Пример #1
0
    def report_results(self, twistcli_scan_result: Dict[str, Any],
                       file_path: Path, **kwargs: Any) -> None:
        payload = self._create_report(
            twistcli_scan_result=twistcli_scan_result,
            file_path=file_path,
            **kwargs,
        )
        headers = merge_dicts(
            get_default_post_headers(bc_integration.bc_source,
                                     bc_integration.bc_source_version),
            {"Authorization": self.get_bc_api_key()},
        )

        for i in range(2):
            response = requests.request(
                "POST",
                f"{self.vulnerabilities_base_url}/report",
                headers=headers,
                json=payload)
            try:
                response.raise_for_status()
                break
            except requests.exceptions.HTTPError as ex:
                logging.error(
                    f"HTTP error on request {self.vulnerabilities_base_url}/report, payload:\n{payload}"
                )
                if ex.response.status_code >= 500 and i != 1:
                    time.sleep(2)
                    continue
                raise ex
Пример #2
0
    def _get_fixes_for_file(self, check_type, filename, file_contents, failed_checks):

        errors = list(map(lambda c: {
            'resourceId': c.resource,
            'policyId': self.bc_integration.ckv_to_bc_id_mapping[c.check_id],
            'startLine': c.file_line_range[0],
            'endLine': c.file_line_range[1]
        }, failed_checks))

        payload = {
            'filePath': filename,
            'fileContent': file_contents,
            'framework': check_type,
            'errors': errors
        }

        headers = merge_dicts(
            get_default_post_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version),
            {"Authorization": self.bc_integration.get_auth_token()}
        )

        response = requests.request('POST', self.fixes_url, headers=headers, json=payload)

        if response.status_code != 200:
            error_message = extract_error_message(response)
            raise Exception(f'Get fixes request failed with response code {response.status_code}: {error_message}')

        logging.debug(f'Response from fixes API: {response.content}')

        fixes = json.loads(response.content) if response.content else None
        if not fixes or type(fixes) != list:
            logging.warning(f'Unexpected fixes API response for file {filename}; skipping fixes for this file')
            return None
        return fixes[0]
Пример #3
0
 def report_results(
     self,
     docker_image_name: str,
     dockerfile_path: str,
     dockerfile_content: str,
     twistcli_scan_result: Dict[str, Any],
 ) -> None:
     headers = merge_dicts(
         get_default_post_headers(bc_integration.bc_source,
                                  bc_integration.bc_source_version),
         {'Authorization': self.get_bc_api_key()})
     vulnerabilities = list(
         map(
             lambda x: {
                 'cveId':
                 x.get('id'),
                 'status':
                 x.get('status', 'open'),
                 'severity':
                 x.get('severity'),
                 'packageName':
                 x.get('packageName'),
                 'packageVersion':
                 x.get('packageVersion'),
                 'link':
                 x.get('link'),
                 'cvss':
                 x.get('cvss'),
                 'vector':
                 x.get('vector'),
                 'description':
                 x.get('description'),
                 'riskFactors':
                 x.get('riskFactors'),
                 'publishedDate':
                 x.get('publishedDate') or (datetime.now() - timedelta(
                     days=x.get('publishedDays', 0))).isoformat()
             },
             twistcli_scan_result['results'][0].get('vulnerabilities', [])))
     payload = {
         'sourceId': bc_integration.repo_id,
         'branch': bc_integration.repo_branch,
         'dockerImageName': docker_image_name,
         'dockerFilePath': dockerfile_path,
         'dockerFileContent': dockerfile_content,
         'sourceType': bc_integration.bc_source.name,
         'vulnerabilities': vulnerabilities
     }
     response = requests.request(
         'POST',
         f"{self.docker_image_scanning_base_url}/report",
         headers=headers,
         json=payload)
     response.raise_for_status()
Пример #4
0
 def report_results(self, docker_image_name, dockerfile_path,
                    dockerfile_content, twistcli_scan_result):
     headers = merge_dicts(
         get_default_post_headers(bc_integration.bc_source,
                                  bc_integration.bc_source_version),
         get_auth_header(bc_integration.bc_api_key))
     vulnerabilities = list(
         map(
             lambda x: {
                 'cveId':
                 x['id'],
                 'status':
                 x['status'],
                 'severity':
                 x['severity'],
                 'packageName':
                 x['packageName'],
                 'packageVersion':
                 x['packageVersion'],
                 'link':
                 x['link'],
                 'cvss':
                 x.get('cvss'),
                 'vector':
                 x.get('vector'),
                 'description':
                 x.get('description'),
                 'riskFactors':
                 x.get('riskFactors'),
                 'publishedDate': (datetime.now() - timedelta(days=x[
                     'publishedDays'])).isoformat()
             }, twistcli_scan_result['results'][0]['vulnerabilities']))
     payload = {
         'sourceId': bc_integration.repo_id,
         'branch': bc_integration.repo_branch,
         'dockerImageName': docker_image_name,
         'dockerFilePath': dockerfile_path,
         'dockerFileContent': dockerfile_content,
         'sourceType': bc_integration.bc_source,
         'vulnerabilities': vulnerabilities
     }
     response = requests.request(
         'POST',
         f"{self.docker_image_scanning_base_url}/report",
         headers=headers,
         json=payload)
     response.raise_for_status()
Пример #5
0
 def report_results(self, twistcli_scan_result: Dict[str, Any],
                    file_path: Path, **kwargs: Any) -> None:
     payload = self._create_report(
         twistcli_scan_result=twistcli_scan_result,
         file_path=file_path,
         **kwargs,
     )
     headers = merge_dicts(
         get_default_post_headers(bc_integration.bc_source,
                                  bc_integration.bc_source_version),
         {"Authorization": self.get_bc_api_key()},
     )
     response = requests.request("POST",
                                 f"{self.vulnerabilities_base_url}/report",
                                 headers=headers,
                                 json=payload)
     response.raise_for_status()
Пример #6
0
    async def report_results_async(
        self,
        twistcli_scan_result: Dict[str, Any],
        bc_platform_integration: BcPlatformIntegration,
        bc_api_key: str,
        file_path: Path,
        **kwargs: Any,
    ) -> int:
        logging.info(f"Start to send report for package file {file_path}")

