From 890b600161a70bcf30d3fefc178de828068d990c Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 7 May 2024 17:44:49 -0500 Subject: [PATCH 001/441] integration engine dast --- .../engine_core/ConfigTool.json | 48 +++++ .../engine_dast/ConfigTool.json | 39 ++++ .../engine_dast/Exclusions.json | 31 +++ .../engine_sast/engine_iac/ConfigTool.json | 88 ++++++++ .../engine_sast/engine_iac/Exclusions.json | 31 +++ .../engine_sast/engine_secret/ConfigTool.json | 22 ++ .../engine_sast/engine_secret/Exclusions.json | 26 +++ .../engine_container/ConfigTool.json | 25 +++ .../engine_container/Exclusions.json | 25 +++ .../engine_dependencies/ConfigTool.json | 22 ++ .../engine_dependencies/Exclusions.json | 14 ++ ...er-reference-engine-security-replaced.json | 21 ++ .../tmp/Master-reference-engine-security.json | 21 ++ azp/_work/r1/a/tmp/config-enroll-payment.json | 101 +++++++++ azp/_work/r1/a/tmp/debit_card-fares.json | 34 +++ azp/_work/r1/a/tmp/fraud_models.json | 66 ++++++ azp/_work/r1/a/tmp/geolocalization.json | 22 ++ azp/test_jwt.py | 66 ++++++ .../nuclei_template_0.yaml | 39 ++++ .../nuclei_template_1.yaml | 35 ++++ .../nuclei_template_10.yaml | 35 ++++ .../nuclei_template_11.yaml | 35 ++++ .../nuclei_template_12.yaml | 35 ++++ .../nuclei_template_13.yaml | 35 ++++ .../nuclei_template_14.yaml | 35 ++++ .../nuclei_template_15.yaml | 48 +++++ .../nuclei_template_2.yaml | 35 ++++ .../nuclei_template_3.yaml | 35 ++++ .../nuclei_template_4.yaml | 35 ++++ .../nuclei_template_5.yaml | 35 ++++ .../nuclei_template_6.yaml | 35 ++++ .../nuclei_template_7.yaml | 48 +++++ .../nuclei_template_8.yaml | 39 ++++ .../nuclei_template_9.yaml | 35 ++++ .../src/applications/runner_engine_core.py | 2 + .../src/domain/usecases/handle_scan.py | 12 +- .../src/applications/runner_dast_scan.py | 94 +++++++++ .../src/domain/model/api_config.py | 12 ++ .../src/domain/model/api_operation.py | 10 + .../src/domain/model/config_tool.py | 25 +++ .../src/domain/model/gateways/__init__.py | 0 .../model/gateways/authentication_method.py | 7 + .../model/gateways/devops_platform_gateway.py | 11 + .../model/gateways/remote_config_gateway.py | 9 + .../domain/model/gateways/token_technology.py | 11 + .../src/domain/model/gateways/tool_gateway.py | 9 + .../src/domain/model/security_auth.py | 3 + .../engine_dast/src/domain/model/wa_config.py | 5 + .../src/domain/usecases/dast_scan.py | 127 +++++++++++ .../http/client/auth_client.py | 12 ++ .../driven_adapters/jwt/jwt_object.py | 47 +++++ .../driven_adapters/jwt/jwt_tool.py | 197 ++++++++++++++++++ .../driven_adapters/nuclei/__init__.py | 0 .../driven_adapters/nuclei/nuclei_config.py | 83 ++++++++ .../nuclei/nuclei_deserealizer.py | 38 ++++ .../driven_adapters/nuclei/nuclei_tool.py | 92 ++++++++ .../driven_adapters/oauth/__init__.py | 0 .../oauth/azure_active_directory.py | 111 ++++++++++ .../driven_adapters/oauth/generic_oauth.py | 116 +++++++++++ .../driven_adapters/oauth/oauth.py | 98 +++++++++ .../entry_points/config_dast/__init__.py | 0 .../config_dast/config_exclusions.py | 52 +++++ .../entry_points/config_dast/config_tool.py | 46 ++++ .../entry_points/config_dast/config_tools.py | 9 + .../entry_points/config_dast/example1.py | 22 ++ .../entry_points/entry_point_dast.py | 20 ++ .../helpers/file_generator_tool.py | 71 +++++++ .../infrastructure/helpers/url_validator.py | 17 ++ 68 files changed, 2662 insertions(+), 2 deletions(-) create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json create mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json create mode 100644 azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json create mode 100644 azp/_work/r1/a/tmp/Master-reference-engine-security.json create mode 100644 azp/_work/r1/a/tmp/config-enroll-payment.json create mode 100644 azp/_work/r1/a/tmp/debit_card-fares.json create mode 100644 azp/_work/r1/a/tmp/fraud_models.json create mode 100644 azp/_work/r1/a/tmp/geolocalization.json create mode 100644 azp/test_jwt.py create mode 100644 customized-nuclei-templates/nuclei_template_0.yaml create mode 100644 customized-nuclei-templates/nuclei_template_1.yaml create mode 100644 customized-nuclei-templates/nuclei_template_10.yaml create mode 100644 customized-nuclei-templates/nuclei_template_11.yaml create mode 100644 customized-nuclei-templates/nuclei_template_12.yaml create mode 100644 customized-nuclei-templates/nuclei_template_13.yaml create mode 100644 customized-nuclei-templates/nuclei_template_14.yaml create mode 100644 customized-nuclei-templates/nuclei_template_15.yaml create mode 100644 customized-nuclei-templates/nuclei_template_2.yaml create mode 100644 customized-nuclei-templates/nuclei_template_3.yaml create mode 100644 customized-nuclei-templates/nuclei_template_4.yaml create mode 100644 customized-nuclei-templates/nuclei_template_5.yaml create mode 100644 customized-nuclei-templates/nuclei_template_6.yaml create mode 100644 customized-nuclei-templates/nuclei_template_7.yaml create mode 100644 customized-nuclei-templates/nuclei_template_8.yaml create mode 100644 customized-nuclei-templates/nuclei_template_9.yaml create mode 100644 tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/__init__.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/__init__.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/__init__.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py diff --git a/NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json new file mode 100644 index 000000000..634092a5a --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json @@ -0,0 +1,48 @@ +{ + "BANNER": "DevSecOps Engine Tools", + "SECRET_MANAGER": { + "AWS": { + "SECRET_NAME": "", + "ROLE_ARN": "", + "REGION_NAME": "" + } + }, + "VULNERABILITY_MANAGER": { + "BRANCH_FILTER": "", + "DEFECT_DOJO": { + "CMDB_MAPPING_PATH": "", + "HOST_CMDB": "", + "HOST_DEFECT_DOJO": "", + "REGEX_EXPRESSION_CMDB": "", + "LIMITS_QUERY": 100 + } + }, + "METRICS_MANAGER": { + "AWS": { + "BUCKET": "", + "ROLE_ARN": "", + "REGION_NAME": "" + } + }, + "ENGINE_IAC": { + "ENABLED": "true", + "TOOL": "CHECKOV" + }, + "ENGINE_CONTAINER": { + "ENABLED": "true", + "TOOL": "PRISMA|SNYK" + }, + "ENGINE_DAST": { + "ENABLED": "true", + "TOOL": "NUCLEI", + "EXTRA_TOOLS": ["JWT"] + }, + "ENGINE_SECRET": { + "ENABLED": "true", + "TOOL": "TRUFFLEHOG" + }, + "ENGINE_DEPENDENCIES": { + "ENABLED": "true", + "TOOL": "XRAY" + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json new file mode 100644 index 000000000..b68cc71f1 --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json @@ -0,0 +1,39 @@ +{ + "NUCLEI": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", + "EXTERNAL_GIT_SSH_HOST": "github.com", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "russbelln", + "EXTERNAL_DIR_REPOSITORY": "engine-dast-nuclei-templates", + "EXTERNAL_DIR_ASSET_NAME": "rules/engine_dast/nuclei", + "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", + "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/", + "THRESHOLD": { + "VULNERABILITY": {"Critical": 1, "High": 8, "Medium": 10, "Low": 15}, + "COMPLIANCE": {"Critical": 1} + }, + "RULES": { + "RULES_DOCKER": { + "CKV_DOCKER_1": { + "checkID": "ENGINE_JWT_001 Evaluate JSON Web token's algorithm", + "environment": {"dev": "True", "pdn": "True", "qa": "True"}, + "guideline": "https://bancolombia.sharepoint.com/", + "severity": "Critical", + "cvss": "", + "category": "Vulnerability" + }, + "CKV_DOCKER_3": { + "checkID": "ENGINE_JWT_002 Evaluate JSON Web token's algorithm", + "environment": {"dev": "True", "pdn": "True", "qa": "True"}, + "guideline": "https://bancolombia.sharepoint.com/", + "severity": "High", + "cvss": "", + "category": "Vulnerability" + } + } + } + } +} diff --git a/NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json new file mode 100644 index 000000000..782b421a5 --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json @@ -0,0 +1,31 @@ +{ + "All": { + "CHECKOV": [ + { + "id": "CKV_K8S_24", + "where": "all", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704" + } + ] + }, + "Repository_Test": { + "SKIP_TOOL": { + "create_date": "24012024", + "expired_date": "30012024", + "hu": "3423213" + }, + "CHECKOV": [ + { + "id": "CKV_K8S_8", + "where": "deployment-configmap.yaml", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704" + } + ] + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json new file mode 100644 index 000000000..bb8c94e31 --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json @@ -0,0 +1,88 @@ +{ + "SEARCH_PATTERN": [ + "ms_" + ], + "IGNORE_SEARCH_PATTERN": [ + "test" + ], + "MESSAGE_INFO_ENGINE_IAC": "message custom", + "EXCLUSIONS_PATH": "/engine_sast/engine_iac/Exclusions.json", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 8, + "Medium": 10, + "Low": 15 + }, + "COMPLIANCE": { + "Critical": 1 + } + }, + "CHECKOV": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "", + "EXTERNAL_GIT_SSH_HOST": "", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "", + "USE_EXTERNAL_CHECKS_DIR": "False", + "EXTERNAL_DIR_OWNER": "", + "EXTERNAL_DIR_REPOSITORY": "", + "RULES": { + "RULES_DOCKER": { + "CKV_DOCKER_1": { + "checkID": "IAC-CKV-DOCKER-1 Ensure port 22 is not exposed", + "environment": { + "dev": true, + "pdn": true, + "qa": true + }, + "guideline": "guideline", + "severity": "Critical", + "cvss": "", + "category": "Vulnerability" + } + }, + "RULES_K8S": { + "CKV_K8S_16": { + "checkID": "IAC-CKV_K8S_16 Container should not be privileged", + "environment": { + "dev": true, + "pdn": true, + "qa": true + }, + "guideline": "guideline", + "severity": "Critical", + "cvss": "", + "category": "Vulnerability" + }, + "CKV_K8S_21": { + "checkID": "IAC-CKV_K8S_21 The default namespace should not be used", + "environment": { + "dev": true, + "pdn": true, + "qa": true + }, + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance" + } + }, + "RULES_CLOUDFORMATION": { + "CKV_AWS_20": { + "customID": "customID", + "checkID": "AWS S3 buckets are accessible to public", + "environment": { + "dev": true, + "pdn": true, + "qa": true + }, + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Vulnerability" + } + } + } + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json new file mode 100644 index 000000000..782b421a5 --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json @@ -0,0 +1,31 @@ +{ + "All": { + "CHECKOV": [ + { + "id": "CKV_K8S_24", + "where": "all", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704" + } + ] + }, + "Repository_Test": { + "SKIP_TOOL": { + "create_date": "24012024", + "expired_date": "30012024", + "hu": "3423213" + }, + "CHECKOV": [ + { + "id": "CKV_K8S_8", + "where": "deployment-configmap.yaml", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704" + } + ] + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json new file mode 100644 index 000000000..8767f5e2a --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json @@ -0,0 +1,22 @@ +{ + "IGNORE_SEARCH_PATTERN": [ + "test" + ], + "MESSAGE_INFO_ENGINE_SECRET": "message custom", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 0, + "Medium": 0, + "Low": 0 + }, + "COMPLIANCE": { + "Critical": 0 + } + }, + "TARGET_BRANCHES": ["trunk", "develop"], + "trufflehog": { + "EXCLUDE_PATH": [".git"], + "NUMBER_THREADS": 4 + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json new file mode 100644 index 000000000..c781a326f --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json @@ -0,0 +1,26 @@ +{ + "All": { + "TRUFFLEHOG": [ + ] + }, + "Repository_test": { + "TRUFFLEHOG": [ + { + "id": "SECRET_SCANNING", + "where": "azure_api/secretos_azure_api.txt", + "create_date": "30042024", + "expired_date": "undefined", + "hu": "12345", + "reason": "false_positive" + }, + { + "id": "SECRET_SCANNING", + "where": "keys_test.txt", + "create_date": "30042024", + "expired_date": "undefined", + "hu": "12345", + "reason": "false_positive" + } + ] + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json new file mode 100644 index 000000000..8c0b8779f --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json @@ -0,0 +1,25 @@ +{ + "PRISMA_CLOUD": { + "TWISTCLI_PATH": "twistcli", + "PRISMA_CONSOLE_URL": "", + "PRISMA_ACCESS_KEY": "", + "PRISMA_API_VERSION":"" + }, + "TRIVY": { + "TRIVY_VERSION": "0.48.1" + }, + "MESSAGE_INFO_ENGINE_CONTAINER": "message custom", + "REGEX_EXPRESSION_PROJECTS": "((NU)\\d+)", + "IGNORE_SEARCH_PATTERN":"(.*_demo0|.*_cer)", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 4, + "High": 10, + "Medium": 20, + "Low": 999 + }, + "COMPLIANCE": { + "Critical": 1 + } + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json new file mode 100644 index 000000000..bce186587 --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json @@ -0,0 +1,25 @@ +{ + "All": { + "PRISMA": [ + { + "id": "", + "where": "all", + "create_date": "24012023", + "expired_date": "22092023", + "hu": "345345", + "reason": "False Positive" + } + ] + }, + "Repository_Test": { + "PRISMA": [ + { + "id": "CVE-2023-6237", + "cve_id": "CVE-2023-6237", + "expired_date": "21092024", + "create_date": "24012023", + "hu": "345345" + } + ] + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json new file mode 100644 index 000000000..134075edb --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json @@ -0,0 +1,22 @@ +{ + "XRAY": { + "CLI_VERSION": "2.52.8" + }, + "IGNORE_ANALYSIS_PATTERN": "(.*_test)", + "BYPASS_ARCHIVE_LIMITS": "(repository)", + "WORK_DIR_DIFFERENT_FLAG": "workdir", + "REGEX_EXPRESSION_EXTENSIONS": "\\.(jar|ear|war)$", + "MESSAGE_INFO_ENGINE_DEPENDENCIES": "message custom", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 3, + "High": 5, + "Medium": 10, + "Low": 15 + }, + "COMPLIANCE": { + "Critical": 1 + }, + "CVE": ["CVE-123123"] + } +} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json new file mode 100644 index 000000000..02f657713 --- /dev/null +++ b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json @@ -0,0 +1,14 @@ +{ + "All": { + "XRAY": [ + { + "id": "XRAY-522015", + "cve_id": "CVE-2023-35116", + "where": "all", + "create_date": "19022024", + "expired_date": "undefined", + "hu": "4662904" + } + ] + } +} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json b/azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json new file mode 100644 index 000000000..859eb25a4 --- /dev/null +++ b/azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json @@ -0,0 +1,21 @@ +{ + "endpoint": "https://gw-sufi-qa.apps.ambientesbc.lab", + "operations": [ + { + "operation": { + "security_auth": { + "type": "client_secret" + }, + "method": "GET", + "path": "/private-bancolombia/testing/sufi/v2/operations-execution/product-specific/loans-sufi-catalogs/master-reference/MasterCatalogs/profesiones?businessLine=consumo", + "headers": { + "Client-Id": "9a8f346ce3cb89780d04dddf182f3bea", + "Client-Secret": "47928ac67e9481feb2d41b507db8074b", + "Content-Type": "application/vnd.bancolombia.v4+json", + "Ip-Client": "10.10.10.10", + "Consumer-Id": "0" + } + } + } + ] +} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/Master-reference-engine-security.json b/azp/_work/r1/a/tmp/Master-reference-engine-security.json new file mode 100644 index 000000000..876f038af --- /dev/null +++ b/azp/_work/r1/a/tmp/Master-reference-engine-security.json @@ -0,0 +1,21 @@ +{ + "endpoint": "#{apiHost}#", + "operations": [ + { + "operation": { + "security_auth": { + "type": "client_secret" + }, + "method": "GET", + "path": "/private-bancolombia/#{apiAmbiente}#/sufi/v2/operations-execution/product-specific/loans-sufi-catalogs/master-reference/MasterCatalogs/profesiones?businessLine=consumo", + "headers": { + "Client-Id": "#{client-id}#", + "Client-Secret": "#{client-secret}#", + "Content-Type": "application/vnd.bancolombia.v4+json", + "Ip-Client": "10.10.10.10", + "Consumer-Id": "0" + } + } + } + ] +} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/config-enroll-payment.json b/azp/_work/r1/a/tmp/config-enroll-payment.json new file mode 100644 index 000000000..23ad846ea --- /dev/null +++ b/azp/_work/r1/a/tmp/config-enroll-payment.json @@ -0,0 +1,101 @@ +{ + "endpoint": "https://internal-apigateway-qa.bancolombia.corp", + "operations": [ + { + "operation": { + "headers": { + "accept": "*/*", + "content-type": "application/vnd.bancolombia.v4+json", + "message-id": "419973-fcdf-4b2a-a54a-fe1be7ee3f1ac", + "x-ibm-client-id": "26b971b7-5076-4067-91cf-ba675610f8cb", + "x-ibm-client-secret": "L7fC7pX6tU5yH7wR4cG5jV3oV8pF3rN0sW7lD6mP7pD2rM0kS3" + }, + "method": "POST", + "path": "/int/testing/v1/sales-services/customer/payroll-agreement/list-payroll-agreement-by-Payer", + "payload": { + "data": { + "agreement": { + "payer": { + "identification": { + "number": "2544089", + "type": "TIPDOC_FS001" + } + } + }, + "pagination": { + "key": 1, + "size": 8 + } + } + }, + "security_auth": { + "type": "client_secret" + } + } + }, + { + "operation": { + "headers": { + "accept": "*/*", + "content-type": "application/vnd.bancolombia.v4+json", + "message-id": "419973-fcdf-4b2a-a54a-fe1be7ee3f1ac", + "x-ibm-client-id": "26b971b7-5076-4067-91cf-ba675610f8cb", + "x-ibm-client-secret": "L7fC7pX6tU5yH7wR4cG5jV3oV8pF3rN0sW7lD6mP7pD2rM0kS3" + }, + "method": "POST", + "path": "/int/testing/v1/sales-services/customer/payroll-agreement/list-payroll-agreement-by-Employer", + "payload": { + "data": { + "agreement": { + "employer": { + "identification": { + "number": "3250869", + "type": "TIPDOC_FS001" + } + } + }, + "pagination": { + "key": 1, + "size": 3 + } + } + }, + "security_auth": { + "type": "client_secret" + } + } + }, + { + "operation": { + "headers": { + "accept": "*/*", + "content-type": "application/vnd.bancolombia.v4+json", + "message-id": "419973-fcdf-4b2a-a54a-fe1be7ee3f1ac", + "x-ibm-client-id": "26b971b7-5076-4067-91cf-ba675610f8cb", + "x-ibm-client-secret": "L7fC7pX6tU5yH7wR4cG5jV3oV8pF3rN0sW7lD6mP7pD2rM0kS3" + }, + "method": "POST", + "path": "/int/testing/v1/sales-services/customer/payroll-agreement/list-payroll-agreement-by-Beneficiary", + "payload": { + "data": { + "agreement": { + "beneficiary": { + "identification": { + "number": "96112014052", + "type": "TIPDOC_FS001" + } + } + }, + "pagination": { + "key": 1, + "size": 3 + } + } + }, + "security_auth": { + "type": "client_secret" + } + } + } + ] +} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/debit_card-fares.json b/azp/_work/r1/a/tmp/debit_card-fares.json new file mode 100644 index 000000000..e813c282a --- /dev/null +++ b/azp/_work/r1/a/tmp/debit_card-fares.json @@ -0,0 +1,34 @@ +{ + "endpoint": "https://gw-medios-de-pago.apps.ocpqa.ambientesbc.lab", + "operations": [ + { + "operation": { + "headers": { + "accept": "application/json", + "client-id": "31444ca0488311e1cc6ad299625ddce7", + "client-secret": "04f178d6267b13c5c86d5c9aef909279", + "content-type": "application/json", + "json-web-token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJQUk9EVUNUT1JDT05TVU1JRE9SIiwic3VtIjoiMzE0NDRjYTA0ODgzMTFlMWNjNmFkMjk5NjI1ZGRjZTciLCJhdWQiOiJBUElHYXRld2F5X0xBTiIsImV4cCI6MTY1ODQ5NTA1NS4zMTgsImlhdCI6MTY1ODQwOTA1NS4zMTgsIm5vbmNlIjoiM2Q0M2I4Njk4MzFiIn0.U9VmIsgt-IZDaxuxu18FXa46jPLFG5p-KseBSiM2ge4zLjTncyyuAsEXhffni3vlqx79MMuxtk_4UoEvukVlaeRD3SLE6nEqKNwmwtM87oAWJvwOM_QL0Vn_OjsFpSOTtLn4_S9OBRjqFKosfFHLKFFctGVGMMwvlr1fJvFxcoXm2ZetHPPkTMZGrDgAGWYRbctaOQK8gzrSBiQNvSnyh_qAVOHBklB8Mc5L7DunkBUqTp3nk8kU2UrKK0bjABulqDibao38oWlzkufm8jkPPMg6cgcJe2B6Xe1lLYlLtUQrUbrR9Q3Yg-k4KmfUBNBmDeEResXFw6iu7zRkdZ7J_g", + "message-id": "MessageIdTests1209125", + "userId": "SVP", + "x-client-certificate": "-----BEGIN CERTIFICATE-----MIIENzCCAx+gAwIBAgIUZ+AmU84MboHHd0daiHtk3M9LocEwDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAkNPMRIwEAYDVQQIDAlBTlRJT1FVSUExETAPBgNVBAcMCE1FREVMTElOMRkwFwYDVQQKDBBCQU5DT0xPTUJJQSBTLkEuMSYwJAYDVQQLDB1WSUNFUFJFU0lERU5DSUEgREUgVEVDTk9MT0dJQTExMC8GA1UEAwwoUFJPRFVDVE9SQ09OU1VNSURPUi5hcHBzLmFtYmllbnRlc2JjLmNvbTAeFw0yMjA3MDgxNDA2MTBaFw0yMzA3MDgxNDA2MTBaMIGqMQswCQYDVQQGEwJDTzESMBAGA1UECAwJQU5USU9RVUlBMREwDwYDVQQHDAhNRURFTExJTjEZMBcGA1UECgwQQkFOQ09MT01CSUEgUy5BLjEmMCQGA1UECwwdVklDRVBSRVNJREVOQ0lBIERFIFRFQ05PTE9HSUExMTAvBgNVBAMMKFBST0RVQ1RPUkNPTlNVTUlET1IuYXBwcy5hbWJpZW50ZXNiYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgHJtDs7+IKQ12WUSDYUUxZjy4PefSB46tHlfyK5G/x71sHwt9wiIcsGAI5ocZ9QHnrew2iWqmbOVGkTfXosqAIaNDIjznUrjAi4RBTZVts3UDHm0yHXM2vUIsNvkjNrV0mLm0HdX/OSHVgiKvyKbO9AOYoZDSqz9rh3klPk3c1kqhn5CGJypxZwCgUSoWIw8xdoSPnA7UMNGH2SqHSDPDx+SX7WM8VAyS2S67W9k0rJUiUXwE4utCChwzEE2vDw93+k4Gx2q95A7XdhYICCennoj9fo9ws+ykrUx7Jy6Zpt4sWucIbI/IrJvyLOfc4OK4IQMHcnSEsSWXEps2b50HAgMBAAGjUzBRMB0GA1UdDgQWBBQk1R4aAntntytjglvpGA3kzpI9LTAfBgNVHSMEGDAWgBQk1R4aAntntytjglvpGA3kzpI9LTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBagF0sOomIWIamK6pD0WidPz/522GoS0ZtHwp0qvgdBsGaR9rrX3k7trIvonaQCgjzbxJKbZ8oN/9zlMBtgtQIwPEOEP0hHXaLYaVsJ4ExW1A2NoCYqjx23xFAwOGW13CFdd0piUH4ZfMJGsS7FqZh7knGl8odCKwgBUdxDbqvsJA5dUCDuwCzU6MO9SOEg6bVbkQkZIlnxt+6qAVYZU6uctMJLHBitqb94kFHyrXa9FfaSPySqKSQVcjAnhUPOq3iKgZ7dh16ohK+6NBun+OWxGwCCqMqSXt472cqW82+tzqfUmx4VqT0lVZS4yUOp21rP6pthciYXG2UNM9gLeCR-----END CERTIFICATE-----" + }, + "method": "POST", + "path": "/private-bancolombia/testing/v1/reference-data/product-management/debit-card-design/customer/debit-cards/handlingfee/retrieve", + "payload": { + "data": { + "customerCard": { + "number": "6016607120514899" + }, + "user": { + "id": "BROKE" + } + } + }, + "security_auth": { + "type": "none" + } + } + } + ] +} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/fraud_models.json b/azp/_work/r1/a/tmp/fraud_models.json new file mode 100644 index 000000000..f3c4c14a2 --- /dev/null +++ b/azp/_work/r1/a/tmp/fraud_models.json @@ -0,0 +1,66 @@ +{ + "endpoint": "https://gw-monitoreo-qa.apps.ambientesbc.lab", + "operations": [ + { + "operation": { + "headers": { + "accept": "application/vnd.bancolombia.v4+json", + "client-id": "1c397a732e5763619a45d3ffb117f01e", + "client-secret": "6b8fb3748f756daffb6d5e421d311bbe", + "content-type": "application/vnd.bancolombia.v4+json", + "messageid": "c4e6bd04-5149-11e7-b114-b2f933d5fe66" + }, + "method": "POST", + "path": "/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation", + "payload": { + "data": { + "employee": { + "user": "" + }, + "identification": { + "number": "18052405551", + "type": "TIPDOC_FS001" + } + } + }, + "security_auth": { + "type": "client_secret" + } + } + }, + { + "operation": { + "headers": { + "accept": "application/vnd.bancolombia.v4+json", + "client-id": "1c397a732e5763619a45d3ffb117f01e", + "client-secret": "6b8fb3748f756daffb6d5e421d311bbe", + "content-type": "application/vnd.bancolombia.v4+json", + "messageid": "c4e6bd04-5149-11e7-b114-b2f933d5fe66" + }, + "method": "POST", + "path": "/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement", + "payload": { + "data": { + "contactData": [ + { + "dialContact": "efectivo", + "email": "pepito@correo.com", + "phone": "3229750374" + } + ], + "employee": { + "user": "" + }, + "identification": { + "number": "18052405551", + "type": "TIPDOC_FS001" + } + } + }, + "security_auth": { + "type": "client_secret" + } + } + } + ] +} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/geolocalization.json b/azp/_work/r1/a/tmp/geolocalization.json new file mode 100644 index 000000000..c27b7557b --- /dev/null +++ b/azp/_work/r1/a/tmp/geolocalization.json @@ -0,0 +1,22 @@ +{ + "endpoint": "https://api.us.apiconnect.ibmcloud.com", + "operations": [ + { + "operation": { + "headers": { + "accept": "application/json" + }, + "method": "GET", + "parm": { + "latitude": "6.227002", + "longitude": "-75.575427" + }, + "path": "/bancolombiabluemix-dev/development/tec/v2/sales-service/cross-channel/service-points/atms?", + "security_auth": { + "type": "client_secret" + } + } + } + ], + "rate_limit": "30" +} \ No newline at end of file diff --git a/azp/test_jwt.py b/azp/test_jwt.py new file mode 100644 index 000000000..e2dc8f4af --- /dev/null +++ b/azp/test_jwt.py @@ -0,0 +1,66 @@ +# jwt_token.py +from authlib.jose import jwt +from dataclasses import dataclass +from tools.devsecops_engine_tools.engine_dast.src.domain.model.gateways.token_technology import ( + Token, +) +import time +import secrets + + +class JwtObject: + def init_header(self): + self.header = {"alg": self.algorithm} + + def init_payload(self): + self.payload = { + "iss": self.iss, + "sum": self.sum, + "aud": self.aud, + "exp": self.exp, + "iat": self.iat, + "nonce": self.nonce, + } + return self.payload + + def generate_token(self): + self.private_key = ( + self.private_key.replace(" ", "\n") + .replace("-----BEGIN\nPRIVATE\nKEY-----", "-----BEGIN PRIVATE KEY-----") + .replace("-----END\nPRIVATE\nKEY-----", "-----END PRIVATE KEY-----") + ) + self.jwt_token = jwt.encode(self.header, self.payload, self.private_key).decode( + "utf-8" + ) + return self.jwt_token + + def __init__(self, private_key, algorithm, iss, check_sum, aud, header_name): + self.private_key = private_key + self.algorithm = algorithm + self.iss = iss + self.sum = check_sum + self.aud = aud + self.iat = time.time() + self.exp = self.iat + 60 * 60 + self.nonce = secrets.token_hex(10) + self.payload = None + self.header = None + self.jwt_token = None + self.header_name = header_name + +if __name__ == "__main__": + private_key = "" + algorithm = "RS256" + iss = "PRODUCTORCONSUMIDOR" + check_sum = "5d09e768-4bbc-4614-9b30-d9abfcb663a7" + aud = "APIGateway_LAN" + payload = "" + header = "" + header_name = "json-web-token" + + jwt_object = JwtObject(private_key, algorithm, iss, check_sum, aud, header_name) + jwt_object.init_header() + jwt_object.init_payload() + print(jwt_object.generate_token()) +# https://dev.azure.com/PNFEngineTest/Pruebas_PNF_Engine/_releaseProgress?releaseId=437&environmentId=1175&_a=release-environment-variables +# sacar variable jwt_private_key del pipeline y poner en la variable local private_key situada arriba diff --git a/customized-nuclei-templates/nuclei_template_0.yaml b/customized-nuclei-templates/nuclei_template_0.yaml new file mode 100644 index 000000000..29dc75d5c --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_0.yaml @@ -0,0 +1,39 @@ +id: content-security-policy-header + +info: + name: Content Security Policy + author: devsecops + severity: low + description: | + The application has unnsafe configurations regarding the Content-Security-Policy header. This may be because: + + - Header is missing from server responses. + - The header has not defined mandatory security policies. + - Defined security policies contain insecure values. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C + cvss-score: 3.8 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: content-security-policy + dsl: + - "!regex('(?i)content-security-policy', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_1.yaml b/customized-nuclei-templates/nuclei_template_1.yaml new file mode 100644 index 000000000..ad0891bd8 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_1.yaml @@ -0,0 +1,35 @@ +id: permissions-policy-header + +info: + name: Permissions Policy + author: devsecops + severity: low + description: | + This template checks if the target website has a Permissions-Policy header, which allows or denies the use of browser features in a document or within any iframe elements in the document. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C + cvss-score: 2.7 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)permissions-policy', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_10.yaml b/customized-nuclei-templates/nuclei_template_10.yaml new file mode 100644 index 000000000..4812b561d --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_10.yaml @@ -0,0 +1,35 @@ +id: referrer-policy-header + +info: + name: Content Security Policy + author: devsecops + severity: low + description: | + The server lacks the HTTP Referrer-Policy header. Alternatively, its configuration is insecure. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C + cvss-score: 1.8 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: referrer-policy + dsl: + - "!regex('(?i)referrer-policy', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_11.yaml b/customized-nuclei-templates/nuclei_template_11.yaml new file mode 100644 index 000000000..2d09694d1 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_11.yaml @@ -0,0 +1,35 @@ +id: strict-transport-security-header + +info: + name: Strict Transport Security Headers + author: devsecops + severity: low + description: | + The server lacks the HTTP Strict-Transport-Security header. Alternatively, the max-age value of it is too small. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C + cvss-score: 3.2 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)strict-transport-security', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_12.yaml b/customized-nuclei-templates/nuclei_template_12.yaml new file mode 100644 index 000000000..7a27c89ff --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_12.yaml @@ -0,0 +1,35 @@ +id: x-content-type-options-header + +info: + name: X Content Type Options Header + author: devsecops + severity: medium + description: | + The server lacks the HTTP X-Content-Type-Options header. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C + cvss-score: 4.3 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)x-content-type-options', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_13.yaml b/customized-nuclei-templates/nuclei_template_13.yaml new file mode 100644 index 000000000..94eaa3088 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_13.yaml @@ -0,0 +1,35 @@ +id: x-frame-options-header + +info: + name: X Frame Options Header + author: devsecops + severity: low + description: | + The application uses the X-Frame Options header as the only protection measure against clickjacking attacks. This header is considered obsolete, because its protection can be bypassed using multiple-layer iframes. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C + cvss-score: 3.0 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: x-frame-options + dsl: + - "!regex('(?i)x-frame-options', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_14.yaml b/customized-nuclei-templates/nuclei_template_14.yaml new file mode 100644 index 000000000..b77bc928d --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_14.yaml @@ -0,0 +1,35 @@ +id: x-permitted-cross-domain-policies-header + +info: + name: X Permitted Cross Domain Policies Header + author: devsecops + severity: low + description: | + The application does not define the security header X-Permitted-Cross-Domain-Policies, or it has it set to an insecure value. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C + cvss-score: 3.6 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)x-permitted-cross-domain-policies', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_15.yaml b/customized-nuclei-templates/nuclei_template_15.yaml new file mode 100644 index 000000000..f14940390 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_15.yaml @@ -0,0 +1,48 @@ +id: xss-deprecated-header + +info: + name: XSS-Protection Header - Cross-Site Scripting + author: devsecops + severity: medium + description: Setting the XSS-Protection header is deprecated. Setting the header + to anything other than `0` can actually introduce an XSS vulnerability. + reference: + - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + - https://owasp.org/www-project-secure-headers/#x-xss-protection + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C + cvss-score: 4.0 + metadata: + max-request: 1 + tags: xss,misconfig,generic + +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + matchers-condition: and + matchers: + - type: regex + part: header + regex: + - '(?i)x-xss-protection: 0' + negative: true + + - type: regex + part: header + regex: + - '(?i)x-xss-protection: 1+' + + extractors: + - type: kval + part: header + kval: + - x_xss_protection + +# digest: 4b0a00483046022100bf9a6e90e4d3004caff9982d22093726978d7b063269b438ab75ea2bcba15a19022100ce53a1ef6ffb2b220c86574ebc654c0d0b2ca16c42cc940cef32e369f5f5ef07:922c64590222798bb761d5b6d8e72950 + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_2.yaml b/customized-nuclei-templates/nuclei_template_2.yaml new file mode 100644 index 000000000..67dd8a1b4 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_2.yaml @@ -0,0 +1,35 @@ +id: referrer-policy-header + +info: + name: Content Security Policy + author: devsecops + severity: low + description: | + The server lacks the HTTP Referrer-Policy header. Alternatively, its configuration is insecure. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C + cvss-score: 1.8 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: referrer-policy + dsl: + - "!regex('(?i)referrer-policy', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_3.yaml b/customized-nuclei-templates/nuclei_template_3.yaml new file mode 100644 index 000000000..7561808c6 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_3.yaml @@ -0,0 +1,35 @@ +id: strict-transport-security-header + +info: + name: Strict Transport Security Headers + author: devsecops + severity: low + description: | + The server lacks the HTTP Strict-Transport-Security header. Alternatively, the max-age value of it is too small. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C + cvss-score: 3.2 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)strict-transport-security', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_4.yaml b/customized-nuclei-templates/nuclei_template_4.yaml new file mode 100644 index 000000000..de3280a13 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_4.yaml @@ -0,0 +1,35 @@ +id: x-content-type-options-header + +info: + name: X Content Type Options Header + author: devsecops + severity: medium + description: | + The server lacks the HTTP X-Content-Type-Options header. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C + cvss-score: 4.3 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)x-content-type-options', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_5.yaml b/customized-nuclei-templates/nuclei_template_5.yaml new file mode 100644 index 000000000..5b1fdeb35 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_5.yaml @@ -0,0 +1,35 @@ +id: x-frame-options-header + +info: + name: X Frame Options Header + author: devsecops + severity: low + description: | + The application uses the X-Frame Options header as the only protection measure against clickjacking attacks. This header is considered obsolete, because its protection can be bypassed using multiple-layer iframes. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C + cvss-score: 3.0 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: x-frame-options + dsl: + - "!regex('(?i)x-frame-options', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_6.yaml b/customized-nuclei-templates/nuclei_template_6.yaml new file mode 100644 index 000000000..6391b06ef --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_6.yaml @@ -0,0 +1,35 @@ +id: x-permitted-cross-domain-policies-header + +info: + name: X Permitted Cross Domain Policies Header + author: devsecops + severity: low + description: | + The application does not define the security header X-Permitted-Cross-Domain-Policies, or it has it set to an insecure value. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C + cvss-score: 3.6 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)x-permitted-cross-domain-policies', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_7.yaml b/customized-nuclei-templates/nuclei_template_7.yaml new file mode 100644 index 000000000..5262b7f98 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_7.yaml @@ -0,0 +1,48 @@ +id: xss-deprecated-header + +info: + name: XSS-Protection Header - Cross-Site Scripting + author: devsecops + severity: medium + description: Setting the XSS-Protection header is deprecated. Setting the header + to anything other than `0` can actually introduce an XSS vulnerability. + reference: + - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + - https://owasp.org/www-project-secure-headers/#x-xss-protection + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C + cvss-score: 4.0 + metadata: + max-request: 1 + tags: xss,misconfig,generic + +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' + matchers-condition: and + matchers: + - type: regex + part: header + regex: + - '(?i)x-xss-protection: 0' + negative: true + + - type: regex + part: header + regex: + - '(?i)x-xss-protection: 1+' + + extractors: + - type: kval + part: header + kval: + - x_xss_protection + +# digest: 4b0a00483046022100bf9a6e90e4d3004caff9982d22093726978d7b063269b438ab75ea2bcba15a19022100ce53a1ef6ffb2b220c86574ebc654c0d0b2ca16c42cc940cef32e369f5f5ef07:922c64590222798bb761d5b6d8e72950 + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_8.yaml b/customized-nuclei-templates/nuclei_template_8.yaml new file mode 100644 index 000000000..921ff0273 --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_8.yaml @@ -0,0 +1,39 @@ +id: content-security-policy-header + +info: + name: Content Security Policy + author: devsecops + severity: low + description: | + The application has unnsafe configurations regarding the Content-Security-Policy header. This may be because: + + - Header is missing from server responses. + - The header has not defined mandatory security policies. + - Defined security policies contain insecure values. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C + cvss-score: 3.8 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: content-security-policy + dsl: + - "!regex('(?i)content-security-policy', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_9.yaml b/customized-nuclei-templates/nuclei_template_9.yaml new file mode 100644 index 000000000..51d2fa89f --- /dev/null +++ b/customized-nuclei-templates/nuclei_template_9.yaml @@ -0,0 +1,35 @@ +id: permissions-policy-header + +info: + name: Permissions Policy + author: devsecops + severity: low + description: | + This template checks if the target website has a Permissions-Policy header, which allows or denies the use of browser features in a document or within any iframe elements in the document. + metadata: + max-request: 1 + tags: misconfig,headers,generic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C + cvss-score: 2.7 +http: +- method: POST + path: + - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' + host-redirects: true + max-redirects: 3 + + matchers-condition: or + matchers: + - type: dsl + name: missing-header + dsl: + - "!regex('(?i)permissions-policy', header)" + - status_code != 301 && status_code != 302 + condition: and + headers: + accept: application/vnd.bancolombia.v4+json + client-id: 1c397a732e5763619a45d3ffb117f01e + client-secret: 6b8fb3748f756daffb6d5e421d311bbe + content-type: application/vnd.bancolombia.v4+json + messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py b/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py index e42f1fd68..9b60d9893 100644 --- a/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +++ b/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py @@ -75,6 +75,7 @@ def get_inputs_from_cli(args): parser.add_argument("--token_vulnerability_management", required=False, help="Token to connect to the Vulnerability Management") parser.add_argument("--token_engine_container", required=False, help="Token to execute engine_container if is necessary") parser.add_argument("--token_engine_dependencies", required=False, help="Token to execute engine_dependencies if is necessary") + parser.add_argument("--dast_file_path", required=False, help="Engine DAST path file") args = parser.parse_args() return { "platform_devops": args.platform_devops, @@ -89,6 +90,7 @@ def get_inputs_from_cli(args): "token_vulnerability_management": args.token_vulnerability_management, "token_engine_container": args.token_engine_container, "token_engine_dependencies": args.token_engine_dependencies, + "dast_file_path": args.dast_file_path } def application_core(): diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py index 8173411f0..4ba2a0ce1 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py @@ -26,10 +26,12 @@ from devsecops_engine_tools.engine_sca.engine_dependencies.src.applications.runner_dependencies_scan import ( runner_engine_dependencies, ) +from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import ( + runner_engine_dast +) from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( define_env, ) - from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger from devsecops_engine_tools.engine_utilities import settings @@ -121,7 +123,13 @@ def process(self, dict_args: any, config_tool: any): ) return findings_list, input_core elif "engine_dast" in dict_args["tool"]: - print(MESSAGE_ENABLED) + findings_list, input_core = runner_engine_dast( + dict_args, + config_tool, + secret_tool, + self.devops_platform_gateway + ) + return findings_list, input_core elif "engine_secret" in dict_args["tool"]: findings_list, input_core = runner_secret_scan( dict_args, diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py new file mode 100644 index 000000000..9c1f28024 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -0,0 +1,94 @@ +import json +from typing import List +from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.entry_point_dast import ( + init_engine_dast, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool import ( + NucleiTool, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_object import ( + JwtObject, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool import ( + JwtTool, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth import ( + GenericOauth, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.http.client.auth_client import ( + AuthClientCredential, +) + +from devsecops_engine_tools.engine_dast.src.domain.model.api_config import ( + ApiConfig +) +from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import ( + ApiOperation +) + + +def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): + try: + # Define driven adapters + # Initialize variables + devops_platform_gateway = devops_platform + extra_tools = [] + target_config = None + + # Filling operations list with adapters + with open(dict_args["dast_file_path"], 'r') as dast_file: + data = json.load(dast_file) + if "operations" in data: # Api + operations: List = [] + for elem in data["operations"]: + security_type = elem["operation"]["security_auth"]["type"].lower() + if security_type == "jwt": + operations.append( + ApiOperation( + elem, + JwtObject( + elem["operation"]["security_auth"] + ))) + elif security_type == "oauth": + operations.append( + ApiOperation( + elem, + GenericOauth( + elem["operation"]["security_auth"] + ) + ) + ) + else: + operations.append( + ApiOperation( + elem, + AuthClientCredential( + elem["operation"]["security_auth"] + ) + ) + ) + data["operations"] = operations + target_config = ApiConfig(data) + else: # Web Application + pass + + + if config_tool["ENGINE_DAST"]["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool + tool_run = NucleiTool() + + if any((k.lower() == "jwt") for k in config_tool["ENGINE_DAST"]["EXTRA_TOOLS"]) and \ + any(isinstance(o.authentication_gateway, JwtObject) for o in data["operations"] ): + extra_tools.append(JwtTool(target_config)) + + return init_engine_dast( + devops_platform_gateway=devops_platform_gateway, + tool_gateway=tool_run, + dict_args=dict_args, + secret_tool=secret_tool, + config_tool=config_tool, #the name of the tool + extra_tools=extra_tools, + target_data=target_config + ) + + except Exception as e: + raise Exception(f"Error engine dast : {str(e)}") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py new file mode 100644 index 000000000..8c2741a65 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py @@ -0,0 +1,12 @@ +from typing import List +from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import ApiOperation + +class ApiConfig(): + def __init__(self, api_data: dict): + try: + self.target_type: str = "API" + self.endpoint: str = api_data["endpoint"] + self.rate_limit: str = api_data.get("rate_limit") + self.operations: "List[ApiOperation]" = api_data["operations"] + except KeyError: + raise KeyError("Configuración faltante, validar endpoint y acda uno de los operations") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py new file mode 100644 index 000000000..79d030129 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py @@ -0,0 +1,10 @@ + +class ApiOperation(): + def __init__(self, operation, authentication_gateway): + self.authentication_gateway = authentication_gateway + self.data = operation + self.token = None + + def authenticate(self): + self.token = self.authentication_gateway.get_credentials() + return self.token diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py new file mode 100644 index 000000000..4dcf8ef02 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py @@ -0,0 +1,25 @@ +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +class ConfigTool: + def __init__(self, json_data, tool): + self.version = json_data[tool]["VERSION"] + self.exclusions_path = json_data[tool]["EXCLUSIONS_PATH"] + self.use_external_checks_git = json_data[tool]["USE_EXTERNAL_CHECKS_GIT"] + self.external_checks_git = json_data[tool]["EXTERNAL_CHECKS_GIT"] + self.repository_ssh_host = json_data[tool]["EXTERNAL_GIT_SSH_HOST"] + self.repository_public_key_fp = json_data[tool][ + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT" + ] + self.use_external_checks_dir = json_data[tool]["USE_EXTERNAL_CHECKS_DIR"] + self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"] + self.external_dir_repository = json_data[tool]["EXTERNAL_DIR_REPOSITORY"] + self.external_asset_name = json_data[tool]["EXTERNAL_DIR_ASSET_NAME"] + self.message_info_dast = json_data[tool]["MESSAGE_INFO_DAST"] + self.threshold = Threshold(json_data[tool]["THRESHOLD"]) + self.rules_data_type = json_data[tool]["RULES"] + self.scope_pipeline = "" + self.exclusions = None + self.exclusions_all = None + self.exclusions_scope = None + self.rules_all = {} diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py new file mode 100644 index 000000000..825200c84 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py @@ -0,0 +1,7 @@ +from abc import ABCMeta, abstractmethod + + +class AuthenticationGateway(metaclass=ABCMeta): + @abstractmethod + def get_credentials(self, target_data) -> dict: + "get_credentials" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py new file mode 100644 index 000000000..bb0cbf9e6 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py @@ -0,0 +1,11 @@ +from abc import ABCMeta, abstractmethod + + +class DevopsPlatformGateway(metaclass=ABCMeta): + @abstractmethod + def get_remote_config(self, remote_config_repo, remote_config_path_file) -> dict: + "get_remote_config" + + @abstractmethod + def get_variable(self, variable): + "get_variable" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py new file mode 100644 index 000000000..bc1cde3e0 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py @@ -0,0 +1,9 @@ +from abc import ABCMeta, abstractmethod + + +class RemoteConfigGateway(metaclass=ABCMeta): + @abstractmethod + def get_remote_json_config( + self, remote_config_repo, remote_config_path_file + ) -> dict: + "remote config" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py new file mode 100644 index 000000000..88655a03d --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py @@ -0,0 +1,11 @@ +from dataclasses import dataclass +from abc import ABCMeta, abstractmethod + + +@dataclass +class Token(metaclass=ABCMeta): + token: str + + @abstractmethod + def get_token(self): + "return_token" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py new file mode 100644 index 000000000..01ab154d2 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/tool_gateway.py @@ -0,0 +1,9 @@ +from abc import ABCMeta, abstractmethod + + +class ToolGateway(metaclass=ABCMeta): + @abstractmethod + def run_tool( + self, init_config_tool, exclusions, environment, pipeline, secret_tool + ) -> str: + "run_tool" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py new file mode 100644 index 000000000..970b0a844 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py @@ -0,0 +1,3 @@ +class SecurityAuth(): + def __init__(self, authentication_gateway): + print() \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py new file mode 100644 index 000000000..e48c50282 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py @@ -0,0 +1,5 @@ +class WaConfig: + def __init__(self, data: dict): + self.target_type: str = "WA" + self.url: str = data["endpoint"] + self.data: dict = data.wa_data \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py new file mode 100644 index 000000000..874ed1ec0 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py @@ -0,0 +1,127 @@ +from typing import ( + List, Tuple, Any +) +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.config_dast.config_tool import ( + config_tool_local, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.config_dast.config_exclusions import ( + config_exclusions, +) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import ( + InputCore, +) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import ( + Exclusions, +) +from devsecops_engine_tools.engine_dast.src.domain.model.config_tool import ( + ConfigTool, +) + +class DastScan: + def __init__( + self, + tool_gateway: ToolGateway, + devops_platform_gateway: DevopsPlatformGateway, + data_target, + aditional_tools: "List[ToolGateway]" + ): + self.tool_gateway = tool_gateway + self.devops_platform_gateway = devops_platform_gateway + self.data_target = data_target + self.other_tools = aditional_tools + + def complete_config_tool( + self, data_file_tool, exclusions, tool + ) -> "Tuple[ConfigTool, Any]": + config_tool = ConfigTool( + json_data=data_file_tool, + tool=tool, + ) + + config_tool.exclusions = exclusions + config_tool.scope_pipeline = self.devops_platform_gateway.get_variable( + "pipeline_name" + ) + + if config_tool.exclusions.get("All") is not None: + config_tool.exclusions_all = config_tool.exclusions.get("All").get( + tool + ) + if config_tool.exclusions.get(config_tool.scope_pipeline) is not None: + config_tool.exclusions_scope = config_tool.exclusions.get( + config_tool.scope_pipeline + ).get(config_tool) + + data_target_config = self.data_target + return config_tool, data_target_config + + def process( + self, dict_args, secret_tool, config_tool + ) -> "Tuple[List, InputCore]": + init_config_tool = self.devops_platform_gateway.get_remote_config( + dict_args["remote_config_repo"], "engine_dast/configTool.json" + ) + + exclusions = self.devops_platform_gateway.get_remote_config( + dict_args["remote_config_repo"], + "engine_dast/Exclusions.json" + ) + + + config_tool, data_target = self.complete_config_tool( + data_file_tool=init_config_tool, + exclusions=exclusions, + tool=config_tool["ENGINE_DAST"]["TOOL"], + ) + + finding_list, path_file_results = self.tool_gateway.run_tool( + target_data=data_target, + config_tool=config_tool, + secret_tool=secret_tool, + ) + #Here exceute other tools and append to finding list + if len(self.other_tools) > 0: + extra_finding_list = self.other_tools[0].run_tool( + target_data=data_target, + config_tool=config_tool + ) + if len(extra_finding_list) > 0: + finding_list.extend(extra_finding_list) + + totalized_exclusions = [] + ( + totalized_exclusions.extend( + map( + lambda elem: Exclusions(**elem), config_tool.exclusions_all + ) + ) + if config_tool.exclusions_all is not None + else None + ) + ( + totalized_exclusions.extend( + map( + lambda elem: Exclusions(**elem), + config_tool.exclusions_scope, + ) + ) + if config_tool.exclusions_scope is not None + else None + ) + + input_core = InputCore( + totalized_exclusions=totalized_exclusions, + threshold_defined=config_tool.threshold, + path_file_results=path_file_results, + custom_message_break_build=config_tool.message_info_dast, + scope_pipeline=config_tool.scope_pipeline, + stage_pipeline="Release", + ) + + return finding_list, input_core \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py new file mode 100644 index 000000000..459b2aef0 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py @@ -0,0 +1,12 @@ +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.authentication_method import ( + AuthenticationGateway, +) + + +class AuthClientCredential(AuthenticationGateway): + def __init__(self, security_auth: dict): + self.client_id: str = security_auth.get("client_id") + self.client_secrets: str = security_auth.get("client_secret") + + def get_credentials(self, target_data) -> dict: + return super().get_credentials(target_data) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py new file mode 100644 index 000000000..18c49c7cb --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py @@ -0,0 +1,47 @@ +from authlib.jose import jwt +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.authentication_method import ( + AuthenticationGateway, +) +import time +import secrets + + +class JwtObject(AuthenticationGateway): + def __init__(self, security_auth: dict): + self.private_key: str = security_auth.get("jwt_private_key") + self.algorithm: str = security_auth.get("jwt_algorithm") + self.iss: str = security_auth.get("jwt_iss") + self.sum: str = security_auth.get("jwt_sum") + self.aud: str = security_auth.get("jwt_aud") + self.iat: float = time.time() + self.exp: float = self.iat + 60 * 60 + self.nonce = secrets.token_hex(10) + self.payload: dict = {} + self.header: dict = {} + self.jwt_token: str = None + self.header_name: str = security_auth.get("jwt_header_name") + + def init_header(self) -> None: + self.header: dict = {"alg": self.algorithm} + + def init_payload(self) -> dict: + self.payload: dict = { + "iss": self.iss, + "sum": self.sum, + "aud": self.aud, + "exp": self.exp, + "iat": self.iat, + "nonce": self.nonce, + } + return self.payload + + def get_credentials(self) -> str: + self.private_key = ( + self.private_key.replace(" ", "\n") + .replace("-----BEGIN\nPRIVATE\nKEY-----", "-----BEGIN PRIVATE KEY-----") + .replace("-----END\nPRIVATE\nKEY-----", "-----END PRIVATE KEY-----") + ) + self.jwt_token = jwt.encode(self.header, self.payload, self.private_key).decode( + "utf-8" + ) + return self.jwt_token diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py new file mode 100644 index 000000000..8065901c3 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py @@ -0,0 +1,197 @@ +from typing import ( + List +) +from dataclasses import ( + dataclass, +) +from datetime import ( + datetime, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +import jwt +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.helpers.file_generator_tool import ( + generate_file_from_tool, +) + +class JwtTool(ToolGateway): + + def __init__(self, target_config): + self.BAD_JWT_ALG = ["none", "ES256", "ES384", "ES512"] + self.BAD_JWS_ALG = ["none", "ES256", "ES384", "ES512"] + self.GOOD_JWE_ALG = ["dir", "RSA-OAEP", "RSA-OAEP-256"] + self.GOOD_JWE_ENC = ["A256GCM"] + self.target_config = target_config + + def downgrade(self, token): + newtoken = False + alg = jwt.get_unverified_header(token)["alg"] + data = jwt.decode(token, options={"verify_signature": False}) + + if alg == "HS256": + newtoken = jwt.encode(data, "", algorithm=None) + return newtoken + + def send_req_downgrade( + self, agent, natural_response=None, url="", token="", params=None, data=None + ): + """Send downgraded JWT token in request using agent""" + + check_id = "ENGINE_JWT_004" + is_vulnerable = False + message_downgrade = "Downgrade de JWT fallido" + + if natural_response is None: + agent.auth_bearer(token) + if data is None: + natural_response = agent.get(url, params) + else: + natural_response = agent.post(url, params) + + agent.auth_bearer(token) + bad_token = self.downgrade(token) + + if bad_token: + bad_response = agent.get(url, params) + else: + bad_response = agent.post(url, data) + if natural_response.status_code == bad_response.status_code: + if natural_response.txt == bad_response.text: + is_vulnerable = True + message_downgrade = "Downgrade de JWT exitoso" + + return ("JWT token", check_id, is_vulnerable, message_downgrade, token) + + def verify_jwt_alg(self, token): + "Evaluate JSON Web token's algorithm" + + check_id = "ENGINE_JWT_001" + is_vulnerable = False + alg = jwt.get_unverified_header(token)["alg"] + + if alg in self.BAD_JWT_ALG: + is_vulnerable = True + + return { + "check-id": check_id, + "cvss": "", + "matched-at": "", + "description": "msg", + "severity": "", + "remediation": "" + } + + def verify_jws_alg(self, token): + """Evaluate JSON Web signature's algorithm""" + + check_id = "ENGINE_JWT_002" + is_vulnerable = False + alg = jwt.get_unverified_header(token)["alg"] + + if alg in self.BAD_JWS_ALG: + is_vulnerable = True + + return { + "check-id": check_id, + "cvss": "", + "matched-at": "", + "description": "msg", + "severity": "", + "remediation": "" + } + + def verify_jwe(self, token): + """Evaluate JSON Web encryption's algorithm""" + + check_id = "ENGINE_JWT_003" + msg = "" + is_vulnerable = True + enc = jwt.get_unverified_header(token)["enc"] + alg = jwt.get_unverified_header(token)["alg"] + + if enc in self.GOOD_JWE_ENC: + if alg in self.GOOD_JWE_ALG: + is_vulnerable = False + msg = "Algoritmo: " + alg + " | Cifrado: " + enc + else: + msg = "Algoritmo: " + alg + else: + msg = "Cifrado: " + enc + + return { + "check-id": check_id, + "cvss": "", + "matched-at": "", + "description": msg, + "severity": "", + "remediation": "" + } + + def check_token(self, token): + "Verify if token is JWT, JWS or JWE" + + hed = jwt.get_unverified_header() + + if "enc" in hed.keys(): + result = self.verify_jwe(token) + elif "typ" in hed.keys(): + result = self.verify_jwt_alg(token) + else: + result = self.verify_jws_alg(token) + + return result + + def configure_tool(self, target_data): + """Method for create all tokens""" + jwt_list = [] + for operation in target_data.operations: + if operation.authentication_gateway["type"].lower() == "jwt": + jwt_list.append(operation) + return jwt_list + + def execute(self, jwt_config): + result_scans = [] + if len(jwt_config) > 0: + for jwt_operation in jwt_config: + token = jwt_operation.authenticate() + result = self.check_token(token) + result_scans.append(result) + return result_scans + + def get_list_finding( + self, + result_scan_list: "List[dict]" + ) -> "List[Finding]": + list_open_findings = [] + if len(result_scan_list) > 0: + for scan in result_scan_list: + finding_open = Finding( + id=scan.get("check-id"), + cvss=scan.get("cvss"), + where=scan.get("matched-at"), + description=scan["info"].get("description"), + severity=scan["info"].get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + module="engine_dast", + category=Category("vulnerability"), + requirements=scan["info"].get("remediation"), + tool="Jwt", + ) + list_open_findings.append(finding_open) + return list_open_findings + + def run_tool(self, target_data, config_tool): + jwt_config = self.configure_tool(target_data) + result_scans = self.execute(jwt_config) + finding_list = self.deserialize_results(result_scans) + path_file_results = generate_file_from_tool( + self.TOOL, result_scans, config_tool + ) + return finding_list, path_file_results + + diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/__init__.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py new file mode 100644 index 000000000..a74f54d13 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py @@ -0,0 +1,83 @@ +from typing import List +import os +from uu import Error +from ruamel.yaml import YAML + + +class NucleiConfig: + def __init__(self, target_config): + self.url: str = target_config.endpoint + self.target_type: str = target_config.target_type + self.custom_templates_dir: str = "" + self.output_file: str = "result_dast_scan.json" + self.yaml = YAML() + if self.target_type.lower() == "api": + self.data: List = target_config.operations + elif self.target_type.lower() == "wa": + self.data: dict = target_config.data + else: + raise Error("No se ha podido establecer si el objetivo a escanear es una api o un aplicativo web.") + + def process_template_file( + self, + base_folder: str, + dest_folder: str, + template_name: str, + new_template_data: dict, + template_counter: int, + ) -> None: + new_template_name: str = "nuclei_template_" + str(template_counter) + ".yaml" + + template_file_path = os.path.join(base_folder, template_name) + with open(template_file_path, "r") as template_file: # abrir archivo + template_data = self.yaml.load(template_file) + if "http" in template_data: + security_auth = new_template_data.get("operation").get("security_auth") + template_data["http"][0]["method"] = new_template_data["operation"]["method"] + template_data["http"][0]["path"] = [ + "{{BaseURL}}" + new_template_data["operation"]["path"] + ] + auth_type = security_auth.get("type") + if auth_type == "client_secret": + #Any header change + template_data["http"][0]["headers"] = new_template_data["operation"]["headers"] + elif auth_type == "jwt": + jwt = "" + new_template_data["operation"]["headers"]["Authorization"] = get_token() + #jwt header must be added + if "payload" in new_template_data["operation"]: + pass + elif "ssl" in template_data: + pass + elif "dns" in template_data: + pass + + new_template_path = os.path.join(dest_folder, new_template_name) + + with open(new_template_path, "w") as nf: + self.yaml.dump(template_data, nf) + + def process_templates_folder(self, base_folder: str) -> None: + if not os.path.exists(self.custom_templates_dir): + os.makedirs(self.custom_templates_dir) + + if self.target_type.lower() == "api": + t_counter = 0 + for operation in self.data: + for template_name in os.listdir(base_folder): + if template_name.endswith(".yaml"): + self.process_template_file( + base_folder=base_folder, + dest_folder=self.custom_templates_dir, + template_name=template_name, + new_template_data=operation.data, + template_counter=t_counter, + ) + t_counter += 1 + + def customize_templates(self, directory: str) -> None: + if self.target_type.lower() == "api": + self.custom_templates_dir = "customized-nuclei-templates/" + self.process_templates_folder( + base_folder=directory + ) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py new file mode 100644 index 000000000..8ae624561 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py @@ -0,0 +1,38 @@ +from dataclasses import ( + dataclass, +) +from datetime import ( + datetime, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) + + +@dataclass +class NucleiDesealizator: + @classmethod + def get_list_finding( + cls, + results_scan_list: "list[dict]", + ) -> "list[Finding]": + list_open_findings = [] + + if len(results_scan_list) > 0: + for scan in results_scan_list: + finding_open = Finding( + id=scan.get("template-id"), + cvss=scan["info"]["classification"].get("cvss-score"), + where=scan.get("matched-at"), + description=scan["info"].get("description"), + severity=scan["info"].get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + module="engine_dast", + category=Category("vulnerability"), + requirements=scan["info"].get("remediation"), + tool="Nuclei", + ) + list_open_findings.append(finding_open) + + return list_open_findings diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py new file mode 100644 index 000000000..e2449956f --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py @@ -0,0 +1,92 @@ +import os +import subprocess +import json +from devsecops_engine_tools.engine_dast.src.domain.model.config_tool import ( + ConfigTool, +) +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config import ( + NucleiConfig, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_deserealizer import ( + NucleiDesealizator, +) +from devsecops_engine_tools.engine_dast.src.infrastructure.helpers.file_generator_tool import ( + generate_file_from_tool, +) +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import ( + GithubApi +) + + +class NucleiTool(ToolGateway): + + """A class that wraps the nuclei scanner functionality""" + + def __init__(self, target_config=None, data_config_cli=None): + """Initialize the class with the data from the config file and the cli""" + self.target_config = target_config + self.data_config_cli = data_config_cli + self.TOOL: str = "NUCLEI" + self.debug: str = os.environ.get("DEBUG", "false") + + def configurate_external_checks( + self, config_tool: ConfigTool, github_token: str, output_dir: str = "azp/_work/r1/a" + ): + # Create configuration dir external checks + if config_tool.use_external_checks_dir == "True": + github_api = GithubApi(github_token) + github_api.download_latest_release_assets( + config_tool.external_dir_owner, + config_tool.external_dir_repository, + output_dir, + ) + return output_dir + "/http/http-security-headers" + + def execute(self, target_config: NucleiConfig) -> dict: + """Interact with nuclei's core application""" + + command = ( + "nuclei " + + "-duc " # disable automatic update check + + "-u " # target URLs/hosts to scan + + target_config.url + + " -ud " # custom directory to install / update nuclei-templates + + target_config.custom_templates_dir + + " -ni " # disable interactsh server + + "-dc " # disable clustering of requests + + "-je " # file to export results in JSON format + + str(target_config.output_file) + ) + + if command is not None: + result = subprocess.run( + command, + shell=True, + capture_output=True, + ) + error = result.stderr + if (error is not None and error != "") and self.debug == "true": + error = error.strip() + print(f"Error executing nuclei: {error}") + + with open(target_config.output_file, "r") as f: + json_response = json.load(f) + return json_response + + def run_tool(self, target_data, config_tool, secret_tool): + nuclei_config = NucleiConfig(target_data) + #checks_directory = self.configurate_external_checks(config_tool, secret_tool["github_token"]) #DATA PDN + checks_directory = self.configurate_external_checks(config_tool, + github_token=os.getenv('GITHUB_TOKEN'))#BORRAR PDN + nuclei_config.customize_templates(checks_directory) + result_scans = self.execute(nuclei_config) + nuclei_deserealizator = NucleiDesealizator() + findings_list = nuclei_deserealizator.get_list_finding(result_scans) + path_file_results = generate_file_from_tool( + self.TOOL, result_scans, config_tool + ) + + return findings_list, path_file_results diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/__init__.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py new file mode 100644 index 000000000..377ef660c --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py @@ -0,0 +1,111 @@ +import requests +import sys + + +class AzureActiveDirectory: + def __init__(self, data): + self.data: dict = data + self.config = self.process_data(sys.argv[1:]) + + def process_data(self): + client_id = self.data["security_auth"]["client_id"] + client_secret = self.data["security_auth"]["client_secret"] + tenant_id = self.data["security_auth"]["tenant_id"] + username = self.data["security_auth"].get("username") + password = self.data["security_auth"].get("password") + + config = { + "client_id": client_id, + "client_secret": client_secret, + "tenant_id": tenant_id, + "username": username, + "password": password, + } + + return config + + def get_access_token(self): + if self.config["username"] and self.config["password"]: + return self.get_access_token_resource_owner() + else: + return self.get_access_token_client_credentials() + + def get_access_token_client_credentials(self): + """Obtener access token desde microsoft graph.""" + try: + # Verifica que el diccionario de configuración contenga todas las claves necesarias + required_keys = ["client_id", "client_secret", "tenant_id"] + if not all(key in self.config for key in required_keys): + raise ValueError("Falta una o más claves de configuración.") + + tenant_id = self.config["tenant_id"] + data = { + "client_id": self.config["client_id"], + "client_secret": self.config["client_secret"], + "tenant_id": self.config["tenant_id"], + "grant_type": "client_credentials", + "scope": "https://graph.microsoft.com/.default", + } + + url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + headers = { + "Content-Type": "application/x-www-form-urlencoded", + } + response = requests.request( + "POST", url, headers=headers, data=data, timeout=5 + ) + if 200 <= response.status_code < 300: + result = response.json()["access_token"] + return result + else: + print( + "[graph] No se obtuvo el access " + "token Unknown status " + "code {0}: -> {1}".format(response.status_code, response.text) + ) + except (ConnectionError, ValueError, KeyError) as e: + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) + + def get_access_token_resource_owner(self): + """Obtener access token desde microsoft graph.""" + try: + # Verifica que el diccionario de configuración contenga todas las claves necesarias + required_keys = [ + "client_id", + "client_secret", + "tenant_id", + "username", + "password", + ] + if not all(key in self.config for key in required_keys): + raise ValueError("Falta una o más claves de configuración.") + + tenant_id = self.config["tenant_id"] + + url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + data = { + "client_id": self.config["client_id"], + "client_secret": self.config["client_secret"], + "grant_type": "password", + "scope": "https://graph.microsoft.com/.default", + "username": self.config["username"], + "password": self.config["password"], + } + + headers = { + "Content-Type": "application/x-www-form-urlencoded", + } + response = requests.request( + "POST", url, headers=headers, data=data, timeout=5 + ) + if 200 <= response.status_code < 300: + result = response.json()["access_token"] + return result + else: + print( + "[graph] No se obtuvo el access " + "token Unknown status " + "code {0}: -> {1}".format(response.status_code, response.text) + ) + except (ConnectionError, ValueError, KeyError) as e: + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py new file mode 100644 index 000000000..164fe17de --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py @@ -0,0 +1,116 @@ +import requests +from devsecops_engine_tools.engine_dast.src.domain.model.gateways.authentication_method import ( + AuthenticationGateway +) + +class GenericOauth(AuthenticationGateway): + def __init__(self, data): + self.data: dict = data + + def process_data(self): + client_id = self.data["security_auth"]["client_id"] + client_secret = self.data["security_auth"]["client_secret"] + tenant_id = self.data["security_auth"]["tenant_id"] + username = self.data["security_auth"].get("username") + password = self.data["security_auth"].get("password") + + config = { + "client_id": client_id, + "client_secret": client_secret, + "tenant_id": tenant_id, + "username": username, + "password": password, + } + + return config + + def get_access_token(self): + auth_config = self.process_data() + + if auth_config["username"] and auth_config["password"]: + return self.get_access_token_resource_owner() + else: + return self.get_access_token_client_credentials() + + def get_credentials(self): + pass + + def get_access_token_client_credentials(self): + """Obtener access token desde microsoft graph.""" + try: + # Verifica que el diccionario de configuración contenga todas las claves necesarias + required_keys = ["client_id", "client_secret", "tenant_id"] + if not all(key in self.config for key in required_keys): + raise ValueError("Falta una o más claves de configuración.") + + tenant_id = self.config["tenant_id"] + data = { + "client_id": self.config["client_id"], + "client_secret": self.config["client_secret"], + "tenant_id": self.config["tenant_id"], + "grant_type": "client_credentials", + "scope": "https://graph.microsoft.com/.default", + } + + url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + headers = { + "Content-Type": "application/x-www-form-urlencoded", + } + response = requests.request( + "POST", url, headers=headers, data=data, timeout=5 + ) + if 200 <= response.status_code < 300: + result = response.json()["access_token"] + return result + else: + print( + "[graph] No se obtuvo el access " + "token Unknown status " + "code {0}: -> {1}".format(response.status_code, response.text) + ) + except (ConnectionError, ValueError, KeyError) as e: + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) + + def get_access_token_resource_owner(self): + """Obtener access token desde microsoft graph.""" + try: + # Verifica que el diccionario de configuración contenga todas las claves necesarias + required_keys = [ + "client_id", + "client_secret", + "tenant_id", + "username", + "password", + ] + if not all(key in self.config for key in required_keys): + raise ValueError("Falta una o más claves de configuración.") + + tenant_id = self.config["tenant_id"] + + url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + data = { + "client_id": self.config["client_id"], + "client_secret": self.config["client_secret"], + "grant_type": "password", + "scope": "https://graph.microsoft.com/.default", + "username": self.config["username"], + "password": self.config["password"], + } + + headers = { + "Content-Type": "application/x-www-form-urlencoded", + } + response = requests.request( + "POST", url, headers=headers, data=data, timeout=5 + ) + if 200 <= response.status_code < 300: + result = response.json()["access_token"] + return result + else: + print( + "[graph] No se obtuvo el access " + "token Unknown status " + "code {0}: -> {1}".format(response.status_code, response.text) + ) + except (ConnectionError, ValueError, KeyError) as e: + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py new file mode 100644 index 000000000..7118cbc34 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py @@ -0,0 +1,98 @@ +import requests +import argparse +import sys + + +class OauthObject: + def __init__(self, target_config: dict, data_config_cli: dict): + self.target_config = target_config + self.data_config_cli = data_config_cli + + def get_auth_config(self): + config = {"access_token": self.get_access_token()} + return config + + def get_access_token(self): + if self.data_config_cli["username"] and self.data_config_cli["password"]: + return self.get_access_token_resource_owner() + else: + return self.get_access_token_client_credentials() + + def get_access_token_client_credentials(self) -> str: + """""" + try: + # Verifica que el diccionario de configuración contenga todas las claves necesarias + required_keys = ["client_id", "client_secret", "tenant_id"] + if not all(key in self.data_config_cli for key in required_keys): + raise ValueError("Falta una o más claves de configuración para OAUth.") + + tenant_id = self.data_config_cli["tenant_id"] + data = { + "client_id": self.data_config_cli["client_id"], + "client_secret": self.data_config_cli["client_secret"], + "tenant_id": self.data_config_cli["tenant_id"], + "grant_type": "client_credentials", + "scope": self.target_config["security_auth"]["scope"], + } + + url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + headers = { + "Content-Type": "application/x-www-form-urlencoded", + } + response = requests.request( + "POST", url, headers=headers, data=data, timeout=5 + ) + if 200 <= response.status_code < 300: + access_token = response.json()["access_token"] + return access_token + else: + print( + "[graph] No se obtuvo el access " + "token Unknown status " + "code {0}: -> {1}".format(response.status_code, response.text) + ) + except (ConnectionError, ValueError, KeyError) as e: + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) + + def get_access_token_resource_owner(self) -> str: + """Obtener access token desde microsoft graph.""" + try: + # Verifica que el diccionario de configuración contenga todas las claves necesarias + required_keys = [ + "client_id", + "client_secret", + "tenant_id", + "username", + "password", + ] + if not all(key in self.data_config_cli for key in required_keys): + raise ValueError("Falta una o más claves de configuración.") + + tenant_id = self.data_config_cli["tenant_id"] + url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + data = { + "client_id": self.data_config_cli["client_id"], + "client_secret": self.data_config_cli["client_secret"], + "grant_type": "password", + "scope": self.target_config["security_auth"]["scope"], + "username": self.data_config_cli["username"], + "password": self.data_config_cli["password"], + } + + headers = { + "Content-Type": "application/x-www-form-urlencoded", + } + response = requests.request( + "POST", url, headers=headers, data=data, timeout=5 + ) + if 200 <= response.status_code < 300: + access_token = response.json()["access_token"] + return access_token + else: + print( + "[graph] No se obtuvo el access " + "token Unknown status " + "code {0}: -> {1}".format(response.status_code, response.text) + ) + except (ConnectionError, ValueError, KeyError) as e: + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/__init__.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py new file mode 100644 index 000000000..987965b93 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py @@ -0,0 +1,52 @@ +config_exclusions = { + "authorizedDefinitionIds": ["33694"], + "committer": ["svchca04@bancolombia.com.co", "Usuario Devops 04"], + "All": { + "SCA": [ + { + "id": "XRAY-521541", + "where": "all", + "cve_id": "CVE-2023-29405", + "create_date": "10112023", + "expired_date": "18112023", + "severity": "HIGH", + "hu": "4338704", + } + ], + "CHECKOV": [ + { + "id": "CKV2_AWS_123", + "where": "all", + "cve_id": "N.A", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "LOW", + "hu": "4338704", + } + ], + }, + "AW11111111_ProyectoEjemplo": { + "SCA": [ + { + "id": "XRAY-521549", + "where": "test", + "cve_id": "CVE-2023-29405", + "create_date": "10112023", + "expired_date": "18112023", + "severity": "HIGH", + "hu": "4338704", + } + ], + "CHECKOV": [ + { + "id": "CKV2_AWS_124", + "where": "app.yaml", + "cve_id": "N.A", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "LOW", + "hu": "4338704", + } + ], + }, +} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py new file mode 100644 index 000000000..a00bbc4b6 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py @@ -0,0 +1,46 @@ +config_tool_local = { + "NUCLEI": { + "VERSION": "2.3.296", + "SEARCH_PATTERN": ["AW", "NU"], + "IGNORE_SEARCH_PATTERN": [ + "test", + "_ACE", + "_ACE11", + "NU0212001_Security_Services_MR", + ], + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", + "EXTERNAL_GIT_SSH_HOST": "github.com", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "BCSCode", + "EXTERNAL_DIR_REPOSITORY": "DevSecOps_Checks_IaC", + "EXTERNAL_DIR_ASSET_NAME": "rules/kubernetes", + "EXCLUSIONS_PATH": "/SAST/IAC/Exclusions/Exclusions.json", + "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/lanzamiento-csa-analisis-de-seguridad-en-contenedores/6199", + "THRESHOLD": { + "VULNERABILITY": {"Critical": 1, "High": 8, "Medium": 10, "Low": 15}, + "COMPLIANCE": {"Critical": 1}, + }, + "RULES": { + "RULES_DOCKER": { + "CKV_DOCKER_1": { + "checkID": "IAC-CKV-DOCKER-1 Ensure port 22 is not exposed", + "environment": {"dev": True, "pdn": True, "qa": True}, + "guideline": "https://bancolombia.sharepoint.com/:x:/r/teams/SeguridaddeTI-DevSecOps/Documentos%20compartidos/General/Pr%C3%A1cticas%20automatizadas%20de%20seguridad/MegaEngine/analisis%20estatico/Analisis%20est%C3%A1tico%20de%20Infraestructura%20(engine-iac)/Docker_k8s_Rules.xlsx?d=w65b6553bc4574805b31e57f4326d2dc7&csf=1&web=1&e=k0nmNU", + "severity": "Critical", + "cvss": "", + "category": "Vulnerability", + }, + "CKV_DOCKER_3": { + "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + "environment": {"dev": True, "pdn": True, "qa": True}, + "guideline": "https://bancolombia.sharepoint.com/:x:/r/teams/SeguridaddeTI-DevSecOps/Documentos%20compartidos/General/Pr%C3%A1cticas%20automatizadas%20de%20seguridad/MegaEngine/analisis%20estatico/Analisis%20est%C3%A1tico%20de%20Infraestructura%20(engine-iac)/Docker_k8s_Rules.xlsx?d=w65b6553bc4574805b31e57f4326d2dc7&csf=1&web=1&e=k0nmNU", + "severity": "High", + "cvss": "", + "category": "Vulnerability", + }, + } + }, + } +} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py new file mode 100644 index 000000000..c1bb2e16a --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py @@ -0,0 +1,9 @@ +configtools = { + "ENGINE_DAST": { + "ENABLED": "true", + "TOOL": "NUCLEI" + }, + "METRICS_MANAGER": { + "ENABLED": "false" + } +} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py new file mode 100644 index 000000000..b31a2685a --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py @@ -0,0 +1,22 @@ +config_site = """{ + "endpoint": "https://seguros-qa-voluntarios.apps.ambientesbc.com/", + "security_auth": { + "type": "oauth", + "grant_type": "resource_owner", + "scope": "User.Read openid profile offline_access", + "headers": { + "content-type": "application/x-www-form-urlencoded", + "accept": "application/json" + }, + "cookie_session": { + "path": "/savesession", + "method": "post", + "headers": { + "content-type": "application/x-www-form-urlencoded", + "accept": "application/json", + "Authorization": "Bearer access_token" + } + } + } +} +""" diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py new file mode 100644 index 000000000..432d1a835 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py @@ -0,0 +1,20 @@ +# STD libraries + +# 3RD party libraries + +# Local imports +from devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan import ( + DastScan, +) + +def init_engine_dast( + devops_platform_gateway, + tool_gateway, + dict_args, + secret_tool, + config_tool, + extra_tools, + target_data +): + dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools) + return dast_scan.process(dict_args, secret_tool, config_tool) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py new file mode 100644 index 000000000..3af074da3 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py @@ -0,0 +1,71 @@ +import json +import os + + +def generate_file_from_tool(tool, result_list, rules_doc): + if tool.lower() == "nuclei": + try: + result_one: dict = {} + result_two: dict = {} + if len(result_list) > 1: + result_one = result_list[0] + result_two = result_list[1] + file_name = "results.json" + results_data = { + "check_type": "Dockerfile and Kubernetes", + "results": { + "failed_checks": list( + map( + lambda x: update_field( + x, + "severity", + rules_doc[x.get("check_id")].get("severity").lower(), + ), + result_one.get("results", {}).get("failed_checks", []), + ) + ) + + list( + map( + lambda x: update_field( + x, + "severity", + rules_doc[x.get("check_id")].get("severity").lower(), + ), + result_two.get("results", {}).get("failed_checks", []), + ) + ) + }, + "summary": { + "passed": result_one.get("summary", {}).get("passed", 0) + + result_two.get("summary", {}).get("passed", 0), + "failed": result_one.get("summary", {}).get("failed", 0) + + result_two.get("summary", {}).get("failed", 0), + "skipped": result_one.get("summary", {}).get("skipped", 0) + + result_two.get("summary", {}).get("skipped", 0), + "parsing_errors": result_one.get("summary", {}).get( + "parsing_errors", 0 + ) + + result_one.get("summary", {}).get("parsing_errors", 0), + "resource_count": result_one.get("summary", {}).get( + "resource_count", 0 + ) + + result_two.get("summary", {}).get("resource_count", 0), + "checkov_version": result_one.get("summary", {}).get( + "checkov_version", None + ), + }, + } + + with open(file_name, "w") as json_file: + json.dump(results_data, json_file, indent=4) + + absolute_path = os.path.abspath(file_name) + return absolute_path + except KeyError as e: + print(f"Dict KeyError in checks integration: {e}") + except Exception as ex: + print(f"Error during handling checkov json integrator {ex}") + + +def update_field(elem, field, new_value): + return {**elem, field: new_value} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py new file mode 100644 index 000000000..6eaa15448 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py @@ -0,0 +1,17 @@ +import validators + + +def url_validator(url): + """ + Validates if a given URL is valid or not. + + Args: + url (str): The URL to be validated. + + Returns: + bool: True if the URL is valid, False otherwise. + """ + if validators.url(url): + return True + else: + return False From 13dab0a8d4346c2ecd8040079c6b8b7d0c21f131 Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 7 May 2024 17:50:33 -0500 Subject: [PATCH 002/441] integration engine dast --- .gitignore | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 47c202178..b78aa94d2 100644 --- a/.gitignore +++ b/.gitignore @@ -50,4 +50,8 @@ jf.exe target dependencies_to_scan node_modules -DevSecOps_Remote_Config \ No newline at end of file +DevSecOps_Remote_Config +NU0429001_DevSecOps_Remote_Config +/azp +/customized-nuclei-templates +result_dast_scan.json \ No newline at end of file From c79c6f66a1cde319ff604dc84a55ff3191d1568e Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 7 May 2024 17:56:46 -0500 Subject: [PATCH 003/441] integration engine dast --- .gitignore | 4 +- .../engine_core/ConfigTool.json | 48 --------- .../engine_dast/ConfigTool.json | 39 ------- .../engine_dast/Exclusions.json | 31 ------ .../engine_sast/engine_iac/ConfigTool.json | 88 --------------- .../engine_sast/engine_iac/Exclusions.json | 31 ------ .../engine_sast/engine_secret/ConfigTool.json | 22 ---- .../engine_sast/engine_secret/Exclusions.json | 26 ----- .../engine_container/ConfigTool.json | 25 ----- .../engine_container/Exclusions.json | 25 ----- .../engine_dependencies/ConfigTool.json | 22 ---- .../engine_dependencies/Exclusions.json | 14 --- ...er-reference-engine-security-replaced.json | 21 ---- .../tmp/Master-reference-engine-security.json | 21 ---- azp/_work/r1/a/tmp/config-enroll-payment.json | 101 ------------------ azp/_work/r1/a/tmp/debit_card-fares.json | 34 ------ azp/_work/r1/a/tmp/fraud_models.json | 66 ------------ azp/_work/r1/a/tmp/geolocalization.json | 22 ---- azp/test_jwt.py | 66 ------------ .../nuclei_template_0.yaml | 39 ------- .../nuclei_template_1.yaml | 35 ------ .../nuclei_template_10.yaml | 35 ------ .../nuclei_template_11.yaml | 35 ------ .../nuclei_template_12.yaml | 35 ------ .../nuclei_template_13.yaml | 35 ------ .../nuclei_template_14.yaml | 35 ------ .../nuclei_template_15.yaml | 48 --------- .../nuclei_template_2.yaml | 35 ------ .../nuclei_template_3.yaml | 35 ------ .../nuclei_template_4.yaml | 35 ------ .../nuclei_template_5.yaml | 35 ------ .../nuclei_template_6.yaml | 35 ------ .../nuclei_template_7.yaml | 48 --------- .../nuclei_template_8.yaml | 39 ------- .../nuclei_template_9.yaml | 35 ------ 35 files changed, 1 insertion(+), 1299 deletions(-) delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json delete mode 100644 NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json delete mode 100644 azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json delete mode 100644 azp/_work/r1/a/tmp/Master-reference-engine-security.json delete mode 100644 azp/_work/r1/a/tmp/config-enroll-payment.json delete mode 100644 azp/_work/r1/a/tmp/debit_card-fares.json delete mode 100644 azp/_work/r1/a/tmp/fraud_models.json delete mode 100644 azp/_work/r1/a/tmp/geolocalization.json delete mode 100644 azp/test_jwt.py delete mode 100644 customized-nuclei-templates/nuclei_template_0.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_1.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_10.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_11.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_12.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_13.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_14.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_15.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_2.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_3.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_4.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_5.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_6.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_7.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_8.yaml delete mode 100644 customized-nuclei-templates/nuclei_template_9.yaml diff --git a/.gitignore b/.gitignore index b78aa94d2..1b1c65fe6 100644 --- a/.gitignore +++ b/.gitignore @@ -51,7 +51,5 @@ target dependencies_to_scan node_modules DevSecOps_Remote_Config -NU0429001_DevSecOps_Remote_Config -/azp -/customized-nuclei-templates +/azpp result_dast_scan.json \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json deleted file mode 100644 index 634092a5a..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_core/ConfigTool.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "BANNER": "DevSecOps Engine Tools", - "SECRET_MANAGER": { - "AWS": { - "SECRET_NAME": "", - "ROLE_ARN": "", - "REGION_NAME": "" - } - }, - "VULNERABILITY_MANAGER": { - "BRANCH_FILTER": "", - "DEFECT_DOJO": { - "CMDB_MAPPING_PATH": "", - "HOST_CMDB": "", - "HOST_DEFECT_DOJO": "", - "REGEX_EXPRESSION_CMDB": "", - "LIMITS_QUERY": 100 - } - }, - "METRICS_MANAGER": { - "AWS": { - "BUCKET": "", - "ROLE_ARN": "", - "REGION_NAME": "" - } - }, - "ENGINE_IAC": { - "ENABLED": "true", - "TOOL": "CHECKOV" - }, - "ENGINE_CONTAINER": { - "ENABLED": "true", - "TOOL": "PRISMA|SNYK" - }, - "ENGINE_DAST": { - "ENABLED": "true", - "TOOL": "NUCLEI", - "EXTRA_TOOLS": ["JWT"] - }, - "ENGINE_SECRET": { - "ENABLED": "true", - "TOOL": "TRUFFLEHOG" - }, - "ENGINE_DEPENDENCIES": { - "ENABLED": "true", - "TOOL": "XRAY" - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json deleted file mode 100644 index b68cc71f1..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_dast/ConfigTool.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "NUCLEI": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", - "EXTERNAL_GIT_SSH_HOST": "github.com", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=", - "USE_EXTERNAL_CHECKS_DIR": "True", - "EXTERNAL_DIR_OWNER": "russbelln", - "EXTERNAL_DIR_REPOSITORY": "engine-dast-nuclei-templates", - "EXTERNAL_DIR_ASSET_NAME": "rules/engine_dast/nuclei", - "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", - "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/", - "THRESHOLD": { - "VULNERABILITY": {"Critical": 1, "High": 8, "Medium": 10, "Low": 15}, - "COMPLIANCE": {"Critical": 1} - }, - "RULES": { - "RULES_DOCKER": { - "CKV_DOCKER_1": { - "checkID": "ENGINE_JWT_001 Evaluate JSON Web token's algorithm", - "environment": {"dev": "True", "pdn": "True", "qa": "True"}, - "guideline": "https://bancolombia.sharepoint.com/", - "severity": "Critical", - "cvss": "", - "category": "Vulnerability" - }, - "CKV_DOCKER_3": { - "checkID": "ENGINE_JWT_002 Evaluate JSON Web token's algorithm", - "environment": {"dev": "True", "pdn": "True", "qa": "True"}, - "guideline": "https://bancolombia.sharepoint.com/", - "severity": "High", - "cvss": "", - "category": "Vulnerability" - } - } - } - } -} diff --git a/NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json deleted file mode 100644 index 782b421a5..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_dast/Exclusions.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "All": { - "CHECKOV": [ - { - "id": "CKV_K8S_24", - "where": "all", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "HIGH", - "hu": "4338704" - } - ] - }, - "Repository_Test": { - "SKIP_TOOL": { - "create_date": "24012024", - "expired_date": "30012024", - "hu": "3423213" - }, - "CHECKOV": [ - { - "id": "CKV_K8S_8", - "where": "deployment-configmap.yaml", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "HIGH", - "hu": "4338704" - } - ] - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json deleted file mode 100644 index bb8c94e31..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/ConfigTool.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "SEARCH_PATTERN": [ - "ms_" - ], - "IGNORE_SEARCH_PATTERN": [ - "test" - ], - "MESSAGE_INFO_ENGINE_IAC": "message custom", - "EXCLUSIONS_PATH": "/engine_sast/engine_iac/Exclusions.json", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 1, - "High": 8, - "Medium": 10, - "Low": 15 - }, - "COMPLIANCE": { - "Critical": 1 - } - }, - "CHECKOV": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "", - "EXTERNAL_GIT_SSH_HOST": "", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "", - "USE_EXTERNAL_CHECKS_DIR": "False", - "EXTERNAL_DIR_OWNER": "", - "EXTERNAL_DIR_REPOSITORY": "", - "RULES": { - "RULES_DOCKER": { - "CKV_DOCKER_1": { - "checkID": "IAC-CKV-DOCKER-1 Ensure port 22 is not exposed", - "environment": { - "dev": true, - "pdn": true, - "qa": true - }, - "guideline": "guideline", - "severity": "Critical", - "cvss": "", - "category": "Vulnerability" - } - }, - "RULES_K8S": { - "CKV_K8S_16": { - "checkID": "IAC-CKV_K8S_16 Container should not be privileged", - "environment": { - "dev": true, - "pdn": true, - "qa": true - }, - "guideline": "guideline", - "severity": "Critical", - "cvss": "", - "category": "Vulnerability" - }, - "CKV_K8S_21": { - "checkID": "IAC-CKV_K8S_21 The default namespace should not be used", - "environment": { - "dev": true, - "pdn": true, - "qa": true - }, - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance" - } - }, - "RULES_CLOUDFORMATION": { - "CKV_AWS_20": { - "customID": "customID", - "checkID": "AWS S3 buckets are accessible to public", - "environment": { - "dev": true, - "pdn": true, - "qa": true - }, - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Vulnerability" - } - } - } - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json deleted file mode 100644 index 782b421a5..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_iac/Exclusions.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "All": { - "CHECKOV": [ - { - "id": "CKV_K8S_24", - "where": "all", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "HIGH", - "hu": "4338704" - } - ] - }, - "Repository_Test": { - "SKIP_TOOL": { - "create_date": "24012024", - "expired_date": "30012024", - "hu": "3423213" - }, - "CHECKOV": [ - { - "id": "CKV_K8S_8", - "where": "deployment-configmap.yaml", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "HIGH", - "hu": "4338704" - } - ] - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json deleted file mode 100644 index 8767f5e2a..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/ConfigTool.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "IGNORE_SEARCH_PATTERN": [ - "test" - ], - "MESSAGE_INFO_ENGINE_SECRET": "message custom", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 1, - "High": 0, - "Medium": 0, - "Low": 0 - }, - "COMPLIANCE": { - "Critical": 0 - } - }, - "TARGET_BRANCHES": ["trunk", "develop"], - "trufflehog": { - "EXCLUDE_PATH": [".git"], - "NUMBER_THREADS": 4 - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json deleted file mode 100644 index c781a326f..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sast/engine_secret/Exclusions.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "All": { - "TRUFFLEHOG": [ - ] - }, - "Repository_test": { - "TRUFFLEHOG": [ - { - "id": "SECRET_SCANNING", - "where": "azure_api/secretos_azure_api.txt", - "create_date": "30042024", - "expired_date": "undefined", - "hu": "12345", - "reason": "false_positive" - }, - { - "id": "SECRET_SCANNING", - "where": "keys_test.txt", - "create_date": "30042024", - "expired_date": "undefined", - "hu": "12345", - "reason": "false_positive" - } - ] - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json deleted file mode 100644 index 8c0b8779f..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/ConfigTool.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "PRISMA_CLOUD": { - "TWISTCLI_PATH": "twistcli", - "PRISMA_CONSOLE_URL": "", - "PRISMA_ACCESS_KEY": "", - "PRISMA_API_VERSION":"" - }, - "TRIVY": { - "TRIVY_VERSION": "0.48.1" - }, - "MESSAGE_INFO_ENGINE_CONTAINER": "message custom", - "REGEX_EXPRESSION_PROJECTS": "((NU)\\d+)", - "IGNORE_SEARCH_PATTERN":"(.*_demo0|.*_cer)", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 4, - "High": 10, - "Medium": 20, - "Low": 999 - }, - "COMPLIANCE": { - "Critical": 1 - } - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json deleted file mode 100644 index bce186587..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_container/Exclusions.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "All": { - "PRISMA": [ - { - "id": "", - "where": "all", - "create_date": "24012023", - "expired_date": "22092023", - "hu": "345345", - "reason": "False Positive" - } - ] - }, - "Repository_Test": { - "PRISMA": [ - { - "id": "CVE-2023-6237", - "cve_id": "CVE-2023-6237", - "expired_date": "21092024", - "create_date": "24012023", - "hu": "345345" - } - ] - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json deleted file mode 100644 index 134075edb..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/ConfigTool.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "XRAY": { - "CLI_VERSION": "2.52.8" - }, - "IGNORE_ANALYSIS_PATTERN": "(.*_test)", - "BYPASS_ARCHIVE_LIMITS": "(repository)", - "WORK_DIR_DIFFERENT_FLAG": "workdir", - "REGEX_EXPRESSION_EXTENSIONS": "\\.(jar|ear|war)$", - "MESSAGE_INFO_ENGINE_DEPENDENCIES": "message custom", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 3, - "High": 5, - "Medium": 10, - "Low": 15 - }, - "COMPLIANCE": { - "Critical": 1 - }, - "CVE": ["CVE-123123"] - } -} \ No newline at end of file diff --git a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json b/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json deleted file mode 100644 index 02f657713..000000000 --- a/NU0429001_DevSecOps_Remote_Config/engine_sca/engine_dependencies/Exclusions.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "All": { - "XRAY": [ - { - "id": "XRAY-522015", - "cve_id": "CVE-2023-35116", - "where": "all", - "create_date": "19022024", - "expired_date": "undefined", - "hu": "4662904" - } - ] - } -} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json b/azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json deleted file mode 100644 index 859eb25a4..000000000 --- a/azp/_work/r1/a/tmp/Master-reference-engine-security-replaced.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "endpoint": "https://gw-sufi-qa.apps.ambientesbc.lab", - "operations": [ - { - "operation": { - "security_auth": { - "type": "client_secret" - }, - "method": "GET", - "path": "/private-bancolombia/testing/sufi/v2/operations-execution/product-specific/loans-sufi-catalogs/master-reference/MasterCatalogs/profesiones?businessLine=consumo", - "headers": { - "Client-Id": "9a8f346ce3cb89780d04dddf182f3bea", - "Client-Secret": "47928ac67e9481feb2d41b507db8074b", - "Content-Type": "application/vnd.bancolombia.v4+json", - "Ip-Client": "10.10.10.10", - "Consumer-Id": "0" - } - } - } - ] -} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/Master-reference-engine-security.json b/azp/_work/r1/a/tmp/Master-reference-engine-security.json deleted file mode 100644 index 876f038af..000000000 --- a/azp/_work/r1/a/tmp/Master-reference-engine-security.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "endpoint": "#{apiHost}#", - "operations": [ - { - "operation": { - "security_auth": { - "type": "client_secret" - }, - "method": "GET", - "path": "/private-bancolombia/#{apiAmbiente}#/sufi/v2/operations-execution/product-specific/loans-sufi-catalogs/master-reference/MasterCatalogs/profesiones?businessLine=consumo", - "headers": { - "Client-Id": "#{client-id}#", - "Client-Secret": "#{client-secret}#", - "Content-Type": "application/vnd.bancolombia.v4+json", - "Ip-Client": "10.10.10.10", - "Consumer-Id": "0" - } - } - } - ] -} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/config-enroll-payment.json b/azp/_work/r1/a/tmp/config-enroll-payment.json deleted file mode 100644 index 23ad846ea..000000000 --- a/azp/_work/r1/a/tmp/config-enroll-payment.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "endpoint": "https://internal-apigateway-qa.bancolombia.corp", - "operations": [ - { - "operation": { - "headers": { - "accept": "*/*", - "content-type": "application/vnd.bancolombia.v4+json", - "message-id": "419973-fcdf-4b2a-a54a-fe1be7ee3f1ac", - "x-ibm-client-id": "26b971b7-5076-4067-91cf-ba675610f8cb", - "x-ibm-client-secret": "L7fC7pX6tU5yH7wR4cG5jV3oV8pF3rN0sW7lD6mP7pD2rM0kS3" - }, - "method": "POST", - "path": "/int/testing/v1/sales-services/customer/payroll-agreement/list-payroll-agreement-by-Payer", - "payload": { - "data": { - "agreement": { - "payer": { - "identification": { - "number": "2544089", - "type": "TIPDOC_FS001" - } - } - }, - "pagination": { - "key": 1, - "size": 8 - } - } - }, - "security_auth": { - "type": "client_secret" - } - } - }, - { - "operation": { - "headers": { - "accept": "*/*", - "content-type": "application/vnd.bancolombia.v4+json", - "message-id": "419973-fcdf-4b2a-a54a-fe1be7ee3f1ac", - "x-ibm-client-id": "26b971b7-5076-4067-91cf-ba675610f8cb", - "x-ibm-client-secret": "L7fC7pX6tU5yH7wR4cG5jV3oV8pF3rN0sW7lD6mP7pD2rM0kS3" - }, - "method": "POST", - "path": "/int/testing/v1/sales-services/customer/payroll-agreement/list-payroll-agreement-by-Employer", - "payload": { - "data": { - "agreement": { - "employer": { - "identification": { - "number": "3250869", - "type": "TIPDOC_FS001" - } - } - }, - "pagination": { - "key": 1, - "size": 3 - } - } - }, - "security_auth": { - "type": "client_secret" - } - } - }, - { - "operation": { - "headers": { - "accept": "*/*", - "content-type": "application/vnd.bancolombia.v4+json", - "message-id": "419973-fcdf-4b2a-a54a-fe1be7ee3f1ac", - "x-ibm-client-id": "26b971b7-5076-4067-91cf-ba675610f8cb", - "x-ibm-client-secret": "L7fC7pX6tU5yH7wR4cG5jV3oV8pF3rN0sW7lD6mP7pD2rM0kS3" - }, - "method": "POST", - "path": "/int/testing/v1/sales-services/customer/payroll-agreement/list-payroll-agreement-by-Beneficiary", - "payload": { - "data": { - "agreement": { - "beneficiary": { - "identification": { - "number": "96112014052", - "type": "TIPDOC_FS001" - } - } - }, - "pagination": { - "key": 1, - "size": 3 - } - } - }, - "security_auth": { - "type": "client_secret" - } - } - } - ] -} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/debit_card-fares.json b/azp/_work/r1/a/tmp/debit_card-fares.json deleted file mode 100644 index e813c282a..000000000 --- a/azp/_work/r1/a/tmp/debit_card-fares.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "endpoint": "https://gw-medios-de-pago.apps.ocpqa.ambientesbc.lab", - "operations": [ - { - "operation": { - "headers": { - "accept": "application/json", - "client-id": "31444ca0488311e1cc6ad299625ddce7", - "client-secret": "04f178d6267b13c5c86d5c9aef909279", - "content-type": "application/json", - "json-web-token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJQUk9EVUNUT1JDT05TVU1JRE9SIiwic3VtIjoiMzE0NDRjYTA0ODgzMTFlMWNjNmFkMjk5NjI1ZGRjZTciLCJhdWQiOiJBUElHYXRld2F5X0xBTiIsImV4cCI6MTY1ODQ5NTA1NS4zMTgsImlhdCI6MTY1ODQwOTA1NS4zMTgsIm5vbmNlIjoiM2Q0M2I4Njk4MzFiIn0.U9VmIsgt-IZDaxuxu18FXa46jPLFG5p-KseBSiM2ge4zLjTncyyuAsEXhffni3vlqx79MMuxtk_4UoEvukVlaeRD3SLE6nEqKNwmwtM87oAWJvwOM_QL0Vn_OjsFpSOTtLn4_S9OBRjqFKosfFHLKFFctGVGMMwvlr1fJvFxcoXm2ZetHPPkTMZGrDgAGWYRbctaOQK8gzrSBiQNvSnyh_qAVOHBklB8Mc5L7DunkBUqTp3nk8kU2UrKK0bjABulqDibao38oWlzkufm8jkPPMg6cgcJe2B6Xe1lLYlLtUQrUbrR9Q3Yg-k4KmfUBNBmDeEResXFw6iu7zRkdZ7J_g", - "message-id": "MessageIdTests1209125", - "userId": "SVP", - "x-client-certificate": "-----BEGIN CERTIFICATE-----MIIENzCCAx+gAwIBAgIUZ+AmU84MboHHd0daiHtk3M9LocEwDQYJKoZIhvcNAQELBQAwgaoxCzAJBgNVBAYTAkNPMRIwEAYDVQQIDAlBTlRJT1FVSUExETAPBgNVBAcMCE1FREVMTElOMRkwFwYDVQQKDBBCQU5DT0xPTUJJQSBTLkEuMSYwJAYDVQQLDB1WSUNFUFJFU0lERU5DSUEgREUgVEVDTk9MT0dJQTExMC8GA1UEAwwoUFJPRFVDVE9SQ09OU1VNSURPUi5hcHBzLmFtYmllbnRlc2JjLmNvbTAeFw0yMjA3MDgxNDA2MTBaFw0yMzA3MDgxNDA2MTBaMIGqMQswCQYDVQQGEwJDTzESMBAGA1UECAwJQU5USU9RVUlBMREwDwYDVQQHDAhNRURFTExJTjEZMBcGA1UECgwQQkFOQ09MT01CSUEgUy5BLjEmMCQGA1UECwwdVklDRVBSRVNJREVOQ0lBIERFIFRFQ05PTE9HSUExMTAvBgNVBAMMKFBST0RVQ1RPUkNPTlNVTUlET1IuYXBwcy5hbWJpZW50ZXNiYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgHJtDs7+IKQ12WUSDYUUxZjy4PefSB46tHlfyK5G/x71sHwt9wiIcsGAI5ocZ9QHnrew2iWqmbOVGkTfXosqAIaNDIjznUrjAi4RBTZVts3UDHm0yHXM2vUIsNvkjNrV0mLm0HdX/OSHVgiKvyKbO9AOYoZDSqz9rh3klPk3c1kqhn5CGJypxZwCgUSoWIw8xdoSPnA7UMNGH2SqHSDPDx+SX7WM8VAyS2S67W9k0rJUiUXwE4utCChwzEE2vDw93+k4Gx2q95A7XdhYICCennoj9fo9ws+ykrUx7Jy6Zpt4sWucIbI/IrJvyLOfc4OK4IQMHcnSEsSWXEps2b50HAgMBAAGjUzBRMB0GA1UdDgQWBBQk1R4aAntntytjglvpGA3kzpI9LTAfBgNVHSMEGDAWgBQk1R4aAntntytjglvpGA3kzpI9LTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBagF0sOomIWIamK6pD0WidPz/522GoS0ZtHwp0qvgdBsGaR9rrX3k7trIvonaQCgjzbxJKbZ8oN/9zlMBtgtQIwPEOEP0hHXaLYaVsJ4ExW1A2NoCYqjx23xFAwOGW13CFdd0piUH4ZfMJGsS7FqZh7knGl8odCKwgBUdxDbqvsJA5dUCDuwCzU6MO9SOEg6bVbkQkZIlnxt+6qAVYZU6uctMJLHBitqb94kFHyrXa9FfaSPySqKSQVcjAnhUPOq3iKgZ7dh16ohK+6NBun+OWxGwCCqMqSXt472cqW82+tzqfUmx4VqT0lVZS4yUOp21rP6pthciYXG2UNM9gLeCR-----END CERTIFICATE-----" - }, - "method": "POST", - "path": "/private-bancolombia/testing/v1/reference-data/product-management/debit-card-design/customer/debit-cards/handlingfee/retrieve", - "payload": { - "data": { - "customerCard": { - "number": "6016607120514899" - }, - "user": { - "id": "BROKE" - } - } - }, - "security_auth": { - "type": "none" - } - } - } - ] -} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/fraud_models.json b/azp/_work/r1/a/tmp/fraud_models.json deleted file mode 100644 index f3c4c14a2..000000000 --- a/azp/_work/r1/a/tmp/fraud_models.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "endpoint": "https://gw-monitoreo-qa.apps.ambientesbc.lab", - "operations": [ - { - "operation": { - "headers": { - "accept": "application/vnd.bancolombia.v4+json", - "client-id": "1c397a732e5763619a45d3ffb117f01e", - "client-secret": "6b8fb3748f756daffb6d5e421d311bbe", - "content-type": "application/vnd.bancolombia.v4+json", - "messageid": "c4e6bd04-5149-11e7-b114-b2f933d5fe66" - }, - "method": "POST", - "path": "/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation", - "payload": { - "data": { - "employee": { - "user": "" - }, - "identification": { - "number": "18052405551", - "type": "TIPDOC_FS001" - } - } - }, - "security_auth": { - "type": "client_secret" - } - } - }, - { - "operation": { - "headers": { - "accept": "application/vnd.bancolombia.v4+json", - "client-id": "1c397a732e5763619a45d3ffb117f01e", - "client-secret": "6b8fb3748f756daffb6d5e421d311bbe", - "content-type": "application/vnd.bancolombia.v4+json", - "messageid": "c4e6bd04-5149-11e7-b114-b2f933d5fe66" - }, - "method": "POST", - "path": "/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement", - "payload": { - "data": { - "contactData": [ - { - "dialContact": "efectivo", - "email": "pepito@correo.com", - "phone": "3229750374" - } - ], - "employee": { - "user": "" - }, - "identification": { - "number": "18052405551", - "type": "TIPDOC_FS001" - } - } - }, - "security_auth": { - "type": "client_secret" - } - } - } - ] -} \ No newline at end of file diff --git a/azp/_work/r1/a/tmp/geolocalization.json b/azp/_work/r1/a/tmp/geolocalization.json deleted file mode 100644 index c27b7557b..000000000 --- a/azp/_work/r1/a/tmp/geolocalization.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "endpoint": "https://api.us.apiconnect.ibmcloud.com", - "operations": [ - { - "operation": { - "headers": { - "accept": "application/json" - }, - "method": "GET", - "parm": { - "latitude": "6.227002", - "longitude": "-75.575427" - }, - "path": "/bancolombiabluemix-dev/development/tec/v2/sales-service/cross-channel/service-points/atms?", - "security_auth": { - "type": "client_secret" - } - } - } - ], - "rate_limit": "30" -} \ No newline at end of file diff --git a/azp/test_jwt.py b/azp/test_jwt.py deleted file mode 100644 index e2dc8f4af..000000000 --- a/azp/test_jwt.py +++ /dev/null @@ -1,66 +0,0 @@ -# jwt_token.py -from authlib.jose import jwt -from dataclasses import dataclass -from tools.devsecops_engine_tools.engine_dast.src.domain.model.gateways.token_technology import ( - Token, -) -import time -import secrets - - -class JwtObject: - def init_header(self): - self.header = {"alg": self.algorithm} - - def init_payload(self): - self.payload = { - "iss": self.iss, - "sum": self.sum, - "aud": self.aud, - "exp": self.exp, - "iat": self.iat, - "nonce": self.nonce, - } - return self.payload - - def generate_token(self): - self.private_key = ( - self.private_key.replace(" ", "\n") - .replace("-----BEGIN\nPRIVATE\nKEY-----", "-----BEGIN PRIVATE KEY-----") - .replace("-----END\nPRIVATE\nKEY-----", "-----END PRIVATE KEY-----") - ) - self.jwt_token = jwt.encode(self.header, self.payload, self.private_key).decode( - "utf-8" - ) - return self.jwt_token - - def __init__(self, private_key, algorithm, iss, check_sum, aud, header_name): - self.private_key = private_key - self.algorithm = algorithm - self.iss = iss - self.sum = check_sum - self.aud = aud - self.iat = time.time() - self.exp = self.iat + 60 * 60 - self.nonce = secrets.token_hex(10) - self.payload = None - self.header = None - self.jwt_token = None - self.header_name = header_name - -if __name__ == "__main__": - private_key = "" - algorithm = "RS256" - iss = "PRODUCTORCONSUMIDOR" - check_sum = "5d09e768-4bbc-4614-9b30-d9abfcb663a7" - aud = "APIGateway_LAN" - payload = "" - header = "" - header_name = "json-web-token" - - jwt_object = JwtObject(private_key, algorithm, iss, check_sum, aud, header_name) - jwt_object.init_header() - jwt_object.init_payload() - print(jwt_object.generate_token()) -# https://dev.azure.com/PNFEngineTest/Pruebas_PNF_Engine/_releaseProgress?releaseId=437&environmentId=1175&_a=release-environment-variables -# sacar variable jwt_private_key del pipeline y poner en la variable local private_key situada arriba diff --git a/customized-nuclei-templates/nuclei_template_0.yaml b/customized-nuclei-templates/nuclei_template_0.yaml deleted file mode 100644 index 29dc75d5c..000000000 --- a/customized-nuclei-templates/nuclei_template_0.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: content-security-policy-header - -info: - name: Content Security Policy - author: devsecops - severity: low - description: | - The application has unnsafe configurations regarding the Content-Security-Policy header. This may be because: - - - Header is missing from server responses. - - The header has not defined mandatory security policies. - - Defined security policies contain insecure values. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C - cvss-score: 3.8 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: content-security-policy - dsl: - - "!regex('(?i)content-security-policy', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_1.yaml b/customized-nuclei-templates/nuclei_template_1.yaml deleted file mode 100644 index ad0891bd8..000000000 --- a/customized-nuclei-templates/nuclei_template_1.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: permissions-policy-header - -info: - name: Permissions Policy - author: devsecops - severity: low - description: | - This template checks if the target website has a Permissions-Policy header, which allows or denies the use of browser features in a document or within any iframe elements in the document. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C - cvss-score: 2.7 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)permissions-policy', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_10.yaml b/customized-nuclei-templates/nuclei_template_10.yaml deleted file mode 100644 index 4812b561d..000000000 --- a/customized-nuclei-templates/nuclei_template_10.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: referrer-policy-header - -info: - name: Content Security Policy - author: devsecops - severity: low - description: | - The server lacks the HTTP Referrer-Policy header. Alternatively, its configuration is insecure. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C - cvss-score: 1.8 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: referrer-policy - dsl: - - "!regex('(?i)referrer-policy', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_11.yaml b/customized-nuclei-templates/nuclei_template_11.yaml deleted file mode 100644 index 2d09694d1..000000000 --- a/customized-nuclei-templates/nuclei_template_11.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: strict-transport-security-header - -info: - name: Strict Transport Security Headers - author: devsecops - severity: low - description: | - The server lacks the HTTP Strict-Transport-Security header. Alternatively, the max-age value of it is too small. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C - cvss-score: 3.2 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)strict-transport-security', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_12.yaml b/customized-nuclei-templates/nuclei_template_12.yaml deleted file mode 100644 index 7a27c89ff..000000000 --- a/customized-nuclei-templates/nuclei_template_12.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: x-content-type-options-header - -info: - name: X Content Type Options Header - author: devsecops - severity: medium - description: | - The server lacks the HTTP X-Content-Type-Options header. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C - cvss-score: 4.3 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)x-content-type-options', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_13.yaml b/customized-nuclei-templates/nuclei_template_13.yaml deleted file mode 100644 index 94eaa3088..000000000 --- a/customized-nuclei-templates/nuclei_template_13.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: x-frame-options-header - -info: - name: X Frame Options Header - author: devsecops - severity: low - description: | - The application uses the X-Frame Options header as the only protection measure against clickjacking attacks. This header is considered obsolete, because its protection can be bypassed using multiple-layer iframes. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C - cvss-score: 3.0 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: x-frame-options - dsl: - - "!regex('(?i)x-frame-options', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_14.yaml b/customized-nuclei-templates/nuclei_template_14.yaml deleted file mode 100644 index b77bc928d..000000000 --- a/customized-nuclei-templates/nuclei_template_14.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: x-permitted-cross-domain-policies-header - -info: - name: X Permitted Cross Domain Policies Header - author: devsecops - severity: low - description: | - The application does not define the security header X-Permitted-Cross-Domain-Policies, or it has it set to an insecure value. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C - cvss-score: 3.6 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)x-permitted-cross-domain-policies', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_15.yaml b/customized-nuclei-templates/nuclei_template_15.yaml deleted file mode 100644 index f14940390..000000000 --- a/customized-nuclei-templates/nuclei_template_15.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: xss-deprecated-header - -info: - name: XSS-Protection Header - Cross-Site Scripting - author: devsecops - severity: medium - description: Setting the XSS-Protection header is deprecated. Setting the header - to anything other than `0` can actually introduce an XSS vulnerability. - reference: - - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection - - https://owasp.org/www-project-secure-headers/#x-xss-protection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C - cvss-score: 4.0 - metadata: - max-request: 1 - tags: xss,misconfig,generic - -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - matchers-condition: and - matchers: - - type: regex - part: header - regex: - - '(?i)x-xss-protection: 0' - negative: true - - - type: regex - part: header - regex: - - '(?i)x-xss-protection: 1+' - - extractors: - - type: kval - part: header - kval: - - x_xss_protection - -# digest: 4b0a00483046022100bf9a6e90e4d3004caff9982d22093726978d7b063269b438ab75ea2bcba15a19022100ce53a1ef6ffb2b220c86574ebc654c0d0b2ca16c42cc940cef32e369f5f5ef07:922c64590222798bb761d5b6d8e72950 - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_2.yaml b/customized-nuclei-templates/nuclei_template_2.yaml deleted file mode 100644 index 67dd8a1b4..000000000 --- a/customized-nuclei-templates/nuclei_template_2.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: referrer-policy-header - -info: - name: Content Security Policy - author: devsecops - severity: low - description: | - The server lacks the HTTP Referrer-Policy header. Alternatively, its configuration is insecure. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C - cvss-score: 1.8 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: referrer-policy - dsl: - - "!regex('(?i)referrer-policy', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_3.yaml b/customized-nuclei-templates/nuclei_template_3.yaml deleted file mode 100644 index 7561808c6..000000000 --- a/customized-nuclei-templates/nuclei_template_3.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: strict-transport-security-header - -info: - name: Strict Transport Security Headers - author: devsecops - severity: low - description: | - The server lacks the HTTP Strict-Transport-Security header. Alternatively, the max-age value of it is too small. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C - cvss-score: 3.2 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)strict-transport-security', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_4.yaml b/customized-nuclei-templates/nuclei_template_4.yaml deleted file mode 100644 index de3280a13..000000000 --- a/customized-nuclei-templates/nuclei_template_4.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: x-content-type-options-header - -info: - name: X Content Type Options Header - author: devsecops - severity: medium - description: | - The server lacks the HTTP X-Content-Type-Options header. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C - cvss-score: 4.3 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)x-content-type-options', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_5.yaml b/customized-nuclei-templates/nuclei_template_5.yaml deleted file mode 100644 index 5b1fdeb35..000000000 --- a/customized-nuclei-templates/nuclei_template_5.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: x-frame-options-header - -info: - name: X Frame Options Header - author: devsecops - severity: low - description: | - The application uses the X-Frame Options header as the only protection measure against clickjacking attacks. This header is considered obsolete, because its protection can be bypassed using multiple-layer iframes. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C - cvss-score: 3.0 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: x-frame-options - dsl: - - "!regex('(?i)x-frame-options', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_6.yaml b/customized-nuclei-templates/nuclei_template_6.yaml deleted file mode 100644 index 6391b06ef..000000000 --- a/customized-nuclei-templates/nuclei_template_6.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: x-permitted-cross-domain-policies-header - -info: - name: X Permitted Cross Domain Policies Header - author: devsecops - severity: low - description: | - The application does not define the security header X-Permitted-Cross-Domain-Policies, or it has it set to an insecure value. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C - cvss-score: 3.6 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)x-permitted-cross-domain-policies', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_7.yaml b/customized-nuclei-templates/nuclei_template_7.yaml deleted file mode 100644 index 5262b7f98..000000000 --- a/customized-nuclei-templates/nuclei_template_7.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: xss-deprecated-header - -info: - name: XSS-Protection Header - Cross-Site Scripting - author: devsecops - severity: medium - description: Setting the XSS-Protection header is deprecated. Setting the header - to anything other than `0` can actually introduce an XSS vulnerability. - reference: - - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection - - https://owasp.org/www-project-secure-headers/#x-xss-protection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C - cvss-score: 4.0 - metadata: - max-request: 1 - tags: xss,misconfig,generic - -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerInformation' - matchers-condition: and - matchers: - - type: regex - part: header - regex: - - '(?i)x-xss-protection: 0' - negative: true - - - type: regex - part: header - regex: - - '(?i)x-xss-protection: 1+' - - extractors: - - type: kval - part: header - kval: - - x_xss_protection - -# digest: 4b0a00483046022100bf9a6e90e4d3004caff9982d22093726978d7b063269b438ab75ea2bcba15a19022100ce53a1ef6ffb2b220c86574ebc654c0d0b2ca16c42cc940cef32e369f5f5ef07:922c64590222798bb761d5b6d8e72950 - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_8.yaml b/customized-nuclei-templates/nuclei_template_8.yaml deleted file mode 100644 index 921ff0273..000000000 --- a/customized-nuclei-templates/nuclei_template_8.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: content-security-policy-header - -info: - name: Content Security Policy - author: devsecops - severity: low - description: | - The application has unnsafe configurations regarding the Content-Security-Policy header. This may be because: - - - Header is missing from server responses. - - The header has not defined mandatory security policies. - - Defined security policies contain insecure values. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C - cvss-score: 3.8 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: content-security-policy - dsl: - - "!regex('(?i)content-security-policy', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 diff --git a/customized-nuclei-templates/nuclei_template_9.yaml b/customized-nuclei-templates/nuclei_template_9.yaml deleted file mode 100644 index 51d2fa89f..000000000 --- a/customized-nuclei-templates/nuclei_template_9.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: permissions-policy-header - -info: - name: Permissions Policy - author: devsecops - severity: low - description: | - This template checks if the target website has a Permissions-Policy header, which allows or denies the use of browser features in a document or within any iframe elements in the document. - metadata: - max-request: 1 - tags: misconfig,headers,generic - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C - cvss-score: 2.7 -http: -- method: POST - path: - - '{{BaseURL}}/private-bancolombia/testing/v1/operations/risk-compliance/models/fraud-models/CustomerContactManagement' - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - name: missing-header - dsl: - - "!regex('(?i)permissions-policy', header)" - - status_code != 301 && status_code != 302 - condition: and - headers: - accept: application/vnd.bancolombia.v4+json - client-id: 1c397a732e5763619a45d3ffb117f01e - client-secret: 6b8fb3748f756daffb6d5e421d311bbe - content-type: application/vnd.bancolombia.v4+json - messageid: c4e6bd04-5149-11e7-b114-b2f933d5fe66 From b33150121b111aef3e735a91bf801bc6e5e1a406 Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 7 May 2024 17:59:49 -0500 Subject: [PATCH 004/441] delete lcoal config files --- .../entry_points/config_dast/__init__.py | 0 .../config_dast/config_exclusions.py | 52 ------------------- .../entry_points/config_dast/config_tool.py | 46 ---------------- .../entry_points/config_dast/config_tools.py | 9 ---- .../entry_points/config_dast/example1.py | 22 -------- 5 files changed, 129 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/__init__.py delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/__init__.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py deleted file mode 100644 index 987965b93..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_exclusions.py +++ /dev/null @@ -1,52 +0,0 @@ -config_exclusions = { - "authorizedDefinitionIds": ["33694"], - "committer": ["svchca04@bancolombia.com.co", "Usuario Devops 04"], - "All": { - "SCA": [ - { - "id": "XRAY-521541", - "where": "all", - "cve_id": "CVE-2023-29405", - "create_date": "10112023", - "expired_date": "18112023", - "severity": "HIGH", - "hu": "4338704", - } - ], - "CHECKOV": [ - { - "id": "CKV2_AWS_123", - "where": "all", - "cve_id": "N.A", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "LOW", - "hu": "4338704", - } - ], - }, - "AW11111111_ProyectoEjemplo": { - "SCA": [ - { - "id": "XRAY-521549", - "where": "test", - "cve_id": "CVE-2023-29405", - "create_date": "10112023", - "expired_date": "18112023", - "severity": "HIGH", - "hu": "4338704", - } - ], - "CHECKOV": [ - { - "id": "CKV2_AWS_124", - "where": "app.yaml", - "cve_id": "N.A", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "LOW", - "hu": "4338704", - } - ], - }, -} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py deleted file mode 100644 index a00bbc4b6..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tool.py +++ /dev/null @@ -1,46 +0,0 @@ -config_tool_local = { - "NUCLEI": { - "VERSION": "2.3.296", - "SEARCH_PATTERN": ["AW", "NU"], - "IGNORE_SEARCH_PATTERN": [ - "test", - "_ACE", - "_ACE11", - "NU0212001_Security_Services_MR", - ], - "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", - "EXTERNAL_GIT_SSH_HOST": "github.com", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=", - "USE_EXTERNAL_CHECKS_DIR": "True", - "EXTERNAL_DIR_OWNER": "BCSCode", - "EXTERNAL_DIR_REPOSITORY": "DevSecOps_Checks_IaC", - "EXTERNAL_DIR_ASSET_NAME": "rules/kubernetes", - "EXCLUSIONS_PATH": "/SAST/IAC/Exclusions/Exclusions.json", - "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/lanzamiento-csa-analisis-de-seguridad-en-contenedores/6199", - "THRESHOLD": { - "VULNERABILITY": {"Critical": 1, "High": 8, "Medium": 10, "Low": 15}, - "COMPLIANCE": {"Critical": 1}, - }, - "RULES": { - "RULES_DOCKER": { - "CKV_DOCKER_1": { - "checkID": "IAC-CKV-DOCKER-1 Ensure port 22 is not exposed", - "environment": {"dev": True, "pdn": True, "qa": True}, - "guideline": "https://bancolombia.sharepoint.com/:x:/r/teams/SeguridaddeTI-DevSecOps/Documentos%20compartidos/General/Pr%C3%A1cticas%20automatizadas%20de%20seguridad/MegaEngine/analisis%20estatico/Analisis%20est%C3%A1tico%20de%20Infraestructura%20(engine-iac)/Docker_k8s_Rules.xlsx?d=w65b6553bc4574805b31e57f4326d2dc7&csf=1&web=1&e=k0nmNU", - "severity": "Critical", - "cvss": "", - "category": "Vulnerability", - }, - "CKV_DOCKER_3": { - "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - "environment": {"dev": True, "pdn": True, "qa": True}, - "guideline": "https://bancolombia.sharepoint.com/:x:/r/teams/SeguridaddeTI-DevSecOps/Documentos%20compartidos/General/Pr%C3%A1cticas%20automatizadas%20de%20seguridad/MegaEngine/analisis%20estatico/Analisis%20est%C3%A1tico%20de%20Infraestructura%20(engine-iac)/Docker_k8s_Rules.xlsx?d=w65b6553bc4574805b31e57f4326d2dc7&csf=1&web=1&e=k0nmNU", - "severity": "High", - "cvss": "", - "category": "Vulnerability", - }, - } - }, - } -} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py deleted file mode 100644 index c1bb2e16a..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/config_tools.py +++ /dev/null @@ -1,9 +0,0 @@ -configtools = { - "ENGINE_DAST": { - "ENABLED": "true", - "TOOL": "NUCLEI" - }, - "METRICS_MANAGER": { - "ENABLED": "false" - } -} diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py deleted file mode 100644 index b31a2685a..