def exec_tool(args, cwd=None, env=os.environ.copy(), stdout=subprocess.DEVNULL):
"""
Convenience method to invoke cli tools
Args:
args cli command and args
cwd Current working directory
env Environment variables
stdout stdout configuration for run command
Returns:
CompletedProcess instance
"""
try:
env = use_java(env)
LOG.info("=" * 80)
LOG.debug('⚡︎ Executing "{}"'.format(" ".join(args)))
cp = subprocess.run(
args,
stdout=stdout,
stderr=subprocess.STDOUT,
cwd=cwd,
env=env,
check=False,
shell=False,
encoding="utf-8",
)
return cp
except Exception as e:
LOG.error(e)
return None
def fetch_findings(app_name, version, report_fname):
"""
Fetch findings from the NG SAST Cloud
"""
sl_org = config.get("SHIFTLEFT_ORG_ID", config.get("SHIFTLEFT_ORGANIZATION_ID"))
sl_org_token = config.get(
"SHIFTLEFT_ORG_TOKEN", config.get("SHIFTLEFT_ORGANIZATION_TOKEN")
)
if not sl_org_token:
sl_org_token = config.get("SHIFTLEFT_API_TOKEN")
findings_api = config.get("SHIFTLEFT_VULN_API")
findings_list = []
if sl_org and sl_org_token:
findings_api = findings_api % dict(
sl_org=sl_org, app_name=app_name, version=version
)
query_obj = {
"query": {
"returnRuntimeData": False,
"orderByDirection": "VULNERABILITY_ORDER_DIRECTION_DESC",
}
}
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer " + sl_org_token,
}
try:
r = requests.post(findings_api, headers=headers, json=query_obj)
if r.status_code == 200:
findings_data = r.json()
if findings_data:
findings_list += findings_data.get("vulnerabilities", [])
nextPageBookmark = findings_data.get("nextPageBookmark")
# Recurse and fetch all pages
while nextPageBookmark:
LOG.debug("Retrieving findings from next page")
r = requests.post(
findings_api,
headers=headers,
json={"pageBookmark": nextPageBookmark},
)
if r.status_code == 200:
findings_data = r.json()
if findings_data:
findings_list += findings_data.get(
"vulnerabilities", []
)
nextPageBookmark = findings_data.get("nextPageBookmark")
else:
nextPageBookmark = None
with open(report_fname, mode="w") as rp:
json.dump({"vulnerabilities": findings_list}, rp)
LOG.debug(
"Data written to {}, {}".format(
report_fname, len(findings_list)
)
)
return findings_list
else:
if not findings_list:
LOG.warning(
"Unable to retrieve any findings from NG SAST Cloud. Status {}".format(
r.status_code
)
)
else:
LOG.debug(
"Unable to retrieve some findings from NG SAST Cloud. Proceeding with partial list. Status {}".format(
r.status_code
)
)
return findings_list
except Exception as e:
LOG.error(e)
else:
return findings_list