        payload = self._create_report(
            twistcli_scan_result=twistcli_scan_result,
            bc_platform_integration=bc_platform_integration,
            file_path=file_path,
            **kwargs,
        )
        headers = merge_dicts(
            get_default_post_headers(
                bc_platform_integration.bc_source,
                bc_platform_integration.bc_source_version),
            {"Authorization": bc_api_key},
        )

        async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(
                resolver=aiohttp.AsyncResolver())) as session:
            async with session.post(
                    url=f"{self.vulnerabilities_base_url}/report",
                    headers=headers,
                    json=payload) as response:
                content = await response.text()

            if response.ok:
                logging.info(
                    f"Successfully send report for package file {file_path}")
                return 0
            else:
                logging.error(
                    f"Failed to send report for package file {file_path}")
                logging.error(
                    f"Status code: {response.status}, Reason: {response.reason}, Content: {content}"
                )
                return 1
Пример #7
0
    def _get_fixes_for_file(self, filename, file_contents, failed_checks):

        errors = list(
            map(
                lambda c: {
                    'resourceId':
                    c.resource,
                    'policyId':
                    self.bc_integration.ckv_to_bc_id_mapping[c.check_id],
                    'startLine':
                    c.file_line_range[0],
                    'endLine':
                    c.file_line_range[1]
                }, failed_checks))

        payload = {
            'filePath': filename,
            'fileContent': file_contents,
            'errors': errors
        }

        headers = merge_dicts(
            get_default_post_headers(self.bc_integration.bc_source,
                                     self.bc_integration.bc_source_version),
            get_auth_header(self.bc_integration.bc_api_key))

        response = requests.request('POST',
                                    self.fixes_url,
                                    headers=headers,
                                    json=payload)

        if response.status_code != 200:
            error_message = extract_error_message(response)
            raise Exception(
                f'Get fixes request failed with response code {response.status_code}: {error_message}'
            )

        fixes = json.loads(response.content)
        return fixes[0]