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/config_dast/example1.py +++ /dev/null @@ -1,22 +0,0 @@ -config_site = """{ - "endpoint": "https://seguros-qa-voluntarios.apps.ambientesbc.com/", - "security_auth": { - "type": "oauth", - "grant_type": "resource_owner", - "scope": "User.Read openid profile offline_access", - "headers": { - "content-type": "application/x-www-form-urlencoded", - "accept": "application/json" - }, - "cookie_session": { - "path": "/savesession", - "method": "post", - "headers": { - "content-type": "application/x-www-form-urlencoded", - "accept": "application/json", - "Authorization": "Bearer access_token" - } - } - } -} -""" From 31e13741a06ed5f277003836a63c5b02aa5ba1dc Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 17 May 2024 09:48:29 -0500 Subject: [PATCH 005/441] pull new changes engine risk --- .gitignore | 5 ++-- .../src/applications/runner_dast_scan.py | 7 +++--- .../src/domain/model/api_operation.py | 8 +++---- .../model/gateways/authentication_method.py | 2 +- .../src/domain/usecases/dast_scan.py | 6 ----- .../http/client/auth_client.py | 4 ++-- .../driven_adapters/jwt/jwt_object.py | 23 +++++++++++-------- .../driven_adapters/nuclei/nuclei_config.py | 17 ++++---------- .../driven_adapters/oauth/generic_oauth.py | 2 +- 9 files changed, 33 insertions(+), 41 deletions(-) diff --git a/.gitignore b/.gitignore index 1b1c65fe6..e9417e415 100644 --- a/.gitignore +++ b/.gitignore @@ -51,5 +51,6 @@ target dependencies_to_scan node_modules DevSecOps_Remote_Config -/azpp -result_dast_scan.json \ No newline at end of file +/azp +result_dast_scan.json +/customized-nuclei-templates \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index 9c1f28024..b5e792dde 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -18,7 +18,6 @@ from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.http.client.auth_client import ( AuthClientCredential, ) - from devsecops_engine_tools.engine_dast.src.domain.model.api_config import ( ApiConfig ) @@ -85,10 +84,10 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): tool_gateway=tool_run, dict_args=dict_args, secret_tool=secret_tool, - config_tool=config_tool, #the name of the tool + config_tool=config_tool, extra_tools=extra_tools, target_data=target_config ) - except Exception as e: - raise Exception(f"Error engine dast : {str(e)}") \ No newline at end of file + except KeyError as e: + raise KeyError(f"Error accessing the key in runner engine dast: {str(e)}") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py index 79d030129..41bd63e1b 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py @@ -1,10 +1,10 @@ - class ApiOperation(): def __init__(self, operation, authentication_gateway): self.authentication_gateway = authentication_gateway self.data = operation - self.token = None + self.credentials = ("auth_header", "token") def authenticate(self): - self.token = self.authentication_gateway.get_credentials() - return self.token + self.credentials = self.authentication_gateway.get_credentials() + if self.credentials is not None: + self.data["headers"][self.credentials[0]] = self.credentials[1] diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py index 825200c84..3c9cbb32e 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/authentication_method.py @@ -3,5 +3,5 @@ class AuthenticationGateway(metaclass=ABCMeta): @abstractmethod - def get_credentials(self, target_data) -> dict: + def get_credentials(self) -> dict: "get_credentials" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py index 874ed1ec0..ff7e93560 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py @@ -7,12 +7,6 @@ from devsecops_engine_tools.engine_dast.src.domain.model.gateways.devops_platform_gateway import ( DevopsPlatformGateway, ) -from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.config_dast.config_tool import ( - config_tool_local, -) -from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.config_dast.config_exclusions import ( - config_exclusions, -) from devsecops_engine_tools.engine_core.src.domain.model.input_core import ( InputCore, ) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py index 459b2aef0..857eba08a 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/http/client/auth_client.py @@ -8,5 +8,5 @@ def __init__(self, security_auth: dict): self.client_id: str = security_auth.get("client_id") self.client_secrets: str = security_auth.get("client_secret") - def get_credentials(self, target_data) -> dict: - return super().get_credentials(target_data) \ No newline at end of file + def get_credentials(self): + return None \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py index 18c49c7cb..d787c5d27 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py @@ -1,10 +1,15 @@ -from authlib.jose import jwt +from time import ( + time +) +from secrets import ( + token_hex +) +from authlib.jose import ( + jwt +) from devsecops_engine_tools.engine_dast.src.domain.model.gateways.authentication_method import ( AuthenticationGateway, ) -import time -import secrets - class JwtObject(AuthenticationGateway): def __init__(self, security_auth: dict): @@ -13,12 +18,12 @@ def __init__(self, security_auth: dict): self.iss: str = security_auth.get("jwt_iss") self.sum: str = security_auth.get("jwt_sum") self.aud: str = security_auth.get("jwt_aud") - self.iat: float = time.time() + self.iat: float = time() self.exp: float = self.iat + 60 * 60 - self.nonce = secrets.token_hex(10) + self.nonce = token_hex(10) self.payload: dict = {} self.header: dict = {} - self.jwt_token: str = None + self.jwt_token: str = "" self.header_name: str = security_auth.get("jwt_header_name") def init_header(self) -> None: @@ -35,7 +40,7 @@ def init_payload(self) -> dict: } return self.payload - def get_credentials(self) -> str: + def get_credentials(self) -> tuple: self.private_key = ( self.private_key.replace(" ", "\n") .replace("-----BEGIN\nPRIVATE\nKEY-----", "-----BEGIN PRIVATE KEY-----") @@ -44,4 +49,4 @@ def get_credentials(self) -> str: self.jwt_token = jwt.encode(self.header, self.payload, self.private_key).decode( "utf-8" ) - return self.jwt_token + return self.header_name, self.jwt_token \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py index a74f54d13..2bb4cb589 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py @@ -2,6 +2,7 @@ import os from uu import Error from ruamel.yaml import YAML +from json import dumps as json_dumps class NucleiConfig: @@ -32,25 +33,16 @@ def process_template_file( with open(template_file_path, "r") as template_file: # abrir archivo template_data = self.yaml.load(template_file) if "http" in template_data: - security_auth = new_template_data.get("operation").get("security_auth") template_data["http"][0]["method"] = new_template_data["operation"]["method"] template_data["http"][0]["path"] = [ "{{BaseURL}}" + new_template_data["operation"]["path"] ] - auth_type = security_auth.get("type") - if auth_type == "client_secret": - #Any header change - template_data["http"][0]["headers"] = new_template_data["operation"]["headers"] - elif auth_type == "jwt": - jwt = "" - new_template_data["operation"]["headers"]["Authorization"] = get_token() - #jwt header must be added + template_data["http"][0]["headers"] = new_template_data["operation"]["headers"] if "payload" in new_template_data["operation"]: - pass + body = json_dumps(new_template_data["operation"]["payload"]) + template_data["http"][0]["body"] = body elif "ssl" in template_data: pass - elif "dns" in template_data: - pass new_template_path = os.path.join(dest_folder, new_template_name) @@ -64,6 +56,7 @@ def process_templates_folder(self, base_folder: str) -> None: if self.target_type.lower() == "api": t_counter = 0 for operation in self.data: + operation.authenticate() #Api Authentication for template_name in os.listdir(base_folder): if template_name.endswith(".yaml"): self.process_template_file( diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py index 164fe17de..472fcffc6 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py @@ -113,4 +113,4 @@ def get_access_token_resource_owner(self): "code {0}: -> {1}".format(response.status_code, response.text) ) except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) + print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) \ No newline at end of file From 40131a523e59185459adb1144c06173d76ad95ba Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 21 May 2024 22:43:07 -0500 Subject: [PATCH 006/441] adjust modules engine dast --- .gitignore | 3 +- .../engine_dast/ConfigTool.json | 40 +++++++ .../engine_dast/Exclusions.json | 14 +++ .../src/domain/model/config_tool.py | 1 + .../driven_adapters/jwt/jwt_tool.py | 39 ------ .../driven_adapters/nuclei/nuclei_config.py | 25 ++-- .../nuclei/nuclei_deserealizer.py | 1 + .../driven_adapters/nuclei/nuclei_tool.py | 4 +- .../oauth/azure_active_directory.py | 111 ------------------ .../applications/test_runner_dast_scan.py | 0 .../github/infrastructure/github_api.py | 2 +- 11 files changed, 73 insertions(+), 167 deletions(-) create mode 100644 example_remote_config_local/engine_dast/ConfigTool.json create mode 100644 example_remote_config_local/engine_dast/Exclusions.json delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py diff --git a/.gitignore b/.gitignore index e9417e415..d3f619e83 100644 --- a/.gitignore +++ b/.gitignore @@ -53,4 +53,5 @@ node_modules DevSecOps_Remote_Config /azp result_dast_scan.json -/customized-nuclei-templates \ No newline at end of file +/customized-nuclei-templates +/engine_utilities \ No newline at end of file diff --git a/example_remote_config_local/engine_dast/ConfigTool.json b/example_remote_config_local/engine_dast/ConfigTool.json new file mode 100644 index 000000000..40badecaa --- /dev/null +++ b/example_remote_config_local/engine_dast/ConfigTool.json @@ -0,0 +1,40 @@ +{ + "NUCLEI": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", + "EXTERNAL_GIT_SSH_HOST": "github.com", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "russbelln", + "EXTERNAL_DIR_REPOSITORY": "engine-dast-nuclei-templates", + "EXTERNAL_DIR_ASSET_NAME": "rules/engine_dast/nuclei", + "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", + "EXTERNAL_CHECKS_PATH": "/nuclei-templates", + "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/", + "THRESHOLD": { + "VULNERABILITY": {"Critical": 1, "High": 8, "Medium": 10, "Low": 15}, + "COMPLIANCE": {"Critical": 1} + }, + "RULES": { + "RULES_DOCKER": { + "ENGINE_JWT_001": { + "checkID": "ENGINE_JWT_001 Evaluate JSON Web token's algorithm", + "environment": {"dev": "True", "pdn": "True", "qa": "True"}, + "guideline": "https://bancolombia.sharepoint.com/", + "severity": "Critical", + "cvss": "", + "category": "Vulnerability" + }, + "ENGINE_JWT_002": { + "checkID": "ENGINE_JWT_002 Evaluate JSON Web token's algorithm", + "environment": {"dev": "True", "pdn": "True", "qa": "True"}, + "guideline": "https://bancolombia.sharepoint.com/", + "severity": "High", + "cvss": "", + "category": "Vulnerability" + } + } + } + } +} diff --git a/example_remote_config_local/engine_dast/Exclusions.json b/example_remote_config_local/engine_dast/Exclusions.json new file mode 100644 index 000000000..70fc681a5 --- /dev/null +++ b/example_remote_config_local/engine_dast/Exclusions.json @@ -0,0 +1,14 @@ +{ + "All": { + "NUCLEI": [ + { + "id": "ENGINE_JWT_001", + "where": "all", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704" + } + ] + } +} \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py index 4dcf8ef02..935920024 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py @@ -15,6 +15,7 @@ def __init__(self, json_data, tool): self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"] self.external_dir_repository = json_data[tool]["EXTERNAL_DIR_REPOSITORY"] self.external_asset_name = json_data[tool]["EXTERNAL_DIR_ASSET_NAME"] + self.external_checks_save_path = json_data[tool]["EXTERNAL_CHECKS_PATH"] self.message_info_dast = json_data[tool]["MESSAGE_INFO_DAST"] self.threshold = Threshold(json_data[tool]["THRESHOLD"]) self.rules_data_type = json_data[tool]["RULES"] diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py index 8065901c3..73deebef4 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py @@ -28,45 +28,6 @@ def __init__(self, target_config): self.GOOD_JWE_ENC = ["A256GCM"] self.target_config = target_config - def downgrade(self, token): - newtoken = False - alg = jwt.get_unverified_header(token)["alg"] - data = jwt.decode(token, options={"verify_signature": False}) - - if alg == "HS256": - newtoken = jwt.encode(data, "", algorithm=None) - return newtoken - - def send_req_downgrade( - self, agent, natural_response=None, url="", token="", params=None, data=None - ): - """Send downgraded JWT token in request using agent""" - - check_id = "ENGINE_JWT_004" - is_vulnerable = False - message_downgrade = "Downgrade de JWT fallido" - - if natural_response is None: - agent.auth_bearer(token) - if data is None: - natural_response = agent.get(url, params) - else: - natural_response = agent.post(url, params) - - agent.auth_bearer(token) - bad_token = self.downgrade(token) - - if bad_token: - bad_response = agent.get(url, params) - else: - bad_response = agent.post(url, data) - if natural_response.status_code == bad_response.status_code: - if natural_response.txt == bad_response.text: - is_vulnerable = True - message_downgrade = "Downgrade de JWT exitoso" - - return ("JWT token", check_id, is_vulnerable, message_downgrade, token) - def verify_jwt_alg(self, token): "Evaluate JSON Web token's algorithm" diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py index 2bb4cb589..fee5a023a 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py @@ -28,9 +28,7 @@ def process_template_file( template_counter: int, ) -> None: new_template_name: str = "nuclei_template_" + str(template_counter) + ".yaml" - - template_file_path = os.path.join(base_folder, template_name) - with open(template_file_path, "r") as template_file: # abrir archivo + with open(template_name, "r") as template_file: # abrir archivo template_data = self.yaml.load(template_file) if "http" in template_data: template_data["http"][0]["method"] = new_template_data["operation"]["method"] @@ -57,16 +55,17 @@ def process_templates_folder(self, base_folder: str) -> None: t_counter = 0 for operation in self.data: operation.authenticate() #Api Authentication - for template_name in os.listdir(base_folder): - if template_name.endswith(".yaml"): - self.process_template_file( - base_folder=base_folder, - dest_folder=self.custom_templates_dir, - template_name=template_name, - new_template_data=operation.data, - template_counter=t_counter, - ) - t_counter += 1 + for root, dirs, files in os.walk(base_folder): + for file in files: + if file.endswith(".yaml"): + self.process_template_file( + base_folder=base_folder, + dest_folder=self.custom_templates_dir, + template_name=os.path.join(root, file), + new_template_data=operation.data, + template_counter=t_counter, + ) + t_counter += 1 def customize_templates(self, directory: str) -> None: if self.target_type.lower() == "api": diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py index 8ae624561..f1550e72e 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py @@ -32,6 +32,7 @@ def get_list_finding( category=Category("vulnerability"), requirements=scan["info"].get("remediation"), tool="Nuclei", + published_date_cve=None ) list_open_findings.append(finding_open) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py index e2449956f..dfa69c9e9 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py @@ -33,7 +33,7 @@ def __init__(self, target_config=None, data_config_cli=None): self.debug: str = os.environ.get("DEBUG", "false") def configurate_external_checks( - self, config_tool: ConfigTool, github_token: str, output_dir: str = "azp/_work/r1/a" + self, config_tool: ConfigTool, github_token: str, output_dir: str = "tmp" ): # Create configuration dir external checks if config_tool.use_external_checks_dir == "True": @@ -43,7 +43,7 @@ def configurate_external_checks( config_tool.external_dir_repository, output_dir, ) - return output_dir + "/http/http-security-headers" + return output_dir + config_tool.external_checks_save_path def execute(self, target_config: NucleiConfig) -> dict: """Interact with nuclei's core application""" diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py deleted file mode 100644 index 377ef660c..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/azure_active_directory.py +++ /dev/null @@ -1,111 +0,0 @@ -import requests -import sys - - -class AzureActiveDirectory: - def __init__(self, data): - self.data: dict = data - self.config = self.process_data(sys.argv[1:]) - - def process_data(self): - client_id = self.data["security_auth"]["client_id"] - client_secret = self.data["security_auth"]["client_secret"] - tenant_id = self.data["security_auth"]["tenant_id"] - username = self.data["security_auth"].get("username") - password = self.data["security_auth"].get("password") - - config = { - "client_id": client_id, - "client_secret": client_secret, - "tenant_id": tenant_id, - "username": username, - "password": password, - } - - return config - - def get_access_token(self): - if self.config["username"] and self.config["password"]: - return self.get_access_token_resource_owner() - else: - return self.get_access_token_client_credentials() - - def get_access_token_client_credentials(self): - """Obtener access token desde microsoft graph.""" - try: - # Verifica que el diccionario de configuración contenga todas las claves necesarias - required_keys = ["client_id", "client_secret", "tenant_id"] - if not all(key in self.config for key in required_keys): - raise ValueError("Falta una o más claves de configuración.") - - tenant_id = self.config["tenant_id"] - data = { - "client_id": self.config["client_id"], - "client_secret": self.config["client_secret"], - "tenant_id": self.config["tenant_id"], - "grant_type": "client_credentials", - "scope": "https://graph.microsoft.com/.default", - } - - url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" - headers = { - "Content-Type": "application/x-www-form-urlencoded", - } - response = requests.request( - "POST", url, headers=headers, data=data, timeout=5 - ) - if 200 <= response.status_code < 300: - result = response.json()["access_token"] - return result - else: - print( - "[graph] No se obtuvo el access " - "token Unknown status " - "code {0}: -> {1}".format(response.status_code, response.text) - ) - except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) - - def get_access_token_resource_owner(self): - """Obtener access token desde microsoft graph.""" - try: - # Verifica que el diccionario de configuración contenga todas las claves necesarias - required_keys = [ - "client_id", - "client_secret", - "tenant_id", - "username", - "password", - ] - if not all(key in self.config for key in required_keys): - raise ValueError("Falta una o más claves de configuración.") - - tenant_id = self.config["tenant_id"] - - url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" - data = { - "client_id": self.config["client_id"], - "client_secret": self.config["client_secret"], - "grant_type": "password", - "scope": "https://graph.microsoft.com/.default", - "username": self.config["username"], - "password": self.config["password"], - } - - headers = { - "Content-Type": "application/x-www-form-urlencoded", - } - response = requests.request( - "POST", url, headers=headers, data=data, timeout=5 - ) - if 200 <= response.status_code < 300: - result = response.json()["access_token"] - return result - else: - print( - "[graph] No se obtuvo el access " - "token Unknown status " - "code {0}: -> {1}".format(response.status_code, response.text) - ) - except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) diff --git a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py b/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py index 938b33d82..8440b7909 100644 --- a/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py +++ b/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py @@ -46,4 +46,4 @@ def download_latest_release_assets( else: print( f"Error getting the assets of the last release. Status code: {response.status_code}" - ) + ) \ No newline at end of file From 86f00c71aab32ae7f1a2dfb9a8b3c2634f515c4e Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 21 May 2024 22:50:49 -0500 Subject: [PATCH 007/441] remove duplicate code --- .../driven_adapters/nuclei/nuclei_config.py | 4 +- .../driven_adapters/oauth/oauth.py | 98 ------------------- 2 files changed, 1 insertion(+), 101 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py index fee5a023a..dbe63c6dc 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py @@ -1,10 +1,8 @@ from typing import List import os -from uu import Error from ruamel.yaml import YAML from json import dumps as json_dumps - class NucleiConfig: def __init__(self, target_config): self.url: str = target_config.endpoint @@ -17,7 +15,7 @@ def __init__(self, target_config): elif self.target_type.lower() == "wa": self.data: dict = target_config.data else: - raise Error("No se ha podido establecer si el objetivo a escanear es una api o un aplicativo web.") + raise ValueError("No se ha podido establecer si el objetivo a escanear es una api o un aplicativo web.") def process_template_file( self, diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py deleted file mode 100644 index 7118cbc34..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/oauth.py +++ /dev/null @@ -1,98 +0,0 @@ -import requests -import argparse -import sys - - -class OauthObject: - def __init__(self, target_config: dict, data_config_cli: dict): - self.target_config = target_config - self.data_config_cli = data_config_cli - - def get_auth_config(self): - config = {"access_token": self.get_access_token()} - return config - - def get_access_token(self): - if self.data_config_cli["username"] and self.data_config_cli["password"]: - return self.get_access_token_resource_owner() - else: - return self.get_access_token_client_credentials() - - def get_access_token_client_credentials(self) -> str: - """""" - try: - # Verifica que el diccionario de configuración contenga todas las claves necesarias - required_keys = ["client_id", "client_secret", "tenant_id"] - if not all(key in self.data_config_cli for key in required_keys): - raise ValueError("Falta una o más claves de configuración para OAUth.") - - tenant_id = self.data_config_cli["tenant_id"] - data = { - "client_id": self.data_config_cli["client_id"], - "client_secret": self.data_config_cli["client_secret"], - "tenant_id": self.data_config_cli["tenant_id"], - "grant_type": "client_credentials", - "scope": self.target_config["security_auth"]["scope"], - } - - url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" - headers = { - "Content-Type": "application/x-www-form-urlencoded", - } - response = requests.request( - "POST", url, headers=headers, data=data, timeout=5 - ) - if 200 <= response.status_code < 300: - access_token = response.json()["access_token"] - return access_token - else: - print( - "[graph] No se obtuvo el access " - "token Unknown status " - "code {0}: -> {1}".format(response.status_code, response.text) - ) - except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) - - def get_access_token_resource_owner(self) -> str: - """Obtener access token desde microsoft graph.""" - try: - # Verifica que el diccionario de configuración contenga todas las claves necesarias - required_keys = [ - "client_id", - "client_secret", - "tenant_id", - "username", - "password", - ] - if not all(key in self.data_config_cli for key in required_keys): - raise ValueError("Falta una o más claves de configuración.") - - tenant_id = self.data_config_cli["tenant_id"] - url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" - data = { - "client_id": self.data_config_cli["client_id"], - "client_secret": self.data_config_cli["client_secret"], - "grant_type": "password", - "scope": self.target_config["security_auth"]["scope"], - "username": self.data_config_cli["username"], - "password": self.data_config_cli["password"], - } - - headers = { - "Content-Type": "application/x-www-form-urlencoded", - } - response = requests.request( - "POST", url, headers=headers, data=data, timeout=5 - ) - if 200 <= response.status_code < 300: - access_token = response.json()["access_token"] - return access_token - else: - print( - "[graph] No se obtuvo el access " - "token Unknown status " - "code {0}: -> {1}".format(response.status_code, response.text) - ) - except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) From 8f48e3f06a823baae2b5fe0748ab9262d4f7c7e8 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 09:54:48 -0500 Subject: [PATCH 008/441] ajust unit test --- .../applications/test_runner_engine_core.py | 1 + .../test/domain/usecases/test_handle_scan.py | 41 +++++- .../src/applications/runner_dast_scan.py | 124 +++++++++--------- .../engine_dast/src/domain/model/wa_config.py | 9 +- .../src/domain/usecases/dast_scan.py | 102 +++++++------- .../driven_adapters/nuclei/nuclei_config.py | 41 +++--- .../nuclei/nuclei_deserealizer.py | 2 +- .../driven_adapters/nuclei/nuclei_tool.py | 10 +- .../driven_adapters/oauth/generic_oauth.py | 43 +++--- .../entry_points/entry_point_dast.py | 9 +- .../infrastructure/helpers/json_handler.py | 13 ++ tools/requirements.txt | 3 +- tools/requirements_test.txt | 3 +- 13 files changed, 224 insertions(+), 177 deletions(-) create mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py diff --git a/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py b/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py index 7692f0ade..5416862fc 100644 --- a/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py +++ b/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py @@ -25,6 +25,7 @@ def test_application_core(mock_get_inputs_from_cli, mock_entry_point_tool): "token_vulnerability_management": None, "token_engine_container": None, "token_engine_dependencies": None, + "dast_file_path": None, } # Mock the dependencies diff --git a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py index f9488c15c..ee94f852b 100644 --- a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py @@ -147,15 +147,44 @@ def test_process_with_engine_container(self, mock_runner_engine_container): self.assertEqual(result_input_core, input_core) self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) - @mock.patch("builtins.print") - def test_process_with_engine_dast(self, mock_print): + @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_dast") + @mock.patch("builtins.open", new_callable=mock.mock_open, read_data='''{ + "endpoint": "https://example.com", + "operations": [ + { + "operation": { + "headers": { + "accept": "/" + }, + "method": "POST", + "path": "/example_path", + "security_auth": { + "type": "jwt" + } + } + } + ] + }''') + def test_process_with_engine_dast(self, mock_open, mock_runner_engine_dast): dict_args = { - "use_secrets_manager": "false", + "use_secrets_manager": "true", "tool": "engine_dast", + "dast_file_path": "example_dast.json" } - config_tool = {"ENGINE_DAST": "some_config"} - self.handle_scan.process(dict_args, config_tool) - mock_print.assert_called_once_with("not yet enabled") + secret_tool = {"github_token": "example_token"} + self.secrets_manager_gateway.get_secret.return_value = secret_tool + config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI"}} + # Simula lo que devolverá runner_engine_dast + mock_runner_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") + # Llama al método que deseas probar + result_findings_list, result_input_core = self.handle_scan.process(dict_args, config_tool) + # Verifica que el mock se haya llamado correctamente + mock_runner_engine_dast.assert_called_once_with( + dict_args, config_tool, secret_tool, self.devops_platform_gateway + ) + # Verifica los resultados devueltos + self.assertEqual(result_findings_list, ["finding1", "finding2"]) + self.assertEqual(result_input_core, "input_core_mock") @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_secret_scan") def test_process_with_engine_secret(self, mock_runner_secret_scan): diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index b5e792dde..c1707a4ea 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -1,4 +1,4 @@ -import json +import os from typing import List from devsecops_engine_tools.engine_dast.src.infrastructure.entry_points.entry_point_dast import ( init_engine_dast, @@ -24,70 +24,74 @@ from devsecops_engine_tools.engine_dast.src.domain.model.api_operation import ( ApiOperation ) - +from devsecops_engine_tools.engine_dast.src.domain.model.wa_config import ( + WaConfig +) +from devsecops_engine_tools.engine_dast.src.infrastructure.helpers.json_handler import ( + load_json_file +) def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): - try: - # Define driven adapters - # Initialize variables - devops_platform_gateway = devops_platform - extra_tools = [] - target_config = None + devops_platform_gateway = devops_platform + extra_tools = [] + target_config = None - # Filling operations list with adapters - with open(dict_args["dast_file_path"], 'r') as dast_file: - data = json.load(dast_file) - if "operations" in data: # Api - operations: List = [] - for elem in data["operations"]: - security_type = elem["operation"]["security_auth"]["type"].lower() - if security_type == "jwt": - operations.append( - ApiOperation( - elem, - JwtObject( - elem["operation"]["security_auth"] - ))) - elif security_type == "oauth": - operations.append( - ApiOperation( - elem, - GenericOauth( - elem["operation"]["security_auth"] - ) - ) + # Filling operations list with adapters + data = load_json_file(dict_args["dast_file_path"]) + + if "operations" in data: # Api + operations: List = [] + for elem in data["operations"]: + security_type = elem["operation"]["security_auth"]["type"].lower() + if security_type == "jwt": + operations.append( + ApiOperation( + elem, + JwtObject( + elem["operation"]["security_auth"] + ))) + elif security_type == "oauth": + operations.append( + ApiOperation( + elem, + GenericOauth( + elem["operation"]["security_auth"] ) - else: - operations.append( - ApiOperation( - elem, - AuthClientCredential( - elem["operation"]["security_auth"] - ) - ) + ) + ) + else: + operations.append( + ApiOperation( + elem, + AuthClientCredential( + elem["operation"]["security_auth"] ) - data["operations"] = operations - target_config = ApiConfig(data) - else: # Web Application - pass - - - if config_tool["ENGINE_DAST"]["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool - tool_run = NucleiTool() + ) + ) + data["operations"] = operations + target_config = ApiConfig(data) + elif "WA" in data: # Web Application + if data["data"].get["security_auth"] == "oauth": + authentication_gateway = GenericOauth( + data["data"]["security_auth"] + ) + target_config = WaConfig(data, authentication_gateway) + else: + raise ValueError("Can't match if the target type is an api or a web application ") - if any((k.lower() == "jwt") for k in config_tool["ENGINE_DAST"]["EXTRA_TOOLS"]) and \ - any(isinstance(o.authentication_gateway, JwtObject) for o in data["operations"] ): - extra_tools.append(JwtTool(target_config)) + if config_tool["ENGINE_DAST"]["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool + tool_run = NucleiTool() - return init_engine_dast( - devops_platform_gateway=devops_platform_gateway, - tool_gateway=tool_run, - dict_args=dict_args, - secret_tool=secret_tool, - config_tool=config_tool, - extra_tools=extra_tools, - target_data=target_config - ) + if any((k.lower() == "jwt") for k in config_tool["ENGINE_DAST"]["EXTRA_TOOLS"]) and \ + any(isinstance(o.authentication_gateway, JwtObject) for o in data["operations"] ): + extra_tools.append(JwtTool(target_config)) - except KeyError as e: - raise KeyError(f"Error accessing the key in runner engine dast: {str(e)}") \ No newline at end of file + return init_engine_dast( + devops_platform_gateway=devops_platform_gateway, + tool_gateway=tool_run, + dict_args=dict_args, + checks_token=secret_tool["github_token"] if secret_tool else os.environ["GITHUB_TOKEN"], + config_tool=config_tool, + extra_tools=extra_tools, + target_data=target_config + ) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py index e48c50282..da18e334f 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/wa_config.py @@ -1,5 +1,10 @@ class WaConfig: - def __init__(self, data: dict): + def __init__(self, data: dict, authentication_gateway): self.target_type: str = "WA" self.url: str = data["endpoint"] - self.data: dict = data.wa_data \ No newline at end of file + self.data: dict = data.wa_data + + def authenticate(self): + self.credentials = self.authentication_gateway.get_credentials() + if self.credentials is not None: + self.data["headers"][self.credentials[0]] = self.credentials[1] \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py index ff7e93560..1dba070d9 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py @@ -56,66 +56,68 @@ def complete_config_tool( return config_tool, data_target_config def process( - self, dict_args, secret_tool, config_tool + self, dict_args, dast_token, config_tool ) -> "Tuple[List, InputCore]": - init_config_tool = self.devops_platform_gateway.get_remote_config( - dict_args["remote_config_repo"], "engine_dast/configTool.json" - ) - - exclusions = self.devops_platform_gateway.get_remote_config( - dict_args["remote_config_repo"], - "engine_dast/Exclusions.json" - ) + try: + init_config_tool = self.devops_platform_gateway.get_remote_config( + dict_args["remote_config_repo"], "engine_dast/configTool.json" + ) + exclusions = self.devops_platform_gateway.get_remote_config( + dict_args["remote_config_repo"], + "engine_dast/Exclusions.json" + ) - config_tool, data_target = self.complete_config_tool( - data_file_tool=init_config_tool, - exclusions=exclusions, - tool=config_tool["ENGINE_DAST"]["TOOL"], - ) + config_tool, data_target = self.complete_config_tool( + data_file_tool=init_config_tool, + exclusions=exclusions, + tool=config_tool["ENGINE_DAST"]["TOOL"], + ) - finding_list, path_file_results = self.tool_gateway.run_tool( - target_data=data_target, - config_tool=config_tool, - secret_tool=secret_tool, - ) - #Here exceute other tools and append to finding list - if len(self.other_tools) > 0: - extra_finding_list = self.other_tools[0].run_tool( + finding_list, path_file_results = self.tool_gateway.run_tool( target_data=data_target, - config_tool=config_tool + config_tool=config_tool, + token=dast_token, ) - if len(extra_finding_list) > 0: - finding_list.extend(extra_finding_list) + #Here exceute other tools and append to finding list + if len(self.other_tools) > 0: + extra_finding_list = self.other_tools[0].run_tool( + target_data=data_target, + config_tool=config_tool + ) + if len(extra_finding_list) > 0: + finding_list.extend(extra_finding_list) - totalized_exclusions = [] - ( - totalized_exclusions.extend( - map( - lambda elem: Exclusions(**elem), config_tool.exclusions_all + totalized_exclusions = [] + ( + totalized_exclusions.extend( + map( + lambda elem: Exclusions(**elem), config_tool.exclusions_all + ) ) + if config_tool.exclusions_all is not None + else None ) - if config_tool.exclusions_all is not None - else None - ) - ( - totalized_exclusions.extend( - map( - lambda elem: Exclusions(**elem), - config_tool.exclusions_scope, + ( + totalized_exclusions.extend( + map( + lambda elem: Exclusions(**elem), + config_tool.exclusions_scope, + ) ) + if config_tool.exclusions_scope is not None + else None ) - if config_tool.exclusions_scope is not None - else None - ) - input_core = InputCore( - totalized_exclusions=totalized_exclusions, - threshold_defined=config_tool.threshold, - path_file_results=path_file_results, - custom_message_break_build=config_tool.message_info_dast, - scope_pipeline=config_tool.scope_pipeline, - stage_pipeline="Release", - ) + input_core = InputCore( + totalized_exclusions=totalized_exclusions, + threshold_defined=config_tool.threshold, + path_file_results=path_file_results, + custom_message_break_build=config_tool.message_info_dast, + scope_pipeline=config_tool.scope_pipeline, + stage_pipeline="Release", + ) - return finding_list, input_core \ No newline at end of file + return finding_list, input_core + except Exception as e: + raise Exception(f"Error engine_secret : {str(e)}") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py index dbe63c6dc..7fc4c7829 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_config.py @@ -6,16 +6,16 @@ class NucleiConfig: def __init__(self, target_config): self.url: str = target_config.endpoint - self.target_type: str = target_config.target_type + self.target_type: str = target_config.target_type.lower() self.custom_templates_dir: str = "" self.output_file: str = "result_dast_scan.json" self.yaml = YAML() - if self.target_type.lower() == "api": + if self.target_type == "api": self.data: List = target_config.operations - elif self.target_type.lower() == "wa": + elif self.target_type == "wa": self.data: dict = target_config.data else: - raise ValueError("No se ha podido establecer si el objetivo a escanear es una api o un aplicativo web.") + raise ValueError("ERROR: The objective is not an api or web application type") def process_template_file( self, @@ -37,8 +37,6 @@ def process_template_file( if "payload" in new_template_data["operation"]: body = json_dumps(new_template_data["operation"]["payload"]) template_data["http"][0]["body"] = body - elif "ssl" in template_data: - pass new_template_path = os.path.join(dest_folder, new_template_name) @@ -49,25 +47,24 @@ def process_templates_folder(self, base_folder: str) -> None: if not os.path.exists(self.custom_templates_dir): os.makedirs(self.custom_templates_dir) - if self.target_type.lower() == "api": - t_counter = 0 - for operation in self.data: - operation.authenticate() #Api Authentication - for root, dirs, files in os.walk(base_folder): - for file in files: - if file.endswith(".yaml"): - self.process_template_file( - base_folder=base_folder, - dest_folder=self.custom_templates_dir, - template_name=os.path.join(root, file), - new_template_data=operation.data, - template_counter=t_counter, - ) + t_counter = 0 + for operation in self.data: + operation.authenticate() #Api Authentication + for root, dirs, files in os.walk(base_folder): + for file in files: + if file.endswith(".yaml"): + self.process_template_file( + base_folder=base_folder, + dest_folder=self.custom_templates_dir, + template_name=os.path.join(root, file), + new_template_data=operation.data, + template_counter=t_counter, + ) t_counter += 1 def customize_templates(self, directory: str) -> None: - if self.target_type.lower() == "api": - self.custom_templates_dir = "customized-nuclei-templates/" + if self.target_type == "api": + self.custom_templates_dir = "customized-nuclei-templates" self.process_templates_folder( base_folder=directory ) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py index f1550e72e..50bc06bc7 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py @@ -23,7 +23,7 @@ def get_list_finding( for scan in results_scan_list: finding_open = Finding( id=scan.get("template-id"), - cvss=scan["info"]["classification"].get("cvss-score"), + cvss=scan["info"].get("classification").get("cvss-score"), where=scan.get("matched-at"), description=scan["info"].get("description"), severity=scan["info"].get("severity").lower(), diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py index dfa69c9e9..a79f70bce 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py @@ -57,7 +57,9 @@ def execute(self, target_config: NucleiConfig) -> dict: + target_config.custom_templates_dir + " -ni " # disable interactsh server + "-dc " # disable clustering of requests - + "-je " # file to export results in JSON format + + "-tags " # Excute only templates with the especified tag + + target_config.target_type + + " -je " # file to export results in JSON format + str(target_config.output_file) ) @@ -76,11 +78,9 @@ def execute(self, target_config: NucleiConfig) -> dict: json_response = json.load(f) return json_response - def run_tool(self, target_data, config_tool, secret_tool): + def run_tool(self, target_data, config_tool, token): nuclei_config = NucleiConfig(target_data) - #checks_directory = self.configurate_external_checks(config_tool, secret_tool["github_token"]) #DATA PDN - checks_directory = self.configurate_external_checks(config_tool, - github_token=os.getenv('GITHUB_TOKEN'))#BORRAR PDN + checks_directory = self.configurate_external_checks(config_tool, token) #DATA PDN nuclei_config.customize_templates(checks_directory) result_scans = self.execute(nuclei_config) nuclei_deserealizator = NucleiDesealizator() diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py index 472fcffc6..9b5ddf456 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py @@ -8,18 +8,14 @@ def __init__(self, data): self.data: dict = data def process_data(self): - client_id = self.data["security_auth"]["client_id"] - client_secret = self.data["security_auth"]["client_secret"] - tenant_id = self.data["security_auth"]["tenant_id"] - username = self.data["security_auth"].get("username") - password = self.data["security_auth"].get("password") config = { - "client_id": client_id, - "client_secret": client_secret, - "tenant_id": tenant_id, - "username": username, - "password": password, + "client_id": self.data["security_auth"]["client_id"], + "client_secret": self.data["security_auth"]["client_secret"], + "endpoint": self.data["security_auth"]["endpoint"], + "username": self.data["security_auth"].get("username"), + "password": self.data["security_auth"].get("password"), + "scope": self.data["security_auth"].get("scope") } return config @@ -33,26 +29,24 @@ def get_access_token(self): return self.get_access_token_client_credentials() def get_credentials(self): - pass + return self.get_access_token() def get_access_token_client_credentials(self): - """Obtener access token desde microsoft graph.""" + """Obtain access token using client credentials flow.""" try: - # Verifica que el diccionario de configuración contenga todas las claves necesarias required_keys = ["client_id", "client_secret", "tenant_id"] if not all(key in self.config for key in required_keys): - raise ValueError("Falta una o más claves de configuración.") + raise ValueError("One or more keys is missing in OAuth config") - tenant_id = self.config["tenant_id"] data = { "client_id": self.config["client_id"], "client_secret": self.config["client_secret"], "tenant_id": self.config["tenant_id"], "grant_type": "client_credentials", - "scope": "https://graph.microsoft.com/.default", + "scope": self.config["scope"], } - url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + url = self.config["endpoint"] headers = { "Content-Type": "application/x-www-form-urlencoded", } @@ -64,35 +58,32 @@ def get_access_token_client_credentials(self): return result else: print( - "[graph] No se obtuvo el access " + "Can't obtain access token" "token Unknown status " "code {0}: -> {1}".format(response.status_code, response.text) ) except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) + print("Can't obtain accesstoken: {0}".format(e)) def get_access_token_resource_owner(self): - """Obtener access token desde microsoft graph.""" + """Obtain access token using resource owner flow.""" try: - # Verifica que el diccionario de configuración contenga todas las claves necesarias required_keys = [ "client_id", "client_secret", "tenant_id", "username", - "password", + "password" ] if not all(key in self.config for key in required_keys): raise ValueError("Falta una o más claves de configuración.") - tenant_id = self.config["tenant_id"] - - url = "https://login.microsoftonline.com/" f"{tenant_id}/oauth2/v2.0/token" + url = self.config["endpoint"] data = { "client_id": self.config["client_id"], "client_secret": self.config["client_secret"], "grant_type": "password", - "scope": "https://graph.microsoft.com/.default", + "scope": self.config["scope"], "username": self.config["username"], "password": self.config["password"], } diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py index 432d1a835..84ba30c19 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/entry_points/entry_point_dast.py @@ -11,10 +11,13 @@ def init_engine_dast( devops_platform_gateway, tool_gateway, dict_args, - secret_tool, + checks_token, config_tool, extra_tools, target_data ): - dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools) - return dast_scan.process(dict_args, secret_tool, config_tool) \ No newline at end of file + try: + dast_scan = DastScan(tool_gateway, devops_platform_gateway, target_data, extra_tools) + return dast_scan.process(dict_args, checks_token, config_tool) + except Exception as e: + raise Exception(f"Error engine_secret : {str(e)}") diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py new file mode 100644 index 000000000..dcc6ff1d3 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/json_handler.py @@ -0,0 +1,13 @@ +import json + + +def load_json_file(file_path: str): + try: + with open(file_path, 'r') as file: + return json.load(file) + except FileNotFoundError: + raise FileNotFoundError(f"Error: The file '{file_path}' was not found.") + except json.JSONDecodeError: + raise json.JSONDecodeError(f"Error: The file '{file_path}' does not contain valid JSON.") + except IOError as e: + raise IOError(f"I/O Error: {e}") \ No newline at end of file diff --git a/tools/requirements.txt b/tools/requirements.txt index d149d5adb..0d1e2576b 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -10,4 +10,5 @@ pytz==2023.3 python-decouple==3.8 requests_toolbelt==1.0.0 python-dateutil==2.8.2 -pexpect==4.9.0 \ No newline at end of file +pexpect==4.9.0 +ruamel.yaml==0.18.6 \ No newline at end of file diff --git a/tools/requirements_test.txt b/tools/requirements_test.txt index f5ab49ed7..8ccc482ab 100644 --- a/tools/requirements_test.txt +++ b/tools/requirements_test.txt @@ -3,4 +3,5 @@ pytest-cov==4.1.0 coverage_badge==1.1.0 flake8==6.0.0 black==24.3.0 -pre-commit==3.3.3 \ No newline at end of file +pre-commit==3.3.3 +ruamel.yaml==0.18.6 \ No newline at end of file From 93541134ecc6c1931c47747c3d3f0d8cda05a73a Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 09:59:19 -0500 Subject: [PATCH 009/441] adjust requirements --- tools/requirements.txt | 3 ++- tools/requirements_test.txt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/requirements.txt b/tools/requirements.txt index 0d1e2576b..420c30c6c 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -11,4 +11,5 @@ python-decouple==3.8 requests_toolbelt==1.0.0 python-dateutil==2.8.2 pexpect==4.9.0 -ruamel.yaml==0.18.6 \ No newline at end of file +ruamel.yaml==0.18.6 +Authlib==1.3.0 \ No newline at end of file diff --git a/tools/requirements_test.txt b/tools/requirements_test.txt index 8ccc482ab..7dc37409c 100644 --- a/tools/requirements_test.txt +++ b/tools/requirements_test.txt @@ -4,4 +4,5 @@ coverage_badge==1.1.0 flake8==6.0.0 black==24.3.0 pre-commit==3.3.3 -ruamel.yaml==0.18.6 \ No newline at end of file +ruamel.yaml==0.18.6 +Authlib==1.3.0 \ No newline at end of file From 3b65b2efcd715b1c984ef76d1245f9a03679deae Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 10:03:01 -0500 Subject: [PATCH 010/441] adjust requirements --- .../src/infrastructure/driven_adapters/jwt/jwt_tool.py | 3 --- tools/requirements.txt | 3 ++- tools/requirements_test.txt | 3 ++- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py index 73deebef4..c6393d9d6 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py @@ -1,9 +1,6 @@ from typing import ( List ) -from dataclasses import ( - dataclass, -) from datetime import ( datetime, ) diff --git a/tools/requirements.txt b/tools/requirements.txt index 420c30c6c..b6cb31542 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -12,4 +12,5 @@ requests_toolbelt==1.0.0 python-dateutil==2.8.2 pexpect==4.9.0 ruamel.yaml==0.18.6 -Authlib==1.3.0 \ No newline at end of file +Authlib==1.3.0 +PyJWT==2.8.0 \ No newline at end of file diff --git a/tools/requirements_test.txt b/tools/requirements_test.txt index 7dc37409c..bbb445cb6 100644 --- a/tools/requirements_test.txt +++ b/tools/requirements_test.txt @@ -5,4 +5,5 @@ flake8==6.0.0 black==24.3.0 pre-commit==3.3.3 ruamel.yaml==0.18.6 -Authlib==1.3.0 \ No newline at end of file +Authlib==1.3.0 +PyJWT==2.8.0 \ No newline at end of file From d034dd9231696b64cd633aedfc17e705c141fd63 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 11:33:44 -0500 Subject: [PATCH 011/441] adjust unit tests runner_engine_dast --- .../src/domain/model/api_config.py | 2 +- .../applications/test_runner_dast_scan.py | 148 ++++++++++++++++++ 2 files changed, 149 insertions(+), 1 deletion(-) diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py index 8c2741a65..ca2079d05 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_config.py @@ -9,4 +9,4 @@ def __init__(self, api_data: dict): self.rate_limit: str = api_data.get("rate_limit") self.operations: "List[ApiOperation]" = api_data["operations"] except KeyError: - raise KeyError("Configuración faltante, validar endpoint y acda uno de los operations") \ No newline at end of file + raise KeyError("Missing configuration, validate the endpoint and every single operation") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py index e69de29bb..6a1cc2779 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py @@ -0,0 +1,148 @@ +import unittest +from unittest import mock +from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import ( + runner_engine_dast +) +from devsecops_engine_tools.engine_dast.src.domain.model.api_config import ApiConfig + +class TestRunnerEngineDast(unittest.TestCase): + + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.load_json_file') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.init_engine_dast') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.NucleiTool') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.JwtTool') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.ApiConfig') + @mock.patch('os.environ', {'GITHUB_TOKEN': 'example_token'}) + def test_runner_engine_dast_with_jwt(self, mock_api_config,mock_jwt_tool, mock_nuclei_tool, + mock_init_engine_dast, mock_load_json_file): + # Configurar los valores de retorno de los mocks + mock_load_json_file.return_value = { + "endpoint": "https://example.com", + "operations": [ + { + "operation": { + "headers": {"accept": "/"}, + "method": "POST", + "path": "/example_path", + "security_auth": {"type": "jwt"} + } + } + ] + } + mock_nuclei_tool_instance = mock_nuclei_tool.return_value + mock_jwt_tool_instance = mock_jwt_tool.return_value + mock_init_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") + + # Mock de ApiConfig + mock_api_config_instance = mock_api_config.return_value + + # Configurar los argumentos + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_dast", + "dast_file_path": "example_dast.json" + } + config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": ["JWT"]}} + secret_tool = {"github_token": "example_token"} + devops_platform_gateway = mock.Mock() + + # Llamar a la función + findings_list, input_core = runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway) + + # Verificar que las funciones mockeadas fueron llamadas correctamente + mock_load_json_file.assert_called_once_with(dict_args["dast_file_path"]) + mock_init_engine_dast.assert_called_once_with( + devops_platform_gateway=devops_platform_gateway, + tool_gateway=mock_nuclei_tool_instance, + dict_args=dict_args, + checks_token='example_token', + config_tool=config_tool, + extra_tools=[mock_jwt_tool_instance], + target_data=mock_api_config_instance # Verificar contra el mock de ApiConfig + ) + + # Verificar los resultados + self.assertEqual(findings_list, ["finding1", "finding2"]) + self.assertEqual(input_core, "input_core_mock") + + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.load_json_file') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.init_engine_dast') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.NucleiTool') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.ApiConfig') + @mock.patch('os.environ', {'GITHUB_TOKEN': 'example_token'}) + def test_runner_engine_dast_with_oauth(self, + mock_api_config, + mock_nuclei_tool, + mock_init_engine_dast, + mock_load_json_file): + # Configurar los valores de retorno de los mocks + mock_load_json_file.return_value = { + "endpoint": "https://example.com", + "operations": [ + { + "operation": { + "headers": {"accept": "/"}, + "method": "POST", + "path": "/example_path", + "security_auth": {"type": "oauth"} + } + } + ] + } + mock_nuclei_tool_instance = mock_nuclei_tool.return_value + mock_init_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") + + # Mock de ApiConfig + mock_api_config_instance = mock_api_config.return_value + + # Configurar los argumentos + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_dast", + "dast_file_path": "example_dast.json" + } + config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": []}} + secret_tool = {"github_token": "example_token"} + devops_platform_gateway = mock.Mock() + + # Llamar a la función + findings_list, input_core = runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway) + + # Verificar que las funciones mockeadas fueron llamadas correctamente + mock_load_json_file.assert_called_once_with(dict_args["dast_file_path"]) + mock_init_engine_dast.assert_called_once_with( + devops_platform_gateway=devops_platform_gateway, + tool_gateway=mock_nuclei_tool_instance, + dict_args=dict_args, + checks_token='example_token', + config_tool=config_tool, + extra_tools=[], + target_data=mock_api_config_instance # Verificar contra el mock de ApiConfig + ) + + # Verificar los resultados + self.assertEqual(findings_list, ["finding1", "finding2"]) + self.assertEqual(input_core, "input_core_mock") + + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.load_json_file') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.init_engine_dast') + @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.NucleiTool') + def test_runner_engine_dast_with_invalid_target(self, mock_nuclei_tool, mock_init_engine_dast, mock_load_json_file): + # Configurar los valores de retorno de los mocks + mock_load_json_file.return_value = { + "invalid_key": "invalid_value" + } + + # Configurar los argumentos + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_dast", + "dast_file_path": "example_dast.json" + } + config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": []}} + secret_tool = {"github_token": "example_token"} + devops_platform_gateway = mock.Mock() + + # Verificar que se lanza una excepción para el target inválido + with self.assertRaises(ValueError): + runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway) From f8618b10462be887f1d1333604684fa11fe03429 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 13:09:44 -0500 Subject: [PATCH 012/441] adjust unit tests dast_scan --- .../src/domain/model/security_auth.py | 3 - .../src/domain/usecases/dast_scan.py | 2 +- .../applications/test_runner_dast_scan.py | 1 - .../test/domain/usecases/test_dast_scan.py | 83 +++++++++++++++++++ 4 files changed, 84 insertions(+), 5 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py deleted file mode 100644 index 970b0a844..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/security_auth.py +++ /dev/null @@ -1,3 +0,0 @@ -class SecurityAuth(): - def __init__(self, authentication_gateway): - print() \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py index 1dba070d9..d5a75ee4a 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py @@ -120,4 +120,4 @@ def process( return finding_list, input_core except Exception as e: - raise Exception(f"Error engine_secret : {str(e)}") \ No newline at end of file + raise Exception(f"Error engine dast : {str(e)}") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py index 6a1cc2779..dba0c3178 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py @@ -3,7 +3,6 @@ from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import ( runner_engine_dast ) -from devsecops_engine_tools.engine_dast.src.domain.model.api_config import ApiConfig class TestRunnerEngineDast(unittest.TestCase): diff --git a/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py new file mode 100644 index 000000000..72ec9d342 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py @@ -0,0 +1,83 @@ +import unittest +from unittest.mock import Mock, patch +from devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan import ( + DastScan, + ToolGateway, + DevopsPlatformGateway +) +class TestDastScan(unittest.TestCase): + + def setUp(self): + # Mocks + self.tool_gateway_mock = Mock(spec=ToolGateway) + self.devops_platform_gateway_mock = Mock(spec=DevopsPlatformGateway) + self.data_target_mock = Mock() + self.additional_tools_mock = [Mock(spec=ToolGateway)] + + # Instancia de DastScan + self.dast_scan = DastScan( + tool_gateway=self.tool_gateway_mock, + devops_platform_gateway=self.devops_platform_gateway_mock, + data_target=self.data_target_mock, + aditional_tools=self.additional_tools_mock + ) + + @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.ConfigTool') + def test_complete_config_tool(self, ConfigToolMock): + data_file_tool = {"key": "value"} + exclusions = {"All": {"tool_name": [{"type": "exclusion"}]}, + "pipeline_name": {"config_tool": [{"type": "exclusion_scope"}]}} + tool = "tool_name" + + config_tool_instance = ConfigToolMock.return_value + config_tool_instance.exclusions = exclusions + self.devops_platform_gateway_mock.get_variable.return_value = "pipeline_name" + + config_tool, data_target_config = self.dast_scan.complete_config_tool(data_file_tool, exclusions, tool) + + ConfigToolMock.assert_called_once_with(json_data=data_file_tool, tool=tool) + self.devops_platform_gateway_mock.get_variable.assert_called_once_with("pipeline_name") + self.assertEqual(config_tool, config_tool_instance) + self.assertEqual(data_target_config, self.data_target_mock) + + @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.InputCore') + @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.ConfigTool') + @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.Exclusions') + def test_process(self, ExclusionsMock, ConfigToolMock, InputCoreMock): + dict_args = {"remote_config_repo": "some_repo"} + dast_token = "some_token" + config_tool = {"ENGINE_DAST": {"TOOL": "tool_name"}} + + init_config_tool = {"key": "init_value"} + exclusions = {"All": {"type": "exclusion"}, "pipeline_name": [{"type": "exclusion_scope"}]} + finding_list = ["finding1", "finding2"] + path_file_results = "path/to/results" + extra_finding_list = ["extra_finding1"] + + self.devops_platform_gateway_mock.get_remote_config.side_effect = [init_config_tool, exclusions] + self.tool_gateway_mock.run_tool.return_value = (finding_list, path_file_results) + self.additional_tools_mock[0].run_tool.return_value = extra_finding_list + + ExclusionsMock.side_effect = lambda **kwargs: kwargs + + result, input_core = self.dast_scan.process(dict_args, dast_token, config_tool) + + self.devops_platform_gateway_mock.get_remote_config.assert_any_call( + dict_args["remote_config_repo"], "engine_dast/configTool.json" + ) + self.devops_platform_gateway_mock.get_remote_config.assert_any_call( + dict_args["remote_config_repo"], "engine_dast/Exclusions.json" + ) + + self.tool_gateway_mock.run_tool.assert_called_once_with( + target_data=self.data_target_mock, + config_tool=ConfigToolMock.return_value, + token=dast_token, + ) + self.additional_tools_mock[0].run_tool.assert_called_once_with( + target_data=self.data_target_mock, + config_tool=ConfigToolMock.return_value + ) + + self.assertEqual(result, finding_list ) + #self.assertEqual(input_core, InputCoreMock) \ No newline at end of file From cf971234b52e57adbf3ba21815ae5b91b22df76c Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 14:05:15 -0500 Subject: [PATCH 013/441] adjust unit test oauth and jwt --- .../driven_adapters/jwt/jwt_tool.py | 1 + .../driven_adapters/oauth/generic_oauth.py | 5 +- .../helpers/file_generator_tool.py | 2 +- .../test/domain/model/test_config_tool.py | 0 .../driven_adapters/jwt/test_jwt_object.py | 0 .../driven_adapters/jwt/test_jwt_tool.py | 105 ++++++++++++++++++ .../nuclei/test_nuclei_config.py | 0 .../nuclei/test_nuclei_tool.py | 0 .../oauth/test_generic_oauth.py | 92 +++++++++++++++ 9 files changed, 202 insertions(+), 3 deletions(-) create mode 100644 tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py create mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py index c6393d9d6..c9b864953 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py @@ -19,6 +19,7 @@ class JwtTool(ToolGateway): def __init__(self, target_config): + self.TOOL = "JWT" self.BAD_JWT_ALG = ["none", "ES256", "ES384", "ES512"] self.BAD_JWS_ALG = ["none", "ES256", "ES384", "ES512"] self.GOOD_JWE_ALG = ["dir", "RSA-OAEP", "RSA-OAEP-256"] diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py index 9b5ddf456..94f5a2e26 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py @@ -6,10 +6,11 @@ class GenericOauth(AuthenticationGateway): def __init__(self, data): self.data: dict = data + self.config = {} def process_data(self): - config = { + self.config = { "client_id": self.data["security_auth"]["client_id"], "client_secret": self.data["security_auth"]["client_secret"], "endpoint": self.data["security_auth"]["endpoint"], @@ -18,7 +19,7 @@ def process_data(self): "scope": self.data["security_auth"].get("scope") } - return config + return self.config def get_access_token(self): auth_config = self.process_data() diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py index 3af074da3..8bb26d20c 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py @@ -12,7 +12,7 @@ def generate_file_from_tool(tool, result_list, rules_doc): result_two = result_list[1] file_name = "results.json" results_data = { - "check_type": "Dockerfile and Kubernetes", + "check_type": "Dast scanning", "results": { "failed_checks": list( map( diff --git a/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py b/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py new file mode 100644 index 000000000..cf4fae2d8 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py @@ -0,0 +1,105 @@ +import unittest +from unittest.mock import Mock, patch +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool import JwtTool + +class TestJwtTool(unittest.TestCase): + + def setUp(self): + self.target_config_mock = Mock() + self.jwt_tool = JwtTool(target_config=self.target_config_mock) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + def test_verify_jwt_alg(self, mock_get_unverified_header): + token = "dummy_token" + mock_get_unverified_header.return_value = {"alg": "none"} + + result = self.jwt_tool.verify_jwt_alg(token) + + mock_get_unverified_header.assert_called_once_with(token) + self.assertEqual(result["check-id"], "ENGINE_JWT_001") + self.assertTrue("description" in result) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + def test_verify_jws_alg(self, mock_get_unverified_header): + token = "dummy_token" + mock_get_unverified_header.return_value = {"alg": "ES256"} + + result = self.jwt_tool.verify_jws_alg(token) + + mock_get_unverified_header.assert_called_once_with(token) + self.assertEqual(result["check-id"], "ENGINE_JWT_002") + self.assertTrue("description" in result) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + def test_verify_jwe(self, mock_get_unverified_header): + token = "dummy_token" + mock_get_unverified_header.side_effect = [ + {"enc": "A256GCM"}, + {"alg": "RSA-OAEP"} + ] + + result = self.jwt_tool.verify_jwe(token) + + self.assertEqual(mock_get_unverified_header.call_count, 2) + self.assertEqual(result["check-id"], "ENGINE_JWT_003") + self.assertIn("Algoritmo", result["description"]) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + def test_check_token_jwe(self, mock_get_unverified_header): + token = "dummy_token" + mock_get_unverified_header.return_value = {"enc": "A256GCM"} + + with patch.object(self.jwt_tool, 'verify_jwe', return_value={"check-id": "ENGINE_JWT_003"}) as mock_verify_jwe: + result = self.jwt_tool.check_token(token) + mock_verify_jwe.assert_called_once_with(token) + self.assertEqual(result["check-id"], "ENGINE_JWT_003") + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + def test_check_token_jwt(self, mock_get_unverified_header): + token = "dummy_token" + mock_get_unverified_header.return_value = {"typ": "JWT"} + + with patch.object(self.jwt_tool, 'verify_jwt_alg', return_value={"check-id": "ENGINE_JWT_001"}) as mock_verify_jwt_alg: + result = self.jwt_tool.check_token(token) + mock_verify_jwt_alg.assert_called_once_with(token) + self.assertEqual(result["check-id"], "ENGINE_JWT_001") + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + def test_check_token_jws(self, mock_get_unverified_header): + token = "dummy_token" + mock_get_unverified_header.return_value = {} + + with patch.object(self.jwt_tool, 'verify_jws_alg', return_value={"check-id": "ENGINE_JWT_002"}) as mock_verify_jws_alg: + result = self.jwt_tool.check_token(token) + mock_verify_jws_alg.assert_called_once_with(token) + self.assertEqual(result["check-id"], "ENGINE_JWT_002") + + def test_configure_tool(self): + operation_mock = Mock() + operation_mock.authentication_gateway = {"type": "JWT"} + target_data_mock = Mock() + target_data_mock.operations = [operation_mock] + + result = self.jwt_tool.configure_tool(target_data_mock) + + self.assertIn(operation_mock, result) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.generate_file_from_tool') + def test_run_tool(self, mock_generate_file_from_tool): + target_data_mock = Mock() + config_tool_mock = Mock() + jwt_operation_mock = Mock() + jwt_operation_mock.authenticate.return_value = "dummy_token" + self.jwt_tool.configure_tool = Mock(return_value=[jwt_operation_mock]) + self.jwt_tool.execute = Mock(return_value=[{"check-id": "ENGINE_JWT_001"}]) + self.jwt_tool.deserialize_results = Mock(return_value=["finding"]) + + findings, path_file_results = self.jwt_tool.run_tool(target_data_mock, config_tool_mock) + + self.jwt_tool.configure_tool.assert_called_once_with(target_data_mock) + self.jwt_tool.execute.assert_called_once_with([jwt_operation_mock]) + self.jwt_tool.deserialize_results.assert_called_once_with([{"check-id": "ENGINE_JWT_001"}]) + mock_generate_file_from_tool.assert_called_once_with( + self.jwt_tool.TOOL, [{"check-id": "ENGINE_JWT_001"}], config_tool_mock + ) + self.assertEqual(findings, ["finding"]) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py new file mode 100644 index 000000000..e69de29bb diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py new file mode 100644 index 000000000..31a2dcd1c --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py @@ -0,0 +1,92 @@ +import unittest +from unittest.mock import Mock, patch +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth import GenericOauth + +class TestGenericOauth(unittest.TestCase): + + def setUp(self): + self.data = { + "security_auth": { + "client_id": "dummy_client_id", + "client_secret": "dummy_client_secret", + "endpoint": "https://dummy.endpoint", + "username": "dummy_username", + "password": "dummy_password", + "scope": "dummy_scope" + } + } + self.oauth = GenericOauth(self.data) + + def test_process_data(self): + config = self.oauth.process_data() + + expected_config = { + "client_id": "dummy_client_id", + "client_secret": "dummy_client_secret", + "endpoint": "https://dummy.endpoint", + "username": "dummy_username", + "password": "dummy_password", + "scope": "dummy_scope" + } + self.assertEqual(config, expected_config) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.GenericOauth.get_access_token_resource_owner') + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.GenericOauth.process_data') + def test_get_access_token_resource_owner(self, mock_process_data, mock_get_access_token_resource_owner): + mock_process_data.return_value = self.oauth.process_data() + self.oauth.get_access_token() + + mock_get_access_token_resource_owner.assert_called_once() + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.requests.request') + def test_get_access_token_client_credentials_flow(self, mock_request): + self.oauth.config = self.oauth.process_data() + self.oauth.config["tenant_id"] = "dummy_tenant_id" + response_mock = Mock() + response_mock.status_code = 200 + response_mock.json.return_value = {"access_token": "dummy_access_token"} + mock_request.return_value = response_mock + + token = self.oauth.get_access_token_client_credentials() + + mock_request.assert_called_once_with( + "POST", + "https://dummy.endpoint", + headers={"Content-Type": "application/x-www-form-urlencoded"}, + data={ + "client_id": "dummy_client_id", + "client_secret": "dummy_client_secret", + "tenant_id": "dummy_tenant_id", + "grant_type": "client_credentials", + "scope": "dummy_scope" + }, + timeout=5 + ) + self.assertEqual(token, "dummy_access_token") + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.requests.request') + def test_get_access_token_resource_owner_flow(self, mock_request): + self.oauth.config = self.oauth.process_data() + self.oauth.config["tenant_id"] = "dummy_tenant_id" + response_mock = Mock() + response_mock.status_code = 200 + response_mock.json.return_value = {"access_token": "dummy_access_token"} + mock_request.return_value = response_mock + + token = self.oauth.get_access_token_resource_owner() + + mock_request.assert_called_once_with( + "POST", + "https://dummy.endpoint", + headers={"Content-Type": "application/x-www-form-urlencoded"}, + data={ + "client_id": "dummy_client_id", + "client_secret": "dummy_client_secret", + "grant_type": "password", + "scope": "dummy_scope", + "username": "dummy_username", + "password": "dummy_password" + }, + timeout=5 + ) + self.assertEqual(token, "dummy_access_token") \ No newline at end of file From bc1a6d5a17b64c028da9b33b7b54ab4668d65ce4 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 30 May 2024 15:26:18 -0500 Subject: [PATCH 014/441] adjust unit test --- .../helpers/file_generator_tool.py | 2 +- .../test/domain/model/test_config_tool.py | 65 +++++++++++ .../nuclei/test_nuclei_config.py | 83 ++++++++++++++ .../nuclei/test_nuclei_tool.py | 64 +++++++++++ .../helpers/test_dast_file_generator_tool.py | 103 ++++++++++++++++++ 5 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/helpers/test_dast_file_generator_tool.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py index 8bb26d20c..f55651561 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py @@ -12,7 +12,7 @@ def generate_file_from_tool(tool, result_list, rules_doc): result_two = result_list[1] file_name = "results.json" results_data = { - "check_type": "Dast scanning", + "check_type": "Api and Web Application", "results": { "failed_checks": list( map( diff --git a/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py b/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py index e69de29bb..e2ff90a55 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py @@ -0,0 +1,65 @@ +import unittest +from unittest.mock import MagicMock, patch +from devsecops_engine_tools.engine_dast.src.domain.model.config_tool import ( + ConfigTool) +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +class TestConfigTool(unittest.TestCase): + + def setUp(self): + self.mock_json_data = { + "NUCLEI": { + "VERSION": "1.0", + "EXCLUSIONS_PATH": "/path/to/exclusions", + "USE_EXTERNAL_CHECKS_GIT": True, + "EXTERNAL_CHECKS_GIT": "git@example.com:repo.git", + "EXTERNAL_GIT_SSH_HOST": "ssh.example.com", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "owner", + "EXTERNAL_DIR_REPOSITORY": "repository", + "EXTERNAL_DIR_ASSET_NAME": "asset_name", + "EXTERNAL_CHECKS_PATH": "/path/to/external/checks", + "MESSAGE_INFO_DAST": "info", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 5, + "Medium": 10, + "Low": 20}, + "COMPLIANCE": { + "Critical": 1 + } + + }, + "RULES": "rules_data_type" + } + } + self.tool = "NUCLEI" + self.config_tool = ConfigTool(self.mock_json_data, self.tool) + + def test_initialization(self): + self.assertEqual(self.config_tool.version, "1.0") + self.assertEqual(self.config_tool.exclusions_path, "/path/to/exclusions") + self.assertTrue(self.config_tool.use_external_checks_git) + self.assertEqual(self.config_tool.external_checks_git, "git@example.com:repo.git") + self.assertEqual(self.config_tool.repository_ssh_host, "ssh.example.com") + self.assertEqual(self.config_tool.repository_public_key_fp, "fingerprint") + self.assertEqual(self.config_tool.use_external_checks_dir, "True") + self.assertEqual(self.config_tool.external_dir_owner, "owner") + self.assertEqual(self.config_tool.external_dir_repository, "repository") + self.assertEqual(self.config_tool.external_asset_name, "asset_name") + self.assertEqual(self.config_tool.external_checks_save_path, "/path/to/external/checks") + self.assertEqual(self.config_tool.message_info_dast, "info") + self.assertIsInstance(self.config_tool.threshold, Threshold) + self.assertEqual(self.config_tool.threshold.vulnerability.critical, 1) + self.assertEqual(self.config_tool.threshold.vulnerability.high, 5) + self.assertEqual(self.config_tool.threshold.vulnerability.medium, 10) + self.assertEqual(self.config_tool.threshold.vulnerability.low, 20) + self.assertEqual(self.config_tool.rules_data_type, "rules_data_type") + self.assertEqual(self.config_tool.scope_pipeline, "") + self.assertIsNone(self.config_tool.exclusions) + self.assertIsNone(self.config_tool.exclusions_all) + self.assertIsNone(self.config_tool.exclusions_scope) + self.assertEqual(self.config_tool.rules_all, {}) diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py index e69de29bb..42b631c2c 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py @@ -0,0 +1,83 @@ +import unittest +from unittest.mock import Mock, patch, mock_open +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config import NucleiConfig + +class TestNucleiConfig(unittest.TestCase): + + def setUp(self): + self.target_config_api = Mock() + self.target_config_api.endpoint = "https://dummy.endpoint" + self.target_config_api.target_type = "api" + self.target_config_api.operations = [Mock(), Mock()] + + self.target_config_wa = Mock() + self.target_config_wa.endpoint = "https://dummy.endpoint" + self.target_config_wa.target_type = "wa" + self.target_config_wa.data = {"key": "value"} + + self.nuclei_api = NucleiConfig(self.target_config_api) + self.nuclei_wa = NucleiConfig(self.target_config_wa) + + def test_init_api(self): + self.assertEqual(self.nuclei_api.url, "https://dummy.endpoint") + self.assertEqual(self.nuclei_api.target_type, "api") + self.assertEqual(self.nuclei_api.data, self.target_config_api.operations) + + def test_init_wa(self): + self.assertEqual(self.nuclei_wa.url, "https://dummy.endpoint") + self.assertEqual(self.nuclei_wa.target_type, "wa") + self.assertEqual(self.nuclei_wa.data, self.target_config_wa.data) + + def test_init_invalid_target_type(self): + target_config_invalid = Mock() + target_config_invalid.target_type = "invalid" + with self.assertRaises(ValueError): + NucleiConfig(target_config_invalid) + + @patch('os.makedirs') + @patch('os.path.exists', return_value=False) + def test_process_templates_folder(self, mock_exists, mock_makedirs): + base_folder = "dummy_base_folder" + self.nuclei_api.custom_templates_dir = "dummy_custom_templates_dir" + + with patch('os.walk', return_value=[('root', [], ['file.yaml'])]), \ + patch('builtins.open', mock_open(read_data="https: {}")), \ + patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config.NucleiConfig.process_template_file') as mock_process_template_file: + + self.nuclei_api.process_templates_folder(base_folder) + mock_exists.assert_called_once_with(self.nuclei_api.custom_templates_dir) + mock_makedirs.assert_called_once_with(self.nuclei_api.custom_templates_dir) + + @patch('builtins.open', new_callable=mock_open, read_data="https: {}") + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config.YAML.load', + return_value={"https": [{}]}) + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config.YAML.dump') + def test_process_template_file(self, mock_dump, mock_load, mock_open): + base_folder = "dummy_base_folder" + dest_folder = "dummy_dest_folder" + template_name = "dummy_template.yaml" + new_template_data = { + "operation": { + "method": "GET", + "path": "/dummy_path", + "headers": {"Content-Type": "application/json"}, + "payload": {"key": "value"} + } + } + template_counter = 0 + + self.nuclei_api.process_template_file(base_folder, + dest_folder, + template_name, + new_template_data, + template_counter) + + mock_load.assert_called_once() + mock_dump.assert_called_once() + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_config.NucleiConfig.process_templates_folder') + def test_customize_templates(self, mock_process_templates_folder): + directory = "dummy_directory" + self.nuclei_api.customize_templates(directory) + self.assertEqual(self.nuclei_api.custom_templates_dir, "customized-nuclei-templates") + mock_process_templates_folder.assert_any_call(base_folder=directory) diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py index e69de29bb..262f2258a 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py @@ -0,0 +1,64 @@ +import unittest +from unittest.mock import Mock, patch, mock_open +from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool import ( + NucleiTool, + NucleiConfig, + ConfigTool) + +class TestNucleiTool(unittest.TestCase): + + def setUp(self): + self.target_config = Mock() + self.target_config.endpoint = "https://dummy.endpoint" + self.target_config.target_type = "api" + self.target_config.custom_templates_dir = "dummy_templates_dir" + self.target_config.output_file = "dummy_output_file.json" + + self.config_tool = { + "NUCLEI": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", + "EXTERNAL_GIT_SSH_HOST": "github.com", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "erOBYfNqltV9/hWCqBywI=", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "russbelln", + "EXTERNAL_DIR_REPOSITORY": "engine-dast-nuclei-templates", + "EXTERNAL_DIR_ASSET_NAME": "rules/engine_dast/nuclei", + "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", + "EXTERNAL_CHECKS_PATH": "/nuclei-templates", + "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/"}} + self.token = "dummy_token" + + self.nuclei_tool = NucleiTool(target_config=self.target_config) + + @patch('os.environ.get', return_value="true") + @patch('subprocess.run') + @patch('builtins.open', new_callable=mock_open, read_data='{"key": "value"}') + @patch('json.load', return_value={"key": "value"}) + def test_execute(self, mock_json_load, mock_open, mock_subprocess_run, mock_os_environ): + target_config = NucleiConfig(self.target_config) + result = self.nuclei_tool.execute(target_config) + + mock_subprocess_run.assert_called_once() + mock_open.assert_called_once_with(target_config.output_file, 'r') + mock_json_load.assert_called_once() + self.assertEqual(result, {"key": "value"}) + + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiConfig.customize_templates') + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiTool.configurate_external_checks', return_value="dummy_directory") + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiTool.execute', return_value={"key": "value"}) + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiDesealizator.get_list_finding', return_value=[Mock()]) + @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.generate_file_from_tool', return_value="dummy_path_file_results") + def test_run_tool(self, mock_generate_file, mock_get_list_finding, + mock_execute, mock_configurate_external_checks, + mock_customize_templates): + findings_list, path_file_results = self.nuclei_tool.run_tool(self.target_config, self.config_tool, self.token) + + mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token) + mock_customize_templates.assert_called_once_with("dummy_directory") + mock_execute.assert_called_once() + mock_get_list_finding.assert_called_once_with({"key": "value"}) + mock_generate_file.assert_called_once_with("NUCLEI", {"key": "value"}, self.config_tool) + + self.assertEqual(path_file_results, "dummy_path_file_results") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/helpers/test_dast_file_generator_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/helpers/test_dast_file_generator_tool.py new file mode 100644 index 000000000..024b83983 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/helpers/test_dast_file_generator_tool.py @@ -0,0 +1,103 @@ +import unittest +from unittest.mock import patch, mock_open +from devsecops_engine_tools.engine_dast.src.infrastructure.helpers.file_generator_tool import ( + generate_file_from_tool, + update_field) + +class TestGenerateFileFromTool(unittest.TestCase): + + @patch('builtins.open', new_callable=mock_open) + @patch('json.dump') + @patch('os.path.abspath', return_value='/absolute/path/results.json') + def test_generate_file_from_tool_nuclei(self, mock_abspath, mock_json_dump, mock_open): + tool = "nuclei" + result_list = [ + { + "results": { + "failed_checks": [{"check_id": "ID1", "severity": "high"}] + }, + "summary": { + "passed": 5, + "failed": 2, + "skipped": 1, + "parsing_errors": 0, + "resource_count": 10, + "checkov_version": "2.0.0" + } + }, + { + "results": { + "failed_checks": [{"check_id": "ID2", "severity": "medium"}] + }, + "summary": { + "passed": 3, + "failed": 1, + "skipped": 0, + "parsing_errors": 1, + "resource_count": 5, + "checkov_version": "2.0.0" + } + } + ] + rules_doc = { + "ID1": {"severity": "HIGH"}, + "ID2": {"severity": "MEDIUM"} + } + + expected_results_data = { + "check_type": "Api and Web Application", + "results": { + "failed_checks": [ + {"check_id": "ID1", "severity": "high"}, + {"check_id": "ID2", "severity": "medium"} + ] + }, + "summary": { + "passed": 8, + "failed": 3, + "skipped": 1, + "parsing_errors": 1, + "resource_count": 15, + "checkov_version": "2.0.0" + } + } + + result = generate_file_from_tool(tool, result_list, rules_doc) + + mock_open.assert_called_once_with('results.json', 'w') + mock_json_dump.assert_called_once() + mock_abspath.assert_called_once_with('results.json') + self.assertEqual(result, '/absolute/path/results.json') + + @patch('builtins.open', new_callable=mock_open) + @patch('json.dump') + def test_generate_file_from_tool_key_error(self, mock_json_dump, mock_open): + tool = "nuclei" + result_list = [ + { + "results": { + "failed_checks": [{"check_id": "ID1", "severity": "high"}] + }, + "summary": { + "passed": 5, + "failed": 2, + "skipped": 1, + "parsing_errors": 0, + "resource_count": 10, + "checkov_version": "2.0.0" + } + } + ] + rules_doc = {} # Missing keys + + result = generate_file_from_tool(tool, result_list, rules_doc) + self.assertIsNotNone(result) + + def test_update_field(self): + elem = {"field1": "value1", "field2": "value2"} + field = "field2" + new_value = "new_value" + expected = {"field1": "value1", "field2": "new_value"} + + result = update_field(elem, field, new_value) + self.assertEqual(result, expected) \ No newline at end of file From fce5ff04278b48edc13a3baef601d593e8801ee1 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 1 Aug 2024 10:22:15 -0500 Subject: [PATCH 015/441] Adjust changes PR --- .../src/applications/runner_dast_scan.py | 2 +- .../src/domain/model/api_operation.py | 2 +- .../src/domain/model/config_tool.py | 28 ++--- .../src/domain/usecases/dast_scan.py | 20 ++-- .../driven_adapters/jwt/jwt_object.py | 11 ++ .../driven_adapters/jwt/jwt_tool.py | 103 ++++++++---------- .../driven_adapters/nuclei/nuclei_tool.py | 3 +- 7 files changed, 85 insertions(+), 84 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index c1707a4ea..987252972 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -83,7 +83,7 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): tool_run = NucleiTool() if any((k.lower() == "jwt") for k in config_tool["ENGINE_DAST"]["EXTRA_TOOLS"]) and \ - any(isinstance(o.authentication_gateway, JwtObject) for o in data["operations"] ): + any(isinstance(operation.authentication_gateway, JwtObject) for operation in data["operations"] ): extra_tools.append(JwtTool(target_config)) return init_engine_dast( diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py index 41bd63e1b..9d938478c 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/api_operation.py @@ -7,4 +7,4 @@ def __init__(self, operation, authentication_gateway): def authenticate(self): self.credentials = self.authentication_gateway.get_credentials() if self.credentials is not None: - self.data["headers"][self.credentials[0]] = self.credentials[1] + self.data["operation"]["headers"][f'{self.credentials[0]}'] = f'{self.credentials[1]}' diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py index 935920024..ab2cb05a8 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/model/config_tool.py @@ -3,22 +3,18 @@ class ConfigTool: def __init__(self, json_data, tool): - self.version = json_data[tool]["VERSION"] - self.exclusions_path = json_data[tool]["EXCLUSIONS_PATH"] - self.use_external_checks_git = json_data[tool]["USE_EXTERNAL_CHECKS_GIT"] - self.external_checks_git = json_data[tool]["EXTERNAL_CHECKS_GIT"] - self.repository_ssh_host = json_data[tool]["EXTERNAL_GIT_SSH_HOST"] - self.repository_public_key_fp = json_data[tool][ - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT" - ] - self.use_external_checks_dir = json_data[tool]["USE_EXTERNAL_CHECKS_DIR"] - self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"] - self.external_dir_repository = json_data[tool]["EXTERNAL_DIR_REPOSITORY"] - self.external_asset_name = json_data[tool]["EXTERNAL_DIR_ASSET_NAME"] - self.external_checks_save_path = json_data[tool]["EXTERNAL_CHECKS_PATH"] - self.message_info_dast = json_data[tool]["MESSAGE_INFO_DAST"] - self.threshold = Threshold(json_data[tool]["THRESHOLD"]) - self.rules_data_type = json_data[tool]["RULES"] + self.version = json_data[tool].get("VERSION") + self.exclusions_path = json_data[tool].get("EXCLUSIONS_PATH") + self.use_external_checks_git = json_data[tool].get("USE_EXTERNAL_CHECKS_GIT") + self.external_checks_git = json_data[tool].get("EXTERNAL_CHECKS_GIT") + self.use_external_checks_dir = json_data[tool].get("USE_EXTERNAL_CHECKS_DIR") + self.external_dir_owner = json_data[tool].get("EXTERNAL_DIR_OWNER") + self.external_dir_repository = json_data[tool].get("EXTERNAL_DIR_REPOSITORY") + self.external_asset_name = json_data[tool].get("EXTERNAL_DIR_ASSET_NAME") + self.external_checks_save_path = json_data[tool].get("EXTERNAL_CHECKS_PATH") + self.rules_data_type = json_data[tool].get("RULES") + self.message_info_dast = json_data["MESSAGE_INFO_DAST"] + self.threshold = Threshold(json_data["THRESHOLD"]) self.scope_pipeline = "" self.exclusions = None self.exclusions_all = None diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py index d5a75ee4a..c8bc18f37 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py @@ -79,14 +79,20 @@ def process( config_tool=config_tool, token=dast_token, ) - #Here exceute other tools and append to finding list + #Here execute other tools and append to finding list if len(self.other_tools) > 0: - extra_finding_list = self.other_tools[0].run_tool( - target_data=data_target, - config_tool=config_tool - ) - if len(extra_finding_list) > 0: - finding_list.extend(extra_finding_list) + for i in range(len(self.other_tools)): + extra_config_tool, data_target = self.complete_config_tool( + data_file_tool=init_config_tool, + exclusions=exclusions, + tool=self.other_tools[i].TOOL + ) + extra_finding_list = self.other_tools[i].run_tool( + target_data=data_target, + config_tool=extra_config_tool + ) + if len(extra_finding_list) > 0: + finding_list.extend(extra_finding_list) totalized_exclusions = [] ( diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py index d787c5d27..71e037748 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_object.py @@ -13,6 +13,7 @@ class JwtObject(AuthenticationGateway): def __init__(self, security_auth: dict): + self.type = "jwt" self.private_key: str = security_auth.get("jwt_private_key") self.algorithm: str = security_auth.get("jwt_algorithm") self.iss: str = security_auth.get("jwt_iss") @@ -25,6 +26,8 @@ def __init__(self, security_auth: dict): self.header: dict = {} self.jwt_token: str = "" self.header_name: str = security_auth.get("jwt_header_name") + self.init_header() + self.init_payload() def init_header(self) -> None: self.header: dict = {"alg": self.algorithm} @@ -41,6 +44,14 @@ def init_payload(self) -> dict: return self.payload def get_credentials(self) -> tuple: + """ + Generates JWT using a file with the configuration + + Returns: + + tuple: header and jwt + + """ self.private_key = ( self.private_key.replace(" ", "\n") .replace("-----BEGIN\nPRIVATE\nKEY-----", "-----BEGIN PRIVATE KEY-----") diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py index c9b864953..3222ceb7a 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py @@ -29,72 +29,52 @@ def __init__(self, target_config): def verify_jwt_alg(self, token): "Evaluate JSON Web token's algorithm" - check_id = "ENGINE_JWT_001" - is_vulnerable = False + map_id = "JWT_ALGORITHM" alg = jwt.get_unverified_header(token)["alg"] - if alg in self.BAD_JWT_ALG: - is_vulnerable = True - - return { - "check-id": check_id, - "cvss": "", - "matched-at": "", - "description": "msg", - "severity": "", - "remediation": "" - } + if alg in self.BAD_JWT_ALG: #Is vulnerable + return { + "map_id": map_id, + "description": "msg" + } def verify_jws_alg(self, token): """Evaluate JSON Web signature's algorithm""" - check_id = "ENGINE_JWT_002" - is_vulnerable = False + map_id = "JWS_ALGORITHM" alg = jwt.get_unverified_header(token)["alg"] - if alg in self.BAD_JWS_ALG: - is_vulnerable = True - - return { - "check-id": check_id, - "cvss": "", - "matched-at": "", - "description": "msg", - "severity": "", - "remediation": "" - } + if alg in self.BAD_JWS_ALG:#Is vulnerable + return { + "map_id": map_id, + "description": "msg" + } def verify_jwe(self, token): """Evaluate JSON Web encryption's algorithm""" - check_id = "ENGINE_JWT_003" + map_id = "JWE_ALGORITHM" msg = "" - is_vulnerable = True enc = jwt.get_unverified_header(token)["enc"] alg = jwt.get_unverified_header(token)["alg"] if enc in self.GOOD_JWE_ENC: - if alg in self.GOOD_JWE_ALG: - is_vulnerable = False - msg = "Algoritmo: " + alg + " | Cifrado: " + enc + if alg in self.GOOD_JWE_ALG:# Is not vulnerable + return else: - msg = "Algoritmo: " + alg + msg = "Algorithm: " + alg else: - msg = "Cifrado: " + enc + msg = "Encryption: " + enc return { - "check-id": check_id, - "cvss": "", - "matched-at": "", - "description": msg, - "severity": "", - "remediation": "" + "map_id": map_id, + "description": msg } - - def check_token(self, token): + + def check_token(self, token, jwt_details, config_tool): "Verify if token is JWT, JWS or JWE" - hed = jwt.get_unverified_header() + hed = jwt.get_unverified_header(token) if "enc" in hed.keys(): result = self.verify_jwe(token) @@ -103,23 +83,32 @@ def check_token(self, token): else: result = self.verify_jws_alg(token) - return result - + if result: + mapped_result = { + "check_id": config_tool.rules_data_type[result["map_id"]]["checkID"], + "cvss": config_tool["RULES"][result["map_id"]]["cvss"], + "matched-at": jwt_details["path"], + "description": result["msg"], + "severity": config_tool["RULES"][result["map_id"]]["severity"], + "remediation": result["remediation"] + } + return mapped_result + return None def configure_tool(self, target_data): """Method for create all tokens""" jwt_list = [] for operation in target_data.operations: - if operation.authentication_gateway["type"].lower() == "jwt": + if operation.authentication_gateway.type.lower() == "jwt": jwt_list.append(operation) return jwt_list - def execute(self, jwt_config): + def execute(self, jwt_config, config_tool): result_scans = [] if len(jwt_config) > 0: for jwt_operation in jwt_config: - token = jwt_operation.authenticate() - result = self.check_token(token) - result_scans.append(result) + result = self.check_token(jwt_operation.credentials[1], jwt_operation.data["operation"], config_tool) + if result: + result_scans.append(result) return result_scans def get_list_finding( @@ -146,11 +135,11 @@ def get_list_finding( def run_tool(self, target_data, config_tool): jwt_config = self.configure_tool(target_data) - result_scans = self.execute(jwt_config) - finding_list = self.deserialize_results(result_scans) - path_file_results = generate_file_from_tool( - self.TOOL, result_scans, config_tool - ) - return finding_list, path_file_results - - + result_scans = self.execute(jwt_config, config_tool) + if result_scans: + finding_list = self.deserialize_results(result_scans) + path_file_results = generate_file_from_tool( + self.TOOL, result_scans, config_tool + ) + return finding_list + return [] \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py index a79f70bce..b1be0c122 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py @@ -80,7 +80,7 @@ def execute(self, target_config: NucleiConfig) -> dict: def run_tool(self, target_data, config_tool, token): nuclei_config = NucleiConfig(target_data) - checks_directory = self.configurate_external_checks(config_tool, token) #DATA PDN + checks_directory = self.configurate_external_checks(config_tool, token, ".") #DATA PDN nuclei_config.customize_templates(checks_directory) result_scans = self.execute(nuclei_config) nuclei_deserealizator = NucleiDesealizator() @@ -88,5 +88,4 @@ def run_tool(self, target_data, config_tool, token): path_file_results = generate_file_from_tool( self.TOOL, result_scans, config_tool ) - return findings_list, path_file_results From ecc5a25439d08d7fcbec1a6e284eee7fd1effa9d Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 1 Aug 2024 10:30:59 -0500 Subject: [PATCH 016/441] update PR --- .../engine_core/ConfigTool.json | 92 +-- .../engine_container/ConfigTool.json | 46 +- .../engine_dependencies/ConfigTool.json | 42 +- .../src/applications/runner_engine_core.py | 296 +++---- .../src/domain/usecases/break_build.py | 754 +++++++++--------- .../src/domain/usecases/handle_scan.py | 324 ++++---- .../driven_adapters/aws/s3_manager.py | 104 +-- .../defect_dojo/defect_dojo.py | 542 ++++++------- .../driven_adapters/github/github_actions.py | 194 ++--- .../printer_pretty_table.py | 228 +++--- .../applications/test_runner_engine_core.py | 256 +++--- .../test/domain/usecases/test_handle_scan.py | 530 ++++++------ .../driven_adapters/aws/test_s3_manager.py | 100 +-- .../github/test_github_actions.py | 210 ++--- .../helpers/file_generator_tool.py | 6 +- .../src/domain/usecases/handle_filters.py | 36 +- .../domain/usecases/test_handle_filters.py | 92 +-- .../src/applications/runner_iac_scan.py | 86 +- .../src/domain/model/config_tool.py | 68 +- .../src/domain/model/gateways/tool_gateway.py | 12 +- .../src/domain/usecases/iac_scan.py | 278 +++---- .../checkov/checkov_deserealizator.py | 68 +- .../driven_adapters/checkov/checkov_tool.py | 376 ++++----- .../kics/kics_deserealizator.py | 114 +-- .../driven_adapters/kics/kics_tool.py | 280 +++---- .../kubescape/kubescape_deserealizator.py | 150 ++-- .../kubescape/kubescape_tool.py | 246 +++--- .../helpers/file_generator_tool.py | 148 ++-- .../test/applications/test_runner_iac_scan.py | 226 +++--- .../test/domain/usecases/test_iac_scan.py | 324 ++++---- .../checkov/test_checkov_deserealizator.py | 264 +++--- .../checkov/test_checkov_tool.py | 536 ++++++------- .../kics/test_kics_deserealizator.py | 310 +++---- .../driven_adapters/kics/test_kics_tool.py | 602 +++++++------- .../test_kubescape_deserealizator.py | 238 +++--- .../kubescape/test_kubescape_tool.py | 540 ++++++------- .../helpers/test_file_generator_tool.py | 474 +++++------ .../src/domain/usecases/set_input_core.py | 148 ++-- .../driven_adapters/git_cli/git_run.py | 118 +-- .../test/domain/usecases/test_secret_scan.py | 438 +++++----- .../driven_adapters/git_cli/test_git_run.py | 216 ++--- .../test_trufflehog_deserealizator.py | 162 ++-- .../trufflehog/test_trufflehog_run.py | 202 ++--- .../entry_points/test_entry_point_tool.py | 140 ++-- .../usecases/handle_remote_config_patterns.py | 64 +- .../src/domain/usecases/set_input_core.py | 104 +-- .../driven_adapters/docker/docker_images.py | 58 +- .../prisma_cloud/prisma_deserialize_output.py | 128 +-- .../trivy_tool/trivy_deserialize_output.py | 126 +-- .../trivy_tool/trivy_manager_scan.py | 212 ++--- .../test_runner_container_scan.py | 36 +- .../usescases/test_container_sca_scan.py | 220 ++--- .../test_handle_remote_config_patterns.py | 76 +- .../domain/usescases/test_set_input_core.py | 240 +++--- .../test_prisma_cloud_manager_scan.py | 288 +++---- .../trivy_tool/test_trivy_manager_scan.py | 332 ++++---- .../entry_points/test_entry_point_tool.py | 264 +++--- .../src/domain/model/gateways/tool_gateway.py | 18 +- .../domain/usecases/dependencies_sca_scan.py | 88 +- .../src/domain/usecases/find_artifacts.py | 200 ++--- .../usecases/handle_remote_config_patterns.py | 150 ++-- .../src/domain/usecases/set_input_core.py | 130 +-- .../xray_tool/xray_manager_scan.py | 300 +++---- .../entry_points/entry_point_tool.py | 146 ++-- .../usecases/test_dependencies_sca_scan.py | 176 ++-- .../domain/usecases/test_find_artifacts.py | 286 +++---- .../test_handle_remote_config_patterns.py | 260 +++--- .../xray_tool/test_xray_manager_scan.py | 662 +++++++-------- .../entry_points/test_entry_point_tool.py | 74 +- .../github/infrastructure/github_api.py | 136 ++-- .../models/GithubPredefinedVariables.py | 112 +-- .../github/infrastructure/test_github_api.py | 228 +++--- tools/devsecops_engine_tools/version.py | 2 +- 73 files changed, 7866 insertions(+), 7866 deletions(-) diff --git a/example_remote_config_local/engine_core/ConfigTool.json b/example_remote_config_local/engine_core/ConfigTool.json index 5b28a436c..e6a20ae7a 100644 --- a/example_remote_config_local/engine_core/ConfigTool.json +++ b/example_remote_config_local/engine_core/ConfigTool.json @@ -1,47 +1,47 @@ -{ - "BANNER": "DevSecOps Engine Tools", - "SECRET_MANAGER": { - "AWS": { - "SECRET_NAME": "", - "ROLE_ARN": "", - "REGION_NAME": "" - } - }, - "VULNERABILITY_MANAGER": { - "BRANCH_FILTER": "", - "DEFECT_DOJO": { - "CMDB_MAPPING_PATH": "", - "HOST_CMDB": "", - "HOST_DEFECT_DOJO": "", - "REGEX_EXPRESSION_CMDB": "", - "LIMITS_QUERY": 100 - } - }, - "METRICS_MANAGER": { - "AWS": { - "BUCKET": "", - "ROLE_ARN": "", - "REGION_NAME": "" - } - }, - "ENGINE_IAC": { - "ENABLED": "true", - "TOOL": "CHECKOV|KUBESCAPE|KICS" - }, - "ENGINE_CONTAINER": { - "ENABLED": "true", - "TOOL": "PRISMA|SNYK" - }, - "ENGINE_DAST": { - "ENABLED": "true", - "TOOL": "NUCLEI" - }, - "ENGINE_SECRET": { - "ENABLED": "true", - "TOOL": "TRUFFLEHOG" - }, - "ENGINE_DEPENDENCIES": { - "ENABLED": "true", - "TOOL": "XRAY" - } +{ + "BANNER": "DevSecOps Engine Tools", + "SECRET_MANAGER": { + "AWS": { + "SECRET_NAME": "", + "ROLE_ARN": "", + "REGION_NAME": "" + } + }, + "VULNERABILITY_MANAGER": { + "BRANCH_FILTER": "", + "DEFECT_DOJO": { + "CMDB_MAPPING_PATH": "", + "HOST_CMDB": "", + "HOST_DEFECT_DOJO": "", + "REGEX_EXPRESSION_CMDB": "", + "LIMITS_QUERY": 100 + } + }, + "METRICS_MANAGER": { + "AWS": { + "BUCKET": "", + "ROLE_ARN": "", + "REGION_NAME": "" + } + }, + "ENGINE_IAC": { + "ENABLED": "true", + "TOOL": "CHECKOV|KUBESCAPE|KICS" + }, + "ENGINE_CONTAINER": { + "ENABLED": "true", + "TOOL": "PRISMA|SNYK" + }, + "ENGINE_DAST": { + "ENABLED": "true", + "TOOL": "NUCLEI" + }, + "ENGINE_SECRET": { + "ENABLED": "true", + "TOOL": "TRUFFLEHOG" + }, + "ENGINE_DEPENDENCIES": { + "ENABLED": "true", + "TOOL": "XRAY" + } } \ No newline at end of file diff --git a/example_remote_config_local/engine_sca/engine_container/ConfigTool.json b/example_remote_config_local/engine_sca/engine_container/ConfigTool.json index baa5f4cdc..b34079af1 100644 --- a/example_remote_config_local/engine_sca/engine_container/ConfigTool.json +++ b/example_remote_config_local/engine_sca/engine_container/ConfigTool.json @@ -1,24 +1,24 @@ -{ - "PRISMA_CLOUD": { - "TWISTCLI_PATH": "twistcli", - "PRISMA_CONSOLE_URL": "", - "PRISMA_ACCESS_KEY": "", - "PRISMA_API_VERSION":"" - }, - "TRIVY": { - "TRIVY_VERSION": "0.51.4" - }, - "MESSAGE_INFO_ENGINE_CONTAINER": "message custom", - "IGNORE_SEARCH_PATTERN":"(.*_demo0|.*_cer)", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 4, - "High": 10, - "Medium": 20, - "Low": 999 - }, - "COMPLIANCE": { - "Critical": 1 - } - } +{ + "PRISMA_CLOUD": { + "TWISTCLI_PATH": "twistcli", + "PRISMA_CONSOLE_URL": "", + "PRISMA_ACCESS_KEY": "", + "PRISMA_API_VERSION":"" + }, + "TRIVY": { + "TRIVY_VERSION": "0.51.4" + }, + "MESSAGE_INFO_ENGINE_CONTAINER": "message custom", + "IGNORE_SEARCH_PATTERN":"(.*_demo0|.*_cer)", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 4, + "High": 10, + "Medium": 20, + "Low": 999 + }, + "COMPLIANCE": { + "Critical": 1 + } + } } \ No newline at end of file diff --git a/example_remote_config_local/engine_sca/engine_dependencies/ConfigTool.json b/example_remote_config_local/engine_sca/engine_dependencies/ConfigTool.json index 34468516f..b4ce6ac15 100644 --- a/example_remote_config_local/engine_sca/engine_dependencies/ConfigTool.json +++ b/example_remote_config_local/engine_sca/engine_dependencies/ConfigTool.json @@ -1,22 +1,22 @@ -{ - "XRAY": { - "CLI_VERSION": "2.52.8" - }, - "IGNORE_ANALYSIS_PATTERN": "(.*_test)", - "BYPASS_ARCHIVE_LIMITS": "(repository)", - "REGEX_EXPRESSION_EXTENSIONS": "\\.(jar|ear|war)$", - "PACKAGES_TO_SCAN": ["node_modules", "site-packages"], - "MESSAGE_INFO_ENGINE_DEPENDENCIES": "message custom", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 3, - "High": 5, - "Medium": 10, - "Low": 15 - }, - "COMPLIANCE": { - "Critical": 1 - }, - "CVE": ["CVE-123123"] - } +{ + "XRAY": { + "CLI_VERSION": "2.52.8" + }, + "IGNORE_ANALYSIS_PATTERN": "(.*_test)", + "BYPASS_ARCHIVE_LIMITS": "(repository)", + "REGEX_EXPRESSION_EXTENSIONS": "\\.(jar|ear|war)$", + "PACKAGES_TO_SCAN": ["node_modules", "site-packages"], + "MESSAGE_INFO_ENGINE_DEPENDENCIES": "message custom", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 3, + "High": 5, + "Medium": 10, + "Low": 15 + }, + "COMPLIANCE": { + "Critical": 1 + }, + "CVE": ["CVE-123123"] + } } \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py b/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py index 9d51a85b0..dc8f93e56 100644 --- a/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +++ b/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py @@ -1,148 +1,148 @@ -from devsecops_engine_tools.engine_core.src.infrastructure.entry_points.entry_point_core import ( - init_engine_core, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo import ( - DefectDojoPlatform, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.secrets_manager import ( - SecretsManager, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.azure.azure_devops import ( - AzureDevops, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import ( - GithubActions, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.runtime_local.runtime_local import ( - RuntimeLocal, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import ( - S3Manager, -) -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.printer_pretty_table.printer_pretty_table import ( - PrinterPrettyTable, -) -import sys -import argparse -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings -from devsecops_engine_tools.version import version - - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - -def parse_separated_list(value, choices): - values = value.split(',') - # Validar cada elemento de la lista - for val in values: - if val not in choices: - raise argparse.ArgumentTypeError(f"Invalid value: {val}. Valid values are: {', '.join(choices)}") - - return values - -def parse_choices(choices): - def parse_with_choices(value): - return parse_separated_list(value, choices) - return parse_with_choices - -def get_inputs_from_cli(args): - parser = argparse.ArgumentParser() - parser.add_argument("-v", "--version", action='version', version='{version}'.format(version=version)) - parser.add_argument("-pd", "--platform_devops", choices=["azure", "github", "local"], type=str, required=True, help="Platform where is executed") - parser.add_argument("-rcf" ,"--remote_config_repo", type=str, required=True, help="Name or Folder Path of Config Repo") - parser.add_argument("-t", - "--tool", - choices=[ - "engine_iac", - "engine_dast", - "engine_secret", - "engine_dependencies", - "engine_container", - "engine_risk", - ], - type=str, - required=True, - help="Tool to execute", - ) - parser.add_argument("-fp", "--folder_path", type=str, required=False, help="Folder Path to scan, only apply engine_iac tool") - parser.add_argument("-p", - "--platform", type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi"}), required=False, default="all" ,help="Platform to scan, only apply engine_iac tool" - ) - parser.add_argument( - "--use_secrets_manager", - choices=["true", "false"], - type=str, - required=False, - help="Use Secrets Manager to get the tokens", - ) - parser.add_argument( - "--use_vulnerability_management", - choices=["true", "false"], - type=str, - required=False, - help="Use Vulnerability Management to send the vulnerabilities to the platform", - ) - parser.add_argument( - "--send_metrics", - choices=["true", "false"], - type=str, - required=False, - help="Enable or Disable the send metrics to the driven adapter metrics", - ) - parser.add_argument("--token_cmdb", required=False, help="Token to connect to the CMDB") - parser.add_argument("--token_vulnerability_management", required=False, help="Token to connect to the Vulnerability Management") - parser.add_argument("--token_engine_container", required=False, help="Token to execute engine_container if is necessary") - parser.add_argument("--token_engine_dependencies", required=False, help="Token to execute engine_dependencies if is necessary. If using xray as engine_dependencies tool, the token is the base64 of artifactory server config.") - parser.add_argument("--dast_file_path", required=False, help="Engine DAST path file") - args = parser.parse_args() - return { - "platform_devops": args.platform_devops, - "remote_config_repo": args.remote_config_repo, - "tool": args.tool, - "folder_path": args.folder_path, - "platform": args.platform, - "use_secrets_manager": args.use_secrets_manager, - "use_vulnerability_management": args.use_vulnerability_management, - "send_metrics": args.send_metrics, - "token_cmdb": args.token_cmdb, - "token_vulnerability_management": args.token_vulnerability_management, - "token_engine_container": args.token_engine_container, - "token_engine_dependencies": args.token_engine_dependencies, - "dast_file_path": args.dast_file_path - } - -def application_core(): - try: - # Get inputs from CLI - args = get_inputs_from_cli(sys.argv[1:]) - - # Define driven adapters for gateways - vulnerability_management_gateway = DefectDojoPlatform() - secrets_manager_gateway = SecretsManager() - devops_platform_gateway = { - "azure": AzureDevops(), - "github": GithubActions(), - "local": RuntimeLocal() - }.get(args["platform_devops"]) - printer_table_gateway = PrinterPrettyTable() - metrics_manager_gateway = S3Manager() - - init_engine_core( - vulnerability_management_gateway, - secrets_manager_gateway, - devops_platform_gateway, - printer_table_gateway, - metrics_manager_gateway, - args - ) - except Exception as e: - logger.error("Error engine_core: {0} ".format(str(e))) - print( - devops_platform_gateway.message( - "error", "Error engine_core: {0} ".format(str(e)) - ) - ) - print(devops_platform_gateway.result_pipeline("failed")) - -if __name__ == "__main__": - application_core() +from devsecops_engine_tools.engine_core.src.infrastructure.entry_points.entry_point_core import ( + init_engine_core, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo import ( + DefectDojoPlatform, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.secrets_manager import ( + SecretsManager, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.azure.azure_devops import ( + AzureDevops, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import ( + GithubActions, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.runtime_local.runtime_local import ( + RuntimeLocal, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import ( + S3Manager, +) +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.printer_pretty_table.printer_pretty_table import ( + PrinterPrettyTable, +) +import sys +import argparse +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings +from devsecops_engine_tools.version import version + + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + +def parse_separated_list(value, choices): + values = value.split(',') + # Validar cada elemento de la lista + for val in values: + if val not in choices: + raise argparse.ArgumentTypeError(f"Invalid value: {val}. Valid values are: {', '.join(choices)}") + + return values + +def parse_choices(choices): + def parse_with_choices(value): + return parse_separated_list(value, choices) + return parse_with_choices + +def get_inputs_from_cli(args): + parser = argparse.ArgumentParser() + parser.add_argument("-v", "--version", action='version', version='{version}'.format(version=version)) + parser.add_argument("-pd", "--platform_devops", choices=["azure", "github", "local"], type=str, required=True, help="Platform where is executed") + parser.add_argument("-rcf" ,"--remote_config_repo", type=str, required=True, help="Name or Folder Path of Config Repo") + parser.add_argument("-t", + "--tool", + choices=[ + "engine_iac", + "engine_dast", + "engine_secret", + "engine_dependencies", + "engine_container", + "engine_risk", + ], + type=str, + required=True, + help="Tool to execute", + ) + parser.add_argument("-fp", "--folder_path", type=str, required=False, help="Folder Path to scan, only apply engine_iac tool") + parser.add_argument("-p", + "--platform", type=parse_choices({"all", "docker", "k8s", "cloudformation", "openapi"}), required=False, default="all" ,help="Platform to scan, only apply engine_iac tool" + ) + parser.add_argument( + "--use_secrets_manager", + choices=["true", "false"], + type=str, + required=False, + help="Use Secrets Manager to get the tokens", + ) + parser.add_argument( + "--use_vulnerability_management", + choices=["true", "false"], + type=str, + required=False, + help="Use Vulnerability Management to send the vulnerabilities to the platform", + ) + parser.add_argument( + "--send_metrics", + choices=["true", "false"], + type=str, + required=False, + help="Enable or Disable the send metrics to the driven adapter metrics", + ) + parser.add_argument("--token_cmdb", required=False, help="Token to connect to the CMDB") + parser.add_argument("--token_vulnerability_management", required=False, help="Token to connect to the Vulnerability Management") + parser.add_argument("--token_engine_container", required=False, help="Token to execute engine_container if is necessary") + parser.add_argument("--token_engine_dependencies", required=False, help="Token to execute engine_dependencies if is necessary. If using xray as engine_dependencies tool, the token is the base64 of artifactory server config.") + parser.add_argument("--dast_file_path", required=False, help="Engine DAST path file") + args = parser.parse_args() + return { + "platform_devops": args.platform_devops, + "remote_config_repo": args.remote_config_repo, + "tool": args.tool, + "folder_path": args.folder_path, + "platform": args.platform, + "use_secrets_manager": args.use_secrets_manager, + "use_vulnerability_management": args.use_vulnerability_management, + "send_metrics": args.send_metrics, + "token_cmdb": args.token_cmdb, + "token_vulnerability_management": args.token_vulnerability_management, + "token_engine_container": args.token_engine_container, + "token_engine_dependencies": args.token_engine_dependencies, + "dast_file_path": args.dast_file_path + } + +def application_core(): + try: + # Get inputs from CLI + args = get_inputs_from_cli(sys.argv[1:]) + + # Define driven adapters for gateways + vulnerability_management_gateway = DefectDojoPlatform() + secrets_manager_gateway = SecretsManager() + devops_platform_gateway = { + "azure": AzureDevops(), + "github": GithubActions(), + "local": RuntimeLocal() + }.get(args["platform_devops"]) + printer_table_gateway = PrinterPrettyTable() + metrics_manager_gateway = S3Manager() + + init_engine_core( + vulnerability_management_gateway, + secrets_manager_gateway, + devops_platform_gateway, + printer_table_gateway, + metrics_manager_gateway, + args + ) + except Exception as e: + logger.error("Error engine_core: {0} ".format(str(e))) + print( + devops_platform_gateway.message( + "error", "Error engine_core: {0} ".format(str(e)) + ) + ) + print(devops_platform_gateway.result_pipeline("failed")) + +if __name__ == "__main__": + application_core() diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py index 47f6509b0..e9a804c0b 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py @@ -1,378 +1,378 @@ -from dataclasses import dataclass -from functools import reduce - -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, - Category, -) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.gateway.printer_table_gateway import ( - PrinterTableGateway, -) - -from collections import Counter -from datetime import timedelta, datetime -import pytz - - -@dataclass -class BreakBuild: - def __init__( - self, - devops_platform_gateway: DevopsPlatformGateway, - printer_table_gateway: PrinterTableGateway, - ): - self.devops_platform_gateway = devops_platform_gateway - self.printer_table_gateway = printer_table_gateway - - def _apply_policie_exception_new_vulnerability_industry( - self, findings_list: "list[Finding]", exclusions: "list[Exclusions]", args: any - ): - if args["tool"] in ["engine_container", "engine_dependencies"]: - date_actual = datetime.now(pytz.utc) - for item in findings_list: - if item.published_date_cve: - date_initial = datetime.fromisoformat(item.published_date_cve) - date_final = date_initial + timedelta(days=5) - if date_initial <= date_actual <= date_final: - exclusions.append( - Exclusions( - **{ - "id": item.id, - "where": "all", - "create_date": date_initial.strftime("%d%m%Y"), - "expired_date": date_final.strftime("%d%m%Y"), - "reason": "New vulnerability in the industry", - } - ) - ) - - def process(self, findings_list: "list[Finding]", input_core: InputCore, args: any): - devops_platform_gateway = self.devops_platform_gateway - printer_table_gateway = self.printer_table_gateway - threshold = input_core.threshold_defined - exclusions = input_core.totalized_exclusions - custom_message = input_core.custom_message_break_build - - scan_result = { - "findings_excluded": [], - "vulnerabilities": {}, - "compliances": {}, - } - - if len(findings_list) != 0: - self._apply_policie_exception_new_vulnerability_industry( - findings_list, exclusions, args - ) - - findings_excluded_list = list( - filter( - lambda item: any( - exclusion.id == item.id - and (exclusion.where in item.where or "all" in exclusion.where) - for exclusion in exclusions - ), - findings_list, - ) - ) - - scan_result["findings_excluded"] = list( - map( - lambda item: { - "id": item.id, - "severity": item.severity, - "category": item.category.value, - }, - findings_excluded_list, - ) - ) - - findings_without_exclusions_list = list( - filter( - lambda v: v not in findings_excluded_list, - findings_list, - ) - ) - - vulnerabilities_without_exclusions_list = list( - filter( - lambda v: v.category == Category.VULNERABILITY, - findings_without_exclusions_list, - ) - ) - - compliances_without_exclusions_list = list( - filter( - lambda v: v.category == Category.COMPLIANCE, - findings_without_exclusions_list, - ) - ) - - vulnerabilities_critical = reduce( - lambda count, vulnerability: ( - count + 1 if vulnerability.severity == "critical" else count - ), - vulnerabilities_without_exclusions_list, - 0, - ) - vulnerabilities_high = reduce( - lambda count, vulnerability: ( - count + 1 if vulnerability.severity == "high" else count - ), - vulnerabilities_without_exclusions_list, - 0, - ) - vulnerabilities_medium = reduce( - lambda count, vulnerability: ( - count + 1 if vulnerability.severity == "medium" else count - ), - vulnerabilities_without_exclusions_list, - 0, - ) - vulnerabilities_low = reduce( - lambda count, vulnerability: ( - count + 1 if vulnerability.severity == "low" else count - ), - vulnerabilities_without_exclusions_list, - 0, - ) - vulnerabilities_unknown = reduce( - lambda count, vulnerability: ( - count + 1 if vulnerability.severity == "unknown" else count - ), - vulnerabilities_without_exclusions_list, - 0, - ) - - compliance_critical = reduce( - lambda count, compliance: ( - count + 1 if compliance.severity == "critical" else count - ), - compliances_without_exclusions_list, - 0, - ) - print() - if ( - sum( - [ - vulnerabilities_critical, - vulnerabilities_high, - vulnerabilities_medium, - vulnerabilities_low, - ] - ) - == 0 - ): - print( - devops_platform_gateway.message( - "succeeded", "There are no vulnerabilities" - ) - ) - print(devops_platform_gateway.result_pipeline("succeeded")) - elif ( - vulnerabilities_critical >= threshold.vulnerability.critical - or vulnerabilities_high >= threshold.vulnerability.high - or vulnerabilities_medium >= threshold.vulnerability.medium - or vulnerabilities_low >= threshold.vulnerability.low - ): - print("Below are all vulnerabilities detected.") - printer_table_gateway.print_table_findings( - vulnerabilities_without_exclusions_list - ) - print( - devops_platform_gateway.message( - "error", - "Security count issues (critical: {0}, high: {1}, medium: {2}, low: {3}) is greater than or equal to failure criteria (critical: {4}, high: {5}, medium: {6}, low:{7}, operator: or)".format( - vulnerabilities_critical, - vulnerabilities_high, - vulnerabilities_medium, - vulnerabilities_low, - threshold.vulnerability.critical, - threshold.vulnerability.high, - threshold.vulnerability.medium, - threshold.vulnerability.low, - ), - ) - ) - print(devops_platform_gateway.result_pipeline("failed")) - - scan_result["vulnerabilities"] = { - "threshold": { - "critical": vulnerabilities_critical, - "high": vulnerabilities_high, - "medium": vulnerabilities_medium, - "low": vulnerabilities_low, - }, - "status": "failed", - "found": list( - map( - lambda item: { - "id": item.id, - "severity": item.severity, - }, - vulnerabilities_without_exclusions_list, - ) - ), - } - else: - print("Below are all vulnerabilities detected.") - printer_table_gateway.print_table_findings( - vulnerabilities_without_exclusions_list - ) - print( - devops_platform_gateway.message( - "warning", - "Security count issues (critical: {0}, high: {1}, medium: {2}, low: {3}) is not greater than or equal to failure criteria (critical: {4}, high: {5}, medium: {6}, low:{7}, operator: or)".format( - vulnerabilities_critical, - vulnerabilities_high, - vulnerabilities_medium, - vulnerabilities_low, - threshold.vulnerability.critical, - threshold.vulnerability.high, - threshold.vulnerability.medium, - threshold.vulnerability.low, - ), - ) - ) - - if devops_platform_gateway.get_variable("stage") == "build": - print(devops_platform_gateway.result_pipeline("succeeded_with_issues")) - else: - print(devops_platform_gateway.result_pipeline("succeeded")) - - scan_result["vulnerabilities"] = { - "threshold": { - "critical": vulnerabilities_critical, - "high": vulnerabilities_high, - "medium": vulnerabilities_medium, - "low": vulnerabilities_low, - }, - "status": "succeeded", - "found": list( - map( - lambda item: { - "id": item.id, - "severity": item.severity, - }, - vulnerabilities_without_exclusions_list, - ) - ), - } - - ids_vulnerabilitites = list( - map(lambda x: x.id, vulnerabilities_without_exclusions_list) - ) - ids_match = list(filter(lambda x: x in ids_vulnerabilitites, threshold.cve)) - if len(ids_match) > 0: - print( - devops_platform_gateway.message( - "error", - "Scan Failed due to vulnerability policy violations: CVEs Vulnerabilities: {0}".format( - ",".join(ids_match) - ), - ) - ) - print(devops_platform_gateway.result_pipeline("failed")) - - print() - if len(compliances_without_exclusions_list) > 0: - print("Below are all compliances issues detected.") - printer_table_gateway.print_table_findings( - compliances_without_exclusions_list - ) - status = "succeeded" - if compliance_critical >= threshold.compliance.critical: - print( - devops_platform_gateway.message( - "error", - "Compliance issues count (critical: {0}) is greater than or equal to failure criteria (critical: {1})".format( - compliance_critical, threshold.compliance.critical - ), - ) - ) - print(devops_platform_gateway.result_pipeline("failed")) - status = "failed" - else: - if devops_platform_gateway.get_variable("stage") == "build": - print(devops_platform_gateway.result_pipeline("succeeded_with_issues")) - scan_result["compliances"] = { - "threshold": {"critical": compliance_critical}, - "status": status, - "found": list( - map( - lambda item: { - "id": item.id, - "severity": item.severity, - }, - compliances_without_exclusions_list, - ) - ), - } - else: - print( - devops_platform_gateway.message( - "succeeded", "There are no compliances issues" - ) - ) - print(devops_platform_gateway.result_pipeline("succeeded")) - print() - if len(findings_excluded_list) > 0: - exclusions_list = list( - map( - lambda item: { - "severity": item.severity, - "id": item.id, - "where": item.where, - "create_date": next( - ( - elem.create_date - for elem in exclusions - if elem.id == item.id - ), - None, - ), - "expired_date": next( - ( - elem.expired_date - for elem in exclusions - if elem.id == item.id - ), - None, - ), - "reason": next( - ( - elem.reason - for elem in exclusions - if elem.id == item.id - ), - None, - ), - }, - findings_excluded_list, - ) - ) - print( - devops_platform_gateway.message( - "warning", "Bellow are all findings that were excepted." - ) - ) - printer_table_gateway.print_table_exclusions(exclusions_list) - for reason, total in Counter( - map(lambda x: x["reason"], exclusions_list) - ).items(): - print("{0} findings count: {1}".format(reason, total)) - else: - print(devops_platform_gateway.message("succeeded", "There are no findings")) - print(devops_platform_gateway.result_pipeline("succeeded")) - print() - print( - devops_platform_gateway.message( - "info", - custom_message, - ) - ) +from dataclasses import dataclass +from functools import reduce + +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, + Category, +) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.printer_table_gateway import ( + PrinterTableGateway, +) + +from collections import Counter +from datetime import timedelta, datetime +import pytz + + +@dataclass +class BreakBuild: + def __init__( + self, + devops_platform_gateway: DevopsPlatformGateway, + printer_table_gateway: PrinterTableGateway, + ): + self.devops_platform_gateway = devops_platform_gateway + self.printer_table_gateway = printer_table_gateway + + def _apply_policie_exception_new_vulnerability_industry( + self, findings_list: "list[Finding]", exclusions: "list[Exclusions]", args: any + ): + if args["tool"] in ["engine_container", "engine_dependencies"]: + date_actual = datetime.now(pytz.utc) + for item in findings_list: + if item.published_date_cve: + date_initial = datetime.fromisoformat(item.published_date_cve) + date_final = date_initial + timedelta(days=5) + if date_initial <= date_actual <= date_final: + exclusions.append( + Exclusions( + **{ + "id": item.id, + "where": "all", + "create_date": date_initial.strftime("%d%m%Y"), + "expired_date": date_final.strftime("%d%m%Y"), + "reason": "New vulnerability in the industry", + } + ) + ) + + def process(self, findings_list: "list[Finding]", input_core: InputCore, args: any): + devops_platform_gateway = self.devops_platform_gateway + printer_table_gateway = self.printer_table_gateway + threshold = input_core.threshold_defined + exclusions = input_core.totalized_exclusions + custom_message = input_core.custom_message_break_build + + scan_result = { + "findings_excluded": [], + "vulnerabilities": {}, + "compliances": {}, + } + + if len(findings_list) != 0: + self._apply_policie_exception_new_vulnerability_industry( + findings_list, exclusions, args + ) + + findings_excluded_list = list( + filter( + lambda item: any( + exclusion.id == item.id + and (exclusion.where in item.where or "all" in exclusion.where) + for exclusion in exclusions + ), + findings_list, + ) + ) + + scan_result["findings_excluded"] = list( + map( + lambda item: { + "id": item.id, + "severity": item.severity, + "category": item.category.value, + }, + findings_excluded_list, + ) + ) + + findings_without_exclusions_list = list( + filter( + lambda v: v not in findings_excluded_list, + findings_list, + ) + ) + + vulnerabilities_without_exclusions_list = list( + filter( + lambda v: v.category == Category.VULNERABILITY, + findings_without_exclusions_list, + ) + ) + + compliances_without_exclusions_list = list( + filter( + lambda v: v.category == Category.COMPLIANCE, + findings_without_exclusions_list, + ) + ) + + vulnerabilities_critical = reduce( + lambda count, vulnerability: ( + count + 1 if vulnerability.severity == "critical" else count + ), + vulnerabilities_without_exclusions_list, + 0, + ) + vulnerabilities_high = reduce( + lambda count, vulnerability: ( + count + 1 if vulnerability.severity == "high" else count + ), + vulnerabilities_without_exclusions_list, + 0, + ) + vulnerabilities_medium = reduce( + lambda count, vulnerability: ( + count + 1 if vulnerability.severity == "medium" else count + ), + vulnerabilities_without_exclusions_list, + 0, + ) + vulnerabilities_low = reduce( + lambda count, vulnerability: ( + count + 1 if vulnerability.severity == "low" else count + ), + vulnerabilities_without_exclusions_list, + 0, + ) + vulnerabilities_unknown = reduce( + lambda count, vulnerability: ( + count + 1 if vulnerability.severity == "unknown" else count + ), + vulnerabilities_without_exclusions_list, + 0, + ) + + compliance_critical = reduce( + lambda count, compliance: ( + count + 1 if compliance.severity == "critical" else count + ), + compliances_without_exclusions_list, + 0, + ) + print() + if ( + sum( + [ + vulnerabilities_critical, + vulnerabilities_high, + vulnerabilities_medium, + vulnerabilities_low, + ] + ) + == 0 + ): + print( + devops_platform_gateway.message( + "succeeded", "There are no vulnerabilities" + ) + ) + print(devops_platform_gateway.result_pipeline("succeeded")) + elif ( + vulnerabilities_critical >= threshold.vulnerability.critical + or vulnerabilities_high >= threshold.vulnerability.high + or vulnerabilities_medium >= threshold.vulnerability.medium + or vulnerabilities_low >= threshold.vulnerability.low + ): + print("Below are all vulnerabilities detected.") + printer_table_gateway.print_table_findings( + vulnerabilities_without_exclusions_list + ) + print( + devops_platform_gateway.message( + "error", + "Security count issues (critical: {0}, high: {1}, medium: {2}, low: {3}) is greater than or equal to failure criteria (critical: {4}, high: {5}, medium: {6}, low:{7}, operator: or)".format( + vulnerabilities_critical, + vulnerabilities_high, + vulnerabilities_medium, + vulnerabilities_low, + threshold.vulnerability.critical, + threshold.vulnerability.high, + threshold.vulnerability.medium, + threshold.vulnerability.low, + ), + ) + ) + print(devops_platform_gateway.result_pipeline("failed")) + + scan_result["vulnerabilities"] = { + "threshold": { + "critical": vulnerabilities_critical, + "high": vulnerabilities_high, + "medium": vulnerabilities_medium, + "low": vulnerabilities_low, + }, + "status": "failed", + "found": list( + map( + lambda item: { + "id": item.id, + "severity": item.severity, + }, + vulnerabilities_without_exclusions_list, + ) + ), + } + else: + print("Below are all vulnerabilities detected.") + printer_table_gateway.print_table_findings( + vulnerabilities_without_exclusions_list + ) + print( + devops_platform_gateway.message( + "warning", + "Security count issues (critical: {0}, high: {1}, medium: {2}, low: {3}) is not greater than or equal to failure criteria (critical: {4}, high: {5}, medium: {6}, low:{7}, operator: or)".format( + vulnerabilities_critical, + vulnerabilities_high, + vulnerabilities_medium, + vulnerabilities_low, + threshold.vulnerability.critical, + threshold.vulnerability.high, + threshold.vulnerability.medium, + threshold.vulnerability.low, + ), + ) + ) + + if devops_platform_gateway.get_variable("stage") == "build": + print(devops_platform_gateway.result_pipeline("succeeded_with_issues")) + else: + print(devops_platform_gateway.result_pipeline("succeeded")) + + scan_result["vulnerabilities"] = { + "threshold": { + "critical": vulnerabilities_critical, + "high": vulnerabilities_high, + "medium": vulnerabilities_medium, + "low": vulnerabilities_low, + }, + "status": "succeeded", + "found": list( + map( + lambda item: { + "id": item.id, + "severity": item.severity, + }, + vulnerabilities_without_exclusions_list, + ) + ), + } + + ids_vulnerabilitites = list( + map(lambda x: x.id, vulnerabilities_without_exclusions_list) + ) + ids_match = list(filter(lambda x: x in ids_vulnerabilitites, threshold.cve)) + if len(ids_match) > 0: + print( + devops_platform_gateway.message( + "error", + "Scan Failed due to vulnerability policy violations: CVEs Vulnerabilities: {0}".format( + ",".join(ids_match) + ), + ) + ) + print(devops_platform_gateway.result_pipeline("failed")) + + print() + if len(compliances_without_exclusions_list) > 0: + print("Below are all compliances issues detected.") + printer_table_gateway.print_table_findings( + compliances_without_exclusions_list + ) + status = "succeeded" + if compliance_critical >= threshold.compliance.critical: + print( + devops_platform_gateway.message( + "error", + "Compliance issues count (critical: {0}) is greater than or equal to failure criteria (critical: {1})".format( + compliance_critical, threshold.compliance.critical + ), + ) + ) + print(devops_platform_gateway.result_pipeline("failed")) + status = "failed" + else: + if devops_platform_gateway.get_variable("stage") == "build": + print(devops_platform_gateway.result_pipeline("succeeded_with_issues")) + scan_result["compliances"] = { + "threshold": {"critical": compliance_critical}, + "status": status, + "found": list( + map( + lambda item: { + "id": item.id, + "severity": item.severity, + }, + compliances_without_exclusions_list, + ) + ), + } + else: + print( + devops_platform_gateway.message( + "succeeded", "There are no compliances issues" + ) + ) + print(devops_platform_gateway.result_pipeline("succeeded")) + print() + if len(findings_excluded_list) > 0: + exclusions_list = list( + map( + lambda item: { + "severity": item.severity, + "id": item.id, + "where": item.where, + "create_date": next( + ( + elem.create_date + for elem in exclusions + if elem.id == item.id + ), + None, + ), + "expired_date": next( + ( + elem.expired_date + for elem in exclusions + if elem.id == item.id + ), + None, + ), + "reason": next( + ( + elem.reason + for elem in exclusions + if elem.id == item.id + ), + None, + ), + }, + findings_excluded_list, + ) + ) + print( + devops_platform_gateway.message( + "warning", "Bellow are all findings that were excepted." + ) + ) + printer_table_gateway.print_table_exclusions(exclusions_list) + for reason, total in Counter( + map(lambda x: x["reason"], exclusions_list) + ).items(): + print("{0} findings count: {1}".format(reason, total)) + else: + print(devops_platform_gateway.message("succeeded", "There are no findings")) + print(devops_platform_gateway.result_pipeline("succeeded")) + print() + print( + devops_platform_gateway.message( + "info", + custom_message, + ) + ) return scan_result \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py index 5e84451c2..3d0a4d136 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py @@ -1,163 +1,163 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan import ( - runner_engine_iac, -) -from devsecops_engine_tools.engine_sast.engine_secret.src.applications.runner_secret_scan import ( - runner_secret_scan, -) -from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_management_gateway import ( - VulnerabilityManagementGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.gateway.secrets_manager_gateway import ( - SecretsManagerGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import ( - VulnerabilityManagement, -) -from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( - ExceptionVulnerabilityManagement, - ExceptionFindingsExcepted, -) -from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan import ( - runner_engine_container, -) -from devsecops_engine_tools.engine_sca.engine_dependencies.src.applications.runner_dependencies_scan import ( - runner_engine_dependencies, -) -from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import ( - runner_engine_dast -) -from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( - define_env, -) -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - -MESSAGE_ENABLED = "not yet enabled" - - -class HandleScan: - def __init__( - self, - vulnerability_management: VulnerabilityManagementGateway, - secrets_manager_gateway: SecretsManagerGateway, - devops_platform_gateway: DevopsPlatformGateway, - ): - self.vulnerability_management = vulnerability_management - self.secrets_manager_gateway = secrets_manager_gateway - self.devops_platform_gateway = devops_platform_gateway - - def _use_vulnerability_management( - self, config_tool, input_core, dict_args, secret_tool, env - ): - try: - self.vulnerability_management.send_vulnerability_management( - VulnerabilityManagement( - config_tool[dict_args["tool"].upper()]["TOOL"], - input_core, - dict_args, - secret_tool, - config_tool, - self.devops_platform_gateway.get_source_code_management_uri(), - self.devops_platform_gateway.get_base_compact_remote_config_url( - dict_args["remote_config_repo"] - ), - self.devops_platform_gateway.get_variable("access_token"), - self.devops_platform_gateway.get_variable("build_execution_id"), - self.devops_platform_gateway.get_variable("build_id"), - self.devops_platform_gateway.get_variable("branch_tag"), - self.devops_platform_gateway.get_variable("commit_hash"), - env - ) - ) - except ExceptionVulnerabilityManagement as ex1: - logger.error(str(ex1)) - try: - input_core.totalized_exclusions.extend( - self.vulnerability_management.get_findings_excepted( - input_core.scope_pipeline, - dict_args, - secret_tool, - config_tool, - ) - ) - except ExceptionFindingsExcepted as ex2: - logger.error(str(ex2)) - - def process(self, dict_args: any, config_tool: any): - secret_tool = None - env = define_env( - self.devops_platform_gateway.get_variable("environment"), - self.devops_platform_gateway.get_variable("branch_name"), - ) - if dict_args["use_secrets_manager"] == "true": - secret_tool = self.secrets_manager_gateway.get_secret(config_tool) - if "engine_iac" in dict_args["tool"]: - findings_list, input_core = runner_engine_iac( - dict_args, config_tool["ENGINE_IAC"]["TOOL"], secret_tool,self.devops_platform_gateway, env - ) - if dict_args["use_vulnerability_management"] == "true" and input_core.path_file_results: - self._use_vulnerability_management( - config_tool, input_core, dict_args, secret_tool, env - ) - return findings_list, input_core - elif "engine_container" in dict_args["tool"]: - secret_sca = "" - if secret_tool is not None: - secret_sca = secret_tool["token_prisma_cloud"] - else: - secret_sca = dict_args["token_engine_container"] - findings_list, input_core = runner_engine_container( - dict_args, config_tool["ENGINE_CONTAINER"]["TOOL"], secret_sca, self.devops_platform_gateway - ) - if ( - dict_args["use_vulnerability_management"] == "true" - and input_core.path_file_results - ): - self._use_vulnerability_management( - config_tool, input_core, dict_args, secret_tool, env - ) - return findings_list, input_core - elif "engine_dast" in dict_args["tool"]: - findings_list, input_core = runner_engine_dast( - dict_args, - config_tool, - secret_tool, - self.devops_platform_gateway - ) - return findings_list, input_core - elif "engine_secret" in dict_args["tool"]: - findings_list, input_core = runner_secret_scan( - dict_args, - config_tool["ENGINE_SECRET"]["TOOL"], - self.devops_platform_gateway - ) - if ( - dict_args["use_vulnerability_management"] == "true" - and input_core.path_file_results - ): - self._use_vulnerability_management( - config_tool, input_core, dict_args, secret_tool, env - ) - return findings_list, input_core - elif "engine_dependencies" in dict_args["tool"]: - if secret_tool is not None: - secret_sca = secret_tool["token_xray"] - else: - secret_sca = dict_args["token_engine_dependencies"] - findings_list, input_core = runner_engine_dependencies( - dict_args, config_tool, secret_sca, self.devops_platform_gateway - ) - - if ( - dict_args["use_vulnerability_management"] == "true" - and input_core.path_file_results - ): - self._use_vulnerability_management( - config_tool, input_core, dict_args, secret_tool, env - ) +from devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan import ( + runner_engine_iac, +) +from devsecops_engine_tools.engine_sast.engine_secret.src.applications.runner_secret_scan import ( + runner_secret_scan, +) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_management_gateway import ( + VulnerabilityManagementGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.secrets_manager_gateway import ( + SecretsManagerGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import ( + VulnerabilityManagement, +) +from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( + ExceptionVulnerabilityManagement, + ExceptionFindingsExcepted, +) +from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan import ( + runner_engine_container, +) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.applications.runner_dependencies_scan import ( + runner_engine_dependencies, +) +from devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan import ( + runner_engine_dast +) +from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( + define_env, +) +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + +MESSAGE_ENABLED = "not yet enabled" + + +class HandleScan: + def __init__( + self, + vulnerability_management: VulnerabilityManagementGateway, + secrets_manager_gateway: SecretsManagerGateway, + devops_platform_gateway: DevopsPlatformGateway, + ): + self.vulnerability_management = vulnerability_management + self.secrets_manager_gateway = secrets_manager_gateway + self.devops_platform_gateway = devops_platform_gateway + + def _use_vulnerability_management( + self, config_tool, input_core, dict_args, secret_tool, env + ): + try: + self.vulnerability_management.send_vulnerability_management( + VulnerabilityManagement( + config_tool[dict_args["tool"].upper()]["TOOL"], + input_core, + dict_args, + secret_tool, + config_tool, + self.devops_platform_gateway.get_source_code_management_uri(), + self.devops_platform_gateway.get_base_compact_remote_config_url( + dict_args["remote_config_repo"] + ), + self.devops_platform_gateway.get_variable("access_token"), + self.devops_platform_gateway.get_variable("build_execution_id"), + self.devops_platform_gateway.get_variable("build_id"), + self.devops_platform_gateway.get_variable("branch_tag"), + self.devops_platform_gateway.get_variable("commit_hash"), + env + ) + ) + except ExceptionVulnerabilityManagement as ex1: + logger.error(str(ex1)) + try: + input_core.totalized_exclusions.extend( + self.vulnerability_management.get_findings_excepted( + input_core.scope_pipeline, + dict_args, + secret_tool, + config_tool, + ) + ) + except ExceptionFindingsExcepted as ex2: + logger.error(str(ex2)) + + def process(self, dict_args: any, config_tool: any): + secret_tool = None + env = define_env( + self.devops_platform_gateway.get_variable("environment"), + self.devops_platform_gateway.get_variable("branch_name"), + ) + if dict_args["use_secrets_manager"] == "true": + secret_tool = self.secrets_manager_gateway.get_secret(config_tool) + if "engine_iac" in dict_args["tool"]: + findings_list, input_core = runner_engine_iac( + dict_args, config_tool["ENGINE_IAC"]["TOOL"], secret_tool,self.devops_platform_gateway, env + ) + if dict_args["use_vulnerability_management"] == "true" and input_core.path_file_results: + self._use_vulnerability_management( + config_tool, input_core, dict_args, secret_tool, env + ) + return findings_list, input_core + elif "engine_container" in dict_args["tool"]: + secret_sca = "" + if secret_tool is not None: + secret_sca = secret_tool["token_prisma_cloud"] + else: + secret_sca = dict_args["token_engine_container"] + findings_list, input_core = runner_engine_container( + dict_args, config_tool["ENGINE_CONTAINER"]["TOOL"], secret_sca, self.devops_platform_gateway + ) + if ( + dict_args["use_vulnerability_management"] == "true" + and input_core.path_file_results + ): + self._use_vulnerability_management( + config_tool, input_core, dict_args, secret_tool, env + ) + return findings_list, input_core + elif "engine_dast" in dict_args["tool"]: + findings_list, input_core = runner_engine_dast( + dict_args, + config_tool, + secret_tool, + self.devops_platform_gateway + ) + return findings_list, input_core + elif "engine_secret" in dict_args["tool"]: + findings_list, input_core = runner_secret_scan( + dict_args, + config_tool["ENGINE_SECRET"]["TOOL"], + self.devops_platform_gateway + ) + if ( + dict_args["use_vulnerability_management"] == "true" + and input_core.path_file_results + ): + self._use_vulnerability_management( + config_tool, input_core, dict_args, secret_tool, env + ) + return findings_list, input_core + elif "engine_dependencies" in dict_args["tool"]: + if secret_tool is not None: + secret_sca = secret_tool["token_xray"] + else: + secret_sca = dict_args["token_engine_dependencies"] + findings_list, input_core = runner_engine_dependencies( + dict_args, config_tool, secret_sca, self.devops_platform_gateway + ) + + if ( + dict_args["use_vulnerability_management"] == "true" + and input_core.path_file_results + ): + self._use_vulnerability_management( + config_tool, input_core, dict_args, secret_tool, env + ) return findings_list, input_core \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py index 72f446269..db78c92ab 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py @@ -1,52 +1,52 @@ -from devsecops_engine_tools.engine_core.src.domain.model.gateway.metrics_manager_gateway import ( - MetricsManagerGateway, -) -from devsecops_engine_tools.engine_core.src.infrastructure.helpers.aws import ( - assume_role, -) -import boto3 -import logging -import datetime - -boto3.set_stream_logger(name="botocore.credentials", level=logging.WARNING) - - -class S3Manager(MetricsManagerGateway): - - def _get_s3_data(self, client, bucket, path): - try: - response = client.get_object( - Bucket=bucket, - Key=path, - ) - return response["Body"].read().decode("utf-8") - except client.exceptions.NoSuchKey: - return "" - - def send_metrics(self, config_tool, tool, file_path): - temp_credentials = assume_role( - config_tool["METRICS_MANAGER"]["AWS"]["ROLE_ARN"] - ) - session = boto3.session.Session() - client = session.client( - service_name="s3", - region_name=config_tool["METRICS_MANAGER"]["AWS"]["REGION_NAME"], - aws_access_key_id=temp_credentials["AccessKeyId"], - aws_secret_access_key=temp_credentials["SecretAccessKey"], - aws_session_token=temp_credentials["SessionToken"], - ) - date = datetime.datetime.now() - path_bucket = f'engine_tools/{tool}/{date.strftime("%Y")}/{date.strftime("%m")}/{date.strftime("%d")}/{file_path.split("/")[-1]}' - - data = self._get_s3_data( - client, config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], path_bucket - ) - - with open(file_path, "rb") as new_data: - new_data_content = new_data.read().decode("utf-8") - data = data + "\n" + new_data_content if data else new_data_content - client.put_object( - Bucket=config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], - Key=path_bucket, - Body=data, - ) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.metrics_manager_gateway import ( + MetricsManagerGateway, +) +from devsecops_engine_tools.engine_core.src.infrastructure.helpers.aws import ( + assume_role, +) +import boto3 +import logging +import datetime + +boto3.set_stream_logger(name="botocore.credentials", level=logging.WARNING) + + +class S3Manager(MetricsManagerGateway): + + def _get_s3_data(self, client, bucket, path): + try: + response = client.get_object( + Bucket=bucket, + Key=path, + ) + return response["Body"].read().decode("utf-8") + except client.exceptions.NoSuchKey: + return "" + + def send_metrics(self, config_tool, tool, file_path): + temp_credentials = assume_role( + config_tool["METRICS_MANAGER"]["AWS"]["ROLE_ARN"] + ) + session = boto3.session.Session() + client = session.client( + service_name="s3", + region_name=config_tool["METRICS_MANAGER"]["AWS"]["REGION_NAME"], + aws_access_key_id=temp_credentials["AccessKeyId"], + aws_secret_access_key=temp_credentials["SecretAccessKey"], + aws_session_token=temp_credentials["SessionToken"], + ) + date = datetime.datetime.now() + path_bucket = f'engine_tools/{tool}/{date.strftime("%Y")}/{date.strftime("%m")}/{date.strftime("%d")}/{file_path.split("/")[-1]}' + + data = self._get_s3_data( + client, config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], path_bucket + ) + + with open(file_path, "rb") as new_data: + new_data_content = new_data.read().decode("utf-8") + data = data + "\n" + new_data_content if data else new_data_content + client.put_object( + Bucket=config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], + Key=path_bucket, + Body=data, + ) diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py index cdcc459f9..ac237823b 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py @@ -1,271 +1,271 @@ -from dataclasses import dataclass -from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_management_gateway import ( - VulnerabilityManagementGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import ( - VulnerabilityManagement, -) -from devsecops_engine_tools.engine_utilities.defect_dojo import ( - DefectDojo, - ImportScanRequest, - Connect, - Finding, -) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions -from devsecops_engine_tools.engine_core.src.domain.model.report import Report -from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager -from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( - ExceptionVulnerabilityManagement, - ExceptionFindingsExcepted, - ExceptionGettingFindings, -) -from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( - format_date, -) -from functools import partial - - -@dataclass -class DefectDojoPlatform(VulnerabilityManagementGateway): - def send_vulnerability_management( - self, vulnerability_management: VulnerabilityManagement - ): - try: - token_dd = ( - vulnerability_management.dict_args["token_vulnerability_management"] - if vulnerability_management.dict_args["token_vulnerability_management"] - is not None - else vulnerability_management.secret_tool["token_defect_dojo"] - ) - token_cmdb = ( - vulnerability_management.dict_args["token_cmdb"] - if vulnerability_management.dict_args["token_cmdb"] is not None - else vulnerability_management.secret_tool["token_cmdb"] - ) - - enviroment_mapping = { - "dev": "Development", - "qa": "Staging", - "pdn": "Production", - "default": "Production", - } - scan_type_mapping = { - "CHECKOV": "Checkov Scan", - "PRISMA": "Twistlock Image Scan", - "XRAY": "JFrog Xray On Demand Binary Scan", - "TRUFFLEHOG": "Trufflehog Scan", - "TRIVY": "Trivy Scan", - "KUBESCAPE": "Kubescape Scanner", - "KICS": "KICS Scanner" - } - - if any( - branch in str(vulnerability_management.branch_tag) - for branch in vulnerability_management.config_tool[ - "VULNERABILITY_MANAGER" - ]["BRANCH_FILTER"].split(",") - ) or (vulnerability_management.dict_args["tool"] == 'engine_secret'): - request: ImportScanRequest = Connect.cmdb( - cmdb_mapping={ - "product_type_name": "nombreevc", - "product_name": "nombreapp", - "tag_product": "nombreentorno", - "product_description": "arearesponsableti", - "codigo_app": "CodigoApp", - }, - compact_remote_config_url=f'{vulnerability_management.base_compact_remote_config_url}{vulnerability_management.config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["CMDB_MAPPING_PATH"]}', - personal_access_token=vulnerability_management.access_token, - token_cmdb=token_cmdb, - host_cmdb=vulnerability_management.config_tool[ - "VULNERABILITY_MANAGER" - ]["DEFECT_DOJO"]["HOST_CMDB"], - expression=vulnerability_management.config_tool[ - "VULNERABILITY_MANAGER" - ]["DEFECT_DOJO"]["REGEX_EXPRESSION_CMDB"], - token_defect_dojo=token_dd, - host_defect_dojo=vulnerability_management.config_tool[ - "VULNERABILITY_MANAGER" - ]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"], - scan_type=scan_type_mapping[vulnerability_management.scan_type], - engagement_name=vulnerability_management.input_core.scope_pipeline, - service=vulnerability_management.input_core.scope_pipeline, - file=vulnerability_management.input_core.path_file_results, - version=vulnerability_management.version, - build_id=vulnerability_management.build_id, - source_code_management_uri=vulnerability_management.source_code_management_uri, - branch_tag=vulnerability_management.branch_tag, - commit_hash=vulnerability_management.commit_hash, - environment=( - enviroment_mapping[vulnerability_management.environment.lower()] - if vulnerability_management.environment is not None - and vulnerability_management.environment.lower() - in enviroment_mapping - else enviroment_mapping["default"] - ), - tags=vulnerability_management.dict_args["tool"], - ) - - response = DefectDojo.send_import_scan(request) - if hasattr(response, "url"): - url_parts = response.url.split("//") - test_string = "//".join([url_parts[0] + "/", url_parts[1]]) - print( - "Report sent to vulnerability management: ", - f"{test_string}?tags={vulnerability_management.dict_args['tool']}", - ) - else: - raise ExceptionVulnerabilityManagement(response) - except Exception as ex: - raise ExceptionVulnerabilityManagement( - "Error sending report to vulnerability management with the following error: {0} ".format( - ex - ) - ) - - def get_findings_excepted(self, service, dict_args, secret_tool, config_tool): - try: - session_manager = self._get_session_manager(dict_args, secret_tool, config_tool) - - dd_limits_query = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][ - "LIMITS_QUERY" - ] - tool = dict_args["tool"] - - risk_accepted_query_params = { - "risk_accepted": True, - "tags": tool, - "limit": dd_limits_query, - } - false_positive_query_params = { - "false_p": True, - "tags": tool, - "limit": dd_limits_query, - } - - exclusions_risk_accepted = self._get_findings_with_exclusions( - session_manager, - service, - risk_accepted_query_params, - tool, - self._format_date_to_dd_format, - "Risk Accepted", - ) - - exclusions_false_positive = self._get_findings_with_exclusions( - session_manager, - service, - false_positive_query_params, - tool, - self._format_date_to_dd_format, - "False Positive", - ) - - return list(exclusions_risk_accepted) + list(exclusions_false_positive) - except Exception as ex: - raise ExceptionFindingsExcepted( - "Error getting excepted findings with the following error: {0} ".format( - ex - ) - ) - - def get_all_findings( - self, service, dict_args, secret_tool, config_tool - ): - try: - all_findings_query_params = { - "limit": config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["LIMITS_QUERY"] - } - - findings = self._get_findings( - self._get_session_manager(dict_args, secret_tool, config_tool), - service, - all_findings_query_params - ) - - maped_list = list( - map( - partial(self._create_report, date_fn=self._format_date_to_dd_format), - findings, - ) - ) - - return maped_list - - except Exception as ex: - raise ExceptionGettingFindings( - "Error getting all findings with the following error: {0} ".format( - ex - ) - ) - - def _get_session_manager(self, dict_args, secret_tool, config_tool): - token_dd = dict_args.get( - "token_vulnerability_management" - ) or secret_tool.get("token_defect_dojo") - return SessionManager( - token_dd, - config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"], - ) - - def _get_findings_with_exclusions( - self, session_manager, service, query_params, tool, date_fn, reason - ): - findings = self._get_findings(session_manager, service, query_params) - return map( - partial(self._create_exclusion, date_fn=date_fn, tool=tool, reason=reason), - findings, - ) - - def _get_findings(self, session_manager, service, query_params): - return Finding.get_finding( - session=session_manager, service=service, **query_params - ).results - - def _create_exclusion(self, finding, date_fn, tool, reason): - return Exclusions( - id=finding.vuln_id_from_tool, - where=self._get_where(finding, tool), - create_date=date_fn( - finding.last_status_update - if reason == "False Positive" - else finding.accepted_risks[-1]["created"] - ), - expired_date=date_fn( - None - if reason == "False Positive" - else finding.accepted_risks[-1]["expiration_date"] - ), - reason=reason, - ) - - def _create_report(self, finding, date_fn): - return Report( - id=finding.vuln_id_from_tool, - date=date_fn( - finding.date - ), - status=finding.display_status, - where=self._get_where_report(finding), - tags=finding.tags, - severity=finding.severity, - active=finding.active, - ) - - def _format_date_to_dd_format(self, date_string): - return ( - format_date(date_string.split("T")[0], "%Y-%m-%d", "%d%m%Y") - if date_string - else None - ) - - def _get_where_report(self, finding): - for tag in finding.tags: - return self._get_where(finding, tag) - - def _get_where(self, finding, tool): - if tool in ["engine_container", "engine_dependencies"]: - return finding.component_name + ":" + finding.component_version - elif tool == "engine_dast": - return finding.endpoints - else: - return finding.file_path +from dataclasses import dataclass +from devsecops_engine_tools.engine_core.src.domain.model.gateway.vulnerability_management_gateway import ( + VulnerabilityManagementGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import ( + VulnerabilityManagement, +) +from devsecops_engine_tools.engine_utilities.defect_dojo import ( + DefectDojo, + ImportScanRequest, + Connect, + Finding, +) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions +from devsecops_engine_tools.engine_core.src.domain.model.report import Report +from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager +from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( + ExceptionVulnerabilityManagement, + ExceptionFindingsExcepted, + ExceptionGettingFindings, +) +from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( + format_date, +) +from functools import partial + + +@dataclass +class DefectDojoPlatform(VulnerabilityManagementGateway): + def send_vulnerability_management( + self, vulnerability_management: VulnerabilityManagement + ): + try: + token_dd = ( + vulnerability_management.dict_args["token_vulnerability_management"] + if vulnerability_management.dict_args["token_vulnerability_management"] + is not None + else vulnerability_management.secret_tool["token_defect_dojo"] + ) + token_cmdb = ( + vulnerability_management.dict_args["token_cmdb"] + if vulnerability_management.dict_args["token_cmdb"] is not None + else vulnerability_management.secret_tool["token_cmdb"] + ) + + enviroment_mapping = { + "dev": "Development", + "qa": "Staging", + "pdn": "Production", + "default": "Production", + } + scan_type_mapping = { + "CHECKOV": "Checkov Scan", + "PRISMA": "Twistlock Image Scan", + "XRAY": "JFrog Xray On Demand Binary Scan", + "TRUFFLEHOG": "Trufflehog Scan", + "TRIVY": "Trivy Scan", + "KUBESCAPE": "Kubescape Scanner", + "KICS": "KICS Scanner" + } + + if any( + branch in str(vulnerability_management.branch_tag) + for branch in vulnerability_management.config_tool[ + "VULNERABILITY_MANAGER" + ]["BRANCH_FILTER"].split(",") + ) or (vulnerability_management.dict_args["tool"] == 'engine_secret'): + request: ImportScanRequest = Connect.cmdb( + cmdb_mapping={ + "product_type_name": "nombreevc", + "product_name": "nombreapp", + "tag_product": "nombreentorno", + "product_description": "arearesponsableti", + "codigo_app": "CodigoApp", + }, + compact_remote_config_url=f'{vulnerability_management.base_compact_remote_config_url}{vulnerability_management.config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["CMDB_MAPPING_PATH"]}', + personal_access_token=vulnerability_management.access_token, + token_cmdb=token_cmdb, + host_cmdb=vulnerability_management.config_tool[ + "VULNERABILITY_MANAGER" + ]["DEFECT_DOJO"]["HOST_CMDB"], + expression=vulnerability_management.config_tool[ + "VULNERABILITY_MANAGER" + ]["DEFECT_DOJO"]["REGEX_EXPRESSION_CMDB"], + token_defect_dojo=token_dd, + host_defect_dojo=vulnerability_management.config_tool[ + "VULNERABILITY_MANAGER" + ]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"], + scan_type=scan_type_mapping[vulnerability_management.scan_type], + engagement_name=vulnerability_management.input_core.scope_pipeline, + service=vulnerability_management.input_core.scope_pipeline, + file=vulnerability_management.input_core.path_file_results, + version=vulnerability_management.version, + build_id=vulnerability_management.build_id, + source_code_management_uri=vulnerability_management.source_code_management_uri, + branch_tag=vulnerability_management.branch_tag, + commit_hash=vulnerability_management.commit_hash, + environment=( + enviroment_mapping[vulnerability_management.environment.lower()] + if vulnerability_management.environment is not None + and vulnerability_management.environment.lower() + in enviroment_mapping + else enviroment_mapping["default"] + ), + tags=vulnerability_management.dict_args["tool"], + ) + + response = DefectDojo.send_import_scan(request) + if hasattr(response, "url"): + url_parts = response.url.split("//") + test_string = "//".join([url_parts[0] + "/", url_parts[1]]) + print( + "Report sent to vulnerability management: ", + f"{test_string}?tags={vulnerability_management.dict_args['tool']}", + ) + else: + raise ExceptionVulnerabilityManagement(response) + except Exception as ex: + raise ExceptionVulnerabilityManagement( + "Error sending report to vulnerability management with the following error: {0} ".format( + ex + ) + ) + + def get_findings_excepted(self, service, dict_args, secret_tool, config_tool): + try: + session_manager = self._get_session_manager(dict_args, secret_tool, config_tool) + + dd_limits_query = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][ + "LIMITS_QUERY" + ] + tool = dict_args["tool"] + + risk_accepted_query_params = { + "risk_accepted": True, + "tags": tool, + "limit": dd_limits_query, + } + false_positive_query_params = { + "false_p": True, + "tags": tool, + "limit": dd_limits_query, + } + + exclusions_risk_accepted = self._get_findings_with_exclusions( + session_manager, + service, + risk_accepted_query_params, + tool, + self._format_date_to_dd_format, + "Risk Accepted", + ) + + exclusions_false_positive = self._get_findings_with_exclusions( + session_manager, + service, + false_positive_query_params, + tool, + self._format_date_to_dd_format, + "False Positive", + ) + + return list(exclusions_risk_accepted) + list(exclusions_false_positive) + except Exception as ex: + raise ExceptionFindingsExcepted( + "Error getting excepted findings with the following error: {0} ".format( + ex + ) + ) + + def get_all_findings( + self, service, dict_args, secret_tool, config_tool + ): + try: + all_findings_query_params = { + "limit": config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["LIMITS_QUERY"] + } + + findings = self._get_findings( + self._get_session_manager(dict_args, secret_tool, config_tool), + service, + all_findings_query_params + ) + + maped_list = list( + map( + partial(self._create_report, date_fn=self._format_date_to_dd_format), + findings, + ) + ) + + return maped_list + + except Exception as ex: + raise ExceptionGettingFindings( + "Error getting all findings with the following error: {0} ".format( + ex + ) + ) + + def _get_session_manager(self, dict_args, secret_tool, config_tool): + token_dd = dict_args.get( + "token_vulnerability_management" + ) or secret_tool.get("token_defect_dojo") + return SessionManager( + token_dd, + config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"]["HOST_DEFECT_DOJO"], + ) + + def _get_findings_with_exclusions( + self, session_manager, service, query_params, tool, date_fn, reason + ): + findings = self._get_findings(session_manager, service, query_params) + return map( + partial(self._create_exclusion, date_fn=date_fn, tool=tool, reason=reason), + findings, + ) + + def _get_findings(self, session_manager, service, query_params): + return Finding.get_finding( + session=session_manager, service=service, **query_params + ).results + + def _create_exclusion(self, finding, date_fn, tool, reason): + return Exclusions( + id=finding.vuln_id_from_tool, + where=self._get_where(finding, tool), + create_date=date_fn( + finding.last_status_update + if reason == "False Positive" + else finding.accepted_risks[-1]["created"] + ), + expired_date=date_fn( + None + if reason == "False Positive" + else finding.accepted_risks[-1]["expiration_date"] + ), + reason=reason, + ) + + def _create_report(self, finding, date_fn): + return Report( + id=finding.vuln_id_from_tool, + date=date_fn( + finding.date + ), + status=finding.display_status, + where=self._get_where_report(finding), + tags=finding.tags, + severity=finding.severity, + active=finding.active, + ) + + def _format_date_to_dd_format(self, date_string): + return ( + format_date(date_string.split("T")[0], "%Y-%m-%d", "%d%m%Y") + if date_string + else None + ) + + def _get_where_report(self, finding): + for tag in finding.tags: + return self._get_where(finding, tag) + + def _get_where(self, finding, tool): + if tool in ["engine_container", "engine_dependencies"]: + return finding.component_name + ":" + finding.component_version + elif tool == "engine_dast": + return finding.endpoints + else: + return finding.file_path diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py index 28d908406..bece35434 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py @@ -1,97 +1,97 @@ -from dataclasses import dataclass -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_utilities.github.models.GithubPredefinedVariables import ( - BuildVariables, - SystemVariables, - ReleaseVariables, - AgentVariables -) -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import ( - GithubApi, -) - - -@dataclass -class GithubActions(DevopsPlatformGateway): - OKGREEN = "\033[92m" - WARNING = "\033[93m" - FAIL = "\033[91m" - ENDC = "\033[0m" - ICON_FAIL = "\u2718" - ICON_SUCCESS = "\u2714" - - def get_remote_config(self, repository, path): - - github_repository = SystemVariables.github_repository.value() - split = github_repository.split("/") - owner = split[0] - - utils_github = GithubApi( - personal_access_token=SystemVariables.github_access_token.value() - ) - - git_client = utils_github.get_github_connection() - json_config = utils_github.get_remote_json_config(git_client, owner, repository, path) - - return json_config - - def message(self, type, message): - formats = { - "succeeded": f"::group::{message}", - "info": f"::notice::{message}", - "warning": f"::warning::{message}", - "error": f"::error::{message}" - } - return formats.get(type, message) - - def result_pipeline(self, type): - results = { - "failed": f"{self.FAIL}{self.ICON_FAIL}Failed{self.ENDC}", - "succeeded": f"{self.OKGREEN}{self.ICON_SUCCESS}Succeeded{self.ENDC}", - "succeeded_with_issues": f"{self.WARNING}{self.ICON_SUCCESS}Succeeded with issues{self.ENDC}" - } - return results.get(type) - - def get_source_code_management_uri(self): - return f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}" - - def get_base_compact_remote_config_url(self, remote_config_repo): - github_repository = SystemVariables.github_repository.value() - split = github_repository.split("/") - owner = split[0] - return f"{SystemVariables.github_server_url}/{owner}/{remote_config_repo}" - - def get_variable(self, variable): - variable_map = { - "branch_name": BuildVariables.github_ref, - "build_id": BuildVariables.github_run_number, - "build_execution_id": BuildVariables.github_run_id, - "commit_hash": BuildVariables.github_sha, - "environment": ReleaseVariables.github_env, - "release_id": ReleaseVariables.github_run_number, - "branch_tag": BuildVariables.github_ref, - "access_token": SystemVariables.github_access_token, - "organization": f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}", - "project_name": SystemVariables.github_repository, - "repository": BuildVariables.github_repository, - "pipeline_name": ( - BuildVariables.github_workflow - if SystemVariables.github_job.value() == "build" - else ReleaseVariables.github_workflow - ), - "stage": SystemVariables.github_job, - "path_directory": SystemVariables.github_workspace, - "os": AgentVariables.runner_os, - "work_folder": AgentVariables.github_workspace, - "temp_directory": AgentVariables.runner_tool_cache, - "agent_directory": AgentVariables.runner_workspace, - "target_branch": SystemVariables.github_event_base_ref, - "source_branch": SystemVariables.github_ref, - "repository_provider": BuildVariables.GitHub, - } - try: - return variable_map.get(variable).value() - except ValueError: - return None +from dataclasses import dataclass +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_utilities.github.models.GithubPredefinedVariables import ( + BuildVariables, + SystemVariables, + ReleaseVariables, + AgentVariables +) +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import ( + GithubApi, +) + + +@dataclass +class GithubActions(DevopsPlatformGateway): + OKGREEN = "\033[92m" + WARNING = "\033[93m" + FAIL = "\033[91m" + ENDC = "\033[0m" + ICON_FAIL = "\u2718" + ICON_SUCCESS = "\u2714" + + def get_remote_config(self, repository, path): + + github_repository = SystemVariables.github_repository.value() + split = github_repository.split("/") + owner = split[0] + + utils_github = GithubApi( + personal_access_token=SystemVariables.github_access_token.value() + ) + + git_client = utils_github.get_github_connection() + json_config = utils_github.get_remote_json_config(git_client, owner, repository, path) + + return json_config + + def message(self, type, message): + formats = { + "succeeded": f"::group::{message}", + "info": f"::notice::{message}", + "warning": f"::warning::{message}", + "error": f"::error::{message}" + } + return formats.get(type, message) + + def result_pipeline(self, type): + results = { + "failed": f"{self.FAIL}{self.ICON_FAIL}Failed{self.ENDC}", + "succeeded": f"{self.OKGREEN}{self.ICON_SUCCESS}Succeeded{self.ENDC}", + "succeeded_with_issues": f"{self.WARNING}{self.ICON_SUCCESS}Succeeded with issues{self.ENDC}" + } + return results.get(type) + + def get_source_code_management_uri(self): + return f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}" + + def get_base_compact_remote_config_url(self, remote_config_repo): + github_repository = SystemVariables.github_repository.value() + split = github_repository.split("/") + owner = split[0] + return f"{SystemVariables.github_server_url}/{owner}/{remote_config_repo}" + + def get_variable(self, variable): + variable_map = { + "branch_name": BuildVariables.github_ref, + "build_id": BuildVariables.github_run_number, + "build_execution_id": BuildVariables.github_run_id, + "commit_hash": BuildVariables.github_sha, + "environment": ReleaseVariables.github_env, + "release_id": ReleaseVariables.github_run_number, + "branch_tag": BuildVariables.github_ref, + "access_token": SystemVariables.github_access_token, + "organization": f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}", + "project_name": SystemVariables.github_repository, + "repository": BuildVariables.github_repository, + "pipeline_name": ( + BuildVariables.github_workflow + if SystemVariables.github_job.value() == "build" + else ReleaseVariables.github_workflow + ), + "stage": SystemVariables.github_job, + "path_directory": SystemVariables.github_workspace, + "os": AgentVariables.runner_os, + "work_folder": AgentVariables.github_workspace, + "temp_directory": AgentVariables.runner_tool_cache, + "agent_directory": AgentVariables.runner_workspace, + "target_branch": SystemVariables.github_event_base_ref, + "source_branch": SystemVariables.github_ref, + "repository_provider": BuildVariables.GitHub, + } + try: + return variable_map.get(variable).value() + except ValueError: + return None diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py index bc074d271..bbc00254d 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py @@ -1,114 +1,114 @@ -from dataclasses import dataclass - -from devsecops_engine_tools.engine_core.src.domain.model.gateway.printer_table_gateway import ( - PrinterTableGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, -) -from devsecops_engine_tools.engine_core.src.domain.model.report import ( - Report, -) -from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( - format_date -) -from prettytable import PrettyTable, DOUBLE_BORDER - - -@dataclass -class PrinterPrettyTable(PrinterTableGateway): - def _create_table(self, headers, finding_list): - table = PrettyTable(headers) - - for finding in finding_list: - row_data = [ - finding.severity, - finding.id, - finding.description, - finding.where, - ] - if (finding.module == "engine_container") or ( - finding.module == "engine_dependencies" - ): - row_data.append(finding.requirements) - - table.add_row(row_data) - - severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3, "unknown": 4} - sorted_table = PrettyTable() - sorted_table.field_names = table.field_names - sorted_table.add_rows( - sorted(table._rows, key=lambda row: severity_order[row[0]]) - ) - - for column in table.field_names: - sorted_table.align[column] = "l" - - sorted_table.set_style(DOUBLE_BORDER) - return sorted_table - - def print_table_findings(self, finding_list: "list[Finding]"): - if ( - finding_list - and (finding_list[0].module != "engine_container") - and (finding_list[0].module != "engine_dependencies") - ): - headers = ["Severity", "ID", "Description", "Where"] - else: - headers = ["Severity", "ID", "Description", "Where", "Fixed in"] - - sorted_table = self._create_table(headers, finding_list) - - if len(sorted_table.rows) > 0: - print(sorted_table) - - def print_table_report(self, report_list: "list[Report]"): - headers = ["Severity", "ID", "Tag", "Where"] - table = PrettyTable(headers) - for report in report_list: - row_data = [ - report.severity.lower(), - report.id, - report.tags, - report.where, - ] - table.add_row(row_data) - - severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3} - sorted_table = PrettyTable() - sorted_table.field_names = table.field_names - sorted_table.add_rows( - sorted(table._rows, key=lambda row: severity_order[row[0]]) - ) - - for column in table.field_names: - sorted_table.align[column] = "l" - - sorted_table.set_style(DOUBLE_BORDER) - - if len(sorted_table.rows) > 0: - print(sorted_table) - - def print_table_exclusions(self, exclusions): - if (exclusions): - headers = ["Severity", "ID", "Where", "Create Date", "Expired Date", "Reason"] - - table = PrettyTable(headers) - - for exclusion in exclusions: - row_data = [ - exclusion["severity"], - exclusion["id"], - exclusion["where"], - format_date(exclusion["create_date"], "%d%m%Y", "%d/%m/%Y"), - format_date(exclusion["expired_date"], "%d%m%Y", "%d/%m/%Y") if exclusion["expired_date"] and exclusion["expired_date"] != "undefined" else "NA", - exclusion["reason"], - ] - table.add_row(row_data) - - for column in table.field_names: - table.align[column] = "l" - - table.set_style(DOUBLE_BORDER) - if len(table.rows) > 0: - print(table) +from dataclasses import dataclass + +from devsecops_engine_tools.engine_core.src.domain.model.gateway.printer_table_gateway import ( + PrinterTableGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, +) +from devsecops_engine_tools.engine_core.src.domain.model.report import ( + Report, +) +from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( + format_date +) +from prettytable import PrettyTable, DOUBLE_BORDER + + +@dataclass +class PrinterPrettyTable(PrinterTableGateway): + def _create_table(self, headers, finding_list): + table = PrettyTable(headers) + + for finding in finding_list: + row_data = [ + finding.severity, + finding.id, + finding.description, + finding.where, + ] + if (finding.module == "engine_container") or ( + finding.module == "engine_dependencies" + ): + row_data.append(finding.requirements) + + table.add_row(row_data) + + severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3, "unknown": 4} + sorted_table = PrettyTable() + sorted_table.field_names = table.field_names + sorted_table.add_rows( + sorted(table._rows, key=lambda row: severity_order[row[0]]) + ) + + for column in table.field_names: + sorted_table.align[column] = "l" + + sorted_table.set_style(DOUBLE_BORDER) + return sorted_table + + def print_table_findings(self, finding_list: "list[Finding]"): + if ( + finding_list + and (finding_list[0].module != "engine_container") + and (finding_list[0].module != "engine_dependencies") + ): + headers = ["Severity", "ID", "Description", "Where"] + else: + headers = ["Severity", "ID", "Description", "Where", "Fixed in"] + + sorted_table = self._create_table(headers, finding_list) + + if len(sorted_table.rows) > 0: + print(sorted_table) + + def print_table_report(self, report_list: "list[Report]"): + headers = ["Severity", "ID", "Tag", "Where"] + table = PrettyTable(headers) + for report in report_list: + row_data = [ + report.severity.lower(), + report.id, + report.tags, + report.where, + ] + table.add_row(row_data) + + severity_order = {"critical": 0, "high": 1, "medium": 2, "low": 3} + sorted_table = PrettyTable() + sorted_table.field_names = table.field_names + sorted_table.add_rows( + sorted(table._rows, key=lambda row: severity_order[row[0]]) + ) + + for column in table.field_names: + sorted_table.align[column] = "l" + + sorted_table.set_style(DOUBLE_BORDER) + + if len(sorted_table.rows) > 0: + print(sorted_table) + + def print_table_exclusions(self, exclusions): + if (exclusions): + headers = ["Severity", "ID", "Where", "Create Date", "Expired Date", "Reason"] + + table = PrettyTable(headers) + + for exclusion in exclusions: + row_data = [ + exclusion["severity"], + exclusion["id"], + exclusion["where"], + format_date(exclusion["create_date"], "%d%m%Y", "%d/%m/%Y"), + format_date(exclusion["expired_date"], "%d%m%Y", "%d/%m/%Y") if exclusion["expired_date"] and exclusion["expired_date"] != "undefined" else "NA", + exclusion["reason"], + ] + table.add_row(row_data) + + for column in table.field_names: + table.align[column] = "l" + + table.set_style(DOUBLE_BORDER) + if len(table.rows) > 0: + print(table) diff --git a/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py b/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py index 75576a8d3..ab5cc1dc1 100644 --- a/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py +++ b/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py @@ -1,128 +1,128 @@ -from unittest import mock -from devsecops_engine_tools.engine_core.src.applications.runner_engine_core import ( - application_core, - get_inputs_from_cli, - parse_separated_list, -) - - -@mock.patch( - "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.init_engine_core" -) -@mock.patch( - "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.get_inputs_from_cli" -) -def test_application_core(mock_get_inputs_from_cli, mock_entry_point_tool): - # Set up mock arguments - mock_args = { - "platform_devops": "azure", - "remote_config_repo": "https://github.com/example/repo", - "tool": "engine_iac", - "environment": "dev", - "platform": "k8s", - "use_secrets_manager": "true", - "use_vulnerability_management": "false", - "send_metrics": "true", - "token_cmdb": "abc123", - "token_vulnerability_management": None, - "token_engine_container": None, - "token_engine_dependencies": None, - "dast_file_path": None, - } - - # Mock the dependencies - mock_get_inputs_from_cli.return_value = mock_args - init_output = mock_entry_point_tool.return_value = "ok" - - # Call the function - application_core() - - # Assert that the dependencies are initialized correctly - assert init_output == "ok" - - -@mock.patch( - "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.init_engine_core" -) -@mock.patch("builtins.print") -@mock.patch( - "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.get_inputs_from_cli" -) -def test_application_core_exception( - mock_get_inputs_from_cli, mock_print, mock_entry_point_tool -): - # Set up mock arguments - mock_args = { - "platform_devops": "azure", - "remote_config_repo": "https://github.com/example/repo", - "tool": "engine_iac", - "environment": "dev", - "platform": "all", - "use_secrets_manager": "true", - "use_vulnerability_management": "false", - "send_metrics": "true", - "token_cmdb": "abc123", - "token_vulnerability_management": None, - "token_engine_container": None, - "token_engine_dependencies": None, - } - - # Mock the dependencies - mock_get_inputs_from_cli.return_value = mock_args - - # Mock the necessary methods or properties to simulate an exception - mock_entry_point_tool.side_effect = Exception("Simulated error") - - # Act and Assert - application_core() - - # Optionally, you can check the exception message or other details - mock_print.assert_called() - - -@mock.patch("argparse.ArgumentParser.parse_args") -def test_get_inputs_from_cli(mock_parse_args): - # Set up mock arguments - mock_args = mock.MagicMock() - mock_args.platform_devops = "azure" - mock_args.remote_config_repo = "https://github.com/example/repo" - mock_args.tool = "engine_iac" - mock_args.folder_path = "/path/to/folder" - mock_args.platform = "k8s,docker" - mock_args.use_secrets_manager = "true" - mock_args.use_vulnerability_management = "false" - mock_args.send_metrics = "true" - mock_args.token_cmdb = "abc123" - mock_args.token_vulnerability_management = None - mock_args.token_engine_container = None - mock_args.token_engine_dependencies = None - - # Mock the parse_args method - mock_parse_args.return_value = mock_args - - # Call the function - result = get_inputs_from_cli(None) - - # Assert that the function returns the expected result - assert result == { - "platform_devops": "azure", - "remote_config_repo": "https://github.com/example/repo", - "tool": "engine_iac", - "folder_path": "/path/to/folder", - "platform": "k8s,docker", - "use_secrets_manager": "true", - "use_vulnerability_management": "false", - "send_metrics": "true", - "token_cmdb": "abc123", - "token_vulnerability_management": None, - "token_engine_container": None, - "token_engine_dependencies": None, - } - - -def test_parse_choices(): - # Set up mock arguments - result = parse_separated_list( - "docker,k8s", {"all", "docker", "k8s", "cloudformation"} - ) - assert result == ["docker", "k8s"] +from unittest import mock +from devsecops_engine_tools.engine_core.src.applications.runner_engine_core import ( + application_core, + get_inputs_from_cli, + parse_separated_list, +) + + +@mock.patch( + "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.init_engine_core" +) +@mock.patch( + "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.get_inputs_from_cli" +) +def test_application_core(mock_get_inputs_from_cli, mock_entry_point_tool): + # Set up mock arguments + mock_args = { + "platform_devops": "azure", + "remote_config_repo": "https://github.com/example/repo", + "tool": "engine_iac", + "environment": "dev", + "platform": "k8s", + "use_secrets_manager": "true", + "use_vulnerability_management": "false", + "send_metrics": "true", + "token_cmdb": "abc123", + "token_vulnerability_management": None, + "token_engine_container": None, + "token_engine_dependencies": None, + "dast_file_path": None, + } + + # Mock the dependencies + mock_get_inputs_from_cli.return_value = mock_args + init_output = mock_entry_point_tool.return_value = "ok" + + # Call the function + application_core() + + # Assert that the dependencies are initialized correctly + assert init_output == "ok" + + +@mock.patch( + "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.init_engine_core" +) +@mock.patch("builtins.print") +@mock.patch( + "devsecops_engine_tools.engine_core.src.applications.runner_engine_core.get_inputs_from_cli" +) +def test_application_core_exception( + mock_get_inputs_from_cli, mock_print, mock_entry_point_tool +): + # Set up mock arguments + mock_args = { + "platform_devops": "azure", + "remote_config_repo": "https://github.com/example/repo", + "tool": "engine_iac", + "environment": "dev", + "platform": "all", + "use_secrets_manager": "true", + "use_vulnerability_management": "false", + "send_metrics": "true", + "token_cmdb": "abc123", + "token_vulnerability_management": None, + "token_engine_container": None, + "token_engine_dependencies": None, + } + + # Mock the dependencies + mock_get_inputs_from_cli.return_value = mock_args + + # Mock the necessary methods or properties to simulate an exception + mock_entry_point_tool.side_effect = Exception("Simulated error") + + # Act and Assert + application_core() + + # Optionally, you can check the exception message or other details + mock_print.assert_called() + + +@mock.patch("argparse.ArgumentParser.parse_args") +def test_get_inputs_from_cli(mock_parse_args): + # Set up mock arguments + mock_args = mock.MagicMock() + mock_args.platform_devops = "azure" + mock_args.remote_config_repo = "https://github.com/example/repo" + mock_args.tool = "engine_iac" + mock_args.folder_path = "/path/to/folder" + mock_args.platform = "k8s,docker" + mock_args.use_secrets_manager = "true" + mock_args.use_vulnerability_management = "false" + mock_args.send_metrics = "true" + mock_args.token_cmdb = "abc123" + mock_args.token_vulnerability_management = None + mock_args.token_engine_container = None + mock_args.token_engine_dependencies = None + + # Mock the parse_args method + mock_parse_args.return_value = mock_args + + # Call the function + result = get_inputs_from_cli(None) + + # Assert that the function returns the expected result + assert result == { + "platform_devops": "azure", + "remote_config_repo": "https://github.com/example/repo", + "tool": "engine_iac", + "folder_path": "/path/to/folder", + "platform": "k8s,docker", + "use_secrets_manager": "true", + "use_vulnerability_management": "false", + "send_metrics": "true", + "token_cmdb": "abc123", + "token_vulnerability_management": None, + "token_engine_container": None, + "token_engine_dependencies": None, + } + + +def test_parse_choices(): + # Set up mock arguments + result = parse_separated_list( + "docker,k8s", {"all", "docker", "k8s", "cloudformation"} + ) + assert result == ["docker", "k8s"] diff --git a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py index 213cfb251..cfae016e6 100644 --- a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py @@ -1,265 +1,265 @@ -import unittest -from unittest.mock import MagicMock -from unittest import mock -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold -from devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan import ( - HandleScan, -) -from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( ExceptionVulnerabilityManagement, ExceptionFindingsExcepted) - - -class TestHandleScan(unittest.TestCase): - def setUp(self): - self.vulnerability_management = MagicMock() - self.secrets_manager_gateway = MagicMock() - self.devops_platform_gateway = MagicMock() - self.handle_scan = HandleScan( - self.vulnerability_management, - self.secrets_manager_gateway, - self.devops_platform_gateway, - ) - - @mock.patch( - "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_iac" - ) - def test_process_with_engine_iac(self, mock_runner_engine_iac): - dict_args = { - "use_secrets_manager": "true", - "tool": "engine_iac", - "use_vulnerability_management": "true", - "remote_config_repo": "test_repo", - } - config_tool = {"ENGINE_IAC": {"ENABLED": "true", "TOOL": "tool"}} - secret_tool = "some_secret" - self.secrets_manager_gateway.get_secret.return_value = secret_tool - self.devops_platform_gateway.get_variable.return_value = "dev" - - # Mock the runner_engine_iac function and its return values - findings_list = ["finding1", "finding2"] - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - mock_runner_engine_iac.return_value = findings_list, input_core - - # Mock the send_vulnerability_management method - self.vulnerability_management.send_vulnerability_management = MagicMock() - - # Mock the get_findings_excepted method - self.vulnerability_management.get_findings_excepted = MagicMock() - self.vulnerability_management.get_findings_excepted.return_value = [] - - # Call the process method - result_findings_list, result_input_core = self.handle_scan.process( - dict_args, config_tool - ) - - # Assert the expected values - self.assertEqual(result_findings_list, findings_list) - self.assertEqual(result_input_core, input_core) - self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) - mock_runner_engine_iac.assert_called_once_with( - dict_args, config_tool["ENGINE_IAC"]["TOOL"], secret_tool, self.devops_platform_gateway, "dev" - ) - self.vulnerability_management.send_vulnerability_management.assert_called_once() - self.vulnerability_management.get_findings_excepted.assert_called_once() - - @mock.patch( - "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_iac" - ) - def test_process_with_engine_iac_error(self, mock_runner_engine_iac): - dict_args = { - "use_secrets_manager": "false", - "tool": "engine_iac", - "use_vulnerability_management": "true", - "remote_config_repo": "test_repo", - } - config_tool = {"ENGINE_IAC": {"ENABLED": "true", "TOOL": "tool"}} - - # Mock the runner_engine_iac function and its return values - findings_list = ["finding1", "finding2"] - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - mock_runner_engine_iac.return_value = findings_list, input_core - - # Mock the send_vulnerability_management method - self.vulnerability_management.send_vulnerability_management.side_effect = ExceptionVulnerabilityManagement("Simulated error") - - # Mock the get_findings_excepted method - self.vulnerability_management.get_findings_excepted.side_effect = ExceptionFindingsExcepted("Simulated error") - - # Call the process method - result_findings_list, result_input_core = self.handle_scan.process( - dict_args, config_tool - ) - - # Assert the expected values - self.assertEqual(result_findings_list, findings_list) - self.assertEqual(result_input_core, input_core) - - self.vulnerability_management.send_vulnerability_management.assert_called_once() - self.vulnerability_management.get_findings_excepted.assert_called_once() - - @mock.patch( - "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_container" - ) - def test_process_with_engine_container(self, mock_runner_engine_container): - dict_args = { - "use_secrets_manager": "true", - "tool": "engine_container", - "remote_config_repo": "test_repo", - "use_vulnerability_management":"true", - } - config_tool = {"ENGINE_CONTAINER": {"ENABLED": "true", "TOOL": "tool"}} - secret_tool = {"token_prisma_cloud": "test"} - self.secrets_manager_gateway.get_secret.return_value = secret_tool - - # Mock the runner_engine_iac function and its return values - findings_list = ["finding1", "finding2"] - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - mock_runner_engine_container.return_value = findings_list, input_core - - # Call the process method - result_findings_list, result_input_core = self.handle_scan.process( - dict_args, config_tool - ) - - # Assert the expected values - self.assertEqual(result_findings_list, findings_list) - self.assertEqual(result_input_core, input_core) - self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) - - @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_dast") - @mock.patch("builtins.open", new_callable=mock.mock_open, read_data='''{ - "endpoint": "https://example.com", - "operations": [ - { - "operation": { - "headers": { - "accept": "/" - }, - "method": "POST", - "path": "/example_path", - "security_auth": { - "type": "jwt" - } - } - } - ] - }''') - def test_process_with_engine_dast(self, mock_open, mock_runner_engine_dast): - dict_args = { - "use_secrets_manager": "true", - "tool": "engine_dast", - "dast_file_path": "example_dast.json" - } - secret_tool = {"github_token": "example_token"} - self.secrets_manager_gateway.get_secret.return_value = secret_tool - config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI"}} - # Simula lo que devolverá runner_engine_dast - mock_runner_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") - # Llama al método que deseas probar - result_findings_list, result_input_core = self.handle_scan.process(dict_args, config_tool) - # Verifica que el mock se haya llamado correctamente - mock_runner_engine_dast.assert_called_once_with( - dict_args, config_tool, secret_tool, self.devops_platform_gateway - ) - # Verifica los resultados devueltos - self.assertEqual(result_findings_list, ["finding1", "finding2"]) - self.assertEqual(result_input_core, "input_core_mock") - - @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_secret_scan") - def test_process_with_engine_secret(self, mock_runner_secret_scan): - dict_args = { - "use_secrets_manager": "false", - "tool": "engine_secret", - "remote_config_repo": "test_repo", - "use_vulnerability_management": "true", - } - config_tool = {"ENGINE_SECRET": {"ENABLED": "true", "TOOL": "trufflehog"}} - - # Mock the runner_engine_secret function and its return values - findings_list = ["finding1", "finding2"] - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - mock_runner_secret_scan.return_value = findings_list, input_core - - # Call the process method - result_findings_list, result_input_core = self.handle_scan.process( - dict_args, config_tool - ) - - # Assert the expected values - self.assertEqual(result_findings_list, findings_list) - self.assertEqual(result_input_core, input_core) - mock_runner_secret_scan.assert_called_once_with( - dict_args, config_tool["ENGINE_SECRET"]["TOOL"], self.devops_platform_gateway - ) - - @mock.patch( - "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_dependencies" - ) - def test_process_with_engine_dependencies(self, mock_runner_engine_dependencies): - dict_args = { - "use_secrets_manager": "true", - "tool": "engine_dependencies", - "remote_config_repo": "test_repo", - "use_vulnerability_management": "true" - } - config_tool = { - "ENGINE_DEPENDENCIES": "some_config", - "ENGINE_DEPENDENCIES": {"TOOL": "some_tool"} - } - secret_tool = {"token_xray": "test"} - self.secrets_manager_gateway.get_secret.return_value = secret_tool - - # Mock the runner_engine_dependencies function and its return values - findings_list = ["finding1", "finding2"] - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - mock_runner_engine_dependencies.return_value = findings_list, input_core - - # Call the process method - result_findings_list, result_input_core = self.handle_scan.process( - dict_args, config_tool - ) - - # Assert the expected values - self.assertEqual(result_findings_list, findings_list) - self.assertEqual(result_input_core, input_core) - self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) - mock_runner_engine_dependencies.assert_called_once_with( - dict_args, config_tool, secret_tool["token_xray"], self.devops_platform_gateway - ) - - +import unittest +from unittest.mock import MagicMock +from unittest import mock +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold +from devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan import ( + HandleScan, +) +from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( ExceptionVulnerabilityManagement, ExceptionFindingsExcepted) + + +class TestHandleScan(unittest.TestCase): + def setUp(self): + self.vulnerability_management = MagicMock() + self.secrets_manager_gateway = MagicMock() + self.devops_platform_gateway = MagicMock() + self.handle_scan = HandleScan( + self.vulnerability_management, + self.secrets_manager_gateway, + self.devops_platform_gateway, + ) + + @mock.patch( + "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_iac" + ) + def test_process_with_engine_iac(self, mock_runner_engine_iac): + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_iac", + "use_vulnerability_management": "true", + "remote_config_repo": "test_repo", + } + config_tool = {"ENGINE_IAC": {"ENABLED": "true", "TOOL": "tool"}} + secret_tool = "some_secret" + self.secrets_manager_gateway.get_secret.return_value = secret_tool + self.devops_platform_gateway.get_variable.return_value = "dev" + + # Mock the runner_engine_iac function and its return values + findings_list = ["finding1", "finding2"] + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + mock_runner_engine_iac.return_value = findings_list, input_core + + # Mock the send_vulnerability_management method + self.vulnerability_management.send_vulnerability_management = MagicMock() + + # Mock the get_findings_excepted method + self.vulnerability_management.get_findings_excepted = MagicMock() + self.vulnerability_management.get_findings_excepted.return_value = [] + + # Call the process method + result_findings_list, result_input_core = self.handle_scan.process( + dict_args, config_tool + ) + + # Assert the expected values + self.assertEqual(result_findings_list, findings_list) + self.assertEqual(result_input_core, input_core) + self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) + mock_runner_engine_iac.assert_called_once_with( + dict_args, config_tool["ENGINE_IAC"]["TOOL"], secret_tool, self.devops_platform_gateway, "dev" + ) + self.vulnerability_management.send_vulnerability_management.assert_called_once() + self.vulnerability_management.get_findings_excepted.assert_called_once() + + @mock.patch( + "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_iac" + ) + def test_process_with_engine_iac_error(self, mock_runner_engine_iac): + dict_args = { + "use_secrets_manager": "false", + "tool": "engine_iac", + "use_vulnerability_management": "true", + "remote_config_repo": "test_repo", + } + config_tool = {"ENGINE_IAC": {"ENABLED": "true", "TOOL": "tool"}} + + # Mock the runner_engine_iac function and its return values + findings_list = ["finding1", "finding2"] + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + mock_runner_engine_iac.return_value = findings_list, input_core + + # Mock the send_vulnerability_management method + self.vulnerability_management.send_vulnerability_management.side_effect = ExceptionVulnerabilityManagement("Simulated error") + + # Mock the get_findings_excepted method + self.vulnerability_management.get_findings_excepted.side_effect = ExceptionFindingsExcepted("Simulated error") + + # Call the process method + result_findings_list, result_input_core = self.handle_scan.process( + dict_args, config_tool + ) + + # Assert the expected values + self.assertEqual(result_findings_list, findings_list) + self.assertEqual(result_input_core, input_core) + + self.vulnerability_management.send_vulnerability_management.assert_called_once() + self.vulnerability_management.get_findings_excepted.assert_called_once() + + @mock.patch( + "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_container" + ) + def test_process_with_engine_container(self, mock_runner_engine_container): + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_container", + "remote_config_repo": "test_repo", + "use_vulnerability_management":"true", + } + config_tool = {"ENGINE_CONTAINER": {"ENABLED": "true", "TOOL": "tool"}} + secret_tool = {"token_prisma_cloud": "test"} + self.secrets_manager_gateway.get_secret.return_value = secret_tool + + # Mock the runner_engine_iac function and its return values + findings_list = ["finding1", "finding2"] + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + mock_runner_engine_container.return_value = findings_list, input_core + + # Call the process method + result_findings_list, result_input_core = self.handle_scan.process( + dict_args, config_tool + ) + + # Assert the expected values + self.assertEqual(result_findings_list, findings_list) + self.assertEqual(result_input_core, input_core) + self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) + + @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_dast") + @mock.patch("builtins.open", new_callable=mock.mock_open, read_data='''{ + "endpoint": "https://example.com", + "operations": [ + { + "operation": { + "headers": { + "accept": "/" + }, + "method": "POST", + "path": "/example_path", + "security_auth": { + "type": "jwt" + } + } + } + ] + }''') + def test_process_with_engine_dast(self, mock_open, mock_runner_engine_dast): + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_dast", + "dast_file_path": "example_dast.json" + } + secret_tool = {"github_token": "example_token"} + self.secrets_manager_gateway.get_secret.return_value = secret_tool + config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI"}} + # Simula lo que devolverá runner_engine_dast + mock_runner_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") + # Llama al método que deseas probar + result_findings_list, result_input_core = self.handle_scan.process(dict_args, config_tool) + # Verifica que el mock se haya llamado correctamente + mock_runner_engine_dast.assert_called_once_with( + dict_args, config_tool, secret_tool, self.devops_platform_gateway + ) + # Verifica los resultados devueltos + self.assertEqual(result_findings_list, ["finding1", "finding2"]) + self.assertEqual(result_input_core, "input_core_mock") + + @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_secret_scan") + def test_process_with_engine_secret(self, mock_runner_secret_scan): + dict_args = { + "use_secrets_manager": "false", + "tool": "engine_secret", + "remote_config_repo": "test_repo", + "use_vulnerability_management": "true", + } + config_tool = {"ENGINE_SECRET": {"ENABLED": "true", "TOOL": "trufflehog"}} + + # Mock the runner_engine_secret function and its return values + findings_list = ["finding1", "finding2"] + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + mock_runner_secret_scan.return_value = findings_list, input_core + + # Call the process method + result_findings_list, result_input_core = self.handle_scan.process( + dict_args, config_tool + ) + + # Assert the expected values + self.assertEqual(result_findings_list, findings_list) + self.assertEqual(result_input_core, input_core) + mock_runner_secret_scan.assert_called_once_with( + dict_args, config_tool["ENGINE_SECRET"]["TOOL"], self.devops_platform_gateway + ) + + @mock.patch( + "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_engine_dependencies" + ) + def test_process_with_engine_dependencies(self, mock_runner_engine_dependencies): + dict_args = { + "use_secrets_manager": "true", + "tool": "engine_dependencies", + "remote_config_repo": "test_repo", + "use_vulnerability_management": "true" + } + config_tool = { + "ENGINE_DEPENDENCIES": "some_config", + "ENGINE_DEPENDENCIES": {"TOOL": "some_tool"} + } + secret_tool = {"token_xray": "test"} + self.secrets_manager_gateway.get_secret.return_value = secret_tool + + # Mock the runner_engine_dependencies function and its return values + findings_list = ["finding1", "finding2"] + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + mock_runner_engine_dependencies.return_value = findings_list, input_core + + # Call the process method + result_findings_list, result_input_core = self.handle_scan.process( + dict_args, config_tool + ) + + # Assert the expected values + self.assertEqual(result_findings_list, findings_list) + self.assertEqual(result_input_core, input_core) + self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) + mock_runner_engine_dependencies.assert_called_once_with( + dict_args, config_tool, secret_tool["token_xray"], self.devops_platform_gateway + ) + + diff --git a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py index a81df5678..2ac537ab8 100644 --- a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py +++ b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py @@ -1,51 +1,51 @@ -import unittest -from unittest.mock import MagicMock, patch -from unittest import mock -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import S3Manager -import datetime - -class S3ManagerTests(unittest.TestCase): - def setUp(self): - self.s3_manager = S3Manager() - - @patch("boto3.session.Session.client") - @patch("devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager.assume_role") - def test_send_metrics(self, mock_assume_role , mock_client): - # Mock the necessary dependencies - mock_client.return_value = MagicMock() - - mock_assume_role.return_value.return_value = { - "AccessKeyId": "test", - "SecretAccessKey": "test", - "SessionToken": "test" - } - - # Set up test data - config_tool = { - "METRICS_MANAGER": { - "AWS": { - "ROLE_ARN": "arn:aws:iam::123456789012:role/MyRole", - "REGION_NAME": "us-west-2", - "BUCKET": "my-bucket", - } - } - } - tool = "my-tool" - file_path = "/path/to/my/file.txt" - - with mock.patch("builtins.open", create=True) as mock_open: - # Call the method under test - self.s3_manager.send_metrics(config_tool, tool, file_path) - - # Assert that the necessary methods were called with the correct arguments - mock_client.assert_called_once_with( - service_name="s3", - region_name="us-west-2", - aws_access_key_id=mock.ANY, - aws_secret_access_key=mock.ANY, - aws_session_token=mock.ANY, - ) - date = datetime.datetime.now() - mock_client.return_value.put_object.assert_called_once_with( - Bucket="my-bucket", Key=f"engine_tools/my-tool/{date.strftime('%Y')}/{date.strftime('%m')}/{date.strftime('%d')}/file.txt", Body=mock.ANY +import unittest +from unittest.mock import MagicMock, patch +from unittest import mock +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import S3Manager +import datetime + +class S3ManagerTests(unittest.TestCase): + def setUp(self): + self.s3_manager = S3Manager() + + @patch("boto3.session.Session.client") + @patch("devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager.assume_role") + def test_send_metrics(self, mock_assume_role , mock_client): + # Mock the necessary dependencies + mock_client.return_value = MagicMock() + + mock_assume_role.return_value.return_value = { + "AccessKeyId": "test", + "SecretAccessKey": "test", + "SessionToken": "test" + } + + # Set up test data + config_tool = { + "METRICS_MANAGER": { + "AWS": { + "ROLE_ARN": "arn:aws:iam::123456789012:role/MyRole", + "REGION_NAME": "us-west-2", + "BUCKET": "my-bucket", + } + } + } + tool = "my-tool" + file_path = "/path/to/my/file.txt" + + with mock.patch("builtins.open", create=True) as mock_open: + # Call the method under test + self.s3_manager.send_metrics(config_tool, tool, file_path) + + # Assert that the necessary methods were called with the correct arguments + mock_client.assert_called_once_with( + service_name="s3", + region_name="us-west-2", + aws_access_key_id=mock.ANY, + aws_secret_access_key=mock.ANY, + aws_session_token=mock.ANY, + ) + date = datetime.datetime.now() + mock_client.return_value.put_object.assert_called_once_with( + Bucket="my-bucket", Key=f"engine_tools/my-tool/{date.strftime('%Y')}/{date.strftime('%m')}/{date.strftime('%d')}/file.txt", Body=mock.ANY ) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py index 1b98a18c2..72dc6d126 100644 --- a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py +++ b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py @@ -1,105 +1,105 @@ -import unittest -from unittest.mock import MagicMock -from unittest import mock -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import GithubActions - - -class TestGithubActions(unittest.TestCase): - - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.GithubApi', - autospec=True - ) - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', - autospec=True - ) - def test_get_remote_config(self, mock_system_variables, mock_github_api): - github_actions = GithubActions() - - # Set up mock values for SystemVariables - mock_system_variables.github_repository.value.return_value = "github_repository" - - # Mock the AzureDevopsApi class - mock_github_api_instance = MagicMock() - mock_github_api_instance.get_azure_connection.return_value = "MockedConnection" - mock_github_api_instance.get_remote_json_config.return_value = {'key': 'value'} - mock_github_api.return_value = mock_github_api_instance - - remote_config_repo = "my_repo" - remote_config_path = "my_path" - result = github_actions.get_remote_config(remote_config_repo, remote_config_path) - - assert result == {"key": "value"} - - def test_message(self): - - github_actions = GithubActions() - - assert github_actions.message("succeeded", "message") == "::group::message" - assert github_actions.message("info", "message") == "::notice::message" - assert github_actions.message("warning", "message") == "::warning::message" - assert github_actions.message("error", "message") == "::error::message" - - def test_result_pipeline(self): - ENDC = "\033[0m" - FAIL = "\033[91m" - OKGREEN = "\033[92m" - ICON_FAIL = "\u2718" - ICON_SUCCESS = "\u2714" - - github_actions = GithubActions() - - assert github_actions.result_pipeline("failed") == f"{FAIL}{ICON_FAIL}Failed{ENDC}" - assert github_actions.result_pipeline("succeeded") == f"{OKGREEN}{ICON_SUCCESS}Succeeded{ENDC}" - - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', - autospec=True) - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.BuildVariables', - autospec=True) - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.ReleaseVariables', - autospec=True) - def test_get_variable(self, mock_release_variables, mock_build_variables, mock_system_variables): - github_actions = GithubActions() - - # Mock the BuildVariables class - mock_build_variables.github_ref.value.return_value = "github_ref" - mock_build_variables.github_run_number.value.return_value = "github_run_number" - mock_build_variables.github_run_id.value.return_value = "github_run_id" - mock_build_variables.github_sha.value.return_value = "github_sha" - - - # Mock the ReleaseVariables class - mock_release_variables.github_workflow.value.return_value = "github_workflow" - mock_release_variables.github_env.value.return_value = "github_env" - mock_release_variables.github_run_number.value.return_value = "github_run_number" - - # Mock the SystemVariables class - mock_system_variables.github_access_token.value.return_value = "github_access_token" - - result = github_actions.get_variable("branch_name") - assert result == "github_ref" - - result = github_actions.get_variable("build_id") - assert result == "github_run_number" - - result = github_actions.get_variable("build_execution_id") - assert result == "github_run_id" - - result = github_actions.get_variable("commit_hash") - assert result == "github_sha" - - result = github_actions.get_variable("environment") - assert result == "github_env" - - result = github_actions.get_variable("release_id") - assert result == "github_run_number" - - result = github_actions.get_variable("branch_tag") - assert result == "github_ref" - - result = github_actions.get_variable("access_token") - assert result == "github_access_token" +import unittest +from unittest.mock import MagicMock +from unittest import mock +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import GithubActions + + +class TestGithubActions(unittest.TestCase): + + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.GithubApi', + autospec=True + ) + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', + autospec=True + ) + def test_get_remote_config(self, mock_system_variables, mock_github_api): + github_actions = GithubActions() + + # Set up mock values for SystemVariables + mock_system_variables.github_repository.value.return_value = "github_repository" + + # Mock the AzureDevopsApi class + mock_github_api_instance = MagicMock() + mock_github_api_instance.get_azure_connection.return_value = "MockedConnection" + mock_github_api_instance.get_remote_json_config.return_value = {'key': 'value'} + mock_github_api.return_value = mock_github_api_instance + + remote_config_repo = "my_repo" + remote_config_path = "my_path" + result = github_actions.get_remote_config(remote_config_repo, remote_config_path) + + assert result == {"key": "value"} + + def test_message(self): + + github_actions = GithubActions() + + assert github_actions.message("succeeded", "message") == "::group::message" + assert github_actions.message("info", "message") == "::notice::message" + assert github_actions.message("warning", "message") == "::warning::message" + assert github_actions.message("error", "message") == "::error::message" + + def test_result_pipeline(self): + ENDC = "\033[0m" + FAIL = "\033[91m" + OKGREEN = "\033[92m" + ICON_FAIL = "\u2718" + ICON_SUCCESS = "\u2714" + + github_actions = GithubActions() + + assert github_actions.result_pipeline("failed") == f"{FAIL}{ICON_FAIL}Failed{ENDC}" + assert github_actions.result_pipeline("succeeded") == f"{OKGREEN}{ICON_SUCCESS}Succeeded{ENDC}" + + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', + autospec=True) + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.BuildVariables', + autospec=True) + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.ReleaseVariables', + autospec=True) + def test_get_variable(self, mock_release_variables, mock_build_variables, mock_system_variables): + github_actions = GithubActions() + + # Mock the BuildVariables class + mock_build_variables.github_ref.value.return_value = "github_ref" + mock_build_variables.github_run_number.value.return_value = "github_run_number" + mock_build_variables.github_run_id.value.return_value = "github_run_id" + mock_build_variables.github_sha.value.return_value = "github_sha" + + + # Mock the ReleaseVariables class + mock_release_variables.github_workflow.value.return_value = "github_workflow" + mock_release_variables.github_env.value.return_value = "github_env" + mock_release_variables.github_run_number.value.return_value = "github_run_number" + + # Mock the SystemVariables class + mock_system_variables.github_access_token.value.return_value = "github_access_token" + + result = github_actions.get_variable("branch_name") + assert result == "github_ref" + + result = github_actions.get_variable("build_id") + assert result == "github_run_number" + + result = github_actions.get_variable("build_execution_id") + assert result == "github_run_id" + + result = github_actions.get_variable("commit_hash") + assert result == "github_sha" + + result = github_actions.get_variable("environment") + assert result == "github_env" + + result = github_actions.get_variable("release_id") + assert result == "github_run_number" + + result = github_actions.get_variable("branch_tag") + assert result == "github_ref" + + result = github_actions.get_variable("access_token") + assert result == "github_access_token" diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py index f55651561..41488e077 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/file_generator_tool.py @@ -50,8 +50,8 @@ def generate_file_from_tool(tool, result_list, rules_doc): "resource_count", 0 ) + result_two.get("summary", {}).get("resource_count", 0), - "checkov_version": result_one.get("summary", {}).get( - "checkov_version", None + "nuclei_version": result_one.get("summary", {}).get( + "version", None ), }, } @@ -68,4 +68,4 @@ def generate_file_from_tool(tool, result_list, rules_doc): def update_field(elem, field, new_value): - return {**elem, field: new_value} + return {**elem, field: new_value} \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py b/tools/devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py index bc03a9209..224e0cba1 100644 --- a/tools/devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py +++ b/tools/devsecops_engine_tools/engine_risk/src/domain/usecases/handle_filters.py @@ -1,18 +1,18 @@ -class HandleFilters: - def __init__( - self, - remote_config, - ): - self.remote_config = remote_config - - def filter(self, findings): - tag_list = self.remote_config["TAG_FILTER"] - severity_list = ["critical", "high", "medium", "low"] - return list( - filter( - lambda finding: finding.active - and any(tag in finding.tags for tag in tag_list) - and (finding.severity.lower() in severity_list), - findings, - ) - ) +class HandleFilters: + def __init__( + self, + remote_config, + ): + self.remote_config = remote_config + + def filter(self, findings): + tag_list = self.remote_config["TAG_FILTER"] + severity_list = ["critical", "high", "medium", "low"] + return list( + filter( + lambda finding: finding.active + and any(tag in finding.tags for tag in tag_list) + and (finding.severity.lower() in severity_list), + findings, + ) + ) diff --git a/tools/devsecops_engine_tools/engine_risk/test/domain/usecases/test_handle_filters.py b/tools/devsecops_engine_tools/engine_risk/test/domain/usecases/test_handle_filters.py index 52667093e..e2d97c79c 100644 --- a/tools/devsecops_engine_tools/engine_risk/test/domain/usecases/test_handle_filters.py +++ b/tools/devsecops_engine_tools/engine_risk/test/domain/usecases/test_handle_filters.py @@ -1,46 +1,46 @@ -import unittest -from devsecops_engine_tools.engine_risk.src.domain.usecases.handle_filters import ( - HandleFilters, -) -from devsecops_engine_tools.engine_core.src.domain.model.report import Report - - -class TestHandleFilters(unittest.TestCase): - def setUp(self): - self.remote_config = {"TAG_FILTER": ["tag3"]} - self.findings = [ - Report( - id="id2", - date="21022024", - status="stat2", - where="path", - tags=["tag1"], - severity="low", - active=True, - ), - Report( - id="id2", - date="21022024", - status="stat2", - where="path2", - tags=["tag2"], - severity="low", - active=None, - ), - Report( - id="id3", - date="21022024", - status="stat3", - where="path3", - tags=["tag3"], - severity="low", - active=True, - ), - ] - self.handle_filters = HandleFilters(self.remote_config) - - def test_filter(self): - result = self.handle_filters.filter(self.findings) - - assert result[0].tags == self.remote_config["TAG_FILTER"] - assert len(result) == 1 +import unittest +from devsecops_engine_tools.engine_risk.src.domain.usecases.handle_filters import ( + HandleFilters, +) +from devsecops_engine_tools.engine_core.src.domain.model.report import Report + + +class TestHandleFilters(unittest.TestCase): + def setUp(self): + self.remote_config = {"TAG_FILTER": ["tag3"]} + self.findings = [ + Report( + id="id2", + date="21022024", + status="stat2", + where="path", + tags=["tag1"], + severity="low", + active=True, + ), + Report( + id="id2", + date="21022024", + status="stat2", + where="path2", + tags=["tag2"], + severity="low", + active=None, + ), + Report( + id="id3", + date="21022024", + status="stat3", + where="path3", + tags=["tag3"], + severity="low", + active=True, + ), + ] + self.handle_filters = HandleFilters(self.remote_config) + + def test_filter(self): + result = self.handle_filters.filter(self.findings) + + assert result[0].tags == self.remote_config["TAG_FILTER"] + assert len(result) == 1 diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py index 0d0283b17..524d98c54 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py @@ -1,43 +1,43 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.entry_points.entry_point_tool import ( - init_engine_sast_rm, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import ( - CheckovTool -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import ( - KubescapeTool -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( - KicsTool -) - - -def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env): - try: - # Define driven adapters for gateways - tool_gateway = None - - tools = { - "CHECKOV": CheckovTool(), - "KUBESCAPE": KubescapeTool(), - "KICS": KicsTool() - } - - if tool in tools: - tool_gateway = tools[tool] - - return init_engine_sast_rm( - devops_platform_gateway=devops_platform_gateway, - tool_gateway=tool_gateway, - dict_args=dict_args, - secret_tool=secret_tool, - tool=tool, - env=env, - ) - - except Exception as e: - raise Exception(f"Error engine_iac : {str(e)}") - - -if __name__ == "__main__": - runner_engine_iac() +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.entry_points.entry_point_tool import ( + init_engine_sast_rm, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import ( + CheckovTool +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import ( + KubescapeTool +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( + KicsTool +) + + +def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env): + try: + # Define driven adapters for gateways + tool_gateway = None + + tools = { + "CHECKOV": CheckovTool(), + "KUBESCAPE": KubescapeTool(), + "KICS": KicsTool() + } + + if tool in tools: + tool_gateway = tools[tool] + + return init_engine_sast_rm( + devops_platform_gateway=devops_platform_gateway, + tool_gateway=tool_gateway, + dict_args=dict_args, + secret_tool=secret_tool, + tool=tool, + env=env, + ) + + except Exception as e: + raise Exception(f"Error engine_iac : {str(e)}") + + +if __name__ == "__main__": + runner_engine_iac() diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py index 8dba74240..3274b8b27 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py @@ -1,34 +1,34 @@ -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold - - -class ConfigTool: - def __init__(self, json_data, tool): - self.version = json_data[tool]["VERSION"] - self.search_pattern = json_data["SEARCH_PATTERN"] - self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"] - self.update_service_file_name_cft = json_data["UPDATE_SERVICE_WITH_FILE_NAME_CFT"] - self.use_external_checks_git = json_data[tool]["USE_EXTERNAL_CHECKS_GIT"] - self.external_checks_git = json_data[tool]["EXTERNAL_CHECKS_GIT"] - self.repository_ssh_host = json_data[tool]["EXTERNAL_GIT_SSH_HOST"] - self.repository_public_key_fp = json_data[tool]["EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT"] - self.use_external_checks_dir = json_data[tool]["USE_EXTERNAL_CHECKS_DIR"] - self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"] - self.external_dir_repository = json_data[tool]["EXTERNAL_DIR_REPOSITORY"] - self.message_info_engine_iac = json_data["MESSAGE_INFO_ENGINE_IAC"] - self.threshold = Threshold(json_data["THRESHOLD"]) - self.rules_data_type = json_data[tool]["RULES"] - self.scope_pipeline = "" - self.exclusions = None - self.exclusions_all = None - self.exclusions_scope = None - self.rules_all = {} - if "KICS_LINUX" in json_data[tool]: - self.kics_linux = json_data[tool]["KICS_LINUX"] - if "KICS_WINDOWS" in json_data[tool]: - self.kics_windows = json_data[tool]["KICS_WINDOWS"] - if "KICS_MAC" in json_data[tool]: - self.kics_mac = json_data[tool]["KICS_MAC"] - if "PATH_KICS" in json_data[tool]: - self.path_kics = json_data[tool]["PATH_KICS"] - if "DOWNLOAD_KICS_ASSETS" in json_data[tool]: - self.download_kics_assets = json_data[tool]["DOWNLOAD_KICS_ASSETS"] +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +class ConfigTool: + def __init__(self, json_data, tool): + self.version = json_data[tool]["VERSION"] + self.search_pattern = json_data["SEARCH_PATTERN"] + self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"] + self.update_service_file_name_cft = json_data["UPDATE_SERVICE_WITH_FILE_NAME_CFT"] + self.use_external_checks_git = json_data[tool]["USE_EXTERNAL_CHECKS_GIT"] + self.external_checks_git = json_data[tool]["EXTERNAL_CHECKS_GIT"] + self.repository_ssh_host = json_data[tool]["EXTERNAL_GIT_SSH_HOST"] + self.repository_public_key_fp = json_data[tool]["EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT"] + self.use_external_checks_dir = json_data[tool]["USE_EXTERNAL_CHECKS_DIR"] + self.external_dir_owner = json_data[tool]["EXTERNAL_DIR_OWNER"] + self.external_dir_repository = json_data[tool]["EXTERNAL_DIR_REPOSITORY"] + self.message_info_engine_iac = json_data["MESSAGE_INFO_ENGINE_IAC"] + self.threshold = Threshold(json_data["THRESHOLD"]) + self.rules_data_type = json_data[tool]["RULES"] + self.scope_pipeline = "" + self.exclusions = None + self.exclusions_all = None + self.exclusions_scope = None + self.rules_all = {} + if "KICS_LINUX" in json_data[tool]: + self.kics_linux = json_data[tool]["KICS_LINUX"] + if "KICS_WINDOWS" in json_data[tool]: + self.kics_windows = json_data[tool]["KICS_WINDOWS"] + if "KICS_MAC" in json_data[tool]: + self.kics_mac = json_data[tool]["KICS_MAC"] + if "PATH_KICS" in json_data[tool]: + self.path_kics = json_data[tool]["PATH_KICS"] + if "DOWNLOAD_KICS_ASSETS" in json_data[tool]: + self.download_kics_assets = json_data[tool]["DOWNLOAD_KICS_ASSETS"] diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py index 4fd933f81..5689ce8e9 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/gateways/tool_gateway.py @@ -1,6 +1,6 @@ -from abc import ABCMeta, abstractmethod - -class ToolGateway(metaclass=ABCMeta): - @abstractmethod - def run_tool(self, config_tool, folders_to_scan, environment, platform_to_scan, secret_tool): - "run_tool" +from abc import ABCMeta, abstractmethod + +class ToolGateway(metaclass=ABCMeta): + @abstractmethod + def run_tool(self, config_tool, folders_to_scan, environment, platform_to_scan, secret_tool): + "run_tool" diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py index 8bf05fc81..d06e50bba 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/usecases/iac_scan.py @@ -1,139 +1,139 @@ -import os -import re -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( - ConfigTool, -) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions -from devsecops_engine_tools.engine_core.src.domain.model.input_core import ( - InputCore -) -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class IacScan: - def __init__( - self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway - ): - self.tool_gateway = tool_gateway - self.devops_platform_gateway = devops_platform_gateway - - def process(self, dict_args, secret_tool, tool, env): - init_config_tool = self.devops_platform_gateway.get_remote_config( - dict_args["remote_config_repo"], "engine_sast/engine_iac/ConfigTool.json" - ) - - exclusions = self.devops_platform_gateway.get_remote_config( - dict_args["remote_config_repo"], "engine_sast/engine_iac/Exclusions.json" - ) - - config_tool, folders_to_scan, skip_tool = self.complete_config_tool( - init_config_tool, exclusions, tool, dict_args - ) - - - findings_list, path_file_results = [], None - if skip_tool == "false": - findings_list, path_file_results = self.tool_gateway.run_tool( - config_tool, - folders_to_scan, - "pdn" if env not in ["dev","qa","pdn"] else env, - dict_args["platform"], - secret_tool, - ) - else: - print(f"Tool skipped by DevSecOps policy") - logger.info(f"Tool skipped by DevSecOps policy") - - totalized_exclusions = [] - ( - totalized_exclusions.extend( - map(lambda elem: Exclusions(**elem), config_tool.exclusions_all) - ) - if config_tool.exclusions_all is not None - else None - ) - ( - totalized_exclusions.extend( - map(lambda elem: Exclusions(**elem), config_tool.exclusions_scope) - ) - if config_tool.exclusions_scope is not None - else None - ) - - input_core = InputCore( - totalized_exclusions=totalized_exclusions, - threshold_defined=config_tool.threshold, - path_file_results=path_file_results, - custom_message_break_build=config_tool.message_info_engine_iac, - scope_pipeline=config_tool.scope_pipeline, - stage_pipeline=self.devops_platform_gateway.get_variable("stage").capitalize(), - ) - - return findings_list, input_core - - def complete_config_tool(self, data_file_tool, exclusions, tool, dict_args): - config_tool = ConfigTool(json_data=data_file_tool, tool=tool) - skip_tool = "false" - - config_tool.exclusions = exclusions - config_tool.scope_pipeline = self.devops_platform_gateway.get_variable( - "pipeline_name" - ) - - if config_tool.exclusions.get("All") is not None: - config_tool.exclusions_all = config_tool.exclusions.get("All").get(tool) - if config_tool.exclusions.get(config_tool.scope_pipeline) is not None: - config_tool.exclusions_scope = config_tool.exclusions.get( - config_tool.scope_pipeline - ).get(tool) - skip_tool = "true" if config_tool.exclusions.get(config_tool.scope_pipeline).get("SKIP_TOOL") else "false" - if(dict_args["folder_path"]): - if config_tool.update_service_file_name_cft == "True" and "cloudformation" in dict_args["platform"]: - files = os.listdir(os.path.join(os.getcwd(), dict_args["folder_path"])) - if len(files) > 0: - name_file, _ = os.path.splitext(files[0]) - config_tool.scope_pipeline = f"{config_tool.scope_pipeline}_{name_file}" - - folders_to_scan = [dict_args["folder_path"]] - else: - folders_to_scan = self.search_folders( - config_tool.search_pattern, config_tool.ignore_search_pattern - ) - - if len(folders_to_scan) == 0: - logger.warning( - "No folders found with the search pattern: %s", - config_tool.search_pattern, - ) - - return config_tool, folders_to_scan, skip_tool - - def search_folders(self, search_pattern, ignore_pattern): - current_directory = os.getcwd() - patron = ( - "(?i)(?!.*(?:" - + "|".join(ignore_pattern) - + ")).*?(" - + "|".join(search_pattern) - + ").*$" - ) - folders = [ - folder - for folder in os.listdir(current_directory) - if os.path.isdir(os.path.join(current_directory, folder)) - ] - matching_folders = [ - os.path.normpath(os.path.join(current_directory, folder)) - for folder in folders - if re.match(patron, folder) - ] - return matching_folders +import os +import re +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( + ConfigTool, +) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions +from devsecops_engine_tools.engine_core.src.domain.model.input_core import ( + InputCore +) +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class IacScan: + def __init__( + self, tool_gateway: ToolGateway, devops_platform_gateway: DevopsPlatformGateway + ): + self.tool_gateway = tool_gateway + self.devops_platform_gateway = devops_platform_gateway + + def process(self, dict_args, secret_tool, tool, env): + init_config_tool = self.devops_platform_gateway.get_remote_config( + dict_args["remote_config_repo"], "engine_sast/engine_iac/ConfigTool.json" + ) + + exclusions = self.devops_platform_gateway.get_remote_config( + dict_args["remote_config_repo"], "engine_sast/engine_iac/Exclusions.json" + ) + + config_tool, folders_to_scan, skip_tool = self.complete_config_tool( + init_config_tool, exclusions, tool, dict_args + ) + + + findings_list, path_file_results = [], None + if skip_tool == "false": + findings_list, path_file_results = self.tool_gateway.run_tool( + config_tool, + folders_to_scan, + "pdn" if env not in ["dev","qa","pdn"] else env, + dict_args["platform"], + secret_tool, + ) + else: + print(f"Tool skipped by DevSecOps policy") + logger.info(f"Tool skipped by DevSecOps policy") + + totalized_exclusions = [] + ( + totalized_exclusions.extend( + map(lambda elem: Exclusions(**elem), config_tool.exclusions_all) + ) + if config_tool.exclusions_all is not None + else None + ) + ( + totalized_exclusions.extend( + map(lambda elem: Exclusions(**elem), config_tool.exclusions_scope) + ) + if config_tool.exclusions_scope is not None + else None + ) + + input_core = InputCore( + totalized_exclusions=totalized_exclusions, + threshold_defined=config_tool.threshold, + path_file_results=path_file_results, + custom_message_break_build=config_tool.message_info_engine_iac, + scope_pipeline=config_tool.scope_pipeline, + stage_pipeline=self.devops_platform_gateway.get_variable("stage").capitalize(), + ) + + return findings_list, input_core + + def complete_config_tool(self, data_file_tool, exclusions, tool, dict_args): + config_tool = ConfigTool(json_data=data_file_tool, tool=tool) + skip_tool = "false" + + config_tool.exclusions = exclusions + config_tool.scope_pipeline = self.devops_platform_gateway.get_variable( + "pipeline_name" + ) + + if config_tool.exclusions.get("All") is not None: + config_tool.exclusions_all = config_tool.exclusions.get("All").get(tool) + if config_tool.exclusions.get(config_tool.scope_pipeline) is not None: + config_tool.exclusions_scope = config_tool.exclusions.get( + config_tool.scope_pipeline + ).get(tool) + skip_tool = "true" if config_tool.exclusions.get(config_tool.scope_pipeline).get("SKIP_TOOL") else "false" + if(dict_args["folder_path"]): + if config_tool.update_service_file_name_cft == "True" and "cloudformation" in dict_args["platform"]: + files = os.listdir(os.path.join(os.getcwd(), dict_args["folder_path"])) + if len(files) > 0: + name_file, _ = os.path.splitext(files[0]) + config_tool.scope_pipeline = f"{config_tool.scope_pipeline}_{name_file}" + + folders_to_scan = [dict_args["folder_path"]] + else: + folders_to_scan = self.search_folders( + config_tool.search_pattern, config_tool.ignore_search_pattern + ) + + if len(folders_to_scan) == 0: + logger.warning( + "No folders found with the search pattern: %s", + config_tool.search_pattern, + ) + + return config_tool, folders_to_scan, skip_tool + + def search_folders(self, search_pattern, ignore_pattern): + current_directory = os.getcwd() + patron = ( + "(?i)(?!.*(?:" + + "|".join(ignore_pattern) + + ")).*?(" + + "|".join(search_pattern) + + ").*$" + ) + folders = [ + folder + for folder in os.listdir(current_directory) + if os.path.isdir(os.path.join(current_directory, folder)) + ] + matching_folders = [ + os.path.normpath(os.path.join(current_directory, folder)) + for folder in folders + if re.match(patron, folder) + ] + return matching_folders diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py index 30e50f04c..299893253 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py @@ -1,35 +1,35 @@ -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from datetime import datetime -from dataclasses import dataclass - - -@dataclass -class CheckovDeserealizator: - @classmethod - def get_list_finding( - cls, results_scan_list: list, rules - ) -> "list[Finding]": - list_open_findings = [] - - for result in results_scan_list: - if "failed_checks" in str(result): - for scan in result["results"]["failed_checks"]: - finding_open = Finding( - id=scan.get("check_id"), - cvss=None, - where = scan.get("repo_file_path") + ": " + str(scan.get("resource")), - description=rules[scan.get("check_id")].get("checkID", scan.get("check_name")), - severity=rules[scan.get("check_id")].get("severity").lower(), - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category(rules[scan.get("check_id")].get("category").lower()), - requirements=scan.get("guideline"), - tool="Checkov" - ) - list_open_findings.append(finding_open) - +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from datetime import datetime +from dataclasses import dataclass + + +@dataclass +class CheckovDeserealizator: + @classmethod + def get_list_finding( + cls, results_scan_list: list, rules + ) -> "list[Finding]": + list_open_findings = [] + + for result in results_scan_list: + if "failed_checks" in str(result): + for scan in result["results"]["failed_checks"]: + finding_open = Finding( + id=scan.get("check_id"), + cvss=None, + where = scan.get("repo_file_path") + ": " + str(scan.get("resource")), + description=rules[scan.get("check_id")].get("checkID", scan.get("check_name")), + severity=rules[scan.get("check_id")].get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category(rules[scan.get("check_id")].get("category").lower()), + requirements=scan.get("guideline"), + tool="Checkov" + ) + list_open_findings.append(finding_open) + return list_open_findings \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py index e0d7b7ebe..ee92553a8 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_tool.py @@ -1,188 +1,188 @@ -import yaml -import subprocess -import os -import platform -import queue -import threading -import json -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( - ConfigTool, -) - -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import ( - CheckovDeserealizator, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_config import ( - CheckovConfig -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import ( - generate_file_from_tool, -) - -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi -from devsecops_engine_tools.engine_utilities.ssh.managment_private_key import ( - create_ssh_private_file, - add_ssh_private_key, - decode_base64, - config_knowns_hosts, -) -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - -class CheckovTool(ToolGateway): - CHECKOV_CONFIG_FILE = "checkov_config.yaml" - TOOL = "CHECKOV" - framework_mapping = {"RULES_DOCKER": "dockerfile", "RULES_K8S": "kubernetes", "RULES_CLOUDFORMATION": "cloudformation", "RULES_OPENAPI": "openapi"} - framework_external_checks = ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER", "RULES_OPENAPI"] - - - def create_config_file(self, checkov_config: CheckovConfig): - with open( - checkov_config.path_config_file - + checkov_config.config_file_name - + self.CHECKOV_CONFIG_FILE, - "w", - ) as file: - yaml.dump(checkov_config.dict_confg_file, file) - file.close() - - def configurate_external_checks(self, config_tool: ConfigTool, secret_tool): - agent_env = None - try: - if secret_tool is None: - logger.warning("Secrets manager is not enabled to configure external checks") - else: - if ( - config_tool.use_external_checks_git == "True" - and platform.system() - in ( - "Linux", - "Darwin", - ) - ): - config_knowns_hosts( - config_tool.repository_ssh_host, - config_tool.repository_public_key_fp, - ) - ssh_key_content = decode_base64( - secret_tool, "repository_ssh_private_key" - ) - ssh_key_file_path = "/tmp/ssh_key_file" - create_ssh_private_file(ssh_key_file_path, ssh_key_content) - ssh_key_password = decode_base64( - secret_tool, "repository_ssh_password" - ) - agent_env = add_ssh_private_key(ssh_key_file_path, ssh_key_password) - - # Create configuration dir external checks - if config_tool.use_external_checks_dir == "True": - github_api = GithubApi(secret_tool["github_token"]) - github_api.download_latest_release_assets( - config_tool.external_dir_owner, - config_tool.external_dir_repository, - "/tmp", - ) - - except Exception as ex: - logger.error(f"An error ocurred configuring external checks {ex}") - return agent_env - - def execute(self, checkov_config: CheckovConfig): - command = ( - "checkov --config-file " - + checkov_config.path_config_file - + checkov_config.config_file_name - + self.CHECKOV_CONFIG_FILE - ) - env_modified = dict(os.environ) - if checkov_config.env is not None: - env_modified = {**dict(os.environ), **checkov_config.env} - result = subprocess.run( - command, capture_output=True, text=True, shell=True, env=env_modified - ) - output = result.stdout.strip() - error = result.stderr.strip() - return output - - def async_scan(self, queue, checkov_config: CheckovConfig): - result = [] - output = self.execute(checkov_config) - result.append(json.loads(output)) - queue.put(result) - - def scan_folders( - self, folders_to_scan, config_tool: ConfigTool, agent_env, environment, platform_to_scan - ): - output_queue = queue.Queue() - # Crea una lista para almacenar los hilos - threads = [] - for folder in folders_to_scan: - for rule in config_tool.rules_data_type: - if "all" in platform_to_scan or any(elem.upper() in rule for elem in platform_to_scan): - checkov_config = CheckovConfig( - path_config_file="", - config_file_name=rule, - framework=self.framework_mapping[rule], - checks=[ - key - for key, value in config_tool.rules_data_type[rule].items() - if value["environment"].get(environment) - ], - soft_fail=False, - directories=folder, - external_checks_git=[ - f"{config_tool.external_checks_git}/{self.framework_mapping[rule]}" - ] - if config_tool.use_external_checks_git == "True" - and agent_env is not None - and rule in self.framework_external_checks - else [], - env=agent_env, - external_checks_dir=f"/tmp/rules/{self.framework_mapping[rule]}" - if config_tool.use_external_checks_dir == "True" - and rule in self.framework_external_checks - else [], - ) - - checkov_config.create_config_dict() - self.create_config_file(checkov_config) - config_tool.rules_all.update(config_tool.rules_data_type[rule]) - t = threading.Thread( - target=self.async_scan, - args=(output_queue, checkov_config), - ) - t.start() - threads.append(t) - # Espera a que todos los hilos terminen - for t in threads: - t.join() - # Recopila las salidas de las tareas - result_scans = [] - while not output_queue.empty(): - result = output_queue.get() - result_scans.extend(result) - return result_scans - - def run_tool( - self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool - ): - agent_env = self.configurate_external_checks(config_tool, secret_tool) - - result_scans = self.scan_folders( - folders_to_scan, config_tool, agent_env, environment, platform_to_scan - ) - - checkov_deserealizator = CheckovDeserealizator() - findings_list = checkov_deserealizator.get_list_finding( - result_scans, config_tool.rules_all - ) - - return ( - findings_list, - generate_file_from_tool(self.TOOL, result_scans, config_tool.rules_all) - ) +import yaml +import subprocess +import os +import platform +import queue +import threading +import json +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( + ConfigTool, +) + +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import ( + CheckovDeserealizator, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_config import ( + CheckovConfig +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import ( + generate_file_from_tool, +) + +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi +from devsecops_engine_tools.engine_utilities.ssh.managment_private_key import ( + create_ssh_private_file, + add_ssh_private_key, + decode_base64, + config_knowns_hosts, +) +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + +class CheckovTool(ToolGateway): + CHECKOV_CONFIG_FILE = "checkov_config.yaml" + TOOL = "CHECKOV" + framework_mapping = {"RULES_DOCKER": "dockerfile", "RULES_K8S": "kubernetes", "RULES_CLOUDFORMATION": "cloudformation", "RULES_OPENAPI": "openapi"} + framework_external_checks = ["RULES_K8S", "RULES_CLOUDFORMATION","RULES_DOCKER", "RULES_OPENAPI"] + + + def create_config_file(self, checkov_config: CheckovConfig): + with open( + checkov_config.path_config_file + + checkov_config.config_file_name + + self.CHECKOV_CONFIG_FILE, + "w", + ) as file: + yaml.dump(checkov_config.dict_confg_file, file) + file.close() + + def configurate_external_checks(self, config_tool: ConfigTool, secret_tool): + agent_env = None + try: + if secret_tool is None: + logger.warning("Secrets manager is not enabled to configure external checks") + else: + if ( + config_tool.use_external_checks_git == "True" + and platform.system() + in ( + "Linux", + "Darwin", + ) + ): + config_knowns_hosts( + config_tool.repository_ssh_host, + config_tool.repository_public_key_fp, + ) + ssh_key_content = decode_base64( + secret_tool, "repository_ssh_private_key" + ) + ssh_key_file_path = "/tmp/ssh_key_file" + create_ssh_private_file(ssh_key_file_path, ssh_key_content) + ssh_key_password = decode_base64( + secret_tool, "repository_ssh_password" + ) + agent_env = add_ssh_private_key(ssh_key_file_path, ssh_key_password) + + # Create configuration dir external checks + if config_tool.use_external_checks_dir == "True": + github_api = GithubApi(secret_tool["github_token"]) + github_api.download_latest_release_assets( + config_tool.external_dir_owner, + config_tool.external_dir_repository, + "/tmp", + ) + + except Exception as ex: + logger.error(f"An error ocurred configuring external checks {ex}") + return agent_env + + def execute(self, checkov_config: CheckovConfig): + command = ( + "checkov --config-file " + + checkov_config.path_config_file + + checkov_config.config_file_name + + self.CHECKOV_CONFIG_FILE + ) + env_modified = dict(os.environ) + if checkov_config.env is not None: + env_modified = {**dict(os.environ), **checkov_config.env} + result = subprocess.run( + command, capture_output=True, text=True, shell=True, env=env_modified + ) + output = result.stdout.strip() + error = result.stderr.strip() + return output + + def async_scan(self, queue, checkov_config: CheckovConfig): + result = [] + output = self.execute(checkov_config) + result.append(json.loads(output)) + queue.put(result) + + def scan_folders( + self, folders_to_scan, config_tool: ConfigTool, agent_env, environment, platform_to_scan + ): + output_queue = queue.Queue() + # Crea una lista para almacenar los hilos + threads = [] + for folder in folders_to_scan: + for rule in config_tool.rules_data_type: + if "all" in platform_to_scan or any(elem.upper() in rule for elem in platform_to_scan): + checkov_config = CheckovConfig( + path_config_file="", + config_file_name=rule, + framework=self.framework_mapping[rule], + checks=[ + key + for key, value in config_tool.rules_data_type[rule].items() + if value["environment"].get(environment) + ], + soft_fail=False, + directories=folder, + external_checks_git=[ + f"{config_tool.external_checks_git}/{self.framework_mapping[rule]}" + ] + if config_tool.use_external_checks_git == "True" + and agent_env is not None + and rule in self.framework_external_checks + else [], + env=agent_env, + external_checks_dir=f"/tmp/rules/{self.framework_mapping[rule]}" + if config_tool.use_external_checks_dir == "True" + and rule in self.framework_external_checks + else [], + ) + + checkov_config.create_config_dict() + self.create_config_file(checkov_config) + config_tool.rules_all.update(config_tool.rules_data_type[rule]) + t = threading.Thread( + target=self.async_scan, + args=(output_queue, checkov_config), + ) + t.start() + threads.append(t) + # Espera a que todos los hilos terminen + for t in threads: + t.join() + # Recopila las salidas de las tareas + result_scans = [] + while not output_queue.empty(): + result = output_queue.get() + result_scans.extend(result) + return result_scans + + def run_tool( + self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool + ): + agent_env = self.configurate_external_checks(config_tool, secret_tool) + + result_scans = self.scan_folders( + folders_to_scan, config_tool, agent_env, environment, platform_to_scan + ) + + checkov_deserealizator = CheckovDeserealizator() + findings_list = checkov_deserealizator.get_list_finding( + result_scans, config_tool.rules_all + ) + + return ( + findings_list, + generate_file_from_tool(self.TOOL, result_scans, config_tool.rules_all) + ) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py index 75c29b1bc..30515c969 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py @@ -1,57 +1,57 @@ -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from datetime import datetime -from dataclasses import dataclass - - -@dataclass -class KicsDeserealizator: - def get_list_finding(self, results_scan_list: list) -> "list[Finding]": - list_open_findings = [] - - for result in results_scan_list: - finding_open = Finding( - id=result.get("id"), - cvss=None, - where=result.get("file_name"), - description=result.get("description"), - severity=result.get("severity").lower(), - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="Kics" - ) - list_open_findings.append(finding_open) - - return list_open_findings - - def get_findings(self, data): - filtered_results = [] - for query in data.get("queries", []): - severity = query.get("severity", "").upper() - if severity in {"LOW", "MEDIUM", "HIGH", "CRITICAL"}: - description = query.get("query_name", "") - query_id = query.get("query_id", "") - for file in query.get("files", []): - file_name = file.get("file_name", "") - filtered_results.append({ - "severity": severity, - "description": description, - "file_name": file_name, - "id": query_id - }) - return filtered_results - - def calculate_total_vulnerabilities(self, data): - severity_counters = data.get("severity_counters", {}) - - critical = severity_counters.get("CRITICAL", 0) - high = severity_counters.get("HIGH", 0) - medium = severity_counters.get("MEDIUM", 0) - low = severity_counters.get("LOW", 0) - - return critical + high + medium + low +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from datetime import datetime +from dataclasses import dataclass + + +@dataclass +class KicsDeserealizator: + def get_list_finding(self, results_scan_list: list) -> "list[Finding]": + list_open_findings = [] + + for result in results_scan_list: + finding_open = Finding( + id=result.get("id"), + cvss=None, + where=result.get("file_name"), + description=result.get("description"), + severity=result.get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="Kics" + ) + list_open_findings.append(finding_open) + + return list_open_findings + + def get_findings(self, data): + filtered_results = [] + for query in data.get("queries", []): + severity = query.get("severity", "").upper() + if severity in {"LOW", "MEDIUM", "HIGH", "CRITICAL"}: + description = query.get("query_name", "") + query_id = query.get("query_id", "") + for file in query.get("files", []): + file_name = file.get("file_name", "") + filtered_results.append({ + "severity": severity, + "description": description, + "file_name": file_name, + "id": query_id + }) + return filtered_results + + def calculate_total_vulnerabilities(self, data): + severity_counters = data.get("severity_counters", {}) + + critical = severity_counters.get("CRITICAL", 0) + high = severity_counters.get("HIGH", 0) + medium = severity_counters.get("MEDIUM", 0) + low = severity_counters.get("LOW", 0) + + return critical + high + medium + low diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py index c997ed28f..e1ea7bfd6 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_tool.py @@ -1,140 +1,140 @@ -import subprocess -import json -import platform -import requests -import os -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( - ConfigTool, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import ( - KicsDeserealizator -) -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class KicsTool(ToolGateway): - - def download(self, file, url): - try: - response = requests.get(url) - with open(file, "wb") as f: - f.write(response.content) - except Exception as ex: - logger.error(f"An error ocurred downloading {file} {ex}") - - def install_tool(self, file, url, command_prefix): - github_api = GithubApi() - kics = f"./{command_prefix}/kics" - installed = subprocess.run( - ["which", command_prefix], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - if installed.returncode == 1: - try: - self.download(file, url) - github_api.unzip_file(file, command_prefix) - subprocess.run(["chmod", "+x", kics]) - return kics - except Exception as e: - logger.error(f"Error installing KICS: {e}") - else: - return command_prefix - - def install_tool_windows(self, file, url, command_prefix): - try: - subprocess.run( - [command_prefix, "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - return command_prefix - except: - try: - github_api = GithubApi() - self.download(file, url) - github_api.unzip_file(file, command_prefix) - return f"./{command_prefix}/kics" - - except Exception as e: - logger.error(f"Error installing KICS: {e}") - - def execute_kics(self, folders_to_scan, prefix): - folders = ','.join(folders_to_scan) - command = [prefix, "scan", "-p", folders, "-q", "./kics_assets/assets", "--report-formats", "json", "-o", "./"] - try: - subprocess.run(command, capture_output=True) - except subprocess.CalledProcessError as e: - logger.error(f"Error during KICS execution: {e}") - - def load_results(self): - try: - with open('results.json') as f: - data = json.load(f) - return data - except Exception as ex: - logger.error(f"An error ocurred loading KICS results {ex}") - return None - - def select_operative_system(self, os_platform, folders_to_scan, config_tool: ConfigTool, path_kics): - command_prefix = path_kics - if os_platform == "Linux": - kics_zip = "kics_linux.zip" - url_kics = config_tool.kics_linux - command_prefix = self.install_tool(kics_zip, url_kics, command_prefix) - elif os_platform == "Windows": - kics_zip = "kics_windows.zip" - url_kics = config_tool.kics_windows - command_prefix = self.install_tool_windows(kics_zip, url_kics, command_prefix) - elif os_platform == "Darwin": - kics_zip = "kics_macos.zip" - url_kics = config_tool.kics_mac - command_prefix = self.install_tool(kics_zip, url_kics, command_prefix) - else: - logger.warning(f"{os_platform} is not supported.") - return [], None - - self.execute_kics(folders_to_scan, command_prefix) - - def get_assets(self, kics_version): - name_zip = "assets_compressed.zip" - assets_url = f"https://github.com/Checkmarx/kics/releases/download/v{kics_version}/extracted-info.zip" - self.download(name_zip, assets_url) - - directory_assets = "kics_assets" - github_api = GithubApi() - github_api.unzip_file(name_zip, directory_assets) - - def run_tool( - self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool - ): - kics_version = config_tool.version - path_kics = config_tool.path_kics - download_kics_assets = config_tool.download_kics_assets - if download_kics_assets: - self.get_assets(kics_version) - - os_platform = platform.system() - self.select_operative_system(os_platform, folders_to_scan, config_tool, path_kics) - - data = self.load_results() - if data: - kics_deserealizator = KicsDeserealizator() - total_vulnerabilities = kics_deserealizator.calculate_total_vulnerabilities(data) - path_file = os.path.abspath("results.json") - - if total_vulnerabilities == 0: - return [], path_file - - filtered_results = kics_deserealizator.get_findings(data) - finding_list = kics_deserealizator.get_list_finding(filtered_results) - - return finding_list, path_file - return [], None +import subprocess +import json +import platform +import requests +import os +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( + ConfigTool, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import ( + KicsDeserealizator +) +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class KicsTool(ToolGateway): + + def download(self, file, url): + try: + response = requests.get(url) + with open(file, "wb") as f: + f.write(response.content) + except Exception as ex: + logger.error(f"An error ocurred downloading {file} {ex}") + + def install_tool(self, file, url, command_prefix): + github_api = GithubApi() + kics = f"./{command_prefix}/kics" + installed = subprocess.run( + ["which", command_prefix], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + if installed.returncode == 1: + try: + self.download(file, url) + github_api.unzip_file(file, command_prefix) + subprocess.run(["chmod", "+x", kics]) + return kics + except Exception as e: + logger.error(f"Error installing KICS: {e}") + else: + return command_prefix + + def install_tool_windows(self, file, url, command_prefix): + try: + subprocess.run( + [command_prefix, "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + return command_prefix + except: + try: + github_api = GithubApi() + self.download(file, url) + github_api.unzip_file(file, command_prefix) + return f"./{command_prefix}/kics" + + except Exception as e: + logger.error(f"Error installing KICS: {e}") + + def execute_kics(self, folders_to_scan, prefix): + folders = ','.join(folders_to_scan) + command = [prefix, "scan", "-p", folders, "-q", "./kics_assets/assets", "--report-formats", "json", "-o", "./"] + try: + subprocess.run(command, capture_output=True) + except subprocess.CalledProcessError as e: + logger.error(f"Error during KICS execution: {e}") + + def load_results(self): + try: + with open('results.json') as f: + data = json.load(f) + return data + except Exception as ex: + logger.error(f"An error ocurred loading KICS results {ex}") + return None + + def select_operative_system(self, os_platform, folders_to_scan, config_tool: ConfigTool, path_kics): + command_prefix = path_kics + if os_platform == "Linux": + kics_zip = "kics_linux.zip" + url_kics = config_tool.kics_linux + command_prefix = self.install_tool(kics_zip, url_kics, command_prefix) + elif os_platform == "Windows": + kics_zip = "kics_windows.zip" + url_kics = config_tool.kics_windows + command_prefix = self.install_tool_windows(kics_zip, url_kics, command_prefix) + elif os_platform == "Darwin": + kics_zip = "kics_macos.zip" + url_kics = config_tool.kics_mac + command_prefix = self.install_tool(kics_zip, url_kics, command_prefix) + else: + logger.warning(f"{os_platform} is not supported.") + return [], None + + self.execute_kics(folders_to_scan, command_prefix) + + def get_assets(self, kics_version): + name_zip = "assets_compressed.zip" + assets_url = f"https://github.com/Checkmarx/kics/releases/download/v{kics_version}/extracted-info.zip" + self.download(name_zip, assets_url) + + directory_assets = "kics_assets" + github_api = GithubApi() + github_api.unzip_file(name_zip, directory_assets) + + def run_tool( + self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool + ): + kics_version = config_tool.version + path_kics = config_tool.path_kics + download_kics_assets = config_tool.download_kics_assets + if download_kics_assets: + self.get_assets(kics_version) + + os_platform = platform.system() + self.select_operative_system(os_platform, folders_to_scan, config_tool, path_kics) + + data = self.load_results() + if data: + kics_deserealizator = KicsDeserealizator() + total_vulnerabilities = kics_deserealizator.calculate_total_vulnerabilities(data) + path_file = os.path.abspath("results.json") + + if total_vulnerabilities == 0: + return [], path_file + + filtered_results = kics_deserealizator.get_findings(data) + finding_list = kics_deserealizator.get_list_finding(filtered_results) + + return finding_list, path_file + return [], None diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py index a9e3d37dd..46c8bcc49 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py @@ -1,75 +1,75 @@ -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from datetime import datetime -from dataclasses import dataclass - - -@dataclass -class KubescapeDeserealizator: - def get_list_finding(self, results_scan_list: list) -> "list[Finding]": - list_open_findings = [] - - for result in results_scan_list: - finding_open = Finding( - id=result.get("id"), - cvss=None, - where=result.get("where"), - description=result.get("description"), - severity=result.get("severity").lower(), - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="kubescape" - ) - list_open_findings.append(finding_open) - - return list_open_findings - - def extract_failed_controls(self, data): - result_extracted_data = [] - results = data.get("results", []) - resources = {resource.get("resourceID"): resource for resource in data.get("resources", [])} - frameworks = data.get("summaryDetails", {}).get("frameworks", []) - - for result in results: - resource_id = result.get("resourceID") - controls = result.get("controls", []) - - for control in controls: - if control.get("status", {}).get("status") == "failed": - control_id = control.get("controlID") - name = control.get("name") - resource = resources.get(resource_id) - - if resource: - relative_path = resource.get("source", {}).get("path", "").replace("\\", "/") - severity_score = self.get_severity_score(frameworks, control_id) - - result_extracted_data.append({ - "id": control_id, - "description": name, - "where": relative_path, - "severity": severity_score - }) - - return result_extracted_data - - def get_severity_score(self, frameworks, control_id): - classifications = { - (0.0, 0.0): "none", - (0.1, 3.9): "low", - (4.0, 6.9): "medium", - (7.0, 8.9): "high", - (9.0, 10.0): "critical" - } - for framework in frameworks: - control_object = framework.get("controls", {}).get(control_id, {}) - if control_object: - for range_tuple, classification in classifications.items(): - if range_tuple[0] <= control_object.get("scoreFactor", 0.0) <= range_tuple[1]: - return classification - return None +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from datetime import datetime +from dataclasses import dataclass + + +@dataclass +class KubescapeDeserealizator: + def get_list_finding(self, results_scan_list: list) -> "list[Finding]": + list_open_findings = [] + + for result in results_scan_list: + finding_open = Finding( + id=result.get("id"), + cvss=None, + where=result.get("where"), + description=result.get("description"), + severity=result.get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="kubescape" + ) + list_open_findings.append(finding_open) + + return list_open_findings + + def extract_failed_controls(self, data): + result_extracted_data = [] + results = data.get("results", []) + resources = {resource.get("resourceID"): resource for resource in data.get("resources", [])} + frameworks = data.get("summaryDetails", {}).get("frameworks", []) + + for result in results: + resource_id = result.get("resourceID") + controls = result.get("controls", []) + + for control in controls: + if control.get("status", {}).get("status") == "failed": + control_id = control.get("controlID") + name = control.get("name") + resource = resources.get(resource_id) + + if resource: + relative_path = resource.get("source", {}).get("path", "").replace("\\", "/") + severity_score = self.get_severity_score(frameworks, control_id) + + result_extracted_data.append({ + "id": control_id, + "description": name, + "where": relative_path, + "severity": severity_score + }) + + return result_extracted_data + + def get_severity_score(self, frameworks, control_id): + classifications = { + (0.0, 0.0): "none", + (0.1, 3.9): "low", + (4.0, 6.9): "medium", + (7.0, 8.9): "high", + (9.0, 10.0): "critical" + } + for framework in frameworks: + control_object = framework.get("controls", {}).get(control_id, {}) + if control_object: + for range_tuple, classification in classifications.items(): + if range_tuple[0] <= control_object.get("scoreFactor", 0.0) <= range_tuple[1]: + return classification + return None diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py index ab6f96c31..a4cd5053c 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_tool.py @@ -1,123 +1,123 @@ -import json -import subprocess -import platform -import requests -import distro -import os -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( - ConfigTool, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import ( - KubescapeDeserealizator, -) -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class KubescapeTool(ToolGateway): - - def download_tool(self, file, url): - try: - response = requests.get(url, allow_redirects=True) - with open(file, "wb") as binary_file: - binary_file.write(response.content) - except Exception as e: - logger.error(f"Error downloading Kubescape: {e}") - - def install_tool(self, file, url): - installed = subprocess.run( - ["which", f"./{file}"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - if installed.returncode == 1: - try: - self.download_tool(file, url) - subprocess.run(["chmod", "+x", f"./{file}"]) - - except Exception as e: - logger.error(f"Error installing Kubescape: {e}") - - def install_tool_windows(self, file, url): - try: - subprocess.run( - [f"./{file}", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - except: - try: - self.download_tool(file, url) - - except Exception as e: - logger.error(f"Error installing Kubescape: {e}") - - def execute_kubescape(self, folders_to_scan, prefix): - command = [prefix, "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output", - "results_kubescape.json", "-v"] - try: - subprocess.run(command, capture_output=True) - except subprocess.CalledProcessError as e: - logger.error(f"Error during Kubescape execution: {e}") - - def load_json(self, json_name): - try: - with open(json_name) as file: - return json.load(file) - except FileNotFoundError: - logger.error(f"The file {json_name} does not exist.") - except json.JSONDecodeError: - logger.error("The JSON result is empty.") - return None - - def select_operative_system(self, os_platform, folders_to_scan, base_url): - if os_platform == "Linux": - distro_name = distro.name() - if distro_name == "Ubuntu": - file = "kubescape-ubuntu-latest" - self.install_tool(file, base_url + file) - command_prefix = f"./{file}" - else: - logger.warning(f"{distro_name} is not supported.") - return None - elif os_platform == "Windows": - file = "kubescape-windows-latest.exe" - self.install_tool_windows(file, base_url + file) - command_prefix = f"./{file}" - elif os_platform == "Darwin": - file = "kubescape-macos-latest" - self.install_tool(file, base_url + file) - command_prefix = f"./{file}" - else: - logger.warning(f"{os_platform} is not supported.") - return [], None - - self.execute_kubescape(folders_to_scan, command_prefix) - - def run_tool(self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool): - - if folders_to_scan and "k8s" in platform_to_scan: - - kubescape_version = config_tool.version - os_platform = platform.system() - base_url = f"https://github.com/kubescape/kubescape/releases/download/v{kubescape_version}/" - self.select_operative_system(os_platform, folders_to_scan, base_url) - - json_name = "results_kubescape.json" - data = self.load_json(json_name) - - if not data: - return [], None - else: - kubescape_deserealizator = KubescapeDeserealizator() - result_extracted_data = kubescape_deserealizator.extract_failed_controls(data) - finding_list = kubescape_deserealizator.get_list_finding(result_extracted_data) - path_results = os.path.abspath(json_name) - return finding_list, path_results - else: - return [], None +import json +import subprocess +import platform +import requests +import distro +import os +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( + ConfigTool, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import ( + KubescapeDeserealizator, +) +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class KubescapeTool(ToolGateway): + + def download_tool(self, file, url): + try: + response = requests.get(url, allow_redirects=True) + with open(file, "wb") as binary_file: + binary_file.write(response.content) + except Exception as e: + logger.error(f"Error downloading Kubescape: {e}") + + def install_tool(self, file, url): + installed = subprocess.run( + ["which", f"./{file}"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + if installed.returncode == 1: + try: + self.download_tool(file, url) + subprocess.run(["chmod", "+x", f"./{file}"]) + + except Exception as e: + logger.error(f"Error installing Kubescape: {e}") + + def install_tool_windows(self, file, url): + try: + subprocess.run( + [f"./{file}", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + except: + try: + self.download_tool(file, url) + + except Exception as e: + logger.error(f"Error installing Kubescape: {e}") + + def execute_kubescape(self, folders_to_scan, prefix): + command = [prefix, "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output", + "results_kubescape.json", "-v"] + try: + subprocess.run(command, capture_output=True) + except subprocess.CalledProcessError as e: + logger.error(f"Error during Kubescape execution: {e}") + + def load_json(self, json_name): + try: + with open(json_name) as file: + return json.load(file) + except FileNotFoundError: + logger.error(f"The file {json_name} does not exist.") + except json.JSONDecodeError: + logger.error("The JSON result is empty.") + return None + + def select_operative_system(self, os_platform, folders_to_scan, base_url): + if os_platform == "Linux": + distro_name = distro.name() + if distro_name == "Ubuntu": + file = "kubescape-ubuntu-latest" + self.install_tool(file, base_url + file) + command_prefix = f"./{file}" + else: + logger.warning(f"{distro_name} is not supported.") + return None + elif os_platform == "Windows": + file = "kubescape-windows-latest.exe" + self.install_tool_windows(file, base_url + file) + command_prefix = f"./{file}" + elif os_platform == "Darwin": + file = "kubescape-macos-latest" + self.install_tool(file, base_url + file) + command_prefix = f"./{file}" + else: + logger.warning(f"{os_platform} is not supported.") + return [], None + + self.execute_kubescape(folders_to_scan, command_prefix) + + def run_tool(self, config_tool: ConfigTool, folders_to_scan, environment, platform_to_scan, secret_tool): + + if folders_to_scan and "k8s" in platform_to_scan: + + kubescape_version = config_tool.version + os_platform = platform.system() + base_url = f"https://github.com/kubescape/kubescape/releases/download/v{kubescape_version}/" + self.select_operative_system(os_platform, folders_to_scan, base_url) + + json_name = "results_kubescape.json" + data = self.load_json(json_name) + + if not data: + return [], None + else: + kubescape_deserealizator = KubescapeDeserealizator() + result_extracted_data = kubescape_deserealizator.extract_failed_controls(data) + finding_list = kubescape_deserealizator.get_list_finding(result_extracted_data) + path_results = os.path.abspath(json_name) + return finding_list, path_results + else: + return [], None diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py index 38c12cafb..53268c8ae 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py @@ -1,74 +1,74 @@ -import json -import os -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -def generate_file_from_tool(tool, result_list, rules_doc): - if tool == "CHECKOV": - try: - if len(result_list) > 0: - all_failed_checks = [] - summary_passed = 0 - summary_failed = 0 - summary_skipped = 0 - summary_parsing_errors = 0 - summary_resource_count = 0 - checkov_version = None - for result in result_list: - failed_checks = result.get("results", {}).get("failed_checks", []) - all_failed_checks.extend( - map(lambda x: update_fields(x, rules_doc), failed_checks) - ) - summary_passed += result.get("summary", {}).get("passed", 0) - summary_failed += result.get("summary", {}).get("failed", 0) - summary_skipped += result.get("summary", {}).get("skipped", 0) - summary_parsing_errors += result.get("summary", {}).get( - "parsing_errors", 0 - ) - summary_resource_count += result.get("summary", {}).get( - "resource_count", 0 - ) - checkov_version = result.get("summary", {}).get( - "checkov_version", None - ) - - file_name = "results.json" - results_data = { - "check_type": "Dockerfile, Kubernetes and CloudFormation", - "results": { - "failed_checks": all_failed_checks, - }, - "summary": { - "passed": summary_passed, - "failed": summary_failed, - "skipped": summary_skipped, - "parsing_errors": summary_parsing_errors, - "resource_count": summary_resource_count, - "checkov_version": checkov_version, - }, - } - - with open(file_name, "w") as json_file: - json.dump(results_data, json_file, indent=4) - - absolute_path = os.path.abspath(file_name) - return absolute_path - except Exception as ex: - logger.error(f"Error during handling checkov json integrator {ex}") - - -def update_fields(check_result, rules_doc): - rule_info = rules_doc.get(check_result.get("check_id"), {}) - - check_result["severity"] = rule_info["severity"].lower() - if "customID" in rule_info: - check_result["custom_vuln_id"] = rule_info["customID"] - if "guideline" in rule_info: - check_result["guideline"] = rule_info["guideline"] - if "category" in rule_info: - check_result["bc_category"] = rule_info["category"] - - return check_result +import json +import os +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +def generate_file_from_tool(tool, result_list, rules_doc): + if tool == "CHECKOV": + try: + if len(result_list) > 0: + all_failed_checks = [] + summary_passed = 0 + summary_failed = 0 + summary_skipped = 0 + summary_parsing_errors = 0 + summary_resource_count = 0 + checkov_version = None + for result in result_list: + failed_checks = result.get("results", {}).get("failed_checks", []) + all_failed_checks.extend( + map(lambda x: update_fields(x, rules_doc), failed_checks) + ) + summary_passed += result.get("summary", {}).get("passed", 0) + summary_failed += result.get("summary", {}).get("failed", 0) + summary_skipped += result.get("summary", {}).get("skipped", 0) + summary_parsing_errors += result.get("summary", {}).get( + "parsing_errors", 0 + ) + summary_resource_count += result.get("summary", {}).get( + "resource_count", 0 + ) + checkov_version = result.get("summary", {}).get( + "checkov_version", None + ) + + file_name = "results.json" + results_data = { + "check_type": "Dockerfile, Kubernetes and CloudFormation", + "results": { + "failed_checks": all_failed_checks, + }, + "summary": { + "passed": summary_passed, + "failed": summary_failed, + "skipped": summary_skipped, + "parsing_errors": summary_parsing_errors, + "resource_count": summary_resource_count, + "checkov_version": checkov_version, + }, + } + + with open(file_name, "w") as json_file: + json.dump(results_data, json_file, indent=4) + + absolute_path = os.path.abspath(file_name) + return absolute_path + except Exception as ex: + logger.error(f"Error during handling checkov json integrator {ex}") + + +def update_fields(check_result, rules_doc): + rule_info = rules_doc.get(check_result.get("check_id"), {}) + + check_result["severity"] = rule_info["severity"].lower() + if "customID" in rule_info: + check_result["custom_vuln_id"] = rule_info["customID"] + if "guideline" in rule_info: + check_result["guideline"] = rule_info["guideline"] + if "category" in rule_info: + check_result["bc_category"] = rule_info["category"] + + return check_result diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py index db63aadab..6bc32a0f8 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py @@ -1,113 +1,113 @@ -import unittest -from unittest import mock -from devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan import ( - runner_engine_iac, -) -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold - - -@mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" -) -def test_runner_engine_iac(mock_entry_point_tool): - # Mock the output - - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - - mock_entry_point_tool.return_value = [] , input_core - - # Define the input arguments - dict_args = {} - tool = "CHECKOV" - secret_tool = "secret" - devops_platform_gateway = None - - # Call the function - [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") - - # Assert the expected behavior - assert input_output == input_core - -@mock.patch('devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm') -def test_runner_engine_iac_exception(mock_entry_point_tool): - # Arrange - dict_args = {'arg1': 'value1', 'arg2': 'value2'} - tool = 'CHECKOV' - secret_tool = 'my_secret' - devops_platform_gateway = None - - # Mock the necessary methods or properties to simulate an exception - mock_entry_point_tool.side_effect = Exception("Simulated error") - - # Act and Assert - with unittest.TestCase().assertRaises(Exception) as context: - runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "dev") - - # Optionally, you can check the exception message or other details - assert str(context.exception) == "Error engine_iac : Simulated error" - -@mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" -) -def test_runner_engine_iac_kubescape(mock_entry_point_tool): - # Mock the output - - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - - mock_entry_point_tool.return_value = [] , input_core - - # Define the input arguments - dict_args = {} - tool = "KUBESCAPE" - secret_tool = "secret" - devops_platform_gateway = None - - # Call the function - [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") - - # Assert the expected behavior - assert input_output == input_core - -@mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" -) -def test_runner_engine_iac_kics(mock_entry_point_tool): - # Mock the output - - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - - mock_entry_point_tool.return_value = [] , input_core - - # Define the input arguments - dict_args = {} - tool = "KICS" - secret_tool = "secret" - devops_platform_gateway = None - - # Call the function - [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") - - # Assert the expected behavior - assert input_output == input_core +import unittest +from unittest import mock +from devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan import ( + runner_engine_iac, +) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +@mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" +) +def test_runner_engine_iac(mock_entry_point_tool): + # Mock the output + + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + + mock_entry_point_tool.return_value = [] , input_core + + # Define the input arguments + dict_args = {} + tool = "CHECKOV" + secret_tool = "secret" + devops_platform_gateway = None + + # Call the function + [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") + + # Assert the expected behavior + assert input_output == input_core + +@mock.patch('devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm') +def test_runner_engine_iac_exception(mock_entry_point_tool): + # Arrange + dict_args = {'arg1': 'value1', 'arg2': 'value2'} + tool = 'CHECKOV' + secret_tool = 'my_secret' + devops_platform_gateway = None + + # Mock the necessary methods or properties to simulate an exception + mock_entry_point_tool.side_effect = Exception("Simulated error") + + # Act and Assert + with unittest.TestCase().assertRaises(Exception) as context: + runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "dev") + + # Optionally, you can check the exception message or other details + assert str(context.exception) == "Error engine_iac : Simulated error" + +@mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" +) +def test_runner_engine_iac_kubescape(mock_entry_point_tool): + # Mock the output + + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + + mock_entry_point_tool.return_value = [] , input_core + + # Define the input arguments + dict_args = {} + tool = "KUBESCAPE" + secret_tool = "secret" + devops_platform_gateway = None + + # Call the function + [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") + + # Assert the expected behavior + assert input_output == input_core + +@mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" +) +def test_runner_engine_iac_kics(mock_entry_point_tool): + # Mock the output + + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + + mock_entry_point_tool.return_value = [] , input_core + + # Define the input arguments + dict_args = {} + tool = "KICS" + secret_tool = "secret" + devops_platform_gateway = None + + # Call the function + [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") + + # Assert the expected behavior + assert input_output == input_core diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/domain/usecases/test_iac_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/domain/usecases/test_iac_scan.py index ca1d369e7..37a4afc0e 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/domain/usecases/test_iac_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/domain/usecases/test_iac_scan.py @@ -1,162 +1,162 @@ -import unittest -from unittest.mock import MagicMock -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.usecases.iac_scan import ( - IacScan, -) - - -class TestIacScan(unittest.TestCase): - def setUp(self): - self.tool_gateway = MagicMock() - self.devops_platform_gateway = MagicMock() - self.iac_scan = IacScan(self.tool_gateway, self.devops_platform_gateway) - - def side_effect(self, arg): - if arg == "stage": - return "Release" - else: - return "example_pipeline" - - def test_process(self): - dict_args = { - "remote_config_repo": "example_repo", - "folder_path": ".", - "environment": "test", - "platform": "cloudformation", - } - secret_tool = "example_secret" - tool = "CHECKOV" - - # Mock the return values of the dependencies - self.devops_platform_gateway.get_remote_config.return_value = { - "SEARCH_PATTERN": ["AW", "NU"], - "IGNORE_SEARCH_PATTERN": [ - "test", - ], - "EXCLUSIONS_PATH": "Exclusions.json", - "MESSAGE_INFO_ENGINE_IAC": "message test", - "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "True", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 10, - "High": 3, - "Medium": 20, - "Low": 30, - }, - "COMPLIANCE": {"Critical": 4}, - }, - "CHECKOV": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "True", - "EXTERNAL_CHECKS_GIT": "rules", - "EXTERNAL_GIT_SSH_HOST": "github", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", - "USE_EXTERNAL_CHECKS_DIR": "False", - "EXTERNAL_DIR_OWNER": "test", - "EXTERNAL_DIR_REPOSITORY": "repository", - "RULES": "", - }, - } - - # self.devops_platform_gateway.get_variable.return_value = "example_pipeline" - self.devops_platform_gateway.get_variable.side_effect = self.side_effect - - self.tool_gateway.run_tool.return_value = ( - ["finding1", "finding2"], - "/path/to/results", - ) - - findings_list, input_core = self.iac_scan.process(dict_args, secret_tool, tool, "pdn") - - # Assert the expected return values - self.assertEqual(findings_list, ["finding1", "finding2"]) - self.assertEqual(input_core.totalized_exclusions, []) - self.assertEqual(input_core.threshold_defined.vulnerability.critical, 10) - self.assertEqual(input_core.path_file_results, "/path/to/results") - self.assertEqual(input_core.custom_message_break_build, "message test") - self.assertEqual(input_core.scope_pipeline, "example_pipeline_devsecops_engine_tools") - self.assertEqual(input_core.stage_pipeline, "Release") - - def test_process_skip_search_folder(self): - dict_args = { - "remote_config_repo": "example_repo", - "folder_path": "example_folder", - "environment": "test", - "platform": "eks", - } - secret_tool = "example_secret" - tool = "CHECKOV" - - self.devops_platform_gateway.get_remote_config.side_effect = [ - # Resultado para el primer llamado (init_config_tool) - { - "SEARCH_PATTERN": ["AW", "NU"], - "IGNORE_SEARCH_PATTERN": [ - "test", - ], - "EXCLUSIONS_PATH": "Exclusions.json", - "MESSAGE_INFO_ENGINE_IAC": "message test", - "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 10, - "High": 3, - "Medium": 20, - "Low": 30, - }, - "COMPLIANCE": {"Critical": 4}, - }, - "CHECKOV": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "True", - "EXTERNAL_CHECKS_GIT": "rules", - "EXTERNAL_GIT_SSH_HOST": "github", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", - "USE_EXTERNAL_CHECKS_DIR": "False", - "EXTERNAL_DIR_OWNER": "test", - "EXTERNAL_DIR_REPOSITORY": "repository", - "RULES": "", - }, - }, - # Resultado para el segundo llamado (exclusions) - { - "All": { - "CHECKOV": [ - { - "id": "CKV_K8S_8", - "where": "all", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "HIGH", - "hu": "4338704", - } - ] - }, - "example_pipeline": { - "SKIP_TOOL": { - "create_date": "24012024", - "expired_date": "30012024", - "hu": "3423213", - }, - "CHECKOV": [ - { - "id": "CKV_K8S_8", - "where": "deployment-configmap.yaml", - "create_date": "18112023", - "expired_date": "18032024", - "severity": "HIGH", - "hu": "4338704", - "pipeline": "true", - } - ], - }, - }, - ] - - self.devops_platform_gateway.get_variable.return_value = "example_pipeline" - - findings_list, input_core = self.iac_scan.process(dict_args, secret_tool, tool, "qa") - - # Assert the expected return values - self.assertEqual(findings_list, []) - self.assertIsNotNone(input_core) +import unittest +from unittest.mock import MagicMock +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.usecases.iac_scan import ( + IacScan, +) + + +class TestIacScan(unittest.TestCase): + def setUp(self): + self.tool_gateway = MagicMock() + self.devops_platform_gateway = MagicMock() + self.iac_scan = IacScan(self.tool_gateway, self.devops_platform_gateway) + + def side_effect(self, arg): + if arg == "stage": + return "Release" + else: + return "example_pipeline" + + def test_process(self): + dict_args = { + "remote_config_repo": "example_repo", + "folder_path": ".", + "environment": "test", + "platform": "cloudformation", + } + secret_tool = "example_secret" + tool = "CHECKOV" + + # Mock the return values of the dependencies + self.devops_platform_gateway.get_remote_config.return_value = { + "SEARCH_PATTERN": ["AW", "NU"], + "IGNORE_SEARCH_PATTERN": [ + "test", + ], + "EXCLUSIONS_PATH": "Exclusions.json", + "MESSAGE_INFO_ENGINE_IAC": "message test", + "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "True", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 10, + "High": 3, + "Medium": 20, + "Low": 30, + }, + "COMPLIANCE": {"Critical": 4}, + }, + "CHECKOV": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "True", + "EXTERNAL_CHECKS_GIT": "rules", + "EXTERNAL_GIT_SSH_HOST": "github", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", + "USE_EXTERNAL_CHECKS_DIR": "False", + "EXTERNAL_DIR_OWNER": "test", + "EXTERNAL_DIR_REPOSITORY": "repository", + "RULES": "", + }, + } + + # self.devops_platform_gateway.get_variable.return_value = "example_pipeline" + self.devops_platform_gateway.get_variable.side_effect = self.side_effect + + self.tool_gateway.run_tool.return_value = ( + ["finding1", "finding2"], + "/path/to/results", + ) + + findings_list, input_core = self.iac_scan.process(dict_args, secret_tool, tool, "pdn") + + # Assert the expected return values + self.assertEqual(findings_list, ["finding1", "finding2"]) + self.assertEqual(input_core.totalized_exclusions, []) + self.assertEqual(input_core.threshold_defined.vulnerability.critical, 10) + self.assertEqual(input_core.path_file_results, "/path/to/results") + self.assertEqual(input_core.custom_message_break_build, "message test") + self.assertEqual(input_core.scope_pipeline, "example_pipeline_devsecops_engine_tools") + self.assertEqual(input_core.stage_pipeline, "Release") + + def test_process_skip_search_folder(self): + dict_args = { + "remote_config_repo": "example_repo", + "folder_path": "example_folder", + "environment": "test", + "platform": "eks", + } + secret_tool = "example_secret" + tool = "CHECKOV" + + self.devops_platform_gateway.get_remote_config.side_effect = [ + # Resultado para el primer llamado (init_config_tool) + { + "SEARCH_PATTERN": ["AW", "NU"], + "IGNORE_SEARCH_PATTERN": [ + "test", + ], + "EXCLUSIONS_PATH": "Exclusions.json", + "MESSAGE_INFO_ENGINE_IAC": "message test", + "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 10, + "High": 3, + "Medium": 20, + "Low": 30, + }, + "COMPLIANCE": {"Critical": 4}, + }, + "CHECKOV": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "True", + "EXTERNAL_CHECKS_GIT": "rules", + "EXTERNAL_GIT_SSH_HOST": "github", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", + "USE_EXTERNAL_CHECKS_DIR": "False", + "EXTERNAL_DIR_OWNER": "test", + "EXTERNAL_DIR_REPOSITORY": "repository", + "RULES": "", + }, + }, + # Resultado para el segundo llamado (exclusions) + { + "All": { + "CHECKOV": [ + { + "id": "CKV_K8S_8", + "where": "all", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704", + } + ] + }, + "example_pipeline": { + "SKIP_TOOL": { + "create_date": "24012024", + "expired_date": "30012024", + "hu": "3423213", + }, + "CHECKOV": [ + { + "id": "CKV_K8S_8", + "where": "deployment-configmap.yaml", + "create_date": "18112023", + "expired_date": "18032024", + "severity": "HIGH", + "hu": "4338704", + "pipeline": "true", + } + ], + }, + }, + ] + + self.devops_platform_gateway.get_variable.return_value = "example_pipeline" + + findings_list, input_core = self.iac_scan.process(dict_args, secret_tool, tool, "qa") + + # Assert the expected return values + self.assertEqual(findings_list, []) + self.assertIsNotNone(input_core) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py index e105cf6c6..b82397072 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py @@ -1,132 +1,132 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import ( - CheckovDeserealizator, -) -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, - Category, -) -from datetime import datetime - -def test_get_list_finding(): - results_scan_list = [ - { - "check_type": "dockerfile", - "results": { - "failed_checks": [ - { - "check_id": "CKV_DOCKER_3", - "bc_check_id": None, - "check_name": "Ensure that a user for the container has been created", - "check_result": { - "result": "FAILED", - "results_configuration": None, - }, - "code_block": None, - "resource": "docker", - "file_path": "/Dockerfile", - "file_abs_path": "./_AW1234/Dockerfile", - "repo_file_path": "/_AW1234/Dockerfile", - } - ] - }, - "summary": { - "passed": 1, - "failed": 1, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 1, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "kubernetes", - "results": { - "failed_checks": [ - { - "check_id": "CKV_K8S_13", - "bc_check_id": None, - "check_name": "Minimize the admission of containers with capabilities assigned", - "check_result": { - "result": "FAILED", - "evaluated_keys": [...], - }, - "code_block": None, - "file_path": "/app.yaml", - "file_abs_path": "./_AW1234/app.yaml", - "repo_file_path": "/_AW1234/app.yaml", - "file_line_range": [21, 83], - "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", - "evaluations": {}, - "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", - "fixed_definition": None, - "entity_tags": None, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - }, - ] - config_rules = { - "CKV_DOCKER_3": { - "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - "environment": {...}, - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Vulnerability", - }, - "CKV_K8S_13": { - "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", - "environment": {...}, - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance", - }, - } - - list_findings = CheckovDeserealizator.get_list_finding( - results_scan_list, config_rules - ) - - list_findings_compare: list[Finding] = [] - list_findings_compare.append( - Finding( - id="CKV_DOCKER_3", - cvss=None, - where="/_AW1234/Dockerfile: docker", - description="IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="Checkov", - ) - ) - - list_findings_compare.append( - Finding( - id="CKV_K8S_13", - cvss=None, - where="/_AW1234/app.yaml: Deployment.devsecops-engine-dev.ms-async-provider-deployment", - description='IAC-CKV_K8S_13 Ensure memory limits are set', - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.COMPLIANCE, - requirements=None, - tool="Checkov", - ) - ) - - assert list_findings == list_findings_compare +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import ( + CheckovDeserealizator, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, + Category, +) +from datetime import datetime + +def test_get_list_finding(): + results_scan_list = [ + { + "check_type": "dockerfile", + "results": { + "failed_checks": [ + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": None, + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": None, + }, + "code_block": None, + "resource": "docker", + "file_path": "/Dockerfile", + "file_abs_path": "./_AW1234/Dockerfile", + "repo_file_path": "/_AW1234/Dockerfile", + } + ] + }, + "summary": { + "passed": 1, + "failed": 1, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 1, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "kubernetes", + "results": { + "failed_checks": [ + { + "check_id": "CKV_K8S_13", + "bc_check_id": None, + "check_name": "Minimize the admission of containers with capabilities assigned", + "check_result": { + "result": "FAILED", + "evaluated_keys": [...], + }, + "code_block": None, + "file_path": "/app.yaml", + "file_abs_path": "./_AW1234/app.yaml", + "repo_file_path": "/_AW1234/app.yaml", + "file_line_range": [21, 83], + "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", + "evaluations": {}, + "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", + "fixed_definition": None, + "entity_tags": None, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + }, + ] + config_rules = { + "CKV_DOCKER_3": { + "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + "environment": {...}, + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Vulnerability", + }, + "CKV_K8S_13": { + "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", + "environment": {...}, + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance", + }, + } + + list_findings = CheckovDeserealizator.get_list_finding( + results_scan_list, config_rules + ) + + list_findings_compare: list[Finding] = [] + list_findings_compare.append( + Finding( + id="CKV_DOCKER_3", + cvss=None, + where="/_AW1234/Dockerfile: docker", + description="IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="Checkov", + ) + ) + + list_findings_compare.append( + Finding( + id="CKV_K8S_13", + cvss=None, + where="/_AW1234/app.yaml: Deployment.devsecops-engine-dev.ms-async-provider-deployment", + description='IAC-CKV_K8S_13 Ensure memory limits are set', + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.COMPLIANCE, + requirements=None, + tool="Checkov", + ) + ) + + assert list_findings == list_findings_compare diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_tool.py index d02c6f7bd..e526f55cd 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_tool.py @@ -1,268 +1,268 @@ -import unittest -from unittest.mock import MagicMock -from unittest import mock -from queue import Queue -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import ( - CheckovTool, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( - ConfigTool, -) -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi -import os - - -class TestCheckovTool(unittest.TestCase): - def setUp(self): - self.checkov_tool = CheckovTool() - - def test_create_config_file(self): - checkov_config = MagicMock() - checkov_config.path_config_file = "/path/to/config/" - checkov_config.config_file_name = "docker" - checkov_config.dict_confg_file = {"key": "value"} - - with mock.patch("builtins.open", create=True) as mock_open: - self.checkov_tool.create_config_file(checkov_config) - - mock_open.assert_called_once_with( - "/path/to/config/dockercheckov_config.yaml", "w" - ) - - def test_configurate_external_checks_git(self): - # Configurar valores simulados - json_data = { - "SEARCH_PATTERN": ["AW", "NU"], - "IGNORE_SEARCH_PATTERN": [ - "test", - ], - "MESSAGE_INFO_ENGINE_IAC": "message test", - "EXCLUSIONS_PATH": "Exclusions.json", - "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 10, - "High": 3, - "Medium": 20, - "Low": 30, - }, - "COMPLIANCE": {"Critical": 4}, - }, - "CHECKOV": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "True", - "EXTERNAL_CHECKS_GIT": "rules", - "EXTERNAL_GIT_SSH_HOST": "github", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", - "USE_EXTERNAL_CHECKS_DIR": "False", - "EXTERNAL_DIR_OWNER": "test", - "EXTERNAL_DIR_REPOSITORY": "repository", - "EXTERNAL_DIR_ASSET_NAME": "rules", - "RULES": "", - }, - } - mock_config_tool = ConfigTool(json_data, "CHECKOV") - mock_secret_tool = { - "repository_ssh_private_key": "cmVwb3NpdG9yeV9zc2hfcHJpdmF0ZV9rZXkK", - "repository_ssh_password": "cmVwb3NpdG9yeV9zc2hfcGFzc3dvcmQK", - } - - # Llamar al método que se está probando - result = self.checkov_tool.configurate_external_checks( - mock_config_tool, mock_secret_tool - ) - - # Verificar que el resultado es el esperado - self.assertIsNone(result) - - @mock.patch( - "devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.download_latest_release_assets", - autospec=True, - ) - def test_configurate_external_checks_dir(self, mock_github_api): - # Configurar valores simulados - json_data = { - "SEARCH_PATTERN": ["AW", "NU"], - "IGNORE_SEARCH_PATTERN": [ - "test", - ], - "MESSAGE_INFO_ENGINE_IAC": "message test", - "EXCLUSIONS_PATH": "Exclusions.json", - "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 10, - "High": 3, - "Medium": 20, - "Low": 30, - }, - "COMPLIANCE": {"Critical": 4}, - }, - "CHECKOV": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "rules", - "EXTERNAL_GIT_SSH_HOST": "github", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", - "USE_EXTERNAL_CHECKS_DIR": "True", - "EXTERNAL_DIR_OWNER": "test", - "EXTERNAL_DIR_REPOSITORY": "repository", - "EXTERNAL_DIR_ASSET_NAME": "rules", - "RULES": "", - } - } - mock_config_tool = ConfigTool(json_data, "CHECKOV") - mock_secret_tool = { - "github_token": "mock_github_token", - "repository_ssh_host": "repository_ssh_host", - } - - # Configurar el valor simulado de retorno para ciertos métodos - mock_github_api_instance = MagicMock() - mock_github_api.return_value = mock_github_api_instance - - # Llamar al método que se está probando - result = self.checkov_tool.configurate_external_checks( - mock_config_tool, mock_secret_tool - ) - - # Verificar que el resultado es el esperado - self.assertIsNone(result) - - def test_configurate_external_checks_secret_tool_None(self): - # Llamar al método que se está probando - result = self.checkov_tool.configurate_external_checks(None, None) - - # Verificar que el resultado es el esperado - self.assertIsNone(result) - - @mock.patch( - "devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.download_latest_release_assets", - autospec=True, - ) - def test_configurate_external_checks_error(self, mock_github_api): - # Configurar valores simulados - json_data = { - "SEARCH_PATTERN": ["AW", "NU"], - "IGNORE_SEARCH_PATTERN": [ - "test", - ], - "MESSAGE_INFO_ENGINE_IAC": "message test", - "EXCLUSIONS_PATH": "Exclusions.json", - "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 10, - "High": 3, - "Medium": 20, - "Low": 30, - }, - "COMPLIANCE": {"Critical": 4}, - }, - "CHECKOV": { - "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "rules", - "EXTERNAL_GIT_SSH_HOST": "github", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", - "USE_EXTERNAL_CHECKS_DIR": "True", - "EXTERNAL_DIR_OWNER": "test", - "EXTERNAL_DIR_REPOSITORY": "repository", - "RULES": "", - } - } - mock_config_tool = ConfigTool(json_data, "CHECKOV") - mock_secret_tool = { - "github_token": "mock_github_token", - "repository_ssh_host": "repository_ssh_host", - } - - # Configurar el valor simulado de retorno para ciertos métodos - mock_github_api.side_effect = Exception("Simulated error") - - # Llamar al método que se está probando - result = self.checkov_tool.configurate_external_checks( - mock_config_tool, mock_secret_tool - ) - - # Verificar que el resultado es el esperado - self.assertIsNone(result) - - def test_execute(self): - checkov_config = MagicMock() - checkov_config.path_config_file = "/path/to/config/" - checkov_config.config_file_name = "checkov_config" - - subprocess_mock = MagicMock() - subprocess_mock.run.return_value.stdout = "Output" - subprocess_mock.run.return_value.stderr = "Error" - - with mock.patch("subprocess.run", return_value=subprocess_mock) as mock_run: - self.checkov_tool.execute(checkov_config) - - mock_run.assert_called_once_with( - "checkov --config-file /path/to/config/checkov_configcheckov_config.yaml", - capture_output=True, - text=True, - shell=True, - env=dict(os.environ), - ) - - @mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool.CheckovTool.execute", - autospec=True, - ) - def test_async_scan(self, mock_checkov_tool): - checkov_config = MagicMock() - checkov_config.path_config_file = "/path/to/config/" - checkov_config.config_file_name = "checkov_config" - - output_queue = Queue() - - mock_checkov_tool.return_value = '{"key": "value"}' - - self.checkov_tool.async_scan(output_queue, checkov_config) - - self.assertEqual(output_queue.get(), [{"key": "value"}]) - - def test_scan_folders(self): - folders_to_scan = ["/path/to/folder"] - config_tool = MagicMock() - config_tool.rules_data_type = { - "RULES_DOCKER": {"rule1": {"environment": {"dev": True}}}, - "RULES_K8S": {"rule2": {"environment": {"prod": True}}}, - } - agent_env = MagicMock() - environment = "dev" - - output_queue = Queue() - output_queue.put([{"key": "value"}]) - - with mock.patch.object( - self.checkov_tool, "async_scan", side_effect=output_queue.put - ): - result_scans = self.checkov_tool.scan_folders( - folders_to_scan, config_tool, agent_env, environment, "eks" - ) - - self.assertEqual(result_scans, []) - - def test_run_tool(self): - config_tool = MagicMock() - folders_to_scan = ["/path/to/folder"] - environment = "dev" - platform = "eks" - secret_tool = MagicMock() - - self.checkov_tool.configurate_external_checks = MagicMock( - return_value="agent_env" - ) - self.checkov_tool.scan_folders = MagicMock(return_value=[{"key": "value"}]) - self.checkov_tool.TOOL = "CHECKOV" - - findings_list, file_from_tool = self.checkov_tool.run_tool( - config_tool, folders_to_scan, environment, platform, secret_tool - ) - - self.assertEqual(findings_list, []) - assert "results.json" in file_from_tool +import unittest +from unittest.mock import MagicMock +from unittest import mock +from queue import Queue +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import ( + CheckovTool, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( + ConfigTool, +) +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi +import os + + +class TestCheckovTool(unittest.TestCase): + def setUp(self): + self.checkov_tool = CheckovTool() + + def test_create_config_file(self): + checkov_config = MagicMock() + checkov_config.path_config_file = "/path/to/config/" + checkov_config.config_file_name = "docker" + checkov_config.dict_confg_file = {"key": "value"} + + with mock.patch("builtins.open", create=True) as mock_open: + self.checkov_tool.create_config_file(checkov_config) + + mock_open.assert_called_once_with( + "/path/to/config/dockercheckov_config.yaml", "w" + ) + + def test_configurate_external_checks_git(self): + # Configurar valores simulados + json_data = { + "SEARCH_PATTERN": ["AW", "NU"], + "IGNORE_SEARCH_PATTERN": [ + "test", + ], + "MESSAGE_INFO_ENGINE_IAC": "message test", + "EXCLUSIONS_PATH": "Exclusions.json", + "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 10, + "High": 3, + "Medium": 20, + "Low": 30, + }, + "COMPLIANCE": {"Critical": 4}, + }, + "CHECKOV": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "True", + "EXTERNAL_CHECKS_GIT": "rules", + "EXTERNAL_GIT_SSH_HOST": "github", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", + "USE_EXTERNAL_CHECKS_DIR": "False", + "EXTERNAL_DIR_OWNER": "test", + "EXTERNAL_DIR_REPOSITORY": "repository", + "EXTERNAL_DIR_ASSET_NAME": "rules", + "RULES": "", + }, + } + mock_config_tool = ConfigTool(json_data, "CHECKOV") + mock_secret_tool = { + "repository_ssh_private_key": "cmVwb3NpdG9yeV9zc2hfcHJpdmF0ZV9rZXkK", + "repository_ssh_password": "cmVwb3NpdG9yeV9zc2hfcGFzc3dvcmQK", + } + + # Llamar al método que se está probando + result = self.checkov_tool.configurate_external_checks( + mock_config_tool, mock_secret_tool + ) + + # Verificar que el resultado es el esperado + self.assertIsNone(result) + + @mock.patch( + "devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.download_latest_release_assets", + autospec=True, + ) + def test_configurate_external_checks_dir(self, mock_github_api): + # Configurar valores simulados + json_data = { + "SEARCH_PATTERN": ["AW", "NU"], + "IGNORE_SEARCH_PATTERN": [ + "test", + ], + "MESSAGE_INFO_ENGINE_IAC": "message test", + "EXCLUSIONS_PATH": "Exclusions.json", + "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 10, + "High": 3, + "Medium": 20, + "Low": 30, + }, + "COMPLIANCE": {"Critical": 4}, + }, + "CHECKOV": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "rules", + "EXTERNAL_GIT_SSH_HOST": "github", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "test", + "EXTERNAL_DIR_REPOSITORY": "repository", + "EXTERNAL_DIR_ASSET_NAME": "rules", + "RULES": "", + } + } + mock_config_tool = ConfigTool(json_data, "CHECKOV") + mock_secret_tool = { + "github_token": "mock_github_token", + "repository_ssh_host": "repository_ssh_host", + } + + # Configurar el valor simulado de retorno para ciertos métodos + mock_github_api_instance = MagicMock() + mock_github_api.return_value = mock_github_api_instance + + # Llamar al método que se está probando + result = self.checkov_tool.configurate_external_checks( + mock_config_tool, mock_secret_tool + ) + + # Verificar que el resultado es el esperado + self.assertIsNone(result) + + def test_configurate_external_checks_secret_tool_None(self): + # Llamar al método que se está probando + result = self.checkov_tool.configurate_external_checks(None, None) + + # Verificar que el resultado es el esperado + self.assertIsNone(result) + + @mock.patch( + "devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.download_latest_release_assets", + autospec=True, + ) + def test_configurate_external_checks_error(self, mock_github_api): + # Configurar valores simulados + json_data = { + "SEARCH_PATTERN": ["AW", "NU"], + "IGNORE_SEARCH_PATTERN": [ + "test", + ], + "MESSAGE_INFO_ENGINE_IAC": "message test", + "EXCLUSIONS_PATH": "Exclusions.json", + "UPDATE_SERVICE_WITH_FILE_NAME_CFT": "false", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 10, + "High": 3, + "Medium": 20, + "Low": 30, + }, + "COMPLIANCE": {"Critical": 4}, + }, + "CHECKOV": { + "VERSION": "2.3.296", + "USE_EXTERNAL_CHECKS_GIT": "False", + "EXTERNAL_CHECKS_GIT": "rules", + "EXTERNAL_GIT_SSH_HOST": "github", + "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "test", + "EXTERNAL_DIR_REPOSITORY": "repository", + "RULES": "", + } + } + mock_config_tool = ConfigTool(json_data, "CHECKOV") + mock_secret_tool = { + "github_token": "mock_github_token", + "repository_ssh_host": "repository_ssh_host", + } + + # Configurar el valor simulado de retorno para ciertos métodos + mock_github_api.side_effect = Exception("Simulated error") + + # Llamar al método que se está probando + result = self.checkov_tool.configurate_external_checks( + mock_config_tool, mock_secret_tool + ) + + # Verificar que el resultado es el esperado + self.assertIsNone(result) + + def test_execute(self): + checkov_config = MagicMock() + checkov_config.path_config_file = "/path/to/config/" + checkov_config.config_file_name = "checkov_config" + + subprocess_mock = MagicMock() + subprocess_mock.run.return_value.stdout = "Output" + subprocess_mock.run.return_value.stderr = "Error" + + with mock.patch("subprocess.run", return_value=subprocess_mock) as mock_run: + self.checkov_tool.execute(checkov_config) + + mock_run.assert_called_once_with( + "checkov --config-file /path/to/config/checkov_configcheckov_config.yaml", + capture_output=True, + text=True, + shell=True, + env=dict(os.environ), + ) + + @mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool.CheckovTool.execute", + autospec=True, + ) + def test_async_scan(self, mock_checkov_tool): + checkov_config = MagicMock() + checkov_config.path_config_file = "/path/to/config/" + checkov_config.config_file_name = "checkov_config" + + output_queue = Queue() + + mock_checkov_tool.return_value = '{"key": "value"}' + + self.checkov_tool.async_scan(output_queue, checkov_config) + + self.assertEqual(output_queue.get(), [{"key": "value"}]) + + def test_scan_folders(self): + folders_to_scan = ["/path/to/folder"] + config_tool = MagicMock() + config_tool.rules_data_type = { + "RULES_DOCKER": {"rule1": {"environment": {"dev": True}}}, + "RULES_K8S": {"rule2": {"environment": {"prod": True}}}, + } + agent_env = MagicMock() + environment = "dev" + + output_queue = Queue() + output_queue.put([{"key": "value"}]) + + with mock.patch.object( + self.checkov_tool, "async_scan", side_effect=output_queue.put + ): + result_scans = self.checkov_tool.scan_folders( + folders_to_scan, config_tool, agent_env, environment, "eks" + ) + + self.assertEqual(result_scans, []) + + def test_run_tool(self): + config_tool = MagicMock() + folders_to_scan = ["/path/to/folder"] + environment = "dev" + platform = "eks" + secret_tool = MagicMock() + + self.checkov_tool.configurate_external_checks = MagicMock( + return_value="agent_env" + ) + self.checkov_tool.scan_folders = MagicMock(return_value=[{"key": "value"}]) + self.checkov_tool.TOOL = "CHECKOV" + + findings_list, file_from_tool = self.checkov_tool.run_tool( + config_tool, folders_to_scan, environment, platform, secret_tool + ) + + self.assertEqual(findings_list, []) + assert "results.json" in file_from_tool diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py index 461947c44..56818bcb7 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py @@ -1,156 +1,156 @@ -import unittest -from unittest.mock import patch -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import ( - KicsDeserealizator -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( - KicsTool -) -from datetime import datetime - -class TestKicsDeserealizator(unittest.TestCase): - - def setUp(self): - self.deserealizator = KicsDeserealizator() - - def test_get_list_finding_empty_list(self): - results_scan_list = [] - expected_list = [] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(actual_list, expected_list) - - def test_get_list_finding_single_finding(self): - results_scan_list = [ - { - "severity": "High", - "description": "Test", - "file_name": "/some/path", - "id": "1" - } - ] - expected_list = [ - Finding( - id="1", - cvss=None, - where="/some/path", - description="Test", - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="Kics" - ) - ] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(len(actual_list), 1) - self.assertEqual(actual_list[0], expected_list[0]) - - def test_get_findings_empty_data(self): - data = {} - expected = [] - result = self.deserealizator.get_findings(data) - self.assertEqual(result, expected) - - def test_get_findings_queries_with_various_severities(self): - data = { - "queries": [ - { - "severity": "LOW", - "query_name": "Test Query 1", - "query_id": "1", - "files": [ - {"file_name": "file1.py"} - ] - }, - { - "severity": "MEDIUM", - "query_name": "Test Query 2", - "query_id": "2", - "files": [ - {"file_name": "file2.py"} - ] - }, - { - "severity": "HIGH", - "query_name": "Test Query 3", - "query_id": "3", - "files": [ - {"file_name": "file3.py"} - ] - }, - { - "severity": "CRITICAL", - "query_name": "Test Query 4", - "query_id": "4", - "files": [ - {"file_name": "file4.py"} - ] - }, - { - "severity": "INFO", - "query_name": "Test Query 5", - "query_id": "5", - "files": [ - {"file_name": "file5.py"} - ] - } - ] - } - expected = [ - {"severity": "LOW", "description": "Test Query 1", "file_name": "file1.py", "id": "1"}, - {"severity": "MEDIUM", "description": "Test Query 2", "file_name": "file2.py", "id": "2"}, - {"severity": "HIGH", "description": "Test Query 3", "file_name": "file3.py", "id": "3"}, - {"severity": "CRITICAL", "description": "Test Query 4", "file_name": "file4.py", "id": "4"} - ] - result = self.deserealizator.get_findings(data) - self.assertEqual(result, expected) - - def test_get_finding_queries_with_no_files(self): - data = { - "queries": [ - { - "severity": "HIGH", - "query_name": "Test Query 1", - "query_id": "1", - "files": [] - } - ] - } - expected = [] - result = self.deserealizator.get_findings(data) - self.assertEqual(result, expected) - - def test_calculate_total_vulnerabilities_empty_data(self): - data = {} - expected = 0 - result = self.deserealizator.calculate_total_vulnerabilities(data) - self.assertEqual(result, expected) - - def test_calculate_total_vulnerabilities_no_vulnerabilities(self): - data = {"severity_counters": {}} - expected = 0 - result = self.deserealizator.calculate_total_vulnerabilities(data) - self.assertEqual(result, expected) - - def test_calculate_total_vulnerabilities_with_vulnerabilities(self): - data = { - "severity_counters": { - "CRITICAL": 10, - "HIGH": 5, - "MEDIUM": 2, - "LOW": 1 - } - } - expected = 18 - result = self.deserealizator.calculate_total_vulnerabilities(data) +import unittest +from unittest.mock import patch +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import ( + KicsDeserealizator +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( + KicsTool +) +from datetime import datetime + +class TestKicsDeserealizator(unittest.TestCase): + + def setUp(self): + self.deserealizator = KicsDeserealizator() + + def test_get_list_finding_empty_list(self): + results_scan_list = [] + expected_list = [] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(actual_list, expected_list) + + def test_get_list_finding_single_finding(self): + results_scan_list = [ + { + "severity": "High", + "description": "Test", + "file_name": "/some/path", + "id": "1" + } + ] + expected_list = [ + Finding( + id="1", + cvss=None, + where="/some/path", + description="Test", + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="Kics" + ) + ] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(len(actual_list), 1) + self.assertEqual(actual_list[0], expected_list[0]) + + def test_get_findings_empty_data(self): + data = {} + expected = [] + result = self.deserealizator.get_findings(data) + self.assertEqual(result, expected) + + def test_get_findings_queries_with_various_severities(self): + data = { + "queries": [ + { + "severity": "LOW", + "query_name": "Test Query 1", + "query_id": "1", + "files": [ + {"file_name": "file1.py"} + ] + }, + { + "severity": "MEDIUM", + "query_name": "Test Query 2", + "query_id": "2", + "files": [ + {"file_name": "file2.py"} + ] + }, + { + "severity": "HIGH", + "query_name": "Test Query 3", + "query_id": "3", + "files": [ + {"file_name": "file3.py"} + ] + }, + { + "severity": "CRITICAL", + "query_name": "Test Query 4", + "query_id": "4", + "files": [ + {"file_name": "file4.py"} + ] + }, + { + "severity": "INFO", + "query_name": "Test Query 5", + "query_id": "5", + "files": [ + {"file_name": "file5.py"} + ] + } + ] + } + expected = [ + {"severity": "LOW", "description": "Test Query 1", "file_name": "file1.py", "id": "1"}, + {"severity": "MEDIUM", "description": "Test Query 2", "file_name": "file2.py", "id": "2"}, + {"severity": "HIGH", "description": "Test Query 3", "file_name": "file3.py", "id": "3"}, + {"severity": "CRITICAL", "description": "Test Query 4", "file_name": "file4.py", "id": "4"} + ] + result = self.deserealizator.get_findings(data) + self.assertEqual(result, expected) + + def test_get_finding_queries_with_no_files(self): + data = { + "queries": [ + { + "severity": "HIGH", + "query_name": "Test Query 1", + "query_id": "1", + "files": [] + } + ] + } + expected = [] + result = self.deserealizator.get_findings(data) + self.assertEqual(result, expected) + + def test_calculate_total_vulnerabilities_empty_data(self): + data = {} + expected = 0 + result = self.deserealizator.calculate_total_vulnerabilities(data) + self.assertEqual(result, expected) + + def test_calculate_total_vulnerabilities_no_vulnerabilities(self): + data = {"severity_counters": {}} + expected = 0 + result = self.deserealizator.calculate_total_vulnerabilities(data) + self.assertEqual(result, expected) + + def test_calculate_total_vulnerabilities_with_vulnerabilities(self): + data = { + "severity_counters": { + "CRITICAL": 10, + "HIGH": 5, + "MEDIUM": 2, + "LOW": 1 + } + } + expected = 18 + result = self.deserealizator.calculate_total_vulnerabilities(data) self.assertEqual(result, expected) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_tool.py index a97a229ff..e5f655f8f 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_tool.py @@ -1,302 +1,302 @@ -import unittest -import subprocess -import logging -import os -from unittest.mock import MagicMock, patch, mock_open, call, Mock -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( - KicsTool, - KicsDeserealizator -) -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi - -logger = logging.getLogger() -logger.setLevel(logging.ERROR) -stream_handler = logging.StreamHandler() -logger.addHandler(stream_handler) - - -class TestKicsTool(unittest.TestCase): - - def setUp(self): - self.kics_tool = KicsTool() - - @patch("builtins.open", new_callable=mock_open) - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.requests.get') - def test_download_tool_success(self, mock_get, mock_file): - - mock_response = MagicMock() - mock_response.content = b'Test content' - mock_get.return_value = mock_response - - url = "http://example.com/test" - file = "testfile.bin" - - self.kics_tool.download(file, url) - - mock_get.assert_called_once_with(url) - - mock_file().write.assert_called_once_with(b'Test content') - - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run') - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger') - @patch.object(KicsTool, "download") - def test_install_tool_already_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_installed = MagicMock() - mock_installed.returncode = 0 - mock_subprocess_run.return_value = mock_installed - command_prefix = "kics" - - file = "testfile.zip" - url = "http://example.com/test" - tool = self.kics_tool - tool.install_tool(file, url, command_prefix) - - mock_subprocess_run.assert_called_once_with( - ["which", "kics"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_not_called() - - mock_logger.error.assert_not_called() - - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run') - @patch.object(KicsTool, "download") - @patch.object(GithubApi, "unzip_file") - def test_install_tool_not_installed(self, mock_unzip, mock_download, mock_subprocess): - mock_subprocess.side_effect = [ - MagicMock(returncode=1), - MagicMock() - ] - - self.kics_tool.install_tool("kics.zip", "http://example.com/kics.zip", "kics") - - mock_download.assert_called_once_with("kics.zip", "http://example.com/kics.zip") - mock_unzip.assert_called_once_with("kics.zip", "kics") - mock_subprocess.assert_any_call(["which", "kics"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - mock_subprocess.assert_any_call(["chmod", "+x", "./kics/kics"]) - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") - @patch.object(KicsTool, "download") - def test_install_tool_windows_already_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_installed = MagicMock() - mock_subprocess_run.return_value = mock_installed - command_prefix = "kics" - - file = "testfile.zip" - url = "http://example.com/test" - tool = self.kics_tool - tool.install_tool_windows(file, url, command_prefix) - - mock_subprocess_run.assert_called_once_with( - ["kics", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_not_called() - - mock_logger.error.assert_not_called() - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run", side_effect=Exception("Test exception")) - @patch.object(GithubApi, 'unzip_file') - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger') - @patch.object(KicsTool, "download") - def test_install_tool_windows_not_installed(self, mock_download_tool, mock_logger, mock_unzip_file, mock_subprocess_run): - mock_download_tool.return_value = None - - file = "testfile.zip" - url = "http://example.com/test" - tool = self.kics_tool - command_prefix = "kics" - tool.install_tool_windows(file, url, command_prefix) - - mock_subprocess_run.assert_called_once_with( - ["kics", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_called_once_with(file, url) - mock_unzip_file.assert_called_once_with(file, "kics") - mock_logger.error.assert_not_called() - - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.GithubApi') - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run", side_effect=Exception("Test exception")) - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") - @patch.object(KicsTool, "download", side_effect=Exception("Download exception")) - def test_install_tool_windows_exception(self, mock_download_tool, mock_logger, mock_subprocess_run, mock_github_api): - - file = "testfile.zip" - url = "http://example.com/test" - tool = self.kics_tool - command_prefix = "kics" - tool.install_tool_windows(file, url, command_prefix) - - mock_subprocess_run.assert_called_once_with( - ["kics", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_called_once_with(file, url) - - mock_logger.error.assert_called_once_with("Error installing KICS: Download exception") - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") - def test_execute_kics_success(self, mock_logger, mock_subprocess_run): - mock_subprocess_run.return_value = MagicMock() - - folders_to_scan = ["folder1", "folder2"] - prefix = "kics" - self.kics_tool.execute_kics(folders_to_scan, prefix) - - expected_calls = [ - call( - ["kics", "scan", "-p", "folder1,folder2", "-q", "./kics_assets/assets", "--report-formats", "json", "-o", "./"], - capture_output=True - ) - ] - mock_subprocess_run.assert_has_calls(expected_calls, any_order=False) - - mock_logger.error.assert_not_called() - - @patch('builtins.open', new_callable=mock_open, read_data='{"key": "value"}') - @patch('json.load', return_value={"key": "value"}) - def test_load_results_success(self, mock_json_load, mock_file): - result = self.kics_tool.load_results() - self.assertEqual(result, {"key": "value"}) - mock_file.assert_called_once_with('results.json') - mock_json_load.assert_called_once() - - @patch('builtins.open', new_callable=mock_open) - @patch('json.load', side_effect=Exception("error")) - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") - def test_load_results_failure(self, mock_logger_error, mock_json_load, mock_file): - result = self.kics_tool.load_results() - self.assertIsNone(result) - mock_file.assert_called_once_with('results.json') - mock_json_load.assert_called_once() - mock_logger_error.error.assert_called_once_with("An error ocurred loading KICS results error") - - @patch.object(KicsTool, 'install_tool') - @patch.object(KicsTool, 'install_tool_windows') - @patch.object(KicsTool, 'execute_kics') - def test_select_operative_system_linux(self, mock_execute_kics, mock_install_tool_windows, mock_install_tool): - mock_config_tool = Mock() - mock_config_tool.kics_linux = "http://example.com/kics_linux.zip" - path = "kics" - - mock_install_tool.return_value = "kics" - - self.kics_tool.select_operative_system("Linux", ["folder1", "folder2"], mock_config_tool, path) - - mock_install_tool.assert_called_once_with("kics_linux.zip", "http://example.com/kics_linux.zip", "kics") - mock_install_tool_windows.assert_not_called() - mock_execute_kics.assert_called_once_with(["folder1", "folder2"], "kics") - - @patch.object(KicsTool, 'install_tool') - @patch.object(KicsTool, 'install_tool_windows') - @patch.object(KicsTool, 'execute_kics') - def test_select_operative_system_windows(self, mock_execute_kics, mock_install_tool_windows, mock_install_tool): - mock_config_tool = Mock() - mock_config_tool.kics_windows = "http://example.com/kics_windows.zip" - path = "kics" - - mock_install_tool_windows.return_value = "kics" - - self.kics_tool.select_operative_system("Windows", ["folder1", "folder2"], mock_config_tool, path) - - mock_install_tool_windows.assert_called_once_with("kics_windows.zip", "http://example.com/kics_windows.zip", "kics") - mock_install_tool.assert_not_called() - mock_execute_kics.assert_called_once_with(["folder1", "folder2"], "kics") - - @patch.object(KicsTool, 'install_tool') - @patch.object(KicsTool, 'install_tool_windows') - @patch.object(KicsTool, 'execute_kics') - def test_select_operative_system_darwin(self, mock_execute_kics, mock_install_tool_windows, mock_install_tool): - mock_config_tool = Mock() - mock_config_tool.kics_mac = "http://example.com/kics_mac.zip" - path = "kics" - - mock_install_tool.return_value = "kics" - - self.kics_tool.select_operative_system("Darwin", ["folder1", "folder2"], mock_config_tool, path) - - mock_install_tool.assert_called_once_with("kics_macos.zip", "http://example.com/kics_mac.zip", "kics") - mock_install_tool_windows.assert_not_called() - mock_execute_kics.assert_called_once_with(["folder1", "folder2"], "kics") - - @patch.object(KicsTool, 'install_tool') - @patch.object(KicsTool, 'install_tool_windows') - @patch.object(KicsTool, 'execute_kics') - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") - def test_select_operative_system_unsupported(self, mock_logger, mock_execute_kics, mock_install_tool_windows, mock_install_tool): - mock_config_tool = Mock() - path = "kics" - - result = self.kics_tool.select_operative_system("UnsupportedOS", ["folder1", "folder2"], mock_config_tool, path) - - mock_install_tool.assert_not_called() - mock_install_tool_windows.assert_not_called() - mock_execute_kics.assert_not_called() - mock_logger.warning.assert_called_once_with("UnsupportedOS is not supported.") - self.assertEqual(result, ([], None)) - - @patch.object(KicsTool, 'download') - @patch.object(GithubApi, 'unzip_file') - def test_get_assets(self, mock_unzip_file, mock_download): - kics_version = "1.2.3" - - self.kics_tool.get_assets(kics_version) - - assets_url = f"https://github.com/Checkmarx/kics/releases/download/v{kics_version}/extracted-info.zip" - mock_download.assert_called_once_with("assets_compressed.zip", assets_url) - mock_unzip_file.assert_called_once_with("assets_compressed.zip", "kics_assets") - - @patch('platform.system', return_value='Linux') - @patch.object(KicsTool, 'get_assets') - @patch.object(KicsTool, 'select_operative_system') - @patch.object(KicsTool, 'load_results', return_value={'data': 'results'}) - @patch.object(KicsDeserealizator, 'calculate_total_vulnerabilities', return_value=0) - def test_run_tool_no_vulnerabilities(self, mock_calc_vulns, mock_load_results, mock_select_os, mock_get_assets, mock_platform): - mock_config_tool = Mock() - mock_config_tool.version = '1.2.3' - mock_config_tool.path_kics = 'mock/path/kics' - - result, path = self.kics_tool.run_tool(mock_config_tool, ['folder1', 'folder2'], None, 'k8s', None) - - mock_get_assets.assert_called_once_with('1.2.3') - mock_select_os.assert_called_once_with('Linux', ['folder1', 'folder2'], mock_config_tool, 'mock/path/kics') - mock_load_results.assert_called_once() - mock_calc_vulns.assert_called_once_with({'data': 'results'}) - - self.assertEqual(result, []) - self.assertEqual(path, os.path.abspath("results.json")) - - @patch('platform.system', return_value='Linux') - @patch.object(KicsTool, 'get_assets') - @patch.object(KicsTool, 'select_operative_system') - @patch.object(KicsTool, 'load_results', return_value={'data': 'results'}) - @patch.object(KicsDeserealizator, 'calculate_total_vulnerabilities', return_value=5) - @patch.object(KicsDeserealizator, 'get_findings', return_value='filtered_results') - @patch.object(KicsDeserealizator, 'get_list_finding', return_value=['finding1', 'finding2']) - def test_run_tool_with_vulnerabilities(self, mock_get_list_finding, mock_get_findings, mock_calc_vulns, mock_load_results, mock_select_os, mock_get_assets, mock_platform): - mock_config_tool = Mock() - mock_config_tool.version = '1.2.3' - mock_config_tool.path_kics = 'mock/path/kics' - - result, path = self.kics_tool.run_tool(mock_config_tool, ['folder1', 'folder2'], None, 'k8s', None) - - mock_get_assets.assert_called_once_with('1.2.3') - mock_select_os.assert_called_once_with('Linux', ['folder1', 'folder2'], mock_config_tool, 'mock/path/kics') - mock_load_results.assert_called_once() - mock_calc_vulns.assert_called_once_with({'data': 'results'}) - mock_get_findings.assert_called_once_with({'data': 'results'}) - mock_get_list_finding.assert_called_once_with('filtered_results') - - self.assertEqual(result, ['finding1', 'finding2']) +import unittest +import subprocess +import logging +import os +from unittest.mock import MagicMock, patch, mock_open, call, Mock +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( + KicsTool, + KicsDeserealizator +) +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi + +logger = logging.getLogger() +logger.setLevel(logging.ERROR) +stream_handler = logging.StreamHandler() +logger.addHandler(stream_handler) + + +class TestKicsTool(unittest.TestCase): + + def setUp(self): + self.kics_tool = KicsTool() + + @patch("builtins.open", new_callable=mock_open) + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.requests.get') + def test_download_tool_success(self, mock_get, mock_file): + + mock_response = MagicMock() + mock_response.content = b'Test content' + mock_get.return_value = mock_response + + url = "http://example.com/test" + file = "testfile.bin" + + self.kics_tool.download(file, url) + + mock_get.assert_called_once_with(url) + + mock_file().write.assert_called_once_with(b'Test content') + + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run') + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger') + @patch.object(KicsTool, "download") + def test_install_tool_already_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_installed = MagicMock() + mock_installed.returncode = 0 + mock_subprocess_run.return_value = mock_installed + command_prefix = "kics" + + file = "testfile.zip" + url = "http://example.com/test" + tool = self.kics_tool + tool.install_tool(file, url, command_prefix) + + mock_subprocess_run.assert_called_once_with( + ["which", "kics"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_not_called() + + mock_logger.error.assert_not_called() + + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run') + @patch.object(KicsTool, "download") + @patch.object(GithubApi, "unzip_file") + def test_install_tool_not_installed(self, mock_unzip, mock_download, mock_subprocess): + mock_subprocess.side_effect = [ + MagicMock(returncode=1), + MagicMock() + ] + + self.kics_tool.install_tool("kics.zip", "http://example.com/kics.zip", "kics") + + mock_download.assert_called_once_with("kics.zip", "http://example.com/kics.zip") + mock_unzip.assert_called_once_with("kics.zip", "kics") + mock_subprocess.assert_any_call(["which", "kics"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + mock_subprocess.assert_any_call(["chmod", "+x", "./kics/kics"]) + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") + @patch.object(KicsTool, "download") + def test_install_tool_windows_already_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_installed = MagicMock() + mock_subprocess_run.return_value = mock_installed + command_prefix = "kics" + + file = "testfile.zip" + url = "http://example.com/test" + tool = self.kics_tool + tool.install_tool_windows(file, url, command_prefix) + + mock_subprocess_run.assert_called_once_with( + ["kics", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_not_called() + + mock_logger.error.assert_not_called() + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run", side_effect=Exception("Test exception")) + @patch.object(GithubApi, 'unzip_file') + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger') + @patch.object(KicsTool, "download") + def test_install_tool_windows_not_installed(self, mock_download_tool, mock_logger, mock_unzip_file, mock_subprocess_run): + mock_download_tool.return_value = None + + file = "testfile.zip" + url = "http://example.com/test" + tool = self.kics_tool + command_prefix = "kics" + tool.install_tool_windows(file, url, command_prefix) + + mock_subprocess_run.assert_called_once_with( + ["kics", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_called_once_with(file, url) + mock_unzip_file.assert_called_once_with(file, "kics") + mock_logger.error.assert_not_called() + + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.GithubApi') + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run", side_effect=Exception("Test exception")) + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") + @patch.object(KicsTool, "download", side_effect=Exception("Download exception")) + def test_install_tool_windows_exception(self, mock_download_tool, mock_logger, mock_subprocess_run, mock_github_api): + + file = "testfile.zip" + url = "http://example.com/test" + tool = self.kics_tool + command_prefix = "kics" + tool.install_tool_windows(file, url, command_prefix) + + mock_subprocess_run.assert_called_once_with( + ["kics", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_called_once_with(file, url) + + mock_logger.error.assert_called_once_with("Error installing KICS: Download exception") + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") + def test_execute_kics_success(self, mock_logger, mock_subprocess_run): + mock_subprocess_run.return_value = MagicMock() + + folders_to_scan = ["folder1", "folder2"] + prefix = "kics" + self.kics_tool.execute_kics(folders_to_scan, prefix) + + expected_calls = [ + call( + ["kics", "scan", "-p", "folder1,folder2", "-q", "./kics_assets/assets", "--report-formats", "json", "-o", "./"], + capture_output=True + ) + ] + mock_subprocess_run.assert_has_calls(expected_calls, any_order=False) + + mock_logger.error.assert_not_called() + + @patch('builtins.open', new_callable=mock_open, read_data='{"key": "value"}') + @patch('json.load', return_value={"key": "value"}) + def test_load_results_success(self, mock_json_load, mock_file): + result = self.kics_tool.load_results() + self.assertEqual(result, {"key": "value"}) + mock_file.assert_called_once_with('results.json') + mock_json_load.assert_called_once() + + @patch('builtins.open', new_callable=mock_open) + @patch('json.load', side_effect=Exception("error")) + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") + def test_load_results_failure(self, mock_logger_error, mock_json_load, mock_file): + result = self.kics_tool.load_results() + self.assertIsNone(result) + mock_file.assert_called_once_with('results.json') + mock_json_load.assert_called_once() + mock_logger_error.error.assert_called_once_with("An error ocurred loading KICS results error") + + @patch.object(KicsTool, 'install_tool') + @patch.object(KicsTool, 'install_tool_windows') + @patch.object(KicsTool, 'execute_kics') + def test_select_operative_system_linux(self, mock_execute_kics, mock_install_tool_windows, mock_install_tool): + mock_config_tool = Mock() + mock_config_tool.kics_linux = "http://example.com/kics_linux.zip" + path = "kics" + + mock_install_tool.return_value = "kics" + + self.kics_tool.select_operative_system("Linux", ["folder1", "folder2"], mock_config_tool, path) + + mock_install_tool.assert_called_once_with("kics_linux.zip", "http://example.com/kics_linux.zip", "kics") + mock_install_tool_windows.assert_not_called() + mock_execute_kics.assert_called_once_with(["folder1", "folder2"], "kics") + + @patch.object(KicsTool, 'install_tool') + @patch.object(KicsTool, 'install_tool_windows') + @patch.object(KicsTool, 'execute_kics') + def test_select_operative_system_windows(self, mock_execute_kics, mock_install_tool_windows, mock_install_tool): + mock_config_tool = Mock() + mock_config_tool.kics_windows = "http://example.com/kics_windows.zip" + path = "kics" + + mock_install_tool_windows.return_value = "kics" + + self.kics_tool.select_operative_system("Windows", ["folder1", "folder2"], mock_config_tool, path) + + mock_install_tool_windows.assert_called_once_with("kics_windows.zip", "http://example.com/kics_windows.zip", "kics") + mock_install_tool.assert_not_called() + mock_execute_kics.assert_called_once_with(["folder1", "folder2"], "kics") + + @patch.object(KicsTool, 'install_tool') + @patch.object(KicsTool, 'install_tool_windows') + @patch.object(KicsTool, 'execute_kics') + def test_select_operative_system_darwin(self, mock_execute_kics, mock_install_tool_windows, mock_install_tool): + mock_config_tool = Mock() + mock_config_tool.kics_mac = "http://example.com/kics_mac.zip" + path = "kics" + + mock_install_tool.return_value = "kics" + + self.kics_tool.select_operative_system("Darwin", ["folder1", "folder2"], mock_config_tool, path) + + mock_install_tool.assert_called_once_with("kics_macos.zip", "http://example.com/kics_mac.zip", "kics") + mock_install_tool_windows.assert_not_called() + mock_execute_kics.assert_called_once_with(["folder1", "folder2"], "kics") + + @patch.object(KicsTool, 'install_tool') + @patch.object(KicsTool, 'install_tool_windows') + @patch.object(KicsTool, 'execute_kics') + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool.logger") + def test_select_operative_system_unsupported(self, mock_logger, mock_execute_kics, mock_install_tool_windows, mock_install_tool): + mock_config_tool = Mock() + path = "kics" + + result = self.kics_tool.select_operative_system("UnsupportedOS", ["folder1", "folder2"], mock_config_tool, path) + + mock_install_tool.assert_not_called() + mock_install_tool_windows.assert_not_called() + mock_execute_kics.assert_not_called() + mock_logger.warning.assert_called_once_with("UnsupportedOS is not supported.") + self.assertEqual(result, ([], None)) + + @patch.object(KicsTool, 'download') + @patch.object(GithubApi, 'unzip_file') + def test_get_assets(self, mock_unzip_file, mock_download): + kics_version = "1.2.3" + + self.kics_tool.get_assets(kics_version) + + assets_url = f"https://github.com/Checkmarx/kics/releases/download/v{kics_version}/extracted-info.zip" + mock_download.assert_called_once_with("assets_compressed.zip", assets_url) + mock_unzip_file.assert_called_once_with("assets_compressed.zip", "kics_assets") + + @patch('platform.system', return_value='Linux') + @patch.object(KicsTool, 'get_assets') + @patch.object(KicsTool, 'select_operative_system') + @patch.object(KicsTool, 'load_results', return_value={'data': 'results'}) + @patch.object(KicsDeserealizator, 'calculate_total_vulnerabilities', return_value=0) + def test_run_tool_no_vulnerabilities(self, mock_calc_vulns, mock_load_results, mock_select_os, mock_get_assets, mock_platform): + mock_config_tool = Mock() + mock_config_tool.version = '1.2.3' + mock_config_tool.path_kics = 'mock/path/kics' + + result, path = self.kics_tool.run_tool(mock_config_tool, ['folder1', 'folder2'], None, 'k8s', None) + + mock_get_assets.assert_called_once_with('1.2.3') + mock_select_os.assert_called_once_with('Linux', ['folder1', 'folder2'], mock_config_tool, 'mock/path/kics') + mock_load_results.assert_called_once() + mock_calc_vulns.assert_called_once_with({'data': 'results'}) + + self.assertEqual(result, []) + self.assertEqual(path, os.path.abspath("results.json")) + + @patch('platform.system', return_value='Linux') + @patch.object(KicsTool, 'get_assets') + @patch.object(KicsTool, 'select_operative_system') + @patch.object(KicsTool, 'load_results', return_value={'data': 'results'}) + @patch.object(KicsDeserealizator, 'calculate_total_vulnerabilities', return_value=5) + @patch.object(KicsDeserealizator, 'get_findings', return_value='filtered_results') + @patch.object(KicsDeserealizator, 'get_list_finding', return_value=['finding1', 'finding2']) + def test_run_tool_with_vulnerabilities(self, mock_get_list_finding, mock_get_findings, mock_calc_vulns, mock_load_results, mock_select_os, mock_get_assets, mock_platform): + mock_config_tool = Mock() + mock_config_tool.version = '1.2.3' + mock_config_tool.path_kics = 'mock/path/kics' + + result, path = self.kics_tool.run_tool(mock_config_tool, ['folder1', 'folder2'], None, 'k8s', None) + + mock_get_assets.assert_called_once_with('1.2.3') + mock_select_os.assert_called_once_with('Linux', ['folder1', 'folder2'], mock_config_tool, 'mock/path/kics') + mock_load_results.assert_called_once() + mock_calc_vulns.assert_called_once_with({'data': 'results'}) + mock_get_findings.assert_called_once_with({'data': 'results'}) + mock_get_list_finding.assert_called_once_with('filtered_results') + + self.assertEqual(result, ['finding1', 'finding2']) self.assertEqual(path, os.path.abspath("results.json")) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py index fe2a586e9..ea217e900 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py @@ -1,119 +1,119 @@ -import unittest -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import ( - KubescapeDeserealizator -) -from datetime import datetime - - -class TestKubescapeDeserealizator(unittest.TestCase): - - def setUp(self): - self.deserealizator = KubescapeDeserealizator() - - def test_get_list_finding_empty_list(self): - results_scan_list = [] - expected_list = [] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(actual_list, expected_list) - - def test_get_list_finding_single_finding(self): - results_scan_list = [ - { - "id": "1", - "where": "/some/path", - "description": "Test finding", - "severity": "High" - } - ] - expected_list = [ - Finding( - id="1", - cvss=None, - where="/some/path", - description="Test finding", - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="kubescape" - ) - ] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(len(actual_list), 1) - self.assertEqual(actual_list[0], expected_list[0]) - - def test_extract_failed_controls_no_failures(self): - data = { - "results": [ - { - "resourceID": "res1", - "controls": [ - {"controlID": "ctrl1", "status": {"status": "passed"}} - ] - } - ], - "resources": [ - {"resourceID": "res1", "source": {"relativePath": "path/to/res1"}} - ], - "summaryDetails": { - "frameworks": [] - } - } - result = self.deserealizator.extract_failed_controls(data) - self.assertEqual(result, []) - - def test_extract_failed_controls_with_failures(self): - data = { - "results": [ - { - "resourceID": "res1", - "controls": [ - {"controlID": "ctrl1", "name": "Control 1", "status": {"status": "failed"}} - ] - } - ], - "resources": [ - {"resourceID": "res1", "source": {"path": "path/to/res1"}} - ], - "summaryDetails": { - "frameworks": [{"controls": {"ctrl1": {"scoreFactor": 5}}}] - } - } - result = self.deserealizator.extract_failed_controls(data) - expected_result = [{ - "id": "ctrl1", - "description": "Control 1", - "where": "path/to/res1", - "severity": "medium" - }] - self.assertEqual(result, expected_result) - - def test_get_severity_score_none(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 0.0}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "none") - - def test_get_severity_score_medium(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 5.0}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "medium") - - def test_get_severity_score_high(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 8.0}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "high") - - def test_get_severity_score_critical(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 9.5}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "critical") +import unittest +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import ( + KubescapeDeserealizator +) +from datetime import datetime + + +class TestKubescapeDeserealizator(unittest.TestCase): + + def setUp(self): + self.deserealizator = KubescapeDeserealizator() + + def test_get_list_finding_empty_list(self): + results_scan_list = [] + expected_list = [] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(actual_list, expected_list) + + def test_get_list_finding_single_finding(self): + results_scan_list = [ + { + "id": "1", + "where": "/some/path", + "description": "Test finding", + "severity": "High" + } + ] + expected_list = [ + Finding( + id="1", + cvss=None, + where="/some/path", + description="Test finding", + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="kubescape" + ) + ] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(len(actual_list), 1) + self.assertEqual(actual_list[0], expected_list[0]) + + def test_extract_failed_controls_no_failures(self): + data = { + "results": [ + { + "resourceID": "res1", + "controls": [ + {"controlID": "ctrl1", "status": {"status": "passed"}} + ] + } + ], + "resources": [ + {"resourceID": "res1", "source": {"relativePath": "path/to/res1"}} + ], + "summaryDetails": { + "frameworks": [] + } + } + result = self.deserealizator.extract_failed_controls(data) + self.assertEqual(result, []) + + def test_extract_failed_controls_with_failures(self): + data = { + "results": [ + { + "resourceID": "res1", + "controls": [ + {"controlID": "ctrl1", "name": "Control 1", "status": {"status": "failed"}} + ] + } + ], + "resources": [ + {"resourceID": "res1", "source": {"path": "path/to/res1"}} + ], + "summaryDetails": { + "frameworks": [{"controls": {"ctrl1": {"scoreFactor": 5}}}] + } + } + result = self.deserealizator.extract_failed_controls(data) + expected_result = [{ + "id": "ctrl1", + "description": "Control 1", + "where": "path/to/res1", + "severity": "medium" + }] + self.assertEqual(result, expected_result) + + def test_get_severity_score_none(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 0.0}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "none") + + def test_get_severity_score_medium(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 5.0}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "medium") + + def test_get_severity_score_high(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 8.0}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "high") + + def test_get_severity_score_critical(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 9.5}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "critical") diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_tool.py index df54808c5..2bc253f37 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_tool.py @@ -1,271 +1,271 @@ -import unittest -import subprocess -import logging -from unittest.mock import MagicMock, patch, mock_open, call -from unittest import mock -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import ( - KubescapeTool -) -from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( - ConfigTool, -) - -logger = logging.getLogger() -logger.setLevel(logging.ERROR) -stream_handler = logging.StreamHandler() -logger.addHandler(stream_handler) - - -class TestKubescapeTool(unittest.TestCase): - - def setUp(self): - self.kubescape_tool = KubescapeTool() - - @patch("builtins.open", new_callable=mock_open) - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.requests.get') - def test_download_tool_success(self, mock_get, mock_file): - - mock_response = MagicMock() - mock_response.content = b'Test content' - mock_get.return_value = mock_response - - url = "http://example.com/test" - file = "testfile.bin" - - self.kubescape_tool.download_tool(file, url) - - mock_get.assert_called_once_with(url, allow_redirects=True) - - mock_file().write.assert_called_once_with(b'Test content') - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - @patch.object(KubescapeTool, "download_tool") - def test_install_tool_aleady_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_installed = MagicMock() - mock_installed.returncode = 0 - mock_subprocess_run.return_value = mock_installed - - file = "testfile" - url = "http://example.com/test" - tool = self.kubescape_tool - tool.install_tool(file, url) - - mock_subprocess_run.assert_called_once_with( - ["which", f"./{file}"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_not_called() - - mock_logger.error.assert_not_called() - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - @patch.object(KubescapeTool, "download_tool") - def test_install_tool_not_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_installed = MagicMock() - mock_installed.returncode = 1 - mock_subprocess_run.side_effect = [mock_installed, MagicMock()] - - file = "testfile" - url = "http://example.com/test" - tool = self.kubescape_tool - tool.install_tool(file, url) - - self.assertEqual(mock_subprocess_run.call_count, 2) - mock_subprocess_run.assert_any_call( - ["which", f"./{file}"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_subprocess_run.assert_any_call(["chmod", "+x", f"./{file}"]) - - mock_download_tool.assert_called_once_with(file, url) - - mock_logger.error.assert_not_called() - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - @patch.object(KubescapeTool, "download_tool") - def test_install_tool_exception(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_installed = MagicMock() - mock_installed.returncode = 1 - mock_subprocess_run.side_effect = [mock_installed, MagicMock()] - - mock_download_tool.side_effect = Exception("Test exception") - - file = "testfile" - url = "http://example.com/test" - tool = self.kubescape_tool - tool.install_tool(file, url) - - mock_subprocess_run.assert_called_once_with( - ["which", f"./{file}"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_called_once_with(file, url) - - mock_logger.error.assert_called_once_with("Error installing Kubescape: Test exception") - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - @patch.object(KubescapeTool, "download_tool") - def test_install_tool_windows_already_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_installed = MagicMock() - mock_subprocess_run.return_value = mock_installed - - file = "testfile" - url = "http://example.com/test" - tool = self.kubescape_tool - tool.install_tool_windows(file, url) - - mock_subprocess_run.assert_called_once_with( - [f"./{file}", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_not_called() - - mock_logger.error.assert_not_called() - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run", side_effect=Exception("Test exception")) - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - @patch.object(KubescapeTool, "download_tool") - def test_install_tool_windows_not_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): - mock_download_tool.return_value = None - - file = "testfile" - url = "http://example.com/test" - tool = self.kubescape_tool - tool.install_tool_windows(file, url) - - mock_subprocess_run.assert_called_once_with( - [f"./{file}", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_called_once_with(file, url) - - mock_logger.error.assert_not_called() - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run", side_effect=Exception("Test exception")) - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - @patch.object(KubescapeTool, "download_tool", side_effect=Exception("Download exception")) - def test_install_tool_windows_download_exception(self, mock_download_tool, mock_logger, mock_subprocess_run): - - file = "testfile" - url = "http://example.com/test" - tool = self.kubescape_tool - tool.install_tool_windows(file, url) - - mock_subprocess_run.assert_called_once_with( - [f"./{file}", "version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - - mock_download_tool.assert_called_once_with(file, url) - - mock_logger.error.assert_called_once_with("Error installing Kubescape: Download exception") - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - def test_execute_kubescape_success(self, mock_logger, mock_subprocess_run): - mock_subprocess_run.return_value = MagicMock() - - folders_to_scan = ["folder1", "folder2"] - prefix = "kubescape" - self.kubescape_tool.execute_kubescape(folders_to_scan, prefix) - - expected_calls = [ - call( - ["kubescape", "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output", "results_kubescape.json", "-v"], - capture_output=True - ) - ] - mock_subprocess_run.assert_has_calls(expected_calls, any_order=False) - - mock_logger.error.assert_not_called() - - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run", side_effect=subprocess.CalledProcessError(returncode=1, cmd="kubescape")) - @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") - def test_execute_kubescape_failure(self, mock_logger, mock_subprocess_run): - - folders_to_scan = ["folder1"] - prefix = "kubescape" - self.kubescape_tool.execute_kubescape(folders_to_scan, prefix) - - mock_subprocess_run.assert_called_once_with( - ["kubescape", "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output", "results_kubescape.json", "-v"], - capture_output=True - ) - - mock_logger.error.assert_called_once_with("Error during Kubescape execution: Command 'kubescape' returned non-zero exit status 1.") - - @patch("builtins.open", new_callable=mock.mock_open, read_data='{"key": "value"}') - def test_load_json_success(self, mock_file): - result = self.kubescape_tool.load_json("json_name.json") - self.assertEqual(result, {"key": "value"}) - mock_file.assert_called_once_with("json_name.json") - - def test_run_tool_empty_folders(self): - config_tool = MagicMock() - folders_to_scan = [] - environment = "dev" - platform = "eks" - secret_tool = MagicMock() - - findings_list, file_from_tool = self.kubescape_tool.run_tool( - config_tool, folders_to_scan, environment, platform, secret_tool - ) - - self.assertEqual(findings_list, []) - self.assertEqual(file_from_tool, None) - - - @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.distro.name', return_value='Ubuntu') - @patch.object(KubescapeTool, 'install_tool') - @patch.object(KubescapeTool, 'execute_kubescape', return_value=['result.json']) - def test_select_operative_system_linux_ubuntu(self, mock_execute_kubescape, mock_install_tool, mock_distro_name): - executor = KubescapeTool() - os_platform = 'Linux' - folders_to_scan = ['folder1'] - base_url = 'http://example.com/' - - executor.select_operative_system(os_platform, folders_to_scan, base_url) - - mock_install_tool.assert_called_once_with('kubescape-ubuntu-latest', 'http://example.com/kubescape-ubuntu-latest') - mock_execute_kubescape.assert_called_once_with(folders_to_scan, './kubescape-ubuntu-latest') - - @patch.object(KubescapeTool, 'install_tool_windows') - @patch.object(KubescapeTool, 'execute_kubescape', return_value=['result.json']) - def test_select_operative_system_windows(self, mock_execute_kubescape, mock_install_tool_windows): - executor = KubescapeTool() - os_platform = 'Windows' - folders_to_scan = ['folder1'] - base_url = 'http://example.com/' - - executor.select_operative_system(os_platform, folders_to_scan, base_url) - - mock_install_tool_windows.assert_called_once_with('kubescape-windows-latest.exe', 'http://example.com/kubescape-windows-latest.exe') - mock_execute_kubescape.assert_called_once_with(folders_to_scan, './kubescape-windows-latest.exe') - - @patch.object(KubescapeTool, 'install_tool') - @patch.object(KubescapeTool, 'execute_kubescape', return_value=['result.json']) - def test_select_operative_system_darwin(self, mock_execute_kubescape, mock_install_tool): - executor = KubescapeTool() - os_platform = 'Darwin' - folders_to_scan = ['folder1'] - base_url = 'http://example.com/' - - executor.select_operative_system(os_platform, folders_to_scan, base_url) - - mock_install_tool.assert_called_once_with('kubescape-macos-latest', 'http://example.com/kubescape-macos-latest') +import unittest +import subprocess +import logging +from unittest.mock import MagicMock, patch, mock_open, call +from unittest import mock +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import ( + KubescapeTool +) +from devsecops_engine_tools.engine_sast.engine_iac.src.domain.model.config_tool import ( + ConfigTool, +) + +logger = logging.getLogger() +logger.setLevel(logging.ERROR) +stream_handler = logging.StreamHandler() +logger.addHandler(stream_handler) + + +class TestKubescapeTool(unittest.TestCase): + + def setUp(self): + self.kubescape_tool = KubescapeTool() + + @patch("builtins.open", new_callable=mock_open) + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.requests.get') + def test_download_tool_success(self, mock_get, mock_file): + + mock_response = MagicMock() + mock_response.content = b'Test content' + mock_get.return_value = mock_response + + url = "http://example.com/test" + file = "testfile.bin" + + self.kubescape_tool.download_tool(file, url) + + mock_get.assert_called_once_with(url, allow_redirects=True) + + mock_file().write.assert_called_once_with(b'Test content') + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + @patch.object(KubescapeTool, "download_tool") + def test_install_tool_aleady_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_installed = MagicMock() + mock_installed.returncode = 0 + mock_subprocess_run.return_value = mock_installed + + file = "testfile" + url = "http://example.com/test" + tool = self.kubescape_tool + tool.install_tool(file, url) + + mock_subprocess_run.assert_called_once_with( + ["which", f"./{file}"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_not_called() + + mock_logger.error.assert_not_called() + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + @patch.object(KubescapeTool, "download_tool") + def test_install_tool_not_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_installed = MagicMock() + mock_installed.returncode = 1 + mock_subprocess_run.side_effect = [mock_installed, MagicMock()] + + file = "testfile" + url = "http://example.com/test" + tool = self.kubescape_tool + tool.install_tool(file, url) + + self.assertEqual(mock_subprocess_run.call_count, 2) + mock_subprocess_run.assert_any_call( + ["which", f"./{file}"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_subprocess_run.assert_any_call(["chmod", "+x", f"./{file}"]) + + mock_download_tool.assert_called_once_with(file, url) + + mock_logger.error.assert_not_called() + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + @patch.object(KubescapeTool, "download_tool") + def test_install_tool_exception(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_installed = MagicMock() + mock_installed.returncode = 1 + mock_subprocess_run.side_effect = [mock_installed, MagicMock()] + + mock_download_tool.side_effect = Exception("Test exception") + + file = "testfile" + url = "http://example.com/test" + tool = self.kubescape_tool + tool.install_tool(file, url) + + mock_subprocess_run.assert_called_once_with( + ["which", f"./{file}"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_called_once_with(file, url) + + mock_logger.error.assert_called_once_with("Error installing Kubescape: Test exception") + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + @patch.object(KubescapeTool, "download_tool") + def test_install_tool_windows_already_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_installed = MagicMock() + mock_subprocess_run.return_value = mock_installed + + file = "testfile" + url = "http://example.com/test" + tool = self.kubescape_tool + tool.install_tool_windows(file, url) + + mock_subprocess_run.assert_called_once_with( + [f"./{file}", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_not_called() + + mock_logger.error.assert_not_called() + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run", side_effect=Exception("Test exception")) + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + @patch.object(KubescapeTool, "download_tool") + def test_install_tool_windows_not_installed(self, mock_download_tool, mock_logger, mock_subprocess_run): + mock_download_tool.return_value = None + + file = "testfile" + url = "http://example.com/test" + tool = self.kubescape_tool + tool.install_tool_windows(file, url) + + mock_subprocess_run.assert_called_once_with( + [f"./{file}", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_called_once_with(file, url) + + mock_logger.error.assert_not_called() + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run", side_effect=Exception("Test exception")) + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + @patch.object(KubescapeTool, "download_tool", side_effect=Exception("Download exception")) + def test_install_tool_windows_download_exception(self, mock_download_tool, mock_logger, mock_subprocess_run): + + file = "testfile" + url = "http://example.com/test" + tool = self.kubescape_tool + tool.install_tool_windows(file, url) + + mock_subprocess_run.assert_called_once_with( + [f"./{file}", "version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + + mock_download_tool.assert_called_once_with(file, url) + + mock_logger.error.assert_called_once_with("Error installing Kubescape: Download exception") + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run") + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + def test_execute_kubescape_success(self, mock_logger, mock_subprocess_run): + mock_subprocess_run.return_value = MagicMock() + + folders_to_scan = ["folder1", "folder2"] + prefix = "kubescape" + self.kubescape_tool.execute_kubescape(folders_to_scan, prefix) + + expected_calls = [ + call( + ["kubescape", "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output", "results_kubescape.json", "-v"], + capture_output=True + ) + ] + mock_subprocess_run.assert_has_calls(expected_calls, any_order=False) + + mock_logger.error.assert_not_called() + + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.subprocess.run", side_effect=subprocess.CalledProcessError(returncode=1, cmd="kubescape")) + @patch("devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.logger") + def test_execute_kubescape_failure(self, mock_logger, mock_subprocess_run): + + folders_to_scan = ["folder1"] + prefix = "kubescape" + self.kubescape_tool.execute_kubescape(folders_to_scan, prefix) + + mock_subprocess_run.assert_called_once_with( + ["kubescape", "scan"] + folders_to_scan + ["--format", "json", "--format-version", "v2", "--output", "results_kubescape.json", "-v"], + capture_output=True + ) + + mock_logger.error.assert_called_once_with("Error during Kubescape execution: Command 'kubescape' returned non-zero exit status 1.") + + @patch("builtins.open", new_callable=mock.mock_open, read_data='{"key": "value"}') + def test_load_json_success(self, mock_file): + result = self.kubescape_tool.load_json("json_name.json") + self.assertEqual(result, {"key": "value"}) + mock_file.assert_called_once_with("json_name.json") + + def test_run_tool_empty_folders(self): + config_tool = MagicMock() + folders_to_scan = [] + environment = "dev" + platform = "eks" + secret_tool = MagicMock() + + findings_list, file_from_tool = self.kubescape_tool.run_tool( + config_tool, folders_to_scan, environment, platform, secret_tool + ) + + self.assertEqual(findings_list, []) + self.assertEqual(file_from_tool, None) + + + @patch('devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool.distro.name', return_value='Ubuntu') + @patch.object(KubescapeTool, 'install_tool') + @patch.object(KubescapeTool, 'execute_kubescape', return_value=['result.json']) + def test_select_operative_system_linux_ubuntu(self, mock_execute_kubescape, mock_install_tool, mock_distro_name): + executor = KubescapeTool() + os_platform = 'Linux' + folders_to_scan = ['folder1'] + base_url = 'http://example.com/' + + executor.select_operative_system(os_platform, folders_to_scan, base_url) + + mock_install_tool.assert_called_once_with('kubescape-ubuntu-latest', 'http://example.com/kubescape-ubuntu-latest') + mock_execute_kubescape.assert_called_once_with(folders_to_scan, './kubescape-ubuntu-latest') + + @patch.object(KubescapeTool, 'install_tool_windows') + @patch.object(KubescapeTool, 'execute_kubescape', return_value=['result.json']) + def test_select_operative_system_windows(self, mock_execute_kubescape, mock_install_tool_windows): + executor = KubescapeTool() + os_platform = 'Windows' + folders_to_scan = ['folder1'] + base_url = 'http://example.com/' + + executor.select_operative_system(os_platform, folders_to_scan, base_url) + + mock_install_tool_windows.assert_called_once_with('kubescape-windows-latest.exe', 'http://example.com/kubescape-windows-latest.exe') + mock_execute_kubescape.assert_called_once_with(folders_to_scan, './kubescape-windows-latest.exe') + + @patch.object(KubescapeTool, 'install_tool') + @patch.object(KubescapeTool, 'execute_kubescape', return_value=['result.json']) + def test_select_operative_system_darwin(self, mock_execute_kubescape, mock_install_tool): + executor = KubescapeTool() + os_platform = 'Darwin' + folders_to_scan = ['folder1'] + base_url = 'http://example.com/' + + executor.select_operative_system(os_platform, folders_to_scan, base_url) + + mock_install_tool.assert_called_once_with('kubescape-macos-latest', 'http://example.com/kubescape-macos-latest') mock_execute_kubescape.assert_called_once_with(folders_to_scan, './kubescape-macos-latest') \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py index c5b9e1b82..bc9a13eca 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py @@ -1,238 +1,238 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import ( - generate_file_from_tool -) -import json -from functools import reduce - -def test_generate_file_from_tool(): - results_scan_list = [ - { - "check_type": "dockerfile", - "results": { - "failed_checks": [ - { - "check_id": "CKV_DOCKER_3", - "bc_check_id": None, - "check_name": "Ensure that a user for the container has been created", - "check_result": { - "result": "FAILED", - "results_configuration": None, - }, - "code_block": None, - "file_path": "/Dockerfile", - "file_abs_path": "./_AW1234/Dockerfile", - "repo_file_path": "/_AW1234/Dockerfile", - } - ] - }, - "summary": { - "passed": 1, - "failed": 1, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 1, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "kubernetes", - "results": { - "failed_checks": [ - { - "check_id": "CKV_K8S_13", - "bc_check_id": None, - "check_name": "Minimize the admission of containers with capabilities assigned", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/app.yaml", - "file_abs_path": "./_AW1234/app.yaml", - "repo_file_path": "/_AW1234/app.yaml", - "file_line_range": [21, 83], - "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", - "evaluations": {}, - "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", - "fixed_definition": None, - "entity_tags": None, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "cloudformation", - "results": { - "failed_checks": [ - { - "check_id": "CKV_AWS_20", - "bc_check_id": None, - "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/template-cloudfront.yaml", - "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", - "repo_file_path": "/_AW1234/template-cloudfront.yaml", - "file_line_range": [308, 339], - "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", - "evaluations": {}, - "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", - "fixed_definition": None, - "entity_tags": {}, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - } - ] - rules_doc = { - "CKV_DOCKER_3": { - "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Vulnerability", - }, - "CKV_K8S_13": { - "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance", - }, - "CKV_AWS_20": { - "customID": "C-S3-005", - "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance", - }, - } - - absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, rules_doc) - - with open(absolute_path, "r") as file: - data = file.read() - json_data = json.loads(data) - assert len(json_data["results"]["failed_checks"]) == reduce(lambda x, y: x + y, map(lambda x: len(x["results"]["failed_checks"]), results_scan_list)) - - -def test_generate_file_from_tool_exception(): - results_scan_list = [ - { - "check_type": "dockerfile", - "results": { - "failed_checks": [ - { - "check_id": "CKV_DOCKER_3", - "bc_check_id": None, - "check_name": "Ensure that a user for the container has been created", - "check_result": { - "result": "FAILED", - "results_configuration": None, - }, - "code_block": None, - "file_path": "/Dockerfile", - "file_abs_path": "./_AW1234/Dockerfile", - "repo_file_path": "/_AW1234/Dockerfile", - } - ] - }, - "summary": { - "passed": 1, - "failed": 1, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 1, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "kubernetes", - "results": { - "failed_checks": [ - { - "check_id": "CKV_K8S_13", - "bc_check_id": None, - "check_name": "Minimize the admission of containers with capabilities assigned", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/app.yaml", - "file_abs_path": "./_AW1234/app.yaml", - "repo_file_path": "/_AW1234/app.yaml", - "file_line_range": [21, 83], - "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", - "evaluations": {}, - "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", - "fixed_definition": None, - "entity_tags": None, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "cloudformation", - "results": { - "failed_checks": [ - { - "check_id": "CKV_AWS_20", - "bc_check_id": None, - "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/template-cloudfront.yaml", - "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", - "repo_file_path": "/_AW1234/template-cloudfront.yaml", - "file_line_range": [308, 339], - "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", - "evaluations": {}, - "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", - "fixed_definition": None, - "entity_tags": {}, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - } - ] - - absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, None) - - assert absolute_path == None +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import ( + generate_file_from_tool +) +import json +from functools import reduce + +def test_generate_file_from_tool(): + results_scan_list = [ + { + "check_type": "dockerfile", + "results": { + "failed_checks": [ + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": None, + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": None, + }, + "code_block": None, + "file_path": "/Dockerfile", + "file_abs_path": "./_AW1234/Dockerfile", + "repo_file_path": "/_AW1234/Dockerfile", + } + ] + }, + "summary": { + "passed": 1, + "failed": 1, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 1, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "kubernetes", + "results": { + "failed_checks": [ + { + "check_id": "CKV_K8S_13", + "bc_check_id": None, + "check_name": "Minimize the admission of containers with capabilities assigned", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/app.yaml", + "file_abs_path": "./_AW1234/app.yaml", + "repo_file_path": "/_AW1234/app.yaml", + "file_line_range": [21, 83], + "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", + "evaluations": {}, + "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", + "fixed_definition": None, + "entity_tags": None, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "cloudformation", + "results": { + "failed_checks": [ + { + "check_id": "CKV_AWS_20", + "bc_check_id": None, + "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/template-cloudfront.yaml", + "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", + "repo_file_path": "/_AW1234/template-cloudfront.yaml", + "file_line_range": [308, 339], + "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", + "evaluations": {}, + "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", + "fixed_definition": None, + "entity_tags": {}, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + } + ] + rules_doc = { + "CKV_DOCKER_3": { + "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Vulnerability", + }, + "CKV_K8S_13": { + "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance", + }, + "CKV_AWS_20": { + "customID": "C-S3-005", + "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance", + }, + } + + absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, rules_doc) + + with open(absolute_path, "r") as file: + data = file.read() + json_data = json.loads(data) + assert len(json_data["results"]["failed_checks"]) == reduce(lambda x, y: x + y, map(lambda x: len(x["results"]["failed_checks"]), results_scan_list)) + + +def test_generate_file_from_tool_exception(): + results_scan_list = [ + { + "check_type": "dockerfile", + "results": { + "failed_checks": [ + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": None, + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": None, + }, + "code_block": None, + "file_path": "/Dockerfile", + "file_abs_path": "./_AW1234/Dockerfile", + "repo_file_path": "/_AW1234/Dockerfile", + } + ] + }, + "summary": { + "passed": 1, + "failed": 1, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 1, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "kubernetes", + "results": { + "failed_checks": [ + { + "check_id": "CKV_K8S_13", + "bc_check_id": None, + "check_name": "Minimize the admission of containers with capabilities assigned", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/app.yaml", + "file_abs_path": "./_AW1234/app.yaml", + "repo_file_path": "/_AW1234/app.yaml", + "file_line_range": [21, 83], + "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", + "evaluations": {}, + "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", + "fixed_definition": None, + "entity_tags": None, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "cloudformation", + "results": { + "failed_checks": [ + { + "check_id": "CKV_AWS_20", + "bc_check_id": None, + "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/template-cloudfront.yaml", + "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", + "repo_file_path": "/_AW1234/template-cloudfront.yaml", + "file_line_range": [308, 339], + "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", + "evaluations": {}, + "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", + "fixed_definition": None, + "entity_tags": {}, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + } + ] + + absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, None) + + assert absolute_path == None \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py index 927304d2b..c5975076a 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py @@ -1,74 +1,74 @@ -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( - DeserializeConfigTool - ) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - - -class SetInputCore: - def __init__(self, tool_remote: DevopsPlatformGateway, dict_args, tool, config_tool: DeserializeConfigTool): - self.tool_remote = tool_remote - self.dict_args = dict_args - self.tool = tool - self.config_tool = config_tool - - def get_remote_config(self, file_path): - """ - Get remote configuration. - - Returns: - dict: Remote configuration. - """ - return self.tool_remote.get_remote_config(self.dict_args["remote_config_repo"], file_path) - - def get_variable(self, variable): - """ - Get variable. - - Returns: - dict: Remote variable. - """ - return self.tool_remote.get_variable(variable) - - def get_exclusions(self, exclusions_data, pipeline_name, tool): - list_exclusions = [] - for key, value in exclusions_data.items(): - if (key == "All") or (key == pipeline_name): - if value.get(tool, 0): - exclusions = [ - Exclusions( - id=item.get("id", ""), - where=item.get("where", ""), - create_date=item.get("create_date", ""), - expired_date=item.get("expired_date", ""), - severity=item.get("severity", ""), - hu=item.get("hu", ""), - reason=item.get("reason", "Risk acceptance"), - ) - for item in value[tool] - ] - list_exclusions.extend(exclusions) - return list_exclusions - - def set_input_core(self, finding_list): - """ - Set the input core. - - Returns: - dict: Input core. - """ - return InputCore( - totalized_exclusions=self.get_exclusions( - self.get_remote_config("engine_sast/engine_secret/Exclusions.json"), - self.get_variable("pipeline_name"), - self.tool, - ), - threshold_defined=self.config_tool.level_compliance, - path_file_results=finding_list, - custom_message_break_build=self.config_tool.message_info_engine_secret, - scope_pipeline=self.config_tool.scope_pipeline, - stage_pipeline=self.tool_remote.get_variable("stage").capitalize() - ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( + DeserializeConfigTool + ) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + + +class SetInputCore: + def __init__(self, tool_remote: DevopsPlatformGateway, dict_args, tool, config_tool: DeserializeConfigTool): + self.tool_remote = tool_remote + self.dict_args = dict_args + self.tool = tool + self.config_tool = config_tool + + def get_remote_config(self, file_path): + """ + Get remote configuration. + + Returns: + dict: Remote configuration. + """ + return self.tool_remote.get_remote_config(self.dict_args["remote_config_repo"], file_path) + + def get_variable(self, variable): + """ + Get variable. + + Returns: + dict: Remote variable. + """ + return self.tool_remote.get_variable(variable) + + def get_exclusions(self, exclusions_data, pipeline_name, tool): + list_exclusions = [] + for key, value in exclusions_data.items(): + if (key == "All") or (key == pipeline_name): + if value.get(tool, 0): + exclusions = [ + Exclusions( + id=item.get("id", ""), + where=item.get("where", ""), + create_date=item.get("create_date", ""), + expired_date=item.get("expired_date", ""), + severity=item.get("severity", ""), + hu=item.get("hu", ""), + reason=item.get("reason", "Risk acceptance"), + ) + for item in value[tool] + ] + list_exclusions.extend(exclusions) + return list_exclusions + + def set_input_core(self, finding_list): + """ + Set the input core. + + Returns: + dict: Input core. + """ + return InputCore( + totalized_exclusions=self.get_exclusions( + self.get_remote_config("engine_sast/engine_secret/Exclusions.json"), + self.get_variable("pipeline_name"), + self.tool, + ), + threshold_defined=self.config_tool.level_compliance, + path_file_results=finding_list, + custom_message_break_build=self.config_tool.message_info_engine_secret, + scope_pipeline=self.config_tool.scope_pipeline, + stage_pipeline=self.tool_remote.get_variable("stage").capitalize() + ) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py index 8f599be81..bff62101b 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/src/infrastructure/driven_adapters/git_cli/git_run.py @@ -1,60 +1,60 @@ -from dataclasses import dataclass -import os -import subprocess -from urllib.parse import quote -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway import GitGateway - -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - -@dataclass -class GitRun(GitGateway): - - def get_files_pull_request(self, - sys_working_dir, - target_branch, - config_target_branch, - source_branch, - access_token, - collection_uri, - team_project, - repository_name, - repository_provider): - try: - if repository_provider == 'GitHub' or target_branch not in config_target_branch: - return [] - base_compact_url = ( - f"https://{collection_uri.rstrip('/').split('/')[-1].replace('.visualstudio.com','')}" - f".visualstudio.com/{quote(team_project)}/_git/" - f"{repository_name}" - ) - - url_without_https = base_compact_url.replace("https://", "") - url_with_token = f"https://x-access-token:{access_token}@{url_without_https}" - - path_new_folder = sys_working_dir + '/' + repository_name - - if os.path.exists(path_new_folder): - logger.warning(f"Error: folder {repository_name} already exist") - return [] - os.makedirs(path_new_folder) - os.chdir(sys_working_dir) - subprocess.run(["git", "clone", "--branch", target_branch, url_with_token, path_new_folder], capture_output=True, text=True) - os.chdir(path_new_folder) - - source_branch = source_branch.replace("refs/heads/", "") - subprocess.run(["git", "checkout", "-b", source_branch], capture_output=True, text=True) - command = ["git","-c","user.email=you@example.com","-c","user.name=Your Name","pull","--rebase","-X", "theirs","--no-edit","origin",source_branch] - subprocess.run(command, capture_output=True, text=True) - - if source_branch != None: - diff = subprocess.run(['git', 'diff', '--name-only', f'{source_branch}..{target_branch}'], capture_output=True, text=True) - if diff: - diff_files = diff.stdout.strip().split("\n") - print("Pull Requests Associated Files:",len(diff_files)) - return diff_files - except Exception as e: - logger.warning(f"Error getting files PullRequest: {e}") +from dataclasses import dataclass +import os +import subprocess +from urllib.parse import quote +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway import GitGateway + +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + +@dataclass +class GitRun(GitGateway): + + def get_files_pull_request(self, + sys_working_dir, + target_branch, + config_target_branch, + source_branch, + access_token, + collection_uri, + team_project, + repository_name, + repository_provider): + try: + if repository_provider == 'GitHub' or target_branch not in config_target_branch: + return [] + base_compact_url = ( + f"https://{collection_uri.rstrip('/').split('/')[-1].replace('.visualstudio.com','')}" + f".visualstudio.com/{quote(team_project)}/_git/" + f"{repository_name}" + ) + + url_without_https = base_compact_url.replace("https://", "") + url_with_token = f"https://x-access-token:{access_token}@{url_without_https}" + + path_new_folder = sys_working_dir + '/' + repository_name + + if os.path.exists(path_new_folder): + logger.warning(f"Error: folder {repository_name} already exist") + return [] + os.makedirs(path_new_folder) + os.chdir(sys_working_dir) + subprocess.run(["git", "clone", "--branch", target_branch, url_with_token, path_new_folder], capture_output=True, text=True) + os.chdir(path_new_folder) + + source_branch = source_branch.replace("refs/heads/", "") + subprocess.run(["git", "checkout", "-b", source_branch], capture_output=True, text=True) + command = ["git","-c","user.email=you@example.com","-c","user.name=Your Name","pull","--rebase","-X", "theirs","--no-edit","origin",source_branch] + subprocess.run(command, capture_output=True, text=True) + + if source_branch != None: + diff = subprocess.run(['git', 'diff', '--name-only', f'{source_branch}..{target_branch}'], capture_output=True, text=True) + if diff: + diff_files = diff.stdout.strip().split("\n") + print("Pull Requests Associated Files:",len(diff_files)) + return diff_files + except Exception as e: + logger.warning(f"Error getting files PullRequest: {e}") return [] \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py index ea4fa3733..29de1c9c4 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py @@ -1,220 +1,220 @@ -import unittest -from unittest.mock import patch -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan import ( - SecretScan, -) -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( - DeserializeConfigTool, -) - -class TestSecretScan(unittest.TestCase): - def setUp(self) -> None: - global json_config - json_config = { - "IGNORE_SEARCH_PATTERN": [ - "test" - ], - "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 1, - "High": 1, - "Medium": 1, - "Low": 1 - }, - "COMPLIANCE": { - "Critical": 0 - } - }, - "TARGET_BRANCHES": ["trunk", "develop"], - "trufflehog": { - "EXCLUDE_PATH": [".git", "node_modules", "target", "build", "build.gradle", "twistcli-scan", ".svg", ".drawio"], - "NUMBER_THREADS": 4 - } - } - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_process( - self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway - ): - # Configuración de mocks - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [ - "vulnerability_data" - ] - - obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') - mock_devops_gateway_instance.get_remote_config.return_value = json_config - mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" - mock_tool_gateway_instance.run_tool_secret_scan.return_value = ( - "vulnerability_data", "path/findings" - ) - - finding_list, file_path_findings = secret_scan.process( - False, obj_config_tool - ) - - self.assertEqual(finding_list, ["vulnerability_data"]) - self.assertEqual(file_path_findings, "path/findings") - mock_tool_gateway_instance.install_tool.assert_called_once() - mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_process_empty( - self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway - ): - # Configuración de mocks - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [] - - obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') - mock_devops_gateway_instance.get_remote_config.return_value = json_config - mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" - mock_tool_gateway_instance.run_tool_secret_scan.return_value = "", "" - - finding_list, file_path_findings = secret_scan.process( - False, obj_config_tool - ) - - self.assertEqual(finding_list, []) - self.assertEqual(file_path_findings, "") - mock_tool_gateway_instance.install_tool.assert_called_once() - mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_skip_tool_true(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_devops_gateway_instance.get_variable.return_value = "test_pipeline" - exclusions = { - "test_pipeline": {"SKIP_TOOL": 1} - } - result = secret_scan.skip_from_exclusion(exclusions) - self.assertTrue(result) - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_skip_tool_false(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_devops_gateway_instance.get_variable.return_value = "other_pipeline" - exclusions = { - "test_pipeline": {"SKIP_TOOL": 1} - } - result = secret_scan.skip_from_exclusion(exclusions) - self.assertFalse(result) - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_complete_config_tool( - self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway - ): - # Configuración de mocks - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_devops_gateway_instance.get_remote_config.return_value = json_config - mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" - - config_tool_instance = secret_scan.complete_config_tool( - {"remote_config_repo": "repository"}, "TRUFFLEHOG" - ) - +import unittest +from unittest.mock import patch +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan import ( + SecretScan, +) +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( + DeserializeConfigTool, +) + +class TestSecretScan(unittest.TestCase): + def setUp(self) -> None: + global json_config + json_config = { + "IGNORE_SEARCH_PATTERN": [ + "test" + ], + "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 1, + "Medium": 1, + "Low": 1 + }, + "COMPLIANCE": { + "Critical": 0 + } + }, + "TARGET_BRANCHES": ["trunk", "develop"], + "trufflehog": { + "EXCLUDE_PATH": [".git", "node_modules", "target", "build", "build.gradle", "twistcli-scan", ".svg", ".drawio"], + "NUMBER_THREADS": 4 + } + } + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_process( + self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway + ): + # Configuración de mocks + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [ + "vulnerability_data" + ] + + obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') + mock_devops_gateway_instance.get_remote_config.return_value = json_config + mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" + mock_tool_gateway_instance.run_tool_secret_scan.return_value = ( + "vulnerability_data", "path/findings" + ) + + finding_list, file_path_findings = secret_scan.process( + False, obj_config_tool + ) + + self.assertEqual(finding_list, ["vulnerability_data"]) + self.assertEqual(file_path_findings, "path/findings") + mock_tool_gateway_instance.install_tool.assert_called_once() + mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_process_empty( + self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway + ): + # Configuración de mocks + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [] + + obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') + mock_devops_gateway_instance.get_remote_config.return_value = json_config + mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" + mock_tool_gateway_instance.run_tool_secret_scan.return_value = "", "" + + finding_list, file_path_findings = secret_scan.process( + False, obj_config_tool + ) + + self.assertEqual(finding_list, []) + self.assertEqual(file_path_findings, "") + mock_tool_gateway_instance.install_tool.assert_called_once() + mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_skip_tool_true(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_devops_gateway_instance.get_variable.return_value = "test_pipeline" + exclusions = { + "test_pipeline": {"SKIP_TOOL": 1} + } + result = secret_scan.skip_from_exclusion(exclusions) + self.assertTrue(result) + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_skip_tool_false(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_devops_gateway_instance.get_variable.return_value = "other_pipeline" + exclusions = { + "test_pipeline": {"SKIP_TOOL": 1} + } + result = secret_scan.skip_from_exclusion(exclusions) + self.assertFalse(result) + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_complete_config_tool( + self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway + ): + # Configuración de mocks + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_devops_gateway_instance.get_remote_config.return_value = json_config + mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" + + config_tool_instance = secret_scan.complete_config_tool( + {"remote_config_repo": "repository"}, "TRUFFLEHOG" + ) + self.assertEqual(config_tool_instance.scope_pipeline, "example_pipeline") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py index 0a793e486..be2dcca65 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py @@ -1,109 +1,109 @@ -import unittest -from unittest.mock import patch, MagicMock -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.git_cli.git_run import GitRun - -class TestGitRun(unittest.TestCase): - @patch('os.makedirs') - @patch('os.chdir') - @patch('subprocess.run') - def test_get_files_pull_request_Exception(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - mock_subprocess_run.side_effect = Exception("Simulated exception") - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - - @patch('os.path.exists') - @patch('os.makedirs') - @patch('os.chdir') - @patch('subprocess.run') - def test_get_files_pull_request_path_no_exist(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs, mock_path_exists): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - mock_subprocess_run.return_value = MagicMock() - mock_subprocess_run.return_value = "file1.py\nfile2.py" - mock_path_exists.return_value = False - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - mock_os_makedirs.assert_called_once_with("/azp/_work/1/s/NU00001_Repo_test") - mock_os_chdir.assert_called_with("/azp/_work/1/s/NU00001_Repo_test") - - @patch('os.path.exists') - def test_get_files_pull_request_path_exist(self, mock_path_exists): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - mock_path_exists.return_value = True - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - - def test_get_files_pull_request_no_target_branch(self): - sys_working_dir = "/azp/_work/1/s" - target_branch = "release" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - - def test_get_files_pull_request_github_provider(self): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "GitHub" - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) -if __name__ == '__main__': +import unittest +from unittest.mock import patch, MagicMock +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.git_cli.git_run import GitRun + +class TestGitRun(unittest.TestCase): + @patch('os.makedirs') + @patch('os.chdir') + @patch('subprocess.run') + def test_get_files_pull_request_Exception(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + mock_subprocess_run.side_effect = Exception("Simulated exception") + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + + @patch('os.path.exists') + @patch('os.makedirs') + @patch('os.chdir') + @patch('subprocess.run') + def test_get_files_pull_request_path_no_exist(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs, mock_path_exists): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + mock_subprocess_run.return_value = MagicMock() + mock_subprocess_run.return_value = "file1.py\nfile2.py" + mock_path_exists.return_value = False + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + mock_os_makedirs.assert_called_once_with("/azp/_work/1/s/NU00001_Repo_test") + mock_os_chdir.assert_called_with("/azp/_work/1/s/NU00001_Repo_test") + + @patch('os.path.exists') + def test_get_files_pull_request_path_exist(self, mock_path_exists): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + mock_path_exists.return_value = True + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + + def test_get_files_pull_request_no_target_branch(self): + sys_working_dir = "/azp/_work/1/s" + target_branch = "release" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + + def test_get_files_pull_request_github_provider(self): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "GitHub" + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) +if __name__ == '__main__': unittest.main() \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py index 04e235b3c..61d358728 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py @@ -1,82 +1,82 @@ -import unittest -from unittest.mock import patch -from datetime import datetime -from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding, Category -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import SecretScanDeserealizator - -class TestSecretScanDeserealizator(unittest.TestCase): - - def setUp(self): - self.deserealizator = SecretScanDeserealizator() - - def test_get_list_vulnerability(self): - with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): - results_scan_list = [ - { - "DetectorName": "ExampleDetector", - "SourceMetadata": { - "Data": { - "Filesystem": { - "line": 10, - "file": "/path/to/file.py" - } - } - }, - "Raw": "secret" - } - ] - - # Testing the method - vulnerabilities = self.deserealizator.get_list_vulnerability(results_scan_list, "Linux", "/path/to", ) - - # Assertions - self.assertEqual(len(vulnerabilities), 1) - vulnerability = vulnerabilities[0] - self.assertIsInstance(vulnerability, Finding) - self.assertEqual(vulnerability.id, "SECRET_SCANNING") - self.assertIsNone(vulnerability.cvss) - self.assertEqual(vulnerability.where, "/file.py, Secret: sec*********ret") - self.assertEqual(vulnerability.description, "Sensitive information in source code") - self.assertEqual(vulnerability.severity, "critical") - self.assertEqual(vulnerability.identification_date, datetime.now().strftime("%d%m%Y")) - self.assertEqual(vulnerability.module, "engine_secret") - self.assertEqual(vulnerability.category, Category.VULNERABILITY) - self.assertEqual(vulnerability.requirements, "ExampleDetector") - self.assertEqual(vulnerability.tool, "Trufflehog") - - def test_get_where_correctly_linux(self): - with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): - result = { - "SourceMetadata": { - "Data": { - "Filesystem": { - "line": 10, - "file": r"/path/to/file.py" # Simulating Linux path - } - } - }, - "Raw": "secret" - } - self.assertEqual( - self.deserealizator.get_where_correctly(result, "linux", "/path/to", ), - ("/file.py", "sec*********ret") - ) - - def test_get_where_correctly_windows(self): - with patch.dict('os.environ', {'AGENT_OS': 'Windows'}): - result = { - "SourceMetadata": { - "Data": { - "Filesystem": { - "line": 10, - "file": r"C:\path\to\file.py" # Simulating Windows path - } - } - }, - "Raw": "secret" - } - - self.assertEqual( - self.deserealizator.get_where_correctly(result, "Win", "C:\\path\\to", ), - ("\\file.py", "sec*********ret") +import unittest +from unittest.mock import patch +from datetime import datetime +from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding, Category +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import SecretScanDeserealizator + +class TestSecretScanDeserealizator(unittest.TestCase): + + def setUp(self): + self.deserealizator = SecretScanDeserealizator() + + def test_get_list_vulnerability(self): + with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): + results_scan_list = [ + { + "DetectorName": "ExampleDetector", + "SourceMetadata": { + "Data": { + "Filesystem": { + "line": 10, + "file": "/path/to/file.py" + } + } + }, + "Raw": "secret" + } + ] + + # Testing the method + vulnerabilities = self.deserealizator.get_list_vulnerability(results_scan_list, "Linux", "/path/to", ) + + # Assertions + self.assertEqual(len(vulnerabilities), 1) + vulnerability = vulnerabilities[0] + self.assertIsInstance(vulnerability, Finding) + self.assertEqual(vulnerability.id, "SECRET_SCANNING") + self.assertIsNone(vulnerability.cvss) + self.assertEqual(vulnerability.where, "/file.py, Secret: sec*********ret") + self.assertEqual(vulnerability.description, "Sensitive information in source code") + self.assertEqual(vulnerability.severity, "critical") + self.assertEqual(vulnerability.identification_date, datetime.now().strftime("%d%m%Y")) + self.assertEqual(vulnerability.module, "engine_secret") + self.assertEqual(vulnerability.category, Category.VULNERABILITY) + self.assertEqual(vulnerability.requirements, "ExampleDetector") + self.assertEqual(vulnerability.tool, "Trufflehog") + + def test_get_where_correctly_linux(self): + with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): + result = { + "SourceMetadata": { + "Data": { + "Filesystem": { + "line": 10, + "file": r"/path/to/file.py" # Simulating Linux path + } + } + }, + "Raw": "secret" + } + self.assertEqual( + self.deserealizator.get_where_correctly(result, "linux", "/path/to", ), + ("/file.py", "sec*********ret") + ) + + def test_get_where_correctly_windows(self): + with patch.dict('os.environ', {'AGENT_OS': 'Windows'}): + result = { + "SourceMetadata": { + "Data": { + "Filesystem": { + "line": 10, + "file": r"C:\path\to\file.py" # Simulating Windows path + } + } + }, + "Raw": "secret" + } + + self.assertEqual( + self.deserealizator.get_where_correctly(result, "Win", "C:\\path\\to", ), + ("\\file.py", "sec*********ret") ) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_run.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_run.py index 3b1bfa1f7..6a17f325b 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_run.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_run.py @@ -1,102 +1,102 @@ -import unittest -from unittest.mock import patch, MagicMock -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run import TrufflehogRun - -class TestTrufflehogRun(unittest.TestCase): - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run.subprocess.run') - def test_install_tool_unix(self, mock_subprocess_run): - os_patch = patch.dict('os.environ', {'AGENT_OS': 'Linux'}) - os_patch.start() - self.addCleanup(os_patch.stop) - - mock_subprocess_run.return_value.stdout = b'Trufflehog version 1.0.0' - mock_subprocess_run.return_value.stderr = b'' - - trufflehog_run = TrufflehogRun() - trufflehog_run.install_tool("Linux", "/tmp") - - mock_subprocess_run.assert_called_once_with("trufflehog --version", capture_output=True, shell=True) - - @patch('subprocess.run') - def test_run_install(self, mock_subprocess_run): - trufflehog_run = TrufflehogRun() - trufflehog_run.run_install() - mock_subprocess_run.assert_called_once_with( - "curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin", - capture_output=True, - shell=True - ) - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run.subprocess.Popen') - def test_run_install_win(self, mock_popen): - - trufflehog_run = TrufflehogRun() - trufflehog_run.run_install_win("C:/temp") - - expected_command = ( - "powershell -Command " - "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; " + - "New-Item -Path C:/temp -ItemType Directory -Force; " + - "Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh' -OutFile C:/temp\\install_trufflehog.sh; " + - "bash C:/temp\\install_trufflehog.sh -b C:/Trufflehog/bin; " + - "$env:Path += ';C:/Trufflehog/bin'; C:/Trufflehog/bin/trufflehog.exe --version" - ) - mock_popen.assert_called_once_with(expected_command, stdout=-1, stderr=-1, shell=True) - - @patch('builtins.open', create=True) - @patch('concurrent.futures.ThreadPoolExecutor') - @patch.object(TrufflehogRun, 'config_include_path') - def test_run_tool_secret_scan(self, mock_config_include_path, mock_thread_pool_executor, mock_open): - mock_executor = MagicMock() - mock_executor_map_result = ['{"SourceMetadata":{"Data":{"Filesystem":{"file":"/usr/bin/local/file1.txt","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DecoderName":"BASE64","Verified":false,"Raw":"https://admin:admin@the-internet.herokuapp.com","RawV2":"https://admin:admin@the-internet.herokuapp.com/basic_auth","Redacted":"https://admin:********@the-internet.herokuapp.com","ExtraData":null,"StructuredData":null}\n'] - mock_executor.map.return_value = mock_executor_map_result - mock_thread_pool_executor.return_value.__enter__.return_value = mock_executor - - mock_config_include_path.return_value = ['/usr/temp/includePath0.txt'] - - files_commits = ['/usr/file1.py', '/usr/file2.py'] - exclude_paths = ['.git', 'gradle'] - agent_os = 'Windows' - agent_work_folder = '/usr/temp' - sys_working_dir = '/usr/local' - num_threads = 4 - repository_name = 'NU00000_Repo_Test' - - trufflehog_run = TrufflehogRun() - - result, file_findings = trufflehog_run.run_tool_secret_scan(files_commits, exclude_paths, agent_os, agent_work_folder, num_threads, repository_name) - - expected_result = [ - {"SourceMetadata": {"Data": {"Filesystem": {"file": "/usr/bin/local/file1.txt", "line": 1}}}, "SourceID": 1, - "SourceType": 15, "SourceName": "trufflehog - filesystem", "DetectorType": 17, "DetectorName": "URI", - "DecoderName": "BASE64", "Verified": False, - "Raw": "https://admin:admin@the-internet.herokuapp.com", - "RawV2": "https://admin:admin@the-internet.herokuapp.com/basic_auth", - "Redacted": "https://admin:********@the-internet.herokuapp.com", "ExtraData": None, - "StructuredData": None}] - self.assertEqual(result, expected_result) - self.assertEqual(file_findings, '/usr/temp/secret_scan_result.json') - - @patch('builtins.open', create=True) - def test_config_include_path(self, mock_open): - trufflehog_run = TrufflehogRun() - - result = trufflehog_run.config_include_path(['/usr/file1.py', '/usr/file2.py'], '/usr/temp') - - expected_result = ['/usr/temp/includePath0.txt', '/usr/temp/includePath1.txt'] - self.assertEqual(result, expected_result) - - @patch('subprocess.run') - def test_run_trufflehog(self, mock_subprocess_run): - mock_subprocess_run.return_value.stdout.strip.return_value = '{"SourceMetadata":{"Data":{"Filesystem":{"file":"/usr/bin/local/file1.txt","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DecoderName":"BASE64","Verified":false,"Raw":"https://admin:admin@the-internet.herokuapp.com","RawV2":"https://admin:admin@the-internet.herokuapp.com/basic_auth","Redacted":"https://admin:********@the-internet.herokuapp.com","ExtraData":null,"StructuredData":null}' - - trufflehog_run = TrufflehogRun() - - result = trufflehog_run.run_trufflehog('trufflehog', '/usr/local', '/usr/temp/excludedPath.txt', '/usr/temp/includePath0.txt', 'NU00000_Repo_Test') - - expected_result = '{"SourceMetadata":{"Data":{"Filesystem":{"file":"/usr/bin/local/file1.txt","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DecoderName":"BASE64","Verified":false,"Raw":"https://admin:admin@the-internet.herokuapp.com","RawV2":"https://admin:admin@the-internet.herokuapp.com/basic_auth","Redacted":"https://admin:********@the-internet.herokuapp.com","ExtraData":null,"StructuredData":null}' - self.assertEqual(result, expected_result) - -if __name__ == '__main__': +import unittest +from unittest.mock import patch, MagicMock +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run import TrufflehogRun + +class TestTrufflehogRun(unittest.TestCase): + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run.subprocess.run') + def test_install_tool_unix(self, mock_subprocess_run): + os_patch = patch.dict('os.environ', {'AGENT_OS': 'Linux'}) + os_patch.start() + self.addCleanup(os_patch.stop) + + mock_subprocess_run.return_value.stdout = b'Trufflehog version 1.0.0' + mock_subprocess_run.return_value.stderr = b'' + + trufflehog_run = TrufflehogRun() + trufflehog_run.install_tool("Linux", "/tmp") + + mock_subprocess_run.assert_called_once_with("trufflehog --version", capture_output=True, shell=True) + + @patch('subprocess.run') + def test_run_install(self, mock_subprocess_run): + trufflehog_run = TrufflehogRun() + trufflehog_run.run_install() + mock_subprocess_run.assert_called_once_with( + "curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin", + capture_output=True, + shell=True + ) + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_run.subprocess.Popen') + def test_run_install_win(self, mock_popen): + + trufflehog_run = TrufflehogRun() + trufflehog_run.run_install_win("C:/temp") + + expected_command = ( + "powershell -Command " + "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; [Net.ServicePointManager]::SecurityProtocol; " + + "New-Item -Path C:/temp -ItemType Directory -Force; " + + "Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh' -OutFile C:/temp\\install_trufflehog.sh; " + + "bash C:/temp\\install_trufflehog.sh -b C:/Trufflehog/bin; " + + "$env:Path += ';C:/Trufflehog/bin'; C:/Trufflehog/bin/trufflehog.exe --version" + ) + mock_popen.assert_called_once_with(expected_command, stdout=-1, stderr=-1, shell=True) + + @patch('builtins.open', create=True) + @patch('concurrent.futures.ThreadPoolExecutor') + @patch.object(TrufflehogRun, 'config_include_path') + def test_run_tool_secret_scan(self, mock_config_include_path, mock_thread_pool_executor, mock_open): + mock_executor = MagicMock() + mock_executor_map_result = ['{"SourceMetadata":{"Data":{"Filesystem":{"file":"/usr/bin/local/file1.txt","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DecoderName":"BASE64","Verified":false,"Raw":"https://admin:admin@the-internet.herokuapp.com","RawV2":"https://admin:admin@the-internet.herokuapp.com/basic_auth","Redacted":"https://admin:********@the-internet.herokuapp.com","ExtraData":null,"StructuredData":null}\n'] + mock_executor.map.return_value = mock_executor_map_result + mock_thread_pool_executor.return_value.__enter__.return_value = mock_executor + + mock_config_include_path.return_value = ['/usr/temp/includePath0.txt'] + + files_commits = ['/usr/file1.py', '/usr/file2.py'] + exclude_paths = ['.git', 'gradle'] + agent_os = 'Windows' + agent_work_folder = '/usr/temp' + sys_working_dir = '/usr/local' + num_threads = 4 + repository_name = 'NU00000_Repo_Test' + + trufflehog_run = TrufflehogRun() + + result, file_findings = trufflehog_run.run_tool_secret_scan(files_commits, exclude_paths, agent_os, agent_work_folder, num_threads, repository_name) + + expected_result = [ + {"SourceMetadata": {"Data": {"Filesystem": {"file": "/usr/bin/local/file1.txt", "line": 1}}}, "SourceID": 1, + "SourceType": 15, "SourceName": "trufflehog - filesystem", "DetectorType": 17, "DetectorName": "URI", + "DecoderName": "BASE64", "Verified": False, + "Raw": "https://admin:admin@the-internet.herokuapp.com", + "RawV2": "https://admin:admin@the-internet.herokuapp.com/basic_auth", + "Redacted": "https://admin:********@the-internet.herokuapp.com", "ExtraData": None, + "StructuredData": None}] + self.assertEqual(result, expected_result) + self.assertEqual(file_findings, '/usr/temp/secret_scan_result.json') + + @patch('builtins.open', create=True) + def test_config_include_path(self, mock_open): + trufflehog_run = TrufflehogRun() + + result = trufflehog_run.config_include_path(['/usr/file1.py', '/usr/file2.py'], '/usr/temp') + + expected_result = ['/usr/temp/includePath0.txt', '/usr/temp/includePath1.txt'] + self.assertEqual(result, expected_result) + + @patch('subprocess.run') + def test_run_trufflehog(self, mock_subprocess_run): + mock_subprocess_run.return_value.stdout.strip.return_value = '{"SourceMetadata":{"Data":{"Filesystem":{"file":"/usr/bin/local/file1.txt","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DecoderName":"BASE64","Verified":false,"Raw":"https://admin:admin@the-internet.herokuapp.com","RawV2":"https://admin:admin@the-internet.herokuapp.com/basic_auth","Redacted":"https://admin:********@the-internet.herokuapp.com","ExtraData":null,"StructuredData":null}' + + trufflehog_run = TrufflehogRun() + + result = trufflehog_run.run_trufflehog('trufflehog', '/usr/local', '/usr/temp/excludedPath.txt', '/usr/temp/includePath0.txt', 'NU00000_Repo_Test') + + expected_result = '{"SourceMetadata":{"Data":{"Filesystem":{"file":"/usr/bin/local/file1.txt","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DecoderName":"BASE64","Verified":false,"Raw":"https://admin:admin@the-internet.herokuapp.com","RawV2":"https://admin:admin@the-internet.herokuapp.com/basic_auth","Redacted":"https://admin:********@the-internet.herokuapp.com","ExtraData":null,"StructuredData":null}' + self.assertEqual(result, expected_result) + +if __name__ == '__main__': unittest.main() \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py index 7c8a97acd..78f19de58 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py @@ -1,70 +1,70 @@ -import unittest -from unittest.mock import Mock, patch -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import DeserializeConfigTool -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.entry_points.entry_point_tool import engine_secret_scan - -class TestEngineSecretScan(unittest.TestCase): - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan.SecretScan') - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.set_input_core.SetInputCore') - def test_engine_secret_scan(self, MockSetInputCore, MockSecretScan): - mock_devops_platform_gateway = Mock() - mock_tool_gateway = Mock() - mock_dict_args = { - "remote_config_repo": "fake_repo" - } - mock_tool = "TRUFFLEHOG" - mock_tool_deserealizator = Mock() - mock_git_gateway = Mock() - json_exclusion = { - "pipeline_name_carlos":{ - "SKIP_TOOL": { - "create_date": "24012023", - "expired_date": "21092024", - "hu": "" - } - } - } - json_config = { - "IGNORE_SEARCH_PATTERN": [ - "test" - ], - "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 1, - "High": 1, - "Medium": 1, - "Low": 1 - }, - "COMPLIANCE": { - "Critical": 0 - } - }, - "TARGET_BRANCHES": ["trunk", "develop"], - "trufflehog": { - "EXCLUDE_PATH": [".git"], - "NUMBER_THREADS": 4 - } - } - obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') - mock_devops_platform_gateway.get_remote_config.side_effect = [json_exclusion ,json_config, json_exclusion] - - mock_secret_scan_instance = MockSecretScan.return_value - mock_secret_scan_instance.complete_config_tool.return_value = obj_config_tool - mock_devops_platform_gateway.get_variable.side_effect = ["pipeline_name_carlos","pipeline_name_carlos", "pipeline_name", "build"] - mock_secret_scan_instance.process.return_value = ([], "") - - mock_set_input_core_instance = MockSetInputCore.return_value - mock_set_input_core_instance.set_input_core.return_value = "input_core_result" - - findings, input_core_result = engine_secret_scan( - mock_devops_platform_gateway, - mock_tool_gateway, - mock_dict_args, - mock_tool, - mock_tool_deserealizator, - mock_git_gateway - ) - - self.assertEqual(findings, []) +import unittest +from unittest.mock import Mock, patch +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import DeserializeConfigTool +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.entry_points.entry_point_tool import engine_secret_scan + +class TestEngineSecretScan(unittest.TestCase): + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan.SecretScan') + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.set_input_core.SetInputCore') + def test_engine_secret_scan(self, MockSetInputCore, MockSecretScan): + mock_devops_platform_gateway = Mock() + mock_tool_gateway = Mock() + mock_dict_args = { + "remote_config_repo": "fake_repo" + } + mock_tool = "TRUFFLEHOG" + mock_tool_deserealizator = Mock() + mock_git_gateway = Mock() + json_exclusion = { + "pipeline_name_carlos":{ + "SKIP_TOOL": { + "create_date": "24012023", + "expired_date": "21092024", + "hu": "" + } + } + } + json_config = { + "IGNORE_SEARCH_PATTERN": [ + "test" + ], + "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 1, + "Medium": 1, + "Low": 1 + }, + "COMPLIANCE": { + "Critical": 0 + } + }, + "TARGET_BRANCHES": ["trunk", "develop"], + "trufflehog": { + "EXCLUDE_PATH": [".git"], + "NUMBER_THREADS": 4 + } + } + obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') + mock_devops_platform_gateway.get_remote_config.side_effect = [json_exclusion ,json_config, json_exclusion] + + mock_secret_scan_instance = MockSecretScan.return_value + mock_secret_scan_instance.complete_config_tool.return_value = obj_config_tool + mock_devops_platform_gateway.get_variable.side_effect = ["pipeline_name_carlos","pipeline_name_carlos", "pipeline_name", "build"] + mock_secret_scan_instance.process.return_value = ([], "") + + mock_set_input_core_instance = MockSetInputCore.return_value + mock_set_input_core_instance.set_input_core.return_value = "input_core_result" + + findings, input_core_result = engine_secret_scan( + mock_devops_platform_gateway, + mock_tool_gateway, + mock_dict_args, + mock_tool, + mock_tool_deserealizator, + mock_git_gateway + ) + + self.assertEqual(findings, []) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py index 7ef4c2753..7cedfdb02 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py @@ -1,32 +1,32 @@ -import re - - -class HandleRemoteConfigPatterns: - def __init__(self, remote_config, exclusions, pipeline_name): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - - def ignore_analysis_pattern(self): - """ - Handle analysis pattern. - Return: bool: False -> not scan, True -> scan. - """ - ignore = self.remote_config["IGNORE_SEARCH_PATTERN"] - if re.match(ignore, self.pipeline_name, re.IGNORECASE): - return False - else: - return True - - def skip_from_exclusion(self): - """ - Handle skip tool. - - Return: bool: True -> skip tool, False -> not skip tool. - """ - if (self.pipeline_name in self.exclusions) and ( - self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) - ): - return True - else: - return False +import re + + +class HandleRemoteConfigPatterns: + def __init__(self, remote_config, exclusions, pipeline_name): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + + def ignore_analysis_pattern(self): + """ + Handle analysis pattern. + Return: bool: False -> not scan, True -> scan. + """ + ignore = self.remote_config["IGNORE_SEARCH_PATTERN"] + if re.match(ignore, self.pipeline_name, re.IGNORECASE): + return False + else: + return True + + def skip_from_exclusion(self): + """ + Handle skip tool. + + Return: bool: True -> skip tool, False -> not skip tool. + """ + if (self.pipeline_name in self.exclusions) and ( + self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) + ): + return True + else: + return False diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py index 3d9be4f62..a2c9581c5 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py @@ -1,52 +1,52 @@ -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold - - -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - - -class SetInputCore: - def __init__(self, remote_config, exclusions, pipeline_name, tool, stage): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - self.tool = tool - self.stage = stage - - def get_exclusions(self, exclusions_data, pipeline_name, tool): - list_exclusions = [ - Exclusions( - id=item.get("id", ""), - where=item.get("where", ""), - cve_id=item.get("cve_id", ""), - create_date=item.get("create_date", ""), - expired_date=item.get("expired_date", ""), - severity=item.get("severity", ""), - hu=item.get("hu", ""), - reason=item.get("reason", "Risk acceptance"), - ) - for key, value in exclusions_data.items() - if key in {"All", pipeline_name} and value.get(tool) - for item in value[tool] - ] - return list_exclusions - - def set_input_core(self, image_scanned): - """ - Set the input core. - - Returns: - dict: Input core. - """ - return InputCore( - self.get_exclusions( - self.exclusions, - self.pipeline_name, - self.tool, - ), - Threshold(self.remote_config["THRESHOLD"]), - image_scanned, - self.remote_config["MESSAGE_INFO_ENGINE_CONTAINER"], - self.pipeline_name, - self.stage.capitalize(), - ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + + +class SetInputCore: + def __init__(self, remote_config, exclusions, pipeline_name, tool, stage): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + self.tool = tool + self.stage = stage + + def get_exclusions(self, exclusions_data, pipeline_name, tool): + list_exclusions = [ + Exclusions( + id=item.get("id", ""), + where=item.get("where", ""), + cve_id=item.get("cve_id", ""), + create_date=item.get("create_date", ""), + expired_date=item.get("expired_date", ""), + severity=item.get("severity", ""), + hu=item.get("hu", ""), + reason=item.get("reason", "Risk acceptance"), + ) + for key, value in exclusions_data.items() + if key in {"All", pipeline_name} and value.get(tool) + for item in value[tool] + ] + return list_exclusions + + def set_input_core(self, image_scanned): + """ + Set the input core. + + Returns: + dict: Input core. + """ + return InputCore( + self.get_exclusions( + self.exclusions, + self.pipeline_name, + self.tool, + ), + Threshold(self.remote_config["THRESHOLD"]), + image_scanned, + self.remote_config["MESSAGE_INFO_ENGINE_CONTAINER"], + self.pipeline_name, + self.stage.capitalize(), + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py index f6e68f316..11a79398d 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py @@ -1,29 +1,29 @@ -import subprocess -from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.images_gateway import ( - ImagesGateway, -) -import docker - -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class DockerImages(ImagesGateway): - def list_images(self): - try: - client = docker.from_env() - images = client.images.list() - images_sorted = sorted( - images, key=lambda x: x.attrs["Created"], reverse=True - ) - latest_image = images_sorted[0] - print("ID last image:", latest_image.id) - print("Tag last image:", latest_image.tags) - print("Created date last image:", latest_image.attrs["Created"]) - return latest_image - except Exception as e: - logger.error( - f"Error listing images, docker must be running and added to PATH: {e}" - ) +import subprocess +from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.images_gateway import ( + ImagesGateway, +) +import docker + +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class DockerImages(ImagesGateway): + def list_images(self): + try: + client = docker.from_env() + images = client.images.list() + images_sorted = sorted( + images, key=lambda x: x.attrs["Created"], reverse=True + ) + latest_image = images_sorted[0] + print("ID last image:", latest_image.id) + print("Tag last image:", latest_image.tags) + print("Created date last image:", latest_image.attrs["Created"]) + return latest_image + except Exception as e: + logger.error( + f"Error listing images, docker must be running and added to PATH: {e}" + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py index 0bcc6ab00..3917e4520 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py @@ -1,64 +1,64 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import ( - DeseralizatorGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, - Category, -) -from datetime import datetime -from dataclasses import dataclass -import json - - -@dataclass -class PrismaDeserealizator(DeseralizatorGateway): - def get_list_findings(self, image_scanned) -> "list[Finding]": - list_open_vulnerabilities = [] - SEVERITY_MAP = { - "unimportant": "low", - "unassigned": "low", - "negligible": "low", - "not yet assigned": "low", - "low": "low", - "medium": "medium", - "moderate": "medium", - "high": "high", - "important": "high", - "critical": "critical", - } - with open(image_scanned, "rb") as file: - image_object = file.read() - - json_data = json.loads(image_object) - vulnerabilities_data = ( - json_data["results"][0]["vulnerabilities"] - if "vulnerabilities" in json_data["results"][0] - else [] - ) - - # Create a list of findings instances from the JSON data - vulnerabilities = [ - Finding( - id=vul.get("id", ""), - cvss=float(vul.get("cvss", 0.0)), - where=vul.get("packageName", "") - + ":" - + vul.get("packageVersion", ""), - description=vul.get("description", "")[:150], - severity=SEVERITY_MAP.get(vul.get("severity", ""), ""), - identification_date=datetime.strptime( - vul.get("discoveredDate", ""), "%Y-%m-%dT%H:%M:%S%z" - ), - published_date_cve=vul.get("publishedDate", "").replace("Z", "+00:00"), - module="engine_container", - category=Category.VULNERABILITY, - requirements=vul.get("status", ""), - tool="PrismaCloud", - ) - for vul in vulnerabilities_data - ] - - # Add the Vulnerability instances to the list - list_open_vulnerabilities.extend(vulnerabilities) - - return list_open_vulnerabilities +from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import ( + DeseralizatorGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, + Category, +) +from datetime import datetime +from dataclasses import dataclass +import json + + +@dataclass +class PrismaDeserealizator(DeseralizatorGateway): + def get_list_findings(self, image_scanned) -> "list[Finding]": + list_open_vulnerabilities = [] + SEVERITY_MAP = { + "unimportant": "low", + "unassigned": "low", + "negligible": "low", + "not yet assigned": "low", + "low": "low", + "medium": "medium", + "moderate": "medium", + "high": "high", + "important": "high", + "critical": "critical", + } + with open(image_scanned, "rb") as file: + image_object = file.read() + + json_data = json.loads(image_object) + vulnerabilities_data = ( + json_data["results"][0]["vulnerabilities"] + if "vulnerabilities" in json_data["results"][0] + else [] + ) + + # Create a list of findings instances from the JSON data + vulnerabilities = [ + Finding( + id=vul.get("id", ""), + cvss=float(vul.get("cvss", 0.0)), + where=vul.get("packageName", "") + + ":" + + vul.get("packageVersion", ""), + description=vul.get("description", "")[:150], + severity=SEVERITY_MAP.get(vul.get("severity", ""), ""), + identification_date=datetime.strptime( + vul.get("discoveredDate", ""), "%Y-%m-%dT%H:%M:%S%z" + ), + published_date_cve=vul.get("publishedDate", "").replace("Z", "+00:00"), + module="engine_container", + category=Category.VULNERABILITY, + requirements=vul.get("status", ""), + tool="PrismaCloud", + ) + for vul in vulnerabilities_data + ] + + # Add the Vulnerability instances to the list + list_open_vulnerabilities.extend(vulnerabilities) + + return list_open_vulnerabilities diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py index d345bd8d3..945cc4cc7 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py @@ -1,63 +1,63 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import ( - DeseralizatorGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, - Category, -) -from dataclasses import dataclass -import json -from datetime import datetime, timezone - - -@dataclass -class TrivyDeserializator(DeseralizatorGateway): - def check_date_format(self, vul): - try: - published_date_cve=datetime.strptime( - vul.get("PublishedDate"), - "%Y-%m-%dT%H:%M:%S.