Exemplo n.º 1
0
def getApplicationEvaluationReports():
    # get all application reports info
    statusCode, applicationEvaluations = iq.getData(
        '/api/v2/reports/applications')

    if statusCode == 200:
        # Write the json data to file
        fileIO.writeJsonFile(appReportsJsonFile, applicationEvaluations)

        for applicationEvaluation in applicationEvaluations:
            applicationId = applicationEvaluation["applicationId"]

            # only consider if the application has an override
            if applicationHasOverride(applicationId):
                applicationName = util.getApplicationName(
                    applicationEvaluation["reportDataUrl"])
                applicationReportUrl = applicationEvaluation["reportDataUrl"]
                stage = applicationEvaluation["stage"]

                line = applicationName + "," + applicationId + "," + applicationReportUrl + "," + stage + "\n"
                appsOverridenDb.append(line)

        fileIO.writeCSVFile(appReportsUrlsCsvFile, "", appsOverridenDb)

    return statusCode
Exemplo n.º 2
0
def getOverRidesData():
    # get security vulnerabilty override data
    statusCode, overrides = iq.getData('/api/v2/securityOverrides')

    if statusCode == 200:
        # Write the json data to file
        fileIO.writeJsonFile(overRidesJsonFile, overrides)

        overrides = overrides['securityOverrides']

        for override in overrides:
            comment = override["comment"]
            referenceId = override["referenceId"]
            status = override["status"]
            ownerName = override["owner"]["ownerName"]
            ownerId = override["owner"]["ownerId"]

            for affectedComponent in override["currentlyAffectedComponents"]:
                packageUrl = affectedComponent["packageUrl"]
            componentHash = affectedComponent["hash"]

            # write only if it is format we need
            if not util.overrideFormat(packageUrl):
                continue

            line = ownerName + "," + ownerId + "," + status + "," + comment + "," + packageUrl + "," + componentHash + "," + referenceId + "\n"
            overRidesDb.append(line)

        csvHeader = "ApplicationName,ApplicationId,OverrideStatus,Comment,PackageUrl,ComponentHash,CVE\n"
        fileIO.writeCSVFile(overRidesCsvFile, csvHeader, overRidesDb)

    return statusCode
Exemplo n.º 3
0
def getSecurityOverRidesData():
    statusCode, overrides = iq.getData('/api/v2/securityOverrides')

    if statusCode == 200:
        fileIO.writeJsonFile(securityOverRidesJsonFile, overrides)
        print(securityOverRidesJsonFile)

        for override in overrides['securityOverrides']:

            comment = override["comment"]
            referenceId = override["referenceId"]
            status = override["status"]
            ownerName = override["owner"]["ownerName"]
            ownerId = override["owner"]["ownerId"]

            for affectedComponent in override["currentlyAffectedComponents"]:
                packageUrl = affectedComponent["packageUrl"]
                componentHash = affectedComponent["hash"]

            if not util.isAname(packageUrl):
                continue

            line = ownerName + "," + ownerId + "," + status + "," + comment + "," + packageUrl + "," + componentHash + "," + referenceId + "\n"
            securityOverridesDb.append(line)

        csvHeader = "ApplicationName,ApplicationId,OverrideStatus,Comment,PackageUrl,ComponentHash,CVE\n"
        fileIO.writeCSVFile(securityOverRidesCsvFile, csvHeader,
                            securityOverridesDb)

    print(securityOverRidesCsvFile)
Exemplo n.º 4
0
def getLicenseOverrides():

    with open(licenseOverridesCsvFile, 'w') as fd:
        fd.write(
            'ApplicationPublicId,ApplicationId,PackageUrl,Status,OverrideLicenseId,OverrideLicenseName\n'
        )
        fd.close()

    with open(appReportsUrlsCsvFile) as csvfile:
        r = csv.reader(csvfile, delimiter=',')
        for row in r:
            applicationName = row[0]
            applicationId = row[1]
            url = row[2]

            statusCode, policyReportData = iq.getData('/' + url)

            if statusCode == 200:

                components = policyReportData["components"]

                with open(licenseOverridesCsvFile, 'a') as fd:
                    for component in components:
                        packageUrl = component["packageUrl"]

                        if not packageUrl:
                            continue

                        licenseData = component["licenseData"]

                        if not licenseData:
                            continue

                        status = component["licenseData"]["status"]
                        if not util.isLicenseOverrideStatus(status):
                            continue

                        licenseOverride = component["licenseData"][
                            "overriddenLicenses"]
                        licenseStr = ""

                        for license in licenseOverride:
                            overriddenLicenseId = license["licenseId"]
                            overriddenLicenseName = license["licenseName"]
                            licenseStr = overriddenLicenseId + ":" + overriddenLicenseName + ";"

                        licenseStr = licenseStr[:-1]
                        line = applicationName + "," + applicationId + "," + packageUrl + "," + status + "," + overriddenLicenseId + "," + overriddenLicenseName + "\n"
                        fd.write(line)

