def report_results(self, twistcli_scan_result: Dict[str, Any],
file_path: Path, **kwargs: Any) -> None:
payload = self._create_report(
twistcli_scan_result=twistcli_scan_result,
file_path=file_path,
**kwargs,
)
headers = merge_dicts(
get_default_post_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
{"Authorization": self.get_bc_api_key()},
)
for i in range(2):
response = requests.request(
"POST",
f"{self.vulnerabilities_base_url}/report",
headers=headers,
json=payload)
try:
response.raise_for_status()
break
except requests.exceptions.HTTPError as ex:
logging.error(
f"HTTP error on request {self.vulnerabilities_base_url}/report, payload:\n{payload}"
)
if ex.response.status_code >= 500 and i != 1:
time.sleep(2)
continue
raise ex
def _get_fixes_for_file(self, check_type, filename, file_contents, failed_checks):
errors = list(map(lambda c: {
'resourceId': c.resource,
'policyId': self.bc_integration.ckv_to_bc_id_mapping[c.check_id],
'startLine': c.file_line_range[0],
'endLine': c.file_line_range[1]
}, failed_checks))
payload = {
'filePath': filename,
'fileContent': file_contents,
'framework': check_type,
'errors': errors
}
headers = merge_dicts(
get_default_post_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version),
{"Authorization": self.bc_integration.get_auth_token()}
)
response = requests.request('POST', self.fixes_url, headers=headers, json=payload)
if response.status_code != 200:
error_message = extract_error_message(response)
raise Exception(f'Get fixes request failed with response code {response.status_code}: {error_message}')
logging.debug(f'Response from fixes API: {response.content}')
fixes = json.loads(response.content) if response.content else None
if not fixes or type(fixes) != list:
logging.warning(f'Unexpected fixes API response for file {filename}; skipping fixes for this file')
return None
return fixes[0]
def report_results(
self,
docker_image_name: str,
dockerfile_path: str,
dockerfile_content: str,
twistcli_scan_result: Dict[str, Any],
) -> None:
headers = merge_dicts(
get_default_post_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
{'Authorization': self.get_bc_api_key()})
vulnerabilities = list(
map(
lambda x: {
'cveId':
x.get('id'),
'status':
x.get('status', 'open'),
'severity':
x.get('severity'),
'packageName':
x.get('packageName'),
'packageVersion':
x.get('packageVersion'),
'link':
x.get('link'),
'cvss':
x.get('cvss'),
'vector':
x.get('vector'),
'description':
x.get('description'),
'riskFactors':
x.get('riskFactors'),
'publishedDate':
x.get('publishedDate') or (datetime.now() - timedelta(
days=x.get('publishedDays', 0))).isoformat()
},
twistcli_scan_result['results'][0].get('vulnerabilities', [])))
payload = {
'sourceId': bc_integration.repo_id,
'branch': bc_integration.repo_branch,
'dockerImageName': docker_image_name,
'dockerFilePath': dockerfile_path,
'dockerFileContent': dockerfile_content,
'sourceType': bc_integration.bc_source.name,
'vulnerabilities': vulnerabilities
}
response = requests.request(
'POST',
f"{self.docker_image_scanning_base_url}/report",
headers=headers,
json=payload)
response.raise_for_status()
def report_results(self, docker_image_name, dockerfile_path,
dockerfile_content, twistcli_scan_result):
headers = merge_dicts(
get_default_post_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
get_auth_header(bc_integration.bc_api_key))
vulnerabilities = list(
map(
lambda x: {
'cveId':
x['id'],
'status':
x['status'],
'severity':
x['severity'],
'packageName':
x['packageName'],
'packageVersion':
x['packageVersion'],
'link':
x['link'],
'cvss':
x.get('cvss'),
'vector':
x.get('vector'),
'description':
x.get('description'),
'riskFactors':
x.get('riskFactors'),
'publishedDate': (datetime.now() - timedelta(days=x[
'publishedDays'])).isoformat()
}, twistcli_scan_result['results'][0]['vulnerabilities']))
payload = {
'sourceId': bc_integration.repo_id,
'branch': bc_integration.repo_branch,
'dockerImageName': docker_image_name,
'dockerFilePath': dockerfile_path,
'dockerFileContent': dockerfile_content,
'sourceType': bc_integration.bc_source,
'vulnerabilities': vulnerabilities
}
response = requests.request(
'POST',
f"{self.docker_image_scanning_base_url}/report",
headers=headers,
json=payload)
response.raise_for_status()
def report_results(self, twistcli_scan_result: Dict[str, Any],
file_path: Path, **kwargs: Any) -> None:
payload = self._create_report(
twistcli_scan_result=twistcli_scan_result,
file_path=file_path,
**kwargs,
)
headers = merge_dicts(
get_default_post_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
{"Authorization": self.get_bc_api_key()},
)
response = requests.request("POST",
f"{self.vulnerabilities_base_url}/report",
headers=headers,
json=payload)
response.raise_for_status()
async def report_results_async(
self,
twistcli_scan_result: Dict[str, Any],
bc_platform_integration: BcPlatformIntegration,
bc_api_key: str,
file_path: Path,
**kwargs: Any,
) -> int:
logging.info(f"Start to send report for package file {file_path}")
payload = self._create_report(
twistcli_scan_result=twistcli_scan_result,
bc_platform_integration=bc_platform_integration,
file_path=file_path,
**kwargs,
)
headers = merge_dicts(
get_default_post_headers(
bc_platform_integration.bc_source,
bc_platform_integration.bc_source_version),
{"Authorization": bc_api_key},
)
async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(
resolver=aiohttp.AsyncResolver())) as session:
async with session.post(
url=f"{self.vulnerabilities_base_url}/report",
headers=headers,
json=payload) as response:
content = await response.text()
if response.ok:
logging.info(
f"Successfully send report for package file {file_path}")
return 0
else:
logging.error(
f"Failed to send report for package file {file_path}")
logging.error(
f"Status code: {response.status}, Reason: {response.reason}, Content: {content}"
)
return 1
def _get_fixes_for_file(self, filename, file_contents, failed_checks):
errors = list(
map(
lambda c: {
'resourceId':
c.resource,
'policyId':
self.bc_integration.ckv_to_bc_id_mapping[c.check_id],
'startLine':
c.file_line_range[0],
'endLine':
c.file_line_range[1]
}, failed_checks))
payload = {
'filePath': filename,
'fileContent': file_contents,
'errors': errors
}
headers = merge_dicts(
get_default_post_headers(self.bc_integration.bc_source,
self.bc_integration.bc_source_version),
get_auth_header(self.bc_integration.bc_api_key))
response = requests.request('POST',
self.fixes_url,
headers=headers,
json=payload)
if response.status_code != 200:
error_message = extract_error_message(response)
raise Exception(
f'Get fixes request failed with response code {response.status_code}: {error_message}'
)
fixes = json.loads(response.content)
return fixes[0]