%fZ" - ).replace(tzinfo=timezone.utc).isoformat() - except: - published_date_cve=datetime.strptime( - vul.get("PublishedDate"), - "%Y-%m-%dT%H:%M:%SZ" - ).replace(tzinfo=timezone.utc).isoformat() - return published_date_cve - - def get_list_findings(self, image_scanned) -> "list[Finding]": - list_open_vulnerabilities = [] - with open(image_scanned, "rb") as file: - image_object = file.read() - json_data = json.loads(image_object) - vulnerabilities_data = json_data["Results"][0].get("Vulnerabilities", []) - vulnerabilities = [ - Finding( - id=vul.get("VulnerabilityID", ""), - cvss=str(next( - ( - v["V3Score"] - for v in vul["CVSS"].values() - if "V3Score" in v - ), - None, - )), - where=vul.get("PkgName", "") - + " " - + vul.get("InstalledVersion", ""), - description=vul.get("Description", "").replace("\n", "")[:150], - severity=vul.get("Severity", "").lower(), - identification_date=datetime.now().strftime( - "%Y-%m-%dT%H:%M:%S%z" - ), - published_date_cve=self.check_date_format(vul), - module="engine_container", - category=Category.VULNERABILITY, - requirements=vul.get("FixedVersion") or vul.get("Status", ""), - tool="Trivy", - ) - for vul in vulnerabilities_data - if vul.get("CVSS") and vul.get("PublishedDate") - ] - list_open_vulnerabilities.extend(vulnerabilities) - return list_open_vulnerabilities +from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import ( + DeseralizatorGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, + Category, +) +from dataclasses import dataclass +import json +from datetime import datetime, timezone + + +@dataclass +class TrivyDeserializator(DeseralizatorGateway): + def check_date_format(self, vul): + try: + published_date_cve=datetime.strptime( + vul.get("PublishedDate"), + "%Y-%m-%dT%H:%M:%S.%fZ" + ).replace(tzinfo=timezone.utc).isoformat() + except: + published_date_cve=datetime.strptime( + vul.get("PublishedDate"), + "%Y-%m-%dT%H:%M:%SZ" + ).replace(tzinfo=timezone.utc).isoformat() + return published_date_cve + + def get_list_findings(self, image_scanned) -> "list[Finding]": + list_open_vulnerabilities = [] + with open(image_scanned, "rb") as file: + image_object = file.read() + json_data = json.loads(image_object) + vulnerabilities_data = json_data["Results"][0].get("Vulnerabilities", []) + vulnerabilities = [ + Finding( + id=vul.get("VulnerabilityID", ""), + cvss=str(next( + ( + v["V3Score"] + for v in vul["CVSS"].values() + if "V3Score" in v + ), + None, + )), + where=vul.get("PkgName", "") + + " " + + vul.get("InstalledVersion", ""), + description=vul.get("Description", "").replace("\n", "")[:150], + severity=vul.get("Severity", "").lower(), + identification_date=datetime.now().strftime( + "%Y-%m-%dT%H:%M:%S%z" + ), + published_date_cve=self.check_date_format(vul), + module="engine_container", + category=Category.VULNERABILITY, + requirements=vul.get("FixedVersion") or vul.get("Status", ""), + tool="Trivy", + ) + for vul in vulnerabilities_data + if vul.get("CVSS") and vul.get("PublishedDate") + ] + list_open_vulnerabilities.extend(vulnerabilities) + return list_open_vulnerabilities diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py index adf79c97c..5970ad5df 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py @@ -1,106 +1,106 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) - -import subprocess -import platform -import requests -import tarfile -import zipfile - -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class TrivyScan(ToolGateway): - def download_tool(self, file, url): - try: - response = requests.get(url, allow_redirects=True) - with open(file, "wb") as compress_file: - compress_file.write(response.content) - except Exception as e: - logger.error(f"Error downloading trivy: {e}") - - def install_tool(self, file, url): - installed = subprocess.run( - ["which", "./trivy"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - if installed.returncode == 1: - try: - self.download_tool(file, url) - with tarfile.open(file, 'r:gz') as tar_file: - tar_file.extract(member=tar_file.getmember("trivy")) - except Exception as e: - logger.error(f"Error installing trivy: {e}") - - def install_tool_windows(self, file, url): - try: - subprocess.run( - ["./trivy.exe", "--version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - except: - try: - self.download_tool(file, url) - with zipfile.ZipFile(file, 'r') as zip_file: - zip_file.extract(member="trivy.exe") - except Exception as e: - logger.error(f"Error installing trivy: {e}") - - def scan_image(self, prefix, image_name, result_file): - command = [ - prefix, - "--scanners", - "vuln", - "-f", - "json", - "-o", - result_file, - ] - command.extend(["--quiet", "image", image_name]) - try: - subprocess.run( - command, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True, - ) - print(f"The image {image_name} was scanned") - - return result_file - - except Exception as e: - logger.error(f"Error during image scan of {image_name}: {e}") - - def run_tool_container_sca(self, remoteconfig, token, image_name, result_file): - trivy_version = remoteconfig["TRIVY"]["TRIVY_VERSION"] - os_platform = platform.system() - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{trivy_version}/" - - if os_platform == "Linux": - file=f"trivy_{trivy_version}_Linux-64bit.tar.gz" - self.install_tool(file, base_url+file) - command_prefix = "./trivy" - elif os_platform == "Darwin": - file=f"trivy_{trivy_version}_macOS-64bit.tar.gz" - self.install_tool(file, base_url+file) - command_prefix = "./trivy" - elif os_platform == "Windows": - file=f"trivy_{trivy_version}_windows-64bit.zip" - self.install_tool_windows(file, base_url+file) - command_prefix = "./trivy.exe" - else: - logger.warning(f"{os_platform} is not supported.") - return None - - image_scanned = ( - self.scan_image(command_prefix, image_name, result_file) - ) - - return image_scanned +from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) + +import subprocess +import platform +import requests +import tarfile +import zipfile + +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class TrivyScan(ToolGateway): + def download_tool(self, file, url): + try: + response = requests.get(url, allow_redirects=True) + with open(file, "wb") as compress_file: + compress_file.write(response.content) + except Exception as e: + logger.error(f"Error downloading trivy: {e}") + + def install_tool(self, file, url): + installed = subprocess.run( + ["which", "./trivy"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + if installed.returncode == 1: + try: + self.download_tool(file, url) + with tarfile.open(file, 'r:gz') as tar_file: + tar_file.extract(member=tar_file.getmember("trivy")) + except Exception as e: + logger.error(f"Error installing trivy: {e}") + + def install_tool_windows(self, file, url): + try: + subprocess.run( + ["./trivy.exe", "--version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + except: + try: + self.download_tool(file, url) + with zipfile.ZipFile(file, 'r') as zip_file: + zip_file.extract(member="trivy.exe") + except Exception as e: + logger.error(f"Error installing trivy: {e}") + + def scan_image(self, prefix, image_name, result_file): + command = [ + prefix, + "--scanners", + "vuln", + "-f", + "json", + "-o", + result_file, + ] + command.extend(["--quiet", "image", image_name]) + try: + subprocess.run( + command, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + ) + print(f"The image {image_name} was scanned") + + return result_file + + except Exception as e: + logger.error(f"Error during image scan of {image_name}: {e}") + + def run_tool_container_sca(self, remoteconfig, token, image_name, result_file): + trivy_version = remoteconfig["TRIVY"]["TRIVY_VERSION"] + os_platform = platform.system() + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{trivy_version}/" + + if os_platform == "Linux": + file=f"trivy_{trivy_version}_Linux-64bit.tar.gz" + self.install_tool(file, base_url+file) + command_prefix = "./trivy" + elif os_platform == "Darwin": + file=f"trivy_{trivy_version}_macOS-64bit.tar.gz" + self.install_tool(file, base_url+file) + command_prefix = "./trivy" + elif os_platform == "Windows": + file=f"trivy_{trivy_version}_windows-64bit.zip" + self.install_tool_windows(file, base_url+file) + command_prefix = "./trivy.exe" + else: + logger.warning(f"{os_platform} is not supported.") + return None + + image_scanned = ( + self.scan_image(command_prefix, image_name, result_file) + ) + + return image_scanned diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py index 6051922a3..d31dae164 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py @@ -1,18 +1,18 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan import ( - runner_engine_container, -) - -from unittest.mock import patch - - -def test_init_engine_container(): - with patch( - "devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan.init_engine_sca_rm" - ) as mock_init_engine_sca_rm: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "PRISMA" - - result = runner_engine_container(dict_args, tool, token, None) - - mock_init_engine_sca_rm.assert_any_call +from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan import ( + runner_engine_container, +) + +from unittest.mock import patch + + +def test_init_engine_container(): + with patch( + "devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan.init_engine_sca_rm" + ) as mock_init_engine_sca_rm: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "PRISMA" + + result = runner_engine_container(dict_args, tool, token, None) + + mock_init_engine_sca_rm.assert_any_call diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py index 2f84cbf62..b792f716b 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py @@ -1,110 +1,110 @@ -import pytest -from unittest.mock import MagicMock, patch -from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.container_sca_scan import ( - ContainerScaScan, -) - - -@pytest.fixture -def mock_tool_run(): - return MagicMock() - - -@pytest.fixture -def mock_tool_remote(): - return MagicMock() - - -@pytest.fixture -def mock_tool_images(): - return MagicMock() - - -@pytest.fixture -def mock_tool_deserializator(): - return MagicMock() - - -@pytest.fixture -def container_sca_scan( - mock_tool_run, - mock_tool_remote, - mock_tool_images, - mock_tool_deserializator, -): - return ContainerScaScan( - mock_tool_run, - mock_tool_remote, - mock_tool_images, - mock_tool_deserializator, - "1234", - "token", - ) - - -def test_get_latest_image(container_sca_scan): - container_sca_scan.tool_images.list_images.return_value = ["image1", "image2"] - assert container_sca_scan.get_latest_image() == ["image1", "image2"] - - -def test_get_images_already_scanned(container_sca_scan): - with patch("os.path.join") as mock_path_join, patch( - "os.getcwd" - ) as mock_getcwd, patch("os.path.exists") as mock_path_exists, patch( - "builtins.open" - ) as mock_open: - mock_path_join.return_value = "/path/to/scanned_images.txt" - mock_path_exists.return_value = False - mock_open.return_value = MagicMock() - container_sca_scan.get_images_already_scanned() - assert mock_open.call_count == 2 - - -def test_set_image_scanned(container_sca_scan): - with patch("builtins.open") as mock_open: - container_sca_scan.set_image_scanned("result.json") - assert mock_open.call_count == 1 - - -def test_process_image_already_scanned(container_sca_scan): - mock_latest_image = MagicMock() - mock_latest_image.tags = ["my_image:1234"] - container_sca_scan.get_images_already_scanned = MagicMock() - container_sca_scan.get_latest_image = MagicMock() - container_sca_scan.get_latest_image.return_value = mock_latest_image - container_sca_scan.get_images_already_scanned.return_value = [ - "my_image:1234_scan_result.json" - ] - assert container_sca_scan.process() == None - - -def test_process_image_not_already_scanned(container_sca_scan): - mock_latest_image = MagicMock() - mock_latest_image.tags = ["my_image:1234"] - container_sca_scan.get_images_already_scanned = MagicMock() - container_sca_scan.get_latest_image = MagicMock() - container_sca_scan.get_latest_image.return_value = mock_latest_image - container_sca_scan.get_images_already_scanned.return_value = [ - "my_image_scan_result.json" - ] - container_sca_scan.tool_run.run_tool_container_sca.return_value = [ - "my_image:1234_scan_result.json" - ] - container_sca_scan.set_image_scanned = MagicMock() - assert container_sca_scan.process() == ["my_image:1234_scan_result.json"] - - -def test_process_not_buildid(container_sca_scan): - with patch("builtins.print") as mock_print: - mock_latest_image = MagicMock() - mock_latest_image.tags = ["my_image:1234"] - container_sca_scan.process() - mock_print.assert_called_once() - - -def test_deserialize(container_sca_scan): - container_sca_scan.tool_deseralizator.get_list_findings.return_value = [ - "finding1", - "finding2", - ] - assert container_sca_scan.deseralizator("image_scanned") == ["finding1", "finding2"] +import pytest +from unittest.mock import MagicMock, patch +from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.container_sca_scan import ( + ContainerScaScan, +) + + +@pytest.fixture +def mock_tool_run(): + return MagicMock() + + +@pytest.fixture +def mock_tool_remote(): + return MagicMock() + + +@pytest.fixture +def mock_tool_images(): + return MagicMock() + + +@pytest.fixture +def mock_tool_deserializator(): + return MagicMock() + + +@pytest.fixture +def container_sca_scan( + mock_tool_run, + mock_tool_remote, + mock_tool_images, + mock_tool_deserializator, +): + return ContainerScaScan( + mock_tool_run, + mock_tool_remote, + mock_tool_images, + mock_tool_deserializator, + "1234", + "token", + ) + + +def test_get_latest_image(container_sca_scan): + container_sca_scan.tool_images.list_images.return_value = ["image1", "image2"] + assert container_sca_scan.get_latest_image() == ["image1", "image2"] + + +def test_get_images_already_scanned(container_sca_scan): + with patch("os.path.join") as mock_path_join, patch( + "os.getcwd" + ) as mock_getcwd, patch("os.path.exists") as mock_path_exists, patch( + "builtins.open" + ) as mock_open: + mock_path_join.return_value = "/path/to/scanned_images.txt" + mock_path_exists.return_value = False + mock_open.return_value = MagicMock() + container_sca_scan.get_images_already_scanned() + assert mock_open.call_count == 2 + + +def test_set_image_scanned(container_sca_scan): + with patch("builtins.open") as mock_open: + container_sca_scan.set_image_scanned("result.json") + assert mock_open.call_count == 1 + + +def test_process_image_already_scanned(container_sca_scan): + mock_latest_image = MagicMock() + mock_latest_image.tags = ["my_image:1234"] + container_sca_scan.get_images_already_scanned = MagicMock() + container_sca_scan.get_latest_image = MagicMock() + container_sca_scan.get_latest_image.return_value = mock_latest_image + container_sca_scan.get_images_already_scanned.return_value = [ + "my_image:1234_scan_result.json" + ] + assert container_sca_scan.process() == None + + +def test_process_image_not_already_scanned(container_sca_scan): + mock_latest_image = MagicMock() + mock_latest_image.tags = ["my_image:1234"] + container_sca_scan.get_images_already_scanned = MagicMock() + container_sca_scan.get_latest_image = MagicMock() + container_sca_scan.get_latest_image.return_value = mock_latest_image + container_sca_scan.get_images_already_scanned.return_value = [ + "my_image_scan_result.json" + ] + container_sca_scan.tool_run.run_tool_container_sca.return_value = [ + "my_image:1234_scan_result.json" + ] + container_sca_scan.set_image_scanned = MagicMock() + assert container_sca_scan.process() == ["my_image:1234_scan_result.json"] + + +def test_process_not_buildid(container_sca_scan): + with patch("builtins.print") as mock_print: + mock_latest_image = MagicMock() + mock_latest_image.tags = ["my_image:1234"] + container_sca_scan.process() + mock_print.assert_called_once() + + +def test_deserialize(container_sca_scan): + container_sca_scan.tool_deseralizator.get_list_findings.return_value = [ + "finding1", + "finding2", + ] + assert container_sca_scan.deseralizator("image_scanned") == ["finding1", "finding2"] diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py index fc7ccb69b..4cae3ad3a 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py @@ -1,38 +1,38 @@ -import pytest -from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.handle_remote_config_patterns import ( - HandleRemoteConfigPatterns, -) - - -@pytest.fixture -def remote_config(): - return {"IGNORE_SEARCH_PATTERN": "ignore_this_pipeline"} - - -@pytest.fixture -def exclusions(): - return {"dummy_pipeline": {"SKIP_TOOL": 1}} - - -@pytest.fixture -def handle_remote(remote_config, exclusions): - return HandleRemoteConfigPatterns(remote_config, exclusions, "dummy_pipeline") - - -def test_ignore_analysis_pattern_false(handle_remote): - handle_remote.pipeline_name = "ignore_this_pipeline" - assert not handle_remote.ignore_analysis_pattern() - - -def test_ignore_analysis_pattern_true(handle_remote): - handle_remote.pipeline_name = "do_not_ignore_this_pipeline" - assert handle_remote.ignore_analysis_pattern() - - -def test_skip_from_exclusion(handle_remote): - assert handle_remote.skip_from_exclusion() - - -def test_not_skip_from_exclusion(handle_remote): - handle_remote.pipeline_name = "another_pipeline" - assert not handle_remote.skip_from_exclusion() +import pytest +from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.handle_remote_config_patterns import ( + HandleRemoteConfigPatterns, +) + + +@pytest.fixture +def remote_config(): + return {"IGNORE_SEARCH_PATTERN": "ignore_this_pipeline"} + + +@pytest.fixture +def exclusions(): + return {"dummy_pipeline": {"SKIP_TOOL": 1}} + + +@pytest.fixture +def handle_remote(remote_config, exclusions): + return HandleRemoteConfigPatterns(remote_config, exclusions, "dummy_pipeline") + + +def test_ignore_analysis_pattern_false(handle_remote): + handle_remote.pipeline_name = "ignore_this_pipeline" + assert not handle_remote.ignore_analysis_pattern() + + +def test_ignore_analysis_pattern_true(handle_remote): + handle_remote.pipeline_name = "do_not_ignore_this_pipeline" + assert handle_remote.ignore_analysis_pattern() + + +def test_skip_from_exclusion(handle_remote): + assert handle_remote.skip_from_exclusion() + + +def test_not_skip_from_exclusion(handle_remote): + handle_remote.pipeline_name = "another_pipeline" + assert not handle_remote.skip_from_exclusion() diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py index 6d87255ff..aac23bffd 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py @@ -1,120 +1,120 @@ -import pytest -from unittest.mock import Mock -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - -from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.set_input_core import ( - SetInputCore, -) - - -@pytest.fixture -def mock_tool_remote(): - return Mock(spec=DevopsPlatformGateway) - - -def test_get_exclusions(mock_tool_remote): - exclusions_data = { - "All": { - "PRISMA": [ - { - "id": "CVE-2023-5363", - "where": "all", - "create_date": "24012023", - "expired_date": "22092023", - "hu": "", - } - ] - }, - "repository_test": { - "PRISMA": [ - { - "id": "XRAY-N94", - "create_date": "24012023", - "expired_date": "31122023", - "hu": "", - } - ] - }, - "12345_ProyectoEjemplo_RM": { - "PRISMA": [ - { - "id": "CVE-2023-6237", - "cve_id": "CVE-2023-6237", - "expired_date": "21092022", - "create_date": "24012023", - "hu": "", - } - ] - }, - } - pipeline_name = "my_pipeline" - - set_input_core = SetInputCore( - mock_tool_remote, None, pipeline_name, "PRISMA", "release" - ) - - exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") - - assert len(exclusions) == 1 - assert isinstance(exclusions[0], Exclusions) - assert exclusions[0].id == "CVE-2023-5363" - assert exclusions[0].where == "all" - assert exclusions[0].create_date == "24012023" - assert exclusions[0].expired_date == "22092023" - assert exclusions[0].hu == "" - - -def test_get_exclusions_for_specific_pipeline(mock_tool_remote): - exclusions_data = { - "pipeline_specific": { - "PRISMA": [ - { - "id": "CVE-2024-1234", - "where": "pipeline_specific", - "create_date": "01012024", - "expired_date": "31122024", - "hu": "High", - } - ] - } - } - pipeline_name = "pipeline_specific" - - set_input_core = SetInputCore( - mock_tool_remote, None, pipeline_name, "PRISMA", "release" - ) - exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") - - assert len(exclusions) == 1 - assert exclusions[0].id == "CVE-2024-1234" - assert exclusions[0].where == "pipeline_specific" - assert exclusions[0].create_date == "01012024" - assert exclusions[0].expired_date == "31122024" - assert exclusions[0].hu == "High" - - -def test_get_exclusions_no_matching_exclusions(mock_tool_remote): - exclusions_data = { - "other_pipeline": { - "PRISMA": [ - { - "id": "CVE-2024-5678", - "where": "other_pipeline", - "create_date": "02022024", - "expired_date": "30122024", - "hu": "Medium", - } - ] - } - } - pipeline_name = "my_pipeline" - - set_input_core = SetInputCore( - mock_tool_remote, None, pipeline_name, "PRISMA", "release" - ) - exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") - - assert len(exclusions) == 0 +import pytest +from unittest.mock import Mock +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + +from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.set_input_core import ( + SetInputCore, +) + + +@pytest.fixture +def mock_tool_remote(): + return Mock(spec=DevopsPlatformGateway) + + +def test_get_exclusions(mock_tool_remote): + exclusions_data = { + "All": { + "PRISMA": [ + { + "id": "CVE-2023-5363", + "where": "all", + "create_date": "24012023", + "expired_date": "22092023", + "hu": "", + } + ] + }, + "repository_test": { + "PRISMA": [ + { + "id": "XRAY-N94", + "create_date": "24012023", + "expired_date": "31122023", + "hu": "", + } + ] + }, + "12345_ProyectoEjemplo_RM": { + "PRISMA": [ + { + "id": "CVE-2023-6237", + "cve_id": "CVE-2023-6237", + "expired_date": "21092022", + "create_date": "24012023", + "hu": "", + } + ] + }, + } + pipeline_name = "my_pipeline" + + set_input_core = SetInputCore( + mock_tool_remote, None, pipeline_name, "PRISMA", "release" + ) + + exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") + + assert len(exclusions) == 1 + assert isinstance(exclusions[0], Exclusions) + assert exclusions[0].id == "CVE-2023-5363" + assert exclusions[0].where == "all" + assert exclusions[0].create_date == "24012023" + assert exclusions[0].expired_date == "22092023" + assert exclusions[0].hu == "" + + +def test_get_exclusions_for_specific_pipeline(mock_tool_remote): + exclusions_data = { + "pipeline_specific": { + "PRISMA": [ + { + "id": "CVE-2024-1234", + "where": "pipeline_specific", + "create_date": "01012024", + "expired_date": "31122024", + "hu": "High", + } + ] + } + } + pipeline_name = "pipeline_specific" + + set_input_core = SetInputCore( + mock_tool_remote, None, pipeline_name, "PRISMA", "release" + ) + exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") + + assert len(exclusions) == 1 + assert exclusions[0].id == "CVE-2024-1234" + assert exclusions[0].where == "pipeline_specific" + assert exclusions[0].create_date == "01012024" + assert exclusions[0].expired_date == "31122024" + assert exclusions[0].hu == "High" + + +def test_get_exclusions_no_matching_exclusions(mock_tool_remote): + exclusions_data = { + "other_pipeline": { + "PRISMA": [ + { + "id": "CVE-2024-5678", + "where": "other_pipeline", + "create_date": "02022024", + "expired_date": "30122024", + "hu": "Medium", + } + ] + } + } + pipeline_name = "my_pipeline" + + set_input_core = SetInputCore( + mock_tool_remote, None, pipeline_name, "PRISMA", "release" + ) + exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") + + assert len(exclusions) == 0 diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py index 21a7d4a4c..c14bbc276 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py @@ -1,144 +1,144 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan import ( - PrismaCloudManagerScan, -) - -from unittest.mock import patch, Mock, MagicMock -import pytest - - -@pytest.fixture -def mock_requests_get(): - with patch("requests.get") as mock_get: - yield mock_get - - -@pytest.fixture -def twistcli_instance(): - return PrismaCloudManagerScan() - - -@pytest.fixture -def mock_remoteconfig(): - return { - "PRISMA_CLOUD": { - "TWISTCLI_PATH": "twistcli", - "PRISMA_CONSOLE_URL": "", - "PRISMA_ACCESS_KEY": "", - "PRISMA_API_VERSION": "v32.03", - }, - "TRIVY": {"TRIVY_VERSION": "0.48.1"}, - "MESSAGE_INFO_SCA_RM": "If you have doubts, visit ", - "THRESHOLD": { - "VULNERABILITY": {"Critical": 999, "High": 999, "Medium": 999, "Low": 999}, - "COMPLIANCE": {"Critical": 1}, - }, - } - - -@pytest.fixture -def mock_scan_image(): - return [ - {"Repository": "466.com/nu04cr", "Tag": "ms_broker_db-trunk-trunk.20240126.1"} - ] - - -@pytest.fixture -def mock_logger(): - return MagicMock() - - -def test_download_twistcli_success(mock_remoteconfig): - with patch("requests.get") as mock_get, patch( - "builtins.open", create=True - ) as mock_open, patch("os.chmod") as mock_chmod, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" - ) as mock_logger_info: - mock_response = MagicMock() - mock_response.content = b"twistcli_content" - mock_response.raise_for_status.return_value = None - mock_get.return_value = mock_response - - scan_manager = PrismaCloudManagerScan() - scan_manager.download_twistcli( - "file_path", - "prisma_access_key", - "prisma_secret_key", - mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_CONSOLE_URL"], - mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_API_VERSION"], - ) - - -def test_download_twistcli_failure(twistcli_instance, mock_requests_get): - file_path = "/path/to/twistcli" - prisma_access_key = "your_access_key" - prisma_secret_key = "your_secret_key" - prisma_console_url = "https://prisma-console-url.com" - prisma_api_version = "v1" - - expected_url = f"{prisma_console_url}/api/v1/util/twistcli" - expected_credentials = "your_access_key:your_secret_key" - expected_headers = {"Authorization": f"Basic {expected_credentials}"} - - mock_response = Mock() - mock_response.raise_for_status.side_effect = Exception("Test Exception") - mock_requests_get.return_value = mock_response - - with pytest.raises( - ValueError, match="Error downloading twistcli: Test Exception" - ), patch("builtins.open", create=True) as mock_open, patch( - "os.chmod" - ) as mock_chmod, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" - ) as mock_logger_info: - twistcli_instance.download_twistcli( - file_path, - prisma_access_key, - prisma_secret_key, - prisma_console_url, - prisma_api_version, - ) - - mock_requests_get.assert_called_once_with( - expected_url, headers=expected_headers - ) - mock_response.raise_for_status.assert_called_once() - mock_open.assert_not_called() - mock_chmod.assert_not_called() - mock_logger_info.assert_not_called() - - -def test_scan_image_success(mock_remoteconfig): - with patch("builtins.print") as mock_print, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.subprocess.run" - ) as mock_run: - mock_run.return_value = MagicMock() - mock_run.return_value.stdout = "" - mock_run.return_value.stderr = "" - - scan_manager = PrismaCloudManagerScan() - result = scan_manager.scan_image( - "file_path", - "image_name", - "result.json", - mock_remoteconfig, - "prisma_secret_key", - ) - - assert result == "result.json" - - -def test_run_tool_container_sca_success(mock_remoteconfig, mock_scan_image): - with patch("builtins.open") as mock_open, patch("os.path.join") as mock_join, patch( - "os.path.exists" - ) as mock_exists: - PrismaCloudManagerScan.download_twistcli = MagicMock() - PrismaCloudManagerScan.scan_image = MagicMock() - mock_exists.return_value = False - PrismaCloudManagerScan.scan_image.return_value = "result.json" - - scan_manager = PrismaCloudManagerScan() - result = scan_manager.run_tool_container_sca( - mock_remoteconfig, "prisma_secret_key", "image_name", "result.json" - ) - - assert result == "result.json" +from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan import ( + PrismaCloudManagerScan, +) + +from unittest.mock import patch, Mock, MagicMock +import pytest + + +@pytest.fixture +def mock_requests_get(): + with patch("requests.get") as mock_get: + yield mock_get + + +@pytest.fixture +def twistcli_instance(): + return PrismaCloudManagerScan() + + +@pytest.fixture +def mock_remoteconfig(): + return { + "PRISMA_CLOUD": { + "TWISTCLI_PATH": "twistcli", + "PRISMA_CONSOLE_URL": "", + "PRISMA_ACCESS_KEY": "", + "PRISMA_API_VERSION": "v32.03", + }, + "TRIVY": {"TRIVY_VERSION": "0.48.1"}, + "MESSAGE_INFO_SCA_RM": "If you have doubts, visit ", + "THRESHOLD": { + "VULNERABILITY": {"Critical": 999, "High": 999, "Medium": 999, "Low": 999}, + "COMPLIANCE": {"Critical": 1}, + }, + } + + +@pytest.fixture +def mock_scan_image(): + return [ + {"Repository": "466.com/nu04cr", "Tag": "ms_broker_db-trunk-trunk.20240126.1"} + ] + + +@pytest.fixture +def mock_logger(): + return MagicMock() + + +def test_download_twistcli_success(mock_remoteconfig): + with patch("requests.get") as mock_get, patch( + "builtins.open", create=True + ) as mock_open, patch("os.chmod") as mock_chmod, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" + ) as mock_logger_info: + mock_response = MagicMock() + mock_response.content = b"twistcli_content" + mock_response.raise_for_status.return_value = None + mock_get.return_value = mock_response + + scan_manager = PrismaCloudManagerScan() + scan_manager.download_twistcli( + "file_path", + "prisma_access_key", + "prisma_secret_key", + mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_CONSOLE_URL"], + mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_API_VERSION"], + ) + + +def test_download_twistcli_failure(twistcli_instance, mock_requests_get): + file_path = "/path/to/twistcli" + prisma_access_key = "your_access_key" + prisma_secret_key = "your_secret_key" + prisma_console_url = "https://prisma-console-url.com" + prisma_api_version = "v1" + + expected_url = f"{prisma_console_url}/api/v1/util/twistcli" + expected_credentials = "your_access_key:your_secret_key" + expected_headers = {"Authorization": f"Basic {expected_credentials}"} + + mock_response = Mock() + mock_response.raise_for_status.side_effect = Exception("Test Exception") + mock_requests_get.return_value = mock_response + + with pytest.raises( + ValueError, match="Error downloading twistcli: Test Exception" + ), patch("builtins.open", create=True) as mock_open, patch( + "os.chmod" + ) as mock_chmod, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" + ) as mock_logger_info: + twistcli_instance.download_twistcli( + file_path, + prisma_access_key, + prisma_secret_key, + prisma_console_url, + prisma_api_version, + ) + + mock_requests_get.assert_called_once_with( + expected_url, headers=expected_headers + ) + mock_response.raise_for_status.assert_called_once() + mock_open.assert_not_called() + mock_chmod.assert_not_called() + mock_logger_info.assert_not_called() + + +def test_scan_image_success(mock_remoteconfig): + with patch("builtins.print") as mock_print, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.subprocess.run" + ) as mock_run: + mock_run.return_value = MagicMock() + mock_run.return_value.stdout = "" + mock_run.return_value.stderr = "" + + scan_manager = PrismaCloudManagerScan() + result = scan_manager.scan_image( + "file_path", + "image_name", + "result.json", + mock_remoteconfig, + "prisma_secret_key", + ) + + assert result == "result.json" + + +def test_run_tool_container_sca_success(mock_remoteconfig, mock_scan_image): + with patch("builtins.open") as mock_open, patch("os.path.join") as mock_join, patch( + "os.path.exists" + ) as mock_exists: + PrismaCloudManagerScan.download_twistcli = MagicMock() + PrismaCloudManagerScan.scan_image = MagicMock() + mock_exists.return_value = False + PrismaCloudManagerScan.scan_image.return_value = "result.json" + + scan_manager = PrismaCloudManagerScan() + result = scan_manager.run_tool_container_sca( + mock_remoteconfig, "prisma_secret_key", "image_name", "result.json" + ) + + assert result == "result.json" diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py index 270fc6166..e9acad063 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py @@ -1,166 +1,166 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan import ( - TrivyScan, -) - -from unittest.mock import patch, MagicMock, Mock -import pytest - - -@pytest.fixture -def trivy_scan_instance(): - return TrivyScan() - - -def test_download_tool_success(trivy_scan_instance): - with patch("builtins.open") as mock_open, patch( - "requests.get" - ) as mock_request: - - trivy_scan_instance.download_tool("file", "url") - - assert mock_request.call_count == 1 - assert mock_open.call_count == 1 - - -def test_download_tool_exception(trivy_scan_instance): - with patch("requests.get") as mock_request, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_request.side_effect = Exception("custom error") - - trivy_scan_instance.download_tool("file", "url") - - mocke_logger.assert_called_with("Error downloading trivy: custom error") - - -def test_install_tool_success(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "tarfile.open" - ) as mock_tar_open: - mock_run.return_value = Mock(returncode=1) - trivy_scan_instance.download_tool = MagicMock() - - trivy_scan_instance.install_tool("file", "url") - - assert mock_tar_open.call_count == 1 - -def test_install_tool_exception(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_run.return_value = Mock(returncode=1) - trivy_scan_instance.download_tool = MagicMock() - trivy_scan_instance.download_tool.side_effect = Exception("custom error") - - trivy_scan_instance.install_tool("file", "url") - - mocke_logger.assert_called_with("Error installing trivy: custom error") - - -def test_install_tool_windows_success(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "zipfile.ZipFile" - ) as mock_zipfile: - mock_run.side_effect = Exception() - trivy_scan_instance.download_tool = MagicMock() - - trivy_scan_instance.install_tool_windows("file", "url") - - assert mock_zipfile.call_count == 1 - - -def test_install_tool_windows_exception(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_run.side_effect = Exception() - trivy_scan_instance.download_tool = MagicMock() - trivy_scan_instance.download_tool.side_effect = Exception("custom error") - - trivy_scan_instance.install_tool_windows("file", "url") - - mocke_logger.assert_called_with("Error installing trivy: custom error") - - -def test_scan_image_success(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "builtins.print" - ) as mock_print: - result = trivy_scan_instance.scan_image("prefix", "image_name", "result.json") - - assert mock_print.call_count == 1 - assert result == "result.json" - - -def test_scan_image_exception(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_run.side_effect = Exception("custom error") - - trivy_scan_instance.scan_image("prefix", "image_name", "result.json") - - mocke_logger.assert_called_with("Error during image scan of image_name: custom error") - - -def test_run_tool_container_sca_linux(trivy_scan_instance): - with patch("platform.system") as mock_platform: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "Linux" - trivy_scan_instance.install_tool = MagicMock() - trivy_scan_instance.scan_image = MagicMock() - trivy_scan_instance.scan_image.return_value = "result.json" - version = remote_config["TRIVY"]["TRIVY_VERSION"] - file = f"trivy_{version}_Linux-64bit.tar.gz" - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) - assert result == "result.json" - - -def test_run_tool_container_sca_darwin(trivy_scan_instance): - with patch("platform.system") as mock_platform: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "Darwin" - trivy_scan_instance.install_tool = MagicMock() - trivy_scan_instance.scan_image = MagicMock() - trivy_scan_instance.scan_image.return_value = "result.json" - version = remote_config["TRIVY"]["TRIVY_VERSION"] - file = f"trivy_{version}_macOS-64bit.tar.gz" - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) - assert result == "result.json" - - -def test_run_tool_container_sca_windows(trivy_scan_instance): - with patch("platform.system") as mock_platform: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "Windows" - trivy_scan_instance.install_tool_windows = MagicMock() - trivy_scan_instance.scan_image = MagicMock() - trivy_scan_instance.scan_image.return_value = "result.json" - version = remote_config["TRIVY"]["TRIVY_VERSION"] - file = f"trivy_{version}_windows-64bit.zip" - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - trivy_scan_instance.install_tool_windows.assert_called_with(file, base_url+file) - assert result == "result.json" - -def test_run_tool_container_sca_none(trivy_scan_instance): - with patch("platform.system") as mock_platform, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.warning" - ) as mock_logger: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "None" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - mock_logger.assert_called_with("None is not supported.") - assert result == None +from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan import ( + TrivyScan, +) + +from unittest.mock import patch, MagicMock, Mock +import pytest + + +@pytest.fixture +def trivy_scan_instance(): + return TrivyScan() + + +def test_download_tool_success(trivy_scan_instance): + with patch("builtins.open") as mock_open, patch( + "requests.get" + ) as mock_request: + + trivy_scan_instance.download_tool("file", "url") + + assert mock_request.call_count == 1 + assert mock_open.call_count == 1 + + +def test_download_tool_exception(trivy_scan_instance): + with patch("requests.get") as mock_request, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_request.side_effect = Exception("custom error") + + trivy_scan_instance.download_tool("file", "url") + + mocke_logger.assert_called_with("Error downloading trivy: custom error") + + +def test_install_tool_success(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "tarfile.open" + ) as mock_tar_open: + mock_run.return_value = Mock(returncode=1) + trivy_scan_instance.download_tool = MagicMock() + + trivy_scan_instance.install_tool("file", "url") + + assert mock_tar_open.call_count == 1 + +def test_install_tool_exception(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_run.return_value = Mock(returncode=1) + trivy_scan_instance.download_tool = MagicMock() + trivy_scan_instance.download_tool.side_effect = Exception("custom error") + + trivy_scan_instance.install_tool("file", "url") + + mocke_logger.assert_called_with("Error installing trivy: custom error") + + +def test_install_tool_windows_success(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "zipfile.ZipFile" + ) as mock_zipfile: + mock_run.side_effect = Exception() + trivy_scan_instance.download_tool = MagicMock() + + trivy_scan_instance.install_tool_windows("file", "url") + + assert mock_zipfile.call_count == 1 + + +def test_install_tool_windows_exception(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_run.side_effect = Exception() + trivy_scan_instance.download_tool = MagicMock() + trivy_scan_instance.download_tool.side_effect = Exception("custom error") + + trivy_scan_instance.install_tool_windows("file", "url") + + mocke_logger.assert_called_with("Error installing trivy: custom error") + + +def test_scan_image_success(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "builtins.print" + ) as mock_print: + result = trivy_scan_instance.scan_image("prefix", "image_name", "result.json") + + assert mock_print.call_count == 1 + assert result == "result.json" + + +def test_scan_image_exception(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_run.side_effect = Exception("custom error") + + trivy_scan_instance.scan_image("prefix", "image_name", "result.json") + + mocke_logger.assert_called_with("Error during image scan of image_name: custom error") + + +def test_run_tool_container_sca_linux(trivy_scan_instance): + with patch("platform.system") as mock_platform: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "Linux" + trivy_scan_instance.install_tool = MagicMock() + trivy_scan_instance.scan_image = MagicMock() + trivy_scan_instance.scan_image.return_value = "result.json" + version = remote_config["TRIVY"]["TRIVY_VERSION"] + file = f"trivy_{version}_Linux-64bit.tar.gz" + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) + assert result == "result.json" + + +def test_run_tool_container_sca_darwin(trivy_scan_instance): + with patch("platform.system") as mock_platform: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "Darwin" + trivy_scan_instance.install_tool = MagicMock() + trivy_scan_instance.scan_image = MagicMock() + trivy_scan_instance.scan_image.return_value = "result.json" + version = remote_config["TRIVY"]["TRIVY_VERSION"] + file = f"trivy_{version}_macOS-64bit.tar.gz" + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) + assert result == "result.json" + + +def test_run_tool_container_sca_windows(trivy_scan_instance): + with patch("platform.system") as mock_platform: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "Windows" + trivy_scan_instance.install_tool_windows = MagicMock() + trivy_scan_instance.scan_image = MagicMock() + trivy_scan_instance.scan_image.return_value = "result.json" + version = remote_config["TRIVY"]["TRIVY_VERSION"] + file = f"trivy_{version}_windows-64bit.zip" + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + trivy_scan_instance.install_tool_windows.assert_called_with(file, base_url+file) + assert result == "result.json" + +def test_run_tool_container_sca_none(trivy_scan_instance): + with patch("platform.system") as mock_platform, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.warning" + ) as mock_logger: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "None" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + mock_logger.assert_called_with("None is not supported.") + assert result == None diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/entry_points/test_entry_point_tool.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/entry_points/test_entry_point_tool.py index 04ca86ed4..ebcfa2abd 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/entry_points/test_entry_point_tool.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/entry_points/test_entry_point_tool.py @@ -1,132 +1,132 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool import ( - init_engine_sca_rm, -) -from unittest.mock import patch, Mock -import pytest - - -def test_init_engine_sca_rm(): - with patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" - ) as mock_container_sca_scan, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" - ) as mock_set_input_core, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" - ) as mock_handle_remote_config_patterns: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "tool" - mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( - "working_dir" - ) - mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False - mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( - True - ) - mock_container_sca_scan.process.return_value = "scan_result.json" - - deserialized, core_input = init_engine_sca_rm( - Mock(), - Mock(), - Mock(), - Mock(), - dict_args, - token, - tool, - ) - - -def test_init_engine_sca_rm_skip_tool(): - with patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" - ) as mock_container_sca_scan, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" - ) as mock_set_input_core, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" - ) as mock_handle_remote_config_patterns: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "tool" - mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( - "working_dir" - ) - mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = True - mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( - True - ) - - deserialized, core_input = init_engine_sca_rm( - Mock(), - Mock(), - Mock(), - Mock(), - dict_args, - token, - tool, - ) - assert deserialized == [] - mock_container_sca_scan.assert_not_called() - - -def test_init_engine_sca_rm_no_exclusions(): - with patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" - ) as mock_container_sca_scan, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" - ) as mock_set_input_core, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" - ) as mock_handle_remote_config_patterns: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "tool" - mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( - "working_dir" - ) - mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False - mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( - False - ) - mock_container_sca_scan.process.return_value = "scan_result.json" - - deserialized, core_input = init_engine_sca_rm( - Mock(), - Mock(), - Mock(), - Mock(), - dict_args, - token, - tool, - ) - assert deserialized == [] - mock_container_sca_scan.assert_not_called() - - -def test_init_engine_sca_rm_empty_remote_config(): - with patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" - ) as mock_container_sca_scan, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" - ) as mock_set_input_core, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" - ) as mock_handle_remote_config_patterns: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "tool" - mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( - "working_dir" - ) - mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False - mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( - True - ) - mock_container_sca_scan.process.return_value = "scan_result.json" - - deserialized, core_input = init_engine_sca_rm( - Mock(), - Mock(), - Mock(), - Mock(), - dict_args, - token, - tool, - ) +from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool import ( + init_engine_sca_rm, +) +from unittest.mock import patch, Mock +import pytest + + +def test_init_engine_sca_rm(): + with patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" + ) as mock_container_sca_scan, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" + ) as mock_set_input_core, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" + ) as mock_handle_remote_config_patterns: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "tool" + mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( + "working_dir" + ) + mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False + mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( + True + ) + mock_container_sca_scan.process.return_value = "scan_result.json" + + deserialized, core_input = init_engine_sca_rm( + Mock(), + Mock(), + Mock(), + Mock(), + dict_args, + token, + tool, + ) + + +def test_init_engine_sca_rm_skip_tool(): + with patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" + ) as mock_container_sca_scan, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" + ) as mock_set_input_core, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" + ) as mock_handle_remote_config_patterns: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "tool" + mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( + "working_dir" + ) + mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = True + mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( + True + ) + + deserialized, core_input = init_engine_sca_rm( + Mock(), + Mock(), + Mock(), + Mock(), + dict_args, + token, + tool, + ) + assert deserialized == [] + mock_container_sca_scan.assert_not_called() + + +def test_init_engine_sca_rm_no_exclusions(): + with patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" + ) as mock_container_sca_scan, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" + ) as mock_set_input_core, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" + ) as mock_handle_remote_config_patterns: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "tool" + mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( + "working_dir" + ) + mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False + mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( + False + ) + mock_container_sca_scan.process.return_value = "scan_result.json" + + deserialized, core_input = init_engine_sca_rm( + Mock(), + Mock(), + Mock(), + Mock(), + dict_args, + token, + tool, + ) + assert deserialized == [] + mock_container_sca_scan.assert_not_called() + + +def test_init_engine_sca_rm_empty_remote_config(): + with patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.ContainerScaScan" + ) as mock_container_sca_scan, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.SetInputCore" + ) as mock_set_input_core, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" + ) as mock_handle_remote_config_patterns: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "tool" + mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( + "working_dir" + ) + mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False + mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( + True + ) + mock_container_sca_scan.process.return_value = "scan_result.json" + + deserialized, core_input = init_engine_sca_rm( + Mock(), + Mock(), + Mock(), + Mock(), + dict_args, + token, + tool, + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py index 47c168b74..42c9a1572 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/model/gateways/tool_gateway.py @@ -1,9 +1,9 @@ -from abc import ABCMeta, abstractmethod - - -class ToolGateway(metaclass=ABCMeta): - @abstractmethod - def run_tool_dependencies_sca( - self, remote_config, file_to_scan, bypass_limits_flag, token - ) -> str: - "run tool dependencies sca" +from abc import ABCMeta, abstractmethod + + +class ToolGateway(metaclass=ABCMeta): + @abstractmethod + def run_tool_dependencies_sca( + self, remote_config, file_to_scan, bypass_limits_flag, token + ) -> str: + "run tool dependencies sca" diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py index 05c844876..fbffb20d2 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/dependencies_sca_scan.py @@ -1,44 +1,44 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.model.gateways.deserializator_gateway import ( - DeserializatorGateway, -) - - -class DependenciesScan: - def __init__( - self, - tool_run: ToolGateway, - tool_deserializator: DeserializatorGateway, - remote_config, - file_to_scan, - bypass_limits_flag, - token, - ): - self.tool_run = tool_run - self.tool_deserializator = tool_deserializator - self.remote_config = remote_config - self.file_to_scan = file_to_scan - self.bypass_limits_flag = bypass_limits_flag - self.token = token - - def process(self): - """ - Process SCA dependencies scan. - - Return: dict: SCA scanning results. - """ - return self.tool_run.run_tool_dependencies_sca( - self.remote_config, - self.file_to_scan, - self.bypass_limits_flag, - self.token, - ) - - def deserializator(self, dependencies_scanned): - """ - Process the results deserializer. - Terun: list: Deserialized list of findings. - """ - return self.tool_deserializator.get_list_findings(dependencies_scanned) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.model.gateways.deserializator_gateway import ( + DeserializatorGateway, +) + + +class DependenciesScan: + def __init__( + self, + tool_run: ToolGateway, + tool_deserializator: DeserializatorGateway, + remote_config, + file_to_scan, + bypass_limits_flag, + token, + ): + self.tool_run = tool_run + self.tool_deserializator = tool_deserializator + self.remote_config = remote_config + self.file_to_scan = file_to_scan + self.bypass_limits_flag = bypass_limits_flag + self.token = token + + def process(self): + """ + Process SCA dependencies scan. + + Return: dict: SCA scanning results. + """ + return self.tool_run.run_tool_dependencies_sca( + self.remote_config, + self.file_to_scan, + self.bypass_limits_flag, + self.token, + ) + + def deserializator(self, dependencies_scanned): + """ + Process the results deserializer. + Terun: list: Deserialized list of findings. + """ + return self.tool_deserializator.get_list_findings(dependencies_scanned) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/find_artifacts.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/find_artifacts.py index 76be0e964..a5053b003 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/find_artifacts.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/find_artifacts.py @@ -1,100 +1,100 @@ -import os -import tarfile -import subprocess -import shutil -import re - -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class FindArtifacts: - def __init__( - self, - working_dir, - pattern, - packages, - ): - self.working_dir = working_dir - self.pattern = pattern - self.packages = packages - - def find_packages(self, pattern, packages, working_dir): - packages_list = [] - files_list = [] - extension_pattern = re.compile(pattern, re.IGNORECASE) - for root, dirs, files in os.walk(working_dir): - components = root.split(os.path.sep) - flag = 0 - for package in packages: - if not (package in components): - flag = 1 - if package in dirs: - packages_list.append(os.path.join(root, package)) - if flag: - for file in files: - if extension_pattern.search(file): - files_list.append(os.path.join(root, file)) - return packages_list, files_list - - def compress_and_mv(self, tar_path, package): - try: - with tarfile.open(tar_path, "w") as tar: - tar.add( - package, - arcname=os.path.basename(package), - filter=lambda x: None if "/.bin/" in x.name else x, - ) - - except subprocess.CalledProcessError as e: - logger.error(f"Error during {package} compression: {e}") - - def move_files(self, dir_to_scan_path, finded_files): - for file in finded_files: - target = os.path.join(dir_to_scan_path, os.path.basename(file)) - shutil.copy2(file, target) - logger.debug(f"File to scan: {file}") - - def find_artifacts(self): - dir_to_scan_path = os.path.join(self.working_dir, "dependencies_to_scan") - if os.path.exists(dir_to_scan_path): - shutil.rmtree(dir_to_scan_path) - os.makedirs(dir_to_scan_path) - - packages_list, files_list = self.find_packages( - self.pattern, self.packages, self.working_dir - ) - - for package in packages_list: - tar_path = os.path.join( - dir_to_scan_path, - "pkg" - + str(packages_list.index(package) + 1) - + "_" - + os.path.basename(package) - + ".tar", - ) - self.compress_and_mv(tar_path, package) - - if len(files_list): - self.move_files(dir_to_scan_path, files_list) - - files = os.listdir(dir_to_scan_path) - files = [ - file - for file in files - if os.path.isfile(os.path.join(dir_to_scan_path, file)) - ] - file_to_scan = None - if files: - file_to_scan = os.path.join(dir_to_scan_path, "file_to_scan.tar") - self.compress_and_mv(file_to_scan, dir_to_scan_path) - files_string = ", ".join(files) - logger.debug(f"Files to scan: {files_string}") - print(f"Files to scan: {files_string}") - else: - logger.warning("No artifacts found") - - return file_to_scan +import os +import tarfile +import subprocess +import shutil +import re + +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class FindArtifacts: + def __init__( + self, + working_dir, + pattern, + packages, + ): + self.working_dir = working_dir + self.pattern = pattern + self.packages = packages + + def find_packages(self, pattern, packages, working_dir): + packages_list = [] + files_list = [] + extension_pattern = re.compile(pattern, re.IGNORECASE) + for root, dirs, files in os.walk(working_dir): + components = root.split(os.path.sep) + flag = 0 + for package in packages: + if not (package in components): + flag = 1 + if package in dirs: + packages_list.append(os.path.join(root, package)) + if flag: + for file in files: + if extension_pattern.search(file): + files_list.append(os.path.join(root, file)) + return packages_list, files_list + + def compress_and_mv(self, tar_path, package): + try: + with tarfile.open(tar_path, "w") as tar: + tar.add( + package, + arcname=os.path.basename(package), + filter=lambda x: None if "/.bin/" in x.name else x, + ) + + except subprocess.CalledProcessError as e: + logger.error(f"Error during {package} compression: {e}") + + def move_files(self, dir_to_scan_path, finded_files): + for file in finded_files: + target = os.path.join(dir_to_scan_path, os.path.basename(file)) + shutil.copy2(file, target) + logger.debug(f"File to scan: {file}") + + def find_artifacts(self): + dir_to_scan_path = os.path.join(self.working_dir, "dependencies_to_scan") + if os.path.exists(dir_to_scan_path): + shutil.rmtree(dir_to_scan_path) + os.makedirs(dir_to_scan_path) + + packages_list, files_list = self.find_packages( + self.pattern, self.packages, self.working_dir + ) + + for package in packages_list: + tar_path = os.path.join( + dir_to_scan_path, + "pkg" + + str(packages_list.index(package) + 1) + + "_" + + os.path.basename(package) + + ".tar", + ) + self.compress_and_mv(tar_path, package) + + if len(files_list): + self.move_files(dir_to_scan_path, files_list) + + files = os.listdir(dir_to_scan_path) + files = [ + file + for file in files + if os.path.isfile(os.path.join(dir_to_scan_path, file)) + ] + file_to_scan = None + if files: + file_to_scan = os.path.join(dir_to_scan_path, "file_to_scan.tar") + self.compress_and_mv(file_to_scan, dir_to_scan_path) + files_string = ", ".join(files) + logger.debug(f"Files to scan: {files_string}") + print(f"Files to scan: {files_string}") + else: + logger.warning("No artifacts found") + + return file_to_scan diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py index 01c25d10a..466429440 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py @@ -1,75 +1,75 @@ -import re - - -class HandleRemoteConfigPatterns: - def __init__( - self, - remote_config, - exclusions, - pipeline_name, - ): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - - def excluded_files(self): - """ - Handle excluded files. - - Return: string: new regex expresion. - """ - - pattern = self.remote_config["REGEX_EXPRESSION_EXTENSIONS"] - if (self.pipeline_name in self.exclusions) and ( - self.exclusions[self.pipeline_name].get("SKIP_FILES", 0) - ): - exclusion = self.exclusions[self.pipeline_name]["SKIP_FILES"] - if exclusion.get("files", 0): - excluded_file_types = exclusion["files"] - pattern2 = pattern - for ext in excluded_file_types: - pattern2 = ( - pattern2.replace("|" + ext, "") - .replace(ext + "|", "") - .replace(ext, "") - ) - pattern = pattern2 - - return pattern - - def ignore_analysis_pattern(self): - """ - Handle analysis pattern. - - Return: bool: False -> not scan, True -> scan. - """ - ignore = self.remote_config["IGNORE_ANALYSIS_PATTERN"] - if re.match(ignore, self.pipeline_name, re.IGNORECASE): - return False - else: - return True - - def bypass_archive_limits(self): - """ - Handle bypass archive limits. - - Return: bool: True -> Bypass archive limits, False -> Without bypass archive limits. - """ - bypass_limits = self.remote_config["BYPASS_ARCHIVE_LIMITS"] - if re.match(bypass_limits, self.pipeline_name): - return True - else: - return False - - def skip_from_exclusion(self): - """ - Handle skip tool. - - Return: bool: True -> skip tool, False -> not skip tool. - """ - if (self.pipeline_name in self.exclusions) and ( - self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) - ): - return True - else: - return False +import re + + +class HandleRemoteConfigPatterns: + def __init__( + self, + remote_config, + exclusions, + pipeline_name, + ): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + + def excluded_files(self): + """ + Handle excluded files. + + Return: string: new regex expresion. + """ + + pattern = self.remote_config["REGEX_EXPRESSION_EXTENSIONS"] + if (self.pipeline_name in self.exclusions) and ( + self.exclusions[self.pipeline_name].get("SKIP_FILES", 0) + ): + exclusion = self.exclusions[self.pipeline_name]["SKIP_FILES"] + if exclusion.get("files", 0): + excluded_file_types = exclusion["files"] + pattern2 = pattern + for ext in excluded_file_types: + pattern2 = ( + pattern2.replace("|" + ext, "") + .replace(ext + "|", "") + .replace(ext, "") + ) + pattern = pattern2 + + return pattern + + def ignore_analysis_pattern(self): + """ + Handle analysis pattern. + + Return: bool: False -> not scan, True -> scan. + """ + ignore = self.remote_config["IGNORE_ANALYSIS_PATTERN"] + if re.match(ignore, self.pipeline_name, re.IGNORECASE): + return False + else: + return True + + def bypass_archive_limits(self): + """ + Handle bypass archive limits. + + Return: bool: True -> Bypass archive limits, False -> Without bypass archive limits. + """ + bypass_limits = self.remote_config["BYPASS_ARCHIVE_LIMITS"] + if re.match(bypass_limits, self.pipeline_name): + return True + else: + return False + + def skip_from_exclusion(self): + """ + Handle skip tool. + + Return: bool: True -> skip tool, False -> not skip tool. + """ + if (self.pipeline_name in self.exclusions) and ( + self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) + ): + return True + else: + return False diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py index dc2dbe1be..2aa369117 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py @@ -1,65 +1,65 @@ -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - - -class SetInputCore: - def __init__(self, remote_config, exclusions, pipeline_name, tool): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - self.tool = tool - - def get_exclusions(self, exclusions_data, pipeline_name, tool): - list_exclusions = [] - for key, value in exclusions_data.items(): - if (key == "All") or (key == pipeline_name): - if value.get(tool, 0): - exclusions = [ - Exclusions( - id=item.get("id", ""), - where=item.get("where", ""), - cve_id=item.get("cve_id", ""), - create_date=item.get("create_date", ""), - expired_date=item.get("expired_date", ""), - severity=item.get("severity", ""), - hu=item.get("hu", ""), - reason=item.get("reason", "Risk acceptance"), - ) - for item in value[tool] - ] - list_exclusions.extend(exclusions) - return list_exclusions - - def update_threshold(self, threshold, exclusions_data, pipeline_name): - if (pipeline_name in exclusions_data) and ( - exclusions_data[pipeline_name].get("THRESHOLD", 0) - ): - threshold["VULNERABILITY"] = exclusions_data[pipeline_name][ - "THRESHOLD" - ].get("VULNERABILITY") - return threshold - - def set_input_core(self, dependencies_scanned): - """ - Set the input core. - - Returns: - dict: Input core. - """ - return InputCore( - self.get_exclusions( - self.exclusions, - self.pipeline_name, - self.tool, - ), - Threshold( - self.update_threshold( - self.remote_config["THRESHOLD"], self.exclusions, self.pipeline_name - ) - ), - dependencies_scanned, - self.remote_config["MESSAGE_INFO_ENGINE_DEPENDENCIES"], - self.pipeline_name, - "Build", - ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + + +class SetInputCore: + def __init__(self, remote_config, exclusions, pipeline_name, tool): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + self.tool = tool + + def get_exclusions(self, exclusions_data, pipeline_name, tool): + list_exclusions = [] + for key, value in exclusions_data.items(): + if (key == "All") or (key == pipeline_name): + if value.get(tool, 0): + exclusions = [ + Exclusions( + id=item.get("id", ""), + where=item.get("where", ""), + cve_id=item.get("cve_id", ""), + create_date=item.get("create_date", ""), + expired_date=item.get("expired_date", ""), + severity=item.get("severity", ""), + hu=item.get("hu", ""), + reason=item.get("reason", "Risk acceptance"), + ) + for item in value[tool] + ] + list_exclusions.extend(exclusions) + return list_exclusions + + def update_threshold(self, threshold, exclusions_data, pipeline_name): + if (pipeline_name in exclusions_data) and ( + exclusions_data[pipeline_name].get("THRESHOLD", 0) + ): + threshold["VULNERABILITY"] = exclusions_data[pipeline_name][ + "THRESHOLD" + ].get("VULNERABILITY") + return threshold + + def set_input_core(self, dependencies_scanned): + """ + Set the input core. + + Returns: + dict: Input core. + """ + return InputCore( + self.get_exclusions( + self.exclusions, + self.pipeline_name, + self.tool, + ), + Threshold( + self.update_threshold( + self.remote_config["THRESHOLD"], self.exclusions, self.pipeline_name + ) + ), + dependencies_scanned, + self.remote_config["MESSAGE_INFO_ENGINE_DEPENDENCIES"], + self.pipeline_name, + "Build", + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py index 0511696c7..7da12ee20 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/driven_adapters/xray_tool/xray_manager_scan.py @@ -1,150 +1,150 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.model.gateways.tool_gateway import ( - ToolGateway, -) - -import subprocess -import platform -import requests -import re -import os -import json - -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -class XrayScan(ToolGateway): - def install_tool_linux(self, version): - installed = subprocess.run( - ["which", "./jf"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - if installed.returncode == 1: - command = ["chmod", "+x", "./jf"] - try: - url = f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-amd64/jf" - file = "./jf" - response = requests.get(url, allow_redirects=True) - with open(file, "wb") as archivo: - archivo.write(response.content) - subprocess.run( - command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - except subprocess.CalledProcessError as error: - logger.error(f"Error during Jfrog Cli installation on Linux: {error}") - - def install_tool_windows(self, version): - try: - subprocess.run( - ["./jf.exe", "--version"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - except: - try: - url = f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-windows-amd64/jf.exe" - exe_file = "./jf.exe" - response = requests.get(url, allow_redirects=True) - with open(exe_file, "wb") as archivo: - archivo.write(response.content) - except subprocess.CalledProcessError as error: - logger.error(f"Error while Jfrog Cli installation on Windows: {error}") - - def install_tool_darwin(self, version): - installed = subprocess.run( - ["which", "./jf"], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - if installed.returncode == 1: - command = ["chmod", "+x", "./jf"] - try: - url = f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-mac-386/jf" - file = "./jf" - response = requests.get(url, allow_redirects=True) - with open(file, "wb") as archivo: - archivo.write(response.content) - subprocess.run( - command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - except subprocess.CalledProcessError as error: - logger.error(f"Error during Jfrog Cli installation on Darwin: {error}") - - def config_server(self, prefix, token): - try: - c_import = [prefix, "c", "im", token] - result = subprocess.run( - c_import, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True, - ) - server_id = re.search(r"'(.*?)'", result.stderr).group(1) - c_set_server = [prefix, "c", "use", server_id] - subprocess.run( - c_set_server, - check=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True, - ) - except subprocess.CalledProcessError as error: - logger.error(f"Error during Xray Server configuration: {error}") - - def scan_dependencies(self, prefix, file_to_scan, bypass_limits_flag): - try: - if bypass_limits_flag: - command = [ - prefix, - "scan", - "--format=json", - "--bypass-archive-limits", - f"{file_to_scan}", - ] - else: - command = [prefix, "scan", "--format=json", f"{file_to_scan}"] - result = subprocess.run( - command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True - ) - scan_result = json.loads(result.stdout) - file_result = os.path.join(os.getcwd(), "scan_result.json") - with open(file_result, "w") as file: - json.dump(scan_result, file, indent=4) - return file_result - except subprocess.CalledProcessError as error: - logger.error(f"Error executing jf scan: {error}") - - def run_tool_dependencies_sca( - self, - remote_config, - file_to_scan, - bypass_limits_flag, - token, - ): - - cli_version = remote_config["XRAY"]["CLI_VERSION"] - os_platform = platform.system() - - if os_platform == "Linux": - self.install_tool_linux(cli_version) - command_prefix = "./jf" - elif os_platform == "Windows": - self.install_tool_windows(cli_version) - command_prefix = "./jf.exe" - elif os_platform == "Darwin": - command_prefix = "./jf" - self.install_tool_darwin(cli_version) - else: - logger.warning(f"{os_platform} is not supported.") - - self.config_server(command_prefix, token) - - results_file = self.scan_dependencies( - command_prefix, file_to_scan, bypass_limits_flag - ) - - return results_file +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.model.gateways.tool_gateway import ( + ToolGateway, +) + +import subprocess +import platform +import requests +import re +import os +import json + +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +class XrayScan(ToolGateway): + def install_tool_linux(self, version): + installed = subprocess.run( + ["which", "./jf"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + if installed.returncode == 1: + command = ["chmod", "+x", "./jf"] + try: + url = f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-amd64/jf" + file = "./jf" + response = requests.get(url, allow_redirects=True) + with open(file, "wb") as archivo: + archivo.write(response.content) + subprocess.run( + command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE + ) + except subprocess.CalledProcessError as error: + logger.error(f"Error during Jfrog Cli installation on Linux: {error}") + + def install_tool_windows(self, version): + try: + subprocess.run( + ["./jf.exe", "--version"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + except: + try: + url = f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-windows-amd64/jf.exe" + exe_file = "./jf.exe" + response = requests.get(url, allow_redirects=True) + with open(exe_file, "wb") as archivo: + archivo.write(response.content) + except subprocess.CalledProcessError as error: + logger.error(f"Error while Jfrog Cli installation on Windows: {error}") + + def install_tool_darwin(self, version): + installed = subprocess.run( + ["which", "./jf"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + ) + if installed.returncode == 1: + command = ["chmod", "+x", "./jf"] + try: + url = f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-mac-386/jf" + file = "./jf" + response = requests.get(url, allow_redirects=True) + with open(file, "wb") as archivo: + archivo.write(response.content) + subprocess.run( + command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE + ) + except subprocess.CalledProcessError as error: + logger.error(f"Error during Jfrog Cli installation on Darwin: {error}") + + def config_server(self, prefix, token): + try: + c_import = [prefix, "c", "im", token] + result = subprocess.run( + c_import, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + ) + server_id = re.search(r"'(.*?)'", result.stderr).group(1) + c_set_server = [prefix, "c", "use", server_id] + subprocess.run( + c_set_server, + check=True, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + ) + except subprocess.CalledProcessError as error: + logger.error(f"Error during Xray Server configuration: {error}") + + def scan_dependencies(self, prefix, file_to_scan, bypass_limits_flag): + try: + if bypass_limits_flag: + command = [ + prefix, + "scan", + "--format=json", + "--bypass-archive-limits", + f"{file_to_scan}", + ] + else: + command = [prefix, "scan", "--format=json", f"{file_to_scan}"] + result = subprocess.run( + command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True + ) + scan_result = json.loads(result.stdout) + file_result = os.path.join(os.getcwd(), "scan_result.json") + with open(file_result, "w") as file: + json.dump(scan_result, file, indent=4) + return file_result + except subprocess.CalledProcessError as error: + logger.error(f"Error executing jf scan: {error}") + + def run_tool_dependencies_sca( + self, + remote_config, + file_to_scan, + bypass_limits_flag, + token, + ): + + cli_version = remote_config["XRAY"]["CLI_VERSION"] + os_platform = platform.system() + + if os_platform == "Linux": + self.install_tool_linux(cli_version) + command_prefix = "./jf" + elif os_platform == "Windows": + self.install_tool_windows(cli_version) + command_prefix = "./jf.exe" + elif os_platform == "Darwin": + command_prefix = "./jf" + self.install_tool_darwin(cli_version) + else: + logger.warning(f"{os_platform} is not supported.") + + self.config_server(command_prefix, token) + + results_file = self.scan_dependencies( + command_prefix, file_to_scan, bypass_limits_flag + ) + + return results_file diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py index 61bc4035c..db22889cc 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/infrastructure/entry_points/entry_point_tool.py @@ -1,73 +1,73 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan import ( - DependenciesScan, -) -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.set_input_core import ( - SetInputCore, -) -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.handle_remote_config_patterns import ( - HandleRemoteConfigPatterns, -) -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts import ( - FindArtifacts, -) - -import os -import sys - -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -def init_engine_dependencies( - tool_run, tool_remote, tool_deserializator, dict_args, token, tool -): - sys.stdout.reconfigure(encoding="utf-8") - - remote_config = tool_remote.get_remote_config( - dict_args["remote_config_repo"], - "engine_sca/engine_dependencies/ConfigTool.json", - ) - exclusions = tool_remote.get_remote_config( - dict_args["remote_config_repo"], - "engine_sca/engine_dependencies/Exclusions.json", - ) - pipeline_name = tool_remote.get_variable("pipeline_name") - - handle_remote_config_patterns = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - skip_flag = handle_remote_config_patterns.skip_from_exclusion() - scan_flag = handle_remote_config_patterns.ignore_analysis_pattern() - - dependencies_scanned = None - deserialized = [] - input_core = SetInputCore(remote_config, exclusions, pipeline_name, tool) - - if scan_flag and not (skip_flag): - bypass_limits_flag = handle_remote_config_patterns.bypass_archive_limits() - pattern = handle_remote_config_patterns.excluded_files() - - find_artifacts = FindArtifacts( - os.getcwd(), pattern, remote_config["PACKAGES_TO_SCAN"] - ) - file_to_scan = find_artifacts.find_artifacts() - if file_to_scan: - dependencies_sca_scan = DependenciesScan( - tool_run, - tool_deserializator, - remote_config, - file_to_scan, - bypass_limits_flag, - token, - ) - dependencies_scanned = dependencies_sca_scan.process() - deserialized = dependencies_sca_scan.deserializator(dependencies_scanned) - else: - print(f"Tool skipped by DevSecOps policy") - logger.info(f"Tool skipped by DevSecOps policy") - - core_input = input_core.set_input_core(dependencies_scanned) - - return deserialized, core_input +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan import ( + DependenciesScan, +) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.set_input_core import ( + SetInputCore, +) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.handle_remote_config_patterns import ( + HandleRemoteConfigPatterns, +) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts import ( + FindArtifacts, +) + +import os +import sys + +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +def init_engine_dependencies( + tool_run, tool_remote, tool_deserializator, dict_args, token, tool +): + sys.stdout.reconfigure(encoding="utf-8") + + remote_config = tool_remote.get_remote_config( + dict_args["remote_config_repo"], + "engine_sca/engine_dependencies/ConfigTool.json", + ) + exclusions = tool_remote.get_remote_config( + dict_args["remote_config_repo"], + "engine_sca/engine_dependencies/Exclusions.json", + ) + pipeline_name = tool_remote.get_variable("pipeline_name") + + handle_remote_config_patterns = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + skip_flag = handle_remote_config_patterns.skip_from_exclusion() + scan_flag = handle_remote_config_patterns.ignore_analysis_pattern() + + dependencies_scanned = None + deserialized = [] + input_core = SetInputCore(remote_config, exclusions, pipeline_name, tool) + + if scan_flag and not (skip_flag): + bypass_limits_flag = handle_remote_config_patterns.bypass_archive_limits() + pattern = handle_remote_config_patterns.excluded_files() + + find_artifacts = FindArtifacts( + os.getcwd(), pattern, remote_config["PACKAGES_TO_SCAN"] + ) + file_to_scan = find_artifacts.find_artifacts() + if file_to_scan: + dependencies_sca_scan = DependenciesScan( + tool_run, + tool_deserializator, + remote_config, + file_to_scan, + bypass_limits_flag, + token, + ) + dependencies_scanned = dependencies_sca_scan.process() + deserialized = dependencies_sca_scan.deserializator(dependencies_scanned) + else: + print(f"Tool skipped by DevSecOps policy") + logger.info(f"Tool skipped by DevSecOps policy") + + core_input = input_core.set_input_core(dependencies_scanned) + + return deserialized, core_input diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_dependencies_sca_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_dependencies_sca_scan.py index 16ef7cf3d..32b561cfe 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_dependencies_sca_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_dependencies_sca_scan.py @@ -1,88 +1,88 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan import ( - DependenciesScan, -) - -from unittest.mock import patch - - -def test_init(): - with patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.ToolGateway" - ) as mock_tool_gateway, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.DeserializatorGateway" - ) as mock_deserializator_gateway: - remote_config = {"remote_config_key": "remote_config_value"} - file_to_scan = "/working/dir/file.tar" - bypass_limits_flag = True - token = "token" - dependencies_scan_instance = DependenciesScan( - mock_tool_gateway, - mock_deserializator_gateway, - remote_config, - file_to_scan, - bypass_limits_flag, - token, - ) - - assert dependencies_scan_instance.tool_run == mock_tool_gateway - assert ( - dependencies_scan_instance.tool_deserializator - == mock_deserializator_gateway - ) - assert dependencies_scan_instance.remote_config == remote_config - assert dependencies_scan_instance.file_to_scan == file_to_scan - assert dependencies_scan_instance.bypass_limits_flag == bypass_limits_flag - assert dependencies_scan_instance.token == token - - -def test_process(): - with patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.ToolGateway" - ) as mock_tool_gateway, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.DeserializatorGateway" - ) as mock_deserializator_gateway: - remote_config = {"remote_config_key": "remote_config_value"} - file_to_scan = "/working/dir/file.tar" - bypass_limits_flag = True - token = "token" - - dependencies_scan_instance = DependenciesScan( - mock_tool_gateway, - mock_deserializator_gateway, - remote_config, - file_to_scan, - bypass_limits_flag, - token, - ) - dependencies_scan_instance.process() - - mock_tool_gateway.run_tool_dependencies_sca.assert_called_once_with( - remote_config, file_to_scan, bypass_limits_flag, token - ) - - -def test_deserializator(): - with patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.ToolGateway" - ) as mock_tool_gateway, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.DeserializatorGateway" - ) as mock_deserializator_gateway: - remote_config = {"remote_config_key": "remote_config_value"} - file_to_scan = "/working/dir/file.tar" - bypass_limits_flag = True - token = "token" - dependencies_scanned = "scanned.json" - - dependencies_scan_instance = DependenciesScan( - mock_tool_gateway, - mock_deserializator_gateway, - remote_config, - file_to_scan, - bypass_limits_flag, - token, - ) - dependencies_scan_instance.deserializator(dependencies_scanned) - - mock_deserializator_gateway.get_list_findings.assert_called_once_with( - dependencies_scanned - ) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan import ( + DependenciesScan, +) + +from unittest.mock import patch + + +def test_init(): + with patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.ToolGateway" + ) as mock_tool_gateway, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.DeserializatorGateway" + ) as mock_deserializator_gateway: + remote_config = {"remote_config_key": "remote_config_value"} + file_to_scan = "/working/dir/file.tar" + bypass_limits_flag = True + token = "token" + dependencies_scan_instance = DependenciesScan( + mock_tool_gateway, + mock_deserializator_gateway, + remote_config, + file_to_scan, + bypass_limits_flag, + token, + ) + + assert dependencies_scan_instance.tool_run == mock_tool_gateway + assert ( + dependencies_scan_instance.tool_deserializator + == mock_deserializator_gateway + ) + assert dependencies_scan_instance.remote_config == remote_config + assert dependencies_scan_instance.file_to_scan == file_to_scan + assert dependencies_scan_instance.bypass_limits_flag == bypass_limits_flag + assert dependencies_scan_instance.token == token + + +def test_process(): + with patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.ToolGateway" + ) as mock_tool_gateway, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.DeserializatorGateway" + ) as mock_deserializator_gateway: + remote_config = {"remote_config_key": "remote_config_value"} + file_to_scan = "/working/dir/file.tar" + bypass_limits_flag = True + token = "token" + + dependencies_scan_instance = DependenciesScan( + mock_tool_gateway, + mock_deserializator_gateway, + remote_config, + file_to_scan, + bypass_limits_flag, + token, + ) + dependencies_scan_instance.process() + + mock_tool_gateway.run_tool_dependencies_sca.assert_called_once_with( + remote_config, file_to_scan, bypass_limits_flag, token + ) + + +def test_deserializator(): + with patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.ToolGateway" + ) as mock_tool_gateway, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.dependencies_sca_scan.DeserializatorGateway" + ) as mock_deserializator_gateway: + remote_config = {"remote_config_key": "remote_config_value"} + file_to_scan = "/working/dir/file.tar" + bypass_limits_flag = True + token = "token" + dependencies_scanned = "scanned.json" + + dependencies_scan_instance = DependenciesScan( + mock_tool_gateway, + mock_deserializator_gateway, + remote_config, + file_to_scan, + bypass_limits_flag, + token, + ) + dependencies_scan_instance.deserializator(dependencies_scanned) + + mock_deserializator_gateway.get_list_findings.assert_called_once_with( + dependencies_scanned + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_find_artifacts.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_find_artifacts.py index ad8549449..c6d60b37e 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_find_artifacts.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_find_artifacts.py @@ -1,143 +1,143 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts import ( - FindArtifacts, -) - -from unittest.mock import patch -import os -import subprocess - - -def test_init(): - working_dir = "/working/dir" - pattern = "\\.(jar|ear|war)$" - packages = ["package"] - find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) - - assert find_artifacts_instance.working_dir == working_dir - assert find_artifacts_instance.pattern == pattern - - -def test_find_packages(): - with patch("os.walk") as mock_walk, patch("os.path.join") as mock_join: - working_dir = "/path/to/working_dir" - mock_walk.return_value = [ - (working_dir, ["dir1", "dir2"], ["file1.txt", "file2.json"]), - (working_dir, ["dir3"], ["file3.ear"]), - (working_dir, ["node_modules"], ["file4.war"]), - (working_dir, ["site-packages"], ["file5.jar"]), - ] - pattern = "\\.(jar|ear|war)$" - packages = ["package"] - - find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) - find_artifacts_instance.find_packages(pattern, packages, working_dir) - - mock_join.assert_any_call - - -def test_compress_and_mv_success(): - with patch("tarfile.open") as mock_tarfile_open: - package = "/path/to/package" - tar_path = "/path/to/target_dir/package.tar" - working_dir = "/working/dir" - pattern = "\\.(jar|ear|war)$" - packages = ["package"] - - find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) - find_artifacts_instance.compress_and_mv(tar_path, package) - - mock_tarfile_open.assert_called_with(tar_path, "w") - - -def test_compress_and_mv_failure(): - with patch("shutil.rmtree") as mock_rmtree, patch( - "os.makedirs" - ) as mock_makedirs, patch("os.path.exists") as mock_exists, patch( - "os.remove" - ) as mock_remove, patch( - "tarfile.open" - ) as mock_tarfile_open, patch( - "os.path.basename" - ) as mock_basename, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.logger.error" - ) as mock_logger_error: - package = "/path/to/package" - tar_path = "/path/to/target_dir/package.tar" - mock_exists.return_value = True - mock_tarfile_open.side_effect = subprocess.CalledProcessError( - returncode=1, cmd="opentar" - ) - working_dir = "/working/dir" - pattern = "\\.(jar|ear|war)$" - packages = ["package"] - - find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) - find_artifacts_instance.compress_and_mv(tar_path, package) - - mock_logger_error.assert_any_call - - -def test_move_files(): - with patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.logger.debug" - ) as mock_logger_debug, patch("os.path.join") as mock_path_join, patch( - "shutil.copy2" - ) as mock_copy: - dir_to_scan_path = "/dir/to/scan" - finded_files = [ - "/path/to/file1.txt", - "/path/to/file2.txt", - "/path/to/file3.txt", - ] - working_dir = "/working/dir" - pattern = "\\.(jar|ear|war)$" - packages = ["package"] - - find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) - find_artifacts_instance.move_files(dir_to_scan_path, finded_files) - - mock_logger_debug.assert_any_call - - -def test_find_artifacts(): - with patch("os.path.join") as mock_join, patch( - "os.path.exists" - ) as mock_exists, patch("os.makedirs") as mock_makedirs, patch( - "shutil.rmtree" - ) as mock_rmtree, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.FindArtifacts.find_packages" - ) as mock_find_packages, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.FindArtifacts.compress_and_mv" - ) as mock_compress_and_mv, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.FindArtifacts.move_files" - ) as mock_move_files, patch( - "os.listdir" - ) as mock_listdir, patch( - "os.path.isfile" - ) as mock_isfile, patch( - "os.path.join" - ) as mock_path_join, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.logger.debug" - ) as mock_logger: - pattern = "\\.(jar|ear|war)$" - working_dir = "/path/to/working_dir" - packages = ["package"] - mock_join.side_effect = lambda *args: "/".join(args) - mock_exists.return_value = True - mock_find_packages.return_value = ( - ["/path/to/node_modules"], - ["/path/to/file1"], - ) - mock_listdir.return_value = ["package1"] - mock_isfile.return_value = True - - find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) - find_artifacts_instance.find_artifacts() - - mock_rmtree.assert_called_once - mock_makedirs.assert_called_once - mock_find_packages.assert_called_once - mock_join.assert_any_call - mock_compress_and_mv.assert_any_call - mock_move_files.assert_called_once - mock_logger.assert_called_once +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts import ( + FindArtifacts, +) + +from unittest.mock import patch +import os +import subprocess + + +def test_init(): + working_dir = "/working/dir" + pattern = "\\.(jar|ear|war)$" + packages = ["package"] + find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) + + assert find_artifacts_instance.working_dir == working_dir + assert find_artifacts_instance.pattern == pattern + + +def test_find_packages(): + with patch("os.walk") as mock_walk, patch("os.path.join") as mock_join: + working_dir = "/path/to/working_dir" + mock_walk.return_value = [ + (working_dir, ["dir1", "dir2"], ["file1.txt", "file2.json"]), + (working_dir, ["dir3"], ["file3.ear"]), + (working_dir, ["node_modules"], ["file4.war"]), + (working_dir, ["site-packages"], ["file5.jar"]), + ] + pattern = "\\.(jar|ear|war)$" + packages = ["package"] + + find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) + find_artifacts_instance.find_packages(pattern, packages, working_dir) + + mock_join.assert_any_call + + +def test_compress_and_mv_success(): + with patch("tarfile.open") as mock_tarfile_open: + package = "/path/to/package" + tar_path = "/path/to/target_dir/package.tar" + working_dir = "/working/dir" + pattern = "\\.(jar|ear|war)$" + packages = ["package"] + + find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) + find_artifacts_instance.compress_and_mv(tar_path, package) + + mock_tarfile_open.assert_called_with(tar_path, "w") + + +def test_compress_and_mv_failure(): + with patch("shutil.rmtree") as mock_rmtree, patch( + "os.makedirs" + ) as mock_makedirs, patch("os.path.exists") as mock_exists, patch( + "os.remove" + ) as mock_remove, patch( + "tarfile.open" + ) as mock_tarfile_open, patch( + "os.path.basename" + ) as mock_basename, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.logger.error" + ) as mock_logger_error: + package = "/path/to/package" + tar_path = "/path/to/target_dir/package.tar" + mock_exists.return_value = True + mock_tarfile_open.side_effect = subprocess.CalledProcessError( + returncode=1, cmd="opentar" + ) + working_dir = "/working/dir" + pattern = "\\.(jar|ear|war)$" + packages = ["package"] + + find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) + find_artifacts_instance.compress_and_mv(tar_path, package) + + mock_logger_error.assert_any_call + + +def test_move_files(): + with patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.logger.debug" + ) as mock_logger_debug, patch("os.path.join") as mock_path_join, patch( + "shutil.copy2" + ) as mock_copy: + dir_to_scan_path = "/dir/to/scan" + finded_files = [ + "/path/to/file1.txt", + "/path/to/file2.txt", + "/path/to/file3.txt", + ] + working_dir = "/working/dir" + pattern = "\\.(jar|ear|war)$" + packages = ["package"] + + find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) + find_artifacts_instance.move_files(dir_to_scan_path, finded_files) + + mock_logger_debug.assert_any_call + + +def test_find_artifacts(): + with patch("os.path.join") as mock_join, patch( + "os.path.exists" + ) as mock_exists, patch("os.makedirs") as mock_makedirs, patch( + "shutil.rmtree" + ) as mock_rmtree, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.FindArtifacts.find_packages" + ) as mock_find_packages, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.FindArtifacts.compress_and_mv" + ) as mock_compress_and_mv, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.FindArtifacts.move_files" + ) as mock_move_files, patch( + "os.listdir" + ) as mock_listdir, patch( + "os.path.isfile" + ) as mock_isfile, patch( + "os.path.join" + ) as mock_path_join, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.find_artifacts.logger.debug" + ) as mock_logger: + pattern = "\\.(jar|ear|war)$" + working_dir = "/path/to/working_dir" + packages = ["package"] + mock_join.side_effect = lambda *args: "/".join(args) + mock_exists.return_value = True + mock_find_packages.return_value = ( + ["/path/to/node_modules"], + ["/path/to/file1"], + ) + mock_listdir.return_value = ["package1"] + mock_isfile.return_value = True + + find_artifacts_instance = FindArtifacts(working_dir, pattern, packages) + find_artifacts_instance.find_artifacts() + + mock_rmtree.assert_called_once + mock_makedirs.assert_called_once + mock_find_packages.assert_called_once + mock_join.assert_any_call + mock_compress_and_mv.assert_any_call + mock_move_files.assert_called_once + mock_logger.assert_called_once diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py index dc4b68cbf..34573f389 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py @@ -1,130 +1,130 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.handle_remote_config_patterns import ( - HandleRemoteConfigPatterns, -) - -from unittest.mock import patch - - -def test_init(): - remote_config = {"remote_config_key": "remote_config_value"} - exclusions = {"Exclusion": "Exclusion_value"} - pipeline_name = "pipeline" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - - assert handle_remote_config_patterns_instance.remote_config == remote_config - assert handle_remote_config_patterns_instance.exclusions == exclusions - assert handle_remote_config_patterns_instance.pipeline_name == pipeline_name - - -def test_excluded_files(): - remote_config = { - "remote_config_key": "remote_config_value", - "REGEX_EXPRESSION_EXTENSIONS": ".js|.py|.txt", - } - pipeline_name = "pipeline1" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - expected_result = ".js" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.excluded_files() - - assert result == expected_result - - -def test_ignore_analysis_pattern_matched(): - remote_config = { - "remote_config_key": "remote_config_value", - "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", - } - pipeline_name = "pipeline_test" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.ignore_analysis_pattern() - - assert result == False - - -def test_ignore_analysis_pattern_matched(): - remote_config = { - "remote_config_key": "remote_config_value", - "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", - } - pipeline_name = "pipeline" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.ignore_analysis_pattern() - - assert result == True - - -def test_bypass_archive_limits_not_matched(): - remote_config = { - "remote_config_key": "remote_config_value", - "BYPASS_ARCHIVE_LIMITS": "(pipeline1|pipeline2)", - } - pipeline_name = "pipeline" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.bypass_archive_limits() - - assert result == False - - -def test_bypass_archive_limits_matched(): - remote_config = { - "remote_config_key": "remote_config_value", - "BYPASS_ARCHIVE_LIMITS": "(pipeline1|pipeline2)", - } - pipeline_name = "pipeline1" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.bypass_archive_limits() - - assert result == True - - -def test_skip_from_exclusion(): - remote_config = { - "remote_config_key": "remote_config_value", - } - exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} - pipeline_name = "pipeline1" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.skip_from_exclusion() - - assert result == True - - -def test_skip_from_exclusion_not_skip(): - remote_config = { - "remote_config_key": "remote_config_value", - } - exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} - pipeline_name = "pipeline" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.skip_from_exclusion() - - assert result == False +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.handle_remote_config_patterns import ( + HandleRemoteConfigPatterns, +) + +from unittest.mock import patch + + +def test_init(): + remote_config = {"remote_config_key": "remote_config_value"} + exclusions = {"Exclusion": "Exclusion_value"} + pipeline_name = "pipeline" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + + assert handle_remote_config_patterns_instance.remote_config == remote_config + assert handle_remote_config_patterns_instance.exclusions == exclusions + assert handle_remote_config_patterns_instance.pipeline_name == pipeline_name + + +def test_excluded_files(): + remote_config = { + "remote_config_key": "remote_config_value", + "REGEX_EXPRESSION_EXTENSIONS": ".js|.py|.txt", + } + pipeline_name = "pipeline1" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + expected_result = ".js" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.excluded_files() + + assert result == expected_result + + +def test_ignore_analysis_pattern_matched(): + remote_config = { + "remote_config_key": "remote_config_value", + "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", + } + pipeline_name = "pipeline_test" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.ignore_analysis_pattern() + + assert result == False + + +def test_ignore_analysis_pattern_matched(): + remote_config = { + "remote_config_key": "remote_config_value", + "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", + } + pipeline_name = "pipeline" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.ignore_analysis_pattern() + + assert result == True + + +def test_bypass_archive_limits_not_matched(): + remote_config = { + "remote_config_key": "remote_config_value", + "BYPASS_ARCHIVE_LIMITS": "(pipeline1|pipeline2)", + } + pipeline_name = "pipeline" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.bypass_archive_limits() + + assert result == False + + +def test_bypass_archive_limits_matched(): + remote_config = { + "remote_config_key": "remote_config_value", + "BYPASS_ARCHIVE_LIMITS": "(pipeline1|pipeline2)", + } + pipeline_name = "pipeline1" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.bypass_archive_limits() + + assert result == True + + +def test_skip_from_exclusion(): + remote_config = { + "remote_config_key": "remote_config_value", + } + exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} + pipeline_name = "pipeline1" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.skip_from_exclusion() + + assert result == True + + +def test_skip_from_exclusion_not_skip(): + remote_config = { + "remote_config_key": "remote_config_value", + } + exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} + pipeline_name = "pipeline" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.skip_from_exclusion() + + assert result == False diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/driven_adapters/xray_tool/test_xray_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/driven_adapters/xray_tool/test_xray_manager_scan.py index a62719c4b..28a1e6455 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/driven_adapters/xray_tool/test_xray_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/driven_adapters/xray_tool/test_xray_manager_scan.py @@ -1,331 +1,331 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan import ( - XrayScan, -) - -import pytest -from unittest.mock import patch, Mock - -import subprocess - - -@pytest.fixture -def xray_scan_instance(): - return XrayScan() - - -def test_install_tool_linux_success(xray_scan_instance): - version = "2.52.8" - with patch("subprocess.run") as mock_subprocess, patch( - "requests.get" - ) as mock_requests: - mock_subprocess.return_value.returncode = 1 - mock_requests.return_value.content = b"fake_binary_data" - xray_scan_instance.install_tool_linux(version) - - mock_subprocess.assert_called_with( - ["chmod", "+x", "./jf"], check=True, stdout=-1, stderr=-1 - ) - mock_requests.assert_called_with( - f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-amd64/jf", - allow_redirects=True, - ) - - -def test_install_tool_linux_failure(xray_scan_instance): - version = "2.52.8" - with patch("subprocess.run") as mock_subprocess, patch( - "requests.get" - ) as mock_requests, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" - ) as mock_logger_error: - mock_subprocess.side_effect = [ - Mock(returncode=1), - subprocess.CalledProcessError(returncode=1, cmd="chmod"), - ] - mock_requests.return_value.content = b"fake_binary_data" - xray_scan_instance.install_tool_linux(version) - mock_logger_error.assert_called_with( - "Error during Jfrog Cli installation on Linux: Command 'chmod' returned non-zero exit status 1." - ) - - -def test_install_tool_windows_success(xray_scan_instance): - version = "2.52.8" - - with patch("subprocess.run") as mock_subprocess, patch( - "requests.get" - ) as mock_requests: - mock_subprocess.side_effect = subprocess.CalledProcessError( - returncode=1, cmd="chmod" - ) - mock_requests.return_value.content = b"fake_binary_data" - xray_scan_instance.install_tool_windows(version) - - mock_requests.assert_called_with( - f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-windows-amd64/jf.exe", - allow_redirects=True, - ) - - -def test_install_tool_windows_failure(xray_scan_instance): - version = "2.52.8" - with patch("subprocess.run") as mock_subprocess, patch( - "requests.get" - ) as mock_requests, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" - ) as mock_logger_error: - mock_subprocess.side_effect = subprocess.CalledProcessError( - returncode=1, cmd="chmod" - ) - mock_requests.side_effect = subprocess.CalledProcessError( - returncode=1, cmd="chmod" - ) - xray_scan_instance.install_tool_windows(version) - - mock_logger_error.assert_called_with( - "Error while Jfrog Cli installation on Windows: Command 'chmod' returned non-zero exit status 1." - ) - - -def test_install_tool_darwin_success(xray_scan_instance): - version = "2.52.8" - with patch("subprocess.run") as mock_subprocess, patch( - "requests.get" - ) as mock_requests: - mock_subprocess.return_value.returncode = 1 - mock_requests.return_value.content = b"fake_binary_data" - xray_scan_instance.install_tool_darwin(version) - - mock_subprocess.assert_called_with( - ["chmod", "+x", "./jf"], check=True, stdout=-1, stderr=-1 - ) - mock_requests.assert_called_with( - f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-mac-386/jf", - allow_redirects=True, - ) - - -def test_install_tool_darwin_failure(xray_scan_instance): - version = "2.52.8" - with patch("subprocess.run") as mock_subprocess, patch( - "requests.get" - ) as mock_requests, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" - ) as mock_logger_error: - mock_subprocess.side_effect = [ - Mock(returncode=1), - subprocess.CalledProcessError(returncode=1, cmd="chmod"), - ] - mock_requests.return_value.content = b"fake_binary_data" - xray_scan_instance.install_tool_darwin(version) - mock_logger_error.assert_called_with( - "Error during Jfrog Cli installation on Darwin: Command 'chmod' returned non-zero exit status 1." - ) - - -def test_config_server_success(xray_scan_instance): - prefix = "prefix_test" - token = "toke_test" - with patch("subprocess.run") as mock_subprocess: - mock_subprocess.side_effect = [ - Mock( - returncode=0, - stderr="15:43:29 [🔵Info] Importing server ID 'Artifactory'", - ), - Mock(returncode=0), - ] - xray_scan_instance.config_server(prefix, token) - - mock_subprocess.assert_called_with( - [prefix, "c", "use", "Artifactory"], - check=True, - stdout=-1, - stderr=-1, - text=True, - ) - - -def test_config_server_failure(xray_scan_instance): - prefix = "prefix_test" - token = "toke_test" - with patch("subprocess.run") as mock_subprocess, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" - ) as mock_logger_error: - mock_subprocess.side_effect = [ - Mock( - returncode=0, - stderr="15:43:29 [🔵Info] Importing server ID 'Artifactory'", - ), - subprocess.CalledProcessError(returncode=1, cmd="chmod"), - ] - xray_scan_instance.config_server(prefix, token) - - mock_logger_error.assert_called_with( - "Error during Xray Server configuration: Command 'chmod' returned non-zero exit status 1." - ) - - -def test_scan_dependencies_success(xray_scan_instance): - with patch("subprocess.run") as mock_subprocess_run, patch( - "json.dump" - ) as mock_json_dump, patch("json.loads") as mock_json_loads, patch( - "builtins.open" - ) as mock_open, patch( - "os.path.join" - ) as mock_path_join, patch( - "os.getcwd" - ) as mock_os_getcwd: - prefix = "jf" - file_to_scan = "target_file.tar" - bypass_limits_flag = True - mock_subprocess_run.side_effect = Mock(returncode=0) - mock_os_getcwd.return_value = "/working_dir" - - xray_scan_instance.scan_dependencies( - prefix, file_to_scan, bypass_limits_flag - ) - - mock_subprocess_run.assert_called_with( - [ - prefix, - "scan", - "--format=json", - "--bypass-archive-limits", - f"{file_to_scan}", - ], - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - text=True, - ) - mock_json_loads.assert_any_call - mock_path_join.assert_called_with("/working_dir", "scan_result.json") - mock_open.assert_any_call - mock_json_dump.assert_any_call - - -def test_scan_dependencies_failure(xray_scan_instance): - with patch("subprocess.run") as mock_subprocess_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" - ) as mock_logger_error: - prefix = "jf" - file_to_scan = "target_file.tar" - bypass_limits_flag = False - mock_subprocess_run.side_effect = subprocess.CalledProcessError( - returncode=1, cmd="xray scan" - ) - - xray_scan_instance.scan_dependencies( - prefix, file_to_scan, bypass_limits_flag - ) - - mock_logger_error.assert_called_with( - "Error executing jf scan: Command 'xray scan' returned non-zero exit status 1." - ) - - -def test_run_tool_dependencies_sca_linux(xray_scan_instance): - with patch("platform.system") as mock_system, patch( - "os.listdir" - ) as mock_listdir, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.install_tool_linux" - ) as mock_install_tool, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.config_server" - ) as mock_config_server, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.scan_dependencies" - ) as mock_scan_dependencies: - mock_system.return_value = "Linux" - mock_listdir.return_value = ["test_artifact"] - remote_config = { - "XRAY": {"CLI_VERSION": "1.0"}, - } - token = "token123" - dir_to_scan_path = "/path/to/working_dir" - bypass_limits_flag = False - - xray_scan_instance.run_tool_dependencies_sca( - remote_config, - dir_to_scan_path, - bypass_limits_flag, - token, - ) - - mock_install_tool.assert_called_with("1.0") - mock_config_server.assert_called_with("./jf", token) - mock_listdir.assert_any_call - mock_scan_dependencies.assert_called_with( - "./jf", - dir_to_scan_path, - bypass_limits_flag, - ) - - -def test_run_tool_dependencies_sca_windows(xray_scan_instance): - with patch("platform.system") as mock_system, patch( - "os.listdir" - ) as mock_listdir, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.install_tool_windows" - ) as mock_install_tool, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.config_server" - ) as mock_config_server, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.scan_dependencies" - ) as mock_scan_dependencies: - mock_system.return_value = "Windows" - mock_listdir.return_value = ["test_artifact"] - remote_config = { - "XRAY": {"CLI_VERSION": "1.0"}, - } - token = "token123" - dir_to_scan_path = "/path/to/working_dir" - bypass_limits_flag = False - - xray_scan_instance.run_tool_dependencies_sca( - remote_config, - dir_to_scan_path, - bypass_limits_flag, - token, - ) - - mock_install_tool.assert_called_with("1.0") - mock_config_server.assert_called_with("./jf.exe", token) - mock_listdir.assert_any_call - mock_scan_dependencies.assert_called_with( - "./jf.exe", - dir_to_scan_path, - bypass_limits_flag, - ) - - -def test_run_tool_dependencies_sca_darwin(xray_scan_instance): - with patch("platform.system") as mock_system, patch( - "os.listdir" - ) as mock_listdir, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.install_tool_darwin" - ) as mock_install_tool, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.config_server" - ) as mock_config_server, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.scan_dependencies" - ) as mock_scan_dependencies: - mock_system.return_value = "Darwin" - mock_listdir.return_value = ["test_artifact"] - remote_config = { - "XRAY": {"CLI_VERSION": "1.0"}, - } - token = "token123" - dir_to_scan_path = "/path/to/working_dir" - bypass_limits_flag = False - - xray_scan_instance.run_tool_dependencies_sca( - remote_config, - dir_to_scan_path, - bypass_limits_flag, - token, - ) - - mock_install_tool.assert_called_with("1.0") - mock_config_server.assert_called_with("./jf", token) - mock_listdir.assert_any_call - mock_scan_dependencies.assert_called_with( - "./jf", - dir_to_scan_path, - bypass_limits_flag, - ) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan import ( + XrayScan, +) + +import pytest +from unittest.mock import patch, Mock + +import subprocess + + +@pytest.fixture +def xray_scan_instance(): + return XrayScan() + + +def test_install_tool_linux_success(xray_scan_instance): + version = "2.52.8" + with patch("subprocess.run") as mock_subprocess, patch( + "requests.get" + ) as mock_requests: + mock_subprocess.return_value.returncode = 1 + mock_requests.return_value.content = b"fake_binary_data" + xray_scan_instance.install_tool_linux(version) + + mock_subprocess.assert_called_with( + ["chmod", "+x", "./jf"], check=True, stdout=-1, stderr=-1 + ) + mock_requests.assert_called_with( + f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-linux-amd64/jf", + allow_redirects=True, + ) + + +def test_install_tool_linux_failure(xray_scan_instance): + version = "2.52.8" + with patch("subprocess.run") as mock_subprocess, patch( + "requests.get" + ) as mock_requests, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" + ) as mock_logger_error: + mock_subprocess.side_effect = [ + Mock(returncode=1), + subprocess.CalledProcessError(returncode=1, cmd="chmod"), + ] + mock_requests.return_value.content = b"fake_binary_data" + xray_scan_instance.install_tool_linux(version) + mock_logger_error.assert_called_with( + "Error during Jfrog Cli installation on Linux: Command 'chmod' returned non-zero exit status 1." + ) + + +def test_install_tool_windows_success(xray_scan_instance): + version = "2.52.8" + + with patch("subprocess.run") as mock_subprocess, patch( + "requests.get" + ) as mock_requests: + mock_subprocess.side_effect = subprocess.CalledProcessError( + returncode=1, cmd="chmod" + ) + mock_requests.return_value.content = b"fake_binary_data" + xray_scan_instance.install_tool_windows(version) + + mock_requests.assert_called_with( + f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-windows-amd64/jf.exe", + allow_redirects=True, + ) + + +def test_install_tool_windows_failure(xray_scan_instance): + version = "2.52.8" + with patch("subprocess.run") as mock_subprocess, patch( + "requests.get" + ) as mock_requests, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" + ) as mock_logger_error: + mock_subprocess.side_effect = subprocess.CalledProcessError( + returncode=1, cmd="chmod" + ) + mock_requests.side_effect = subprocess.CalledProcessError( + returncode=1, cmd="chmod" + ) + xray_scan_instance.install_tool_windows(version) + + mock_logger_error.assert_called_with( + "Error while Jfrog Cli installation on Windows: Command 'chmod' returned non-zero exit status 1." + ) + + +def test_install_tool_darwin_success(xray_scan_instance): + version = "2.52.8" + with patch("subprocess.run") as mock_subprocess, patch( + "requests.get" + ) as mock_requests: + mock_subprocess.return_value.returncode = 1 + mock_requests.return_value.content = b"fake_binary_data" + xray_scan_instance.install_tool_darwin(version) + + mock_subprocess.assert_called_with( + ["chmod", "+x", "./jf"], check=True, stdout=-1, stderr=-1 + ) + mock_requests.assert_called_with( + f"https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/{version}/jfrog-cli-mac-386/jf", + allow_redirects=True, + ) + + +def test_install_tool_darwin_failure(xray_scan_instance): + version = "2.52.8" + with patch("subprocess.run") as mock_subprocess, patch( + "requests.get" + ) as mock_requests, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" + ) as mock_logger_error: + mock_subprocess.side_effect = [ + Mock(returncode=1), + subprocess.CalledProcessError(returncode=1, cmd="chmod"), + ] + mock_requests.return_value.content = b"fake_binary_data" + xray_scan_instance.install_tool_darwin(version) + mock_logger_error.assert_called_with( + "Error during Jfrog Cli installation on Darwin: Command 'chmod' returned non-zero exit status 1." + ) + + +def test_config_server_success(xray_scan_instance): + prefix = "prefix_test" + token = "toke_test" + with patch("subprocess.run") as mock_subprocess: + mock_subprocess.side_effect = [ + Mock( + returncode=0, + stderr="15:43:29 [🔵Info] Importing server ID 'Artifactory'", + ), + Mock(returncode=0), + ] + xray_scan_instance.config_server(prefix, token) + + mock_subprocess.assert_called_with( + [prefix, "c", "use", "Artifactory"], + check=True, + stdout=-1, + stderr=-1, + text=True, + ) + + +def test_config_server_failure(xray_scan_instance): + prefix = "prefix_test" + token = "toke_test" + with patch("subprocess.run") as mock_subprocess, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" + ) as mock_logger_error: + mock_subprocess.side_effect = [ + Mock( + returncode=0, + stderr="15:43:29 [🔵Info] Importing server ID 'Artifactory'", + ), + subprocess.CalledProcessError(returncode=1, cmd="chmod"), + ] + xray_scan_instance.config_server(prefix, token) + + mock_logger_error.assert_called_with( + "Error during Xray Server configuration: Command 'chmod' returned non-zero exit status 1." + ) + + +def test_scan_dependencies_success(xray_scan_instance): + with patch("subprocess.run") as mock_subprocess_run, patch( + "json.dump" + ) as mock_json_dump, patch("json.loads") as mock_json_loads, patch( + "builtins.open" + ) as mock_open, patch( + "os.path.join" + ) as mock_path_join, patch( + "os.getcwd" + ) as mock_os_getcwd: + prefix = "jf" + file_to_scan = "target_file.tar" + bypass_limits_flag = True + mock_subprocess_run.side_effect = Mock(returncode=0) + mock_os_getcwd.return_value = "/working_dir" + + xray_scan_instance.scan_dependencies( + prefix, file_to_scan, bypass_limits_flag + ) + + mock_subprocess_run.assert_called_with( + [ + prefix, + "scan", + "--format=json", + "--bypass-archive-limits", + f"{file_to_scan}", + ], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + text=True, + ) + mock_json_loads.assert_any_call + mock_path_join.assert_called_with("/working_dir", "scan_result.json") + mock_open.assert_any_call + mock_json_dump.assert_any_call + + +def test_scan_dependencies_failure(xray_scan_instance): + with patch("subprocess.run") as mock_subprocess_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.error" + ) as mock_logger_error: + prefix = "jf" + file_to_scan = "target_file.tar" + bypass_limits_flag = False + mock_subprocess_run.side_effect = subprocess.CalledProcessError( + returncode=1, cmd="xray scan" + ) + + xray_scan_instance.scan_dependencies( + prefix, file_to_scan, bypass_limits_flag + ) + + mock_logger_error.assert_called_with( + "Error executing jf scan: Command 'xray scan' returned non-zero exit status 1." + ) + + +def test_run_tool_dependencies_sca_linux(xray_scan_instance): + with patch("platform.system") as mock_system, patch( + "os.listdir" + ) as mock_listdir, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.install_tool_linux" + ) as mock_install_tool, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.config_server" + ) as mock_config_server, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.scan_dependencies" + ) as mock_scan_dependencies: + mock_system.return_value = "Linux" + mock_listdir.return_value = ["test_artifact"] + remote_config = { + "XRAY": {"CLI_VERSION": "1.0"}, + } + token = "token123" + dir_to_scan_path = "/path/to/working_dir" + bypass_limits_flag = False + + xray_scan_instance.run_tool_dependencies_sca( + remote_config, + dir_to_scan_path, + bypass_limits_flag, + token, + ) + + mock_install_tool.assert_called_with("1.0") + mock_config_server.assert_called_with("./jf", token) + mock_listdir.assert_any_call + mock_scan_dependencies.assert_called_with( + "./jf", + dir_to_scan_path, + bypass_limits_flag, + ) + + +def test_run_tool_dependencies_sca_windows(xray_scan_instance): + with patch("platform.system") as mock_system, patch( + "os.listdir" + ) as mock_listdir, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.install_tool_windows" + ) as mock_install_tool, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.config_server" + ) as mock_config_server, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.scan_dependencies" + ) as mock_scan_dependencies: + mock_system.return_value = "Windows" + mock_listdir.return_value = ["test_artifact"] + remote_config = { + "XRAY": {"CLI_VERSION": "1.0"}, + } + token = "token123" + dir_to_scan_path = "/path/to/working_dir" + bypass_limits_flag = False + + xray_scan_instance.run_tool_dependencies_sca( + remote_config, + dir_to_scan_path, + bypass_limits_flag, + token, + ) + + mock_install_tool.assert_called_with("1.0") + mock_config_server.assert_called_with("./jf.exe", token) + mock_listdir.assert_any_call + mock_scan_dependencies.assert_called_with( + "./jf.exe", + dir_to_scan_path, + bypass_limits_flag, + ) + + +def test_run_tool_dependencies_sca_darwin(xray_scan_instance): + with patch("platform.system") as mock_system, patch( + "os.listdir" + ) as mock_listdir, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.install_tool_darwin" + ) as mock_install_tool, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.config_server" + ) as mock_config_server, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.driven_adapters.xray_tool.xray_manager_scan.XrayScan.scan_dependencies" + ) as mock_scan_dependencies: + mock_system.return_value = "Darwin" + mock_listdir.return_value = ["test_artifact"] + remote_config = { + "XRAY": {"CLI_VERSION": "1.0"}, + } + token = "token123" + dir_to_scan_path = "/path/to/working_dir" + bypass_limits_flag = False + + xray_scan_instance.run_tool_dependencies_sca( + remote_config, + dir_to_scan_path, + bypass_limits_flag, + token, + ) + + mock_install_tool.assert_called_with("1.0") + mock_config_server.assert_called_with("./jf", token) + mock_listdir.assert_any_call + mock_scan_dependencies.assert_called_with( + "./jf", + dir_to_scan_path, + bypass_limits_flag, + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/entry_points/test_entry_point_tool.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/entry_points/test_entry_point_tool.py index 8ecdeee00..61a5688ee 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/entry_points/test_entry_point_tool.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/infrastructure/entry_points/test_entry_point_tool.py @@ -1,37 +1,37 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool import ( - init_engine_dependencies, -) - -from unittest.mock import patch, Mock - - -def test_init_engine_dependencies(): - with patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.DependenciesScan" - ) as mock_dependencies_scan, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.SetInputCore" - ) as mock_set_input_core, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" - ) as mock_handle_remote_config_patterns, patch( - "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.FindArtifacts" - ) as mock_find_artifacts: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "tool" - mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( - "working_dir" - ) - mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False - mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( - True - ) - mock_dependencies_scan.process.return_value = "scan_result.json" - - init_engine_dependencies( - Mock(), - Mock(), - Mock(), - dict_args, - token, - tool, - ) +from devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool import ( + init_engine_dependencies, +) + +from unittest.mock import patch, Mock + + +def test_init_engine_dependencies(): + with patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.DependenciesScan" + ) as mock_dependencies_scan, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.SetInputCore" + ) as mock_set_input_core, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.HandleRemoteConfigPatterns" + ) as mock_handle_remote_config_patterns, patch( + "devsecops_engine_tools.engine_sca.engine_dependencies.src.infrastructure.entry_points.entry_point_tool.FindArtifacts" + ) as mock_find_artifacts: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "tool" + mock_handle_remote_config_patterns.process_handle_working_directory.return_value = ( + "working_dir" + ) + mock_handle_remote_config_patterns.process_handle_skip_tool.return_value = False + mock_handle_remote_config_patterns.process_handle_analysis_pattern.return_value = ( + True + ) + mock_dependencies_scan.process.return_value = "scan_result.json" + + init_engine_dependencies( + Mock(), + Mock(), + Mock(), + dict_args, + token, + tool, + ) diff --git a/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py b/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py index da5293e8b..71d7c1a53 100644 --- a/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py +++ b/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py @@ -1,68 +1,68 @@ -import requests -import zipfile -import json -from github import Github -from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError - - -class GithubApi: - def __init__( - self, - personal_access_token: str = "" - ): - self.__personal_access_token = personal_access_token - - def unzip_file(self, zip_file_path, extract_path): - with zipfile.ZipFile(zip_file_path, "r") as zip_ref: - zip_ref.extractall(extract_path) - - def download_latest_release_assets( - self, owner, repository, download_path="." - ): - url = f"https://api.github.com/repos/{owner}/{repository}/releases/latest" - - headers = {"Authorization": f"token {self.__personal_access_token}"} - - response = requests.get(url, headers=headers) - - if response.status_code == 200: - latest_release = response.json() - assets = latest_release["assets"] - - for asset in assets: - asset_url = asset["url"] - asset_name = asset["name"] - - headers.update({"Accept": "application/octet-stream"}) - - response = requests.get(asset_url, headers=headers, stream=True) - - if response.status_code == 200: - with open(f"{download_path}/{asset_name}", "wb") as file: - for chunk in response.iter_content(chunk_size=8192): - file.write(chunk) - self.unzip_file(f"{download_path}/{asset_name}", download_path) - else: - print( - f"Error downloading asset {asset_name}. status code: {response.status_code}" - ) - else: - print( - f"Error getting the assets of the last release. Status code: {response.status_code}" - ) - - def get_github_connection(self): - git_client = Github(self.__personal_access_token) - - return git_client - - def get_remote_json_config(self, git_client: Github, owner, repository, path): - try: - repo = git_client.get_repo(f"{owner}/{repository}") - file_content = repo.get_contents(path) - data = file_content.decoded_content.decode() - content_json = json.loads(data) - - return content_json - except Exception as e: - raise ApiError("Error getting remote github configuration file: " + str(e)) +import requests +import zipfile +import json +from github import Github +from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError + + +class GithubApi: + def __init__( + self, + personal_access_token: str = "" + ): + self.__personal_access_token = personal_access_token + + def unzip_file(self, zip_file_path, extract_path): + with zipfile.ZipFile(zip_file_path, "r") as zip_ref: + zip_ref.extractall(extract_path) + + def download_latest_release_assets( + self, owner, repository, download_path="." + ): + url = f"https://api.github.com/repos/{owner}/{repository}/releases/latest" + + headers = {"Authorization": f"token {self.__personal_access_token}"} + + response = requests.get(url, headers=headers) + + if response.status_code == 200: + latest_release = response.json() + assets = latest_release["assets"] + + for asset in assets: + asset_url = asset["url"] + asset_name = asset["name"] + + headers.update({"Accept": "application/octet-stream"}) + + response = requests.get(asset_url, headers=headers, stream=True) + + if response.status_code == 200: + with open(f"{download_path}/{asset_name}", "wb") as file: + for chunk in response.iter_content(chunk_size=8192): + file.write(chunk) + self.unzip_file(f"{download_path}/{asset_name}", download_path) + else: + print( + f"Error downloading asset {asset_name}. status code: {response.status_code}" + ) + else: + print( + f"Error getting the assets of the last release. Status code: {response.status_code}" + ) + + def get_github_connection(self): + git_client = Github(self.