                        lic_json = workdir + "/" + applicationName + ".json"
                        fileIO.writeJsonFile(lic_json, policyReportData)

    print(licenseOverridesCsvFile)
    return
Exemplo n.º 5
0
def getApplicationEvaluationReports():
  statusCode, applicationEvaluations = iq.getData('/api/v2/reports/applications')

  if statusCode == 200:
    fileIO.writeJsonFile(appReportsJsonFile, applicationEvaluations)
    print(appReportsJsonFile)
    
    for applicationEvaluation in applicationEvaluations:
      applicationId = applicationEvaluation["applicationId"]

      applicationName = util.getApplicationName(applicationEvaluation["reportDataUrl"])
      applicationReportUrl = applicationEvaluation["reportDataUrl"]
      stage = applicationEvaluation["stage"]

      line = applicationName + "," + applicationId + "," + applicationReportUrl + "," + stage + "\n"
      reportsDb.append(line)

  fileIO.writeCSVFile(appReportsUrlsCsvFile, "", reportsDb)

  print(appReportsUrlsCsvFile)
  return 
Exemplo n.º 6
0
def getViolationInfoForOverride(url, findPackageUrl, findCve, overrideStatus, comment):

  policyReportDataUrl = url.replace('/raw', '/policy')
  statusCode, policyReportData = iq.getData('/' + policyReportDataUrl)

  if statusCode == 200:
    applicationId = policyReportData["application"]["id"]
    applicationName = policyReportData["application"]["publicId"]
    components = policyReportData["components"]

    fn = workdir + "/" + applicationName + ".json"
    fileIO.writeJsonFile(fn, policyReportData)
    print(fn)

    for component in components:
        componentHash = component["hash"]
        packageUrl = component["packageUrl"]

        if not packageUrl:
          packageUrl = "none"

        if not findPackageUrl == packageUrl:
          continue
        
        if not util.isAname(packageUrl):
          continue

        policyName = ""
        waived = ""
        reason = ""

        violations = component['violations']

        for violation in violations:
          policyThreatLevel = violation['policyThreatLevel']

          if policyThreatLevel >= 7:
            policyName = violation['policyName']
            policyId = violation['policyId']
            waived = violation['waived']
            policyThreatCategory = violation['policyThreatCategory']
            policyViolationId = violation['policyViolationId']

            if policyThreatCategory == "QUALITY":
              continue

            line = ""
            cve = ""
            severity = ""

            if  policyThreatCategory == "SECURITY": 
              constraints = violation['constraints']
              for constraint in constraints:
                conditions = constraint['conditions']

                for condition in conditions:
                  reason = condition['conditionReason']
                  cve, severity = getVulnerabilityDetails(reason)

                  # remove close bracket at the end
                  # severity = severity[:-1]

                  if not findCve == cve:
                    continue

                  with open(overrideViolationsCsvFile, 'a') as fd:

                    line = policyThreatCategory.lower() + "," + applicationName + "," + applicationId + "," + packageUrl + "," + componentHash + "," + policyName + "," + \
                          policyId + "," + str(policyThreatLevel) + "," + policyViolationId + "," + \
                          str(waived) + "," + cve + "," + severity + "," + overrideStatus + "," + comment + "\n"

                    fd.write(line)

  return
Exemplo n.º 7
0
def getPolicyViolationsForOverrideApplications():
    # get the policy violations for each override application

    with open(appPolicyViolationsCsvFile, 'w') as fd:
        fd.write(
            'ApplicationPublicId,ApplicationId,PackageUrl,ComponentHash,PolicyName,PolicyId,PolicyThreatCategory,PolicyThreatLevel,PolicyViolationId,Waived,CVE,Severity\n'
        )
        fd.close()

    # read the app report urls file (it contains applications with overrides) and get the policy violations for each application
    with open(appReportsUrlsCsvFile) as csvfile:
        r = csv.reader(csvfile, delimiter=',')
        for row in r:
            url = row[2]

            # we want the policy violations
            policyReportDataUrl = url.replace('/raw', '/policy')
            statusCode, policyReportData = iq.getData('/' +
                                                      policyReportDataUrl)

            if statusCode == 200:
                components = policyReportData["components"]
                applicationId = policyReportData["application"]["id"]
                applicationName = policyReportData["application"]["publicId"]

                #  write the json data
                fileIO.writeJsonFile(workdir + "/" + applicationName + ".json",
                                     policyReportData)

                #  write to csv file
                with open(appPolicyViolationsCsvFile, 'a') as fd:
                    for component in components:
                        componentHash = component["hash"]
                        packageUrl = component["packageUrl"]

                        if not packageUrl:
                            packageUrl = "none"

                        # write only if it is format we need (ie. a-name)
                        if not util.overrideFormat(packageUrl):
                            continue

                        #  write only if this component has an override
                        if not componentHasOverride(applicationId, packageUrl):
                            continue

                        policyName = ""
                        waived = ""
                        reason = ""

                        violations = component['violations']

                        for violation in violations:
                            policyThreatLevel = violation['policyThreatLevel']

                            # Only write if above threat level threshold
                            if policyThreatLevel >= 7:
                                policyName = violation['policyName']
                                policyId = violation['policyId']
                                waived = violation['waived']
                                policyThreatCategory = violation[
                                    'policyThreatCategory']
                                policyViolationId = violation[
                                    'policyViolationId']

                                constraints = violation['constraints']
                                for constraint in constraints:
                                    conditions = constraint['conditions']

                                    for condition in conditions:
                                        reason = condition['conditionReason']
                                        cve, severity = getVulnerabilityDetails(
                                            reason)

                                        # remove close bracket at the end
                                        severity = severity[:-1]

                                line = applicationName + "," + applicationId + "," + packageUrl + "," + componentHash + "," + policyName + "," + \
                                       policyId + "," + policyThreatCategory + "," + str(policyThreatLevel) + "," + policyViolationId + "," + \
                                       str(waived) + "," + cve + "," + severity + "\n"

                                # write to file
                                fd.write(line)

    print(appPolicyViolationsCsvFile)
    return 200