def _get_suppressions_from_platform(self):
headers = merge_dicts(
get_default_get_headers(self.bc_integration.bc_source,
self.bc_integration.bc_source_version),
get_auth_header(self.bc_integration.get_auth_token()))
response = requests.request('GET',
self.suppressions_url,
headers=headers)
if response.status_code != 200:
error_message = extract_error_message(response)
raise Exception(
f'Get suppressions request failed with response code {response.status_code}: {error_message}'
)
# filter out suppressions that we know just don't apply
suppressions = [
s for s in json.loads(response.content)
if self._suppression_valid_for_run(s)
]
for suppression in suppressions:
if suppression['policyId'] in self.bc_integration.bc_id_mapping:
suppression[
'checkovPolicyId'] = self.bc_integration.bc_id_mapping[
suppression['policyId']]
else:
suppression['checkovPolicyId'] = suppression[
'policyId'] # custom policy
return suppressions
def _get_policies_from_platform(self):
headers = merge_dicts(get_default_get_headers(self.bc_integration.bc_source, self.bc_integration.bc_source_version),
get_auth_header(self.bc_integration.bc_api_key))
response = requests.request('GET', self.policies_url, headers=headers)
if response.status_code != 200:
error_message = extract_error_message(response)
raise Exception(f'Get custom policies request failed with response code {response.status_code}: {error_message}')
policies = response.json().get('data', [])
return policies
def download_twistcli(self, cli_file_name):
os_type = platform.system().lower()
headers = merge_dicts(
get_default_get_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
get_auth_header(bc_integration.bc_api_key))
response = requests.request(
'GET',
f"{self.docker_image_scanning_base_url}/twistcli/download?os={os_type}",
headers=headers)
open(cli_file_name, 'wb').write(response.content)
st = os.stat(cli_file_name)
os.chmod(cli_file_name, st.st_mode | stat.S_IEXEC)
logging.debug(f'TwistCLI downloaded and has execute permission')
def download_twistcli(
self, cli_file_name: Union[str, "os.PathLike[str]"]) -> None:
os_type = platform.system().lower()
headers = merge_dicts(
get_default_get_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
{'Authorization': self.get_bc_api_key()})
response = requests.request(
'GET',
f"{self.docker_image_scanning_base_url}/twistcli/download?os={os_type}",
headers=headers)
response.raise_for_status()
with open(cli_file_name, 'wb') as fb:
fb.write(response.content)
st = os.stat(cli_file_name)
os.chmod(cli_file_name, st.st_mode | stat.S_IEXEC)
logging.debug(f'TwistCLI downloaded and has execute permission')
def download_twistcli(self, cli_file_name: Path) -> None:
# backwards compatibility, should be removed in a later stage
cli_file_name_path = cli_file_name if isinstance(
cli_file_name, Path) else Path(cli_file_name)
os_type = platform.system().lower()
headers = merge_dicts(
get_default_get_headers(bc_integration.bc_source,
bc_integration.bc_source_version),
{"Authorization": self.get_bc_api_key()},
)
response = requests.request(
"GET",
f"{self.vulnerabilities_base_url}/twistcli/download?os={os_type}",
headers=headers)
response.raise_for_status()
cli_file_name_path.write_bytes(response.content)
cli_file_name_path.chmod(cli_file_name_path.stat().st_mode
| stat.S_IEXEC)
logging.debug("twistcli downloaded and has execute permission")