__personal_access_token) + + return git_client + + def get_remote_json_config(self, git_client: Github, owner, repository, path): + try: + repo = git_client.get_repo(f"{owner}/{repository}") + file_content = repo.get_contents(path) + data = file_content.decoded_content.decode() + content_json = json.loads(data) + + return content_json + except Exception as e: + raise ApiError("Error getting remote github configuration file: " + str(e)) diff --git a/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py b/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py index f74d991b3..1cd796c82 100644 --- a/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py +++ b/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py @@ -1,56 +1,56 @@ -import os -from enum import Enum -from devsecops_engine_tools.engine_utilities.input_validations.env_utils import EnvVariables - - -class EnvVariables: - @staticmethod - def get_value(env_name): - env_var = os.environ.get(env_name) - if env_var is None: - raise ValueError(f"La variable de entorno {env_name} no está definida") - return env_var - - -class BaseEnum(Enum): - @property - def env_name(self): - return self._value_.replace(".", "_").upper() - - def value(self): - return EnvVariables.get_value(self.env_name) - - -class SystemVariables(BaseEnum): - github_access_token = "github.access.token" - github_workspace = "github.workspace" - github_job = "github.job" - github_server_url = "github.server.url" - github_repository = "github.repository" - github_event_number = "github.event.number" - github_event_base_ref = "github.event.base.ref" - github_ref = "github.ref" - - -class BuildVariables(BaseEnum): - github_run_id = "github.run.id" - github_run_number = "github.run.number" - github_workflow = "github.workflow" - github_repository = "github.repository" - github_ref = "github.ref" - runner_temp = "runner.temp" - github_sha = "github.sha" - GitHub = "GitHub" - - -class ReleaseVariables(BaseEnum): - github_workflow = "github.workflow" - github_env = "github.env" - github_run_number = "github.run.number" - - -class AgentVariables(BaseEnum): - runner_workspace = "runner.workspace" - github_workspace = "github.workspace" - runner_os = "runner.os" - runner_tool_cache = "runner.tool.cache" +import os +from enum import Enum +from devsecops_engine_tools.engine_utilities.input_validations.env_utils import EnvVariables + + +class EnvVariables: + @staticmethod + def get_value(env_name): + env_var = os.environ.get(env_name) + if env_var is None: + raise ValueError(f"La variable de entorno {env_name} no está definida") + return env_var + + +class BaseEnum(Enum): + @property + def env_name(self): + return self._value_.replace(".", "_").upper() + + def value(self): + return EnvVariables.get_value(self.env_name) + + +class SystemVariables(BaseEnum): + github_access_token = "github.access.token" + github_workspace = "github.workspace" + github_job = "github.job" + github_server_url = "github.server.url" + github_repository = "github.repository" + github_event_number = "github.event.number" + github_event_base_ref = "github.event.base.ref" + github_ref = "github.ref" + + +class BuildVariables(BaseEnum): + github_run_id = "github.run.id" + github_run_number = "github.run.number" + github_workflow = "github.workflow" + github_repository = "github.repository" + github_ref = "github.ref" + runner_temp = "runner.temp" + github_sha = "github.sha" + GitHub = "GitHub" + + +class ReleaseVariables(BaseEnum): + github_workflow = "github.workflow" + github_env = "github.env" + github_run_number = "github.run.number" + + +class AgentVariables(BaseEnum): + runner_workspace = "runner.workspace" + github_workspace = "github.workspace" + runner_os = "runner.os" + runner_tool_cache = "runner.tool.cache" diff --git a/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py b/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py index 3414b4fe6..b7fafd4c3 100644 --- a/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py +++ b/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py @@ -1,114 +1,114 @@ -import unittest -from unittest.mock import patch, MagicMock -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi, ApiError -import json - - -class TestGithubApi(unittest.TestCase): - def setUp(self): - self.personal_access_token = "your_token" - self.github_api = GithubApi(personal_access_token=self.personal_access_token) - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.zipfile.ZipFile') - def test_unzip_file(self, mock_zipfile): - # Configurar el mock de zipfile - mock_zip_ref = mock_zipfile.return_value - - # Llamar a la función que deseas probar - self.github_api.unzip_file('/path/to/your/file.zip', '/path/to/extract') - - # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado - mock_zipfile.assert_called_once_with('/path/to/your/file.zip', 'r') - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.requests.get') - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.unzip_file') - @patch('builtins.open', new_callable=unittest.mock.mock_open()) - def test_download_latest_release_assets(self, mock_open, mock_unzip_file, mock_get): - # Configurar el objeto de respuesta simulado - mock_response = MagicMock() - mock_response.status_code = 200 - mock_response.json.return_value = { - "assets": [ - { - "url": "https://example.com/asset.zip", - "name": "asset.zip" - } - ] - } - mock_get.return_value = mock_response - - owner = "owner" - repository = "repository" - download_path = "." - - # Llamar a la función que deseas probar - self.github_api.download_latest_release_assets( - owner, repository, download_path - ) - - # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado - mock_get.assert_called() - mock_unzip_file.assert_called_once_with( - f"{download_path}/asset.zip", download_path - ) - - mock_open.assert_called_once_with(f"{download_path}/asset.zip", "wb") - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') - def test_get_github_connection(self, mock_github): - mock_github_instance = MagicMock() - mock_github.return_value = mock_github_instance - - test_token = "test_token" - - github_api = GithubApi(test_token) - - result = github_api.get_github_connection() - - mock_github.assert_called_once_with(test_token) - - self.assertEqual(result, mock_github_instance) - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') - def test_get_remote_json_config(self, MockGithub): - owner = "test_owner" - repository = "test_repo" - path = "path/to/config.json" - expected_json = {"key": "value"} - encoded_content = json.dumps(expected_json).encode() - - mock_github_instance = MagicMock() - mock_repo = MagicMock() - mock_file_content = MagicMock() - mock_file_content.decoded_content = encoded_content - - mock_github_instance.get_repo.return_value = mock_repo - mock_repo.get_contents.return_value = mock_file_content - MockGithub.return_value = mock_github_instance - - github_api = GithubApi("test_token") - - result = github_api.get_remote_json_config(mock_github_instance, owner, repository, path) - - mock_github_instance.get_repo.assert_called_once_with(f"{owner}/{repository}") - mock_repo.get_contents.assert_called_once_with(path) - - self.assertEqual(result, expected_json) - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') - def test_get_remote_json_config_raises_error(self, MockGithub): - owner = "test_owner" - repository = "test_repo" - path = "path/to/config.json" - - mock_github_instance = MagicMock() - mock_github_instance.get_repo.side_effect = Exception("Test exception") - - MockGithub.return_value = mock_github_instance - - github_api = GithubApi("test_token") - - with self.assertRaises(ApiError) as context: - github_api.get_remote_json_config(mock_github_instance, owner, repository, path) - - self.assertIn("Error getting remote github configuration file: Test exception", str(context.exception)) +import unittest +from unittest.mock import patch, MagicMock +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi, ApiError +import json + + +class TestGithubApi(unittest.TestCase): + def setUp(self): + self.personal_access_token = "your_token" + self.github_api = GithubApi(personal_access_token=self.personal_access_token) + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.zipfile.ZipFile') + def test_unzip_file(self, mock_zipfile): + # Configurar el mock de zipfile + mock_zip_ref = mock_zipfile.return_value + + # Llamar a la función que deseas probar + self.github_api.unzip_file('/path/to/your/file.zip', '/path/to/extract') + + # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado + mock_zipfile.assert_called_once_with('/path/to/your/file.zip', 'r') + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.requests.get') + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.unzip_file') + @patch('builtins.open', new_callable=unittest.mock.mock_open()) + def test_download_latest_release_assets(self, mock_open, mock_unzip_file, mock_get): + # Configurar el objeto de respuesta simulado + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = { + "assets": [ + { + "url": "https://example.com/asset.zip", + "name": "asset.zip" + } + ] + } + mock_get.return_value = mock_response + + owner = "owner" + repository = "repository" + download_path = "." + + # Llamar a la función que deseas probar + self.github_api.download_latest_release_assets( + owner, repository, download_path + ) + + # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado + mock_get.assert_called() + mock_unzip_file.assert_called_once_with( + f"{download_path}/asset.zip", download_path + ) + + mock_open.assert_called_once_with(f"{download_path}/asset.zip", "wb") + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') + def test_get_github_connection(self, mock_github): + mock_github_instance = MagicMock() + mock_github.return_value = mock_github_instance + + test_token = "test_token" + + github_api = GithubApi(test_token) + + result = github_api.get_github_connection() + + mock_github.assert_called_once_with(test_token) + + self.assertEqual(result, mock_github_instance) + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') + def test_get_remote_json_config(self, MockGithub): + owner = "test_owner" + repository = "test_repo" + path = "path/to/config.json" + expected_json = {"key": "value"} + encoded_content = json.dumps(expected_json).encode() + + mock_github_instance = MagicMock() + mock_repo = MagicMock() + mock_file_content = MagicMock() + mock_file_content.decoded_content = encoded_content + + mock_github_instance.get_repo.return_value = mock_repo + mock_repo.get_contents.return_value = mock_file_content + MockGithub.return_value = mock_github_instance + + github_api = GithubApi("test_token") + + result = github_api.get_remote_json_config(mock_github_instance, owner, repository, path) + + mock_github_instance.get_repo.assert_called_once_with(f"{owner}/{repository}") + mock_repo.get_contents.assert_called_once_with(path) + + self.assertEqual(result, expected_json) + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') + def test_get_remote_json_config_raises_error(self, MockGithub): + owner = "test_owner" + repository = "test_repo" + path = "path/to/config.json" + + mock_github_instance = MagicMock() + mock_github_instance.get_repo.side_effect = Exception("Test exception") + + MockGithub.return_value = mock_github_instance + + github_api = GithubApi("test_token") + + with self.assertRaises(ApiError) as context: + github_api.get_remote_json_config(mock_github_instance, owner, repository, path) + + self.assertIn("Error getting remote github configuration file: Test exception", str(context.exception)) diff --git a/tools/devsecops_engine_tools/version.py b/tools/devsecops_engine_tools/version.py index e40a10c69..6015387b0 100644 --- a/tools/devsecops_engine_tools/version.py +++ b/tools/devsecops_engine_tools/version.py @@ -1 +1 @@ -version = '1.7.32' +version = '1.7.32' From 6cf83d6a0a56b168022001dfb0fbf6f7be034785 Mon Sep 17 00:00:00 2001 From: russbelln Date: Mon, 2 Sep 2024 10:47:12 -0500 Subject: [PATCH 017/441] Merge trunk engine dast --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 53a163aa5..1db19b927 100644 --- a/.gitignore +++ b/.gitignore @@ -60,6 +60,7 @@ kics_assets/ assets_compressed.zip kics_*.zip kubescape-macos-latest +azp/ # Extensions out \ No newline at end of file From 09a40ce92c968ade55cffa9a16a6997a88b4db20 Mon Sep 17 00:00:00 2001 From: russbelln Date: Tue, 3 Sep 2024 15:31:56 -0500 Subject: [PATCH 018/441] adjust dast unit tests --- .../src/domain/usecases/handle_scan.py | 2 +- .../applications/test_runner_engine_core.py | 6 +- .../src/applications/runner_dast_scan.py | 4 +- .../driven_adapters/jwt/jwt_tool.py | 2 +- .../nuclei/nuclei_deserealizer.py | 1 + .../applications/test_runner_dast_scan.py | 16 ++--- .../test/domain/model/test_config_tool.py | 26 +++---- .../test/domain/usecases/test_dast_scan.py | 3 +- .../driven_adapters/jwt/test_jwt_tool.py | 68 ++++++++++++------- .../nuclei/test_nuclei_config.py | 2 +- .../nuclei/test_nuclei_tool.py | 12 ++-- 11 files changed, 80 insertions(+), 62 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py index 3d0a4d136..eee36c923 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py @@ -125,7 +125,7 @@ def process(self, dict_args: any, config_tool: any): elif "engine_dast" in dict_args["tool"]: findings_list, input_core = runner_engine_dast( dict_args, - config_tool, + config_tool["ENGINE_DAST"], secret_tool, self.devops_platform_gateway ) diff --git a/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py b/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py index 676be6cd7..28bdfb75a 100644 --- a/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py +++ b/tools/devsecops_engine_tools/engine_core/test/applications/test_runner_engine_core.py @@ -28,7 +28,7 @@ def test_application_core(mock_get_inputs_from_cli, mock_entry_point_tool): "token_engine_container": None, "token_engine_dependencies": None, "xray_mode": "scan", - "dast_file_path": None, + "dast_file_path": "dast_file_path", } # Mock the dependencies @@ -101,6 +101,7 @@ def test_get_inputs_from_cli(mock_parse_args): mock_args.token_external_checks = None mock_args.xray_mode = "scan" mock_args.image_to_scan = "image" + mock_args.dast_file_path = "dast_file_path" # Mock the parse_args method mock_parse_args.return_value = mock_args @@ -125,6 +126,7 @@ def test_get_inputs_from_cli(mock_parse_args): "token_external_checks": None, "xray_mode": "scan", "image_to_scan":"image", + "dast_file_path": "dast_file_path" } @@ -133,4 +135,4 @@ def test_parse_choices(): result = parse_separated_list( "docker,k8s", {"all", "docker", "k8s", "cloudformation"} ) - assert result == ["docker", "k8s"] + assert result == ["docker", "k8s"] \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index 987252972..f5b4d1ba3 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -79,10 +79,10 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): else: raise ValueError("Can't match if the target type is an api or a web application ") - if config_tool["ENGINE_DAST"]["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool + if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool tool_run = NucleiTool() - if any((k.lower() == "jwt") for k in config_tool["ENGINE_DAST"]["EXTRA_TOOLS"]) and \ + if any((k.lower() == "jwt") for k in config_tool["EXTRA_TOOLS"]) and \ any(isinstance(operation.authentication_gateway, JwtObject) for operation in data["operations"] ): extra_tools.append(JwtTool(target_config)) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py index 3222ceb7a..62d8e66f7 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/jwt/jwt_tool.py @@ -141,5 +141,5 @@ def run_tool(self, target_data, config_tool): path_file_results = generate_file_from_tool( self.TOOL, result_scans, config_tool ) - return finding_list + return finding_list, path_file_results return [] \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py index 50bc06bc7..7bf8b49c6 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_deserealizer.py @@ -37,3 +37,4 @@ def get_list_finding( list_open_findings.append(finding_open) return list_open_findings + diff --git a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py index dba0c3178..d7e98b499 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/test/applications/test_runner_dast_scan.py @@ -5,6 +5,7 @@ ) class TestRunnerEngineDast(unittest.TestCase): + DAST_FILE_PATH = "example_dast.json" @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.load_json_file') @mock.patch('devsecops_engine_tools.engine_dast.src.applications.runner_dast_scan.init_engine_dast') @@ -39,9 +40,9 @@ def test_runner_engine_dast_with_jwt(self, mock_api_config,mock_jwt_tool, mock_n dict_args = { "use_secrets_manager": "true", "tool": "engine_dast", - "dast_file_path": "example_dast.json" + "dast_file_path": TestRunnerEngineDast.DAST_FILE_PATH } - config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": ["JWT"]}} + config_tool = {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": ["JWT"]} secret_tool = {"github_token": "example_token"} devops_platform_gateway = mock.Mock() @@ -90,7 +91,6 @@ def test_runner_engine_dast_with_oauth(self, } mock_nuclei_tool_instance = mock_nuclei_tool.return_value mock_init_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") - # Mock de ApiConfig mock_api_config_instance = mock_api_config.return_value @@ -98,9 +98,9 @@ def test_runner_engine_dast_with_oauth(self, dict_args = { "use_secrets_manager": "true", "tool": "engine_dast", - "dast_file_path": "example_dast.json" + "dast_file_path": TestRunnerEngineDast.DAST_FILE_PATH } - config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": []}} + config_tool = {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": []} secret_tool = {"github_token": "example_token"} devops_platform_gateway = mock.Mock() @@ -136,12 +136,12 @@ def test_runner_engine_dast_with_invalid_target(self, mock_nuclei_tool, mock_ini dict_args = { "use_secrets_manager": "true", "tool": "engine_dast", - "dast_file_path": "example_dast.json" + "dast_file_path": TestRunnerEngineDast.DAST_FILE_PATH } - config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": []}} + config_tool = {"ENABLED": "true", "TOOL": "NUCLEI", "EXTRA_TOOLS": []} secret_tool = {"github_token": "example_token"} devops_platform_gateway = mock.Mock() # Verificar que se lanza una excepción para el target inválido with self.assertRaises(ValueError): - runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway) + runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform_gateway) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py b/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py index e2ff90a55..d25457042 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/domain/model/test_config_tool.py @@ -14,27 +14,25 @@ def setUp(self): "EXCLUSIONS_PATH": "/path/to/exclusions", "USE_EXTERNAL_CHECKS_GIT": True, "EXTERNAL_CHECKS_GIT": "git@example.com:repo.git", - "EXTERNAL_GIT_SSH_HOST": "ssh.example.com", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "fingerprint", "USE_EXTERNAL_CHECKS_DIR": "True", "EXTERNAL_DIR_OWNER": "owner", "EXTERNAL_DIR_REPOSITORY": "repository", "EXTERNAL_DIR_ASSET_NAME": "asset_name", "EXTERNAL_CHECKS_PATH": "/path/to/external/checks", - "MESSAGE_INFO_DAST": "info", - "THRESHOLD": { - "VULNERABILITY": { + "RULES": "rules_data_type" + }, + "THRESHOLD": { + "VULNERABILITY": { "Critical": 1, "High": 5, "Medium": 10, - "Low": 20}, - "COMPLIANCE": { - "Critical": 1 - } - + "Low": 20 + }, + "COMPLIANCE": { + "Critical": 1 + } }, - "RULES": "rules_data_type" - } + "MESSAGE_INFO_DAST": "info" } self.tool = "NUCLEI" self.config_tool = ConfigTool(self.mock_json_data, self.tool) @@ -44,8 +42,6 @@ def test_initialization(self): self.assertEqual(self.config_tool.exclusions_path, "/path/to/exclusions") self.assertTrue(self.config_tool.use_external_checks_git) self.assertEqual(self.config_tool.external_checks_git, "git@example.com:repo.git") - self.assertEqual(self.config_tool.repository_ssh_host, "ssh.example.com") - self.assertEqual(self.config_tool.repository_public_key_fp, "fingerprint") self.assertEqual(self.config_tool.use_external_checks_dir, "True") self.assertEqual(self.config_tool.external_dir_owner, "owner") self.assertEqual(self.config_tool.external_dir_repository, "repository") @@ -62,4 +58,4 @@ def test_initialization(self): self.assertIsNone(self.config_tool.exclusions) self.assertIsNone(self.config_tool.exclusions_all) self.assertIsNone(self.config_tool.exclusions_scope) - self.assertEqual(self.config_tool.rules_all, {}) + self.assertEqual(self.config_tool.rules_all, {}) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py index 72ec9d342..1a3490da8 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py @@ -79,5 +79,4 @@ def test_process(self, ExclusionsMock, ConfigToolMock, InputCoreMock): config_tool=ConfigToolMock.return_value ) - self.assertEqual(result, finding_list ) - #self.assertEqual(input_core, InputCoreMock) \ No newline at end of file + self.assertEqual(result, finding_list ) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py index cf4fae2d8..e9e644764 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_tool.py @@ -1,5 +1,6 @@ import unittest -from unittest.mock import Mock, patch +from unittest.mock import MagicMock, Mock, patch +from devsecops_engine_tools.engine_dast.src.domain.model import config_tool from devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool import JwtTool class TestJwtTool(unittest.TestCase): @@ -8,18 +9,21 @@ def setUp(self): self.target_config_mock = Mock() self.jwt_tool = JwtTool(target_config=self.target_config_mock) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header" + ) def test_verify_jwt_alg(self, mock_get_unverified_header): token = "dummy_token" mock_get_unverified_header.return_value = {"alg": "none"} - result = self.jwt_tool.verify_jwt_alg(token) mock_get_unverified_header.assert_called_once_with(token) - self.assertEqual(result["check-id"], "ENGINE_JWT_001") + self.assertEqual(result["map_id"], "JWT_ALGORITHM") self.assertTrue("description" in result) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header" + ) def test_verify_jws_alg(self, mock_get_unverified_header): token = "dummy_token" mock_get_unverified_header.return_value = {"alg": "ES256"} @@ -27,10 +31,12 @@ def test_verify_jws_alg(self, mock_get_unverified_header): result = self.jwt_tool.verify_jws_alg(token) mock_get_unverified_header.assert_called_once_with(token) - self.assertEqual(result["check-id"], "ENGINE_JWT_002") + self.assertEqual(result["map_id"], "JWS_ALGORITHM") self.assertTrue("description" in result) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header" + ) def test_verify_jwe(self, mock_get_unverified_header): token = "dummy_token" mock_get_unverified_header.side_effect = [ @@ -41,42 +47,54 @@ def test_verify_jwe(self, mock_get_unverified_header): result = self.jwt_tool.verify_jwe(token) self.assertEqual(mock_get_unverified_header.call_count, 2) - self.assertEqual(result["check-id"], "ENGINE_JWT_003") - self.assertIn("Algoritmo", result["description"]) + self.assertEqual(result, None) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header" + ) def test_check_token_jwe(self, mock_get_unverified_header): token = "dummy_token" + jwt_details = {} + config_tool = MagicMock() + mock_get_unverified_header.return_value = {"enc": "A256GCM"} - with patch.object(self.jwt_tool, 'verify_jwe', return_value={"check-id": "ENGINE_JWT_003"}) as mock_verify_jwe: - result = self.jwt_tool.check_token(token) + with patch.object(self.jwt_tool, 'verify_jwe', return_value=None) as mock_verify_jwe: + result = self.jwt_tool.check_token(token, jwt_details, config_tool) mock_verify_jwe.assert_called_once_with(token) - self.assertEqual(result["check-id"], "ENGINE_JWT_003") + self.assertEqual(result, None) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header" + ) def test_check_token_jwt(self, mock_get_unverified_header): token = "dummy_token" + jwt_details = {} + config_tool = MagicMock() mock_get_unverified_header.return_value = {"typ": "JWT"} - with patch.object(self.jwt_tool, 'verify_jwt_alg', return_value={"check-id": "ENGINE_JWT_001"}) as mock_verify_jwt_alg: - result = self.jwt_tool.check_token(token) + with patch.object(self.jwt_tool, 'verify_jwt_alg', return_value=None) as mock_verify_jwt_alg: + result = self.jwt_tool.check_token(token, jwt_details, config_tool) mock_verify_jwt_alg.assert_called_once_with(token) - self.assertEqual(result["check-id"], "ENGINE_JWT_001") + self.assertEqual(result, None) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.jwt.get_unverified_header" + ) def test_check_token_jws(self, mock_get_unverified_header): token = "dummy_token" + jwt_details = {} + config_tool = MagicMock() mock_get_unverified_header.return_value = {} - with patch.object(self.jwt_tool, 'verify_jws_alg', return_value={"check-id": "ENGINE_JWT_002"}) as mock_verify_jws_alg: - result = self.jwt_tool.check_token(token) + with patch.object(self.jwt_tool, 'verify_jws_alg', return_value=None) as mock_verify_jws_alg: + result = self.jwt_tool.check_token(token, jwt_details, config_tool) mock_verify_jws_alg.assert_called_once_with(token) - self.assertEqual(result["check-id"], "ENGINE_JWT_002") + self.assertEqual(result, None) def test_configure_tool(self): operation_mock = Mock() - operation_mock.authentication_gateway = {"type": "JWT"} + operation_mock.authentication_gateway.type = "JWT" target_data_mock = Mock() target_data_mock.operations = [operation_mock] @@ -84,7 +102,9 @@ def test_configure_tool(self): self.assertIn(operation_mock, result) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.generate_file_from_tool') + @patch( + "devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.jwt.jwt_tool.generate_file_from_tool" + ) def test_run_tool(self, mock_generate_file_from_tool): target_data_mock = Mock() config_tool_mock = Mock() @@ -97,7 +117,7 @@ def test_run_tool(self, mock_generate_file_from_tool): findings, path_file_results = self.jwt_tool.run_tool(target_data_mock, config_tool_mock) self.jwt_tool.configure_tool.assert_called_once_with(target_data_mock) - self.jwt_tool.execute.assert_called_once_with([jwt_operation_mock]) + self.jwt_tool.execute.assert_called_once_with([jwt_operation_mock], config_tool_mock) self.jwt_tool.deserialize_results.assert_called_once_with([{"check-id": "ENGINE_JWT_001"}]) mock_generate_file_from_tool.assert_called_once_with( self.jwt_tool.TOOL, [{"check-id": "ENGINE_JWT_001"}], config_tool_mock diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py index 42b631c2c..e4ed6ab0a 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_config.py @@ -80,4 +80,4 @@ def test_customize_templates(self, mock_process_templates_folder): directory = "dummy_directory" self.nuclei_api.customize_templates(directory) self.assertEqual(self.nuclei_api.custom_templates_dir, "customized-nuclei-templates") - mock_process_templates_folder.assert_any_call(base_folder=directory) + mock_process_templates_folder.assert_any_call(base_folder=directory) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py index 262f2258a..a31efe3d0 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py @@ -18,16 +18,16 @@ def setUp(self): "NUCLEI": { "VERSION": "2.3.296", "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", - "EXTERNAL_GIT_SSH_HOST": "github.com", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "erOBYfNqltV9/hWCqBywI=", + "EXTERNAL_CHECKS_GIT": "git@github.com:example/Checks.git//rules", "USE_EXTERNAL_CHECKS_DIR": "True", - "EXTERNAL_DIR_OWNER": "russbelln", + "EXTERNAL_DIR_OWNER": "username", "EXTERNAL_DIR_REPOSITORY": "engine-dast-nuclei-templates", "EXTERNAL_DIR_ASSET_NAME": "rules/engine_dast/nuclei", "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", "EXTERNAL_CHECKS_PATH": "/nuclei-templates", - "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/"}} + "MESSAGE_INFO_DAST": "If you have doubts, visit https://example.com/t/" + } + } self.token = "dummy_token" self.nuclei_tool = NucleiTool(target_config=self.target_config) @@ -55,7 +55,7 @@ def test_run_tool(self, mock_generate_file, mock_get_list_finding, mock_customize_templates): findings_list, path_file_results = self.nuclei_tool.run_tool(self.target_config, self.config_tool, self.token) - mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token) + mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token, ".") mock_customize_templates.assert_called_once_with("dummy_directory") mock_execute.assert_called_once() mock_get_list_finding.assert_called_once_with({"key": "value"}) From deee82a210cb02a3dda65b7206340d88e79d5103 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 5 Sep 2024 11:36:55 -0500 Subject: [PATCH 019/441] adjust unit test engine dast --- .../test/domain/usecases/test_handle_scan.py | 8 ++--- .../src/applications/runner_dast_scan.py | 8 ++--- .../src/domain/usecases/dast_scan.py | 2 +- .../driven_adapters/nuclei/nuclei_tool.py | 4 +-- .../test/domain/usecases/test_dast_scan.py | 31 +++++++++---------- .../nuclei/test_nuclei_tool.py | 22 +++++++++---- 6 files changed, 40 insertions(+), 35 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py index cfae016e6..a8c9cdcbd 100644 --- a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py @@ -173,14 +173,14 @@ def test_process_with_engine_dast(self, mock_open, mock_runner_engine_dast): } secret_tool = {"github_token": "example_token"} self.secrets_manager_gateway.get_secret.return_value = secret_tool - config_tool = {"ENGINE_DAST": {"ENABLED": "true", "TOOL": "NUCLEI"}} + config_tool = {"ENGINE_DAST":{"ENABLED": "true", "TOOL": "NUCLEI"}} # Simula lo que devolverá runner_engine_dast mock_runner_engine_dast.return_value = (["finding1", "finding2"], "input_core_mock") # Llama al método que deseas probar result_findings_list, result_input_core = self.handle_scan.process(dict_args, config_tool) # Verifica que el mock se haya llamado correctamente mock_runner_engine_dast.assert_called_once_with( - dict_args, config_tool, secret_tool, self.devops_platform_gateway + dict_args, config_tool["ENGINE_DAST"], secret_tool, self.devops_platform_gateway ) # Verifica los resultados devueltos self.assertEqual(result_findings_list, ["finding1", "finding2"]) @@ -260,6 +260,4 @@ def test_process_with_engine_dependencies(self, mock_runner_engine_dependencies) self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) mock_runner_engine_dependencies.assert_called_once_with( dict_args, config_tool, secret_tool["token_xray"], self.devops_platform_gateway - ) - - + ) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index f5b4d1ba3..27fe09e7a 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -32,7 +32,8 @@ ) def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): - devops_platform_gateway = devops_platform + if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool + tool_run = NucleiTool() extra_tools = [] target_config = None @@ -79,15 +80,12 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): else: raise ValueError("Can't match if the target type is an api or a web application ") - if config_tool["TOOL"].lower() == "nuclei": # tool_gateway is the main Tool - tool_run = NucleiTool() - if any((k.lower() == "jwt") for k in config_tool["EXTRA_TOOLS"]) and \ any(isinstance(operation.authentication_gateway, JwtObject) for operation in data["operations"] ): extra_tools.append(JwtTool(target_config)) return init_engine_dast( - devops_platform_gateway=devops_platform_gateway, + devops_platform_gateway=devops_platform, tool_gateway=tool_run, dict_args=dict_args, checks_token=secret_tool["github_token"] if secret_tool else os.environ["GITHUB_TOKEN"], diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py index c8bc18f37..b73e9466d 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/domain/usecases/dast_scan.py @@ -71,7 +71,7 @@ def process( config_tool, data_target = self.complete_config_tool( data_file_tool=init_config_tool, exclusions=exclusions, - tool=config_tool["ENGINE_DAST"]["TOOL"], + tool=config_tool["TOOL"], ) finding_list, path_file_results = self.tool_gateway.run_tool( diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py index b1be0c122..22cb6e45a 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py @@ -33,7 +33,7 @@ def __init__(self, target_config=None, data_config_cli=None): self.debug: str = os.environ.get("DEBUG", "false") def configurate_external_checks( - self, config_tool: ConfigTool, github_token: str, output_dir: str = "tmp" + self, config_tool: ConfigTool, github_token: str, output_dir: str = "/tmp" ): # Create configuration dir external checks if config_tool.use_external_checks_dir == "True": @@ -80,7 +80,7 @@ def execute(self, target_config: NucleiConfig) -> dict: def run_tool(self, target_data, config_tool, token): nuclei_config = NucleiConfig(target_data) - checks_directory = self.configurate_external_checks(config_tool, token, ".") #DATA PDN + checks_directory = self.configurate_external_checks(config_tool, token, "/tmp") #DATA PDN nuclei_config.customize_templates(checks_directory) result_scans = self.execute(nuclei_config) nuclei_deserealizator = NucleiDesealizator() diff --git a/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py index 1a3490da8..0d31aa591 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/test/domain/usecases/test_dast_scan.py @@ -10,9 +10,10 @@ class TestDastScan(unittest.TestCase): def setUp(self): # Mocks self.tool_gateway_mock = Mock(spec=ToolGateway) + self.tool_gateway_mock.TOOL = "jwt" self.devops_platform_gateway_mock = Mock(spec=DevopsPlatformGateway) self.data_target_mock = Mock() - self.additional_tools_mock = [Mock(spec=ToolGateway)] + self.additional_tools_mock = [self.tool_gateway_mock] # Instancia de DastScan self.dast_scan = DastScan( @@ -23,42 +24,41 @@ def setUp(self): ) @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.ConfigTool') - def test_complete_config_tool(self, ConfigToolMock): + def test_complete_config_tool(self, config_tool_mock): data_file_tool = {"key": "value"} exclusions = {"All": {"tool_name": [{"type": "exclusion"}]}, "pipeline_name": {"config_tool": [{"type": "exclusion_scope"}]}} tool = "tool_name" - config_tool_instance = ConfigToolMock.return_value + config_tool_instance = config_tool_mock.return_value config_tool_instance.exclusions = exclusions self.devops_platform_gateway_mock.get_variable.return_value = "pipeline_name" config_tool, data_target_config = self.dast_scan.complete_config_tool(data_file_tool, exclusions, tool) - ConfigToolMock.assert_called_once_with(json_data=data_file_tool, tool=tool) + config_tool_mock.assert_called_once_with(json_data=data_file_tool, tool=tool) self.devops_platform_gateway_mock.get_variable.assert_called_once_with("pipeline_name") self.assertEqual(config_tool, config_tool_instance) self.assertEqual(data_target_config, self.data_target_mock) - @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.InputCore') + @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.ConfigTool') @patch('devsecops_engine_tools.engine_dast.src.domain.usecases.dast_scan.Exclusions') - def test_process(self, ExclusionsMock, ConfigToolMock, InputCoreMock): + def test_process(self, excluions_mock, config_tool_mock): dict_args = {"remote_config_repo": "some_repo"} dast_token = "some_token" - config_tool = {"ENGINE_DAST": {"TOOL": "tool_name"}} + config_tool = {"TOOL": "tool_name"} init_config_tool = {"key": "init_value"} exclusions = {"All": {"type": "exclusion"}, "pipeline_name": [{"type": "exclusion_scope"}]} finding_list = ["finding1", "finding2"] path_file_results = "path/to/results" - extra_finding_list = ["extra_finding1"] self.devops_platform_gateway_mock.get_remote_config.side_effect = [init_config_tool, exclusions] self.tool_gateway_mock.run_tool.return_value = (finding_list, path_file_results) - self.additional_tools_mock[0].run_tool.return_value = extra_finding_list + self.additional_tools_mock[0].run_tool.return_value = (finding_list, path_file_results) - ExclusionsMock.side_effect = lambda **kwargs: kwargs + excluions_mock.side_effect = lambda **kwargs: kwargs result, input_core = self.dast_scan.process(dict_args, dast_token, config_tool) @@ -69,14 +69,13 @@ def test_process(self, ExclusionsMock, ConfigToolMock, InputCoreMock): dict_args["remote_config_repo"], "engine_dast/Exclusions.json" ) - self.tool_gateway_mock.run_tool.assert_called_once_with( + self.tool_gateway_mock.run_tool.assert_called_with( target_data=self.data_target_mock, - config_tool=ConfigToolMock.return_value, - token=dast_token, + config_tool=config_tool_mock.return_value ) - self.additional_tools_mock[0].run_tool.assert_called_once_with( + self.additional_tools_mock[0].run_tool.assert_called_with( target_data=self.data_target_mock, - config_tool=ConfigToolMock.return_value + config_tool=config_tool_mock.return_value ) - self.assertEqual(result, finding_list ) \ No newline at end of file + self.assertEqual(result, finding_list) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py index a31efe3d0..00532b33c 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py @@ -45,17 +45,27 @@ def test_execute(self, mock_json_load, mock_open, mock_subprocess_run, mock_os_e mock_json_load.assert_called_once() self.assertEqual(result, {"key": "value"}) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiConfig.customize_templates') - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiTool.configurate_external_checks', return_value="dummy_directory") - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiTool.execute', return_value={"key": "value"}) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiDesealizator.get_list_finding', return_value=[Mock()]) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.generate_file_from_tool', return_value="dummy_path_file_results") + @patch( + 'devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiConfig.customize_templates' + ) + @patch( + 'devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiTool.configurate_external_checks', + return_value="dummy_directory") + @patch( + 'devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiTool.execute', + return_value={"key": "value"}) + @patch( + 'devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.NucleiDesealizator.get_list_finding', + return_value=[Mock()]) + @patch( + 'devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.nuclei.nuclei_tool.generate_file_from_tool', + return_value="dummy_path_file_results") def test_run_tool(self, mock_generate_file, mock_get_list_finding, mock_execute, mock_configurate_external_checks, mock_customize_templates): findings_list, path_file_results = self.nuclei_tool.run_tool(self.target_config, self.config_tool, self.token) - mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token, ".") + mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token, "tmp") mock_customize_templates.assert_called_once_with("dummy_directory") mock_execute.assert_called_once() mock_get_list_finding.assert_called_once_with({"key": "value"}) From 9821a24de0e7c1cc31b4369ce1b736ce23a5744a Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 5 Sep 2024 11:42:36 -0500 Subject: [PATCH 020/441] adjust test_nuclei_tool test --- .../infrastructure/driven_adapters/nuclei/test_nuclei_tool.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py index 00532b33c..490739963 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/nuclei/test_nuclei_tool.py @@ -65,7 +65,7 @@ def test_run_tool(self, mock_generate_file, mock_get_list_finding, mock_customize_templates): findings_list, path_file_results = self.nuclei_tool.run_tool(self.target_config, self.config_tool, self.token) - mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token, "tmp") + mock_configurate_external_checks.assert_called_once_with(self.config_tool, self.token, "/tmp") mock_customize_templates.assert_called_once_with("dummy_directory") mock_execute.assert_called_once() mock_get_list_finding.assert_called_once_with({"key": "value"}) From 541ee96e9daa51c545390b0093a06fd4b54a63c1 Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 6 Sep 2024 17:28:22 -0500 Subject: [PATCH 021/441] adjust OAuth adapter --- .../src/applications/runner_dast_scan.py | 3 +- .../driven_adapters/oauth/generic_oauth.py | 77 ++++--------------- .../oauth/test_generic_oauth.py | 5 +- 3 files changed, 23 insertions(+), 62 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index 27fe09e7a..2b0ebf4fd 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -56,7 +56,8 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): ApiOperation( elem, GenericOauth( - elem["operation"]["security_auth"] + elem["operation"]["security_auth"], + elem["endpoint"] ) ) ) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py index 94f5a2e26..b2c3e0246 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py @@ -4,30 +4,31 @@ ) class GenericOauth(AuthenticationGateway): - def __init__(self, data): + def __init__(self, data, endpoint): self.data: dict = data + self.endpoint = endpoint self.config = {} def process_data(self): self.config = { - "client_id": self.data["security_auth"]["client_id"], + "method": self.data["security_auth"].get("method", "POST"), + "path": self.data["security_auth"]["path"], + "grant_type": self.data["security_auth"]["grant_type"], + "scope": self.data["security_auth"].get("scope", None), + "headers": self.data["security_auth"]["headers"], "client_secret": self.data["security_auth"]["client_secret"], - "endpoint": self.data["security_auth"]["endpoint"], - "username": self.data["security_auth"].get("username"), - "password": self.data["security_auth"].get("password"), - "scope": self.data["security_auth"].get("scope") + "client_id": self.data["security_auth"]["client_id"] } - return self.config def get_access_token(self): auth_config = self.process_data() - if auth_config["username"] and auth_config["password"]: + if auth_config["grant_type"].lower() "client_credentials": return self.get_access_token_resource_owner() else: - return self.get_access_token_client_credentials() + raise ValueError("OAuth: Grant type is not supported yet") def get_credentials(self): return self.get_access_token() @@ -35,74 +36,30 @@ def get_credentials(self): def get_access_token_client_credentials(self): """Obtain access token using client credentials flow.""" try: - required_keys = ["client_id", "client_secret", "tenant_id"] + required_keys = ["client_id", "client_secret"] if not all(key in self.config for key in required_keys): raise ValueError("One or more keys is missing in OAuth config") data = { "client_id": self.config["client_id"], "client_secret": self.config["client_secret"], - "tenant_id": self.config["tenant_id"], "grant_type": "client_credentials", "scope": self.config["scope"], } - url = self.config["endpoint"] - headers = { - "Content-Type": "application/x-www-form-urlencoded", - } - response = requests.request( - "POST", url, headers=headers, data=data, timeout=5 - ) - if 200 <= response.status_code < 300: - result = response.json()["access_token"] - return result - else: - print( - "Can't obtain access token" - "token Unknown status " - "code {0}: -> {1}".format(response.status_code, response.text) - ) - except (ConnectionError, ValueError, KeyError) as e: - print("Can't obtain accesstoken: {0}".format(e)) - - def get_access_token_resource_owner(self): - """Obtain access token using resource owner flow.""" - try: - required_keys = [ - "client_id", - "client_secret", - "tenant_id", - "username", - "password" - ] - if not all(key in self.config for key in required_keys): - raise ValueError("Falta una o más claves de configuración.") - - url = self.config["endpoint"] - data = { - "client_id": self.config["client_id"], - "client_secret": self.config["client_secret"], - "grant_type": "password", - "scope": self.config["scope"], - "username": self.config["username"], - "password": self.config["password"], - } - - headers = { - "Content-Type": "application/x-www-form-urlencoded", - } + url = self.endpoint + self.config["path"] + headers = self.config["headers"] response = requests.request( - "POST", url, headers=headers, data=data, timeout=5 + self.config["method"], url, headers=headers, data=data, timeout=5 ) if 200 <= response.status_code < 300: result = response.json()["access_token"] - return result + return (,f"Bearer {result}") else: print( - "[graph] No se obtuvo el access " + "OAuth: Can't obtain access token" "token Unknown status " "code {0}: -> {1}".format(response.status_code, response.text) ) except (ConnectionError, ValueError, KeyError) as e: - print("[graph] No se obtuvo el access " "token Excepcion: {0}".format(e)) \ No newline at end of file + print("OAuth: Can't obtain access token: {0}".format(e)) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py index 31a2dcd1c..cdba93355 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py @@ -89,4 +89,7 @@ def test_get_access_token_resource_owner_flow(self, mock_request): }, timeout=5 ) - self.assertEqual(token, "dummy_access_token") \ No newline at end of file + self.assertEqual(token, "dummy_access_token") + +if __name__ == "__main__": + unittest.main() \ No newline at end of file From b77c8826f09389446ee4dfa33d40e9abb06153ef Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 6 Sep 2024 17:38:42 -0500 Subject: [PATCH 022/441] adjust unitest OAuth module --- .../driven_adapters/oauth/generic_oauth.py | 8 +- .../oauth/test_generic_oauth.py | 88 ++++++------------- 2 files changed, 30 insertions(+), 66 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py index b2c3e0246..ebb2cb0dd 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/oauth/generic_oauth.py @@ -25,8 +25,8 @@ def process_data(self): def get_access_token(self): auth_config = self.process_data() - if auth_config["grant_type"].lower() "client_credentials": - return self.get_access_token_resource_owner() + if auth_config["grant_type"].lower() == "client_credentials": + return self.get_access_token_client_credentials() else: raise ValueError("OAuth: Grant type is not supported yet") @@ -44,7 +44,7 @@ def get_access_token_client_credentials(self): "client_id": self.config["client_id"], "client_secret": self.config["client_secret"], "grant_type": "client_credentials", - "scope": self.config["scope"], + "scope": self.config["scope"] } url = self.endpoint + self.config["path"] @@ -54,7 +54,7 @@ def get_access_token_client_credentials(self): ) if 200 <= response.status_code < 300: result = response.json()["access_token"] - return (,f"Bearer {result}") + return ("Authorization",f"Bearer {result}") else: print( "OAuth: Can't obtain access token" diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py index cdba93355..3d9f00e22 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py @@ -6,38 +6,39 @@ class TestGenericOauth(unittest.TestCase): def setUp(self): self.data = { - "security_auth": { - "client_id": "dummy_client_id", - "client_secret": "dummy_client_secret", - "endpoint": "https://dummy.endpoint", - "username": "dummy_username", - "password": "dummy_password", - "scope": "dummy_scope" - } + "security_auth": { + "type": "oauth", + "method": "POST", + "path": "oauth2/token", + "grant_type": "client_credentials", + "scope": "TermExample:read:user", + "client_id": "dummy-id", + "client_secret": "dummy-secret", + "headers": { + "content-type": "application/x-www-form-urlencoded", + "accept": "application/json" + } } - self.oauth = GenericOauth(self.data) + } + self.oauth = GenericOauth(self.data, "example.com") def test_process_data(self): config = self.oauth.process_data() expected_config = { - "client_id": "dummy_client_id", - "client_secret": "dummy_client_secret", - "endpoint": "https://dummy.endpoint", - "username": "dummy_username", - "password": "dummy_password", - "scope": "dummy_scope" + "method": "POST", + "path": "oauth2/token", + "grant_type": "client_credentials", + "scope": "TermExample:read:user", + "headers": { + "content-type": "application/x-www-form-urlencoded", + "accept": "application/json" + }, + "client_secret": "dummy-secret", + "client_id": "dummy-id" } self.assertEqual(config, expected_config) - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.GenericOauth.get_access_token_resource_owner') - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.GenericOauth.process_data') - def test_get_access_token_resource_owner(self, mock_process_data, mock_get_access_token_resource_owner): - mock_process_data.return_value = self.oauth.process_data() - self.oauth.get_access_token() - - mock_get_access_token_resource_owner.assert_called_once() - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.requests.request') def test_get_access_token_client_credentials_flow(self, mock_request): self.oauth.config = self.oauth.process_data() @@ -50,46 +51,9 @@ def test_get_access_token_client_credentials_flow(self, mock_request): token = self.oauth.get_access_token_client_credentials() mock_request.assert_called_once_with( - "POST", - "https://dummy.endpoint", - headers={"Content-Type": "application/x-www-form-urlencoded"}, - data={ - "client_id": "dummy_client_id", - "client_secret": "dummy_client_secret", - "tenant_id": "dummy_tenant_id", - "grant_type": "client_credentials", - "scope": "dummy_scope" - }, - timeout=5 - ) - self.assertEqual(token, "dummy_access_token") - - @patch('devsecops_engine_tools.engine_dast.src.infrastructure.driven_adapters.oauth.generic_oauth.requests.request') - def test_get_access_token_resource_owner_flow(self, mock_request): - self.oauth.config = self.oauth.process_data() - self.oauth.config["tenant_id"] = "dummy_tenant_id" - response_mock = Mock() - response_mock.status_code = 200 - response_mock.json.return_value = {"access_token": "dummy_access_token"} - mock_request.return_value = response_mock - - token = self.oauth.get_access_token_resource_owner() - - mock_request.assert_called_once_with( - "POST", - "https://dummy.endpoint", - headers={"Content-Type": "application/x-www-form-urlencoded"}, - data={ - "client_id": "dummy_client_id", - "client_secret": "dummy_client_secret", - "grant_type": "password", - "scope": "dummy_scope", - "username": "dummy_username", - "password": "dummy_password" - }, - timeout=5 + 'POST', 'example.comoauth2/token', headers={'content-type': 'application/x-www-form-urlencoded', 'accept': 'application/json'}, data={'client_id': 'dummy-id', 'client_secret': 'dummy-secret', 'grant_type': 'client_credentials', 'scope': 'TermExample:read:user'}, timeout=5 ) - self.assertEqual(token, "dummy_access_token") + self.assertEqual(token, ('Authorization', 'Bearer dummy_access_token')) if __name__ == "__main__": unittest.main() \ No newline at end of file From e1d49f2a004ee6ab9ddeb96a71b9b77c86635ac1 Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 6 Sep 2024 17:39:29 -0500 Subject: [PATCH 023/441] adjust unitest OAuth module --- .../driven_adapters/oauth/test_generic_oauth.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py index 3d9f00e22..ff329a67d 100644 --- a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py +++ b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/oauth/test_generic_oauth.py @@ -53,7 +53,4 @@ def test_get_access_token_client_credentials_flow(self, mock_request): mock_request.assert_called_once_with( 'POST', 'example.comoauth2/token', headers={'content-type': 'application/x-www-form-urlencoded', 'accept': 'application/json'}, data={'client_id': 'dummy-id', 'client_secret': 'dummy-secret', 'grant_type': 'client_credentials', 'scope': 'TermExample:read:user'}, timeout=5 ) - self.assertEqual(token, ('Authorization', 'Bearer dummy_access_token')) - -if __name__ == "__main__": - unittest.main() \ No newline at end of file + self.assertEqual(token, ('Authorization', 'Bearer dummy_access_token')) \ No newline at end of file From 107b3d11044a2b16718adb9a1025455616e78319 Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 6 Sep 2024 17:46:02 -0500 Subject: [PATCH 024/441] adjust unit test engine dast --- .../engine_dast/src/applications/runner_dast_scan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py index 2b0ebf4fd..ee40508b5 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py +++ b/tools/devsecops_engine_tools/engine_dast/src/applications/runner_dast_scan.py @@ -57,7 +57,7 @@ def runner_engine_dast(dict_args, config_tool, secret_tool, devops_platform): elem, GenericOauth( elem["operation"]["security_auth"], - elem["endpoint"] + data["endpoint"] ) ) ) From 6e2c114dfb719014480bd1eeb0c4398b9031f48b Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 6 Sep 2024 17:59:39 -0500 Subject: [PATCH 025/441] adjust example config --- .../engine_dast/ConfigTool.json | 53 +++++++++---------- 1 file changed, 25 insertions(+), 28 deletions(-) diff --git a/example_remote_config_local/engine_dast/ConfigTool.json b/example_remote_config_local/engine_dast/ConfigTool.json index 40badecaa..8c0e7b3b6 100644 --- a/example_remote_config_local/engine_dast/ConfigTool.json +++ b/example_remote_config_local/engine_dast/ConfigTool.json @@ -1,40 +1,37 @@ { + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 8, + "Medium": 10, + "Low": 15 + }, + "COMPLIANCE": { + "Critical": 1 + } + }, + "MESSAGE_INFO_DAST": "If you have doubts, visit https://forum.example", "NUCLEI": { "VERSION": "2.3.296", - "USE_EXTERNAL_CHECKS_GIT": "False", - "EXTERNAL_CHECKS_GIT": "git@github.com:BCSCode/DevSecOps_Checks_IaC.git//rules", - "EXTERNAL_GIT_SSH_HOST": "github.com", - "EXTERNAL_GIT_PUBLIC_KEY_FINGERPRINT": "AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=", - "USE_EXTERNAL_CHECKS_DIR": "True", - "EXTERNAL_DIR_OWNER": "russbelln", - "EXTERNAL_DIR_REPOSITORY": "engine-dast-nuclei-templates", - "EXTERNAL_DIR_ASSET_NAME": "rules/engine_dast/nuclei", "EXCLUSIONS_PATH": "/engine_dast/Exclusions.json", - "EXTERNAL_CHECKS_PATH": "/nuclei-templates", - "MESSAGE_INFO_DAST": "If you have doubts, visit https://discuss.apps.bancolombia.com/t/", - "THRESHOLD": { - "VULNERABILITY": {"Critical": 1, "High": 8, "Medium": 10, "Low": 15}, - "COMPLIANCE": {"Critical": 1} - }, + "EXTERNAL_CHECKS_GIT": "git@example.com:org/project.git/rules", + "USE_EXTERNAL_CHECKS_DIR": "True", + "EXTERNAL_DIR_OWNER": "username", + "EXTERNAL_DIR_REPOSITORY": "example-repo-templates", + "EXTERNAL_DIR_ASSET_NAME": "path/templates", + "EXTERNAL_CHECKS_PATH": "/local-templates", + "RULES":{} + }, + "JWT": { "RULES": { - "RULES_DOCKER": { - "ENGINE_JWT_001": { - "checkID": "ENGINE_JWT_001 Evaluate JSON Web token's algorithm", - "environment": {"dev": "True", "pdn": "True", "qa": "True"}, - "guideline": "https://bancolombia.sharepoint.com/", - "severity": "Critical", - "cvss": "", - "category": "Vulnerability" - }, - "ENGINE_JWT_002": { - "checkID": "ENGINE_JWT_002 Evaluate JSON Web token's algorithm", + "JWT_ALGORITHM": { + "checkID": "ENGINE_JWT_001", "environment": {"dev": "True", "pdn": "True", "qa": "True"}, - "guideline": "https://bancolombia.sharepoint.com/", - "severity": "High", + "guideline": "https://example.com/", + "severity": "Low", "cvss": "", "category": "Vulnerability" } - } } } } From 3e397d21b7e673df7da69160ff256fff1a3ee7d7 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 12 Sep 2024 10:50:28 -0500 Subject: [PATCH 026/441] adjust readme engine dast --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 833d96f59..e1d2346ee 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ pip3 install devsecops-engine-tools ### Scan running - flags (CLI) ```bash -devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk"] --folder_path ["Folder path scan engine_iac"] --platform ["k8s","cloudformation","docker", "openapi"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"] +devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk"] --folder_path ["Folder path scan engine_iac"] --platform ["k8s","cloudformation","docker", "openapi"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"] --token_external_checks ["token_external_checks"] --xray_mode ["scan", "audit"] --image_to_scan ["image_to_scan"] --dast_file_path ["dast_file_path"] ``` ### Structure Remote Config @@ -51,6 +51,9 @@ devsecops-engine-tools --platform_devops ["local","azure","github"] --remote_con ┣ 📂engine_risk ┃ ┗ 📜ConfigTool.json ┃ ┗ 📜Exclusions.json + ┣ 📂engine_dast + ┃ ┗ 📜ConfigTool.json + ┃ ┗ 📜Exclusions.json ┣ 📂engine_sast ┃ ┗ 📂engine_iac ┃ ┗ 📜ConfigTool.json From 9b999b6388ce6225daf10480604a515687296f7c Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 12 Sep 2024 11:01:54 -0500 Subject: [PATCH 027/441] add Nuclei scan type for defect dojo --- .../infrastructure/driven_adapters/defect_dojo/defect_dojo.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py index f12dcd279..2b35cf931 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py @@ -63,6 +63,7 @@ def send_vulnerability_management( "TRIVY": "Trivy Scan", "KUBESCAPE": "Kubescape Scanner", "KICS": "KICS Scanner", + "NUCLEI": "Nuclei Scan" } if any( From 7963571784606b101480eee2b7ebc6fa375c97e6 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 14:24:25 -0500 Subject: [PATCH 028/441] restore file to trunk --- .../engine_container/ConfigTool.json | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/example_remote_config_local/engine_sca/engine_container/ConfigTool.json b/example_remote_config_local/engine_sca/engine_container/ConfigTool.json index b34079af1..baa5f4cdc 100644 --- a/example_remote_config_local/engine_sca/engine_container/ConfigTool.json +++ b/example_remote_config_local/engine_sca/engine_container/ConfigTool.json @@ -1,24 +1,24 @@ -{ - "PRISMA_CLOUD": { - "TWISTCLI_PATH": "twistcli", - "PRISMA_CONSOLE_URL": "", - "PRISMA_ACCESS_KEY": "", - "PRISMA_API_VERSION":"" - }, - "TRIVY": { - "TRIVY_VERSION": "0.51.4" - }, - "MESSAGE_INFO_ENGINE_CONTAINER": "message custom", - "IGNORE_SEARCH_PATTERN":"(.*_demo0|.*_cer)", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 4, - "High": 10, - "Medium": 20, - "Low": 999 - }, - "COMPLIANCE": { - "Critical": 1 - } - } +{ + "PRISMA_CLOUD": { + "TWISTCLI_PATH": "twistcli", + "PRISMA_CONSOLE_URL": "", + "PRISMA_ACCESS_KEY": "", + "PRISMA_API_VERSION":"" + }, + "TRIVY": { + "TRIVY_VERSION": "0.51.4" + }, + "MESSAGE_INFO_ENGINE_CONTAINER": "message custom", + "IGNORE_SEARCH_PATTERN":"(.*_demo0|.*_cer)", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 4, + "High": 10, + "Medium": 20, + "Low": 999 + }, + "COMPLIANCE": { + "Critical": 1 + } + } } \ No newline at end of file From 31e94dfe99984381beb540035c3cc9381c4b750c Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 15:52:28 -0500 Subject: [PATCH 029/441] restore s3 manager file --- .../driven_adapters/aws/s3_manager.py | 104 +++++++++--------- 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py index db78c92ab..72f446269 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/aws/s3_manager.py @@ -1,52 +1,52 @@ -from devsecops_engine_tools.engine_core.src.domain.model.gateway.metrics_manager_gateway import ( - MetricsManagerGateway, -) -from devsecops_engine_tools.engine_core.src.infrastructure.helpers.aws import ( - assume_role, -) -import boto3 -import logging -import datetime - -boto3.set_stream_logger(name="botocore.credentials", level=logging.WARNING) - - -class S3Manager(MetricsManagerGateway): - - def _get_s3_data(self, client, bucket, path): - try: - response = client.get_object( - Bucket=bucket, - Key=path, - ) - return response["Body"].read().decode("utf-8") - except client.exceptions.NoSuchKey: - return "" - - def send_metrics(self, config_tool, tool, file_path): - temp_credentials = assume_role( - config_tool["METRICS_MANAGER"]["AWS"]["ROLE_ARN"] - ) - session = boto3.session.Session() - client = session.client( - service_name="s3", - region_name=config_tool["METRICS_MANAGER"]["AWS"]["REGION_NAME"], - aws_access_key_id=temp_credentials["AccessKeyId"], - aws_secret_access_key=temp_credentials["SecretAccessKey"], - aws_session_token=temp_credentials["SessionToken"], - ) - date = datetime.datetime.now() - path_bucket = f'engine_tools/{tool}/{date.strftime("%Y")}/{date.strftime("%m")}/{date.strftime("%d")}/{file_path.split("/")[-1]}' - - data = self._get_s3_data( - client, config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], path_bucket - ) - - with open(file_path, "rb") as new_data: - new_data_content = new_data.read().decode("utf-8") - data = data + "\n" + new_data_content if data else new_data_content - client.put_object( - Bucket=config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], - Key=path_bucket, - Body=data, - ) +from devsecops_engine_tools.engine_core.src.domain.model.gateway.metrics_manager_gateway import ( + MetricsManagerGateway, +) +from devsecops_engine_tools.engine_core.src.infrastructure.helpers.aws import ( + assume_role, +) +import boto3 +import logging +import datetime + +boto3.set_stream_logger(name="botocore.credentials", level=logging.WARNING) + + +class S3Manager(MetricsManagerGateway): + + def _get_s3_data(self, client, bucket, path): + try: + response = client.get_object( + Bucket=bucket, + Key=path, + ) + return response["Body"].read().decode("utf-8") + except client.exceptions.NoSuchKey: + return "" + + def send_metrics(self, config_tool, tool, file_path): + temp_credentials = assume_role( + config_tool["METRICS_MANAGER"]["AWS"]["ROLE_ARN"] + ) + session = boto3.session.Session() + client = session.client( + service_name="s3", + region_name=config_tool["METRICS_MANAGER"]["AWS"]["REGION_NAME"], + aws_access_key_id=temp_credentials["AccessKeyId"], + aws_secret_access_key=temp_credentials["SecretAccessKey"], + aws_session_token=temp_credentials["SessionToken"], + ) + date = datetime.datetime.now() + path_bucket = f'engine_tools/{tool}/{date.strftime("%Y")}/{date.strftime("%m")}/{date.strftime("%d")}/{file_path.split("/")[-1]}' + + data = self._get_s3_data( + client, config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], path_bucket + ) + + with open(file_path, "rb") as new_data: + new_data_content = new_data.read().decode("utf-8") + data = data + "\n" + new_data_content if data else new_data_content + client.put_object( + Bucket=config_tool["METRICS_MANAGER"]["AWS"]["BUCKET"], + Key=path_bucket, + Body=data, + ) From e87e5140ad4b13f288702a49a90e336c2acd3b78 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 15:53:23 -0500 Subject: [PATCH 030/441] restore github api test file --- .../github/infrastructure/test_github_api.py | 228 +++++++++--------- 1 file changed, 114 insertions(+), 114 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py b/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py index b7fafd4c3..3414b4fe6 100644 --- a/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py +++ b/tools/devsecops_engine_tools/engine_utilities/test/github/infrastructure/test_github_api.py @@ -1,114 +1,114 @@ -import unittest -from unittest.mock import patch, MagicMock -from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi, ApiError -import json - - -class TestGithubApi(unittest.TestCase): - def setUp(self): - self.personal_access_token = "your_token" - self.github_api = GithubApi(personal_access_token=self.personal_access_token) - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.zipfile.ZipFile') - def test_unzip_file(self, mock_zipfile): - # Configurar el mock de zipfile - mock_zip_ref = mock_zipfile.return_value - - # Llamar a la función que deseas probar - self.github_api.unzip_file('/path/to/your/file.zip', '/path/to/extract') - - # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado - mock_zipfile.assert_called_once_with('/path/to/your/file.zip', 'r') - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.requests.get') - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.unzip_file') - @patch('builtins.open', new_callable=unittest.mock.mock_open()) - def test_download_latest_release_assets(self, mock_open, mock_unzip_file, mock_get): - # Configurar el objeto de respuesta simulado - mock_response = MagicMock() - mock_response.status_code = 200 - mock_response.json.return_value = { - "assets": [ - { - "url": "https://example.com/asset.zip", - "name": "asset.zip" - } - ] - } - mock_get.return_value = mock_response - - owner = "owner" - repository = "repository" - download_path = "." - - # Llamar a la función que deseas probar - self.github_api.download_latest_release_assets( - owner, repository, download_path - ) - - # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado - mock_get.assert_called() - mock_unzip_file.assert_called_once_with( - f"{download_path}/asset.zip", download_path - ) - - mock_open.assert_called_once_with(f"{download_path}/asset.zip", "wb") - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') - def test_get_github_connection(self, mock_github): - mock_github_instance = MagicMock() - mock_github.return_value = mock_github_instance - - test_token = "test_token" - - github_api = GithubApi(test_token) - - result = github_api.get_github_connection() - - mock_github.assert_called_once_with(test_token) - - self.assertEqual(result, mock_github_instance) - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') - def test_get_remote_json_config(self, MockGithub): - owner = "test_owner" - repository = "test_repo" - path = "path/to/config.json" - expected_json = {"key": "value"} - encoded_content = json.dumps(expected_json).encode() - - mock_github_instance = MagicMock() - mock_repo = MagicMock() - mock_file_content = MagicMock() - mock_file_content.decoded_content = encoded_content - - mock_github_instance.get_repo.return_value = mock_repo - mock_repo.get_contents.return_value = mock_file_content - MockGithub.return_value = mock_github_instance - - github_api = GithubApi("test_token") - - result = github_api.get_remote_json_config(mock_github_instance, owner, repository, path) - - mock_github_instance.get_repo.assert_called_once_with(f"{owner}/{repository}") - mock_repo.get_contents.assert_called_once_with(path) - - self.assertEqual(result, expected_json) - - @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') - def test_get_remote_json_config_raises_error(self, MockGithub): - owner = "test_owner" - repository = "test_repo" - path = "path/to/config.json" - - mock_github_instance = MagicMock() - mock_github_instance.get_repo.side_effect = Exception("Test exception") - - MockGithub.return_value = mock_github_instance - - github_api = GithubApi("test_token") - - with self.assertRaises(ApiError) as context: - github_api.get_remote_json_config(mock_github_instance, owner, repository, path) - - self.assertIn("Error getting remote github configuration file: Test exception", str(context.exception)) +import unittest +from unittest.mock import patch, MagicMock +from devsecops_engine_tools.engine_utilities.github.infrastructure.github_api import GithubApi, ApiError +import json + + +class TestGithubApi(unittest.TestCase): + def setUp(self): + self.personal_access_token = "your_token" + self.github_api = GithubApi(personal_access_token=self.personal_access_token) + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.zipfile.ZipFile') + def test_unzip_file(self, mock_zipfile): + # Configurar el mock de zipfile + mock_zip_ref = mock_zipfile.return_value + + # Llamar a la función que deseas probar + self.github_api.unzip_file('/path/to/your/file.zip', '/path/to/extract') + + # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado + mock_zipfile.assert_called_once_with('/path/to/your/file.zip', 'r') + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.requests.get') + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.GithubApi.unzip_file') + @patch('builtins.open', new_callable=unittest.mock.mock_open()) + def test_download_latest_release_assets(self, mock_open, mock_unzip_file, mock_get): + # Configurar el objeto de respuesta simulado + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.json.return_value = { + "assets": [ + { + "url": "https://example.com/asset.zip", + "name": "asset.zip" + } + ] + } + mock_get.return_value = mock_response + + owner = "owner" + repository = "repository" + download_path = "." + + # Llamar a la función que deseas probar + self.github_api.download_latest_release_assets( + owner, repository, download_path + ) + + # Verificar que se haya llamado a los métodos/métodos simulados según lo esperado + mock_get.assert_called() + mock_unzip_file.assert_called_once_with( + f"{download_path}/asset.zip", download_path + ) + + mock_open.assert_called_once_with(f"{download_path}/asset.zip", "wb") + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') + def test_get_github_connection(self, mock_github): + mock_github_instance = MagicMock() + mock_github.return_value = mock_github_instance + + test_token = "test_token" + + github_api = GithubApi(test_token) + + result = github_api.get_github_connection() + + mock_github.assert_called_once_with(test_token) + + self.assertEqual(result, mock_github_instance) + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') + def test_get_remote_json_config(self, MockGithub): + owner = "test_owner" + repository = "test_repo" + path = "path/to/config.json" + expected_json = {"key": "value"} + encoded_content = json.dumps(expected_json).encode() + + mock_github_instance = MagicMock() + mock_repo = MagicMock() + mock_file_content = MagicMock() + mock_file_content.decoded_content = encoded_content + + mock_github_instance.get_repo.return_value = mock_repo + mock_repo.get_contents.return_value = mock_file_content + MockGithub.return_value = mock_github_instance + + github_api = GithubApi("test_token") + + result = github_api.get_remote_json_config(mock_github_instance, owner, repository, path) + + mock_github_instance.get_repo.assert_called_once_with(f"{owner}/{repository}") + mock_repo.get_contents.assert_called_once_with(path) + + self.assertEqual(result, expected_json) + + @patch('devsecops_engine_tools.engine_utilities.github.infrastructure.github_api.Github') + def test_get_remote_json_config_raises_error(self, MockGithub): + owner = "test_owner" + repository = "test_repo" + path = "path/to/config.json" + + mock_github_instance = MagicMock() + mock_github_instance.get_repo.side_effect = Exception("Test exception") + + MockGithub.return_value = mock_github_instance + + github_api = GithubApi("test_token") + + with self.assertRaises(ApiError) as context: + github_api.get_remote_json_config(mock_github_instance, owner, repository, path) + + self.assertIn("Error getting remote github configuration file: Test exception", str(context.exception)) From 6cb93a3e7bb1f7d587374feb37e23ed9a9fe298d Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 15:56:42 -0500 Subject: [PATCH 031/441] restore github api file --- .../github/infrastructure/github_api.py | 136 +++++++++--------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py b/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py index 71d7c1a53..da5293e8b 100644 --- a/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py +++ b/tools/devsecops_engine_tools/engine_utilities/github/infrastructure/github_api.py @@ -1,68 +1,68 @@ -import requests -import zipfile -import json -from github import Github -from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError - - -class GithubApi: - def __init__( - self, - personal_access_token: str = "" - ): - self.__personal_access_token = personal_access_token - - def unzip_file(self, zip_file_path, extract_path): - with zipfile.ZipFile(zip_file_path, "r") as zip_ref: - zip_ref.extractall(extract_path) - - def download_latest_release_assets( - self, owner, repository, download_path="." - ): - url = f"https://api.github.com/repos/{owner}/{repository}/releases/latest" - - headers = {"Authorization": f"token {self.__personal_access_token}"} - - response = requests.get(url, headers=headers) - - if response.status_code == 200: - latest_release = response.json() - assets = latest_release["assets"] - - for asset in assets: - asset_url = asset["url"] - asset_name = asset["name"] - - headers.update({"Accept": "application/octet-stream"}) - - response = requests.get(asset_url, headers=headers, stream=True) - - if response.status_code == 200: - with open(f"{download_path}/{asset_name}", "wb") as file: - for chunk in response.iter_content(chunk_size=8192): - file.write(chunk) - self.unzip_file(f"{download_path}/{asset_name}", download_path) - else: - print( - f"Error downloading asset {asset_name}. status code: {response.status_code}" - ) - else: - print( - f"Error getting the assets of the last release. Status code: {response.status_code}" - ) - - def get_github_connection(self): - git_client = Github(self.__personal_access_token) - - return git_client - - def get_remote_json_config(self, git_client: Github, owner, repository, path): - try: - repo = git_client.get_repo(f"{owner}/{repository}") - file_content = repo.get_contents(path) - data = file_content.decoded_content.decode() - content_json = json.loads(data) - - return content_json - except Exception as e: - raise ApiError("Error getting remote github configuration file: " + str(e)) +import requests +import zipfile +import json +from github import Github +from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError + + +class GithubApi: + def __init__( + self, + personal_access_token: str = "" + ): + self.__personal_access_token = personal_access_token + + def unzip_file(self, zip_file_path, extract_path): + with zipfile.ZipFile(zip_file_path, "r") as zip_ref: + zip_ref.extractall(extract_path) + + def download_latest_release_assets( + self, owner, repository, download_path="." + ): + url = f"https://api.github.com/repos/{owner}/{repository}/releases/latest" + + headers = {"Authorization": f"token {self.__personal_access_token}"} + + response = requests.get(url, headers=headers) + + if response.status_code == 200: + latest_release = response.json() + assets = latest_release["assets"] + + for asset in assets: + asset_url = asset["url"] + asset_name = asset["name"] + + headers.update({"Accept": "application/octet-stream"}) + + response = requests.get(asset_url, headers=headers, stream=True) + + if response.status_code == 200: + with open(f"{download_path}/{asset_name}", "wb") as file: + for chunk in response.iter_content(chunk_size=8192): + file.write(chunk) + self.unzip_file(f"{download_path}/{asset_name}", download_path) + else: + print( + f"Error downloading asset {asset_name}. status code: {response.status_code}" + ) + else: + print( + f"Error getting the assets of the last release. Status code: {response.status_code}" + ) + + def get_github_connection(self): + git_client = Github(self.__personal_access_token) + + return git_client + + def get_remote_json_config(self, git_client: Github, owner, repository, path): + try: + repo = git_client.get_repo(f"{owner}/{repository}") + file_content = repo.get_contents(path) + data = file_content.decoded_content.decode() + content_json = json.loads(data) + + return content_json + except Exception as e: + raise ApiError("Error getting remote github configuration file: " + str(e)) From ed9400b65f83dfcd49103e6e2cf6d63ff71b7a6c Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:20:57 -0500 Subject: [PATCH 032/441] restore test s3 manager file --- .../driven_adapters/aws/test_s3_manager.py | 100 +++++++++--------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py index 2ac537ab8..a81df5678 100644 --- a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py +++ b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/aws/test_s3_manager.py @@ -1,51 +1,51 @@ -import unittest -from unittest.mock import MagicMock, patch -from unittest import mock -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import S3Manager -import datetime - -class S3ManagerTests(unittest.TestCase): - def setUp(self): - self.s3_manager = S3Manager() - - @patch("boto3.session.Session.client") - @patch("devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager.assume_role") - def test_send_metrics(self, mock_assume_role , mock_client): - # Mock the necessary dependencies - mock_client.return_value = MagicMock() - - mock_assume_role.return_value.return_value = { - "AccessKeyId": "test", - "SecretAccessKey": "test", - "SessionToken": "test" - } - - # Set up test data - config_tool = { - "METRICS_MANAGER": { - "AWS": { - "ROLE_ARN": "arn:aws:iam::123456789012:role/MyRole", - "REGION_NAME": "us-west-2", - "BUCKET": "my-bucket", - } - } - } - tool = "my-tool" - file_path = "/path/to/my/file.txt" - - with mock.patch("builtins.open", create=True) as mock_open: - # Call the method under test - self.s3_manager.send_metrics(config_tool, tool, file_path) - - # Assert that the necessary methods were called with the correct arguments - mock_client.assert_called_once_with( - service_name="s3", - region_name="us-west-2", - aws_access_key_id=mock.ANY, - aws_secret_access_key=mock.ANY, - aws_session_token=mock.ANY, - ) - date = datetime.datetime.now() - mock_client.return_value.put_object.assert_called_once_with( - Bucket="my-bucket", Key=f"engine_tools/my-tool/{date.strftime('%Y')}/{date.strftime('%m')}/{date.strftime('%d')}/file.txt", Body=mock.ANY +import unittest +from unittest.mock import MagicMock, patch +from unittest import mock +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import S3Manager +import datetime + +class S3ManagerTests(unittest.TestCase): + def setUp(self): + self.s3_manager = S3Manager() + + @patch("boto3.session.Session.client") + @patch("devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager.assume_role") + def test_send_metrics(self, mock_assume_role , mock_client): + # Mock the necessary dependencies + mock_client.return_value = MagicMock() + + mock_assume_role.return_value.return_value = { + "AccessKeyId": "test", + "SecretAccessKey": "test", + "SessionToken": "test" + } + + # Set up test data + config_tool = { + "METRICS_MANAGER": { + "AWS": { + "ROLE_ARN": "arn:aws:iam::123456789012:role/MyRole", + "REGION_NAME": "us-west-2", + "BUCKET": "my-bucket", + } + } + } + tool = "my-tool" + file_path = "/path/to/my/file.txt" + + with mock.patch("builtins.open", create=True) as mock_open: + # Call the method under test + self.s3_manager.send_metrics(config_tool, tool, file_path) + + # Assert that the necessary methods were called with the correct arguments + mock_client.assert_called_once_with( + service_name="s3", + region_name="us-west-2", + aws_access_key_id=mock.ANY, + aws_secret_access_key=mock.ANY, + aws_session_token=mock.ANY, + ) + date = datetime.datetime.now() + mock_client.return_value.put_object.assert_called_once_with( + Bucket="my-bucket", Key=f"engine_tools/my-tool/{date.strftime('%Y')}/{date.strftime('%m')}/{date.strftime('%d')}/file.txt", Body=mock.ANY ) \ No newline at end of file From c1bcc7d5e91c09c32a874a56140bf26cc007a848 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:22:28 -0500 Subject: [PATCH 033/441] restore test github actions file --- .../github/test_github_actions.py | 210 +++++++++--------- 1 file changed, 105 insertions(+), 105 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py index 72dc6d126..1b98a18c2 100644 --- a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py +++ b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/github/test_github_actions.py @@ -1,105 +1,105 @@ -import unittest -from unittest.mock import MagicMock -from unittest import mock -from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import GithubActions - - -class TestGithubActions(unittest.TestCase): - - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.GithubApi', - autospec=True - ) - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', - autospec=True - ) - def test_get_remote_config(self, mock_system_variables, mock_github_api): - github_actions = GithubActions() - - # Set up mock values for SystemVariables - mock_system_variables.github_repository.value.return_value = "github_repository" - - # Mock the AzureDevopsApi class - mock_github_api_instance = MagicMock() - mock_github_api_instance.get_azure_connection.return_value = "MockedConnection" - mock_github_api_instance.get_remote_json_config.return_value = {'key': 'value'} - mock_github_api.return_value = mock_github_api_instance - - remote_config_repo = "my_repo" - remote_config_path = "my_path" - result = github_actions.get_remote_config(remote_config_repo, remote_config_path) - - assert result == {"key": "value"} - - def test_message(self): - - github_actions = GithubActions() - - assert github_actions.message("succeeded", "message") == "::group::message" - assert github_actions.message("info", "message") == "::notice::message" - assert github_actions.message("warning", "message") == "::warning::message" - assert github_actions.message("error", "message") == "::error::message" - - def test_result_pipeline(self): - ENDC = "\033[0m" - FAIL = "\033[91m" - OKGREEN = "\033[92m" - ICON_FAIL = "\u2718" - ICON_SUCCESS = "\u2714" - - github_actions = GithubActions() - - assert github_actions.result_pipeline("failed") == f"{FAIL}{ICON_FAIL}Failed{ENDC}" - assert github_actions.result_pipeline("succeeded") == f"{OKGREEN}{ICON_SUCCESS}Succeeded{ENDC}" - - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', - autospec=True) - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.BuildVariables', - autospec=True) - @mock.patch( - 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.ReleaseVariables', - autospec=True) - def test_get_variable(self, mock_release_variables, mock_build_variables, mock_system_variables): - github_actions = GithubActions() - - # Mock the BuildVariables class - mock_build_variables.github_ref.value.return_value = "github_ref" - mock_build_variables.github_run_number.value.return_value = "github_run_number" - mock_build_variables.github_run_id.value.return_value = "github_run_id" - mock_build_variables.github_sha.value.return_value = "github_sha" - - - # Mock the ReleaseVariables class - mock_release_variables.github_workflow.value.return_value = "github_workflow" - mock_release_variables.github_env.value.return_value = "github_env" - mock_release_variables.github_run_number.value.return_value = "github_run_number" - - # Mock the SystemVariables class - mock_system_variables.github_access_token.value.return_value = "github_access_token" - - result = github_actions.get_variable("branch_name") - assert result == "github_ref" - - result = github_actions.get_variable("build_id") - assert result == "github_run_number" - - result = github_actions.get_variable("build_execution_id") - assert result == "github_run_id" - - result = github_actions.get_variable("commit_hash") - assert result == "github_sha" - - result = github_actions.get_variable("environment") - assert result == "github_env" - - result = github_actions.get_variable("release_id") - assert result == "github_run_number" - - result = github_actions.get_variable("branch_tag") - assert result == "github_ref" - - result = github_actions.get_variable("access_token") - assert result == "github_access_token" +import unittest +from unittest.mock import MagicMock +from unittest import mock +from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions import GithubActions + + +class TestGithubActions(unittest.TestCase): + + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.GithubApi', + autospec=True + ) + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', + autospec=True + ) + def test_get_remote_config(self, mock_system_variables, mock_github_api): + github_actions = GithubActions() + + # Set up mock values for SystemVariables + mock_system_variables.github_repository.value.return_value = "github_repository" + + # Mock the AzureDevopsApi class + mock_github_api_instance = MagicMock() + mock_github_api_instance.get_azure_connection.return_value = "MockedConnection" + mock_github_api_instance.get_remote_json_config.return_value = {'key': 'value'} + mock_github_api.return_value = mock_github_api_instance + + remote_config_repo = "my_repo" + remote_config_path = "my_path" + result = github_actions.get_remote_config(remote_config_repo, remote_config_path) + + assert result == {"key": "value"} + + def test_message(self): + + github_actions = GithubActions() + + assert github_actions.message("succeeded", "message") == "::group::message" + assert github_actions.message("info", "message") == "::notice::message" + assert github_actions.message("warning", "message") == "::warning::message" + assert github_actions.message("error", "message") == "::error::message" + + def test_result_pipeline(self): + ENDC = "\033[0m" + FAIL = "\033[91m" + OKGREEN = "\033[92m" + ICON_FAIL = "\u2718" + ICON_SUCCESS = "\u2714" + + github_actions = GithubActions() + + assert github_actions.result_pipeline("failed") == f"{FAIL}{ICON_FAIL}Failed{ENDC}" + assert github_actions.result_pipeline("succeeded") == f"{OKGREEN}{ICON_SUCCESS}Succeeded{ENDC}" + + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.SystemVariables', + autospec=True) + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.BuildVariables', + autospec=True) + @mock.patch( + 'devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.github.github_actions.ReleaseVariables', + autospec=True) + def test_get_variable(self, mock_release_variables, mock_build_variables, mock_system_variables): + github_actions = GithubActions() + + # Mock the BuildVariables class + mock_build_variables.github_ref.value.return_value = "github_ref" + mock_build_variables.github_run_number.value.return_value = "github_run_number" + mock_build_variables.github_run_id.value.return_value = "github_run_id" + mock_build_variables.github_sha.value.return_value = "github_sha" + + + # Mock the ReleaseVariables class + mock_release_variables.github_workflow.value.return_value = "github_workflow" + mock_release_variables.github_env.value.return_value = "github_env" + mock_release_variables.github_run_number.value.return_value = "github_run_number" + + # Mock the SystemVariables class + mock_system_variables.github_access_token.value.return_value = "github_access_token" + + result = github_actions.get_variable("branch_name") + assert result == "github_ref" + + result = github_actions.get_variable("build_id") + assert result == "github_run_number" + + result = github_actions.get_variable("build_execution_id") + assert result == "github_run_id" + + result = github_actions.get_variable("commit_hash") + assert result == "github_sha" + + result = github_actions.get_variable("environment") + assert result == "github_env" + + result = github_actions.get_variable("release_id") + assert result == "github_run_number" + + result = github_actions.get_variable("branch_tag") + assert result == "github_ref" + + result = github_actions.get_variable("access_token") + assert result == "github_access_token" From a41a0a92cf790b1f1cc25205b0c063ed54390ce4 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:24:05 -0500 Subject: [PATCH 034/441] restore runner iac scan file --- .../src/applications/runner_iac_scan.py | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py index 524d98c54..0d0283b17 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/applications/runner_iac_scan.py @@ -1,43 +1,43 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.entry_points.entry_point_tool import ( - init_engine_sast_rm, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import ( - CheckovTool -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import ( - KubescapeTool -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( - KicsTool -) - - -def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env): - try: - # Define driven adapters for gateways - tool_gateway = None - - tools = { - "CHECKOV": CheckovTool(), - "KUBESCAPE": KubescapeTool(), - "KICS": KicsTool() - } - - if tool in tools: - tool_gateway = tools[tool] - - return init_engine_sast_rm( - devops_platform_gateway=devops_platform_gateway, - tool_gateway=tool_gateway, - dict_args=dict_args, - secret_tool=secret_tool, - tool=tool, - env=env, - ) - - except Exception as e: - raise Exception(f"Error engine_iac : {str(e)}") - - -if __name__ == "__main__": - runner_engine_iac() +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.entry_points.entry_point_tool import ( + init_engine_sast_rm, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_tool import ( + CheckovTool +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_tool import ( + KubescapeTool +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( + KicsTool +) + + +def runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, env): + try: + # Define driven adapters for gateways + tool_gateway = None + + tools = { + "CHECKOV": CheckovTool(), + "KUBESCAPE": KubescapeTool(), + "KICS": KicsTool() + } + + if tool in tools: + tool_gateway = tools[tool] + + return init_engine_sast_rm( + devops_platform_gateway=devops_platform_gateway, + tool_gateway=tool_gateway, + dict_args=dict_args, + secret_tool=secret_tool, + tool=tool, + env=env, + ) + + except Exception as e: + raise Exception(f"Error engine_iac : {str(e)}") + + +if __name__ == "__main__": + runner_engine_iac() From 64033424733f03d2bfb5602057e1c3c994662241 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:25:32 -0500 Subject: [PATCH 035/441] restore engine iac config tool file --- .../src/domain/model/config_tool.py | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py index d0c35435a..57415c5f7 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/domain/model/config_tool.py @@ -1,14 +1,14 @@ -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold - - -class ConfigTool: - def __init__(self, json_data): - self.search_pattern = json_data["SEARCH_PATTERN"] - self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"] - self.update_service_file_name_cft = json_data["UPDATE_SERVICE_WITH_FILE_NAME_CFT"] - self.message_info_engine_iac = json_data["MESSAGE_INFO_ENGINE_IAC"] - self.threshold = Threshold(json_data["THRESHOLD"]) - self.scope_pipeline = "" - self.exclusions = None - self.exclusions_all = None - self.exclusions_scope = None +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +class ConfigTool: + def __init__(self, json_data): + self.search_pattern = json_data["SEARCH_PATTERN"] + self.ignore_search_pattern = json_data["IGNORE_SEARCH_PATTERN"] + self.update_service_file_name_cft = json_data["UPDATE_SERVICE_WITH_FILE_NAME_CFT"] + self.message_info_engine_iac = json_data["MESSAGE_INFO_ENGINE_IAC"] + self.threshold = Threshold(json_data["THRESHOLD"]) + self.scope_pipeline = "" + self.exclusions = None + self.exclusions_all = None + self.exclusions_scope = None From 6c1cba4cd9161ac61a15d929d35fe8c474b53bdc Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:26:38 -0500 Subject: [PATCH 036/441] restore checkov deserealizator file --- .../checkov/checkov_deserealizator.py | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py index 299893253..30e50f04c 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/checkov/checkov_deserealizator.py @@ -1,35 +1,35 @@ -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from datetime import datetime -from dataclasses import dataclass - - -@dataclass -class CheckovDeserealizator: - @classmethod - def get_list_finding( - cls, results_scan_list: list, rules - ) -> "list[Finding]": - list_open_findings = [] - - for result in results_scan_list: - if "failed_checks" in str(result): - for scan in result["results"]["failed_checks"]: - finding_open = Finding( - id=scan.get("check_id"), - cvss=None, - where = scan.get("repo_file_path") + ": " + str(scan.get("resource")), - description=rules[scan.get("check_id")].get("checkID", scan.get("check_name")), - severity=rules[scan.get("check_id")].get("severity").lower(), - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category(rules[scan.get("check_id")].get("category").lower()), - requirements=scan.get("guideline"), - tool="Checkov" - ) - list_open_findings.append(finding_open) - +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from datetime import datetime +from dataclasses import dataclass + + +@dataclass +class CheckovDeserealizator: + @classmethod + def get_list_finding( + cls, results_scan_list: list, rules + ) -> "list[Finding]": + list_open_findings = [] + + for result in results_scan_list: + if "failed_checks" in str(result): + for scan in result["results"]["failed_checks"]: + finding_open = Finding( + id=scan.get("check_id"), + cvss=None, + where = scan.get("repo_file_path") + ": " + str(scan.get("resource")), + description=rules[scan.get("check_id")].get("checkID", scan.get("check_name")), + severity=rules[scan.get("check_id")].get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category(rules[scan.get("check_id")].get("category").lower()), + requirements=scan.get("guideline"), + tool="Checkov" + ) + list_open_findings.append(finding_open) + return list_open_findings \ No newline at end of file From 8d889ba7beb7e68af3002ba1ef198a95419ec2b8 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:28:21 -0500 Subject: [PATCH 037/441] restore kicks deserealizator file --- .../kics/kics_deserealizator.py | 114 +++++++++--------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py index 30515c969..75c29b1bc 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kics/kics_deserealizator.py @@ -1,57 +1,57 @@ -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from datetime import datetime -from dataclasses import dataclass - - -@dataclass -class KicsDeserealizator: - def get_list_finding(self, results_scan_list: list) -> "list[Finding]": - list_open_findings = [] - - for result in results_scan_list: - finding_open = Finding( - id=result.get("id"), - cvss=None, - where=result.get("file_name"), - description=result.get("description"), - severity=result.get("severity").lower(), - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="Kics" - ) - list_open_findings.append(finding_open) - - return list_open_findings - - def get_findings(self, data): - filtered_results = [] - for query in data.get("queries", []): - severity = query.get("severity", "").upper() - if severity in {"LOW", "MEDIUM", "HIGH", "CRITICAL"}: - description = query.get("query_name", "") - query_id = query.get("query_id", "") - for file in query.get("files", []): - file_name = file.get("file_name", "") - filtered_results.append({ - "severity": severity, - "description": description, - "file_name": file_name, - "id": query_id - }) - return filtered_results - - def calculate_total_vulnerabilities(self, data): - severity_counters = data.get("severity_counters", {}) - - critical = severity_counters.get("CRITICAL", 0) - high = severity_counters.get("HIGH", 0) - medium = severity_counters.get("MEDIUM", 0) - low = severity_counters.get("LOW", 0) - - return critical + high + medium + low +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from datetime import datetime +from dataclasses import dataclass + + +@dataclass +class KicsDeserealizator: + def get_list_finding(self, results_scan_list: list) -> "list[Finding]": + list_open_findings = [] + + for result in results_scan_list: + finding_open = Finding( + id=result.get("id"), + cvss=None, + where=result.get("file_name"), + description=result.get("description"), + severity=result.get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="Kics" + ) + list_open_findings.append(finding_open) + + return list_open_findings + + def get_findings(self, data): + filtered_results = [] + for query in data.get("queries", []): + severity = query.get("severity", "").upper() + if severity in {"LOW", "MEDIUM", "HIGH", "CRITICAL"}: + description = query.get("query_name", "") + query_id = query.get("query_id", "") + for file in query.get("files", []): + file_name = file.get("file_name", "") + filtered_results.append({ + "severity": severity, + "description": description, + "file_name": file_name, + "id": query_id + }) + return filtered_results + + def calculate_total_vulnerabilities(self, data): + severity_counters = data.get("severity_counters", {}) + + critical = severity_counters.get("CRITICAL", 0) + high = severity_counters.get("HIGH", 0) + medium = severity_counters.get("MEDIUM", 0) + low = severity_counters.get("LOW", 0) + + return critical + high + medium + low From c189e0c212f32f6afd9711f7a1637a1cb0a8b970 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:29:59 -0500 Subject: [PATCH 038/441] restore kubescape deserealizator file --- .../kubescape/kubescape_deserealizator.py | 150 +++++++++--------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py index 46c8bcc49..a9e3d37dd 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/driven_adapters/kubescape/kubescape_deserealizator.py @@ -1,75 +1,75 @@ -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from datetime import datetime -from dataclasses import dataclass - - -@dataclass -class KubescapeDeserealizator: - def get_list_finding(self, results_scan_list: list) -> "list[Finding]": - list_open_findings = [] - - for result in results_scan_list: - finding_open = Finding( - id=result.get("id"), - cvss=None, - where=result.get("where"), - description=result.get("description"), - severity=result.get("severity").lower(), - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="kubescape" - ) - list_open_findings.append(finding_open) - - return list_open_findings - - def extract_failed_controls(self, data): - result_extracted_data = [] - results = data.get("results", []) - resources = {resource.get("resourceID"): resource for resource in data.get("resources", [])} - frameworks = data.get("summaryDetails", {}).get("frameworks", []) - - for result in results: - resource_id = result.get("resourceID") - controls = result.get("controls", []) - - for control in controls: - if control.get("status", {}).get("status") == "failed": - control_id = control.get("controlID") - name = control.get("name") - resource = resources.get(resource_id) - - if resource: - relative_path = resource.get("source", {}).get("path", "").replace("\\", "/") - severity_score = self.get_severity_score(frameworks, control_id) - - result_extracted_data.append({ - "id": control_id, - "description": name, - "where": relative_path, - "severity": severity_score - }) - - return result_extracted_data - - def get_severity_score(self, frameworks, control_id): - classifications = { - (0.0, 0.0): "none", - (0.1, 3.9): "low", - (4.0, 6.9): "medium", - (7.0, 8.9): "high", - (9.0, 10.0): "critical" - } - for framework in frameworks: - control_object = framework.get("controls", {}).get(control_id, {}) - if control_object: - for range_tuple, classification in classifications.items(): - if range_tuple[0] <= control_object.get("scoreFactor", 0.0) <= range_tuple[1]: - return classification - return None +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from datetime import datetime +from dataclasses import dataclass + + +@dataclass +class KubescapeDeserealizator: + def get_list_finding(self, results_scan_list: list) -> "list[Finding]": + list_open_findings = [] + + for result in results_scan_list: + finding_open = Finding( + id=result.get("id"), + cvss=None, + where=result.get("where"), + description=result.get("description"), + severity=result.get("severity").lower(), + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="kubescape" + ) + list_open_findings.append(finding_open) + + return list_open_findings + + def extract_failed_controls(self, data): + result_extracted_data = [] + results = data.get("results", []) + resources = {resource.get("resourceID"): resource for resource in data.get("resources", [])} + frameworks = data.get("summaryDetails", {}).get("frameworks", []) + + for result in results: + resource_id = result.get("resourceID") + controls = result.get("controls", []) + + for control in controls: + if control.get("status", {}).get("status") == "failed": + control_id = control.get("controlID") + name = control.get("name") + resource = resources.get(resource_id) + + if resource: + relative_path = resource.get("source", {}).get("path", "").replace("\\", "/") + severity_score = self.get_severity_score(frameworks, control_id) + + result_extracted_data.append({ + "id": control_id, + "description": name, + "where": relative_path, + "severity": severity_score + }) + + return result_extracted_data + + def get_severity_score(self, frameworks, control_id): + classifications = { + (0.0, 0.0): "none", + (0.1, 3.9): "low", + (4.0, 6.9): "medium", + (7.0, 8.9): "high", + (9.0, 10.0): "critical" + } + for framework in frameworks: + control_object = framework.get("controls", {}).get(control_id, {}) + if control_object: + for range_tuple, classification in classifications.items(): + if range_tuple[0] <= control_object.get("scoreFactor", 0.0) <= range_tuple[1]: + return classification + return None From 1dfd63a123bf4ad705fd1bd0ed1c0a0e77e822bf Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:32:24 -0500 Subject: [PATCH 039/441] restore engine iac file generator tool file --- .../helpers/file_generator_tool.py | 148 +++++++++--------- 1 file changed, 74 insertions(+), 74 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py index 53268c8ae..38c12cafb 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/src/infrastructure/helpers/file_generator_tool.py @@ -1,74 +1,74 @@ -import json -import os -from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities import settings - -logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() - - -def generate_file_from_tool(tool, result_list, rules_doc): - if tool == "CHECKOV": - try: - if len(result_list) > 0: - all_failed_checks = [] - summary_passed = 0 - summary_failed = 0 - summary_skipped = 0 - summary_parsing_errors = 0 - summary_resource_count = 0 - checkov_version = None - for result in result_list: - failed_checks = result.get("results", {}).get("failed_checks", []) - all_failed_checks.extend( - map(lambda x: update_fields(x, rules_doc), failed_checks) - ) - summary_passed += result.get("summary", {}).get("passed", 0) - summary_failed += result.get("summary", {}).get("failed", 0) - summary_skipped += result.get("summary", {}).get("skipped", 0) - summary_parsing_errors += result.get("summary", {}).get( - "parsing_errors", 0 - ) - summary_resource_count += result.get("summary", {}).get( - "resource_count", 0 - ) - checkov_version = result.get("summary", {}).get( - "checkov_version", None - ) - - file_name = "results.json" - results_data = { - "check_type": "Dockerfile, Kubernetes and CloudFormation", - "results": { - "failed_checks": all_failed_checks, - }, - "summary": { - "passed": summary_passed, - "failed": summary_failed, - "skipped": summary_skipped, - "parsing_errors": summary_parsing_errors, - "resource_count": summary_resource_count, - "checkov_version": checkov_version, - }, - } - - with open(file_name, "w") as json_file: - json.dump(results_data, json_file, indent=4) - - absolute_path = os.path.abspath(file_name) - return absolute_path - except Exception as ex: - logger.error(f"Error during handling checkov json integrator {ex}") - - -def update_fields(check_result, rules_doc): - rule_info = rules_doc.get(check_result.get("check_id"), {}) - - check_result["severity"] = rule_info["severity"].lower() - if "customID" in rule_info: - check_result["custom_vuln_id"] = rule_info["customID"] - if "guideline" in rule_info: - check_result["guideline"] = rule_info["guideline"] - if "category" in rule_info: - check_result["bc_category"] = rule_info["category"] - - return check_result +import json +import os +from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger +from devsecops_engine_tools.engine_utilities import settings + +logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger() + + +def generate_file_from_tool(tool, result_list, rules_doc): + if tool == "CHECKOV": + try: + if len(result_list) > 0: + all_failed_checks = [] + summary_passed = 0 + summary_failed = 0 + summary_skipped = 0 + summary_parsing_errors = 0 + summary_resource_count = 0 + checkov_version = None + for result in result_list: + failed_checks = result.get("results", {}).get("failed_checks", []) + all_failed_checks.extend( + map(lambda x: update_fields(x, rules_doc), failed_checks) + ) + summary_passed += result.get("summary", {}).get("passed", 0) + summary_failed += result.get("summary", {}).get("failed", 0) + summary_skipped += result.get("summary", {}).get("skipped", 0) + summary_parsing_errors += result.get("summary", {}).get( + "parsing_errors", 0 + ) + summary_resource_count += result.get("summary", {}).get( + "resource_count", 0 + ) + checkov_version = result.get("summary", {}).get( + "checkov_version", None + ) + + file_name = "results.json" + results_data = { + "check_type": "Dockerfile, Kubernetes and CloudFormation", + "results": { + "failed_checks": all_failed_checks, + }, + "summary": { + "passed": summary_passed, + "failed": summary_failed, + "skipped": summary_skipped, + "parsing_errors": summary_parsing_errors, + "resource_count": summary_resource_count, + "checkov_version": checkov_version, + }, + } + + with open(file_name, "w") as json_file: + json.dump(results_data, json_file, indent=4) + + absolute_path = os.path.abspath(file_name) + return absolute_path + except Exception as ex: + logger.error(f"Error during handling checkov json integrator {ex}") + + +def update_fields(check_result, rules_doc): + rule_info = rules_doc.get(check_result.get("check_id"), {}) + + check_result["severity"] = rule_info["severity"].lower() + if "customID" in rule_info: + check_result["custom_vuln_id"] = rule_info["customID"] + if "guideline" in rule_info: + check_result["guideline"] = rule_info["guideline"] + if "category" in rule_info: + check_result["bc_category"] = rule_info["category"] + + return check_result From 0e862b04135084973ae87fafe6d0044df8c9b710 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:33:50 -0500 Subject: [PATCH 040/441] restore test runner iac scan file --- .../test/applications/test_runner_iac_scan.py | 226 +++++++++--------- 1 file changed, 113 insertions(+), 113 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py index 6bc32a0f8..db63aadab 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/applications/test_runner_iac_scan.py @@ -1,113 +1,113 @@ -import unittest -from unittest import mock -from devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan import ( - runner_engine_iac, -) -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold - - -@mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" -) -def test_runner_engine_iac(mock_entry_point_tool): - # Mock the output - - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - - mock_entry_point_tool.return_value = [] , input_core - - # Define the input arguments - dict_args = {} - tool = "CHECKOV" - secret_tool = "secret" - devops_platform_gateway = None - - # Call the function - [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") - - # Assert the expected behavior - assert input_output == input_core - -@mock.patch('devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm') -def test_runner_engine_iac_exception(mock_entry_point_tool): - # Arrange - dict_args = {'arg1': 'value1', 'arg2': 'value2'} - tool = 'CHECKOV' - secret_tool = 'my_secret' - devops_platform_gateway = None - - # Mock the necessary methods or properties to simulate an exception - mock_entry_point_tool.side_effect = Exception("Simulated error") - - # Act and Assert - with unittest.TestCase().assertRaises(Exception) as context: - runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "dev") - - # Optionally, you can check the exception message or other details - assert str(context.exception) == "Error engine_iac : Simulated error" - -@mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" -) -def test_runner_engine_iac_kubescape(mock_entry_point_tool): - # Mock the output - - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - - mock_entry_point_tool.return_value = [] , input_core - - # Define the input arguments - dict_args = {} - tool = "KUBESCAPE" - secret_tool = "secret" - devops_platform_gateway = None - - # Call the function - [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") - - # Assert the expected behavior - assert input_output == input_core - -@mock.patch( - "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" -) -def test_runner_engine_iac_kics(mock_entry_point_tool): - # Mock the output - - input_core = InputCore( - totalized_exclusions=[], - threshold_defined=Threshold, - path_file_results="test/file", - custom_message_break_build="message", - scope_pipeline="pipeline", - stage_pipeline="Release", - ) - - mock_entry_point_tool.return_value = [] , input_core - - # Define the input arguments - dict_args = {} - tool = "KICS" - secret_tool = "secret" - devops_platform_gateway = None - - # Call the function - [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") - - # Assert the expected behavior - assert input_output == input_core +import unittest +from unittest import mock +from devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan import ( + runner_engine_iac, +) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +@mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" +) +def test_runner_engine_iac(mock_entry_point_tool): + # Mock the output + + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + + mock_entry_point_tool.return_value = [] , input_core + + # Define the input arguments + dict_args = {} + tool = "CHECKOV" + secret_tool = "secret" + devops_platform_gateway = None + + # Call the function + [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") + + # Assert the expected behavior + assert input_output == input_core + +@mock.patch('devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm') +def test_runner_engine_iac_exception(mock_entry_point_tool): + # Arrange + dict_args = {'arg1': 'value1', 'arg2': 'value2'} + tool = 'CHECKOV' + secret_tool = 'my_secret' + devops_platform_gateway = None + + # Mock the necessary methods or properties to simulate an exception + mock_entry_point_tool.side_effect = Exception("Simulated error") + + # Act and Assert + with unittest.TestCase().assertRaises(Exception) as context: + runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "dev") + + # Optionally, you can check the exception message or other details + assert str(context.exception) == "Error engine_iac : Simulated error" + +@mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" +) +def test_runner_engine_iac_kubescape(mock_entry_point_tool): + # Mock the output + + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + + mock_entry_point_tool.return_value = [] , input_core + + # Define the input arguments + dict_args = {} + tool = "KUBESCAPE" + secret_tool = "secret" + devops_platform_gateway = None + + # Call the function + [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") + + # Assert the expected behavior + assert input_output == input_core + +@mock.patch( + "devsecops_engine_tools.engine_sast.engine_iac.src.applications.runner_iac_scan.init_engine_sast_rm" +) +def test_runner_engine_iac_kics(mock_entry_point_tool): + # Mock the output + + input_core = InputCore( + totalized_exclusions=[], + threshold_defined=Threshold, + path_file_results="test/file", + custom_message_break_build="message", + scope_pipeline="pipeline", + stage_pipeline="Release", + ) + + mock_entry_point_tool.return_value = [] , input_core + + # Define the input arguments + dict_args = {} + tool = "KICS" + secret_tool = "secret" + devops_platform_gateway = None + + # Call the function + [] , input_output = runner_engine_iac(dict_args, tool, secret_tool, devops_platform_gateway, "qa") + + # Assert the expected behavior + assert input_output == input_core From e00b9960a46de6383b28ac1c4d457f3b1f4ea774 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:35:13 -0500 Subject: [PATCH 041/441] restore test checkov deserealizator file --- .../checkov/test_checkov_deserealizator.py | 264 +++++++++--------- 1 file changed, 132 insertions(+), 132 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py index b82397072..e105cf6c6 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/checkov/test_checkov_deserealizator.py @@ -1,132 +1,132 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import ( - CheckovDeserealizator, -) -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, - Category, -) -from datetime import datetime - -def test_get_list_finding(): - results_scan_list = [ - { - "check_type": "dockerfile", - "results": { - "failed_checks": [ - { - "check_id": "CKV_DOCKER_3", - "bc_check_id": None, - "check_name": "Ensure that a user for the container has been created", - "check_result": { - "result": "FAILED", - "results_configuration": None, - }, - "code_block": None, - "resource": "docker", - "file_path": "/Dockerfile", - "file_abs_path": "./_AW1234/Dockerfile", - "repo_file_path": "/_AW1234/Dockerfile", - } - ] - }, - "summary": { - "passed": 1, - "failed": 1, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 1, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "kubernetes", - "results": { - "failed_checks": [ - { - "check_id": "CKV_K8S_13", - "bc_check_id": None, - "check_name": "Minimize the admission of containers with capabilities assigned", - "check_result": { - "result": "FAILED", - "evaluated_keys": [...], - }, - "code_block": None, - "file_path": "/app.yaml", - "file_abs_path": "./_AW1234/app.yaml", - "repo_file_path": "/_AW1234/app.yaml", - "file_line_range": [21, 83], - "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", - "evaluations": {}, - "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", - "fixed_definition": None, - "entity_tags": None, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - }, - ] - config_rules = { - "CKV_DOCKER_3": { - "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - "environment": {...}, - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Vulnerability", - }, - "CKV_K8S_13": { - "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", - "environment": {...}, - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance", - }, - } - - list_findings = CheckovDeserealizator.get_list_finding( - results_scan_list, config_rules - ) - - list_findings_compare: list[Finding] = [] - list_findings_compare.append( - Finding( - id="CKV_DOCKER_3", - cvss=None, - where="/_AW1234/Dockerfile: docker", - description="IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="Checkov", - ) - ) - - list_findings_compare.append( - Finding( - id="CKV_K8S_13", - cvss=None, - where="/_AW1234/app.yaml: Deployment.devsecops-engine-dev.ms-async-provider-deployment", - description='IAC-CKV_K8S_13 Ensure memory limits are set', - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.COMPLIANCE, - requirements=None, - tool="Checkov", - ) - ) - - assert list_findings == list_findings_compare +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.checkov.checkov_deserealizator import ( + CheckovDeserealizator, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, + Category, +) +from datetime import datetime + +def test_get_list_finding(): + results_scan_list = [ + { + "check_type": "dockerfile", + "results": { + "failed_checks": [ + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": None, + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": None, + }, + "code_block": None, + "resource": "docker", + "file_path": "/Dockerfile", + "file_abs_path": "./_AW1234/Dockerfile", + "repo_file_path": "/_AW1234/Dockerfile", + } + ] + }, + "summary": { + "passed": 1, + "failed": 1, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 1, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "kubernetes", + "results": { + "failed_checks": [ + { + "check_id": "CKV_K8S_13", + "bc_check_id": None, + "check_name": "Minimize the admission of containers with capabilities assigned", + "check_result": { + "result": "FAILED", + "evaluated_keys": [...], + }, + "code_block": None, + "file_path": "/app.yaml", + "file_abs_path": "./_AW1234/app.yaml", + "repo_file_path": "/_AW1234/app.yaml", + "file_line_range": [21, 83], + "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", + "evaluations": {}, + "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", + "fixed_definition": None, + "entity_tags": None, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + }, + ] + config_rules = { + "CKV_DOCKER_3": { + "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + "environment": {...}, + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Vulnerability", + }, + "CKV_K8S_13": { + "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", + "environment": {...}, + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance", + }, + } + + list_findings = CheckovDeserealizator.get_list_finding( + results_scan_list, config_rules + ) + + list_findings_compare: list[Finding] = [] + list_findings_compare.append( + Finding( + id="CKV_DOCKER_3", + cvss=None, + where="/_AW1234/Dockerfile: docker", + description="IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="Checkov", + ) + ) + + list_findings_compare.append( + Finding( + id="CKV_K8S_13", + cvss=None, + where="/_AW1234/app.yaml: Deployment.devsecops-engine-dev.ms-async-provider-deployment", + description='IAC-CKV_K8S_13 Ensure memory limits are set', + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.COMPLIANCE, + requirements=None, + tool="Checkov", + ) + ) + + assert list_findings == list_findings_compare From 88b9cd1f01d433ea6a69676372fce6fbc430910c Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:36:51 -0500 Subject: [PATCH 042/441] restore test kics deserealizator file --- .../kics/test_kics_deserealizator.py | 310 +++++++++--------- 1 file changed, 155 insertions(+), 155 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py index 56818bcb7..461947c44 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kics/test_kics_deserealizator.py @@ -1,156 +1,156 @@ -import unittest -from unittest.mock import patch -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import ( - KicsDeserealizator -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( - KicsTool -) -from datetime import datetime - -class TestKicsDeserealizator(unittest.TestCase): - - def setUp(self): - self.deserealizator = KicsDeserealizator() - - def test_get_list_finding_empty_list(self): - results_scan_list = [] - expected_list = [] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(actual_list, expected_list) - - def test_get_list_finding_single_finding(self): - results_scan_list = [ - { - "severity": "High", - "description": "Test", - "file_name": "/some/path", - "id": "1" - } - ] - expected_list = [ - Finding( - id="1", - cvss=None, - where="/some/path", - description="Test", - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="Kics" - ) - ] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(len(actual_list), 1) - self.assertEqual(actual_list[0], expected_list[0]) - - def test_get_findings_empty_data(self): - data = {} - expected = [] - result = self.deserealizator.get_findings(data) - self.assertEqual(result, expected) - - def test_get_findings_queries_with_various_severities(self): - data = { - "queries": [ - { - "severity": "LOW", - "query_name": "Test Query 1", - "query_id": "1", - "files": [ - {"file_name": "file1.py"} - ] - }, - { - "severity": "MEDIUM", - "query_name": "Test Query 2", - "query_id": "2", - "files": [ - {"file_name": "file2.py"} - ] - }, - { - "severity": "HIGH", - "query_name": "Test Query 3", - "query_id": "3", - "files": [ - {"file_name": "file3.py"} - ] - }, - { - "severity": "CRITICAL", - "query_name": "Test Query 4", - "query_id": "4", - "files": [ - {"file_name": "file4.py"} - ] - }, - { - "severity": "INFO", - "query_name": "Test Query 5", - "query_id": "5", - "files": [ - {"file_name": "file5.py"} - ] - } - ] - } - expected = [ - {"severity": "LOW", "description": "Test Query 1", "file_name": "file1.py", "id": "1"}, - {"severity": "MEDIUM", "description": "Test Query 2", "file_name": "file2.py", "id": "2"}, - {"severity": "HIGH", "description": "Test Query 3", "file_name": "file3.py", "id": "3"}, - {"severity": "CRITICAL", "description": "Test Query 4", "file_name": "file4.py", "id": "4"} - ] - result = self.deserealizator.get_findings(data) - self.assertEqual(result, expected) - - def test_get_finding_queries_with_no_files(self): - data = { - "queries": [ - { - "severity": "HIGH", - "query_name": "Test Query 1", - "query_id": "1", - "files": [] - } - ] - } - expected = [] - result = self.deserealizator.get_findings(data) - self.assertEqual(result, expected) - - def test_calculate_total_vulnerabilities_empty_data(self): - data = {} - expected = 0 - result = self.deserealizator.calculate_total_vulnerabilities(data) - self.assertEqual(result, expected) - - def test_calculate_total_vulnerabilities_no_vulnerabilities(self): - data = {"severity_counters": {}} - expected = 0 - result = self.deserealizator.calculate_total_vulnerabilities(data) - self.assertEqual(result, expected) - - def test_calculate_total_vulnerabilities_with_vulnerabilities(self): - data = { - "severity_counters": { - "CRITICAL": 10, - "HIGH": 5, - "MEDIUM": 2, - "LOW": 1 - } - } - expected = 18 - result = self.deserealizator.calculate_total_vulnerabilities(data) +import unittest +from unittest.mock import patch +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_deserealizator import ( + KicsDeserealizator +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kics.kics_tool import ( + KicsTool +) +from datetime import datetime + +class TestKicsDeserealizator(unittest.TestCase): + + def setUp(self): + self.deserealizator = KicsDeserealizator() + + def test_get_list_finding_empty_list(self): + results_scan_list = [] + expected_list = [] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(actual_list, expected_list) + + def test_get_list_finding_single_finding(self): + results_scan_list = [ + { + "severity": "High", + "description": "Test", + "file_name": "/some/path", + "id": "1" + } + ] + expected_list = [ + Finding( + id="1", + cvss=None, + where="/some/path", + description="Test", + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="Kics" + ) + ] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(len(actual_list), 1) + self.assertEqual(actual_list[0], expected_list[0]) + + def test_get_findings_empty_data(self): + data = {} + expected = [] + result = self.deserealizator.get_findings(data) + self.assertEqual(result, expected) + + def test_get_findings_queries_with_various_severities(self): + data = { + "queries": [ + { + "severity": "LOW", + "query_name": "Test Query 1", + "query_id": "1", + "files": [ + {"file_name": "file1.py"} + ] + }, + { + "severity": "MEDIUM", + "query_name": "Test Query 2", + "query_id": "2", + "files": [ + {"file_name": "file2.py"} + ] + }, + { + "severity": "HIGH", + "query_name": "Test Query 3", + "query_id": "3", + "files": [ + {"file_name": "file3.py"} + ] + }, + { + "severity": "CRITICAL", + "query_name": "Test Query 4", + "query_id": "4", + "files": [ + {"file_name": "file4.py"} + ] + }, + { + "severity": "INFO", + "query_name": "Test Query 5", + "query_id": "5", + "files": [ + {"file_name": "file5.py"} + ] + } + ] + } + expected = [ + {"severity": "LOW", "description": "Test Query 1", "file_name": "file1.py", "id": "1"}, + {"severity": "MEDIUM", "description": "Test Query 2", "file_name": "file2.py", "id": "2"}, + {"severity": "HIGH", "description": "Test Query 3", "file_name": "file3.py", "id": "3"}, + {"severity": "CRITICAL", "description": "Test Query 4", "file_name": "file4.py", "id": "4"} + ] + result = self.deserealizator.get_findings(data) + self.assertEqual(result, expected) + + def test_get_finding_queries_with_no_files(self): + data = { + "queries": [ + { + "severity": "HIGH", + "query_name": "Test Query 1", + "query_id": "1", + "files": [] + } + ] + } + expected = [] + result = self.deserealizator.get_findings(data) + self.assertEqual(result, expected) + + def test_calculate_total_vulnerabilities_empty_data(self): + data = {} + expected = 0 + result = self.deserealizator.calculate_total_vulnerabilities(data) + self.assertEqual(result, expected) + + def test_calculate_total_vulnerabilities_no_vulnerabilities(self): + data = {"severity_counters": {}} + expected = 0 + result = self.deserealizator.calculate_total_vulnerabilities(data) + self.assertEqual(result, expected) + + def test_calculate_total_vulnerabilities_with_vulnerabilities(self): + data = { + "severity_counters": { + "CRITICAL": 10, + "HIGH": 5, + "MEDIUM": 2, + "LOW": 1 + } + } + expected = 18 + result = self.deserealizator.calculate_total_vulnerabilities(data) self.assertEqual(result, expected) \ No newline at end of file From 26985f6d60d53076ab4df7eca2501a8f028661f0 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:38:19 -0500 Subject: [PATCH 043/441] restore test kubescape deserealizator file --- .../test_kubescape_deserealizator.py | 238 +++++++++--------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py index ea217e900..fe2a586e9 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/driven_adapters/kubescape/test_kubescape_deserealizator.py @@ -1,119 +1,119 @@ -import unittest -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Category, - Finding, -) -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import ( - KubescapeDeserealizator -) -from datetime import datetime - - -class TestKubescapeDeserealizator(unittest.TestCase): - - def setUp(self): - self.deserealizator = KubescapeDeserealizator() - - def test_get_list_finding_empty_list(self): - results_scan_list = [] - expected_list = [] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(actual_list, expected_list) - - def test_get_list_finding_single_finding(self): - results_scan_list = [ - { - "id": "1", - "where": "/some/path", - "description": "Test finding", - "severity": "High" - } - ] - expected_list = [ - Finding( - id="1", - cvss=None, - where="/some/path", - description="Test finding", - severity="high", - identification_date=datetime.now().strftime("%d%m%Y"), - published_date_cve=None, - module="engine_iac", - category=Category.VULNERABILITY, - requirements=None, - tool="kubescape" - ) - ] - - actual_list = self.deserealizator.get_list_finding(results_scan_list) - - self.assertEqual(len(actual_list), 1) - self.assertEqual(actual_list[0], expected_list[0]) - - def test_extract_failed_controls_no_failures(self): - data = { - "results": [ - { - "resourceID": "res1", - "controls": [ - {"controlID": "ctrl1", "status": {"status": "passed"}} - ] - } - ], - "resources": [ - {"resourceID": "res1", "source": {"relativePath": "path/to/res1"}} - ], - "summaryDetails": { - "frameworks": [] - } - } - result = self.deserealizator.extract_failed_controls(data) - self.assertEqual(result, []) - - def test_extract_failed_controls_with_failures(self): - data = { - "results": [ - { - "resourceID": "res1", - "controls": [ - {"controlID": "ctrl1", "name": "Control 1", "status": {"status": "failed"}} - ] - } - ], - "resources": [ - {"resourceID": "res1", "source": {"path": "path/to/res1"}} - ], - "summaryDetails": { - "frameworks": [{"controls": {"ctrl1": {"scoreFactor": 5}}}] - } - } - result = self.deserealizator.extract_failed_controls(data) - expected_result = [{ - "id": "ctrl1", - "description": "Control 1", - "where": "path/to/res1", - "severity": "medium" - }] - self.assertEqual(result, expected_result) - - def test_get_severity_score_none(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 0.0}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "none") - - def test_get_severity_score_medium(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 5.0}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "medium") - - def test_get_severity_score_high(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 8.0}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "high") - - def test_get_severity_score_critical(self): - frameworks = [{"controls": {"control1": {"scoreFactor": 9.5}}}] - result = self.deserealizator.get_severity_score(frameworks, "control1") - self.assertEqual(result, "critical") +import unittest +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Category, + Finding, +) +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.driven_adapters.kubescape.kubescape_deserealizator import ( + KubescapeDeserealizator +) +from datetime import datetime + + +class TestKubescapeDeserealizator(unittest.TestCase): + + def setUp(self): + self.deserealizator = KubescapeDeserealizator() + + def test_get_list_finding_empty_list(self): + results_scan_list = [] + expected_list = [] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(actual_list, expected_list) + + def test_get_list_finding_single_finding(self): + results_scan_list = [ + { + "id": "1", + "where": "/some/path", + "description": "Test finding", + "severity": "High" + } + ] + expected_list = [ + Finding( + id="1", + cvss=None, + where="/some/path", + description="Test finding", + severity="high", + identification_date=datetime.now().strftime("%d%m%Y"), + published_date_cve=None, + module="engine_iac", + category=Category.VULNERABILITY, + requirements=None, + tool="kubescape" + ) + ] + + actual_list = self.deserealizator.get_list_finding(results_scan_list) + + self.assertEqual(len(actual_list), 1) + self.assertEqual(actual_list[0], expected_list[0]) + + def test_extract_failed_controls_no_failures(self): + data = { + "results": [ + { + "resourceID": "res1", + "controls": [ + {"controlID": "ctrl1", "status": {"status": "passed"}} + ] + } + ], + "resources": [ + {"resourceID": "res1", "source": {"relativePath": "path/to/res1"}} + ], + "summaryDetails": { + "frameworks": [] + } + } + result = self.deserealizator.extract_failed_controls(data) + self.assertEqual(result, []) + + def test_extract_failed_controls_with_failures(self): + data = { + "results": [ + { + "resourceID": "res1", + "controls": [ + {"controlID": "ctrl1", "name": "Control 1", "status": {"status": "failed"}} + ] + } + ], + "resources": [ + {"resourceID": "res1", "source": {"path": "path/to/res1"}} + ], + "summaryDetails": { + "frameworks": [{"controls": {"ctrl1": {"scoreFactor": 5}}}] + } + } + result = self.deserealizator.extract_failed_controls(data) + expected_result = [{ + "id": "ctrl1", + "description": "Control 1", + "where": "path/to/res1", + "severity": "medium" + }] + self.assertEqual(result, expected_result) + + def test_get_severity_score_none(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 0.0}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "none") + + def test_get_severity_score_medium(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 5.0}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "medium") + + def test_get_severity_score_high(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 8.0}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "high") + + def test_get_severity_score_critical(self): + frameworks = [{"controls": {"control1": {"scoreFactor": 9.5}}}] + result = self.deserealizator.get_severity_score(frameworks, "control1") + self.assertEqual(result, "critical") From 09a2bb66db19a6c6783eaf7fa2aa46ed75216ea4 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:39:38 -0500 Subject: [PATCH 044/441] restore test file generator tool file --- .../helpers/test_file_generator_tool.py | 474 +++++++++--------- 1 file changed, 237 insertions(+), 237 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py index bc9a13eca..c5b9e1b82 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_iac/test/infrastructure/helpers/test_file_generator_tool.py @@ -1,238 +1,238 @@ -from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import ( - generate_file_from_tool -) -import json -from functools import reduce - -def test_generate_file_from_tool(): - results_scan_list = [ - { - "check_type": "dockerfile", - "results": { - "failed_checks": [ - { - "check_id": "CKV_DOCKER_3", - "bc_check_id": None, - "check_name": "Ensure that a user for the container has been created", - "check_result": { - "result": "FAILED", - "results_configuration": None, - }, - "code_block": None, - "file_path": "/Dockerfile", - "file_abs_path": "./_AW1234/Dockerfile", - "repo_file_path": "/_AW1234/Dockerfile", - } - ] - }, - "summary": { - "passed": 1, - "failed": 1, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 1, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "kubernetes", - "results": { - "failed_checks": [ - { - "check_id": "CKV_K8S_13", - "bc_check_id": None, - "check_name": "Minimize the admission of containers with capabilities assigned", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/app.yaml", - "file_abs_path": "./_AW1234/app.yaml", - "repo_file_path": "/_AW1234/app.yaml", - "file_line_range": [21, 83], - "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", - "evaluations": {}, - "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", - "fixed_definition": None, - "entity_tags": None, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "cloudformation", - "results": { - "failed_checks": [ - { - "check_id": "CKV_AWS_20", - "bc_check_id": None, - "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/template-cloudfront.yaml", - "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", - "repo_file_path": "/_AW1234/template-cloudfront.yaml", - "file_line_range": [308, 339], - "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", - "evaluations": {}, - "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", - "fixed_definition": None, - "entity_tags": {}, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - } - ] - rules_doc = { - "CKV_DOCKER_3": { - "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Vulnerability", - }, - "CKV_K8S_13": { - "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance", - }, - "CKV_AWS_20": { - "customID": "C-S3-005", - "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", - "guideline": "guideline", - "severity": "High", - "cvss": "", - "category": "Compliance", - }, - } - - absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, rules_doc) - - with open(absolute_path, "r") as file: - data = file.read() - json_data = json.loads(data) - assert len(json_data["results"]["failed_checks"]) == reduce(lambda x, y: x + y, map(lambda x: len(x["results"]["failed_checks"]), results_scan_list)) - - -def test_generate_file_from_tool_exception(): - results_scan_list = [ - { - "check_type": "dockerfile", - "results": { - "failed_checks": [ - { - "check_id": "CKV_DOCKER_3", - "bc_check_id": None, - "check_name": "Ensure that a user for the container has been created", - "check_result": { - "result": "FAILED", - "results_configuration": None, - }, - "code_block": None, - "file_path": "/Dockerfile", - "file_abs_path": "./_AW1234/Dockerfile", - "repo_file_path": "/_AW1234/Dockerfile", - } - ] - }, - "summary": { - "passed": 1, - "failed": 1, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 1, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "kubernetes", - "results": { - "failed_checks": [ - { - "check_id": "CKV_K8S_13", - "bc_check_id": None, - "check_name": "Minimize the admission of containers with capabilities assigned", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/app.yaml", - "file_abs_path": "./_AW1234/app.yaml", - "repo_file_path": "/_AW1234/app.yaml", - "file_line_range": [21, 83], - "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", - "evaluations": {}, - "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", - "fixed_definition": None, - "entity_tags": None, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - }, - { - "check_type": "cloudformation", - "results": { - "failed_checks": [ - { - "check_id": "CKV_AWS_20", - "bc_check_id": None, - "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", - "check_result": { - "result": "FAILED" - }, - "code_block": None, - "file_path": "/template-cloudfront.yaml", - "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", - "repo_file_path": "/_AW1234/template-cloudfront.yaml", - "file_line_range": [308, 339], - "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", - "evaluations": {}, - "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", - "fixed_definition": None, - "entity_tags": {}, - } - ] - }, - "summary": { - "passed": 15, - "failed": 9, - "skipped": 0, - "parsing_errors": 0, - "resource_count": 7, - "checkov_version": "2.3.296", - }, - } - ] - - absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, None) - - assert absolute_path == None +from devsecops_engine_tools.engine_sast.engine_iac.src.infrastructure.helpers.file_generator_tool import ( + generate_file_from_tool +) +import json +from functools import reduce + +def test_generate_file_from_tool(): + results_scan_list = [ + { + "check_type": "dockerfile", + "results": { + "failed_checks": [ + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": None, + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": None, + }, + "code_block": None, + "file_path": "/Dockerfile", + "file_abs_path": "./_AW1234/Dockerfile", + "repo_file_path": "/_AW1234/Dockerfile", + } + ] + }, + "summary": { + "passed": 1, + "failed": 1, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 1, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "kubernetes", + "results": { + "failed_checks": [ + { + "check_id": "CKV_K8S_13", + "bc_check_id": None, + "check_name": "Minimize the admission of containers with capabilities assigned", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/app.yaml", + "file_abs_path": "./_AW1234/app.yaml", + "repo_file_path": "/_AW1234/app.yaml", + "file_line_range": [21, 83], + "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", + "evaluations": {}, + "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", + "fixed_definition": None, + "entity_tags": None, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "cloudformation", + "results": { + "failed_checks": [ + { + "check_id": "CKV_AWS_20", + "bc_check_id": None, + "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/template-cloudfront.yaml", + "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", + "repo_file_path": "/_AW1234/template-cloudfront.yaml", + "file_line_range": [308, 339], + "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", + "evaluations": {}, + "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", + "fixed_definition": None, + "entity_tags": {}, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + } + ] + rules_doc = { + "CKV_DOCKER_3": { + "checkID": "IAC-CKV-DOCKER-3 Ensure that a user for the container has been created", + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Vulnerability", + }, + "CKV_K8S_13": { + "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance", + }, + "CKV_AWS_20": { + "customID": "C-S3-005", + "checkID": "IAC-CKV_K8S_13 Ensure memory limits are set", + "guideline": "guideline", + "severity": "High", + "cvss": "", + "category": "Compliance", + }, + } + + absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, rules_doc) + + with open(absolute_path, "r") as file: + data = file.read() + json_data = json.loads(data) + assert len(json_data["results"]["failed_checks"]) == reduce(lambda x, y: x + y, map(lambda x: len(x["results"]["failed_checks"]), results_scan_list)) + + +def test_generate_file_from_tool_exception(): + results_scan_list = [ + { + "check_type": "dockerfile", + "results": { + "failed_checks": [ + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": None, + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": None, + }, + "code_block": None, + "file_path": "/Dockerfile", + "file_abs_path": "./_AW1234/Dockerfile", + "repo_file_path": "/_AW1234/Dockerfile", + } + ] + }, + "summary": { + "passed": 1, + "failed": 1, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 1, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "kubernetes", + "results": { + "failed_checks": [ + { + "check_id": "CKV_K8S_13", + "bc_check_id": None, + "check_name": "Minimize the admission of containers with capabilities assigned", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/app.yaml", + "file_abs_path": "./_AW1234/app.yaml", + "repo_file_path": "/_AW1234/app.yaml", + "file_line_range": [21, 83], + "resource": "Deployment.devsecops-engine-dev.ms-async-provider-deployment", + "evaluations": {}, + "check_class": "checkov.kubernetes.checks.resource.k8s.MinimizeCapabilities", + "fixed_definition": None, + "entity_tags": None, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + }, + { + "check_type": "cloudformation", + "results": { + "failed_checks": [ + { + "check_id": "CKV_AWS_20", + "bc_check_id": None, + "check_name": "Ensure the S3 bucket does not allow READ permissions to everyone", + "check_result": { + "result": "FAILED" + }, + "code_block": None, + "file_path": "/template-cloudfront.yaml", + "file_abs_path": "/test_path/_AW1234/template-cloudfront.yaml", + "repo_file_path": "/_AW1234/template-cloudfront.yaml", + "file_line_range": [308, 339], + "resource": "AWS::S3::Bucket.S3BucketCaptchaEdin", + "evaluations": {}, + "check_class": "checkov.cloudformation.checks.resource.aws.S3PublicACLRead", + "fixed_definition": None, + "entity_tags": {}, + } + ] + }, + "summary": { + "passed": 15, + "failed": 9, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 7, + "checkov_version": "2.3.296", + }, + } + ] + + absolute_path = generate_file_from_tool("CHECKOV", results_scan_list, None) + + assert absolute_path == None \ No newline at end of file From db67dc329ee0c0c2298333e39cb770be0cf1ab63 Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:41:08 -0500 Subject: [PATCH 045/441] restore engine secret set inputcore file --- .../src/domain/usecases/set_input_core.py | 148 +++++++++--------- 1 file changed, 74 insertions(+), 74 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py index c5975076a..927304d2b 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/src/domain/usecases/set_input_core.py @@ -1,74 +1,74 @@ -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( - DeserializeConfigTool - ) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - - -class SetInputCore: - def __init__(self, tool_remote: DevopsPlatformGateway, dict_args, tool, config_tool: DeserializeConfigTool): - self.tool_remote = tool_remote - self.dict_args = dict_args - self.tool = tool - self.config_tool = config_tool - - def get_remote_config(self, file_path): - """ - Get remote configuration. - - Returns: - dict: Remote configuration. - """ - return self.tool_remote.get_remote_config(self.dict_args["remote_config_repo"], file_path) - - def get_variable(self, variable): - """ - Get variable. - - Returns: - dict: Remote variable. - """ - return self.tool_remote.get_variable(variable) - - def get_exclusions(self, exclusions_data, pipeline_name, tool): - list_exclusions = [] - for key, value in exclusions_data.items(): - if (key == "All") or (key == pipeline_name): - if value.get(tool, 0): - exclusions = [ - Exclusions( - id=item.get("id", ""), - where=item.get("where", ""), - create_date=item.get("create_date", ""), - expired_date=item.get("expired_date", ""), - severity=item.get("severity", ""), - hu=item.get("hu", ""), - reason=item.get("reason", "Risk acceptance"), - ) - for item in value[tool] - ] - list_exclusions.extend(exclusions) - return list_exclusions - - def set_input_core(self, finding_list): - """ - Set the input core. - - Returns: - dict: Input core. - """ - return InputCore( - totalized_exclusions=self.get_exclusions( - self.get_remote_config("engine_sast/engine_secret/Exclusions.json"), - self.get_variable("pipeline_name"), - self.tool, - ), - threshold_defined=self.config_tool.level_compliance, - path_file_results=finding_list, - custom_message_break_build=self.config_tool.message_info_engine_secret, - scope_pipeline=self.config_tool.scope_pipeline, - stage_pipeline=self.tool_remote.get_variable("stage").capitalize() - ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( + DeserializeConfigTool + ) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + + +class SetInputCore: + def __init__(self, tool_remote: DevopsPlatformGateway, dict_args, tool, config_tool: DeserializeConfigTool): + self.tool_remote = tool_remote + self.dict_args = dict_args + self.tool = tool + self.config_tool = config_tool + + def get_remote_config(self, file_path): + """ + Get remote configuration. + + Returns: + dict: Remote configuration. + """ + return self.tool_remote.get_remote_config(self.dict_args["remote_config_repo"], file_path) + + def get_variable(self, variable): + """ + Get variable. + + Returns: + dict: Remote variable. + """ + return self.tool_remote.get_variable(variable) + + def get_exclusions(self, exclusions_data, pipeline_name, tool): + list_exclusions = [] + for key, value in exclusions_data.items(): + if (key == "All") or (key == pipeline_name): + if value.get(tool, 0): + exclusions = [ + Exclusions( + id=item.get("id", ""), + where=item.get("where", ""), + create_date=item.get("create_date", ""), + expired_date=item.get("expired_date", ""), + severity=item.get("severity", ""), + hu=item.get("hu", ""), + reason=item.get("reason", "Risk acceptance"), + ) + for item in value[tool] + ] + list_exclusions.extend(exclusions) + return list_exclusions + + def set_input_core(self, finding_list): + """ + Set the input core. + + Returns: + dict: Input core. + """ + return InputCore( + totalized_exclusions=self.get_exclusions( + self.get_remote_config("engine_sast/engine_secret/Exclusions.json"), + self.get_variable("pipeline_name"), + self.tool, + ), + threshold_defined=self.config_tool.level_compliance, + path_file_results=finding_list, + custom_message_break_build=self.config_tool.message_info_engine_secret, + scope_pipeline=self.config_tool.scope_pipeline, + stage_pipeline=self.tool_remote.get_variable("stage").capitalize() + ) From 7b3d5923f42d0f35077a81831e869abef8a615ff Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 16:59:38 -0500 Subject: [PATCH 046/441] deleted not used files and restore to baseline precommit affected files --- .../model/gateways/devops_platform_gateway.py | 11 - .../model/gateways/remote_config_gateway.py | 9 - .../domain/model/gateways/token_technology.py | 11 - .../driven_adapters/git_cli/test_git_run.py | 216 +++++++++--------- .../test_trufflehog_deserealizator.py | 162 ++++++------- .../entry_points/test_entry_point_tool.py | 140 ++++++------ .../usecases/handle_remote_config_patterns.py | 64 +++--- .../src/domain/usecases/set_input_core.py | 104 ++++----- .../trivy_tool/trivy_deserialize_output.py | 126 +++++----- 9 files changed, 406 insertions(+), 437 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py deleted file mode 100644 index bb0cbf9e6..