async def report_results_async(
self,
twistcli_scan_result: Dict[str, Any],
bc_platform_integration: BcPlatformIntegration,
bc_api_key: str,
file_path: Path,
**kwargs: Any,
) -> int:
logging.info(f"Start to send report for package file {file_path}")
payload = self._create_report(
twistcli_scan_result=twistcli_scan_result,
bc_platform_integration=bc_platform_integration,
file_path=file_path,
**kwargs,
)
headers = merge_dicts(
get_default_post_headers(
bc_platform_integration.bc_source,
bc_platform_integration.bc_source_version),
{"Authorization": bc_api_key},
)
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(
resolver=aiohttp.AsyncResolver())) as session:
async with session.post(
url=f"{self.vulnerabilities_base_url}/report",
headers=headers,
json=payload) as response:
content = await response.text()
if response.ok:
logging.info(
f"Successfully send report for package file {file_path}")
return 0
else:
logging.error(
f"Failed to send report for package file {file_path}")
logging.error(
f"Status code: {response.status}, Reason: {response.reason}, Content: {content}"
)
return 1
def download_twistcli(self, cli_file_name: Path) -> None:
# backwards compatibility, should be removed in a later stage
cli_file_name_path = cli_file_name if isinstance(
cli_file_name, Path) else Path(cli_file_name)
os_type = platform.system().lower()
headers = merge_dicts(
get_default_get_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
{"Authorization": self.get_bc_api_key()},
)
response = requests.request(
"GET",
f"{self.vulnerabilities_base_url}/twistcli/download?os={os_type}",
headers=headers)
response.raise_for_status()
cli_file_name_path.write_bytes(response.content)
cli_file_name_path.chmod(cli_file_name_path.stat().st_mode
| stat.S_IEXEC)
logging.debug("twistcli downloaded and has execute permission")
def get_default_post_headers(client: SourceType, client_version: str):
return merge_dicts(DEV_API_POST_HEADERS,
get_version_headers(client.name, client_version),
get_user_agent_header())
def get_default_get_headers(client: SourceType, client_version: str):
return merge_dicts(DEV_API_GET_HEADERS,
get_version_headers(client.name, client_version))
def _headers(self):
return merge_dicts(
{
"Accept": "application/vnd.github.v3+json",
"Authorization": "token {}".format(self.token)
}, get_user_agent_header())
def commit_repository(self, branch):
"""
:param branch: branch to be persisted
Finalize the repository's scanning in bridgecrew's platform.
"""
try_num = 0
while try_num < MAX_RETRIES:
if not self.use_s3_integration:
return
request = None
response = None
try:
request = self.http.request(
"PUT",
f"{self.integrations_api_url}?source={self.bc_source.name}",
body=json.dumps({
"path": self.repo_path,
"branch": branch,
"to_branch": BC_TO_BRANCH,
"pr_id": BC_PR_ID,
"pr_url": BC_PR_URL,
"commit_hash": BC_COMMIT_HASH,
"commit_url": BC_COMMIT_URL,
"author": BC_AUTHOR_NAME,
"author_url": BC_AUTHOR_URL,
"run_id": BC_RUN_ID,
"run_url": BC_RUN_URL,
"repository_url": BC_REPOSITORY_URL
}),
headers=merge_dicts(
{
"Authorization": self.get_auth_token(),
"Content-Type": "application/json",
'x-api-client': self.bc_source.name,
'x-api-checkov-version': checkov_version
}, get_user_agent_header()))
response = json.loads(request.data.decode("utf8"))
url = response.get("url", None)
return url
except HTTPError as e:
logging.error(
f"Failed to commit repository {self.repo_path}\n{e}")
raise e
except JSONDecodeError as e:
logging.error(
f"Response of {self.integrations_api_url} is not a valid JSON\n{e}"
)
raise e
finally:
if request.status == 201 and response and response.get(
"result") == "Success":
logging.info(
f"Finalize repository {self.repo_id} in bridgecrew's platform"
)
elif try_num < MAX_RETRIES and re.match(
'The integration ID .* in progress',
response.get('message', '')):
logging.info(
f"Failed to persist for repo {self.repo_id}, sleeping for {SLEEP_SECONDS} seconds before retrying"
)
try_num += 1
sleep(SLEEP_SECONDS)
else:
raise Exception(
f"Failed to finalize repository {self.repo_id} in bridgecrew's platform\n{response}"
)
r"^[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}$")
ACCOUNT_CREATION_TIME = 180 # in seconds
UNAUTHORIZED_MESSAGE = 'User is not authorized to access this resource with an explicit deny'
ASSUME_ROLE_UNUATHORIZED_MESSAGE = 'is not authorized to perform: sts:AssumeRole'
FileToPersist = namedtuple('FileToPersist', 'full_file_path s3_file_key')
DEFAULT_REGION = "us-west-2"
MAX_RETRIES = 40
ONBOARDING_SOURCE = "checkov"
SIGNUP_HEADER = merge_dicts(
{
'Accept': 'application/json',
'Content-Type': 'application/json;charset=UTF-8'
}, get_user_agent_header())
class BcPlatformIntegration(object):
def __init__(self):
self.bc_api_key = read_key()
self.s3_client = None
self.bucket = None
self.credentials = None
self.repo_path = None
self.repo_id = None
self.repo_branch = None
self.skip_fixes = False
self.skip_suppressions = False
def get_default_post_headers(client, client_version):
return merge_dicts(DEV_API_POST_HEADERS, get_version_headers(client, client_version))
