comment"]
referenceId = override["referenceId"]
status = override["status"]
ownerName = override["owner"]["ownerName"]
ownerId = override["owner"]["ownerId"]
for affectedComponent in override["currentlyAffectedComponents"]:
packageUrl = affectedComponent["packageUrl"]
componentHash = affectedComponent["hash"]
# write only if it is format we need
if not util.overrideFormat(packageUrl):
continue
line = ownerName + "," + ownerId + "," + status + "," + comment + "," + packageUrl + "," + componentHash + "," + referenceId + "\n"
overRidesDb.append(line)
csvHeader = "ApplicationName,ApplicationId,OverrideStatus,Comment,PackageUrl,ComponentHash,CVE\n"
fileIO.writeCSVFile(overRidesCsvFile, csvHeader, overRidesDb)
return statusCode
def getSecurityOverRidesData():
statusCode, overrides = iq.getData('/api/v2/securityOverrides')
if statusCode == 200:
fileIO.writeJsonFile(securityOverRidesJsonFile, overrides)
print(securityOverRidesJsonFile)
for override in overrides['securityOverrides']:
comment = override["comment"]
referenceId = override["referenceId"]
status = override["status"]
ownerName = override["owner"]["ownerName"]
ownerId = override["owner"]["ownerId"]
for affectedComponent in override["currentlyAffectedComponents"]:
packageUrl = affectedComponent["packageUrl"]
componentHash = affectedComponent["hash"]
if not util.isAname(packageUrl):
continue
line = ownerName + "," + ownerId + "," + status + "," + comment + "," + packageUrl + "," + componentHash + "," + referenceId + "\n"
securityOverridesDb.append(line)
csvHeader = "ApplicationName,ApplicationId,OverrideStatus,Comment,PackageUrl,ComponentHash,CVE\n"
fileIO.writeCSVFile(securityOverRidesCsvFile, csvHeader,
securityOverridesDb)
print(securityOverRidesCsvFile)
def getLicenseOverrides():
with open(licenseOverridesCsvFile, 'w') as fd:
fd.write(
'ApplicationPublicId,ApplicationId,PackageUrl,Status,OverrideLicenseId,OverrideLicenseName\n'
)
fd.close()
with open(appReportsUrlsCsvFile) as csvfile:
r = csv.reader(csvfile, delimiter=',')
for row in r:
applicationName = row[0]
applicationId = row[1]
url = row[2]
statusCode, policyReportData = iq.getData('/' + url)
if statusCode == 200:
components = policyReportData["components"]
with open(licenseOverridesCsvFile, 'a') as fd:
for component in components:
packageUrl = component["packageUrl"]
if not packageUrl:
continue
licenseData = component["licenseData"]
if not licenseData:
continue
status = component["licenseData"]["status"]
if not util.isLicenseOverrideStatus(status):
continue
licenseOverride = component["licenseData"][
"overriddenLicenses"]
licenseStr = ""
for license in licenseOverride:
overriddenLicenseId = license["licenseId"]
overriddenLicenseName = license["licenseName"]
licenseStr = overriddenLicenseId + ":" + overriddenLicenseName + ";"
licenseStr = licenseStr[:-1]
line = applicationName + "," + applicationId + "," + packageUrl + "," + status + "," + overriddenLicenseId + "," + overriddenLicenseName + "\n"
fd.write(line)
lic_json = workdir + "/" + applicationName + ".json"
fileIO.writeJsonFile(lic_json, policyReportData)
print(licenseOverridesCsvFile)
return
def getApplicationEvaluationReports():
statusCode, applicationEvaluations = iq.getData('/api/v2/reports/applications')
if statusCode == 200:
fileIO.writeJsonFile(appReportsJsonFile, applicationEvaluations)
print(appReportsJsonFile)
for applicationEvaluation in applicationEvaluations:
applicationId = applicationEvaluation["applicationId"]
applicationName = util.getApplicationName(applicationEvaluation["reportDataUrl"])
applicationReportUrl = applicationEvaluation["reportDataUrl"]
stage = applicationEvaluation["stage"]
line = applicationName + "," + applicationId + "," + applicationReportUrl + "," + stage + "\n"
reportsDb.append(line)
fileIO.writeCSVFile(appReportsUrlsCsvFile, "", reportsDb)
print(appReportsUrlsCsvFile)
return
def getViolationInfoForOverride(url, findPackageUrl, findCve, overrideStatus, comment):
policyReportDataUrl = url.replace('/raw', '/policy')
statusCode, policyReportData = iq.getData('/' + policyReportDataUrl)
if statusCode == 200:
applicationId = policyReportData["application"]["id"]
