feat(engine_dast): new dast scanning engine. #140

russbelln · 2024-05-07T23:01:06Z

Description

Add new dast scanning engine
Add the Nuclei tool as driven adapter of the new engine

Checklist:

The pull request is complete according to the guide of contributing of this project
I have performed a self-review of my own code
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have added tests that prove my feature, policy, or fix is effective and works
New and existing tests pass locally with my changes

github-advanced-security · 2024-05-17T16:29:51Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py

sonarqubecloud · 2024-05-30T20:28:22Z

Quality Gate failed

Failed conditions
D Security Rating on New Code (required ≥ C)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

Gaviria9601

Review the comments
update example_remote_config_local engine_core with ENGINE_DAST config
remove .gitkeeps
Review the security issues sonarcloud
update version tools/devsecops_engine_tools/version.py
Please, finish the PR the checks

example_remote_config_local/engine_dast/ConfigTool.json

tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py

.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py

tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py

...devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py

tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py

tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py

.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py

tools/requirements.txt

tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py

...ne_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py

tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py

tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py

tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py

tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py

...ecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py

tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py

tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py

...evsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py

...secops_engine_tools/engine_dast/test/infrastructure/helpers/test_dast_file_generator_tool.py

octaviovg

Validate comments

sonarqubecloud · 2024-09-28T03:43:56Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

fix(engine_core): fix create exclusion particular cases

* fix(deps): update dependencies * fix(deprecated): Update deprecated method usages --------- Co-authored-by: juancgalvis <[email protected]>

…ne-tools into feature/gitleaks

feat(engine_core): 🚀 handle finding exclusion - white_list

…ne-tools into feature/gitleaks

feat(engine_secret): new gitleaks driven adapter

fix(engine_secret): download custom rules if enabled

…ia/devsecops-engine-tools into feature/engine_dast_nu

sonarqubecloud · 2025-01-23T01:58:32Z

Quality Gate failed

Failed conditions
65.9% Coverage on New Code (required ≥ 70.0%)

See analysis details on SonarQube Cloud

sonarqubecloud · 2025-01-23T02:02:27Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

github-advanced-security bot found potential problems May 17, 2024

View reviewed changes

russbelln changed the title ~~Feature/engine dast nu~~ feat(engine dast) Sep 5, 2024

russbelln changed the title ~~feat(engine dast)~~ feat(engine dast): new dast scanning engine Sep 5, 2024

russbelln changed the title ~~feat(engine dast): new dast scanning engine~~ feat(engine_dast): new dast scanning engine Sep 5, 2024

russbelln changed the title ~~feat(engine_dast): new dast scanning engine~~ feat(engine_dast): new dast scanning engine. Sep 5, 2024

Gaviria9601 reviewed Sep 24, 2024

View reviewed changes

tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py Outdated Show resolved Hide resolved

Gaviria9601 reviewed Sep 24, 2024

View reviewed changes

.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py Outdated Show resolved Hide resolved

Gaviria9601 reviewed Sep 24, 2024

View reviewed changes

.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py Outdated Show resolved Hide resolved

Gaviria9601 reviewed Sep 24, 2024

View reviewed changes

.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py Show resolved Hide resolved

Gaviria9601 reviewed Sep 24, 2024

View reviewed changes

.../devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py Outdated Show resolved Hide resolved

octaviovg reviewed Sep 25, 2024

View reviewed changes

tools/requirements.txt Outdated Show resolved Hide resolved