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/devops_platform_gateway.py +++ /dev/null @@ -1,11 +0,0 @@ -from abc import ABCMeta, abstractmethod - - -class DevopsPlatformGateway(metaclass=ABCMeta): - @abstractmethod - def get_remote_config(self, remote_config_repo, remote_config_path_file) -> dict: - "get_remote_config" - - @abstractmethod - def get_variable(self, variable): - "get_variable" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py deleted file mode 100644 index bc1cde3e0..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/remote_config_gateway.py +++ /dev/null @@ -1,9 +0,0 @@ -from abc import ABCMeta, abstractmethod - - -class RemoteConfigGateway(metaclass=ABCMeta): - @abstractmethod - def get_remote_json_config( - self, remote_config_repo, remote_config_path_file - ) -> dict: - "remote config" diff --git a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py b/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py deleted file mode 100644 index 88655a03d..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/domain/model/gateways/token_technology.py +++ /dev/null @@ -1,11 +0,0 @@ -from dataclasses import dataclass -from abc import ABCMeta, abstractmethod - - -@dataclass -class Token(metaclass=ABCMeta): - token: str - - @abstractmethod - def get_token(self): - "return_token" diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py index be2dcca65..0a793e486 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/git_cli/test_git_run.py @@ -1,109 +1,109 @@ -import unittest -from unittest.mock import patch, MagicMock -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.git_cli.git_run import GitRun - -class TestGitRun(unittest.TestCase): - @patch('os.makedirs') - @patch('os.chdir') - @patch('subprocess.run') - def test_get_files_pull_request_Exception(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - mock_subprocess_run.side_effect = Exception("Simulated exception") - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - - @patch('os.path.exists') - @patch('os.makedirs') - @patch('os.chdir') - @patch('subprocess.run') - def test_get_files_pull_request_path_no_exist(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs, mock_path_exists): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - mock_subprocess_run.return_value = MagicMock() - mock_subprocess_run.return_value = "file1.py\nfile2.py" - mock_path_exists.return_value = False - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - mock_os_makedirs.assert_called_once_with("/azp/_work/1/s/NU00001_Repo_test") - mock_os_chdir.assert_called_with("/azp/_work/1/s/NU00001_Repo_test") - - @patch('os.path.exists') - def test_get_files_pull_request_path_exist(self, mock_path_exists): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - mock_path_exists.return_value = True - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - - def test_get_files_pull_request_no_target_branch(self): - sys_working_dir = "/azp/_work/1/s" - target_branch = "release" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "TfsGit" - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) - - def test_get_files_pull_request_github_provider(self): - sys_working_dir = "/azp/_work/1/s" - target_branch = "trunk" - config_target_branch = ["trunk", "develop"] - source_branch = "refs/heads/feature/branch" - access_token = "ABCDEFG123456" - collection_uri = "https://dev.azure.com/orgName" - team_project = "team_project" - repository_name = "NU00001_Repo_test" - repository_provider = "GitHub" - - git_run = GitRun() - files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, - access_token, collection_uri, team_project, repository_name, repository_provider) - - self.assertEqual(files, []) -if __name__ == '__main__': +import unittest +from unittest.mock import patch, MagicMock +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.git_cli.git_run import GitRun + +class TestGitRun(unittest.TestCase): + @patch('os.makedirs') + @patch('os.chdir') + @patch('subprocess.run') + def test_get_files_pull_request_Exception(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + mock_subprocess_run.side_effect = Exception("Simulated exception") + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + + @patch('os.path.exists') + @patch('os.makedirs') + @patch('os.chdir') + @patch('subprocess.run') + def test_get_files_pull_request_path_no_exist(self, mock_subprocess_run, mock_os_chdir, mock_os_makedirs, mock_path_exists): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + mock_subprocess_run.return_value = MagicMock() + mock_subprocess_run.return_value = "file1.py\nfile2.py" + mock_path_exists.return_value = False + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + mock_os_makedirs.assert_called_once_with("/azp/_work/1/s/NU00001_Repo_test") + mock_os_chdir.assert_called_with("/azp/_work/1/s/NU00001_Repo_test") + + @patch('os.path.exists') + def test_get_files_pull_request_path_exist(self, mock_path_exists): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + mock_path_exists.return_value = True + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + + def test_get_files_pull_request_no_target_branch(self): + sys_working_dir = "/azp/_work/1/s" + target_branch = "release" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "TfsGit" + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) + + def test_get_files_pull_request_github_provider(self): + sys_working_dir = "/azp/_work/1/s" + target_branch = "trunk" + config_target_branch = ["trunk", "develop"] + source_branch = "refs/heads/feature/branch" + access_token = "ABCDEFG123456" + collection_uri = "https://dev.azure.com/orgName" + team_project = "team_project" + repository_name = "NU00001_Repo_test" + repository_provider = "GitHub" + + git_run = GitRun() + files = git_run.get_files_pull_request(sys_working_dir, target_branch, config_target_branch, source_branch, + access_token, collection_uri, team_project, repository_name, repository_provider) + + self.assertEqual(files, []) +if __name__ == '__main__': unittest.main() \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py index 61d358728..04e235b3c 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/driven_adapters/trufflehog/test_trufflehog_deserealizator.py @@ -1,82 +1,82 @@ -import unittest -from unittest.mock import patch -from datetime import datetime -from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding, Category -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import SecretScanDeserealizator - -class TestSecretScanDeserealizator(unittest.TestCase): - - def setUp(self): - self.deserealizator = SecretScanDeserealizator() - - def test_get_list_vulnerability(self): - with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): - results_scan_list = [ - { - "DetectorName": "ExampleDetector", - "SourceMetadata": { - "Data": { - "Filesystem": { - "line": 10, - "file": "/path/to/file.py" - } - } - }, - "Raw": "secret" - } - ] - - # Testing the method - vulnerabilities = self.deserealizator.get_list_vulnerability(results_scan_list, "Linux", "/path/to", ) - - # Assertions - self.assertEqual(len(vulnerabilities), 1) - vulnerability = vulnerabilities[0] - self.assertIsInstance(vulnerability, Finding) - self.assertEqual(vulnerability.id, "SECRET_SCANNING") - self.assertIsNone(vulnerability.cvss) - self.assertEqual(vulnerability.where, "/file.py, Secret: sec*********ret") - self.assertEqual(vulnerability.description, "Sensitive information in source code") - self.assertEqual(vulnerability.severity, "critical") - self.assertEqual(vulnerability.identification_date, datetime.now().strftime("%d%m%Y")) - self.assertEqual(vulnerability.module, "engine_secret") - self.assertEqual(vulnerability.category, Category.VULNERABILITY) - self.assertEqual(vulnerability.requirements, "ExampleDetector") - self.assertEqual(vulnerability.tool, "Trufflehog") - - def test_get_where_correctly_linux(self): - with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): - result = { - "SourceMetadata": { - "Data": { - "Filesystem": { - "line": 10, - "file": r"/path/to/file.py" # Simulating Linux path - } - } - }, - "Raw": "secret" - } - self.assertEqual( - self.deserealizator.get_where_correctly(result, "linux", "/path/to", ), - ("/file.py", "sec*********ret") - ) - - def test_get_where_correctly_windows(self): - with patch.dict('os.environ', {'AGENT_OS': 'Windows'}): - result = { - "SourceMetadata": { - "Data": { - "Filesystem": { - "line": 10, - "file": r"C:\path\to\file.py" # Simulating Windows path - } - } - }, - "Raw": "secret" - } - - self.assertEqual( - self.deserealizator.get_where_correctly(result, "Win", "C:\\path\\to", ), - ("\\file.py", "sec*********ret") +import unittest +from unittest.mock import patch +from datetime import datetime +from devsecops_engine_tools.engine_core.src.domain.model.finding import Finding, Category +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.driven_adapters.trufflehog.trufflehog_deserealizator import SecretScanDeserealizator + +class TestSecretScanDeserealizator(unittest.TestCase): + + def setUp(self): + self.deserealizator = SecretScanDeserealizator() + + def test_get_list_vulnerability(self): + with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): + results_scan_list = [ + { + "DetectorName": "ExampleDetector", + "SourceMetadata": { + "Data": { + "Filesystem": { + "line": 10, + "file": "/path/to/file.py" + } + } + }, + "Raw": "secret" + } + ] + + # Testing the method + vulnerabilities = self.deserealizator.get_list_vulnerability(results_scan_list, "Linux", "/path/to", ) + + # Assertions + self.assertEqual(len(vulnerabilities), 1) + vulnerability = vulnerabilities[0] + self.assertIsInstance(vulnerability, Finding) + self.assertEqual(vulnerability.id, "SECRET_SCANNING") + self.assertIsNone(vulnerability.cvss) + self.assertEqual(vulnerability.where, "/file.py, Secret: sec*********ret") + self.assertEqual(vulnerability.description, "Sensitive information in source code") + self.assertEqual(vulnerability.severity, "critical") + self.assertEqual(vulnerability.identification_date, datetime.now().strftime("%d%m%Y")) + self.assertEqual(vulnerability.module, "engine_secret") + self.assertEqual(vulnerability.category, Category.VULNERABILITY) + self.assertEqual(vulnerability.requirements, "ExampleDetector") + self.assertEqual(vulnerability.tool, "Trufflehog") + + def test_get_where_correctly_linux(self): + with patch.dict('os.environ', {'AGENT_OS': 'Linux'}): + result = { + "SourceMetadata": { + "Data": { + "Filesystem": { + "line": 10, + "file": r"/path/to/file.py" # Simulating Linux path + } + } + }, + "Raw": "secret" + } + self.assertEqual( + self.deserealizator.get_where_correctly(result, "linux", "/path/to", ), + ("/file.py", "sec*********ret") + ) + + def test_get_where_correctly_windows(self): + with patch.dict('os.environ', {'AGENT_OS': 'Windows'}): + result = { + "SourceMetadata": { + "Data": { + "Filesystem": { + "line": 10, + "file": r"C:\path\to\file.py" # Simulating Windows path + } + } + }, + "Raw": "secret" + } + + self.assertEqual( + self.deserealizator.get_where_correctly(result, "Win", "C:\\path\\to", ), + ("\\file.py", "sec*********ret") ) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py index 78f19de58..7c8a97acd 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/infrastructure/entry_points/test_entry_point_tool.py @@ -1,70 +1,70 @@ -import unittest -from unittest.mock import Mock, patch -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import DeserializeConfigTool -from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.entry_points.entry_point_tool import engine_secret_scan - -class TestEngineSecretScan(unittest.TestCase): - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan.SecretScan') - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.set_input_core.SetInputCore') - def test_engine_secret_scan(self, MockSetInputCore, MockSecretScan): - mock_devops_platform_gateway = Mock() - mock_tool_gateway = Mock() - mock_dict_args = { - "remote_config_repo": "fake_repo" - } - mock_tool = "TRUFFLEHOG" - mock_tool_deserealizator = Mock() - mock_git_gateway = Mock() - json_exclusion = { - "pipeline_name_carlos":{ - "SKIP_TOOL": { - "create_date": "24012023", - "expired_date": "21092024", - "hu": "" - } - } - } - json_config = { - "IGNORE_SEARCH_PATTERN": [ - "test" - ], - "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 1, - "High": 1, - "Medium": 1, - "Low": 1 - }, - "COMPLIANCE": { - "Critical": 0 - } - }, - "TARGET_BRANCHES": ["trunk", "develop"], - "trufflehog": { - "EXCLUDE_PATH": [".git"], - "NUMBER_THREADS": 4 - } - } - obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') - mock_devops_platform_gateway.get_remote_config.side_effect = [json_exclusion ,json_config, json_exclusion] - - mock_secret_scan_instance = MockSecretScan.return_value - mock_secret_scan_instance.complete_config_tool.return_value = obj_config_tool - mock_devops_platform_gateway.get_variable.side_effect = ["pipeline_name_carlos","pipeline_name_carlos", "pipeline_name", "build"] - mock_secret_scan_instance.process.return_value = ([], "") - - mock_set_input_core_instance = MockSetInputCore.return_value - mock_set_input_core_instance.set_input_core.return_value = "input_core_result" - - findings, input_core_result = engine_secret_scan( - mock_devops_platform_gateway, - mock_tool_gateway, - mock_dict_args, - mock_tool, - mock_tool_deserealizator, - mock_git_gateway - ) - - self.assertEqual(findings, []) +import unittest +from unittest.mock import Mock, patch +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import DeserializeConfigTool +from devsecops_engine_tools.engine_sast.engine_secret.src.infrastructure.entry_points.entry_point_tool import engine_secret_scan + +class TestEngineSecretScan(unittest.TestCase): + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan.SecretScan') + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.set_input_core.SetInputCore') + def test_engine_secret_scan(self, MockSetInputCore, MockSecretScan): + mock_devops_platform_gateway = Mock() + mock_tool_gateway = Mock() + mock_dict_args = { + "remote_config_repo": "fake_repo" + } + mock_tool = "TRUFFLEHOG" + mock_tool_deserealizator = Mock() + mock_git_gateway = Mock() + json_exclusion = { + "pipeline_name_carlos":{ + "SKIP_TOOL": { + "create_date": "24012023", + "expired_date": "21092024", + "hu": "" + } + } + } + json_config = { + "IGNORE_SEARCH_PATTERN": [ + "test" + ], + "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 1, + "Medium": 1, + "Low": 1 + }, + "COMPLIANCE": { + "Critical": 0 + } + }, + "TARGET_BRANCHES": ["trunk", "develop"], + "trufflehog": { + "EXCLUDE_PATH": [".git"], + "NUMBER_THREADS": 4 + } + } + obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') + mock_devops_platform_gateway.get_remote_config.side_effect = [json_exclusion ,json_config, json_exclusion] + + mock_secret_scan_instance = MockSecretScan.return_value + mock_secret_scan_instance.complete_config_tool.return_value = obj_config_tool + mock_devops_platform_gateway.get_variable.side_effect = ["pipeline_name_carlos","pipeline_name_carlos", "pipeline_name", "build"] + mock_secret_scan_instance.process.return_value = ([], "") + + mock_set_input_core_instance = MockSetInputCore.return_value + mock_set_input_core_instance.set_input_core.return_value = "input_core_result" + + findings, input_core_result = engine_secret_scan( + mock_devops_platform_gateway, + mock_tool_gateway, + mock_dict_args, + mock_tool, + mock_tool_deserealizator, + mock_git_gateway + ) + + self.assertEqual(findings, []) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py index 7cedfdb02..7ef4c2753 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py @@ -1,32 +1,32 @@ -import re - - -class HandleRemoteConfigPatterns: - def __init__(self, remote_config, exclusions, pipeline_name): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - - def ignore_analysis_pattern(self): - """ - Handle analysis pattern. - Return: bool: False -> not scan, True -> scan. - """ - ignore = self.remote_config["IGNORE_SEARCH_PATTERN"] - if re.match(ignore, self.pipeline_name, re.IGNORECASE): - return False - else: - return True - - def skip_from_exclusion(self): - """ - Handle skip tool. - - Return: bool: True -> skip tool, False -> not skip tool. - """ - if (self.pipeline_name in self.exclusions) and ( - self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) - ): - return True - else: - return False +import re + + +class HandleRemoteConfigPatterns: + def __init__(self, remote_config, exclusions, pipeline_name): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + + def ignore_analysis_pattern(self): + """ + Handle analysis pattern. + Return: bool: False -> not scan, True -> scan. + """ + ignore = self.remote_config["IGNORE_SEARCH_PATTERN"] + if re.match(ignore, self.pipeline_name, re.IGNORECASE): + return False + else: + return True + + def skip_from_exclusion(self): + """ + Handle skip tool. + + Return: bool: True -> skip tool, False -> not skip tool. + """ + if (self.pipeline_name in self.exclusions) and ( + self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) + ): + return True + else: + return False diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py index a2c9581c5..3d9be4f62 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py @@ -1,52 +1,52 @@ -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold - - -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - - -class SetInputCore: - def __init__(self, remote_config, exclusions, pipeline_name, tool, stage): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - self.tool = tool - self.stage = stage - - def get_exclusions(self, exclusions_data, pipeline_name, tool): - list_exclusions = [ - Exclusions( - id=item.get("id", ""), - where=item.get("where", ""), - cve_id=item.get("cve_id", ""), - create_date=item.get("create_date", ""), - expired_date=item.get("expired_date", ""), - severity=item.get("severity", ""), - hu=item.get("hu", ""), - reason=item.get("reason", "Risk acceptance"), - ) - for key, value in exclusions_data.items() - if key in {"All", pipeline_name} and value.get(tool) - for item in value[tool] - ] - return list_exclusions - - def set_input_core(self, image_scanned): - """ - Set the input core. - - Returns: - dict: Input core. - """ - return InputCore( - self.get_exclusions( - self.exclusions, - self.pipeline_name, - self.tool, - ), - Threshold(self.remote_config["THRESHOLD"]), - image_scanned, - self.remote_config["MESSAGE_INFO_ENGINE_CONTAINER"], - self.pipeline_name, - self.stage.capitalize(), - ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold + + +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + + +class SetInputCore: + def __init__(self, remote_config, exclusions, pipeline_name, tool, stage): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + self.tool = tool + self.stage = stage + + def get_exclusions(self, exclusions_data, pipeline_name, tool): + list_exclusions = [ + Exclusions( + id=item.get("id", ""), + where=item.get("where", ""), + cve_id=item.get("cve_id", ""), + create_date=item.get("create_date", ""), + expired_date=item.get("expired_date", ""), + severity=item.get("severity", ""), + hu=item.get("hu", ""), + reason=item.get("reason", "Risk acceptance"), + ) + for key, value in exclusions_data.items() + if key in {"All", pipeline_name} and value.get(tool) + for item in value[tool] + ] + return list_exclusions + + def set_input_core(self, image_scanned): + """ + Set the input core. + + Returns: + dict: Input core. + """ + return InputCore( + self.get_exclusions( + self.exclusions, + self.pipeline_name, + self.tool, + ), + Threshold(self.remote_config["THRESHOLD"]), + image_scanned, + self.remote_config["MESSAGE_INFO_ENGINE_CONTAINER"], + self.pipeline_name, + self.stage.capitalize(), + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py index 945cc4cc7..d345bd8d3 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py @@ -1,63 +1,63 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import ( - DeseralizatorGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.finding import ( - Finding, - Category, -) -from dataclasses import dataclass -import json -from datetime import datetime, timezone - - -@dataclass -class TrivyDeserializator(DeseralizatorGateway): - def check_date_format(self, vul): - try: - published_date_cve=datetime.strptime( - vul.get("PublishedDate"), - "%Y-%m-%dT%H:%M:%S.%fZ" - ).replace(tzinfo=timezone.utc).isoformat() - except: - published_date_cve=datetime.strptime( - vul.get("PublishedDate"), - "%Y-%m-%dT%H:%M:%SZ" - ).replace(tzinfo=timezone.utc).isoformat() - return published_date_cve - - def get_list_findings(self, image_scanned) -> "list[Finding]": - list_open_vulnerabilities = [] - with open(image_scanned, "rb") as file: - image_object = file.read() - json_data = json.loads(image_object) - vulnerabilities_data = json_data["Results"][0].get("Vulnerabilities", []) - vulnerabilities = [ - Finding( - id=vul.get("VulnerabilityID", ""), - cvss=str(next( - ( - v["V3Score"] - for v in vul["CVSS"].values() - if "V3Score" in v - ), - None, - )), - where=vul.get("PkgName", "") - + " " - + vul.get("InstalledVersion", ""), - description=vul.get("Description", "").replace("\n", "")[:150], - severity=vul.get("Severity", "").lower(), - identification_date=datetime.now().strftime( - "%Y-%m-%dT%H:%M:%S%z" - ), - published_date_cve=self.check_date_format(vul), - module="engine_container", - category=Category.VULNERABILITY, - requirements=vul.get("FixedVersion") or vul.get("Status", ""), - tool="Trivy", - ) - for vul in vulnerabilities_data - if vul.get("CVSS") and vul.get("PublishedDate") - ] - list_open_vulnerabilities.extend(vulnerabilities) - return list_open_vulnerabilities +from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.deserealizator_gateway import ( + DeseralizatorGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.finding import ( + Finding, + Category, +) +from dataclasses import dataclass +import json +from datetime import datetime, timezone + + +@dataclass +class TrivyDeserializator(DeseralizatorGateway): + def check_date_format(self, vul): + try: + published_date_cve=datetime.strptime( + vul.get("PublishedDate"), + "%Y-%m-%dT%H:%M:%S.%fZ" + ).replace(tzinfo=timezone.utc).isoformat() + except: + published_date_cve=datetime.strptime( + vul.get("PublishedDate"), + "%Y-%m-%dT%H:%M:%SZ" + ).replace(tzinfo=timezone.utc).isoformat() + return published_date_cve + + def get_list_findings(self, image_scanned) -> "list[Finding]": + list_open_vulnerabilities = [] + with open(image_scanned, "rb") as file: + image_object = file.read() + json_data = json.loads(image_object) + vulnerabilities_data = json_data["Results"][0].get("Vulnerabilities", []) + vulnerabilities = [ + Finding( + id=vul.get("VulnerabilityID", ""), + cvss=str(next( + ( + v["V3Score"] + for v in vul["CVSS"].values() + if "V3Score" in v + ), + None, + )), + where=vul.get("PkgName", "") + + " " + + vul.get("InstalledVersion", ""), + description=vul.get("Description", "").replace("\n", "")[:150], + severity=vul.get("Severity", "").lower(), + identification_date=datetime.now().strftime( + "%Y-%m-%dT%H:%M:%S%z" + ), + published_date_cve=self.check_date_format(vul), + module="engine_container", + category=Category.VULNERABILITY, + requirements=vul.get("FixedVersion") or vul.get("Status", ""), + tool="Trivy", + ) + for vul in vulnerabilities_data + if vul.get("CVSS") and vul.get("PublishedDate") + ] + list_open_vulnerabilities.extend(vulnerabilities) + return list_open_vulnerabilities From 1f88068c8cc6c172ef99c3249c29793d63a91d2b Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 17:20:37 -0500 Subject: [PATCH 047/441] restore precommit affected files --- .../test_runner_container_scan.py | 36 +- .../usescases/test_container_sca_scan.py | 208 +++++------ .../test_handle_remote_config_patterns.py | 76 ++-- .../domain/usescases/test_set_input_core.py | 240 ++++++------- .../test_prisma_cloud_manager_scan.py | 288 +++++++-------- .../trivy_tool/test_trivy_manager_scan.py | 332 +++++++++--------- .../src/domain/usecases/set_input_core.py | 130 +++---- .../test_handle_remote_config_patterns.py | 162 ++++----- 8 files changed, 736 insertions(+), 736 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py index d31dae164..6051922a3 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/applications/test_runner_container_scan.py @@ -1,18 +1,18 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan import ( - runner_engine_container, -) - -from unittest.mock import patch - - -def test_init_engine_container(): - with patch( - "devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan.init_engine_sca_rm" - ) as mock_init_engine_sca_rm: - dict_args = {"remote_config_repo": "remote_repo"} - token = "token" - tool = "PRISMA" - - result = runner_engine_container(dict_args, tool, token, None) - - mock_init_engine_sca_rm.assert_any_call +from devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan import ( + runner_engine_container, +) + +from unittest.mock import patch + + +def test_init_engine_container(): + with patch( + "devsecops_engine_tools.engine_sca.engine_container.src.applications.runner_container_scan.init_engine_sca_rm" + ) as mock_init_engine_sca_rm: + dict_args = {"remote_config_repo": "remote_repo"} + token = "token" + tool = "PRISMA" + + result = runner_engine_container(dict_args, tool, token, None) + + mock_init_engine_sca_rm.assert_any_call diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py index b020c8da3..13dacecad 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_container_sca_scan.py @@ -1,104 +1,104 @@ -import pytest -from unittest.mock import MagicMock, patch -from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.container_sca_scan import ( - ContainerScaScan, -) - - -@pytest.fixture -def mock_tool_run(): - return MagicMock() - - -@pytest.fixture -def mock_tool_remote(): - return MagicMock() - - -@pytest.fixture -def mock_tool_images(): - return MagicMock() - - -@pytest.fixture -def mock_tool_deserializator(): - return MagicMock() - - -@pytest.fixture -def container_sca_scan( - mock_tool_run, - mock_tool_remote, - mock_tool_images, - mock_tool_deserializator, -): - return ContainerScaScan( - mock_tool_run, - mock_tool_remote, - mock_tool_images, - mock_tool_deserializator, - "1234", - "token", - "image_to_scan" - ) - - -def test_get_image(container_sca_scan): - container_sca_scan.tool_images.list_images.return_value = ["image1", "image2"] - assert container_sca_scan.get_image("image_to_scan") == ["image1", "image2"] - - -def test_get_images_already_scanned(container_sca_scan): - with patch("os.path.join") as mock_path_join, patch( - "os.getcwd" - ) as mock_getcwd, patch("os.path.exists") as mock_path_exists, patch( - "builtins.open" - ) as mock_open: - mock_path_join.return_value = "/path/to/scanned_images.txt" - mock_path_exists.return_value = False - mock_open.return_value = MagicMock() - container_sca_scan.get_images_already_scanned() - assert mock_open.call_count == 2 - - -def test_set_image_scanned(container_sca_scan): - with patch("builtins.open") as mock_open: - container_sca_scan.set_image_scanned("result.json") - assert mock_open.call_count == 1 - - -def test_process_image_already_scanned(container_sca_scan): - mock_image = MagicMock() - mock_image.tags = ["my_image:1234"] - container_sca_scan.get_images_already_scanned = MagicMock() - container_sca_scan.get_image = MagicMock() - container_sca_scan.get_image.return_value = mock_image - container_sca_scan.get_images_already_scanned.return_value = [ - "my_image:1234" - ] - assert container_sca_scan.process() == None - - -def test_process_image_not_already_scanned(container_sca_scan): - mock_image = MagicMock() - mock_image.tags = ["my_image:1234"] - container_sca_scan.get_images_already_scanned = MagicMock() - container_sca_scan.get_image = MagicMock() - container_sca_scan.get_image.return_value = mock_image - container_sca_scan.get_images_already_scanned.return_value = [ - "my_image_scan_result.json" - ] - container_sca_scan.tool_run.run_tool_container_sca.return_value = [ - "my_image:1234_scan_result.json" - ] - container_sca_scan.set_image_scanned = MagicMock() - assert container_sca_scan.process() == ["my_image:1234_scan_result.json"] - - - -def test_deserialize(container_sca_scan): - container_sca_scan.tool_deseralizator.get_list_findings.return_value = [ - "finding1", - "finding2", - ] - assert container_sca_scan.deseralizator("image_scanned") == ["finding1", "finding2"] +import pytest +from unittest.mock import MagicMock, patch +from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.container_sca_scan import ( + ContainerScaScan, +) + + +@pytest.fixture +def mock_tool_run(): + return MagicMock() + + +@pytest.fixture +def mock_tool_remote(): + return MagicMock() + + +@pytest.fixture +def mock_tool_images(): + return MagicMock() + + +@pytest.fixture +def mock_tool_deserializator(): + return MagicMock() + + +@pytest.fixture +def container_sca_scan( + mock_tool_run, + mock_tool_remote, + mock_tool_images, + mock_tool_deserializator, +): + return ContainerScaScan( + mock_tool_run, + mock_tool_remote, + mock_tool_images, + mock_tool_deserializator, + "1234", + "token", + "image_to_scan" + ) + + +def test_get_image(container_sca_scan): + container_sca_scan.tool_images.list_images.return_value = ["image1", "image2"] + assert container_sca_scan.get_image("image_to_scan") == ["image1", "image2"] + + +def test_get_images_already_scanned(container_sca_scan): + with patch("os.path.join") as mock_path_join, patch( + "os.getcwd" + ) as mock_getcwd, patch("os.path.exists") as mock_path_exists, patch( + "builtins.open" + ) as mock_open: + mock_path_join.return_value = "/path/to/scanned_images.txt" + mock_path_exists.return_value = False + mock_open.return_value = MagicMock() + container_sca_scan.get_images_already_scanned() + assert mock_open.call_count == 2 + + +def test_set_image_scanned(container_sca_scan): + with patch("builtins.open") as mock_open: + container_sca_scan.set_image_scanned("result.json") + assert mock_open.call_count == 1 + + +def test_process_image_already_scanned(container_sca_scan): + mock_image = MagicMock() + mock_image.tags = ["my_image:1234"] + container_sca_scan.get_images_already_scanned = MagicMock() + container_sca_scan.get_image = MagicMock() + container_sca_scan.get_image.return_value = mock_image + container_sca_scan.get_images_already_scanned.return_value = [ + "my_image:1234" + ] + assert container_sca_scan.process() == None + + +def test_process_image_not_already_scanned(container_sca_scan): + mock_image = MagicMock() + mock_image.tags = ["my_image:1234"] + container_sca_scan.get_images_already_scanned = MagicMock() + container_sca_scan.get_image = MagicMock() + container_sca_scan.get_image.return_value = mock_image + container_sca_scan.get_images_already_scanned.return_value = [ + "my_image_scan_result.json" + ] + container_sca_scan.tool_run.run_tool_container_sca.return_value = [ + "my_image:1234_scan_result.json" + ] + container_sca_scan.set_image_scanned = MagicMock() + assert container_sca_scan.process() == ["my_image:1234_scan_result.json"] + + + +def test_deserialize(container_sca_scan): + container_sca_scan.tool_deseralizator.get_list_findings.return_value = [ + "finding1", + "finding2", + ] + assert container_sca_scan.deseralizator("image_scanned") == ["finding1", "finding2"] diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py index 4cae3ad3a..fc7ccb69b 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_handle_remote_config_patterns.py @@ -1,38 +1,38 @@ -import pytest -from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.handle_remote_config_patterns import ( - HandleRemoteConfigPatterns, -) - - -@pytest.fixture -def remote_config(): - return {"IGNORE_SEARCH_PATTERN": "ignore_this_pipeline"} - - -@pytest.fixture -def exclusions(): - return {"dummy_pipeline": {"SKIP_TOOL": 1}} - - -@pytest.fixture -def handle_remote(remote_config, exclusions): - return HandleRemoteConfigPatterns(remote_config, exclusions, "dummy_pipeline") - - -def test_ignore_analysis_pattern_false(handle_remote): - handle_remote.pipeline_name = "ignore_this_pipeline" - assert not handle_remote.ignore_analysis_pattern() - - -def test_ignore_analysis_pattern_true(handle_remote): - handle_remote.pipeline_name = "do_not_ignore_this_pipeline" - assert handle_remote.ignore_analysis_pattern() - - -def test_skip_from_exclusion(handle_remote): - assert handle_remote.skip_from_exclusion() - - -def test_not_skip_from_exclusion(handle_remote): - handle_remote.pipeline_name = "another_pipeline" - assert not handle_remote.skip_from_exclusion() +import pytest +from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.handle_remote_config_patterns import ( + HandleRemoteConfigPatterns, +) + + +@pytest.fixture +def remote_config(): + return {"IGNORE_SEARCH_PATTERN": "ignore_this_pipeline"} + + +@pytest.fixture +def exclusions(): + return {"dummy_pipeline": {"SKIP_TOOL": 1}} + + +@pytest.fixture +def handle_remote(remote_config, exclusions): + return HandleRemoteConfigPatterns(remote_config, exclusions, "dummy_pipeline") + + +def test_ignore_analysis_pattern_false(handle_remote): + handle_remote.pipeline_name = "ignore_this_pipeline" + assert not handle_remote.ignore_analysis_pattern() + + +def test_ignore_analysis_pattern_true(handle_remote): + handle_remote.pipeline_name = "do_not_ignore_this_pipeline" + assert handle_remote.ignore_analysis_pattern() + + +def test_skip_from_exclusion(handle_remote): + assert handle_remote.skip_from_exclusion() + + +def test_not_skip_from_exclusion(handle_remote): + handle_remote.pipeline_name = "another_pipeline" + assert not handle_remote.skip_from_exclusion() diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py index aac23bffd..6d87255ff 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/domain/usescases/test_set_input_core.py @@ -1,120 +1,120 @@ -import pytest -from unittest.mock import Mock -from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( - DevopsPlatformGateway, -) -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - -from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.set_input_core import ( - SetInputCore, -) - - -@pytest.fixture -def mock_tool_remote(): - return Mock(spec=DevopsPlatformGateway) - - -def test_get_exclusions(mock_tool_remote): - exclusions_data = { - "All": { - "PRISMA": [ - { - "id": "CVE-2023-5363", - "where": "all", - "create_date": "24012023", - "expired_date": "22092023", - "hu": "", - } - ] - }, - "repository_test": { - "PRISMA": [ - { - "id": "XRAY-N94", - "create_date": "24012023", - "expired_date": "31122023", - "hu": "", - } - ] - }, - "12345_ProyectoEjemplo_RM": { - "PRISMA": [ - { - "id": "CVE-2023-6237", - "cve_id": "CVE-2023-6237", - "expired_date": "21092022", - "create_date": "24012023", - "hu": "", - } - ] - }, - } - pipeline_name = "my_pipeline" - - set_input_core = SetInputCore( - mock_tool_remote, None, pipeline_name, "PRISMA", "release" - ) - - exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") - - assert len(exclusions) == 1 - assert isinstance(exclusions[0], Exclusions) - assert exclusions[0].id == "CVE-2023-5363" - assert exclusions[0].where == "all" - assert exclusions[0].create_date == "24012023" - assert exclusions[0].expired_date == "22092023" - assert exclusions[0].hu == "" - - -def test_get_exclusions_for_specific_pipeline(mock_tool_remote): - exclusions_data = { - "pipeline_specific": { - "PRISMA": [ - { - "id": "CVE-2024-1234", - "where": "pipeline_specific", - "create_date": "01012024", - "expired_date": "31122024", - "hu": "High", - } - ] - } - } - pipeline_name = "pipeline_specific" - - set_input_core = SetInputCore( - mock_tool_remote, None, pipeline_name, "PRISMA", "release" - ) - exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") - - assert len(exclusions) == 1 - assert exclusions[0].id == "CVE-2024-1234" - assert exclusions[0].where == "pipeline_specific" - assert exclusions[0].create_date == "01012024" - assert exclusions[0].expired_date == "31122024" - assert exclusions[0].hu == "High" - - -def test_get_exclusions_no_matching_exclusions(mock_tool_remote): - exclusions_data = { - "other_pipeline": { - "PRISMA": [ - { - "id": "CVE-2024-5678", - "where": "other_pipeline", - "create_date": "02022024", - "expired_date": "30122024", - "hu": "Medium", - } - ] - } - } - pipeline_name = "my_pipeline" - - set_input_core = SetInputCore( - mock_tool_remote, None, pipeline_name, "PRISMA", "release" - ) - exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") - - assert len(exclusions) == 0 +import pytest +from unittest.mock import Mock +from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import ( + DevopsPlatformGateway, +) +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + +from devsecops_engine_tools.engine_sca.engine_container.src.domain.usecases.set_input_core import ( + SetInputCore, +) + + +@pytest.fixture +def mock_tool_remote(): + return Mock(spec=DevopsPlatformGateway) + + +def test_get_exclusions(mock_tool_remote): + exclusions_data = { + "All": { + "PRISMA": [ + { + "id": "CVE-2023-5363", + "where": "all", + "create_date": "24012023", + "expired_date": "22092023", + "hu": "", + } + ] + }, + "repository_test": { + "PRISMA": [ + { + "id": "XRAY-N94", + "create_date": "24012023", + "expired_date": "31122023", + "hu": "", + } + ] + }, + "12345_ProyectoEjemplo_RM": { + "PRISMA": [ + { + "id": "CVE-2023-6237", + "cve_id": "CVE-2023-6237", + "expired_date": "21092022", + "create_date": "24012023", + "hu": "", + } + ] + }, + } + pipeline_name = "my_pipeline" + + set_input_core = SetInputCore( + mock_tool_remote, None, pipeline_name, "PRISMA", "release" + ) + + exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") + + assert len(exclusions) == 1 + assert isinstance(exclusions[0], Exclusions) + assert exclusions[0].id == "CVE-2023-5363" + assert exclusions[0].where == "all" + assert exclusions[0].create_date == "24012023" + assert exclusions[0].expired_date == "22092023" + assert exclusions[0].hu == "" + + +def test_get_exclusions_for_specific_pipeline(mock_tool_remote): + exclusions_data = { + "pipeline_specific": { + "PRISMA": [ + { + "id": "CVE-2024-1234", + "where": "pipeline_specific", + "create_date": "01012024", + "expired_date": "31122024", + "hu": "High", + } + ] + } + } + pipeline_name = "pipeline_specific" + + set_input_core = SetInputCore( + mock_tool_remote, None, pipeline_name, "PRISMA", "release" + ) + exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") + + assert len(exclusions) == 1 + assert exclusions[0].id == "CVE-2024-1234" + assert exclusions[0].where == "pipeline_specific" + assert exclusions[0].create_date == "01012024" + assert exclusions[0].expired_date == "31122024" + assert exclusions[0].hu == "High" + + +def test_get_exclusions_no_matching_exclusions(mock_tool_remote): + exclusions_data = { + "other_pipeline": { + "PRISMA": [ + { + "id": "CVE-2024-5678", + "where": "other_pipeline", + "create_date": "02022024", + "expired_date": "30122024", + "hu": "Medium", + } + ] + } + } + pipeline_name = "my_pipeline" + + set_input_core = SetInputCore( + mock_tool_remote, None, pipeline_name, "PRISMA", "release" + ) + exclusions = set_input_core.get_exclusions(exclusions_data, pipeline_name, "PRISMA") + + assert len(exclusions) == 0 diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py index c14bbc276..21a7d4a4c 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/prisma_cloud/test_prisma_cloud_manager_scan.py @@ -1,144 +1,144 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan import ( - PrismaCloudManagerScan, -) - -from unittest.mock import patch, Mock, MagicMock -import pytest - - -@pytest.fixture -def mock_requests_get(): - with patch("requests.get") as mock_get: - yield mock_get - - -@pytest.fixture -def twistcli_instance(): - return PrismaCloudManagerScan() - - -@pytest.fixture -def mock_remoteconfig(): - return { - "PRISMA_CLOUD": { - "TWISTCLI_PATH": "twistcli", - "PRISMA_CONSOLE_URL": "", - "PRISMA_ACCESS_KEY": "", - "PRISMA_API_VERSION": "v32.03", - }, - "TRIVY": {"TRIVY_VERSION": "0.48.1"}, - "MESSAGE_INFO_SCA_RM": "If you have doubts, visit ", - "THRESHOLD": { - "VULNERABILITY": {"Critical": 999, "High": 999, "Medium": 999, "Low": 999}, - "COMPLIANCE": {"Critical": 1}, - }, - } - - -@pytest.fixture -def mock_scan_image(): - return [ - {"Repository": "466.com/nu04cr", "Tag": "ms_broker_db-trunk-trunk.20240126.1"} - ] - - -@pytest.fixture -def mock_logger(): - return MagicMock() - - -def test_download_twistcli_success(mock_remoteconfig): - with patch("requests.get") as mock_get, patch( - "builtins.open", create=True - ) as mock_open, patch("os.chmod") as mock_chmod, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" - ) as mock_logger_info: - mock_response = MagicMock() - mock_response.content = b"twistcli_content" - mock_response.raise_for_status.return_value = None - mock_get.return_value = mock_response - - scan_manager = PrismaCloudManagerScan() - scan_manager.download_twistcli( - "file_path", - "prisma_access_key", - "prisma_secret_key", - mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_CONSOLE_URL"], - mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_API_VERSION"], - ) - - -def test_download_twistcli_failure(twistcli_instance, mock_requests_get): - file_path = "/path/to/twistcli" - prisma_access_key = "your_access_key" - prisma_secret_key = "your_secret_key" - prisma_console_url = "https://prisma-console-url.com" - prisma_api_version = "v1" - - expected_url = f"{prisma_console_url}/api/v1/util/twistcli" - expected_credentials = "your_access_key:your_secret_key" - expected_headers = {"Authorization": f"Basic {expected_credentials}"} - - mock_response = Mock() - mock_response.raise_for_status.side_effect = Exception("Test Exception") - mock_requests_get.return_value = mock_response - - with pytest.raises( - ValueError, match="Error downloading twistcli: Test Exception" - ), patch("builtins.open", create=True) as mock_open, patch( - "os.chmod" - ) as mock_chmod, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" - ) as mock_logger_info: - twistcli_instance.download_twistcli( - file_path, - prisma_access_key, - prisma_secret_key, - prisma_console_url, - prisma_api_version, - ) - - mock_requests_get.assert_called_once_with( - expected_url, headers=expected_headers - ) - mock_response.raise_for_status.assert_called_once() - mock_open.assert_not_called() - mock_chmod.assert_not_called() - mock_logger_info.assert_not_called() - - -def test_scan_image_success(mock_remoteconfig): - with patch("builtins.print") as mock_print, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.subprocess.run" - ) as mock_run: - mock_run.return_value = MagicMock() - mock_run.return_value.stdout = "" - mock_run.return_value.stderr = "" - - scan_manager = PrismaCloudManagerScan() - result = scan_manager.scan_image( - "file_path", - "image_name", - "result.json", - mock_remoteconfig, - "prisma_secret_key", - ) - - assert result == "result.json" - - -def test_run_tool_container_sca_success(mock_remoteconfig, mock_scan_image): - with patch("builtins.open") as mock_open, patch("os.path.join") as mock_join, patch( - "os.path.exists" - ) as mock_exists: - PrismaCloudManagerScan.download_twistcli = MagicMock() - PrismaCloudManagerScan.scan_image = MagicMock() - mock_exists.return_value = False - PrismaCloudManagerScan.scan_image.return_value = "result.json" - - scan_manager = PrismaCloudManagerScan() - result = scan_manager.run_tool_container_sca( - mock_remoteconfig, "prisma_secret_key", "image_name", "result.json" - ) - - assert result == "result.json" +from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan import ( + PrismaCloudManagerScan, +) + +from unittest.mock import patch, Mock, MagicMock +import pytest + + +@pytest.fixture +def mock_requests_get(): + with patch("requests.get") as mock_get: + yield mock_get + + +@pytest.fixture +def twistcli_instance(): + return PrismaCloudManagerScan() + + +@pytest.fixture +def mock_remoteconfig(): + return { + "PRISMA_CLOUD": { + "TWISTCLI_PATH": "twistcli", + "PRISMA_CONSOLE_URL": "", + "PRISMA_ACCESS_KEY": "", + "PRISMA_API_VERSION": "v32.03", + }, + "TRIVY": {"TRIVY_VERSION": "0.48.1"}, + "MESSAGE_INFO_SCA_RM": "If you have doubts, visit ", + "THRESHOLD": { + "VULNERABILITY": {"Critical": 999, "High": 999, "Medium": 999, "Low": 999}, + "COMPLIANCE": {"Critical": 1}, + }, + } + + +@pytest.fixture +def mock_scan_image(): + return [ + {"Repository": "466.com/nu04cr", "Tag": "ms_broker_db-trunk-trunk.20240126.1"} + ] + + +@pytest.fixture +def mock_logger(): + return MagicMock() + + +def test_download_twistcli_success(mock_remoteconfig): + with patch("requests.get") as mock_get, patch( + "builtins.open", create=True + ) as mock_open, patch("os.chmod") as mock_chmod, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" + ) as mock_logger_info: + mock_response = MagicMock() + mock_response.content = b"twistcli_content" + mock_response.raise_for_status.return_value = None + mock_get.return_value = mock_response + + scan_manager = PrismaCloudManagerScan() + scan_manager.download_twistcli( + "file_path", + "prisma_access_key", + "prisma_secret_key", + mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_CONSOLE_URL"], + mock_remoteconfig["PRISMA_CLOUD"]["PRISMA_API_VERSION"], + ) + + +def test_download_twistcli_failure(twistcli_instance, mock_requests_get): + file_path = "/path/to/twistcli" + prisma_access_key = "your_access_key" + prisma_secret_key = "your_secret_key" + prisma_console_url = "https://prisma-console-url.com" + prisma_api_version = "v1" + + expected_url = f"{prisma_console_url}/api/v1/util/twistcli" + expected_credentials = "your_access_key:your_secret_key" + expected_headers = {"Authorization": f"Basic {expected_credentials}"} + + mock_response = Mock() + mock_response.raise_for_status.side_effect = Exception("Test Exception") + mock_requests_get.return_value = mock_response + + with pytest.raises( + ValueError, match="Error downloading twistcli: Test Exception" + ), patch("builtins.open", create=True) as mock_open, patch( + "os.chmod" + ) as mock_chmod, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.logger.info" + ) as mock_logger_info: + twistcli_instance.download_twistcli( + file_path, + prisma_access_key, + prisma_secret_key, + prisma_console_url, + prisma_api_version, + ) + + mock_requests_get.assert_called_once_with( + expected_url, headers=expected_headers + ) + mock_response.raise_for_status.assert_called_once() + mock_open.assert_not_called() + mock_chmod.assert_not_called() + mock_logger_info.assert_not_called() + + +def test_scan_image_success(mock_remoteconfig): + with patch("builtins.print") as mock_print, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.prisma_cloud.prisma_cloud_manager_scan.subprocess.run" + ) as mock_run: + mock_run.return_value = MagicMock() + mock_run.return_value.stdout = "" + mock_run.return_value.stderr = "" + + scan_manager = PrismaCloudManagerScan() + result = scan_manager.scan_image( + "file_path", + "image_name", + "result.json", + mock_remoteconfig, + "prisma_secret_key", + ) + + assert result == "result.json" + + +def test_run_tool_container_sca_success(mock_remoteconfig, mock_scan_image): + with patch("builtins.open") as mock_open, patch("os.path.join") as mock_join, patch( + "os.path.exists" + ) as mock_exists: + PrismaCloudManagerScan.download_twistcli = MagicMock() + PrismaCloudManagerScan.scan_image = MagicMock() + mock_exists.return_value = False + PrismaCloudManagerScan.scan_image.return_value = "result.json" + + scan_manager = PrismaCloudManagerScan() + result = scan_manager.run_tool_container_sca( + mock_remoteconfig, "prisma_secret_key", "image_name", "result.json" + ) + + assert result == "result.json" diff --git a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py index e9acad063..270fc6166 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_container/test/infrastructure/driven_adapters/trivy_tool/test_trivy_manager_scan.py @@ -1,166 +1,166 @@ -from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan import ( - TrivyScan, -) - -from unittest.mock import patch, MagicMock, Mock -import pytest - - -@pytest.fixture -def trivy_scan_instance(): - return TrivyScan() - - -def test_download_tool_success(trivy_scan_instance): - with patch("builtins.open") as mock_open, patch( - "requests.get" - ) as mock_request: - - trivy_scan_instance.download_tool("file", "url") - - assert mock_request.call_count == 1 - assert mock_open.call_count == 1 - - -def test_download_tool_exception(trivy_scan_instance): - with patch("requests.get") as mock_request, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_request.side_effect = Exception("custom error") - - trivy_scan_instance.download_tool("file", "url") - - mocke_logger.assert_called_with("Error downloading trivy: custom error") - - -def test_install_tool_success(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "tarfile.open" - ) as mock_tar_open: - mock_run.return_value = Mock(returncode=1) - trivy_scan_instance.download_tool = MagicMock() - - trivy_scan_instance.install_tool("file", "url") - - assert mock_tar_open.call_count == 1 - -def test_install_tool_exception(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_run.return_value = Mock(returncode=1) - trivy_scan_instance.download_tool = MagicMock() - trivy_scan_instance.download_tool.side_effect = Exception("custom error") - - trivy_scan_instance.install_tool("file", "url") - - mocke_logger.assert_called_with("Error installing trivy: custom error") - - -def test_install_tool_windows_success(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "zipfile.ZipFile" - ) as mock_zipfile: - mock_run.side_effect = Exception() - trivy_scan_instance.download_tool = MagicMock() - - trivy_scan_instance.install_tool_windows("file", "url") - - assert mock_zipfile.call_count == 1 - - -def test_install_tool_windows_exception(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_run.side_effect = Exception() - trivy_scan_instance.download_tool = MagicMock() - trivy_scan_instance.download_tool.side_effect = Exception("custom error") - - trivy_scan_instance.install_tool_windows("file", "url") - - mocke_logger.assert_called_with("Error installing trivy: custom error") - - -def test_scan_image_success(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "builtins.print" - ) as mock_print: - result = trivy_scan_instance.scan_image("prefix", "image_name", "result.json") - - assert mock_print.call_count == 1 - assert result == "result.json" - - -def test_scan_image_exception(trivy_scan_instance): - with patch("subprocess.run") as mock_run, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" - ) as mocke_logger: - mock_run.side_effect = Exception("custom error") - - trivy_scan_instance.scan_image("prefix", "image_name", "result.json") - - mocke_logger.assert_called_with("Error during image scan of image_name: custom error") - - -def test_run_tool_container_sca_linux(trivy_scan_instance): - with patch("platform.system") as mock_platform: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "Linux" - trivy_scan_instance.install_tool = MagicMock() - trivy_scan_instance.scan_image = MagicMock() - trivy_scan_instance.scan_image.return_value = "result.json" - version = remote_config["TRIVY"]["TRIVY_VERSION"] - file = f"trivy_{version}_Linux-64bit.tar.gz" - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) - assert result == "result.json" - - -def test_run_tool_container_sca_darwin(trivy_scan_instance): - with patch("platform.system") as mock_platform: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "Darwin" - trivy_scan_instance.install_tool = MagicMock() - trivy_scan_instance.scan_image = MagicMock() - trivy_scan_instance.scan_image.return_value = "result.json" - version = remote_config["TRIVY"]["TRIVY_VERSION"] - file = f"trivy_{version}_macOS-64bit.tar.gz" - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) - assert result == "result.json" - - -def test_run_tool_container_sca_windows(trivy_scan_instance): - with patch("platform.system") as mock_platform: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "Windows" - trivy_scan_instance.install_tool_windows = MagicMock() - trivy_scan_instance.scan_image = MagicMock() - trivy_scan_instance.scan_image.return_value = "result.json" - version = remote_config["TRIVY"]["TRIVY_VERSION"] - file = f"trivy_{version}_windows-64bit.zip" - base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - trivy_scan_instance.install_tool_windows.assert_called_with(file, base_url+file) - assert result == "result.json" - -def test_run_tool_container_sca_none(trivy_scan_instance): - with patch("platform.system") as mock_platform, patch( - "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.warning" - ) as mock_logger: - remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} - mock_platform.return_value = "None" - - result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") - - mock_logger.assert_called_with("None is not supported.") - assert result == None +from devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan import ( + TrivyScan, +) + +from unittest.mock import patch, MagicMock, Mock +import pytest + + +@pytest.fixture +def trivy_scan_instance(): + return TrivyScan() + + +def test_download_tool_success(trivy_scan_instance): + with patch("builtins.open") as mock_open, patch( + "requests.get" + ) as mock_request: + + trivy_scan_instance.download_tool("file", "url") + + assert mock_request.call_count == 1 + assert mock_open.call_count == 1 + + +def test_download_tool_exception(trivy_scan_instance): + with patch("requests.get") as mock_request, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_request.side_effect = Exception("custom error") + + trivy_scan_instance.download_tool("file", "url") + + mocke_logger.assert_called_with("Error downloading trivy: custom error") + + +def test_install_tool_success(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "tarfile.open" + ) as mock_tar_open: + mock_run.return_value = Mock(returncode=1) + trivy_scan_instance.download_tool = MagicMock() + + trivy_scan_instance.install_tool("file", "url") + + assert mock_tar_open.call_count == 1 + +def test_install_tool_exception(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_run.return_value = Mock(returncode=1) + trivy_scan_instance.download_tool = MagicMock() + trivy_scan_instance.download_tool.side_effect = Exception("custom error") + + trivy_scan_instance.install_tool("file", "url") + + mocke_logger.assert_called_with("Error installing trivy: custom error") + + +def test_install_tool_windows_success(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "zipfile.ZipFile" + ) as mock_zipfile: + mock_run.side_effect = Exception() + trivy_scan_instance.download_tool = MagicMock() + + trivy_scan_instance.install_tool_windows("file", "url") + + assert mock_zipfile.call_count == 1 + + +def test_install_tool_windows_exception(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_run.side_effect = Exception() + trivy_scan_instance.download_tool = MagicMock() + trivy_scan_instance.download_tool.side_effect = Exception("custom error") + + trivy_scan_instance.install_tool_windows("file", "url") + + mocke_logger.assert_called_with("Error installing trivy: custom error") + + +def test_scan_image_success(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "builtins.print" + ) as mock_print: + result = trivy_scan_instance.scan_image("prefix", "image_name", "result.json") + + assert mock_print.call_count == 1 + assert result == "result.json" + + +def test_scan_image_exception(trivy_scan_instance): + with patch("subprocess.run") as mock_run, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.error" + ) as mocke_logger: + mock_run.side_effect = Exception("custom error") + + trivy_scan_instance.scan_image("prefix", "image_name", "result.json") + + mocke_logger.assert_called_with("Error during image scan of image_name: custom error") + + +def test_run_tool_container_sca_linux(trivy_scan_instance): + with patch("platform.system") as mock_platform: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "Linux" + trivy_scan_instance.install_tool = MagicMock() + trivy_scan_instance.scan_image = MagicMock() + trivy_scan_instance.scan_image.return_value = "result.json" + version = remote_config["TRIVY"]["TRIVY_VERSION"] + file = f"trivy_{version}_Linux-64bit.tar.gz" + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) + assert result == "result.json" + + +def test_run_tool_container_sca_darwin(trivy_scan_instance): + with patch("platform.system") as mock_platform: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "Darwin" + trivy_scan_instance.install_tool = MagicMock() + trivy_scan_instance.scan_image = MagicMock() + trivy_scan_instance.scan_image.return_value = "result.json" + version = remote_config["TRIVY"]["TRIVY_VERSION"] + file = f"trivy_{version}_macOS-64bit.tar.gz" + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + trivy_scan_instance.install_tool.assert_called_with(file, base_url+file) + assert result == "result.json" + + +def test_run_tool_container_sca_windows(trivy_scan_instance): + with patch("platform.system") as mock_platform: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "Windows" + trivy_scan_instance.install_tool_windows = MagicMock() + trivy_scan_instance.scan_image = MagicMock() + trivy_scan_instance.scan_image.return_value = "result.json" + version = remote_config["TRIVY"]["TRIVY_VERSION"] + file = f"trivy_{version}_windows-64bit.zip" + base_url = f"https://github.com/aquasecurity/trivy/releases/download/v{version}/" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + trivy_scan_instance.install_tool_windows.assert_called_with(file, base_url+file) + assert result == "result.json" + +def test_run_tool_container_sca_none(trivy_scan_instance): + with patch("platform.system") as mock_platform, patch( + "devsecops_engine_tools.engine_sca.engine_container.src.infrastructure.driven_adapters.trivy_tool.trivy_manager_scan.logger.warning" + ) as mock_logger: + remote_config = {"TRIVY":{"TRIVY_VERSION": "1.2.3"}} + mock_platform.return_value = "None" + + result = trivy_scan_instance.run_tool_container_sca(remote_config, None, "image_name", "result.json") + + mock_logger.assert_called_with("None is not supported.") + assert result == None diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py index 2aa369117..dc2dbe1be 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/set_input_core.py @@ -1,65 +1,65 @@ -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold -from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions - - -class SetInputCore: - def __init__(self, remote_config, exclusions, pipeline_name, tool): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - self.tool = tool - - def get_exclusions(self, exclusions_data, pipeline_name, tool): - list_exclusions = [] - for key, value in exclusions_data.items(): - if (key == "All") or (key == pipeline_name): - if value.get(tool, 0): - exclusions = [ - Exclusions( - id=item.get("id", ""), - where=item.get("where", ""), - cve_id=item.get("cve_id", ""), - create_date=item.get("create_date", ""), - expired_date=item.get("expired_date", ""), - severity=item.get("severity", ""), - hu=item.get("hu", ""), - reason=item.get("reason", "Risk acceptance"), - ) - for item in value[tool] - ] - list_exclusions.extend(exclusions) - return list_exclusions - - def update_threshold(self, threshold, exclusions_data, pipeline_name): - if (pipeline_name in exclusions_data) and ( - exclusions_data[pipeline_name].get("THRESHOLD", 0) - ): - threshold["VULNERABILITY"] = exclusions_data[pipeline_name][ - "THRESHOLD" - ].get("VULNERABILITY") - return threshold - - def set_input_core(self, dependencies_scanned): - """ - Set the input core. - - Returns: - dict: Input core. - """ - return InputCore( - self.get_exclusions( - self.exclusions, - self.pipeline_name, - self.tool, - ), - Threshold( - self.update_threshold( - self.remote_config["THRESHOLD"], self.exclusions, self.pipeline_name - ) - ), - dependencies_scanned, - self.remote_config["MESSAGE_INFO_ENGINE_DEPENDENCIES"], - self.pipeline_name, - "Build", - ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold +from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions + + +class SetInputCore: + def __init__(self, remote_config, exclusions, pipeline_name, tool): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + self.tool = tool + + def get_exclusions(self, exclusions_data, pipeline_name, tool): + list_exclusions = [] + for key, value in exclusions_data.items(): + if (key == "All") or (key == pipeline_name): + if value.get(tool, 0): + exclusions = [ + Exclusions( + id=item.get("id", ""), + where=item.get("where", ""), + cve_id=item.get("cve_id", ""), + create_date=item.get("create_date", ""), + expired_date=item.get("expired_date", ""), + severity=item.get("severity", ""), + hu=item.get("hu", ""), + reason=item.get("reason", "Risk acceptance"), + ) + for item in value[tool] + ] + list_exclusions.extend(exclusions) + return list_exclusions + + def update_threshold(self, threshold, exclusions_data, pipeline_name): + if (pipeline_name in exclusions_data) and ( + exclusions_data[pipeline_name].get("THRESHOLD", 0) + ): + threshold["VULNERABILITY"] = exclusions_data[pipeline_name][ + "THRESHOLD" + ].get("VULNERABILITY") + return threshold + + def set_input_core(self, dependencies_scanned): + """ + Set the input core. + + Returns: + dict: Input core. + """ + return InputCore( + self.get_exclusions( + self.exclusions, + self.pipeline_name, + self.tool, + ), + Threshold( + self.update_threshold( + self.remote_config["THRESHOLD"], self.exclusions, self.pipeline_name + ) + ), + dependencies_scanned, + self.remote_config["MESSAGE_INFO_ENGINE_DEPENDENCIES"], + self.pipeline_name, + "Build", + ) diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py index ca914a42a..95ea966ba 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/test/domain/usecases/test_handle_remote_config_patterns.py @@ -1,81 +1,81 @@ -from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.handle_remote_config_patterns import ( - HandleRemoteConfigPatterns, -) - -from unittest.mock import patch - - -def test_init(): - remote_config = {"remote_config_key": "remote_config_value"} - exclusions = {"Exclusion": "Exclusion_value"} - pipeline_name = "pipeline" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - - assert handle_remote_config_patterns_instance.remote_config == remote_config - assert handle_remote_config_patterns_instance.exclusions == exclusions - assert handle_remote_config_patterns_instance.pipeline_name == pipeline_name - - -def test_ignore_analysis_pattern_matched(): - remote_config = { - "remote_config_key": "remote_config_value", - "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", - } - pipeline_name = "pipeline_test" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.ignore_analysis_pattern() - - assert result == False - - -def test_ignore_analysis_pattern_matched(): - remote_config = { - "remote_config_key": "remote_config_value", - "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", - } - pipeline_name = "pipeline" - exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.ignore_analysis_pattern() - - assert result == True - - -def test_skip_from_exclusion(): - remote_config = { - "remote_config_key": "remote_config_value", - } - exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} - pipeline_name = "pipeline1" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.skip_from_exclusion() - - assert result == True - - -def test_skip_from_exclusion_not_skip(): - remote_config = { - "remote_config_key": "remote_config_value", - } - exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} - pipeline_name = "pipeline" - - handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( - remote_config, exclusions, pipeline_name - ) - result = handle_remote_config_patterns_instance.skip_from_exclusion() - - assert result == False +from devsecops_engine_tools.engine_sca.engine_dependencies.src.domain.usecases.handle_remote_config_patterns import ( + HandleRemoteConfigPatterns, +) + +from unittest.mock import patch + + +def test_init(): + remote_config = {"remote_config_key": "remote_config_value"} + exclusions = {"Exclusion": "Exclusion_value"} + pipeline_name = "pipeline" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + + assert handle_remote_config_patterns_instance.remote_config == remote_config + assert handle_remote_config_patterns_instance.exclusions == exclusions + assert handle_remote_config_patterns_instance.pipeline_name == pipeline_name + + +def test_ignore_analysis_pattern_matched(): + remote_config = { + "remote_config_key": "remote_config_value", + "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", + } + pipeline_name = "pipeline_test" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.ignore_analysis_pattern() + + assert result == False + + +def test_ignore_analysis_pattern_matched(): + remote_config = { + "remote_config_key": "remote_config_value", + "IGNORE_ANALYSIS_PATTERN": "(.*_test|Template_.*)", + } + pipeline_name = "pipeline" + exclusions = {"pipeline1": {"SKIP_FILES": {"files": [".py", ".txt"]}}} + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.ignore_analysis_pattern() + + assert result == True + + +def test_skip_from_exclusion(): + remote_config = { + "remote_config_key": "remote_config_value", + } + exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} + pipeline_name = "pipeline1" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.skip_from_exclusion() + + assert result == True + + +def test_skip_from_exclusion_not_skip(): + remote_config = { + "remote_config_key": "remote_config_value", + } + exclusions = {"pipeline1": {"SKIP_TOOL": {"hu": ""}}} + pipeline_name = "pipeline" + + handle_remote_config_patterns_instance = HandleRemoteConfigPatterns( + remote_config, exclusions, pipeline_name + ) + result = handle_remote_config_patterns_instance.skip_from_exclusion() + + assert result == False From 47803c16f7906480689b4e3e987f95acdf92490e Mon Sep 17 00:00:00 2001 From: russbelln Date: Thu, 26 Sep 2024 17:21:37 -0500 Subject: [PATCH 048/441] delete url validator file --- .../src/infrastructure/helpers/url_validator.py | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py deleted file mode 100644 index 6eaa15448..000000000 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/helpers/url_validator.py +++ /dev/null @@ -1,17 +0,0 @@ -import validators - - -def url_validator(url): - """ - Validates if a given URL is valid or not. - - Args: - url (str): The URL to be validated. - - Returns: - bool: True if the URL is valid, False otherwise. - """ - if validators.url(url): - return True - else: - return False From e38f5994e5bd40fe96eae8fe20a9543272c50882 Mon Sep 17 00:00:00 2001 From: russbelln Date: Fri, 27 Sep 2024 22:28:23 -0500 Subject: [PATCH 049/441] Resolve some comments, delete files, lines and description was modified --- .../src/applications/runner_engine_core.py | 3 +- .../driven_adapters/nuclei/nuclei_tool.py | 3 +- .../driven_adapters/jwt/test_jwt_object.py | 0 .../test/domain/usecases/test_secret_scan.py | 438 +++++++++--------- .../usecases/handle_remote_config_patterns.py | 76 +-- .../models/GithubPredefinedVariables.py | 112 ++--- 6 files changed, 316 insertions(+), 316 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py diff --git a/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py b/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py index 880b1146e..48a71e129 100644 --- a/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py +++ b/tools/devsecops_engine_tools/engine_core/src/applications/runner_engine_core.py @@ -160,7 +160,8 @@ def get_inputs_from_cli(args): parser.add_argument( "--dast_file_path", required=False, - help="Engine DAST Api or Web Application configuration file path" + help="File path containing the configuration, structured according to the documentation, \ + for the API or web application to be scanned by the DAST tool." ) args = parser.parse_args() return { diff --git a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py index 22cb6e45a..7b35d3b58 100644 --- a/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py +++ b/tools/devsecops_engine_tools/engine_dast/src/infrastructure/driven_adapters/nuclei/nuclei_tool.py @@ -30,7 +30,6 @@ def __init__(self, target_config=None, data_config_cli=None): self.target_config = target_config self.data_config_cli = data_config_cli self.TOOL: str = "NUCLEI" - self.debug: str = os.environ.get("DEBUG", "false") def configurate_external_checks( self, config_tool: ConfigTool, github_token: str, output_dir: str = "/tmp" @@ -70,7 +69,7 @@ def execute(self, target_config: NucleiConfig) -> dict: capture_output=True, ) error = result.stderr - if (error is not None and error != "") and self.debug == "true": + if (error is not None and error != ""): error = error.strip() print(f"Error executing nuclei: {error}") diff --git a/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py b/tools/devsecops_engine_tools/engine_dast/test/infrastructure/driven_adapters/jwt/test_jwt_object.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py index 29de1c9c4..ea4fa3733 100644 --- a/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py +++ b/tools/devsecops_engine_tools/engine_sast/engine_secret/test/domain/usecases/test_secret_scan.py @@ -1,220 +1,220 @@ -import unittest -from unittest.mock import patch -from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan import ( - SecretScan, -) -from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( - DeserializeConfigTool, -) - -class TestSecretScan(unittest.TestCase): - def setUp(self) -> None: - global json_config - json_config = { - "IGNORE_SEARCH_PATTERN": [ - "test" - ], - "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", - "THRESHOLD": { - "VULNERABILITY": { - "Critical": 1, - "High": 1, - "Medium": 1, - "Low": 1 - }, - "COMPLIANCE": { - "Critical": 0 - } - }, - "TARGET_BRANCHES": ["trunk", "develop"], - "trufflehog": { - "EXCLUDE_PATH": [".git", "node_modules", "target", "build", "build.gradle", "twistcli-scan", ".svg", ".drawio"], - "NUMBER_THREADS": 4 - } - } - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_process( - self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway - ): - # Configuración de mocks - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [ - "vulnerability_data" - ] - - obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') - mock_devops_gateway_instance.get_remote_config.return_value = json_config - mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" - mock_tool_gateway_instance.run_tool_secret_scan.return_value = ( - "vulnerability_data", "path/findings" - ) - - finding_list, file_path_findings = secret_scan.process( - False, obj_config_tool - ) - - self.assertEqual(finding_list, ["vulnerability_data"]) - self.assertEqual(file_path_findings, "path/findings") - mock_tool_gateway_instance.install_tool.assert_called_once() - mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_process_empty( - self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway - ): - # Configuración de mocks - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [] - - obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') - mock_devops_gateway_instance.get_remote_config.return_value = json_config - mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" - mock_tool_gateway_instance.run_tool_secret_scan.return_value = "", "" - - finding_list, file_path_findings = secret_scan.process( - False, obj_config_tool - ) - - self.assertEqual(finding_list, []) - self.assertEqual(file_path_findings, "") - mock_tool_gateway_instance.install_tool.assert_called_once() - mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_skip_tool_true(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_devops_gateway_instance.get_variable.return_value = "test_pipeline" - exclusions = { - "test_pipeline": {"SKIP_TOOL": 1} - } - result = secret_scan.skip_from_exclusion(exclusions) - self.assertTrue(result) - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_skip_tool_false(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_devops_gateway_instance.get_variable.return_value = "other_pipeline" - exclusions = { - "test_pipeline": {"SKIP_TOOL": 1} - } - result = secret_scan.skip_from_exclusion(exclusions) - self.assertFalse(result) - - @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') - @patch( - "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" - ) - @patch( - "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" - ) - def test_complete_config_tool( - self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway - ): - # Configuración de mocks - mock_tool_gateway_instance = mock_tool_gateway.return_value - mock_devops_gateway_instance = mock_devops_gateway.return_value - mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value - mock_git_gateway_instance = mock_git_gateway.return_value - - secret_scan = SecretScan( - mock_tool_gateway_instance, - mock_devops_gateway_instance, - mock_deserialize_gateway_instance, - mock_git_gateway_instance - ) - - mock_devops_gateway_instance.get_remote_config.return_value = json_config - mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" - - config_tool_instance = secret_scan.complete_config_tool( - {"remote_config_repo": "repository"}, "TRUFFLEHOG" - ) - +import unittest +from unittest.mock import patch +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.usecases.secret_scan import ( + SecretScan, +) +from devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.DeserializeConfigTool import ( + DeserializeConfigTool, +) + +class TestSecretScan(unittest.TestCase): + def setUp(self) -> None: + global json_config + json_config = { + "IGNORE_SEARCH_PATTERN": [ + "test" + ], + "MESSAGE_INFO_ENGINE_SECRET": "If you have doubts, visit url", + "THRESHOLD": { + "VULNERABILITY": { + "Critical": 1, + "High": 1, + "Medium": 1, + "Low": 1 + }, + "COMPLIANCE": { + "Critical": 0 + } + }, + "TARGET_BRANCHES": ["trunk", "develop"], + "trufflehog": { + "EXCLUDE_PATH": [".git", "node_modules", "target", "build", "build.gradle", "twistcli-scan", ".svg", ".drawio"], + "NUMBER_THREADS": 4 + } + } + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_process( + self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway + ): + # Configuración de mocks + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [ + "vulnerability_data" + ] + + obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') + mock_devops_gateway_instance.get_remote_config.return_value = json_config + mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" + mock_tool_gateway_instance.run_tool_secret_scan.return_value = ( + "vulnerability_data", "path/findings" + ) + + finding_list, file_path_findings = secret_scan.process( + False, obj_config_tool + ) + + self.assertEqual(finding_list, ["vulnerability_data"]) + self.assertEqual(file_path_findings, "path/findings") + mock_tool_gateway_instance.install_tool.assert_called_once() + mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_process_empty( + self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway + ): + # Configuración de mocks + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_deserialize_gateway_instance.get_list_vulnerability.return_value = [] + + obj_config_tool = DeserializeConfigTool(json_config, 'trufflehog') + mock_devops_gateway_instance.get_remote_config.return_value = json_config + mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" + mock_tool_gateway_instance.run_tool_secret_scan.return_value = "", "" + + finding_list, file_path_findings = secret_scan.process( + False, obj_config_tool + ) + + self.assertEqual(finding_list, []) + self.assertEqual(file_path_findings, "") + mock_tool_gateway_instance.install_tool.assert_called_once() + mock_tool_gateway_instance.run_tool_secret_scan.assert_called_once() + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_skip_tool_true(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_devops_gateway_instance.get_variable.return_value = "test_pipeline" + exclusions = { + "test_pipeline": {"SKIP_TOOL": 1} + } + result = secret_scan.skip_from_exclusion(exclusions) + self.assertTrue(result) + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_skip_tool_false(self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway): + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_devops_gateway_instance.get_variable.return_value = "other_pipeline" + exclusions = { + "test_pipeline": {"SKIP_TOOL": 1} + } + result = secret_scan.skip_from_exclusion(exclusions) + self.assertFalse(result) + + @patch('devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.git_gateway.GitGateway') + @patch( + "devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway.DevopsPlatformGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.gateway_deserealizator.DeseralizatorGateway" + ) + @patch( + "devsecops_engine_tools.engine_sast.engine_secret.src.domain.model.gateway.tool_gateway.ToolGateway" + ) + def test_complete_config_tool( + self, mock_tool_gateway, mock_devops_gateway, mock_deserialize_gateway, mock_git_gateway + ): + # Configuración de mocks + mock_tool_gateway_instance = mock_tool_gateway.return_value + mock_devops_gateway_instance = mock_devops_gateway.return_value + mock_deserialize_gateway_instance = mock_deserialize_gateway.return_value + mock_git_gateway_instance = mock_git_gateway.return_value + + secret_scan = SecretScan( + mock_tool_gateway_instance, + mock_devops_gateway_instance, + mock_deserialize_gateway_instance, + mock_git_gateway_instance + ) + + mock_devops_gateway_instance.get_remote_config.return_value = json_config + mock_devops_gateway_instance.get_variable.return_value = "example_pipeline" + + config_tool_instance = secret_scan.complete_config_tool( + {"remote_config_repo": "repository"}, "TRUFFLEHOG" + ) + self.assertEqual(config_tool_instance.scope_pipeline, "example_pipeline") \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py index f5e293a40..5e75df27a 100644 --- a/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py +++ b/tools/devsecops_engine_tools/engine_sca/engine_dependencies/src/domain/usecases/handle_remote_config_patterns.py @@ -1,38 +1,38 @@ -import re - - -class HandleRemoteConfigPatterns: - def __init__( - self, - remote_config, - exclusions, - pipeline_name, - ): - self.remote_config = remote_config - self.exclusions = exclusions - self.pipeline_name = pipeline_name - - def ignore_analysis_pattern(self): - """ - Handle analysis pattern. - - Return: bool: False -> not scan, True -> scan. - """ - ignore = self.remote_config["IGNORE_ANALYSIS_PATTERN"] - if re.match(ignore, self.pipeline_name, re.IGNORECASE): - return False - else: - return True - - def skip_from_exclusion(self): - """ - Handle skip tool. - - Return: bool: True -> skip tool, False -> not skip tool. - """ - if (self.pipeline_name in self.exclusions) and ( - self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) - ): - return True - else: - return False +import re + + +class HandleRemoteConfigPatterns: + def __init__( + self, + remote_config, + exclusions, + pipeline_name, + ): + self.remote_config = remote_config + self.exclusions = exclusions + self.pipeline_name = pipeline_name + + def ignore_analysis_pattern(self): + """ + Handle analysis pattern. + + Return: bool: False -> not scan, True -> scan. + """ + ignore = self.remote_config["IGNORE_ANALYSIS_PATTERN"] + if re.match(ignore, self.pipeline_name, re.IGNORECASE): + return False + else: + return True + + def skip_from_exclusion(self): + """ + Handle skip tool. + + Return: bool: True -> skip tool, False -> not skip tool. + """ + if (self.pipeline_name in self.exclusions) and ( + self.exclusions[self.pipeline_name].get("SKIP_TOOL", 0) + ): + return True + else: + return False diff --git a/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py b/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py index 1cd796c82..f74d991b3 100644 --- a/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py +++ b/tools/devsecops_engine_tools/engine_utilities/github/models/GithubPredefinedVariables.py @@ -1,56 +1,56 @@ -import os -from enum import Enum -from devsecops_engine_tools.engine_utilities.input_validations.env_utils import EnvVariables - - -class EnvVariables: - @staticmethod - def get_value(env_name): - env_var = os.environ.get(env_name) - if env_var is None: - raise ValueError(f"La variable de entorno {env_name} no está definida") - return env_var - - -class BaseEnum(Enum): - @property - def env_name(self): - return self._value_.replace(".", "_").upper() - - def value(self): - return EnvVariables.get_value(self.env_name) - - -class SystemVariables(BaseEnum): - github_access_token = "github.access.token" - github_workspace = "github.workspace" - github_job = "github.job" - github_server_url = "github.server.url" - github_repository = "github.repository" - github_event_number = "github.event.number" - github_event_base_ref = "github.event.base.ref" - github_ref = "github.ref" - - -class BuildVariables(BaseEnum): - github_run_id = "github.run.id" - github_run_number = "github.run.number" - github_workflow = "github.workflow" - github_repository = "github.repository" - github_ref = "github.ref" - runner_temp = "runner.temp" - github_sha = "github.sha" - GitHub = "GitHub" - - -class ReleaseVariables(BaseEnum): - github_workflow = "github.workflow" - github_env = "github.env" - github_run_number = "github.run.number" - - -class AgentVariables(BaseEnum): - runner_workspace = "runner.workspace" - github_workspace = "github.workspace" - runner_os = "runner.os" - runner_tool_cache = "runner.tool.cache" +import os +from enum import Enum +from devsecops_engine_tools.engine_utilities.input_validations.env_utils import EnvVariables + + +class EnvVariables: + @staticmethod + def get_value(env_name): + env_var = os.environ.get(env_name) + if env_var is None: + raise ValueError(f"La variable de entorno {env_name} no está definida") + return env_var + + +class BaseEnum(Enum): + @property + def env_name(self): + return self._value_.replace(".", "_").upper() + + def value(self): + return EnvVariables.get_value(self.env_name) + + +class SystemVariables(BaseEnum): + github_access_token = "github.access.token" + github_workspace = "github.workspace" + github_job = "github.job" + github_server_url = "github.server.url" + github_repository = "github.repository" + github_event_number = "github.event.number" + github_event_base_ref = "github.event.base.ref" + github_ref = "github.ref" + + +class BuildVariables(BaseEnum): + github_run_id = "github.run.id" + github_run_number = "github.run.number" + github_workflow = "github.workflow" + github_repository = "github.repository" + github_ref = "github.ref" + runner_temp = "runner.temp" + github_sha = "github.sha" + GitHub = "GitHub" + + +class ReleaseVariables(BaseEnum): + github_workflow = "github.workflow" + github_env = "github.env" + github_run_number = "github.run.number" + + +class AgentVariables(BaseEnum): + runner_workspace = "runner.workspace" + github_workspace = "github.workspace" + runner_os = "runner.os" + runner_tool_cache = "runner.tool.cache" From c1d9ac7aa944364b3039d4b9242e579ad98e0293 Mon Sep 17 00:00:00 2001 From: Santiago Gaviria Oliveros Date: Fri, 4 Oct 2024 09:14:33 -0500 Subject: [PATCH 050/441] fix: refactor qualitygate vm and update doc --- docs/CONTRIBUTING.md | 8 ++ .../engine_container/ConfigTool.json | 31 ++++++- .../model/custom_level_vulnerability.py | 8 -- .../vulnerability_management_gateway.py | 4 + .../engine_core/src/domain/model/threshold.py | 5 +- .../src/domain/usecases/break_build.py | 3 - .../src/domain/usecases/handle_scan.py | 72 +++++++++++++--- .../defect_dojo/defect_dojo.py | 41 ++++++++- .../test/domain/usecases/test_break_build.py | 9 -- .../test/domain/usecases/test_handle_scan.py | 83 +++++++++++++++---- .../engine_utilities/defect_dojo/__init__.py | 3 +- .../defect_dojo/applications/connect.py | 4 + .../defect_dojo/applications/defect_dojo.py | 39 +++++++-- .../defect_dojo/applications/product.py | 16 ++++ .../defect_dojo/domain/models/product_list.py | 8 +- .../domain/user_case/import_scan.py | 2 +- .../defect_dojo/domain/user_case/product.py | 9 ++ .../driver_adapters/product.py | 13 +-- .../test/domain/user_case/test_import_scan.py | 2 +- .../driver_adapter/test_product.py | 8 +- 20 files changed, 289 insertions(+), 79 deletions(-) delete mode 100644 tools/devsecops_engine_tools/engine_core/src/domain/model/custom_level_vulnerability.py create mode 100644 tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py create mode 100644 tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/product.py diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index a18fb4fb6..5bc754713 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -58,6 +58,14 @@ Packages (directories) and modules (.py files) must be lowercase. +# Standard commits - Semantic release + +We use the semantic release library to manage the release in the project. Please validate at the time of contribution that it complies with the standard commits - and Pull Request based on the library definition: + +- [Semantic Release](https://semantic-release.gitbook.io/semantic-release) + +- [Semantic Versioning](https://semver.org/) + # GOVERNANCE Read more [Governance](https://github.com/bancolombia/devsecops-engine-tools/blob/trunk/docs/GOVERNANCE.md) \ No newline at end of file diff --git a/example_remote_config_local/engine_sca/engine_container/ConfigTool.json b/example_remote_config_local/engine_sca/engine_container/ConfigTool.json index 7c69ff070..ef5350ae6 100644 --- a/example_remote_config_local/engine_sca/engine_container/ConfigTool.json +++ b/example_remote_config_local/engine_sca/engine_container/ConfigTool.json @@ -17,13 +17,36 @@ "Medium": 20, "Low": 999 }, - "CUSTOM_VULNERABILITY": { - "PATTERN_APPS": "^(?!(App1|Apptest)$).*(App2.*|.*App3.*|.*App.*)", - "VULNERABILITY": { + "QUALITY_VULNERABILITY_MANAGEMENT": { + "PTS": [ + { + "Product Type Name": { + "APPS": [ + "CodeApp", + "CodeApp1", + "CodeApp12" + ], + "PROFILE": "STRONG" + } + }, + { + "Product Type Name2": { + "APPS": "ALL", + "PROFILE": "MODERATE" + } + } + ], + "STRONG": { "Critical": 0, "High": 0, "Medium": 5, - "Low": 10 + "Low": 15 + }, + "MODERATE": { + "Critical": 1, + "High": 3, + "Medium": 5, + "Low": 15 } }, "COMPLIANCE": { diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/model/custom_level_vulnerability.py b/tools/devsecops_engine_tools/engine_core/src/domain/model/custom_level_vulnerability.py deleted file mode 100644 index 37cce5d2c..000000000 --- a/tools/devsecops_engine_tools/engine_core/src/domain/model/custom_level_vulnerability.py +++ /dev/null @@ -1,8 +0,0 @@ -from devsecops_engine_tools.engine_core.src.domain.model.level_vulnerability import ( - LevelVulnerability, -) - -class CustomLevelVulnerability: - def __init__(self, data): - self.pattern_apps = data.get("PATTERN_APPS") - self.vulnerability = LevelVulnerability(data.get("VULNERABILITY")) \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py b/tools/devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py index 6cce8b900..98813d9a1 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py @@ -10,6 +10,10 @@ def send_vulnerability_management( ): "send_vulnerability_management" + @abstractmethod + def get_product_type_service(self, service, dict_args, secret_tool, config_tool): + "get_product_type_service" + @abstractmethod def get_findings_excepted( self, service, dict_args, secret_tool, config_tool diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/model/threshold.py b/tools/devsecops_engine_tools/engine_core/src/domain/model/threshold.py index 8728475e1..4e0bae630 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/model/threshold.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/model/threshold.py @@ -4,13 +4,10 @@ from devsecops_engine_tools.engine_core.src.domain.model.level_compliance import ( LevelCompliance, ) -from devsecops_engine_tools.engine_core.src.domain.model.custom_level_vulnerability import ( - CustomLevelVulnerability, -) class Threshold: def __init__(self, data): self.vulnerability = LevelVulnerability(data.get("VULNERABILITY")) self.compliance = LevelCompliance(data.get("COMPLIANCE")) self.cve = data.get("CVE",[]) - self.custom_vulnerability = CustomLevelVulnerability(data.get("CUSTOM_VULNERABILITY")) if data.get("CUSTOM_VULNERABILITY") else None + self.quality_vulnerability_management = data.get("QUALITY_VULNERABILITY_MANAGEMENT") if data.get("QUALITY_VULNERABILITY_MANAGEMENT") else None diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py index f6509f566..89b7baebf 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/break_build.py @@ -67,9 +67,6 @@ def process(self, findings_list: "list[Finding]", input_core: InputCore, args: a "compliances": {}, } - if threshold.custom_vulnerability and bool(re.match(threshold.custom_vulnerability.pattern_apps, input_core.scope_pipeline, re.IGNORECASE)): - threshold.vulnerability = threshold.custom_vulnerability.vulnerability - if len(findings_list) != 0: self._apply_policie_exception_new_vulnerability_industry( findings_list, exclusions, args diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py index 943f18d69..a605bb63d 100644 --- a/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/src/domain/usecases/handle_scan.py @@ -19,6 +19,10 @@ from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import ( VulnerabilityManagement, ) +from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore +from devsecops_engine_tools.engine_core.src.domain.model.level_vulnerability import ( + LevelVulnerability, +) from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( ExceptionVulnerabilityManagement, ExceptionFindingsExcepted, @@ -52,6 +56,37 @@ def __init__( self.secrets_manager_gateway = secrets_manager_gateway self.devops_platform_gateway = devops_platform_gateway + def _define_threshold_quality_vuln( + self, input_core: InputCore, dict_args, secret_tool, config_tool + ): + quality_vulnerability_management = ( + input_core.threshold_defined.quality_vulnerability_management + ) + if quality_vulnerability_management: + product_type = self.vulnerability_management.get_product_type_service( + input_core.scope_pipeline, dict_args, secret_tool, config_tool + ) + if product_type: + pt_name = product_type.name + pt_qapt = next( + filter( + lambda qapt: pt_name in qapt, + quality_vulnerability_management["PTS"], + ), + None, + ) + if pt_qapt: + pt_info = pt_qapt[pt_name] + pt_profile = pt_info["PROFILE"] + pt_apps = pt_info["APPS"] + + input_core.threshold_defined.vulnerability = ( + LevelVulnerability(quality_vulnerability_management[pt_profile]) + if pt_apps == "ALL" + or any(map(lambda pd: pd in input_core.scope_pipeline, pt_apps)) + else input_core.threshold_defined.vulnerability + ) + def _use_vulnerability_management( self, config_tool, input_core, dict_args, secret_tool, env ): @@ -72,9 +107,14 @@ def _use_vulnerability_management( self.devops_platform_gateway.get_variable("build_id"), self.devops_platform_gateway.get_variable("branch_tag"), self.devops_platform_gateway.get_variable("commit_hash"), - env + env, ) ) + + self._define_threshold_quality_vuln( + input_core, dict_args, secret_tool, config_tool + ) + except ExceptionVulnerabilityManagement as ex1: logger.error(str(ex1)) try: @@ -92,23 +132,33 @@ def _use_vulnerability_management( def process(self, dict_args: any, config_tool: any): secret_tool = None env = define_env( - self.devops_platform_gateway.get_variable("environment"), - self.devops_platform_gateway.get_variable("branch_name"), - ) + self.devops_platform_gateway.get_variable("environment"), + self.devops_platform_gateway.get_variable("branch_name"), + ) if dict_args["use_secrets_manager"] == "true": secret_tool = self.secrets_manager_gateway.get_secret(config_tool) if "engine_iac" in dict_args["tool"]: findings_list, input_core = runner_engine_iac( - dict_args, config_tool["ENGINE_IAC"]["TOOL"], secret_tool,self.devops_platform_gateway, env + dict_args, + config_tool["ENGINE_IAC"]["TOOL"], + secret_tool, + self.devops_platform_gateway, + env, ) - if dict_args["use_vulnerability_management"] == "true" and input_core.path_file_results: + if ( + dict_args["use_vulnerability_management"] == "true" + and input_core.path_file_results + ): self._use_vulnerability_management( config_tool, input_core, dict_args, secret_tool, env ) return findings_list, input_core elif "engine_container" in dict_args["tool"]: findings_list, input_core = runner_engine_container( - dict_args, config_tool["ENGINE_CONTAINER"]["TOOL"], secret_tool, self.devops_platform_gateway + dict_args, + config_tool["ENGINE_CONTAINER"]["TOOL"], + secret_tool, + self.devops_platform_gateway, ) if ( dict_args["use_vulnerability_management"] == "true" @@ -122,7 +172,9 @@ def process(self, dict_args: any, config_tool: any): print(MESSAGE_ENABLED) elif "engine_code" in dict_args["tool"]: findings_list, input_core = runner_engine_code( - dict_args, config_tool["ENGINE_CODE"]["TOOL"], self.devops_platform_gateway + dict_args, + config_tool["ENGINE_CODE"]["TOOL"], + self.devops_platform_gateway, ) if ( dict_args["use_vulnerability_management"] == "true" @@ -136,7 +188,7 @@ def process(self, dict_args: any, config_tool: any): findings_list, input_core = runner_secret_scan( dict_args, config_tool["ENGINE_SECRET"]["TOOL"], - self.devops_platform_gateway + self.devops_platform_gateway, ) if ( dict_args["use_vulnerability_management"] == "true" @@ -158,4 +210,4 @@ def process(self, dict_args: any, config_tool: any): self._use_vulnerability_management( config_tool, input_core, dict_args, secret_tool, env ) - return findings_list, input_core \ No newline at end of file + return findings_list, input_core diff --git a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py index 0e81d761d..4d67f4b8d 100644 --- a/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py +++ b/tools/devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py @@ -11,6 +11,7 @@ Connect, Finding, Engagement, + Product, ) from devsecops_engine_tools.engine_core.src.domain.model.exclusions import Exclusions from devsecops_engine_tools.engine_core.src.domain.model.report import Report @@ -19,7 +20,7 @@ ExceptionVulnerabilityManagement, ExceptionFindingsExcepted, ExceptionGettingFindings, - ExceptionGettingEngagements + ExceptionGettingEngagements, ) from devsecops_engine_tools.engine_core.src.infrastructure.helpers.util import ( format_date, @@ -65,7 +66,7 @@ def send_vulnerability_management( "TRIVY": "Trivy Scan", "KUBESCAPE": "Kubescape Scanner", "KICS": "KICS Scanner", - "BEARER": "Bearer CLI" + "BEARER": "Bearer CLI", } if any( @@ -141,6 +142,38 @@ def request_func(): ) ) + def get_product_type_service(self, service, dict_args, secret_tool, config_tool): + try: + session_manager = self._get_session_manager( + dict_args, secret_tool, config_tool + ) + + dd_max_retries = config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][ + "MAX_RETRIES_QUERY" + ] + + def request_func(): + response = Product.get_product( + session=session_manager, + request={ + "name": Connect.get_code_app( + service, + config_tool["VULNERABILITY_MANAGER"]["DEFECT_DOJO"][ + "REGEX_EXPRESSION_CMDB" + ], + ), + "prefetch": "prod_type", + }, + ) + return response.prefetch.prod_type[str(response.results[0].prod_type)] if response.prefetch else None + + return self._retries_requests(request_func, dd_max_retries, retry_delay=5) + + except Exception as ex: + raise ExceptionVulnerabilityManagement( + "Error getting product type with the following error: {0} ".format(ex) + ) + def get_findings_excepted(self, service, dict_args, secret_tool, config_tool): try: session_manager = self._get_session_manager( @@ -250,7 +283,9 @@ def get_all(self, service, dict_args, secret_tool, config_tool): "Error getting all findings with the following error: {0} ".format(ex) ) - def get_active_engagements(self, engagement_name, dict_args, secret_tool, config_tool): + def get_active_engagements( + self, engagement_name, dict_args, secret_tool, config_tool + ): try: request_is = ImportScanRequest( token_defect_dojo=dict_args.get("token_vulnerability_management") diff --git a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_break_build.py b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_break_build.py index ad934593b..29b42f5b2 100644 --- a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_break_build.py +++ b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_break_build.py @@ -32,15 +32,6 @@ def test_process_no_findings(self, mock_print): "Medium": 10, "Low": 15, }, - "CUSTOM_VULNERABILITY": { - "PATTERN_APPS": "^(?!App1$).*(App2.*|.*App3.*)", - "VULNERABILITY": { - "Critical": 0, - "High": 0, - "Medium": 5, - "Low": 10, - }, - }, "COMPLIANCE": {"Critical": 1}, "CVE": ["CKV_K8S_22"], } diff --git a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py index 8877ce3a1..52b8c934b 100644 --- a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py @@ -6,7 +6,10 @@ from devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan import ( HandleScan, ) -from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( ExceptionVulnerabilityManagement, ExceptionFindingsExcepted) +from devsecops_engine_tools.engine_core.src.domain.model.customs_exceptions import ( + ExceptionVulnerabilityManagement, + ExceptionFindingsExcepted, +) class TestHandleScan(unittest.TestCase): @@ -14,6 +17,17 @@ def setUp(self): self.vulnerability_management = MagicMock() self.secrets_manager_gateway = MagicMock() self.devops_platform_gateway = MagicMock() + self.threshold = Threshold( + { + "VULNERABILITY": { + "Critical": 5, + "High": 8, + "Medium": 10, + "Low": 15, + }, + "COMPLIANCE": {"Critical": 1}, + } + ) self.handle_scan = HandleScan( self.vulnerability_management, self.secrets_manager_gateway, @@ -39,7 +53,7 @@ def test_process_with_engine_iac(self, mock_runner_engine_iac): findings_list = ["finding1", "finding2"] input_core = InputCore( totalized_exclusions=[], - threshold_defined=Threshold, + threshold_defined=self.threshold, path_file_results="test/file", custom_message_break_build="message", scope_pipeline="pipeline", @@ -64,7 +78,11 @@ def test_process_with_engine_iac(self, mock_runner_engine_iac): self.assertEqual(result_input_core, input_core) self.secrets_manager_gateway.get_secret.assert_called_once_with(config_tool) mock_runner_engine_iac.assert_called_once_with( - dict_args, config_tool["ENGINE_IAC"]["TOOL"], secret_tool, self.devops_platform_gateway, "dev" + dict_args, + config_tool["ENGINE_IAC"]["TOOL"], + secret_tool, + self.devops_platform_gateway, + "dev", ) self.vulnerability_management.send_vulnerability_management.assert_called_once() self.vulnerability_management.get_findings_excepted.assert_called_once() @@ -94,10 +112,14 @@ def test_process_with_engine_iac_error(self, mock_runner_engine_iac): mock_runner_engine_iac.return_value = findings_list, input_core # Mock the send_vulnerability_management method - self.vulnerability_management.send_vulnerability_management.side_effect = ExceptionVulnerabilityManagement("Simulated error") + self.vulnerability_management.send_vulnerability_management.side_effect = ( + ExceptionVulnerabilityManagement("Simulated error") + ) # Mock the get_findings_excepted method - self.vulnerability_management.get_findings_excepted.side_effect = ExceptionFindingsExcepted("Simulated error") + self.vulnerability_management.get_findings_excepted.side_effect = ( + ExceptionFindingsExcepted("Simulated error") + ) # Call the process method result_findings_list, result_input_core = self.handle_scan.process( @@ -119,7 +141,7 @@ def test_process_with_engine_container(self, mock_runner_engine_container): "use_secrets_manager": "true", "tool": "engine_container", "remote_config_repo": "test_repo", - "use_vulnerability_management":"true", + "use_vulnerability_management": "true", } config_tool = {"ENGINE_CONTAINER": {"ENABLED": "true", "TOOL": "tool"}} secret_tool = {"token_prisma_cloud": "test"} @@ -129,13 +151,42 @@ def test_process_with_engine_container(self, mock_runner_engine_container): findings_list = ["finding1", "finding2"] input_core = InputCore( totalized_exclusions=[], - threshold_defined=Threshold, + threshold_defined=Threshold( + { + "VULNERABILITY": { + "Critical": 5, + "High": 8, + "Medium": 10, + "Low": 15, + }, + "COMPLIANCE": {"Critical": 1}, + "QUALITY_VULNERABILITY_MANAGEMENT": { + "PTS": [ + { + "PT1": { + "APPS": ["pipeline", "app2", "app3"], + "PROFILE": "STRONG", + } + }, + { + "PT2": { + "APPS": "ALL", + "PROFILE": "MODERATE", + } + }, + ], + "STRONG": {"Critical": 0, "High": 0, "Medium": 5, "Low": 15}, + "MODERATE": {"Critical": 1, "High": 3, "Medium": 5, "Low": 15}, + }, + } + ), path_file_results="test/file", custom_message_break_build="message", scope_pipeline="pipeline", stage_pipeline="Release", ) mock_runner_engine_container.return_value = findings_list, input_core + self.vulnerability_management.get_product_type_service.side_effect = MagicMock(name="PT1") # Call the process method result_findings_list, result_input_core = self.handle_scan.process( @@ -157,7 +208,9 @@ def test_process_with_engine_dast(self, mock_print): self.handle_scan.process(dict_args, config_tool) mock_print.assert_called_once_with("not yet enabled") - @mock.patch("devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_secret_scan") + @mock.patch( + "devsecops_engine_tools.engine_core.src.domain.usecases.handle_scan.runner_secret_scan" + ) def test_process_with_engine_secret(self, mock_runner_secret_scan): dict_args = { "use_secrets_manager": "false", @@ -171,7 +224,7 @@ def test_process_with_engine_secret(self, mock_runner_secret_scan): findings_list = ["finding1", "finding2"] input_core = InputCore( totalized_exclusions=[], - threshold_defined=Threshold, + threshold_defined=self.threshold, path_file_results="test/file", custom_message_break_build="message", scope_pipeline="pipeline", @@ -188,7 +241,9 @@ def test_process_with_engine_secret(self, mock_runner_secret_scan): self.assertEqual(result_findings_list, findings_list) self.assertEqual(result_input_core, input_core) mock_runner_secret_scan.assert_called_once_with( - dict_args, config_tool["ENGINE_SECRET"]["TOOL"], self.devops_platform_gateway + dict_args, + config_tool["ENGINE_SECRET"]["TOOL"], + self.devops_platform_gateway, ) @mock.patch( @@ -199,11 +254,11 @@ def test_process_with_engine_dependencies(self, mock_runner_engine_dependencies) "use_secrets_manager": "true", "tool": "engine_dependencies", "remote_config_repo": "test_repo", - "use_vulnerability_management": "true" + "use_vulnerability_management": "true", } config_tool = { "ENGINE_DEPENDENCIES": "some_config", - "ENGINE_DEPENDENCIES": {"TOOL": "some_tool"} + "ENGINE_DEPENDENCIES": {"TOOL": "some_tool"}, } secret_tool = {"token_xray": "test"} self.secrets_manager_gateway.get_secret.return_value = secret_tool @@ -212,7 +267,7 @@ def test_process_with_engine_dependencies(self, mock_runner_engine_dependencies) findings_list = ["finding1", "finding2"] input_core = InputCore( totalized_exclusions=[], - threshold_defined=Threshold, + threshold_defined=self.threshold, path_file_results="test/file", custom_message_break_build="message", scope_pipeline="pipeline", @@ -232,5 +287,3 @@ def test_process_with_engine_dependencies(self, mock_runner_engine_dependencies) mock_runner_engine_dependencies.assert_called_once_with( dict_args, config_tool, secret_tool, self.devops_platform_gateway ) - - diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/__init__.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/__init__.py index 202ecefbf..f4b37ffa1 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/__init__.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/__init__.py @@ -3,4 +3,5 @@ from .applications.defect_dojo import DefectDojo from .applications.finding import Finding from .applications.connect import Connect -from .applications.engagement import Engagement \ No newline at end of file +from .applications.engagement import Engagement +from .applications.product import Product \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/connect.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/connect.py index 25eb61da7..363402c8a 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/connect.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/connect.py @@ -35,3 +35,7 @@ def cmdb(**kwargs) -> ImportScanRequest: return e return response + + def get_code_app(engagement_name, expression): + uc = CmdbUserCase(rest_consumer_cmdb=None, utils_azure=None, expression=expression) + return uc.get_code_app(engagement_name) diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/defect_dojo.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/defect_dojo.py index 9b2ea6cc1..cdb337e56 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/defect_dojo.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/defect_dojo.py @@ -1,14 +1,26 @@ from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger -from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.import_scan import ImportScanRestConsumer -from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product_type import ProductTypeRestConsumer -from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ProductRestConsumer +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.import_scan import ( + ImportScanRestConsumer, +) +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product_type import ( + ProductTypeRestConsumer, +) +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ( + ProductRestConsumer, +) from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.scan_configurations import ( ScanConfigrationRestConsumer, ) -from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.engagement import EngagementRestConsumer -from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ImportScanRequest -from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.import_scan import ImportScanUserCase +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.engagement import ( + EngagementRestConsumer, +) +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ( + ImportScanRequest, +) +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.import_scan import ( + ImportScanUserCase, +) from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager from devsecops_engine_tools.engine_utilities.settings import SETTING_LOGGER @@ -22,11 +34,20 @@ def send_import_scan(request: ImportScanRequest): if not isinstance(request, ImportScanRequest): return request rest_import_scan = ImportScanRestConsumer(request, session=SessionManager()) - rest_product_type = ProductTypeRestConsumer(request, session=SessionManager()) - rest_product = ProductRestConsumer(request, session=SessionManager()) + rest_product_type = ProductTypeRestConsumer( + request, session=SessionManager() + ) + rest_product = ProductRestConsumer( + SessionManager( + request.token_defect_dojo, + request.host_defect_dojo, + ) + ) rest_engagement = EngagementRestConsumer(request, session=SessionManager()) - rest_scan_configuration = ScanConfigrationRestConsumer(request, session=SessionManager()) + rest_scan_configuration = ScanConfigrationRestConsumer( + request, session=SessionManager() + ) uc = ImportScanUserCase( rest_import_scan, rest_product_type, diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py new file mode 100644 index 000000000..fef42f969 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py @@ -0,0 +1,16 @@ +from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.product import ProductUserCase +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ImportScanRequest +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ProductRestConsumer +from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager + +class Product: + @staticmethod + def get_product(session, request: dict): + try: + rest_product = ProductRestConsumer(session=session) + + uc = ProductUserCase(rest_product) + return uc.execute(request) + except ApiError as e: + raise e \ No newline at end of file diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/product_list.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/product_list.py index aed0b3f92..e2a5884f6 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/product_list.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/models/product_list.py @@ -1,12 +1,18 @@ import dataclasses -from typing import List +from typing import List, Dict from devsecops_engine_tools.engine_utilities.utils.dataclass_classmethod import FromDictMixin from devsecops_engine_tools.engine_utilities.defect_dojo.domain.models.product import Product +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.models.product_type import ProductType +@dataclasses.dataclass +class Prefetch(FromDictMixin): + prod_type: Dict[str, ProductType] + @dataclasses.dataclass class ProductList(FromDictMixin): count: int = 0 next = None previous = None results: List[Product] = dataclasses.field(default_factory=list) + prefetch: Prefetch = None diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/import_scan.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/import_scan.py index a40af4b84..bd3c1655f 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/import_scan.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/import_scan.py @@ -43,7 +43,7 @@ def execute(self, request: ImportScanRequest) -> ImportScanRequest: raise ApiError(log) logger.info(f"Match {request.scan_type}") - products = self.__rest_product.get_products(request) + products = self.__rest_product.get_products({"name":request.code_app}) if len(products.results) > 0: product_id = products.results[0].id request.product_name = products.results[0].name diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/product.py new file mode 100644 index 000000000..67c06be4b --- /dev/null +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/domain/user_case/product.py @@ -0,0 +1,9 @@ +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ProductRestConsumer + +class ProductUserCase: + def __init__(self, rest_product: ProductRestConsumer): + self.__rest_product = rest_product + + def execute(self, request): + response = self.__rest_product.get_products(request) + return response diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/driver_adapters/product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/driver_adapters/product.py index 061c00b4b..7cada97b7 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/driver_adapters/product.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/infraestructure/driver_adapters/product.py @@ -11,16 +11,17 @@ class ProductRestConsumer: - def __init__(self, request: ImportScanRequest, session: SessionManager): - self.__token = request.token_defect_dojo - self.__host = request.host_defect_dojo + def __init__(self, session: SessionManager): + self.__token = session._token + self.__host = session._host self.__session = session._instance - def get_products(self, request: ImportScanRequest) -> ProductList: - url = f"{self.__host}/api/v2/products/?name={request.code_app}" + + def get_products(self, request) -> ProductList: + url = f"{self.__host}/api/v2/products/" headers = {"Authorization": f"Token {self.__token}", "Content-Type": "application/json"} try: - response = self.__session.get(url, headers=headers, data={}, verify=VERIFY_CERTIFICATE) + response = self.__session.get(url, headers=headers, params=request, verify=VERIFY_CERTIFICATE) if response.status_code != 200: raise ApiError(response.json()) products_object = ProductList.from_dict(response.json()) diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_import_scan.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_import_scan.py index 06eaf7d2a..98c9572ba 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_import_scan.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_import_scan.py @@ -42,7 +42,7 @@ def test_user_case_creation(): assert isinstance(request, ImportScanRequest) rest_import_scan = ImportScanRestConsumer(request, SessionManager()) rest_product_type = ProductTypeRestConsumer(request, SessionManager()) - rest_product = ProductRestConsumer(request, SessionManager()) + rest_product = ProductRestConsumer(SessionManager()) rest_scan_configuration = ScanConfigrationRestConsumer(request, SessionManager()) rest_engagement = EngagementRestConsumer(request, SessionManager()) uc = ImportScanUserCase( diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/infraestucture/driver_adapter/test_product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/infraestucture/driver_adapter/test_product.py index 8eed484b6..486e7a4ec 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/infraestucture/driver_adapter/test_product.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/infraestucture/driver_adapter/test_product.py @@ -15,7 +15,7 @@ def test_get_product_info_success(): session_mock = session_manager_get(status_code=200, response_json_file="product_list.json") request = ImportScanRequest() - rest_product = ProductRestConsumer(request, session_mock) + rest_product = ProductRestConsumer(session_mock) product_obj = rest_product.get_products(request) # Verificar el resultado assert isinstance(product_obj, ProductList) @@ -29,14 +29,14 @@ def test_get_product_info_success(): def test_get_product_info_failure(): session_mock = session_manager_get(status_code=500, response_json_file="product_list.json") request = ImportScanRequest() - rest_product = ProductRestConsumer(ImportScanRequest(), session_mock) + rest_product = ProductRestConsumer(session_mock) with pytest.raises(ApiError): rest_product.get_products(request) def test_post_product_info_sucessfull(): session_mock = session_manager_post(status_code=201, mock_response="product.json") - rest_product = ProductRestConsumer(ImportScanRequest(), session_mock) + rest_product = ProductRestConsumer(session_mock) request = ImportScanRequest() request.product_name = "NU0212001_product name test_NU0212001" response = rest_product.post_product(request, 278) @@ -50,6 +50,6 @@ def test_post_product_info_sucessfull(): def test_post_product_info_failure(): session_mock = session_manager_post(status_code=500, mock_response="product.json") - rest_product_type = ProductRestConsumer(ImportScanRequest(), session_mock) + rest_product_type = ProductRestConsumer(session_mock) with pytest.raises(ApiError): rest_product_type.post_product(ImportScanRequest(), 278) From d1e0bcb1773914651cad9e9b8564bb1aa86865c4 Mon Sep 17 00:00:00 2001 From: Santiago Gaviria Oliveros Date: Fri, 4 Oct 2024 10:09:34 -0500 Subject: [PATCH 051/441] add unit tests --- .../defect_dojo/test_defect_dojo.py | 73 ++++++++++++++++++- 1 file changed, 69 insertions(+), 4 deletions(-) diff --git a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/defect_dojo/test_defect_dojo.py b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/defect_dojo/test_defect_dojo.py index 03fd8a53e..0f8675107 100644 --- a/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/defect_dojo/test_defect_dojo.py +++ b/tools/devsecops_engine_tools/engine_core/test/infrastructure/driven_adapters/defect_dojo/test_defect_dojo.py @@ -110,6 +110,57 @@ def test_send_vulnerability_management_exception(self): in str(context.exception) ) + @patch( + "devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo.SessionManager" + ) + @patch( + "devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo.Product.get_product" + ) + @patch( + "devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo.Connect.get_code_app" + ) + def test_get_product_type_service( + self, cmdb_code, mock_product, mock_session_manager + ): + service = "test" + dict_args = {"token_vulnerability_management": "token1"} + secret_tool = None + config_tool = { + "VULNERABILITY_MANAGER": { + "DEFECT_DOJO": { + "HOST_DEFECT_DOJO": "host_defect_dojo", + "LIMITS_QUERY": 80, + "MAX_RETRIES_QUERY": 5, + "REGEX_EXPRESSION_CMDB": "regex", + } + } + } + + mock_session_manager.return_value = MagicMock() + + cmdb_code.return_value = "CodigoApp" + + product_list = [ + MagicMock( + results=[ + MagicMock( + id=1, + name="name1", + prod_type=35, + ), + ], + prefetch=MagicMock(), + ) + ] + mock_product.side_effect = product_list + + result = self.defect_dojo.get_product_type_service( + service, dict_args, secret_tool, config_tool + ) + + mock_session_manager.assert_called_with("token1", "host_defect_dojo") + self.assertIsNotNone(result) + @patch( "devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo.SessionManager" ) @@ -506,7 +557,14 @@ def test_get_all_findings_exception(self): def test_get_active_engagements(self, mock_engagement, mock_import_scan_request): dict_args = {"token_vulnerability_management": "token1"} secret_tool = MagicMock() - config_tool = {"VULNERABILITY_MANAGER": {"DEFECT_DOJO": {"HOST_DEFECT_DOJO": "host_defect_dojo", "LIMITS_QUERY": 999}}} + config_tool = { + "VULNERABILITY_MANAGER": { + "DEFECT_DOJO": { + "HOST_DEFECT_DOJO": "host_defect_dojo", + "LIMITS_QUERY": 999, + } + } + } engagement_name = "engagement_name" mock_engagement.get_engagements.return_value = MagicMock() @@ -520,13 +578,20 @@ def test_get_active_engagements(self, mock_engagement, mock_import_scan_request) def test_get_active_engagements_exception(self): dict_args = {"token_vulnerability_management": "token1"} secret_tool = MagicMock() - config_tool = {"VULNERABILITY_MANAGER": {"DEFECT_DOJO": {"HOST_DEFECT_DOJO": "host_defect_dojo", "LIMITS_QUERY": 999}}} + config_tool = { + "VULNERABILITY_MANAGER": { + "DEFECT_DOJO": { + "HOST_DEFECT_DOJO": "host_defect_dojo", + "LIMITS_QUERY": 999, + } + } + } engagement_name = "engagement_name" with unittest.TestCase().assertRaises(Exception) as context: self.defect_dojo.get_active_engagements( - engagement_name, dict_args, secret_tool, config_tool - ) + engagement_name, dict_args, secret_tool, config_tool + ) assert "Error getting engagements with the following error:" in str( context.exception ) From 2b3be3b616761ea9a673784f3976c24c15a1a149 Mon Sep 17 00:00:00 2001 From: Santiago Gaviria Oliveros Date: Fri, 4 Oct 2024 11:17:04 -0500 Subject: [PATCH 052/441] add unit tests --- .../test/domain/usecases/test_handle_scan.py | 6 ++-- .../defect_dojo/applications/product.py | 2 -- .../test/applications/test_product.py | 36 +++++++++++++++++++ .../test/domain/user_case/test_product.py | 18 ++++++++++ 4 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/applications/test_product.py create mode 100644 tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_product.py diff --git a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py index 52b8c934b..c913f1acb 100644 --- a/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py +++ b/tools/devsecops_engine_tools/engine_core/test/domain/usecases/test_handle_scan.py @@ -1,5 +1,5 @@ import unittest -from unittest.mock import MagicMock +from unittest.mock import MagicMock, Mock from unittest import mock from devsecops_engine_tools.engine_core.src.domain.model.input_core import InputCore from devsecops_engine_tools.engine_core.src.domain.model.threshold import Threshold @@ -186,7 +186,9 @@ def test_process_with_engine_container(self, mock_runner_engine_container): stage_pipeline="Release", ) mock_runner_engine_container.return_value = findings_list, input_core - self.vulnerability_management.get_product_type_service.side_effect = MagicMock(name="PT1") + mock_product_type = Mock() + mock_product_type.name = "PT1" + self.vulnerability_management.get_product_type_service.return_value = mock_product_type # Call the process method result_findings_list, result_input_core = self.handle_scan.process( diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py index fef42f969..1c9fa1002 100644 --- a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/applications/product.py @@ -1,8 +1,6 @@ from devsecops_engine_tools.engine_utilities.utils.api_error import ApiError from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.product import ProductUserCase -from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import ImportScanRequest from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ProductRestConsumer -from devsecops_engine_tools.engine_utilities.utils.session_manager import SessionManager class Product: @staticmethod diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/applications/test_product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/applications/test_product.py new file mode 100644 index 000000000..3fdf2cab2 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/applications/test_product.py @@ -0,0 +1,36 @@ +from unittest.mock import MagicMock, patch + +from devsecops_engine_tools.engine_utilities.defect_dojo.applications.product import ( + Product, +) + + + +@patch( + "devsecops_engine_tools.engine_utilities.defect_dojo.applications.product.ProductRestConsumer" +) +def test_get_products(mock_product_rest_consumer): + mock_product_rest_consumer.return_value.get_products.return_value = ( + "response" + ) + session = MagicMock() + request = MagicMock() + assert Product.get_product(session, request) == "response" + + + +@patch( + "devsecops_engine_tools.engine_utilities.defect_dojo.applications.product.ProductRestConsumer" +) +def test_get_products_raises_api_error( + mock_product_rest_consumer +): + mock_product_rest_consumer.return_value.get_products.side_effect = Exception( + "error" + ) + session = MagicMock() + request = MagicMock() + try: + Product.get_product(session, request) + except Exception as e: + assert str(e) == "error" diff --git a/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_product.py b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_product.py new file mode 100644 index 000000000..86304d9a0 --- /dev/null +++ b/tools/devsecops_engine_tools/engine_utilities/defect_dojo/test/domain/user_case/test_product.py @@ -0,0 +1,18 @@ +from unittest.mock import Mock +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.user_case.product import ProductUserCase +from devsecops_engine_tools.engine_utilities.defect_dojo.infraestructure.driver_adapters.product import ProductRestConsumer +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.models.product import Product +from devsecops_engine_tools.engine_utilities.defect_dojo.domain.models.product_list import ProductList +from requests import Response + + +def test_execute_product_get(): + mock_rest_product = Mock() + # Creation mocks, get and close + mock_rest_product.get_products.return_value = ProductList(count=1, results=[Product(id=1), Product(id=2)]) + response = Response() + response.status_code = 200 + mock_rest_product.get_products.return_value = response + uc = ProductUserCase(mock_rest_product) + response = uc.execute({"codeapp": "name"}) + assert response.status_code == 200 From 6e4c37f507033e07d7e17c8ca11062d125786d01 Mon Sep 17 00:00:00 2001 From: Santiago Gaviria Oliveros Date: Fri, 4 Oct 2024 11:40:49 -0500 Subject: [PATCH 053/441] update doc --- docs/CONTRIBUTING.md | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 5bc754713..1bccd698e 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -62,9 +62,22 @@ Packages (directories) and modules (.py files) must be lowercase. We use the semantic release library to manage the release in the project. Please validate at the time of contribution that it complies with the standard commits - and Pull Request based on the library definition: -- [Semantic Release](https://semantic-release.gitbook.io/semantic-release) - -- [Semantic Versioning](https://semver.org/) +## [Semantic Release](https://semantic-release.gitbook.io/semantic-release) + +Available types: + - feat: A new feature + - fix: A bug fix + - docs: Documentation only changes + - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc) + - refactor: A code change that neither fixes a bug nor adds a feature + - perf: A code change that improves performance + - test: Adding missing tests or correcting existing tests + - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm) + - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs) + - chore: Other changes that don't modify src or test files + - revert: Reverts a previous commit + +You can find out more here. [Semantic Versioning](https://semver.org/) # GOVERNANCE From b3224a14acff4384cc5a3889fca34a6b7c1c2a92 Mon Sep 17 00:00:00 2001 From: Santiago Gaviria Oliveros Date: Fri, 4 Oct 2024 16:44:32 -0500 Subject: [PATCH 054/441] update pipeline --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a4205795..6e27da4dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,6 +74,7 @@ jobs: packages-dir: tools/dist/ - name: Build and tag Docker image + timeout-minutes: 2 run: | docker build --build-arg VERSION=${{ env.RELEASE_VERSION }} -t bancolombia/devsecops-engine-tools:${{ env.RELEASE_VERSION }} -f docker/Dockerfile . docker tag bancolombia/devsecops-engine-tools:${{ env.RELEASE_VERSION }} bancolombia/devsecops-engine-tools:${{ env.RELEASE_VERSION }} From 60f03e84c8db0577ccf0a200d76dcca4e904af5a Mon Sep 17 00:00:00 2001 From: Santiago Santa Date: Tue, 8 Oct 2024 09:32:01 -0500 Subject: [PATCH 055/441] feat(engine_dependencies): :fire: Break based on words from stderr --- dependency-check-report.json | 1 + dependency-check-report.xml | 31 +++++++++++++++++++ .../engine_dependencies/ConfigTool.json | 5 ++- .../xray_tool/xray_manager_scan.py | 12 +++++-- 4 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 dependency-check-report.json create mode 100644 dependency-check-report.xml diff --git a/dependency-check-report.json b/dependency-check-report.json new file mode 100644 index 000000000..79bcb7472 --- /dev/null +++ b/dependency-check-report.json @@ -0,0 +1 @@ +{"reportSchema": "1.1","scanInfo": {"engineVersion": "10.0.4","dataSource": [{"name": "NVD API Last Checked","timestamp": "2024-10-04T15:58:28-05"},{"name": "NVD API Last Modified","timestamp": "2024-10-04T20:15:07Z"}]},"projectInfo": {"name": "","reportDate": "2024-10-04T20:58:48.769407180Z","credits": {"NVD": "This product uses the NVD API but is not endorsed or certified by the NVD. This report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov","CISA": "This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog","NPM": "This report may contain data retrieved from the Github Advisory Database (via NPM Audit API): https://github.com/advisories/","RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/","OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org"}},"dependencies": [{"isVirtual": false,"fileName": "file_to_scan.tar: commons-collections-3.2.1.jar","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/commons-collections-3.2.1.jar","md5": "13bc641afd7fd95e09b260f69c1e4c91","sha1": "761ea405b9b37ced573d2df0d1e3a4e0f9edc668","sha256": "87363a4c94eaabeefd8b930cb059f66b64c9f7d632862f23de3012da7660047b","description": "Types that extend and augment the Java Collections Framework.","license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt","evidenceCollected": {"vendorEvidence": [{"type": "vendor","confidence": "HIGH","source": "file","name": "name","value": "commons-collections"},{"type": "vendor","confidence": "HIGHEST","source": "jar","name": "package name","value": "apache"},{"type": "vendor","confidence": "HIGHEST","source": "jar","name": "package name","value": "collections"},{"type": "vendor","confidence": "HIGHEST","source": "jar","name": "package name","value": "commons"},{"type": "vendor","confidence": "LOW","source": "Manifest","name": "bundle-docurl","value": "http:\/\/commons.apache.org\/collections\/"},{"type": "vendor","confidence": "MEDIUM","source": "Manifest","name": "bundle-symbolicname","value": "org.apache.commons.collections"},{"type": "vendor","confidence": "HIGH","source": "Manifest","name": "Implementation-Vendor","value": "The Apache Software Foundation"},{"type": "vendor","confidence": "MEDIUM","source": "Manifest","name": "Implementation-Vendor-Id","value": "org.apache"},{"type": "vendor","confidence": "LOW","source": "Manifest","name": "specification-vendor","value": "The Apache Software Foundation"},{"type": "vendor","confidence": "LOW","source": "pom","name": "artifactid","value": "commons-collections"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "amamment"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "bayard"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "craigmcc"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "geirm"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "jcarman"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "matth"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "morgand"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "psteitz"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "rdonkin"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "rwaldhoff"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer id","value": "scolebourne"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Arun M. Thomas"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Craig McClanahan"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Geir Magnusson"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Henri Yandell"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "James Carman"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Matthew Hawthorne"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Morgan Delagrange"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Phil Steitz"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Robert Burrell Donkin"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Rodney Waldhoff"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "developer name","value": "Stephen Colebourne"},{"type": "vendor","confidence": "HIGHEST","source": "pom","name": "groupid","value": "commons-collections"},{"type": "vendor","confidence": "HIGH","source": "pom","name": "name","value": "Commons Collections"},{"type": "vendor","confidence": "LOW","source": "pom","name": "parent-artifactid","value": "commons-parent"},{"type": "vendor","confidence": "MEDIUM","source": "pom","name": "parent-groupid","value": "org.apache.commons"},{"type": "vendor","confidence": "HIGHEST","source": "pom","name": "url","value": "http:\/\/commons.apache.org\/collections\/"}],"productEvidence": [{"type": "product","confidence": "HIGH","source": "file","name": "name","value": "commons-collections"},{"type": "product","confidence": "HIGHEST","source": "jar","name": "package name","value": "apache"},{"type": "product","confidence": "HIGHEST","source": "jar","name": "package name","value": "collections"},{"type": "product","confidence": "HIGHEST","source": "jar","name": "package name","value": "commons"},{"type": "product","confidence": "LOW","source": "Manifest","name": "bundle-docurl","value": "http:\/\/commons.apache.org\/collections\/"},{"type": "product","confidence": "MEDIUM","source": "Manifest","name": "Bundle-Name","value": "Commons Collections"},{"type": "product","confidence": "MEDIUM","source": "Manifest","name": "bundle-symbolicname","value": "org.apache.commons.collections"},{"type": "product","confidence": "HIGH","source": "Manifest","name": "Implementation-Title","value": "Commons Collections"},{"type": "product","confidence": "MEDIUM","source": "Manifest","name": "specification-title","value": "Commons Collections"},{"type": "product","confidence": "HIGHEST","source": "pom","name": "artifactid","value": "commons-collections"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "amamment"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "bayard"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "craigmcc"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "geirm"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "jcarman"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "matth"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "morgand"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "psteitz"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "rdonkin"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "rwaldhoff"},{"type": "product","confidence": "LOW","source": "pom","name": "developer id","value": "scolebourne"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Arun M. Thomas"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Craig McClanahan"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Geir Magnusson"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Henri Yandell"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "James Carman"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Matthew Hawthorne"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Morgan Delagrange"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Phil Steitz"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Robert Burrell Donkin"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Rodney Waldhoff"},{"type": "product","confidence": "LOW","source": "pom","name": "developer name","value": "Stephen Colebourne"},{"type": "product","confidence": "HIGHEST","source": "pom","name": "groupid","value": "commons-collections"},{"type": "product","confidence": "HIGH","source": "pom","name": "name","value": "Commons Collections"},{"type": "product","confidence": "MEDIUM","source": "pom","name": "parent-artifactid","value": "commons-parent"},{"type": "product","confidence": "MEDIUM","source": "pom","name": "parent-groupid","value": "org.apache.commons"},{"type": "product","confidence": "MEDIUM","source": "pom","name": "url","value": "http:\/\/commons.apache.org\/collections\/"}],"versionEvidence": [{"type": "version","confidence": "HIGH","source": "file","name": "version","value": "3.2.1"},{"type": "version","confidence": "HIGH","source": "Manifest","name": "Bundle-Version","value": "3.2.1"},{"type": "version","confidence": "HIGH","source": "Manifest","name": "Implementation-Version","value": "3.2.1"},{"type": "version","confidence": "LOW","source": "pom","name": "parent-version","value": "3.2.1"},{"type": "version","confidence": "HIGHEST","source": "pom","name": "version","value": "3.2.1"}]},"packages": [{"id": "pkg:maven\/commons-collections\/commons-collections@3.2.1","confidence": "HIGH","url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/commons-collections\/commons-collections@3.2.1?utm_source=dependency-check&utm_medium=integration&utm_content=10.0.4"}],"vulnerabilityIds": [{"id": "cpe:2.3:a:apache:commons_collections:3.2.1:*:*:*:*:*:*:*","confidence": "HIGHEST","url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Acommons_collections&cpe_version=cpe%3A%2F%3Aapache%3Acommons_collections%3A3.2.1"}],"vulnerabilities": [ {"source": "NVD","name": "CVE-2015-6420","severity" : "HIGH","cvssv2": {"score": 7.5 ,"accessVector": "NETWORK","accessComplexity": "LOW","authenticationr": "NONE","confidentialityImpact": "PARTIAL","integrityImpact": "PARTIAL","availabilityImpact": "PARTIAL","severity": "HIGH","version": "2.0","exploitabilityScore": "10.0","impactScore": "6.4"},"cwes": ["CWE-502"],"description": "Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.","notes": "","references": [ {"source": "ykramarz@cisco.com","url": "http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2018-4258247.html"}, {"source": "ykramarz@cisco.com","url": "https:\/\/lists.apache.org\/thread.html\/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E"}, {"source": "ykramarz@cisco.com","url": "http:\/\/www.securityfocus.com\/bid\/78872","name": "THIRD_PARTY_ADVISORY,VDB_ENTRY"}, {"source": "ykramarz@cisco.com","url": "https:\/\/h20566.www2.hpe.com\/portal\/site\/hpsc\/public\/kb\/docDisplay?docId=emr_na-c05390722","name": "THIRD_PARTY_ADVISORY"}, {"source": "ykramarz@cisco.com","url": "https:\/\/www.tenable.com\/security\/research\/tra-2017-23","name": "THIRD_PARTY_ADVISORY"}, {"source": "ykramarz@cisco.com","url": "https:\/\/www.tenable.com\/security\/research\/tra-2017-14","name": "THIRD_PARTY_ADVISORY"}, {"source": "ykramarz@cisco.com","url": "http:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20151209-java-deserialization","name": "THIRD_PARTY_ADVISORY"}, {"source": "ykramarz@cisco.com","url": "https:\/\/h20566.www2.hpe.com\/portal\/site\/hpsc\/public\/kb\/docDisplay?docId=emr_na-c05376917","name": "THIRD_PARTY_ADVISORY"}, {"source": "ykramarz@cisco.com","url": "https:\/\/www.kb.cert.org\/vuls\/id\/581311"}],"vulnerableSoftware": [ {"software": { "id":"cpe:2.3:a:apache:commons_collections:*:*:*:*:*:*:*:*","vulnerabilityIdMatched":"true","versionEndIncluding":"3.2.1"}}, {"software": { "id":"cpe:2.3:a:apache:commons_collections:4.0:*:*:*:*:*:*:*"}}]}]},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: .eslintrc.