applicationName = policyReportData["application"]["publicId"]
components = policyReportData["components"]
fn = workdir + "/" + applicationName + ".json"
fileIO.writeJsonFile(fn, policyReportData)
print(fn)
for component in components:
componentHash = component["hash"]
packageUrl = component["packageUrl"]
if not packageUrl:
packageUrl = "none"
if not findPackageUrl == packageUrl:
continue
if not util.isAname(packageUrl):
continue
policyName = ""
waived = ""
reason = ""
violations = component['violations']
for violation in violations:
policyThreatLevel = violation['policyThreatLevel']
if policyThreatLevel >= 7:
policyName = violation['policyName']
policyId = violation['policyId']
waived = violation['waived']
policyThreatCategory = violation['policyThreatCategory']
policyViolationId = violation['policyViolationId']
if policyThreatCategory == "QUALITY":
continue
line = ""
cve = ""
severity = ""
if policyThreatCategory == "SECURITY":
constraints = violation['constraints']
for constraint in constraints:
conditions = constraint['conditions']
for condition in conditions:
reason = condition['conditionReason']
cve, severity = getVulnerabilityDetails(reason)
# remove close bracket at the end
# severity = severity[:-1]
if not findCve == cve:
continue
with open(overrideViolationsCsvFile, 'a') as fd:
line = policyThreatCategory.lower() + "," + applicationName + "," + applicationId + "," + packageUrl + "," + componentHash + "," + policyName + "," + \
policyId + "," + str(policyThreatLevel) + "," + policyViolationId + "," + \
str(waived) + "," + cve + "," + severity + "," + overrideStatus + "," + comment + "\n"
fd.write(line)
return
def getPolicyViolationsForOverrideApplications():
# get the policy violations for each override application
with open(appPolicyViolationsCsvFile, 'w') as fd:
fd.write(
'ApplicationPublicId,ApplicationId,PackageUrl,ComponentHash,PolicyName,PolicyId,PolicyThreatCategory,PolicyThreatLevel,PolicyViolationId,Waived,CVE,Severity\n'
)
fd.close()
# read the app report urls file (it contains applications with overrides) and get the policy violations for each application
with open(appReportsUrlsCsvFile) as csvfile:
r = csv.reader(csvfile, delimiter=',')
for row in r:
url = row[2]
# we want the policy violations
policyReportDataUrl = url.replace('/raw', '/policy')
statusCode, policyReportData = iq.getData('/' +
policyReportDataUrl)
if statusCode == 200:
components = policyReportData["components"]
applicationId = policyReportData["application"]["id"]
applicationName = policyReportData["application"]["publicId"]
# write the json data
fileIO.writeJsonFile(workdir + "/" + applicationName + ".json",
policyReportData)
# write to csv file
with open(appPolicyViolationsCsvFile, 'a') as fd:
for component in components:
componentHash = component["hash"]
packageUrl = component["packageUrl"]
if not packageUrl:
packageUrl = "none"
# write only if it is format we need (ie. a-name)
if not util.overrideFormat(packageUrl):
continue
# write only if this component has an override
if not componentHasOverride(applicationId, packageUrl):
continue
policyName = ""
waived = ""
reason = ""
violations = component['violations']
for violation in violations:
policyThreatLevel = violation['policyThreatLevel']
# Only write if above threat level threshold
if policyThreatLevel >= 7:
policyName = violation['policyName']
policyId = violation['policyId']
waived = violation['waived']
policyThreatCategory = violation[
'policyThreatCategory']
policyViolationId = violation[
'policyViolationId']
constraints = violation['constraints']
for constraint in constraints:
conditions = constraint['conditions']
for condition in conditions:
reason = condition['conditionReason']
cve, severity = getVulnerabilityDetails(
reason)
# remove close bracket at the end
severity = severity[:-1]
line = applicationName + "," + applicationId + "," + packageUrl + "," + componentHash + "," + policyName + "," + \
policyId + "," + policyThreatCategory + "," + str(policyThreatLevel) + "," + policyViolationId + "," + \
str(waived) + "," + cve + "," + severity + "\n"
# write to file
fd.write(line)
print(appPolicyViolationsCsvFile)
return 200