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/handlebars\/bin\/.eslintrc.js","md5": "04bcc41b73d63135381fbf144faa3087","sha1": "1a49d61b166658f27f310e0fb98b058cd6283700","sha256": "4de8bedb84d2d7e17d75b051fde8bdc7d391f520fa8df65b178ba8f6794ec7ec","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: DOMEval.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/core\/DOMEval.js","md5": "c2110c7a4ce3c6c2dab7c1f14d8158b7","sha1": "5e5e6492b5a3c0cd6f7b0e15c9d6296999709954","sha256": "d33a70be50fed0b534d976add9f4b45fdd3c7c49edf6ce9aa89ccdc5f564ad6a","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Data.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/data\/Data.js","md5": "6b1ed6335ef55c3ce5c3e626d555e3b8","sha1": "c52fef9da9e17e7965f3edf9b62ddbdda0cf62aa","sha256": "92b6e2abab4debd67367c8fa46cb5e419294ea04e6eefe0cc267f6c31ccf14d8","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: DateRollingFileStream-test.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/test\/DateRollingFileStream-test.js","md5": "0dc07a1a23ffa28847254947452dda3e","sha1": "bd1d9283dc3cd59607e1954896b127c6d3e054b9","sha256": "1169c8484c07b45a339167b1bed04182bf01af970be25466d39a07d561c6bc48","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: DateRollingFileStream.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/lib\/DateRollingFileStream.js","md5": "e90484490fee1a7676902ac4394e47c5","sha1": "15b1e33aa4b4ad5a6ef1d11a05756b4ee3e7678b","sha256": "c31c125bae9a0172baea155d2789f8b5d75f6768eb85496173485a162772746f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: DoublyLinkedList.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/internal\/DoublyLinkedList.js","md5": "f6ee9afabbc561ce5ceabcbb7fd1bfda","sha1": "01ae13ee3cb078f943c5f3891e32a8156c9941c4","sha256": "38597e7029ec508317cc91dc4583cce456f96bfb92c9cfa593252ba3a2154bf7","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: F.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/F.js","md5": "f1f813bcb827e9eff9c4505b06041845","sha1": "18f568c6af0e139bc63d9943f5e798fd09bf01b6","sha256": "49443aafae0d95656f2982f538f1e4f6501fc2e0feeec000c7fcfca4787c59d1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: F.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/F.js","sha256": "49443aafae0d95656f2982f538f1e4f6501fc2e0feeec000c7fcfca4787c59d1","sha1": "18f568c6af0e139bc63d9943f5e798fd09bf01b6","md5": "f1f813bcb827e9eff9c4505b06041845"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: F.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/F.js","sha256": "49443aafae0d95656f2982f538f1e4f6501fc2e0feeec000c7fcfca4787c59d1","sha1": "18f568c6af0e139bc63d9943f5e798fd09bf01b6","md5": "f1f813bcb827e9eff9c4505b06041845"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: F.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/F.js","sha256": "49443aafae0d95656f2982f538f1e4f6501fc2e0feeec000c7fcfca4787c59d1","sha1": "18f568c6af0e139bc63d9943f5e798fd09bf01b6","md5": "f1f813bcb827e9eff9c4505b06041845"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Func.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/prelude-ls\/lib\/Func.js","md5": "01e9cf2d5e7759dd0ef807c431c95aa3","sha1": "4c289807a465b74b25084d2fedc089c27b66153e","sha256": "8404f67c761acc6245d7fddbff21d0f9103bd9258531a5a530bca2dad211b6ea","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Heap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/internal\/Heap.js","md5": "cb278c5b38a753adf638ca862328a1b9","sha1": "4b9758b15eced36225266e53f2a73e4781275912","sha256": "3e21e8de39801f7369c89b8c4d99255276adf3ca09bb028a80731ac6a8bb1203","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: List.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/prelude-ls\/lib\/List.js","md5": "ac9551ba8621260a75bc25a565c255d0","sha1": "b12c13c83cae0d58bcc3c1aba002499a0a001590","sha256": "818ceab728da74d6efcfcd7a2201b581c3006325cccca706355d899d0e8c5172","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: LoggingEvent.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/log4js\/lib\/LoggingEvent.js","md5": "84c0993c0c72914551729e3c92faf347","sha1": "f74a8b10939d11e4ff451c3afbf47cdc4e5b4719","sha256": "ce73977702adf1d33656e6c141715c4cc5bee5f62230236ab57c755e0c8730ef","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Makefile.dryice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/escodegen\/node_modules\/source-map\/Makefile.dryice.js","md5": "2704605a978645b0c57e0aae26cbaca5","sha1": "534e259048f9bad31337245dbae509ae9c33153f","sha256": "03516dd82ca99d3caf31f5bf495abc3cf1758ea6992cfd1c3812dee89df55831","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Mime.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/mime\/Mime.js","md5": "c82224f69a34984d4b584d2b5e0d65dc","sha1": "e5f6d9439e3e66799819d94b0641e6f3b87cc031","sha256": "3c013e1a7f639577eb65bd3c36804073881553e7d3a2d719d91653c7fa0f2492","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: NaN.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/deep-is\/test\/NaN.js","md5": "438e4cbe7bfea98fc2801cf96ebf29c9","sha1": "f910aeb95568f18c50e23a8abba0c3501109c730","sha256": "09c77aea01c1bd2b7286da8d406b56551b7e554e9233f895c98e81ccf3788eb9","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Num.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/prelude-ls\/lib\/Num.js","md5": "e63b11f313ab467ad4c65e4d0d61e142","sha1": "acd641a345a8fd7afea30ea99f5351f5bd6d77c4","sha256": "3f53901fd326725bbd65228e4d7a309396c7be8a652f2c61eb37fcb4461ac692","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Obj.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/prelude-ls\/lib\/Obj.js","md5": "1a675fb98c0d6acd1c46b538ae21b5eb","sha1": "50a5fd13253ff7571cb49eb580a7c8b80bf00b54","sha256": "476415e8724b7d2001a851ad445257e6824f06eed42924a1f17d199a195d8731","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: ObjectFunctionString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/var\/ObjectFunctionString.js","md5": "c81564edaa40fb0aa2a6ff6eb363f2d6","sha1": "7bccbb02e6baaf6fb14867a4fa6ff0f7d8298037","sha256": "f32988ec45b092310c6217776ba91200ee46e8acc2b9bf58a824f9a64c45d58b","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Player.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/lib\/jasmine_examples\/Player.js","md5": "6f2b98d2d09d4ea0dca34afc70ab6e5f","sha1": "bad0ed71b3c8c6f0590595a3660729ce1c111393","sha256": "8dd3ce4b24552d93d00bc721c0d6cdb929b368521d481526c905f6df8f7962ac","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Player.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/lib\/jasmine_examples\/Player.js","sha256": "8dd3ce4b24552d93d00bc721c0d6cdb929b368521d481526c905f6df8f7962ac","sha1": "bad0ed71b3c8c6f0590595a3660729ce1c111393","md5": "6f2b98d2d09d4ea0dca34afc70ab6e5f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Player.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/src\/Player.js","md5": "9ef81e3ca9d06baa8831ffb1c3f3b025","sha1": "fc6fe8fbacbcb6655b3e70e31fdc08b1a7ffb43d","sha256": "a47316d26722eb4ef6795779aaea4e6426e0fbc662b9feae1c8c2fccf8e0c942","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Player.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/src\/Player.js","md5": "5398c94eccb50913d44147a467803934","sha1": "b667b7adf9b33a8df7e06e2bd4a4c2f18a8cacda","sha256": "df86cadc05ae752e78b03dabdf6332dfdb2fb5016d4cf4572c81e57779cc62c4","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: PlayerSpec.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/spec\/jasmine_examples\/PlayerSpec.js","md5": "8c9c8de18e2c20baf712be71cb5eaeae","sha1": "9047b2528dcb862c86834faf820bf7c521007fd6","sha256": "b7b84ed4eaa04d52547ed22ecd0f8617da3c85d2c16ee4a45fccab9e2a94bd22","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: PlayerSpec.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/spec\/jasmine_examples\/PlayerSpec.js","sha256": "b7b84ed4eaa04d52547ed22ecd0f8617da3c85d2c16ee4a45fccab9e2a94bd22","sha1": "9047b2528dcb862c86834faf820bf7c521007fd6","md5": "8c9c8de18e2c20baf712be71cb5eaeae"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: PlayerSpec.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/spec\/PlayerSpec.js","md5": "354e2d1affb415e2d16332790e41d3c6","sha1": "39b116eab81acb18c095dc3b553d5963f38f836e","sha256": "c1891ba528661d7437c1a7f4fdd0248d355f07656e681f3ad82a69086e4d2f61","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: PlayerSpec.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/spec\/PlayerSpec.js","sha256": "c1891ba528661d7437c1a7f4fdd0248d355f07656e681f3ad82a69086e4d2f61","sha1": "39b116eab81acb18c095dc3b553d5963f38f836e","md5": "354e2d1affb415e2d16332790e41d3c6"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: RollingFileStream-test.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/test\/RollingFileStream-test.js","md5": "0dbe6862e037038b0f771121ae26b1aa","sha1": "f27a38d8ed3081aceffbcc219f8c007a382caa08","sha256": "28f157428bcc190ca7dd9a1a714a444b5fce62f5afbc7428062be5891a32504b","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: RollingFileStream.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/lib\/RollingFileStream.js","md5": "72e4b1dd9cf489b6bef9280b902047cd","sha1": "3bd18cd1c41461757c071fa5ae4449ff2f09d8d6","sha256": "df2cd601eea43a37f17cc8750f431fe56f94ad933832e05b3a46fca17c3b439f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: RollingFileWriteStream-test.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/test\/RollingFileWriteStream-test.js","md5": "ec298509993b380f6e7b4cb7e340a212","sha1": "ff79b205ea30b26fce7888eaca4108e67476793a","sha256": "ef39cab69decac66549d3fd87fcda1e13f183f76eb44c364041bb1b9d5f9bcde","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: RollingFileWriteStream.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/lib\/RollingFileWriteStream.js","md5": "e439491cc2c8b005efc078d6dd36565b","sha1": "806ead55a4cf4eec5d36a7b75bb46609ca8ead9a","sha256": "fe48c067385893d9380b4407f48a654845189ab04061445cf0e60aa419d06ae1","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Song.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/lib\/jasmine_examples\/Song.js","md5": "d84541cb77de54ee627f16c2c5cf1a38","sha1": "57db7e6e6c12c23373d83cb412e90601e643d0dc","sha256": "4a7be7d03e4dfcd3c694101ed76f50e90fd6106b2b491f8591574f7cb92a3e9b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Song.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/lib\/jasmine_examples\/Song.js","sha256": "4a7be7d03e4dfcd3c694101ed76f50e90fd6106b2b491f8591574f7cb92a3e9b","sha1": "57db7e6e6c12c23373d83cb412e90601e643d0dc","md5": "d84541cb77de54ee627f16c2c5cf1a38"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Song.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/src\/Song.js","md5": "fa5e957253a15bef86981e410a277a8f","sha1": "f92b09ce7a87df006ba9c648f196f6a651cacc68","sha256": "778f9d7f0f96b54f4ff169077d770e13141097d6bddf41a3ea8788a1a91cb10c","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Song.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/src\/Song.js","md5": "1c7de0208059532b7a4ed1991afb188f","sha1": "0ae15b6f36dbca82eebafb2d6d02701265ca3cf9","sha256": "676a725aa543d21fbf2f98b899a89804ae472e93d25bc4f115b4914af237a610","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: SpecHelper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/spec\/helpers\/jasmine_examples\/SpecHelper.js","md5": "fe2042603c6e875a874b1278d5295e49","sha1": "2a70b1e929104a4ad8b0729cad20fd0b88cad0cc","sha256": "08091f36510e6ba49d6019fe70f0f76243666a5ad67d652533b7e1388d69e2c1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: SpecHelper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/node_example\/spec\/helpers\/jasmine_examples\/SpecHelper.js","sha256": "08091f36510e6ba49d6019fe70f0f76243666a5ad67d652533b7e1388d69e2c1","sha1": "2a70b1e929104a4ad8b0729cad20fd0b88cad0cc","md5": "fe2042603c6e875a874b1278d5295e49"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: SpecHelper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/spec\/SpecHelper.js","md5": "3ed85f042f5fbacf97d04b04537bd9de","sha1": "2895bae1c259f4e9e35da3a3c8bc3248034700de","sha256": "683177adff0eab2ed73d8f9bb2fa80e6cebbd92d7d42961528eb806602f2de26","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: SpecHelper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jasmine\/node_modules\/jasmine-core\/lib\/jasmine-core\/example\/spec\/SpecHelper.js","sha256": "683177adff0eab2ed73d8f9bb2fa80e6cebbd92d7d42961528eb806602f2de26","sha1": "2895bae1c259f4e9e35da3a3c8bc3248034700de","md5": "3ed85f042f5fbacf97d04b04537bd9de"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Str.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/prelude-ls\/lib\/Str.js","md5": "584b7e69d935c262fb094af27762d48f","sha1": "24856515dc284d9d93512f693d56eebff760e649","sha256": "be9d8199dff1a8e575ab1562cc4c286a81f56b90b8db50e41641a7bd10e2b167","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: T.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/T.js","md5": "95857c6d0f22c18c28feefd409ed737e","sha1": "f10191c08571d40fee301d26e97240125511bb31","sha256": "46da2a184b61b5875b44ea61f4004d12bb0981bd0c03ddf7707ac41e7892d50a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: T.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/T.js","sha256": "46da2a184b61b5875b44ea61f4004d12bb0981bd0c03ddf7707ac41e7892d50a","sha1": "f10191c08571d40fee301d26e97240125511bb31","md5": "95857c6d0f22c18c28feefd409ed737e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: T.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/T.js","sha256": "46da2a184b61b5875b44ea61f4004d12bb0981bd0c03ddf7707ac41e7892d50a","sha1": "f10191c08571d40fee301d26e97240125511bb31","md5": "95857c6d0f22c18c28feefd409ed737e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: T.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/T.js","sha256": "46da2a184b61b5875b44ea61f4004d12bb0981bd0c03ddf7707ac41e7892d50a","sha1": "f10191c08571d40fee301d26e97240125511bb31","md5": "95857c6d0f22c18c28feefd409ed737e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Tween.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/effects\/Tween.js","md5": "3433c357c24d0e1c1bd89123e3bb7c29","sha1": "76f51121c132b4a23c26218afe2df13a0a3e4169","sha256": "ff2501e992ae04d1e5df8a584349a9c91be6c32cac5a678158ccae7b29389d1b","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Utility.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/Utility.js","md5": "cf6b3aded86743cd56f3ca7d4a749a49","sha1": "da9fb95626247d98c7a46d25bafa815db98ce8d6","sha256": "8905bc5d2bf8f61bc5085bd218fc861d30a1346871722573c415443cf32aaa05","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: Utility.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/Utility.js","md5": "f2e5320b0df05216490af4c1afa14339","sha1": "64d1a158ed3888b9d32b220be9c692c8b28423b9","sha256": "8257bd1c99e76af938385a465b516a614eabc9bf6fbf54644c103e4cb45c02b0","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLAttribute.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLAttribute.js","md5": "1af2bc97f0c9476d3685f96d07809eb2","sha1": "abaa413806048aef0eb0ee64a4e2ec4f1c31cf65","sha256": "409704b8a7ce687de52e386eb567e7fff93e64b96cdb6bfab2fa556909cbdbb1","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLAttribute.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLAttribute.js","md5": "43816c080566b646486efdce38d446f5","sha1": "4b0096c859d4d5922f1f7fd4124ca469087e4526","sha256": "6162795813b3e56856bd7fb1577588fcad53c0b63e1e6cb6c8880f9b1e0bfed7","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLCData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLCData.js","md5": "9b57cd35ec708de711b1ab0fca9dded9","sha1": "cff808abea24241c9a2a7b5f9c73d7a71685b745","sha256": "4b82373fb3ba1e3c1867f8066bb7db8acfbc76645da5d607088833509e5a691b","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLCData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLCData.js","md5": "bd1569c5dcad61b01c6a77de5d710166","sha1": "405ba33d0cb86c30f24043b4abf288a902d5e3fb","sha256": "63879b79c7ddf2d4216b7cc0eed989d4f0c75e9d4ef0054cfa230493df98189b","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLComment.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLComment.js","md5": "0eef03ce13014cbfae5a74bca5d0fdf7","sha1": "0dc96f7b50b6a7b31de967162d2ee7b47d6224d2","sha256": "016eebc46a08fc7089ddd261d0596eb5b86942d35fa8501bb70fe14954dd26f5","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLComment.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLComment.js","md5": "68dcb0d5b15f05a69ab7967d777cdc43","sha1": "a0cf4546b0c4b7c3bbeb45e5327b5b6fd24c9b61","sha256": "58f931fe6ab45523bee3d1a163ac7a2e40e0b60d918a5762fa77d640dea29e6d","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDAttList.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDTDAttList.js","md5": "46aef42810eb85692d0c01eb8a127b23","sha1": "8141202878c32ec88de96e2da992862e11eb64b5","sha256": "be12abc3cbfaecb705516ab22dbbc1707d0e16a83c737599223866fa8d96b7ec","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDAttList.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDTDAttList.js","md5": "1cab2449ed32439ad5e577cb1ad8e387","sha1": "5710ffb2818342f740bc3b8b71b59fc999ab3c24","sha256": "291f6d0b5b8657141142cc56f5b706de84016ec00a0b195f84332a09668c7391","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDElement.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDTDElement.js","md5": "d5b3528446cefbcf6e27861653b70d9a","sha1": "dbd3512e8e365b4a01eb8247f39568a5edb9ae4c","sha256": "9c0c2bbd4ced69c61d97fdac3d34f7029cf909accf758a5c8b43b5a95b604b17","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDElement.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDTDElement.js","md5": "02e56c36871b8303d8de114cae985ef7","sha1": "74032f400698ed4cb31bde0078cda0c7048a3ca5","sha256": "d5c6daaf48104fda17effb0ca61e4c8fcc229c61527778c22e53ff352aec2e6f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDEntity.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDTDEntity.js","md5": "6c77b225adb8673e582108d844030329","sha1": "d98119df3dc62c540b88f4a0256ac28b51eaabdc","sha256": "8fe9ef1c5d3679f18cb4ef3d583ffad2164bed1daeab2fd82446f60c772244fc","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDEntity.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDTDEntity.js","md5": "ca605c5e70efab050b29c603108922a3","sha1": "ca0e892939ab0896c64879924d402ab12f473632","sha256": "5400f339c834b7f81dafb132411965129958329e72360f00b6f2bffbfdada73f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDNotation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDTDNotation.js","md5": "07a7374f8da8704381e51517eec46974","sha1": "a0d2dfe125df4b0a65f8112748b3f7d69f7ea4c2","sha256": "8a6800bff9b96e3308f1b6d3b6fdfec0fc20e215a7edcc0f62dc9e0bc5355522","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDTDNotation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDTDNotation.js","md5": "ea232a966201039bfd813836fc9b075b","sha1": "6346854a307a82e83df3da3739719f1ead6f37ab","sha256": "14810c149c1ae5f8f800c38c247904490bffeb38fd1c30980a9322d4b22f31f5","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDeclaration.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDeclaration.js","md5": "cc4f2d53adf1ec0f5a36db17d9aed6ac","sha1": "2f41b8ab3d403c11721cb1e533429ecb643e7ff4","sha256": "846ad092eef7526733a39e661c634c90f399fa642b65c27351a9539cdca9e892","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDeclaration.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDeclaration.js","md5": "661d914f9a74d8c3dbee99d735e957cc","sha1": "8840fa43d98024f15a2c95d2be7d2d02b5e0c47f","sha256": "2c4bc2aeca214106c3e09ff0b8962e0088d1d24564bca2ed2cca64c0d98027c7","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDocType.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDocType.js","md5": "fd60191de4d000049a5d4bbe02928c3f","sha1": "66204567f1816fd52eeddfa95aee495f93fe0d79","sha256": "b845b4fc4097f625530eae8ed75da771799e0d99fc9ccd95a2700ab0b16eba2a","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDocType.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDocType.js","md5": "6b237dc37df64e1b6aced0a87ce044e5","sha1": "11b3a20b3c316465d28df1c09ffa7ae862c6e82c","sha256": "bad561c6bdc9e914722439515614d07ac3a540502239d77c3dcb357127fe8a97","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDocument.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDocument.js","md5": "43c762761dd70bdbae3435071f5ffc45","sha1": "30d0d2cf3e618f3b80d4899df866df0e2c58d505","sha256": "d690ecced49b47795f4bd446c2cecb6946f034ada6547f446f26799f9a8c11d7","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDocument.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDocument.js","md5": "8d812a7f60c1535720e17a0941b76e04","sha1": "37aed15799efaf1bb7a55808c78988226976bc68","sha256": "90273ee6c86d94cf0b0735f850f97722c13e7e3d9ccf6cadc4f913058738d3d8","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDocumentCB.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLDocumentCB.js","md5": "4fb29bc7fd2fc70526741af93ef4241b","sha1": "96de98bb1c05de623a93ab2b191d25396063f586","sha256": "02d94bf95def5736b55acae48fa00ea503d74daa72b9b656d746ebb486726b7e","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLDocumentCB.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLDocumentCB.js","md5": "20f092e85d7520093a0083c8daf65823","sha1": "a3320d52dc9b1c9365d3fb1675b46379eac2cff2","sha256": "9fde60ad19e3ef5e952bc63add0ff5bdc23491ea0e144a36faf34543b11a3df1","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLElement.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLElement.js","md5": "2d61fd7a8af6652b48582e08a297614f","sha1": "f2685ef481824410d72c280c76c5cf6b0c87207e","sha256": "d0ae25a34e82311927c56c853432fb9d1335edc1baf8b2ca5130268499c323f4","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLElement.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLElement.js","md5": "53aa9b4976810ee46c08f3fc42e216ec","sha1": "8c7ecc2fe5828b921a36cb705c444ac9facac1ff","sha256": "ca969393817741a788e2351369e2a0f6fd8025e879397b17af3cbaab8ed81c74","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLHttpRequest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlhttprequest-ssl\/lib\/XMLHttpRequest.js","md5": "319d7515a8c1462ca004ecc1872c2bf5","sha1": "74e1adf46d07a0facee76db2aa87917b1ec962e4","sha256": "b6233ab7fb548a4b5b462fbf9054c0779ac32fe7533cceb44e1ef1fe7f46aa5a","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLNode.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLNode.js","md5": "03e0e4dddc2f3d299c8224f96a13b516","sha1": "413a17d16a97d402a48c175928132380e9101aca","sha256": "d5a195868af96f7b754790204ecd0aab46d5b27de0c4e39d5c0734d6a223d8f0","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLNode.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLNode.js","md5": "50e015042cd7cb1ff647526ad14ccc97","sha1": "38a7767c427a3083d628316635ab5a916f1bf1eb","sha256": "558f7e8c94c8774445947448a8c4d56eeb17d7d4243cf8f4070ff9055a7b0f0d","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLProcessingInstruction.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLProcessingInstruction.js","md5": "4747450f959756c17da97e75fdc05680","sha1": "8886d1666134b4b201aad18e4e9fd7cb50bf84e8","sha256": "5a19762a2c0ca78f43ba9f2961b67c6de4b84159feeca80dc2e673a03fbf297f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLProcessingInstruction.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLProcessingInstruction.js","md5": "1b96174073e95f012ee6b16a1e897145","sha1": "8c4e6fdbf2c02a1d8ddfe85c0573fe639392ebaf","sha256": "99ff817b6d4d1c5efb04cca8017887e17cb4811b871b53a9a369b35b9d7935f8","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLRaw.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLRaw.js","md5": "b63df2cee8e8538b025db23c72f9eabe","sha1": "16457ad0dafbdedb740f21f9b71502bec706ecf3","sha256": "267d9454411ebf47a19e1e9151996bd73a3e1762ba44b5171b8d0fbbf6b120db","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLRaw.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLRaw.js","md5": "9e4b08f8644ca20b1417d183bc2cdac3","sha1": "a21e65dd6b1b872438db260215bf1c4af9458761","sha256": "2d9f2c4c0400517c9ca0ffb199e2139cc0f6606f86f6d8b8a4794e5c7a502b52","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLStreamWriter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLStreamWriter.js","md5": "2d8dbc1a93d920da264af811a360dd22","sha1": "e8bb2d9911750e5ca1d873d1c9a38cc9cd2c57e9","sha256": "76eac17aebdc25ee368a11ef98f025df5f47bb02794e4c631bdceb68545a1d89","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLStreamWriter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLStreamWriter.js","md5": "ac380a910bda54af72a56dcee298c752","sha1": "a144fae9f7c2c80a475719f10e493b62582333de","sha256": "c94912ce3be7a03499f6881f45dad75688227de71ff248327ddbbb7f62e83c8f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLStringWriter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLStringWriter.js","md5": "fbef6c7daf0ceba404149f519f189435","sha1": "4bd95e73367ef8e847680fae4a45bec77aa1bd67","sha256": "097cbb02e2d7a948a92a27d68ec9c294ae79ae6aec8f97a0b05ffbd26be0aa4b","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLStringWriter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLStringWriter.js","md5": "6494be0cc491f3b4ff39ef2d76ca1473","sha1": "c1366d92e92d8e0dfe4fba3e0f34d79f259a9893","sha256": "6765e9d74747e9c8545f9de5a66dd697aea9fd59948708676206bd185f75abc0","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLStringifier.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLStringifier.js","md5": "a6e43bcfd7253e91e132c29c4c3a02ac","sha1": "ba862327aee760dab52ebee97c26c677292587c2","sha256": "0a7ce99c2b8cf9371691b60cd1f3d0b2f8f18e0462c89e5800dcb4a3bd220be9","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLStringifier.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLStringifier.js","md5": "8e8e53685fad4099a1d1b41a4b7d8342","sha1": "4c2834de19cb89e4cdc2766c45bc194633fa3131","sha256": "e4a87e7b24cf3cde487e5388417f976799dbe95a1d93a34b7c4b6e01c545dafa","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLText.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLText.js","md5": "eb4aa02741dd00f2b939b2b5249e78fd","sha1": "b44056841dbc93e08983174454532f886b8f671c","sha256": "64d9ea98ff7257a25dc779131454b995e9ea4b9f30fa4a3eb7e0fd3a3fc995f9","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLText.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLText.js","md5": "ba3d3f9a808fd313c15dd89a02de3ca2","sha1": "700db9e10de95d2c7a1ed2e94c5a2f25a9e38812","sha256": "e7bfcd804bdf5b1a72745c71f7f8fc071f07c1427fa202ae9e6600e9dddd3911","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLWriterBase.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-trx-reporter\/node_modules\/xmlbuilder\/lib\/XMLWriterBase.js","md5": "62d0fa18fa7d604fa4b6cdf978d5dd41","sha1": "974970b563b655971f2112259927c686bb262280","sha256": "808a2351bf6aaced0900a1a232abcf1af574dfd822b20fa713e3c1e69d0d6309","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: XMLWriterBase.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/xmlbuilder\/lib\/XMLWriterBase.js","md5": "8ed002a3c95fc1886c1624437a0c446e","sha1": "69e8a03a8f0c5f75498be7c37ed9e7e0b6e8a4af","sha256": "741e310ef791854b5f3e8dc8ac0d175456302b827c10abf0eda046fc9cff2e8e","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/optimist\/test\/_.js","md5": "03c59a828196ebde70153780bcfb922e","sha1": "9a0ba87a274cc3a7374d4f84392e68c21b22fd8a","sha256": "f97c69f6b11f573d5465cd42c129ebcc9e599256beb63fcddad284743a3a7949","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _DataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_DataView.js","md5": "53160c15f9901d944fcd60dc8d89a9f5","sha1": "f5780de8f4171ced0e5f4c52aba30e58660070e4","sha256": "37b8d46c9ca5e53bac157a23154bb3701759fb616ee7e2dc04aa2a7a2715c0bb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _DataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_DataView.js","sha256": "37b8d46c9ca5e53bac157a23154bb3701759fb616ee7e2dc04aa2a7a2715c0bb","sha1": "f5780de8f4171ced0e5f4c52aba30e58660070e4","md5": "53160c15f9901d944fcd60dc8d89a9f5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _DataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_DataView.js","sha256": "37b8d46c9ca5e53bac157a23154bb3701759fb616ee7e2dc04aa2a7a2715c0bb","sha1": "f5780de8f4171ced0e5f4c52aba30e58660070e4","md5": "53160c15f9901d944fcd60dc8d89a9f5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _DataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_DataView.js","sha256": "37b8d46c9ca5e53bac157a23154bb3701759fb616ee7e2dc04aa2a7a2715c0bb","sha1": "f5780de8f4171ced0e5f4c52aba30e58660070e4","md5": "53160c15f9901d944fcd60dc8d89a9f5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Hash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Hash.js","md5": "41b6d81dbf2096e96da571720a1e32a9","sha1": "572ffd33bbac9360f2d2591f7b44f72077d52297","sha256": "853c8a1c5c0b0e14fc873804db3943d3a4ba6378da6ee3793d44a12ace5871c5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Hash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Hash.js","sha256": "853c8a1c5c0b0e14fc873804db3943d3a4ba6378da6ee3793d44a12ace5871c5","sha1": "572ffd33bbac9360f2d2591f7b44f72077d52297","md5": "41b6d81dbf2096e96da571720a1e32a9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Hash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Hash.js","sha256": "853c8a1c5c0b0e14fc873804db3943d3a4ba6378da6ee3793d44a12ace5871c5","sha1": "572ffd33bbac9360f2d2591f7b44f72077d52297","md5": "41b6d81dbf2096e96da571720a1e32a9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Hash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Hash.js","sha256": "853c8a1c5c0b0e14fc873804db3943d3a4ba6378da6ee3793d44a12ace5871c5","sha1": "572ffd33bbac9360f2d2591f7b44f72077d52297","md5": "41b6d81dbf2096e96da571720a1e32a9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LazyWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_LazyWrapper.js","md5": "248e801194d501fb3bf3402cad21cf74","sha1": "9fc0cec80e680d4fe00cf4e33672e7f06d4b9b79","sha256": "82ab7999bba741c5ad424a6c3da55177a799e53f0a18c3d726d9d7f7e58783ee","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LazyWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_LazyWrapper.js","sha256": "82ab7999bba741c5ad424a6c3da55177a799e53f0a18c3d726d9d7f7e58783ee","sha1": "9fc0cec80e680d4fe00cf4e33672e7f06d4b9b79","md5": "248e801194d501fb3bf3402cad21cf74"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LazyWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_LazyWrapper.js","sha256": "82ab7999bba741c5ad424a6c3da55177a799e53f0a18c3d726d9d7f7e58783ee","sha1": "9fc0cec80e680d4fe00cf4e33672e7f06d4b9b79","md5": "248e801194d501fb3bf3402cad21cf74"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LazyWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_LazyWrapper.js","sha256": "82ab7999bba741c5ad424a6c3da55177a799e53f0a18c3d726d9d7f7e58783ee","sha1": "9fc0cec80e680d4fe00cf4e33672e7f06d4b9b79","md5": "248e801194d501fb3bf3402cad21cf74"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _ListCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_ListCache.js","md5": "bd633258469fc42792b94ec35421b7c4","sha1": "6df951af4fe1c2e428720e3fea6f7be3e6c64edc","sha256": "2b10bf68a2e572e392f8f5b1d47c8fbd3f759d1fc80482bf57bc768596ec862c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _ListCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_ListCache.js","sha256": "2b10bf68a2e572e392f8f5b1d47c8fbd3f759d1fc80482bf57bc768596ec862c","sha1": "6df951af4fe1c2e428720e3fea6f7be3e6c64edc","md5": "bd633258469fc42792b94ec35421b7c4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _ListCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_ListCache.js","sha256": "2b10bf68a2e572e392f8f5b1d47c8fbd3f759d1fc80482bf57bc768596ec862c","sha1": "6df951af4fe1c2e428720e3fea6f7be3e6c64edc","md5": "bd633258469fc42792b94ec35421b7c4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _ListCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_ListCache.js","sha256": "2b10bf68a2e572e392f8f5b1d47c8fbd3f759d1fc80482bf57bc768596ec862c","sha1": "6df951af4fe1c2e428720e3fea6f7be3e6c64edc","md5": "bd633258469fc42792b94ec35421b7c4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LodashWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_LodashWrapper.js","md5": "e22e3da1ea96f05e819e1305fd66ca52","sha1": "d1b595bd38e7764539f2cf99d2374f5c5aa72d70","sha256": "48b34858ac0dcc49bbf4e62a863a6bdd0dad39d238a50de389ac2cd938667e6e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LodashWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_LodashWrapper.js","sha256": "48b34858ac0dcc49bbf4e62a863a6bdd0dad39d238a50de389ac2cd938667e6e","sha1": "d1b595bd38e7764539f2cf99d2374f5c5aa72d70","md5": "e22e3da1ea96f05e819e1305fd66ca52"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LodashWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_LodashWrapper.js","sha256": "48b34858ac0dcc49bbf4e62a863a6bdd0dad39d238a50de389ac2cd938667e6e","sha1": "d1b595bd38e7764539f2cf99d2374f5c5aa72d70","md5": "e22e3da1ea96f05e819e1305fd66ca52"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _LodashWrapper.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_LodashWrapper.js","sha256": "48b34858ac0dcc49bbf4e62a863a6bdd0dad39d238a50de389ac2cd938667e6e","sha1": "d1b595bd38e7764539f2cf99d2374f5c5aa72d70","md5": "e22e3da1ea96f05e819e1305fd66ca52"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Map.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Map.js","md5": "6e6db9e05e392a887cccd9cccb9fdbee","sha1": "d58862090ce31a3295cb1dae73e44dcdba9b70bc","sha256": "69ecf277dfdd5d1e16993fdc264e011927c1174fd9610648a16ca32d4a275200","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Map.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Map.js","sha256": "69ecf277dfdd5d1e16993fdc264e011927c1174fd9610648a16ca32d4a275200","sha1": "d58862090ce31a3295cb1dae73e44dcdba9b70bc","md5": "6e6db9e05e392a887cccd9cccb9fdbee"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Map.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Map.js","sha256": "69ecf277dfdd5d1e16993fdc264e011927c1174fd9610648a16ca32d4a275200","sha1": "d58862090ce31a3295cb1dae73e44dcdba9b70bc","md5": "6e6db9e05e392a887cccd9cccb9fdbee"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Map.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Map.js","sha256": "69ecf277dfdd5d1e16993fdc264e011927c1174fd9610648a16ca32d4a275200","sha1": "d58862090ce31a3295cb1dae73e44dcdba9b70bc","md5": "6e6db9e05e392a887cccd9cccb9fdbee"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _MapCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_MapCache.js","md5": "fde1cbe29ad8b77aec363185c06d3099","sha1": "afed02775f092be6e7328f19b6991a419baac9c7","sha256": "5db84bcbca26aec6bceed93b1ab05c496ac2be3e1623d226ca46f39d367cc265","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _MapCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_MapCache.js","sha256": "5db84bcbca26aec6bceed93b1ab05c496ac2be3e1623d226ca46f39d367cc265","sha1": "afed02775f092be6e7328f19b6991a419baac9c7","md5": "fde1cbe29ad8b77aec363185c06d3099"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _MapCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_MapCache.js","sha256": "5db84bcbca26aec6bceed93b1ab05c496ac2be3e1623d226ca46f39d367cc265","sha1": "afed02775f092be6e7328f19b6991a419baac9c7","md5": "fde1cbe29ad8b77aec363185c06d3099"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _MapCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_MapCache.js","sha256": "5db84bcbca26aec6bceed93b1ab05c496ac2be3e1623d226ca46f39d367cc265","sha1": "afed02775f092be6e7328f19b6991a419baac9c7","md5": "fde1cbe29ad8b77aec363185c06d3099"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Promise.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Promise.js","md5": "731f15cb043472b49924f03d77a973b7","sha1": "7c7b81e303018a3045ca269b1be551224b607790","sha256": "4f8391d51b7100e4d8c82f71ac8d77ac0a9ec05d327afd5fdc1855d2a997040d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Promise.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Promise.js","sha256": "4f8391d51b7100e4d8c82f71ac8d77ac0a9ec05d327afd5fdc1855d2a997040d","sha1": "7c7b81e303018a3045ca269b1be551224b607790","md5": "731f15cb043472b49924f03d77a973b7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Promise.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Promise.js","sha256": "4f8391d51b7100e4d8c82f71ac8d77ac0a9ec05d327afd5fdc1855d2a997040d","sha1": "7c7b81e303018a3045ca269b1be551224b607790","md5": "731f15cb043472b49924f03d77a973b7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Promise.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Promise.js","sha256": "4f8391d51b7100e4d8c82f71ac8d77ac0a9ec05d327afd5fdc1855d2a997040d","sha1": "7c7b81e303018a3045ca269b1be551224b607790","md5": "731f15cb043472b49924f03d77a973b7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Set.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Set.js","md5": "19e16c9a6fdb4be5a6f311f604b00f47","sha1": "d55df157d59851d181aae5086ac2b703f41e422d","sha256": "0517203198c611581586fe06691eaa5f7b242e362ee1d231b7e5874b639371cf","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Set.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Set.js","sha256": "0517203198c611581586fe06691eaa5f7b242e362ee1d231b7e5874b639371cf","sha1": "d55df157d59851d181aae5086ac2b703f41e422d","md5": "19e16c9a6fdb4be5a6f311f604b00f47"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Set.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Set.js","sha256": "0517203198c611581586fe06691eaa5f7b242e362ee1d231b7e5874b639371cf","sha1": "d55df157d59851d181aae5086ac2b703f41e422d","md5": "19e16c9a6fdb4be5a6f311f604b00f47"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Set.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Set.js","sha256": "0517203198c611581586fe06691eaa5f7b242e362ee1d231b7e5874b639371cf","sha1": "d55df157d59851d181aae5086ac2b703f41e422d","md5": "19e16c9a6fdb4be5a6f311f604b00f47"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _SetCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_SetCache.js","md5": "b79464f33384970c827d725763115c32","sha1": "20a1a687b681a839dec78ee9b1c07e0fcee4cdda","sha256": "0ca727d1533e9ea06dbb15067772529018b90e106be4a58ed769185e45c19222","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _SetCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_SetCache.js","sha256": "0ca727d1533e9ea06dbb15067772529018b90e106be4a58ed769185e45c19222","sha1": "20a1a687b681a839dec78ee9b1c07e0fcee4cdda","md5": "b79464f33384970c827d725763115c32"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _SetCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_SetCache.js","sha256": "0ca727d1533e9ea06dbb15067772529018b90e106be4a58ed769185e45c19222","sha1": "20a1a687b681a839dec78ee9b1c07e0fcee4cdda","md5": "b79464f33384970c827d725763115c32"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _SetCache.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_SetCache.js","sha256": "0ca727d1533e9ea06dbb15067772529018b90e106be4a58ed769185e45c19222","sha1": "20a1a687b681a839dec78ee9b1c07e0fcee4cdda","md5": "b79464f33384970c827d725763115c32"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Stack.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Stack.js","md5": "c79902b6f19c6874d7ab72d66e6ed966","sha1": "581507149d88de85ca4bed49ea0c22467d4e65e6","sha256": "ff0cad8911657e083892b17d433e9af1427c23c647e9276b654d957c9300663f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Stack.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Stack.js","sha256": "ff0cad8911657e083892b17d433e9af1427c23c647e9276b654d957c9300663f","sha1": "581507149d88de85ca4bed49ea0c22467d4e65e6","md5": "c79902b6f19c6874d7ab72d66e6ed966"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Stack.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Stack.js","sha256": "ff0cad8911657e083892b17d433e9af1427c23c647e9276b654d957c9300663f","sha1": "581507149d88de85ca4bed49ea0c22467d4e65e6","md5": "c79902b6f19c6874d7ab72d66e6ed966"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Stack.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Stack.js","sha256": "ff0cad8911657e083892b17d433e9af1427c23c647e9276b654d957c9300663f","sha1": "581507149d88de85ca4bed49ea0c22467d4e65e6","md5": "c79902b6f19c6874d7ab72d66e6ed966"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Symbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Symbol.js","md5": "64e6a9f8a8645940140263f7f38580b1","sha1": "1d38c59f19e1b038981b4f0093d5b504d647c694","sha256": "23becdb07e69dcf4555a924eb4ddfee1ce7c64ed369784fdbe01cc89de7b547e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Symbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Symbol.js","sha256": "23becdb07e69dcf4555a924eb4ddfee1ce7c64ed369784fdbe01cc89de7b547e","sha1": "1d38c59f19e1b038981b4f0093d5b504d647c694","md5": "64e6a9f8a8645940140263f7f38580b1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Symbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Symbol.js","sha256": "23becdb07e69dcf4555a924eb4ddfee1ce7c64ed369784fdbe01cc89de7b547e","sha1": "1d38c59f19e1b038981b4f0093d5b504d647c694","md5": "64e6a9f8a8645940140263f7f38580b1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Symbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Symbol.js","sha256": "23becdb07e69dcf4555a924eb4ddfee1ce7c64ed369784fdbe01cc89de7b547e","sha1": "1d38c59f19e1b038981b4f0093d5b504d647c694","md5": "64e6a9f8a8645940140263f7f38580b1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Uint8Array.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_Uint8Array.js","md5": "156ff381c3de4ac3ca9f98d291942aa9","sha1": "9aca80cbc7c3b25813dbeb9561324d3d6ff7700a","sha256": "65cebe8429a19d773463a02c99c92772be5ceea26240aae7e8c4ab830085e1cd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Uint8Array.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_Uint8Array.js","sha256": "65cebe8429a19d773463a02c99c92772be5ceea26240aae7e8c4ab830085e1cd","sha1": "9aca80cbc7c3b25813dbeb9561324d3d6ff7700a","md5": "156ff381c3de4ac3ca9f98d291942aa9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Uint8Array.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_Uint8Array.js","sha256": "65cebe8429a19d773463a02c99c92772be5ceea26240aae7e8c4ab830085e1cd","sha1": "9aca80cbc7c3b25813dbeb9561324d3d6ff7700a","md5": "156ff381c3de4ac3ca9f98d291942aa9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _Uint8Array.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_Uint8Array.js","sha256": "65cebe8429a19d773463a02c99c92772be5ceea26240aae7e8c4ab830085e1cd","sha1": "9aca80cbc7c3b25813dbeb9561324d3d6ff7700a","md5": "156ff381c3de4ac3ca9f98d291942aa9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _WeakMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_WeakMap.js","md5": "019a1ccd7ad5fa10b5cf335217d47e75","sha1": "f384e74a27955f5ab92345281a5fcb7d95111b58","sha256": "8ae352037d0bb071ff875d2936c43ae70b586ca53af14de98eed592ab084b63b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _WeakMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_WeakMap.js","sha256": "8ae352037d0bb071ff875d2936c43ae70b586ca53af14de98eed592ab084b63b","sha1": "f384e74a27955f5ab92345281a5fcb7d95111b58","md5": "019a1ccd7ad5fa10b5cf335217d47e75"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _WeakMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_WeakMap.js","sha256": "8ae352037d0bb071ff875d2936c43ae70b586ca53af14de98eed592ab084b63b","sha1": "f384e74a27955f5ab92345281a5fcb7d95111b58","md5": "019a1ccd7ad5fa10b5cf335217d47e75"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _WeakMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_WeakMap.js","sha256": "8ae352037d0bb071ff875d2936c43ae70b586ca53af14de98eed592ab084b63b","sha1": "f384e74a27955f5ab92345281a5fcb7d95111b58","md5": "019a1ccd7ad5fa10b5cf335217d47e75"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: __.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/__.js","md5": "b433709585d2bd0614de32c90dd29296","sha1": "9c805f4d417e7a952726f3cd1d0bfa7c30cfa7b8","sha256": "94a509ebbf362c7344212c3eb78b97d61c87d53099c9ee1285838c20082185e8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: __.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/__.js","sha256": "94a509ebbf362c7344212c3eb78b97d61c87d53099c9ee1285838c20082185e8","sha1": "9c805f4d417e7a952726f3cd1d0bfa7c30cfa7b8","md5": "b433709585d2bd0614de32c90dd29296"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: __.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/__.js","sha256": "94a509ebbf362c7344212c3eb78b97d61c87d53099c9ee1285838c20082185e8","sha1": "9c805f4d417e7a952726f3cd1d0bfa7c30cfa7b8","md5": "b433709585d2bd0614de32c90dd29296"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: __.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/__.js","sha256": "94a509ebbf362c7344212c3eb78b97d61c87d53099c9ee1285838c20082185e8","sha1": "9c805f4d417e7a952726f3cd1d0bfa7c30cfa7b8","md5": "b433709585d2bd0614de32c90dd29296"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _apply.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_apply.js","md5": "d3ef9e89ba499ebaba74672b935bcc26","sha1": "cf8c13531bb2ebaaa912ed42cd51d35749780b49","sha256": "5ca933653821ae52ba593356d8c761624ed66f0b40860c7648a3acf278f0596a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _apply.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_apply.js","sha256": "5ca933653821ae52ba593356d8c761624ed66f0b40860c7648a3acf278f0596a","sha1": "cf8c13531bb2ebaaa912ed42cd51d35749780b49","md5": "d3ef9e89ba499ebaba74672b935bcc26"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _apply.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_apply.js","sha256": "5ca933653821ae52ba593356d8c761624ed66f0b40860c7648a3acf278f0596a","sha1": "cf8c13531bb2ebaaa912ed42cd51d35749780b49","md5": "d3ef9e89ba499ebaba74672b935bcc26"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _apply.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_apply.js","sha256": "5ca933653821ae52ba593356d8c761624ed66f0b40860c7648a3acf278f0596a","sha1": "cf8c13531bb2ebaaa912ed42cd51d35749780b49","md5": "d3ef9e89ba499ebaba74672b935bcc26"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayAggregator.js","md5": "ea6deb9f9aaca8e880ba9f7716c8d04f","sha1": "4c46ec909fd72aca86fbba95f8042b39875a2fc2","sha256": "fbd5a9f515a50712b4f145f74ea236f7a5f11ffbc851f900a0a9b6c80ce29c6d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayAggregator.js","sha256": "fbd5a9f515a50712b4f145f74ea236f7a5f11ffbc851f900a0a9b6c80ce29c6d","sha1": "4c46ec909fd72aca86fbba95f8042b39875a2fc2","md5": "ea6deb9f9aaca8e880ba9f7716c8d04f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayAggregator.js","sha256": "fbd5a9f515a50712b4f145f74ea236f7a5f11ffbc851f900a0a9b6c80ce29c6d","sha1": "4c46ec909fd72aca86fbba95f8042b39875a2fc2","md5": "ea6deb9f9aaca8e880ba9f7716c8d04f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayAggregator.js","sha256": "fbd5a9f515a50712b4f145f74ea236f7a5f11ffbc851f900a0a9b6c80ce29c6d","sha1": "4c46ec909fd72aca86fbba95f8042b39875a2fc2","md5": "ea6deb9f9aaca8e880ba9f7716c8d04f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayEach.js","md5": "5e7b5faacc1ca623b949a8a706cd360b","sha1": "904f07de69303a57591f6f012ae390d37af3f595","sha256": "6fd506ed7d2e0a3b216ec2969f391e7b8d2c7c123a0bb49bbeccea55da740cb5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayEach.js","sha256": "6fd506ed7d2e0a3b216ec2969f391e7b8d2c7c123a0bb49bbeccea55da740cb5","sha1": "904f07de69303a57591f6f012ae390d37af3f595","md5": "5e7b5faacc1ca623b949a8a706cd360b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayEach.js","sha256": "6fd506ed7d2e0a3b216ec2969f391e7b8d2c7c123a0bb49bbeccea55da740cb5","sha1": "904f07de69303a57591f6f012ae390d37af3f595","md5": "5e7b5faacc1ca623b949a8a706cd360b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayEach.js","sha256": "6fd506ed7d2e0a3b216ec2969f391e7b8d2c7c123a0bb49bbeccea55da740cb5","sha1": "904f07de69303a57591f6f012ae390d37af3f595","md5": "5e7b5faacc1ca623b949a8a706cd360b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayEachRight.js","md5": "692fd011c71bc0b5854c2bbeba1404f7","sha1": "d9c9880639a791b9b7a50fa4b9d95987a9adb530","sha256": "3410df94969c310f7e3146d694e40d7d2ea20ed85f508057a8398bb870906f7d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayEachRight.js","sha256": "3410df94969c310f7e3146d694e40d7d2ea20ed85f508057a8398bb870906f7d","sha1": "d9c9880639a791b9b7a50fa4b9d95987a9adb530","md5": "692fd011c71bc0b5854c2bbeba1404f7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayEachRight.js","sha256": "3410df94969c310f7e3146d694e40d7d2ea20ed85f508057a8398bb870906f7d","sha1": "d9c9880639a791b9b7a50fa4b9d95987a9adb530","md5": "692fd011c71bc0b5854c2bbeba1404f7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayEachRight.js","sha256": "3410df94969c310f7e3146d694e40d7d2ea20ed85f508057a8398bb870906f7d","sha1": "d9c9880639a791b9b7a50fa4b9d95987a9adb530","md5": "692fd011c71bc0b5854c2bbeba1404f7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayEvery.js","md5": "55a4cd76296213c873249e543222ea2a","sha1": "1c52b5548127fec0d8e876e6612bc7579b64c88b","sha256": "c9de9f02349af14ef1c23f0579c1b24f0756c0776260a3942f9705eec284960c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayEvery.js","sha256": "c9de9f02349af14ef1c23f0579c1b24f0756c0776260a3942f9705eec284960c","sha1": "1c52b5548127fec0d8e876e6612bc7579b64c88b","md5": "55a4cd76296213c873249e543222ea2a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayEvery.js","sha256": "c9de9f02349af14ef1c23f0579c1b24f0756c0776260a3942f9705eec284960c","sha1": "1c52b5548127fec0d8e876e6612bc7579b64c88b","md5": "55a4cd76296213c873249e543222ea2a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayEvery.js","sha256": "c9de9f02349af14ef1c23f0579c1b24f0756c0776260a3942f9705eec284960c","sha1": "1c52b5548127fec0d8e876e6612bc7579b64c88b","md5": "55a4cd76296213c873249e543222ea2a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayFilter.js","md5": "11af9f9bc841dd2986d25ccf0287361b","sha1": "de05ba1636ccd6f97f5527aaaa7bcd355ef96a3b","sha256": "12fd6cb97760b1bcb96425c29119ac39c747c6c6b24a4e2398cdc8d859a3e574","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayFilter.js","sha256": "12fd6cb97760b1bcb96425c29119ac39c747c6c6b24a4e2398cdc8d859a3e574","sha1": "de05ba1636ccd6f97f5527aaaa7bcd355ef96a3b","md5": "11af9f9bc841dd2986d25ccf0287361b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayFilter.js","sha256": "12fd6cb97760b1bcb96425c29119ac39c747c6c6b24a4e2398cdc8d859a3e574","sha1": "de05ba1636ccd6f97f5527aaaa7bcd355ef96a3b","md5": "11af9f9bc841dd2986d25ccf0287361b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayFilter.js","sha256": "12fd6cb97760b1bcb96425c29119ac39c747c6c6b24a4e2398cdc8d859a3e574","sha1": "de05ba1636ccd6f97f5527aaaa7bcd355ef96a3b","md5": "11af9f9bc841dd2986d25ccf0287361b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayIncludes.js","md5": "cc0a5849d8e357be8e95d80af3789c95","sha1": "c1211511564c2074c24cd0a45e2fc63b94017d42","sha256": "7f4bc35c7982e2df9b1c3fc1f1dae297327ab45a1b942b5beee9814bc061daae","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayIncludes.js","sha256": "7f4bc35c7982e2df9b1c3fc1f1dae297327ab45a1b942b5beee9814bc061daae","sha1": "c1211511564c2074c24cd0a45e2fc63b94017d42","md5": "cc0a5849d8e357be8e95d80af3789c95"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayIncludes.js","sha256": "7f4bc35c7982e2df9b1c3fc1f1dae297327ab45a1b942b5beee9814bc061daae","sha1": "c1211511564c2074c24cd0a45e2fc63b94017d42","md5": "cc0a5849d8e357be8e95d80af3789c95"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayIncludes.js","sha256": "7f4bc35c7982e2df9b1c3fc1f1dae297327ab45a1b942b5beee9814bc061daae","sha1": "c1211511564c2074c24cd0a45e2fc63b94017d42","md5": "cc0a5849d8e357be8e95d80af3789c95"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludesWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayIncludesWith.js","md5": "f876b1f5155b6a758516e05426d4ceb3","sha1": "ae055079baa36a646be539921afb899598b99ade","sha256": "a1310b2b3abe1a6733791f803bad85ea25147bf84512cfe4380ef8afc738b81b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludesWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayIncludesWith.js","sha256": "a1310b2b3abe1a6733791f803bad85ea25147bf84512cfe4380ef8afc738b81b","sha1": "ae055079baa36a646be539921afb899598b99ade","md5": "f876b1f5155b6a758516e05426d4ceb3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludesWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayIncludesWith.js","sha256": "a1310b2b3abe1a6733791f803bad85ea25147bf84512cfe4380ef8afc738b81b","sha1": "ae055079baa36a646be539921afb899598b99ade","md5": "f876b1f5155b6a758516e05426d4ceb3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayIncludesWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayIncludesWith.js","sha256": "a1310b2b3abe1a6733791f803bad85ea25147bf84512cfe4380ef8afc738b81b","sha1": "ae055079baa36a646be539921afb899598b99ade","md5": "f876b1f5155b6a758516e05426d4ceb3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayLikeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayLikeKeys.js","md5": "a105e44741adeb269f237c78b85dba1f","sha1": "3e0338e1cbbfb9c9f1b00adf873e176478b985c2","sha256": "456bbf153f5601f6835cfa2e72e88390319ec40333b8a94dfa4e11f7cea98acd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayLikeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayLikeKeys.js","sha256": "456bbf153f5601f6835cfa2e72e88390319ec40333b8a94dfa4e11f7cea98acd","sha1": "3e0338e1cbbfb9c9f1b00adf873e176478b985c2","md5": "a105e44741adeb269f237c78b85dba1f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayLikeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayLikeKeys.js","sha256": "456bbf153f5601f6835cfa2e72e88390319ec40333b8a94dfa4e11f7cea98acd","sha1": "3e0338e1cbbfb9c9f1b00adf873e176478b985c2","md5": "a105e44741adeb269f237c78b85dba1f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayLikeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayLikeKeys.js","sha256": "456bbf153f5601f6835cfa2e72e88390319ec40333b8a94dfa4e11f7cea98acd","sha1": "3e0338e1cbbfb9c9f1b00adf873e176478b985c2","md5": "a105e44741adeb269f237c78b85dba1f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayMap.js","md5": "987edae0a7e4927837c1d22d9f46c35f","sha1": "50a635afd8bfba130f5ec9cc693c06eb0ed57690","sha256": "5917472b5772ba66ed65019e35da11c7a2a45737e25bc0d7e5635e3af73383bd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayMap.js","sha256": "5917472b5772ba66ed65019e35da11c7a2a45737e25bc0d7e5635e3af73383bd","sha1": "50a635afd8bfba130f5ec9cc693c06eb0ed57690","md5": "987edae0a7e4927837c1d22d9f46c35f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayMap.js","sha256": "5917472b5772ba66ed65019e35da11c7a2a45737e25bc0d7e5635e3af73383bd","sha1": "50a635afd8bfba130f5ec9cc693c06eb0ed57690","md5": "987edae0a7e4927837c1d22d9f46c35f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayMap.js","sha256": "5917472b5772ba66ed65019e35da11c7a2a45737e25bc0d7e5635e3af73383bd","sha1": "50a635afd8bfba130f5ec9cc693c06eb0ed57690","md5": "987edae0a7e4927837c1d22d9f46c35f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayPush.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayPush.js","md5": "a5db107cf04803f7e02fb83a0cb9a4bf","sha1": "8b9d6d4bcd8f6661ee23634aecda75d5395db2cc","sha256": "fc4429d7cd9b2b241877d0f28c746a7475341126077c4c165cfe78806a266d2f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayPush.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayPush.js","sha256": "fc4429d7cd9b2b241877d0f28c746a7475341126077c4c165cfe78806a266d2f","sha1": "8b9d6d4bcd8f6661ee23634aecda75d5395db2cc","md5": "a5db107cf04803f7e02fb83a0cb9a4bf"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayPush.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayPush.js","sha256": "fc4429d7cd9b2b241877d0f28c746a7475341126077c4c165cfe78806a266d2f","sha1": "8b9d6d4bcd8f6661ee23634aecda75d5395db2cc","md5": "a5db107cf04803f7e02fb83a0cb9a4bf"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayPush.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayPush.js","sha256": "fc4429d7cd9b2b241877d0f28c746a7475341126077c4c165cfe78806a266d2f","sha1": "8b9d6d4bcd8f6661ee23634aecda75d5395db2cc","md5": "a5db107cf04803f7e02fb83a0cb9a4bf"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayReduce.js","md5": "30190f4c8f3f642f3ec57df0cb104dba","sha1": "87b47db2e2ffbf2d671e1a974eec644d16424412","sha256": "3b8b443455becd548f91970799bb8dd0942284cb6b131464075076cd6c3911c3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayReduce.js","sha256": "3b8b443455becd548f91970799bb8dd0942284cb6b131464075076cd6c3911c3","sha1": "87b47db2e2ffbf2d671e1a974eec644d16424412","md5": "30190f4c8f3f642f3ec57df0cb104dba"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayReduce.js","sha256": "3b8b443455becd548f91970799bb8dd0942284cb6b131464075076cd6c3911c3","sha1": "87b47db2e2ffbf2d671e1a974eec644d16424412","md5": "30190f4c8f3f642f3ec57df0cb104dba"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayReduce.js","sha256": "3b8b443455becd548f91970799bb8dd0942284cb6b131464075076cd6c3911c3","sha1": "87b47db2e2ffbf2d671e1a974eec644d16424412","md5": "30190f4c8f3f642f3ec57df0cb104dba"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduceRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayReduceRight.js","md5": "d8e5f4adf72d5522413711c1cd8abee5","sha1": "59ee39e14d1be368c9de8d06b8a62ba7a57f9c18","sha256": "0978dabc488477a5a3e79624d403c85308df229c688048d5b440483f08e9b019","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduceRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayReduceRight.js","sha256": "0978dabc488477a5a3e79624d403c85308df229c688048d5b440483f08e9b019","sha1": "59ee39e14d1be368c9de8d06b8a62ba7a57f9c18","md5": "d8e5f4adf72d5522413711c1cd8abee5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduceRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayReduceRight.js","sha256": "0978dabc488477a5a3e79624d403c85308df229c688048d5b440483f08e9b019","sha1": "59ee39e14d1be368c9de8d06b8a62ba7a57f9c18","md5": "d8e5f4adf72d5522413711c1cd8abee5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayReduceRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayReduceRight.js","sha256": "0978dabc488477a5a3e79624d403c85308df229c688048d5b440483f08e9b019","sha1": "59ee39e14d1be368c9de8d06b8a62ba7a57f9c18","md5": "d8e5f4adf72d5522413711c1cd8abee5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arraySample.js","md5": "d95fa12a71b899dfecb72c2d9341f4d1","sha1": "8b9ade97c8c183d58e1bcfbdcdf4b77b44c38245","sha256": "92bf156e5a398c8a1156b88c6c7c083defd509b4aca807d9e2e9bd2d2e742927","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arraySample.js","sha256": "92bf156e5a398c8a1156b88c6c7c083defd509b4aca807d9e2e9bd2d2e742927","sha1": "8b9ade97c8c183d58e1bcfbdcdf4b77b44c38245","md5": "d95fa12a71b899dfecb72c2d9341f4d1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arraySample.js","sha256": "92bf156e5a398c8a1156b88c6c7c083defd509b4aca807d9e2e9bd2d2e742927","sha1": "8b9ade97c8c183d58e1bcfbdcdf4b77b44c38245","md5": "d95fa12a71b899dfecb72c2d9341f4d1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arraySample.js","sha256": "92bf156e5a398c8a1156b88c6c7c083defd509b4aca807d9e2e9bd2d2e742927","sha1": "8b9ade97c8c183d58e1bcfbdcdf4b77b44c38245","md5": "d95fa12a71b899dfecb72c2d9341f4d1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arraySampleSize.js","md5": "2a71d9757f7f5e53524bb21636c3eeb3","sha1": "cfe8e3d04b52e678f1475ed3df969bc5eedea859","sha256": "0e54c15d9a074cc85e5b6a0eb93c5c69706ad5cb6daa99dfe03cbf3095ae1015","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arraySampleSize.js","sha256": "0e54c15d9a074cc85e5b6a0eb93c5c69706ad5cb6daa99dfe03cbf3095ae1015","sha1": "cfe8e3d04b52e678f1475ed3df969bc5eedea859","md5": "2a71d9757f7f5e53524bb21636c3eeb3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arraySampleSize.js","sha256": "0e54c15d9a074cc85e5b6a0eb93c5c69706ad5cb6daa99dfe03cbf3095ae1015","sha1": "cfe8e3d04b52e678f1475ed3df969bc5eedea859","md5": "2a71d9757f7f5e53524bb21636c3eeb3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arraySampleSize.js","sha256": "0e54c15d9a074cc85e5b6a0eb93c5c69706ad5cb6daa99dfe03cbf3095ae1015","sha1": "cfe8e3d04b52e678f1475ed3df969bc5eedea859","md5": "2a71d9757f7f5e53524bb21636c3eeb3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arrayShuffle.js","md5": "306d7110c5a0f2b74fb81075820a6ea5","sha1": "7023c88e8b1fd408755327bf70fe8d58c9496607","sha256": "09e353d332e22f6d553b5aa90ab1cf8e1a03c190cacc4867b260ff5e63bab91d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arrayShuffle.js","sha256": "09e353d332e22f6d553b5aa90ab1cf8e1a03c190cacc4867b260ff5e63bab91d","sha1": "7023c88e8b1fd408755327bf70fe8d58c9496607","md5": "306d7110c5a0f2b74fb81075820a6ea5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arrayShuffle.js","sha256": "09e353d332e22f6d553b5aa90ab1cf8e1a03c190cacc4867b260ff5e63bab91d","sha1": "7023c88e8b1fd408755327bf70fe8d58c9496607","md5": "306d7110c5a0f2b74fb81075820a6ea5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arrayShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arrayShuffle.js","sha256": "09e353d332e22f6d553b5aa90ab1cf8e1a03c190cacc4867b260ff5e63bab91d","sha1": "7023c88e8b1fd408755327bf70fe8d58c9496607","md5": "306d7110c5a0f2b74fb81075820a6ea5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_arraySome.js","md5": "06e22c7ead9c15469d3e1af10172b726","sha1": "b3e385ef53a7d44b49f705315ae30efc4b81d5b9","sha256": "e8cc6994df67b7f02600d1f58674da807ec59db9964aaba2d9834f04b6f0baf1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_arraySome.js","sha256": "e8cc6994df67b7f02600d1f58674da807ec59db9964aaba2d9834f04b6f0baf1","sha1": "b3e385ef53a7d44b49f705315ae30efc4b81d5b9","md5": "06e22c7ead9c15469d3e1af10172b726"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_arraySome.js","sha256": "e8cc6994df67b7f02600d1f58674da807ec59db9964aaba2d9834f04b6f0baf1","sha1": "b3e385ef53a7d44b49f705315ae30efc4b81d5b9","md5": "06e22c7ead9c15469d3e1af10172b726"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _arraySome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_arraySome.js","sha256": "e8cc6994df67b7f02600d1f58674da807ec59db9964aaba2d9834f04b6f0baf1","sha1": "b3e385ef53a7d44b49f705315ae30efc4b81d5b9","md5": "06e22c7ead9c15469d3e1af10172b726"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_asciiSize.js","md5": "7c8b138a16f81fab938a81b53c74051e","sha1": "befe650097f784878651dd1881da7efb3c0d0e73","sha256": "150568c62dd6f77ee9bfb45416b8f8609dfe1759ede9d9bdf0e072140bdce5f3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_asciiSize.js","sha256": "150568c62dd6f77ee9bfb45416b8f8609dfe1759ede9d9bdf0e072140bdce5f3","sha1": "befe650097f784878651dd1881da7efb3c0d0e73","md5": "7c8b138a16f81fab938a81b53c74051e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_asciiSize.js","sha256": "150568c62dd6f77ee9bfb45416b8f8609dfe1759ede9d9bdf0e072140bdce5f3","sha1": "befe650097f784878651dd1881da7efb3c0d0e73","md5": "7c8b138a16f81fab938a81b53c74051e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_asciiSize.js","sha256": "150568c62dd6f77ee9bfb45416b8f8609dfe1759ede9d9bdf0e072140bdce5f3","sha1": "befe650097f784878651dd1881da7efb3c0d0e73","md5": "7c8b138a16f81fab938a81b53c74051e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_asciiToArray.js","md5": "535913c60a3225d16dcd0dbd0627c8f1","sha1": "4331bba9d396c601f9ac9e676283bc3ac25ccf8d","sha256": "202817d7cec0944807fb2ae3a85cdf6103943cd23a4afdd256177c83eacf1296","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_asciiToArray.js","sha256": "202817d7cec0944807fb2ae3a85cdf6103943cd23a4afdd256177c83eacf1296","sha1": "4331bba9d396c601f9ac9e676283bc3ac25ccf8d","md5": "535913c60a3225d16dcd0dbd0627c8f1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_asciiToArray.js","sha256": "202817d7cec0944807fb2ae3a85cdf6103943cd23a4afdd256177c83eacf1296","sha1": "4331bba9d396c601f9ac9e676283bc3ac25ccf8d","md5": "535913c60a3225d16dcd0dbd0627c8f1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_asciiToArray.js","sha256": "202817d7cec0944807fb2ae3a85cdf6103943cd23a4afdd256177c83eacf1296","sha1": "4331bba9d396c601f9ac9e676283bc3ac25ccf8d","md5": "535913c60a3225d16dcd0dbd0627c8f1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_asciiWords.js","md5": "8ba4e3356c28703adf6b907d96345ffd","sha1": "164db22da4ac8a77d75ff57a1d63d0c4b9e48388","sha256": "1874564a9feb8b4c34f11f991a2d12d80bf650bad7fc589854c188c86d0f9c5d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_asciiWords.js","sha256": "1874564a9feb8b4c34f11f991a2d12d80bf650bad7fc589854c188c86d0f9c5d","sha1": "164db22da4ac8a77d75ff57a1d63d0c4b9e48388","md5": "8ba4e3356c28703adf6b907d96345ffd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_asciiWords.js","sha256": "1874564a9feb8b4c34f11f991a2d12d80bf650bad7fc589854c188c86d0f9c5d","sha1": "164db22da4ac8a77d75ff57a1d63d0c4b9e48388","md5": "8ba4e3356c28703adf6b907d96345ffd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _asciiWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_asciiWords.js","sha256": "1874564a9feb8b4c34f11f991a2d12d80bf650bad7fc589854c188c86d0f9c5d","sha1": "164db22da4ac8a77d75ff57a1d63d0c4b9e48388","md5": "8ba4e3356c28703adf6b907d96345ffd"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignMergeValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_assignMergeValue.js","md5": "de595d35898c9497307c8014c5846f7b","sha1": "7fd48396b2393692858a13cd1d9fee4f9f56c034","sha256": "350c1dd6528b73a15f3ce3082064fbf23c0819f5c2d06b4ab24ef6b61ab863d6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignMergeValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_assignMergeValue.js","sha256": "350c1dd6528b73a15f3ce3082064fbf23c0819f5c2d06b4ab24ef6b61ab863d6","sha1": "7fd48396b2393692858a13cd1d9fee4f9f56c034","md5": "de595d35898c9497307c8014c5846f7b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignMergeValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_assignMergeValue.js","sha256": "350c1dd6528b73a15f3ce3082064fbf23c0819f5c2d06b4ab24ef6b61ab863d6","sha1": "7fd48396b2393692858a13cd1d9fee4f9f56c034","md5": "de595d35898c9497307c8014c5846f7b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignMergeValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_assignMergeValue.js","sha256": "350c1dd6528b73a15f3ce3082064fbf23c0819f5c2d06b4ab24ef6b61ab863d6","sha1": "7fd48396b2393692858a13cd1d9fee4f9f56c034","md5": "de595d35898c9497307c8014c5846f7b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_assignValue.js","md5": "0e03ca829340d63cbd671ca252fed636","sha1": "8889cd8e010ef1ab8259b9401f1ace23164a676a","sha256": "86658dd4d24a55b19ed938416c179d57a729bac601133c237ee9f900dd21027d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_assignValue.js","sha256": "86658dd4d24a55b19ed938416c179d57a729bac601133c237ee9f900dd21027d","sha1": "8889cd8e010ef1ab8259b9401f1ace23164a676a","md5": "0e03ca829340d63cbd671ca252fed636"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_assignValue.js","sha256": "86658dd4d24a55b19ed938416c179d57a729bac601133c237ee9f900dd21027d","sha1": "8889cd8e010ef1ab8259b9401f1ace23164a676a","md5": "0e03ca829340d63cbd671ca252fed636"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_assignValue.js","sha256": "86658dd4d24a55b19ed938416c179d57a729bac601133c237ee9f900dd21027d","sha1": "8889cd8e010ef1ab8259b9401f1ace23164a676a","md5": "0e03ca829340d63cbd671ca252fed636"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assocIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_assocIndexOf.js","md5": "e38b8af759142cb9a66dd619639ce152","sha1": "b557d0550d466f2e0a20697d953061c8198bc3f2","sha256": "f98b725ea04a2979f0ad29afff6794ec83ec420342bae041934a829244dacb96","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assocIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_assocIndexOf.js","sha256": "f98b725ea04a2979f0ad29afff6794ec83ec420342bae041934a829244dacb96","sha1": "b557d0550d466f2e0a20697d953061c8198bc3f2","md5": "e38b8af759142cb9a66dd619639ce152"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assocIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_assocIndexOf.js","sha256": "f98b725ea04a2979f0ad29afff6794ec83ec420342bae041934a829244dacb96","sha1": "b557d0550d466f2e0a20697d953061c8198bc3f2","md5": "e38b8af759142cb9a66dd619639ce152"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _assocIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_assocIndexOf.js","sha256": "f98b725ea04a2979f0ad29afff6794ec83ec420342bae041934a829244dacb96","sha1": "b557d0550d466f2e0a20697d953061c8198bc3f2","md5": "e38b8af759142cb9a66dd619639ce152"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseAggregator.js","md5": "94bb6f71a3bbe74d0895acb89c9e3d77","sha1": "a0f27fd540785f2f3d54913950fcd555ca789b4f","sha256": "b3bf7b463fba23ff5b27d9cceb3ad8ea237db796723447ce90ac02b227cce29a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseAggregator.js","sha256": "b3bf7b463fba23ff5b27d9cceb3ad8ea237db796723447ce90ac02b227cce29a","sha1": "a0f27fd540785f2f3d54913950fcd555ca789b4f","md5": "94bb6f71a3bbe74d0895acb89c9e3d77"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseAggregator.js","sha256": "b3bf7b463fba23ff5b27d9cceb3ad8ea237db796723447ce90ac02b227cce29a","sha1": "a0f27fd540785f2f3d54913950fcd555ca789b4f","md5": "94bb6f71a3bbe74d0895acb89c9e3d77"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseAggregator.js","sha256": "b3bf7b463fba23ff5b27d9cceb3ad8ea237db796723447ce90ac02b227cce29a","sha1": "a0f27fd540785f2f3d54913950fcd555ca789b4f","md5": "94bb6f71a3bbe74d0895acb89c9e3d77"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssign.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseAssign.js","md5": "c46e2377e0df338c9dc67194765b771d","sha1": "b12b76d29619f0fadf5c75c2b1f4d9c5a140af4d","sha256": "88c05474e3ee06e4d3e3531f4df2403718c47447827bfc3d5d735344b60db968","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssign.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseAssign.js","sha256": "88c05474e3ee06e4d3e3531f4df2403718c47447827bfc3d5d735344b60db968","sha1": "b12b76d29619f0fadf5c75c2b1f4d9c5a140af4d","md5": "c46e2377e0df338c9dc67194765b771d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssign.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseAssign.js","sha256": "88c05474e3ee06e4d3e3531f4df2403718c47447827bfc3d5d735344b60db968","sha1": "b12b76d29619f0fadf5c75c2b1f4d9c5a140af4d","md5": "c46e2377e0df338c9dc67194765b771d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssign.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseAssign.js","sha256": "88c05474e3ee06e4d3e3531f4df2403718c47447827bfc3d5d735344b60db968","sha1": "b12b76d29619f0fadf5c75c2b1f4d9c5a140af4d","md5": "c46e2377e0df338c9dc67194765b771d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseAssignIn.js","md5": "ca78e775f58165e28fa1cb9814b3a39b","sha1": "1e9e2424746865f1ea7c278592329917a2d2ddd8","sha256": "d1bfee9cde1e5e1bafdb114ec78ecdcb5ffc2468df53f3fc57949e7033ce41f3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseAssignIn.js","sha256": "d1bfee9cde1e5e1bafdb114ec78ecdcb5ffc2468df53f3fc57949e7033ce41f3","sha1": "1e9e2424746865f1ea7c278592329917a2d2ddd8","md5": "ca78e775f58165e28fa1cb9814b3a39b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseAssignIn.js","sha256": "d1bfee9cde1e5e1bafdb114ec78ecdcb5ffc2468df53f3fc57949e7033ce41f3","sha1": "1e9e2424746865f1ea7c278592329917a2d2ddd8","md5": "ca78e775f58165e28fa1cb9814b3a39b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseAssignIn.js","sha256": "d1bfee9cde1e5e1bafdb114ec78ecdcb5ffc2468df53f3fc57949e7033ce41f3","sha1": "1e9e2424746865f1ea7c278592329917a2d2ddd8","md5": "ca78e775f58165e28fa1cb9814b3a39b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseAssignValue.js","md5": "7d9535455142d6c5bd54cf127e89e05c","sha1": "c09bc3ff6aa7082144eef5b7583f795f7d16ac19","sha256": "51498c7a9eb90edf2626bbb90dfd1119acb2ee9779c916ab3fb7b7285ba6c746","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseAssignValue.js","sha256": "51498c7a9eb90edf2626bbb90dfd1119acb2ee9779c916ab3fb7b7285ba6c746","sha1": "c09bc3ff6aa7082144eef5b7583f795f7d16ac19","md5": "7d9535455142d6c5bd54cf127e89e05c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseAssignValue.js","sha256": "51498c7a9eb90edf2626bbb90dfd1119acb2ee9779c916ab3fb7b7285ba6c746","sha1": "c09bc3ff6aa7082144eef5b7583f795f7d16ac19","md5": "7d9535455142d6c5bd54cf127e89e05c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAssignValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseAssignValue.js","sha256": "51498c7a9eb90edf2626bbb90dfd1119acb2ee9779c916ab3fb7b7285ba6c746","sha1": "c09bc3ff6aa7082144eef5b7583f795f7d16ac19","md5": "7d9535455142d6c5bd54cf127e89e05c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseAt.js","md5": "66a260175f9e2a8030eae1587739b3e2","sha1": "93dcc3d90a67de6c407d3f6ccda164d3fac140b9","sha256": "a42262b20c444d25150f2d3132b9b66437b5c024e767ef1474bfc96b80cc5733","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseAt.js","sha256": "a42262b20c444d25150f2d3132b9b66437b5c024e767ef1474bfc96b80cc5733","sha1": "93dcc3d90a67de6c407d3f6ccda164d3fac140b9","md5": "66a260175f9e2a8030eae1587739b3e2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseAt.js","sha256": "a42262b20c444d25150f2d3132b9b66437b5c024e767ef1474bfc96b80cc5733","sha1": "93dcc3d90a67de6c407d3f6ccda164d3fac140b9","md5": "66a260175f9e2a8030eae1587739b3e2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseAt.js","sha256": "a42262b20c444d25150f2d3132b9b66437b5c024e767ef1474bfc96b80cc5733","sha1": "93dcc3d90a67de6c407d3f6ccda164d3fac140b9","md5": "66a260175f9e2a8030eae1587739b3e2"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClamp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseClamp.js","md5": "fd06a1222f81a963059cfd59d1c0e087","sha1": "ce109abcb1e12c30e97c79917e51520aa544db9a","sha256": "cf85272f27502a0c808e3d5b79713214018b893e7ddd02a4bc55fd137c0546c7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClamp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseClamp.js","sha256": "cf85272f27502a0c808e3d5b79713214018b893e7ddd02a4bc55fd137c0546c7","sha1": "ce109abcb1e12c30e97c79917e51520aa544db9a","md5": "fd06a1222f81a963059cfd59d1c0e087"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClamp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseClamp.js","sha256": "cf85272f27502a0c808e3d5b79713214018b893e7ddd02a4bc55fd137c0546c7","sha1": "ce109abcb1e12c30e97c79917e51520aa544db9a","md5": "fd06a1222f81a963059cfd59d1c0e087"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClamp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseClamp.js","sha256": "cf85272f27502a0c808e3d5b79713214018b893e7ddd02a4bc55fd137c0546c7","sha1": "ce109abcb1e12c30e97c79917e51520aa544db9a","md5": "fd06a1222f81a963059cfd59d1c0e087"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseClone.js","md5": "655775c4cd5b9dfde3121233c6555679","sha1": "b9589f5b3e03025ee2347d59717d2ddb3639a5fd","sha256": "3ca40d0ae6c428eb8509a98017d9330c27616075c9d257198ae5e0d0b36ed79b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseClone.js","sha256": "3ca40d0ae6c428eb8509a98017d9330c27616075c9d257198ae5e0d0b36ed79b","sha1": "b9589f5b3e03025ee2347d59717d2ddb3639a5fd","md5": "655775c4cd5b9dfde3121233c6555679"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseClone.js","sha256": "3ca40d0ae6c428eb8509a98017d9330c27616075c9d257198ae5e0d0b36ed79b","sha1": "b9589f5b3e03025ee2347d59717d2ddb3639a5fd","md5": "655775c4cd5b9dfde3121233c6555679"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseClone.js","sha256": "3ca40d0ae6c428eb8509a98017d9330c27616075c9d257198ae5e0d0b36ed79b","sha1": "b9589f5b3e03025ee2347d59717d2ddb3639a5fd","md5": "655775c4cd5b9dfde3121233c6555679"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConforms.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseConforms.js","md5": "59c5c5f66d0a6f59879ad48b8d7b5af5","sha1": "f518eceb5bf9e6dc4c9cf811e07c3ff8469c902b","sha256": "ef6ccf2c230ac284d2be5512e131190eb5ed65e36b75da6c111cdf191860b632","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConforms.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseConforms.js","sha256": "ef6ccf2c230ac284d2be5512e131190eb5ed65e36b75da6c111cdf191860b632","sha1": "f518eceb5bf9e6dc4c9cf811e07c3ff8469c902b","md5": "59c5c5f66d0a6f59879ad48b8d7b5af5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConforms.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseConforms.js","sha256": "ef6ccf2c230ac284d2be5512e131190eb5ed65e36b75da6c111cdf191860b632","sha1": "f518eceb5bf9e6dc4c9cf811e07c3ff8469c902b","md5": "59c5c5f66d0a6f59879ad48b8d7b5af5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConforms.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseConforms.js","sha256": "ef6ccf2c230ac284d2be5512e131190eb5ed65e36b75da6c111cdf191860b632","sha1": "f518eceb5bf9e6dc4c9cf811e07c3ff8469c902b","md5": "59c5c5f66d0a6f59879ad48b8d7b5af5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConformsTo.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseConformsTo.js","md5": "eb30ee6f12711087c87365f04724c578","sha1": "f2f1431ffc02fb8ab64d86abecdcfe2685d2eb4b","sha256": "60883381e30134c7d87dc7e0fe2fcaacfe5469af143a68ca1baed185baff0f4f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConformsTo.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseConformsTo.js","sha256": "60883381e30134c7d87dc7e0fe2fcaacfe5469af143a68ca1baed185baff0f4f","sha1": "f2f1431ffc02fb8ab64d86abecdcfe2685d2eb4b","md5": "eb30ee6f12711087c87365f04724c578"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConformsTo.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseConformsTo.js","sha256": "60883381e30134c7d87dc7e0fe2fcaacfe5469af143a68ca1baed185baff0f4f","sha1": "f2f1431ffc02fb8ab64d86abecdcfe2685d2eb4b","md5": "eb30ee6f12711087c87365f04724c578"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConformsTo.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseConformsTo.js","sha256": "60883381e30134c7d87dc7e0fe2fcaacfe5469af143a68ca1baed185baff0f4f","sha1": "f2f1431ffc02fb8ab64d86abecdcfe2685d2eb4b","md5": "eb30ee6f12711087c87365f04724c578"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConvert.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/_baseConvert.js","md5": "664e92ed5db1a51a4d0d7da26c660dd8","sha1": "74ba4f62d0a348474acc189c83fceb6a760ce27c","sha256": "a46928425b69427e597931716103a793c156a7eef2c9e510b72cdd657978f270","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConvert.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/_baseConvert.js","sha256": "a46928425b69427e597931716103a793c156a7eef2c9e510b72cdd657978f270","sha1": "74ba4f62d0a348474acc189c83fceb6a760ce27c","md5": "664e92ed5db1a51a4d0d7da26c660dd8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConvert.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/_baseConvert.js","sha256": "a46928425b69427e597931716103a793c156a7eef2c9e510b72cdd657978f270","sha1": "74ba4f62d0a348474acc189c83fceb6a760ce27c","md5": "664e92ed5db1a51a4d0d7da26c660dd8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseConvert.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/_baseConvert.js","sha256": "a46928425b69427e597931716103a793c156a7eef2c9e510b72cdd657978f270","sha1": "74ba4f62d0a348474acc189c83fceb6a760ce27c","md5": "664e92ed5db1a51a4d0d7da26c660dd8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseCreate.js","md5": "ad00bfe1ef837383c3d4128b6f192b8b","sha1": "202aced68f2ce65d35a3d9e7ee56e373de463233","sha256": "5d1669e013628e0891352720d6a56b6bf628404e13d27298d6e5473bd4ce87e4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseCreate.js","sha256": "5d1669e013628e0891352720d6a56b6bf628404e13d27298d6e5473bd4ce87e4","sha1": "202aced68f2ce65d35a3d9e7ee56e373de463233","md5": "ad00bfe1ef837383c3d4128b6f192b8b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseCreate.js","sha256": "5d1669e013628e0891352720d6a56b6bf628404e13d27298d6e5473bd4ce87e4","sha1": "202aced68f2ce65d35a3d9e7ee56e373de463233","md5": "ad00bfe1ef837383c3d4128b6f192b8b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseCreate.js","sha256": "5d1669e013628e0891352720d6a56b6bf628404e13d27298d6e5473bd4ce87e4","sha1": "202aced68f2ce65d35a3d9e7ee56e373de463233","md5": "ad00bfe1ef837383c3d4128b6f192b8b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDelay.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseDelay.js","md5": "4fc96a5e6781eef08286b9870a2f5632","sha1": "2a9133e727e4b0a6a9ec776addec9c791c812a4f","sha256": "a19afb2bce50e8cdda0304df029d3b7085014b3189c08cd11867522a0715069d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDelay.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseDelay.js","sha256": "a19afb2bce50e8cdda0304df029d3b7085014b3189c08cd11867522a0715069d","sha1": "2a9133e727e4b0a6a9ec776addec9c791c812a4f","md5": "4fc96a5e6781eef08286b9870a2f5632"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDelay.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseDelay.js","sha256": "a19afb2bce50e8cdda0304df029d3b7085014b3189c08cd11867522a0715069d","sha1": "2a9133e727e4b0a6a9ec776addec9c791c812a4f","md5": "4fc96a5e6781eef08286b9870a2f5632"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDelay.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseDelay.js","sha256": "a19afb2bce50e8cdda0304df029d3b7085014b3189c08cd11867522a0715069d","sha1": "2a9133e727e4b0a6a9ec776addec9c791c812a4f","md5": "4fc96a5e6781eef08286b9870a2f5632"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDifference.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseDifference.js","md5": "bb644a23b7e837dc52eef2e2bf441e73","sha1": "b3dc957d88a325a9c4e11645134bc92eb807dec8","sha256": "21bf6502bd0fd64f2bbe11eedd9b17e2e93440220f4a044e80b20fc507221812","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDifference.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseDifference.js","sha256": "21bf6502bd0fd64f2bbe11eedd9b17e2e93440220f4a044e80b20fc507221812","sha1": "b3dc957d88a325a9c4e11645134bc92eb807dec8","md5": "bb644a23b7e837dc52eef2e2bf441e73"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDifference.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseDifference.js","sha256": "21bf6502bd0fd64f2bbe11eedd9b17e2e93440220f4a044e80b20fc507221812","sha1": "b3dc957d88a325a9c4e11645134bc92eb807dec8","md5": "bb644a23b7e837dc52eef2e2bf441e73"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseDifference.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseDifference.js","sha256": "21bf6502bd0fd64f2bbe11eedd9b17e2e93440220f4a044e80b20fc507221812","sha1": "b3dc957d88a325a9c4e11645134bc92eb807dec8","md5": "bb644a23b7e837dc52eef2e2bf441e73"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseEach.js","md5": "135329d8d3ac4bc3cbdd96d3f3fb7043","sha1": "8df288083999c6711cdddc83d3f62ee092e0bd35","sha256": "d5e014823a4dd111149247d9f5921c172247c460cfa19db3c257926537ad1e00","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseEach.js","sha256": "d5e014823a4dd111149247d9f5921c172247c460cfa19db3c257926537ad1e00","sha1": "8df288083999c6711cdddc83d3f62ee092e0bd35","md5": "135329d8d3ac4bc3cbdd96d3f3fb7043"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseEach.js","sha256": "d5e014823a4dd111149247d9f5921c172247c460cfa19db3c257926537ad1e00","sha1": "8df288083999c6711cdddc83d3f62ee092e0bd35","md5": "135329d8d3ac4bc3cbdd96d3f3fb7043"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseEach.js","sha256": "d5e014823a4dd111149247d9f5921c172247c460cfa19db3c257926537ad1e00","sha1": "8df288083999c6711cdddc83d3f62ee092e0bd35","md5": "135329d8d3ac4bc3cbdd96d3f3fb7043"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseEachRight.js","md5": "7636760e396f8b8c43d604a9391af266","sha1": "f8f31ce8197c50e01ffe073be5e329bb95c5dd7f","sha256": "2465f3b6221fbbe10ca2efd02c3240a2824174f6c2bc2aadbf05c168c6d659da","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseEachRight.js","sha256": "2465f3b6221fbbe10ca2efd02c3240a2824174f6c2bc2aadbf05c168c6d659da","sha1": "f8f31ce8197c50e01ffe073be5e329bb95c5dd7f","md5": "7636760e396f8b8c43d604a9391af266"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseEachRight.js","sha256": "2465f3b6221fbbe10ca2efd02c3240a2824174f6c2bc2aadbf05c168c6d659da","sha1": "f8f31ce8197c50e01ffe073be5e329bb95c5dd7f","md5": "7636760e396f8b8c43d604a9391af266"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEachRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseEachRight.js","sha256": "2465f3b6221fbbe10ca2efd02c3240a2824174f6c2bc2aadbf05c168c6d659da","sha1": "f8f31ce8197c50e01ffe073be5e329bb95c5dd7f","md5": "7636760e396f8b8c43d604a9391af266"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseEvery.js","md5": "37ae9a37abfc533723f684cecccfd943","sha1": "6e445241a2ceb58e400c619247c7f1d5a9ad76da","sha256": "04509d8663294896a7215426ff97e7b6626c02027e351439e39c68ebf18e8adc","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseEvery.js","sha256": "04509d8663294896a7215426ff97e7b6626c02027e351439e39c68ebf18e8adc","sha1": "6e445241a2ceb58e400c619247c7f1d5a9ad76da","md5": "37ae9a37abfc533723f684cecccfd943"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseEvery.js","sha256": "04509d8663294896a7215426ff97e7b6626c02027e351439e39c68ebf18e8adc","sha1": "6e445241a2ceb58e400c619247c7f1d5a9ad76da","md5": "37ae9a37abfc533723f684cecccfd943"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseEvery.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseEvery.js","sha256": "04509d8663294896a7215426ff97e7b6626c02027e351439e39c68ebf18e8adc","sha1": "6e445241a2ceb58e400c619247c7f1d5a9ad76da","md5": "37ae9a37abfc533723f684cecccfd943"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseExtremum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseExtremum.js","md5": "1742a5c54ca6b6bde1ba47209a54389d","sha1": "931adb7b69f0e4683324797c8522f4f6c9ad6321","sha256": "b768c0721157f9e925141837698c459edd2c1dbdd43a821cc14d3b1f97751b3a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseExtremum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseExtremum.js","sha256": "b768c0721157f9e925141837698c459edd2c1dbdd43a821cc14d3b1f97751b3a","sha1": "931adb7b69f0e4683324797c8522f4f6c9ad6321","md5": "1742a5c54ca6b6bde1ba47209a54389d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseExtremum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseExtremum.js","sha256": "b768c0721157f9e925141837698c459edd2c1dbdd43a821cc14d3b1f97751b3a","sha1": "931adb7b69f0e4683324797c8522f4f6c9ad6321","md5": "1742a5c54ca6b6bde1ba47209a54389d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseExtremum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseExtremum.js","sha256": "b768c0721157f9e925141837698c459edd2c1dbdd43a821cc14d3b1f97751b3a","sha1": "931adb7b69f0e4683324797c8522f4f6c9ad6321","md5": "1742a5c54ca6b6bde1ba47209a54389d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFill.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFill.js","md5": "18b23523749e836ee3dfd3f6ee6cf4c8","sha1": "474427d0d470b473ac37456e9ba151a966b2ade7","sha256": "4e364f2b0ac343212c92f0e03a6268baa042db0e6800e5c0c6590651ed4e605b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFill.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFill.js","sha256": "4e364f2b0ac343212c92f0e03a6268baa042db0e6800e5c0c6590651ed4e605b","sha1": "474427d0d470b473ac37456e9ba151a966b2ade7","md5": "18b23523749e836ee3dfd3f6ee6cf4c8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFill.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFill.js","sha256": "4e364f2b0ac343212c92f0e03a6268baa042db0e6800e5c0c6590651ed4e605b","sha1": "474427d0d470b473ac37456e9ba151a966b2ade7","md5": "18b23523749e836ee3dfd3f6ee6cf4c8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFill.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFill.js","sha256": "4e364f2b0ac343212c92f0e03a6268baa042db0e6800e5c0c6590651ed4e605b","sha1": "474427d0d470b473ac37456e9ba151a966b2ade7","md5": "18b23523749e836ee3dfd3f6ee6cf4c8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFilter.js","md5": "9c3870dbcae7312af6682074df188791","sha1": "aa90047b0a1231f770807422c67a36a4c3524365","sha256": "cc817c4fce14c09a765f6ee71e790930d1fac5a44b7ade7604e11b97976e8f73","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFilter.js","sha256": "cc817c4fce14c09a765f6ee71e790930d1fac5a44b7ade7604e11b97976e8f73","sha1": "aa90047b0a1231f770807422c67a36a4c3524365","md5": "9c3870dbcae7312af6682074df188791"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFilter.js","sha256": "cc817c4fce14c09a765f6ee71e790930d1fac5a44b7ade7604e11b97976e8f73","sha1": "aa90047b0a1231f770807422c67a36a4c3524365","md5": "9c3870dbcae7312af6682074df188791"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFilter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFilter.js","sha256": "cc817c4fce14c09a765f6ee71e790930d1fac5a44b7ade7604e11b97976e8f73","sha1": "aa90047b0a1231f770807422c67a36a4c3524365","md5": "9c3870dbcae7312af6682074df188791"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFindIndex.js","md5": "689b12caa47aa0d5c9968d04cc4de280","sha1": "a6811f11035fd20ebedd10b014566614f1fee155","sha256": "07e9942a47eeb723eb9fa1bc0f7240f93ad9f52d702c0f37d7163670000350c1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFindIndex.js","sha256": "07e9942a47eeb723eb9fa1bc0f7240f93ad9f52d702c0f37d7163670000350c1","sha1": "a6811f11035fd20ebedd10b014566614f1fee155","md5": "689b12caa47aa0d5c9968d04cc4de280"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFindIndex.js","sha256": "07e9942a47eeb723eb9fa1bc0f7240f93ad9f52d702c0f37d7163670000350c1","sha1": "a6811f11035fd20ebedd10b014566614f1fee155","md5": "689b12caa47aa0d5c9968d04cc4de280"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFindIndex.js","sha256": "07e9942a47eeb723eb9fa1bc0f7240f93ad9f52d702c0f37d7163670000350c1","sha1": "a6811f11035fd20ebedd10b014566614f1fee155","md5": "689b12caa47aa0d5c9968d04cc4de280"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFindKey.js","md5": "5a3a460194cd564e32a3d311b0062d5f","sha1": "dc99c1f56a9a4559ae3fc9f3dbd7f8cfac677949","sha256": "a9958db300649f6f91cd8d35608b2234168a388702754bc6715c7966205a1c02","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFindKey.js","sha256": "a9958db300649f6f91cd8d35608b2234168a388702754bc6715c7966205a1c02","sha1": "dc99c1f56a9a4559ae3fc9f3dbd7f8cfac677949","md5": "5a3a460194cd564e32a3d311b0062d5f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFindKey.js","sha256": "a9958db300649f6f91cd8d35608b2234168a388702754bc6715c7966205a1c02","sha1": "dc99c1f56a9a4559ae3fc9f3dbd7f8cfac677949","md5": "5a3a460194cd564e32a3d311b0062d5f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFindKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFindKey.js","sha256": "a9958db300649f6f91cd8d35608b2234168a388702754bc6715c7966205a1c02","sha1": "dc99c1f56a9a4559ae3fc9f3dbd7f8cfac677949","md5": "5a3a460194cd564e32a3d311b0062d5f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFlatten.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFlatten.js","md5": "8f3a69900ef4a1075d25fef1e331edc3","sha1": "045ce95760998450c806995fd49db7ce8fd96982","sha256": "2410fc4a7f9e866d23e642ad2b93e599d792d89c95715b76993e3da98a86ac1f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFlatten.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFlatten.js","sha256": "2410fc4a7f9e866d23e642ad2b93e599d792d89c95715b76993e3da98a86ac1f","sha1": "045ce95760998450c806995fd49db7ce8fd96982","md5": "8f3a69900ef4a1075d25fef1e331edc3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFlatten.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFlatten.js","sha256": "2410fc4a7f9e866d23e642ad2b93e599d792d89c95715b76993e3da98a86ac1f","sha1": "045ce95760998450c806995fd49db7ce8fd96982","md5": "8f3a69900ef4a1075d25fef1e331edc3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFlatten.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFlatten.js","sha256": "2410fc4a7f9e866d23e642ad2b93e599d792d89c95715b76993e3da98a86ac1f","sha1": "045ce95760998450c806995fd49db7ce8fd96982","md5": "8f3a69900ef4a1075d25fef1e331edc3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFor.js","md5": "a8f1a07ee65b88eb5d665adebdb2302b","sha1": "6d4e2744c99f75df073ca2e005317feea00533f6","sha256": "683469bfd62c7770343faf2426bc0d83fb4a2dd7808ebd17464c1abbe5d1ec28","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFor.js","sha256": "683469bfd62c7770343faf2426bc0d83fb4a2dd7808ebd17464c1abbe5d1ec28","sha1": "6d4e2744c99f75df073ca2e005317feea00533f6","md5": "a8f1a07ee65b88eb5d665adebdb2302b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFor.js","sha256": "683469bfd62c7770343faf2426bc0d83fb4a2dd7808ebd17464c1abbe5d1ec28","sha1": "6d4e2744c99f75df073ca2e005317feea00533f6","md5": "a8f1a07ee65b88eb5d665adebdb2302b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFor.js","sha256": "683469bfd62c7770343faf2426bc0d83fb4a2dd7808ebd17464c1abbe5d1ec28","sha1": "6d4e2744c99f75df073ca2e005317feea00533f6","md5": "a8f1a07ee65b88eb5d665adebdb2302b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseForOwn.js","md5": "1b7bf3b458dce2f033b2cc27841ef1f1","sha1": "8977ba022a8d144093f35c729822e6161d5fd291","sha256": "c2c0e68131f8bf3ddd3d9d2e72880b4652c0ed2553dc3e726714169210d355ee","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseForOwn.js","sha256": "c2c0e68131f8bf3ddd3d9d2e72880b4652c0ed2553dc3e726714169210d355ee","sha1": "8977ba022a8d144093f35c729822e6161d5fd291","md5": "1b7bf3b458dce2f033b2cc27841ef1f1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseForOwn.js","sha256": "c2c0e68131f8bf3ddd3d9d2e72880b4652c0ed2553dc3e726714169210d355ee","sha1": "8977ba022a8d144093f35c729822e6161d5fd291","md5": "1b7bf3b458dce2f033b2cc27841ef1f1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseForOwn.js","sha256": "c2c0e68131f8bf3ddd3d9d2e72880b4652c0ed2553dc3e726714169210d355ee","sha1": "8977ba022a8d144093f35c729822e6161d5fd291","md5": "1b7bf3b458dce2f033b2cc27841ef1f1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwnRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseForOwnRight.js","md5": "682f048c044222a951fdd92e7b4c3745","sha1": "29a6ce1c8ff0893a7a5021a5b54d3303dc7e9ef5","sha256": "6962bd437841b3c730c4186743aa6ea10473099e8d4295ab3dd832b94427f78d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwnRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseForOwnRight.js","sha256": "6962bd437841b3c730c4186743aa6ea10473099e8d4295ab3dd832b94427f78d","sha1": "29a6ce1c8ff0893a7a5021a5b54d3303dc7e9ef5","md5": "682f048c044222a951fdd92e7b4c3745"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwnRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseForOwnRight.js","sha256": "6962bd437841b3c730c4186743aa6ea10473099e8d4295ab3dd832b94427f78d","sha1": "29a6ce1c8ff0893a7a5021a5b54d3303dc7e9ef5","md5": "682f048c044222a951fdd92e7b4c3745"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForOwnRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseForOwnRight.js","sha256": "6962bd437841b3c730c4186743aa6ea10473099e8d4295ab3dd832b94427f78d","sha1": "29a6ce1c8ff0893a7a5021a5b54d3303dc7e9ef5","md5": "682f048c044222a951fdd92e7b4c3745"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseForRight.js","md5": "e3abc83545b074120d778fe931a85428","sha1": "2d3155596f8e8420da54564a69dadfadbd84cd67","sha256": "91d763dd743e35f45ecfde013f18f66a037aca534dc51d3412fd34d276ae89dd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseForRight.js","sha256": "91d763dd743e35f45ecfde013f18f66a037aca534dc51d3412fd34d276ae89dd","sha1": "2d3155596f8e8420da54564a69dadfadbd84cd67","md5": "e3abc83545b074120d778fe931a85428"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseForRight.js","sha256": "91d763dd743e35f45ecfde013f18f66a037aca534dc51d3412fd34d276ae89dd","sha1": "2d3155596f8e8420da54564a69dadfadbd84cd67","md5": "e3abc83545b074120d778fe931a85428"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseForRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseForRight.js","sha256": "91d763dd743e35f45ecfde013f18f66a037aca534dc51d3412fd34d276ae89dd","sha1": "2d3155596f8e8420da54564a69dadfadbd84cd67","md5": "e3abc83545b074120d778fe931a85428"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFunctions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseFunctions.js","md5": "a0fa2f1fa7bc995d36ee18de87676719","sha1": "17d2e75a62a380223a943a07c0726c2d101c59ff","sha256": "98e1c1fb5206aa2d25292d33f375b6ab7979e1bb0b9b65728e2c130db00702da","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFunctions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseFunctions.js","sha256": "98e1c1fb5206aa2d25292d33f375b6ab7979e1bb0b9b65728e2c130db00702da","sha1": "17d2e75a62a380223a943a07c0726c2d101c59ff","md5": "a0fa2f1fa7bc995d36ee18de87676719"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFunctions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseFunctions.js","sha256": "98e1c1fb5206aa2d25292d33f375b6ab7979e1bb0b9b65728e2c130db00702da","sha1": "17d2e75a62a380223a943a07c0726c2d101c59ff","md5": "a0fa2f1fa7bc995d36ee18de87676719"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseFunctions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseFunctions.js","sha256": "98e1c1fb5206aa2d25292d33f375b6ab7979e1bb0b9b65728e2c130db00702da","sha1": "17d2e75a62a380223a943a07c0726c2d101c59ff","md5": "a0fa2f1fa7bc995d36ee18de87676719"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseGet.js","md5": "f90fbbd109e99b16cb68db657ec35489","sha1": "2c7bfaa44754b5302e3bd2137d95b4e045bc4c85","sha256": "11058a13c346613291e77147a6a5ba47e9fce3cd81c8acaf224eafc466bdc02d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseGet.js","sha256": "11058a13c346613291e77147a6a5ba47e9fce3cd81c8acaf224eafc466bdc02d","sha1": "2c7bfaa44754b5302e3bd2137d95b4e045bc4c85","md5": "f90fbbd109e99b16cb68db657ec35489"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseGet.js","sha256": "11058a13c346613291e77147a6a5ba47e9fce3cd81c8acaf224eafc466bdc02d","sha1": "2c7bfaa44754b5302e3bd2137d95b4e045bc4c85","md5": "f90fbbd109e99b16cb68db657ec35489"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseGet.js","sha256": "11058a13c346613291e77147a6a5ba47e9fce3cd81c8acaf224eafc466bdc02d","sha1": "2c7bfaa44754b5302e3bd2137d95b4e045bc4c85","md5": "f90fbbd109e99b16cb68db657ec35489"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseGetAllKeys.js","md5": "8b177295cb78ead902f3096e60e26136","sha1": "f7c042fc3a0e1f89ee6f0ab2765615983796b303","sha256": "1bfc82f79df4fda867fdd82baec9530c59189994c17fc1011733aba2de51d0fe","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseGetAllKeys.js","sha256": "1bfc82f79df4fda867fdd82baec9530c59189994c17fc1011733aba2de51d0fe","sha1": "f7c042fc3a0e1f89ee6f0ab2765615983796b303","md5": "8b177295cb78ead902f3096e60e26136"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseGetAllKeys.js","sha256": "1bfc82f79df4fda867fdd82baec9530c59189994c17fc1011733aba2de51d0fe","sha1": "f7c042fc3a0e1f89ee6f0ab2765615983796b303","md5": "8b177295cb78ead902f3096e60e26136"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseGetAllKeys.js","sha256": "1bfc82f79df4fda867fdd82baec9530c59189994c17fc1011733aba2de51d0fe","sha1": "f7c042fc3a0e1f89ee6f0ab2765615983796b303","md5": "8b177295cb78ead902f3096e60e26136"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseGetTag.js","md5": "e9a6e3635b64f3e4ba31eb33aed58848","sha1": "b66f083cb3c9fac408a18fa8e104a20e64355d45","sha256": "c9d3dbb76eeafd3007bceca376afc743370ab0c5487d78b5c6e097a4b0f6dd9b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseGetTag.js","sha256": "c9d3dbb76eeafd3007bceca376afc743370ab0c5487d78b5c6e097a4b0f6dd9b","sha1": "b66f083cb3c9fac408a18fa8e104a20e64355d45","md5": "e9a6e3635b64f3e4ba31eb33aed58848"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseGetTag.js","sha256": "c9d3dbb76eeafd3007bceca376afc743370ab0c5487d78b5c6e097a4b0f6dd9b","sha1": "b66f083cb3c9fac408a18fa8e104a20e64355d45","md5": "e9a6e3635b64f3e4ba31eb33aed58848"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGetTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseGetTag.js","sha256": "c9d3dbb76eeafd3007bceca376afc743370ab0c5487d78b5c6e097a4b0f6dd9b","sha1": "b66f083cb3c9fac408a18fa8e104a20e64355d45","md5": "e9a6e3635b64f3e4ba31eb33aed58848"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseGt.js","md5": "945f7a08ad07b3a91ee87fdb19c6d704","sha1": "7368ca132e9b25b5f2ae74cfc01d619f284e84d3","sha256": "99beb83e23bf1aff5a1bbbf8fd03f5b3cb4a9be6c21b8b659d601c0af364ea5b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseGt.js","sha256": "99beb83e23bf1aff5a1bbbf8fd03f5b3cb4a9be6c21b8b659d601c0af364ea5b","sha1": "7368ca132e9b25b5f2ae74cfc01d619f284e84d3","md5": "945f7a08ad07b3a91ee87fdb19c6d704"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseGt.js","sha256": "99beb83e23bf1aff5a1bbbf8fd03f5b3cb4a9be6c21b8b659d601c0af364ea5b","sha1": "7368ca132e9b25b5f2ae74cfc01d619f284e84d3","md5": "945f7a08ad07b3a91ee87fdb19c6d704"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseGt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseGt.js","sha256": "99beb83e23bf1aff5a1bbbf8fd03f5b3cb4a9be6c21b8b659d601c0af364ea5b","sha1": "7368ca132e9b25b5f2ae74cfc01d619f284e84d3","md5": "945f7a08ad07b3a91ee87fdb19c6d704"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseHas.js","md5": "0526222b785a7c0e7672ea4cb3272004","sha1": "0643a432e7d64d10615b4cd7092f2483c317cda7","sha256": "d17d0cb51e14b025dcad24b02da060f7f6cbf8c117220759b89d71f0ef0ad4e8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseHas.js","sha256": "d17d0cb51e14b025dcad24b02da060f7f6cbf8c117220759b89d71f0ef0ad4e8","sha1": "0643a432e7d64d10615b4cd7092f2483c317cda7","md5": "0526222b785a7c0e7672ea4cb3272004"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseHas.js","sha256": "d17d0cb51e14b025dcad24b02da060f7f6cbf8c117220759b89d71f0ef0ad4e8","sha1": "0643a432e7d64d10615b4cd7092f2483c317cda7","md5": "0526222b785a7c0e7672ea4cb3272004"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseHas.js","sha256": "d17d0cb51e14b025dcad24b02da060f7f6cbf8c117220759b89d71f0ef0ad4e8","sha1": "0643a432e7d64d10615b4cd7092f2483c317cda7","md5": "0526222b785a7c0e7672ea4cb3272004"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHasIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseHasIn.js","md5": "f3d19687a693646c580de8115f845808","sha1": "e11103f369bb4fef0cbd193622c7126c70e0fc8c","sha256": "fbb01dee1a06fb79300c788cd2d367da659c0ed34a81dbc3195790cccc0c947c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHasIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseHasIn.js","sha256": "fbb01dee1a06fb79300c788cd2d367da659c0ed34a81dbc3195790cccc0c947c","sha1": "e11103f369bb4fef0cbd193622c7126c70e0fc8c","md5": "f3d19687a693646c580de8115f845808"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHasIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseHasIn.js","sha256": "fbb01dee1a06fb79300c788cd2d367da659c0ed34a81dbc3195790cccc0c947c","sha1": "e11103f369bb4fef0cbd193622c7126c70e0fc8c","md5": "f3d19687a693646c580de8115f845808"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseHasIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseHasIn.js","sha256": "fbb01dee1a06fb79300c788cd2d367da659c0ed34a81dbc3195790cccc0c947c","sha1": "e11103f369bb4fef0cbd193622c7126c70e0fc8c","md5": "f3d19687a693646c580de8115f845808"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseInRange.js","md5": "3fe64b774f04a50f4d1bd546668c9709","sha1": "5186220a6519de4a9b0882ccbe565b74caea68cf","sha256": "b63df24ac4a8708b494862d0ba416dadf7383e81cf4e86e83b86cbb7f94bd259","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseInRange.js","sha256": "b63df24ac4a8708b494862d0ba416dadf7383e81cf4e86e83b86cbb7f94bd259","sha1": "5186220a6519de4a9b0882ccbe565b74caea68cf","md5": "3fe64b774f04a50f4d1bd546668c9709"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseInRange.js","sha256": "b63df24ac4a8708b494862d0ba416dadf7383e81cf4e86e83b86cbb7f94bd259","sha1": "5186220a6519de4a9b0882ccbe565b74caea68cf","md5": "3fe64b774f04a50f4d1bd546668c9709"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseInRange.js","sha256": "b63df24ac4a8708b494862d0ba416dadf7383e81cf4e86e83b86cbb7f94bd259","sha1": "5186220a6519de4a9b0882ccbe565b74caea68cf","md5": "3fe64b774f04a50f4d1bd546668c9709"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIndexOf.js","md5": "62fbdf43dc0c558e233fc6d704185dfd","sha1": "554c47e0383ef62d126d9d66aeb416e8e75ebf3b","sha256": "160cc40dde0bf0e97b14530df56bc46c7bcc6b9aaf63629647b21e480a795baa","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIndexOf.js","sha256": "160cc40dde0bf0e97b14530df56bc46c7bcc6b9aaf63629647b21e480a795baa","sha1": "554c47e0383ef62d126d9d66aeb416e8e75ebf3b","md5": "62fbdf43dc0c558e233fc6d704185dfd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIndexOf.js","sha256": "160cc40dde0bf0e97b14530df56bc46c7bcc6b9aaf63629647b21e480a795baa","sha1": "554c47e0383ef62d126d9d66aeb416e8e75ebf3b","md5": "62fbdf43dc0c558e233fc6d704185dfd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIndexOf.js","sha256": "160cc40dde0bf0e97b14530df56bc46c7bcc6b9aaf63629647b21e480a795baa","sha1": "554c47e0383ef62d126d9d66aeb416e8e75ebf3b","md5": "62fbdf43dc0c558e233fc6d704185dfd"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOfWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIndexOfWith.js","md5": "697e90a4ad58a689631b6f56e4fe202c","sha1": "bf10b85520bfc5add8a38c341e95a985e1ab3626","sha256": "01448f1f44e625d3b4876f6f07c432bab5a7c7eec5b89ebb3c643b700be25fab","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOfWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIndexOfWith.js","sha256": "01448f1f44e625d3b4876f6f07c432bab5a7c7eec5b89ebb3c643b700be25fab","sha1": "bf10b85520bfc5add8a38c341e95a985e1ab3626","md5": "697e90a4ad58a689631b6f56e4fe202c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOfWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIndexOfWith.js","sha256": "01448f1f44e625d3b4876f6f07c432bab5a7c7eec5b89ebb3c643b700be25fab","sha1": "bf10b85520bfc5add8a38c341e95a985e1ab3626","md5": "697e90a4ad58a689631b6f56e4fe202c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIndexOfWith.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIndexOfWith.js","sha256": "01448f1f44e625d3b4876f6f07c432bab5a7c7eec5b89ebb3c643b700be25fab","sha1": "bf10b85520bfc5add8a38c341e95a985e1ab3626","md5": "697e90a4ad58a689631b6f56e4fe202c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIntersection.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIntersection.js","md5": "db8e686ef64cc14ef05f8430bb41e321","sha1": "deed35c6297d406b8f5e0672a4cc99cbc95fd0b1","sha256": "2af90dce65989b33fa203e3f859eb11ce9e8399ce163b248c1d60dcf1388a42d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIntersection.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIntersection.js","sha256": "2af90dce65989b33fa203e3f859eb11ce9e8399ce163b248c1d60dcf1388a42d","sha1": "deed35c6297d406b8f5e0672a4cc99cbc95fd0b1","md5": "db8e686ef64cc14ef05f8430bb41e321"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIntersection.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIntersection.js","sha256": "2af90dce65989b33fa203e3f859eb11ce9e8399ce163b248c1d60dcf1388a42d","sha1": "deed35c6297d406b8f5e0672a4cc99cbc95fd0b1","md5": "db8e686ef64cc14ef05f8430bb41e321"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIntersection.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIntersection.js","sha256": "2af90dce65989b33fa203e3f859eb11ce9e8399ce163b248c1d60dcf1388a42d","sha1": "deed35c6297d406b8f5e0672a4cc99cbc95fd0b1","md5": "db8e686ef64cc14ef05f8430bb41e321"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseInverter.js","md5": "7f605b258bbce7cf531972ca1c46772d","sha1": "84de1267be8b3b1973a696826a66247ff88e7c25","sha256": "fd69c5bba6a7b7f42427c4e148a283fb0a95ee2dbe224199aa944136eca23ede","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseInverter.js","sha256": "fd69c5bba6a7b7f42427c4e148a283fb0a95ee2dbe224199aa944136eca23ede","sha1": "84de1267be8b3b1973a696826a66247ff88e7c25","md5": "7f605b258bbce7cf531972ca1c46772d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseInverter.js","sha256": "fd69c5bba6a7b7f42427c4e148a283fb0a95ee2dbe224199aa944136eca23ede","sha1": "84de1267be8b3b1973a696826a66247ff88e7c25","md5": "7f605b258bbce7cf531972ca1c46772d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseInverter.js","sha256": "fd69c5bba6a7b7f42427c4e148a283fb0a95ee2dbe224199aa944136eca23ede","sha1": "84de1267be8b3b1973a696826a66247ff88e7c25","md5": "7f605b258bbce7cf531972ca1c46772d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInvoke.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseInvoke.js","md5": "565f354fce582fe9ccc84dc05ea7a38d","sha1": "b287bbe200beaf0e4825bc7bccb7ff702e0eff74","sha256": "c84423133be6432565b8a64496b372ffd237fe12cc9b6b82e311c9af8ebaf3cc","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInvoke.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseInvoke.js","sha256": "c84423133be6432565b8a64496b372ffd237fe12cc9b6b82e311c9af8ebaf3cc","sha1": "b287bbe200beaf0e4825bc7bccb7ff702e0eff74","md5": "565f354fce582fe9ccc84dc05ea7a38d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInvoke.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseInvoke.js","sha256": "c84423133be6432565b8a64496b372ffd237fe12cc9b6b82e311c9af8ebaf3cc","sha1": "b287bbe200beaf0e4825bc7bccb7ff702e0eff74","md5": "565f354fce582fe9ccc84dc05ea7a38d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseInvoke.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseInvoke.js","sha256": "c84423133be6432565b8a64496b372ffd237fe12cc9b6b82e311c9af8ebaf3cc","sha1": "b287bbe200beaf0e4825bc7bccb7ff702e0eff74","md5": "565f354fce582fe9ccc84dc05ea7a38d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArguments.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsArguments.js","md5": "aac6bce54a5f5d534e2dab147187470e","sha1": "6c428b2e543a752140ee6b1223a659f45025a71c","sha256": "71a59dc09c35dedcbee7ed71f5eae03e8a9b0251516ed098f28cdb6e28d0b816","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArguments.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsArguments.js","sha256": "71a59dc09c35dedcbee7ed71f5eae03e8a9b0251516ed098f28cdb6e28d0b816","sha1": "6c428b2e543a752140ee6b1223a659f45025a71c","md5": "aac6bce54a5f5d534e2dab147187470e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArguments.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsArguments.js","sha256": "71a59dc09c35dedcbee7ed71f5eae03e8a9b0251516ed098f28cdb6e28d0b816","sha1": "6c428b2e543a752140ee6b1223a659f45025a71c","md5": "aac6bce54a5f5d534e2dab147187470e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArguments.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsArguments.js","sha256": "71a59dc09c35dedcbee7ed71f5eae03e8a9b0251516ed098f28cdb6e28d0b816","sha1": "6c428b2e543a752140ee6b1223a659f45025a71c","md5": "aac6bce54a5f5d534e2dab147187470e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsArrayBuffer.js","md5": "7f8d104b4180ccc348deef2dc07ad2ed","sha1": "f154818234664296ec6c8496be8cbe77c6909c8e","sha256": "c526bfb1ea2d63d05e03e8694789ca6855319f2ad19501cff235392f8b738311","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsArrayBuffer.js","sha256": "c526bfb1ea2d63d05e03e8694789ca6855319f2ad19501cff235392f8b738311","sha1": "f154818234664296ec6c8496be8cbe77c6909c8e","md5": "7f8d104b4180ccc348deef2dc07ad2ed"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsArrayBuffer.js","sha256": "c526bfb1ea2d63d05e03e8694789ca6855319f2ad19501cff235392f8b738311","sha1": "f154818234664296ec6c8496be8cbe77c6909c8e","md5": "7f8d104b4180ccc348deef2dc07ad2ed"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsArrayBuffer.js","sha256": "c526bfb1ea2d63d05e03e8694789ca6855319f2ad19501cff235392f8b738311","sha1": "f154818234664296ec6c8496be8cbe77c6909c8e","md5": "7f8d104b4180ccc348deef2dc07ad2ed"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsDate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsDate.js","md5": "79104a5d8ccedf668fba6226be4a6730","sha1": "c21fd699a4d3d38d28770746f33992778c3e2e94","sha256": "1ce47b8310f9000ea4aa9fad1c847fb728b289e51a794de0d9a6ea0fac49eff6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsDate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsDate.js","sha256": "1ce47b8310f9000ea4aa9fad1c847fb728b289e51a794de0d9a6ea0fac49eff6","sha1": "c21fd699a4d3d38d28770746f33992778c3e2e94","md5": "79104a5d8ccedf668fba6226be4a6730"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsDate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsDate.js","sha256": "1ce47b8310f9000ea4aa9fad1c847fb728b289e51a794de0d9a6ea0fac49eff6","sha1": "c21fd699a4d3d38d28770746f33992778c3e2e94","md5": "79104a5d8ccedf668fba6226be4a6730"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsDate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsDate.js","sha256": "1ce47b8310f9000ea4aa9fad1c847fb728b289e51a794de0d9a6ea0fac49eff6","sha1": "c21fd699a4d3d38d28770746f33992778c3e2e94","md5": "79104a5d8ccedf668fba6226be4a6730"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqual.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsEqual.js","md5": "61d91542a3dd58becd84dba7588d0927","sha1": "7f9ae050c867190bf8379e97f1fd9d01cc2c96f3","sha256": "21f0fd8de670d92e39facd016752f770a7c2760ce60a5a5d12e0a1a05e53ce19","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqual.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsEqual.js","sha256": "21f0fd8de670d92e39facd016752f770a7c2760ce60a5a5d12e0a1a05e53ce19","sha1": "7f9ae050c867190bf8379e97f1fd9d01cc2c96f3","md5": "61d91542a3dd58becd84dba7588d0927"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqual.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsEqual.js","sha256": "21f0fd8de670d92e39facd016752f770a7c2760ce60a5a5d12e0a1a05e53ce19","sha1": "7f9ae050c867190bf8379e97f1fd9d01cc2c96f3","md5": "61d91542a3dd58becd84dba7588d0927"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqual.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsEqual.js","sha256": "21f0fd8de670d92e39facd016752f770a7c2760ce60a5a5d12e0a1a05e53ce19","sha1": "7f9ae050c867190bf8379e97f1fd9d01cc2c96f3","md5": "61d91542a3dd58becd84dba7588d0927"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqualDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsEqualDeep.js","md5": "87d71894e01af7973a66faeef35b081c","sha1": "becc7c47d3ad5aaf2a6e5df7038595f21ff92bb3","sha256": "6b9423fb4d815a8e7df793686defafa04a722878d09b48dff6e5ce52402f3ddd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqualDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsEqualDeep.js","sha256": "6b9423fb4d815a8e7df793686defafa04a722878d09b48dff6e5ce52402f3ddd","sha1": "becc7c47d3ad5aaf2a6e5df7038595f21ff92bb3","md5": "87d71894e01af7973a66faeef35b081c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqualDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsEqualDeep.js","sha256": "6b9423fb4d815a8e7df793686defafa04a722878d09b48dff6e5ce52402f3ddd","sha1": "becc7c47d3ad5aaf2a6e5df7038595f21ff92bb3","md5": "87d71894e01af7973a66faeef35b081c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsEqualDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsEqualDeep.js","sha256": "6b9423fb4d815a8e7df793686defafa04a722878d09b48dff6e5ce52402f3ddd","sha1": "becc7c47d3ad5aaf2a6e5df7038595f21ff92bb3","md5": "87d71894e01af7973a66faeef35b081c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsMap.js","md5": "57fd885ef566653e43584f0a39f7b381","sha1": "b28a7248f4a44300ecc8080ad259944d4bb9a356","sha256": "90ec23bcd6b80fbe357b5121648df3a40c67cd3ff8f9c6ee5731a3952a7491c5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsMap.js","sha256": "90ec23bcd6b80fbe357b5121648df3a40c67cd3ff8f9c6ee5731a3952a7491c5","sha1": "b28a7248f4a44300ecc8080ad259944d4bb9a356","md5": "57fd885ef566653e43584f0a39f7b381"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsMap.js","sha256": "90ec23bcd6b80fbe357b5121648df3a40c67cd3ff8f9c6ee5731a3952a7491c5","sha1": "b28a7248f4a44300ecc8080ad259944d4bb9a356","md5": "57fd885ef566653e43584f0a39f7b381"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsMap.js","sha256": "90ec23bcd6b80fbe357b5121648df3a40c67cd3ff8f9c6ee5731a3952a7491c5","sha1": "b28a7248f4a44300ecc8080ad259944d4bb9a356","md5": "57fd885ef566653e43584f0a39f7b381"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMatch.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsMatch.js","md5": "f572a60c80359973fb867e3a94e65ee2","sha1": "68d520389a8b2d00f0b649787df02734bc00ad9f","sha256": "cab17bf58d85e518955c73d983384a130c48cd0e233f38e4498123239325ee4b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMatch.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsMatch.js","sha256": "cab17bf58d85e518955c73d983384a130c48cd0e233f38e4498123239325ee4b","sha1": "68d520389a8b2d00f0b649787df02734bc00ad9f","md5": "f572a60c80359973fb867e3a94e65ee2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMatch.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsMatch.js","sha256": "cab17bf58d85e518955c73d983384a130c48cd0e233f38e4498123239325ee4b","sha1": "68d520389a8b2d00f0b649787df02734bc00ad9f","md5": "f572a60c80359973fb867e3a94e65ee2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsMatch.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsMatch.js","sha256": "cab17bf58d85e518955c73d983384a130c48cd0e233f38e4498123239325ee4b","sha1": "68d520389a8b2d00f0b649787df02734bc00ad9f","md5": "f572a60c80359973fb867e3a94e65ee2"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNaN.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsNaN.js","md5": "362ba09d6229645daa22006374da0778","sha1": "01512b16931316dc87e670d11c3b3d7c354366a9","sha256": "9e61fb70f5bcdea9f5ce53949ea2c467f9bf11aceb85c3da8e9d21bd1f74786e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNaN.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsNaN.js","sha256": "9e61fb70f5bcdea9f5ce53949ea2c467f9bf11aceb85c3da8e9d21bd1f74786e","sha1": "01512b16931316dc87e670d11c3b3d7c354366a9","md5": "362ba09d6229645daa22006374da0778"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNaN.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsNaN.js","sha256": "9e61fb70f5bcdea9f5ce53949ea2c467f9bf11aceb85c3da8e9d21bd1f74786e","sha1": "01512b16931316dc87e670d11c3b3d7c354366a9","md5": "362ba09d6229645daa22006374da0778"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNaN.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsNaN.js","sha256": "9e61fb70f5bcdea9f5ce53949ea2c467f9bf11aceb85c3da8e9d21bd1f74786e","sha1": "01512b16931316dc87e670d11c3b3d7c354366a9","md5": "362ba09d6229645daa22006374da0778"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsNative.js","md5": "716024a6a779f5d1eaaf8c6905d2e2fd","sha1": "1f36b939f5e5b0dc5f28ba7c47206d717b966c7e","sha256": "1e99406998d0b3d47f6cd1b65d5d1a46dc339adef0d58cd15d98a6e795fcc040","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsNative.js","sha256": "1e99406998d0b3d47f6cd1b65d5d1a46dc339adef0d58cd15d98a6e795fcc040","sha1": "1f36b939f5e5b0dc5f28ba7c47206d717b966c7e","md5": "716024a6a779f5d1eaaf8c6905d2e2fd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsNative.js","sha256": "1e99406998d0b3d47f6cd1b65d5d1a46dc339adef0d58cd15d98a6e795fcc040","sha1": "1f36b939f5e5b0dc5f28ba7c47206d717b966c7e","md5": "716024a6a779f5d1eaaf8c6905d2e2fd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsNative.js","sha256": "1e99406998d0b3d47f6cd1b65d5d1a46dc339adef0d58cd15d98a6e795fcc040","sha1": "1f36b939f5e5b0dc5f28ba7c47206d717b966c7e","md5": "716024a6a779f5d1eaaf8c6905d2e2fd"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsRegExp.js","md5": "37c87be651441425e3eae83dc7c58ee4","sha1": "663e2101fd6aa3086bddedb08f0d2e7bbc30c0f9","sha256": "bb93beb83a70615199e0ddb41fb89e570e109e5b78d222e27f26c142b5c104e0","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsRegExp.js","sha256": "bb93beb83a70615199e0ddb41fb89e570e109e5b78d222e27f26c142b5c104e0","sha1": "663e2101fd6aa3086bddedb08f0d2e7bbc30c0f9","md5": "37c87be651441425e3eae83dc7c58ee4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsRegExp.js","sha256": "bb93beb83a70615199e0ddb41fb89e570e109e5b78d222e27f26c142b5c104e0","sha1": "663e2101fd6aa3086bddedb08f0d2e7bbc30c0f9","md5": "37c87be651441425e3eae83dc7c58ee4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsRegExp.js","sha256": "bb93beb83a70615199e0ddb41fb89e570e109e5b78d222e27f26c142b5c104e0","sha1": "663e2101fd6aa3086bddedb08f0d2e7bbc30c0f9","md5": "37c87be651441425e3eae83dc7c58ee4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsSet.js","md5": "e646c0dd9a7cbdc97d0516d93aab3367","sha1": "52795ae38cc0426dca2468342cf28dc2f78775f2","sha256": "2f5f1df7f711b04baa32d874e11fd8a193d83e311f5c32d512142f6a4cb864be","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsSet.js","sha256": "2f5f1df7f711b04baa32d874e11fd8a193d83e311f5c32d512142f6a4cb864be","sha1": "52795ae38cc0426dca2468342cf28dc2f78775f2","md5": "e646c0dd9a7cbdc97d0516d93aab3367"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsSet.js","sha256": "2f5f1df7f711b04baa32d874e11fd8a193d83e311f5c32d512142f6a4cb864be","sha1": "52795ae38cc0426dca2468342cf28dc2f78775f2","md5": "e646c0dd9a7cbdc97d0516d93aab3367"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsSet.js","sha256": "2f5f1df7f711b04baa32d874e11fd8a193d83e311f5c32d512142f6a4cb864be","sha1": "52795ae38cc0426dca2468342cf28dc2f78775f2","md5": "e646c0dd9a7cbdc97d0516d93aab3367"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIsTypedArray.js","md5": "83a0657add4462715dcb724ba94f9213","sha1": "291f63ba52ab97764a33305efd699a2e394b2517","sha256": "70f974187f6d9140a971e515ea00246ac3a36b647d5960e2b95510ae73d56de6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIsTypedArray.js","sha256": "70f974187f6d9140a971e515ea00246ac3a36b647d5960e2b95510ae73d56de6","sha1": "291f63ba52ab97764a33305efd699a2e394b2517","md5": "83a0657add4462715dcb724ba94f9213"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIsTypedArray.js","sha256": "70f974187f6d9140a971e515ea00246ac3a36b647d5960e2b95510ae73d56de6","sha1": "291f63ba52ab97764a33305efd699a2e394b2517","md5": "83a0657add4462715dcb724ba94f9213"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIsTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIsTypedArray.js","sha256": "70f974187f6d9140a971e515ea00246ac3a36b647d5960e2b95510ae73d56de6","sha1": "291f63ba52ab97764a33305efd699a2e394b2517","md5": "83a0657add4462715dcb724ba94f9213"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIteratee.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseIteratee.js","md5": "c0afffd453201ac29e0ca75e0c7e1842","sha1": "032e8e56ae36205075f11cef6a7e91890a8425bd","sha256": "94575a6628739b81cd429d95e81a6fbb3509e324183ddedee614437ec27291a2","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIteratee.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseIteratee.js","sha256": "94575a6628739b81cd429d95e81a6fbb3509e324183ddedee614437ec27291a2","sha1": "032e8e56ae36205075f11cef6a7e91890a8425bd","md5": "c0afffd453201ac29e0ca75e0c7e1842"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIteratee.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseIteratee.js","sha256": "94575a6628739b81cd429d95e81a6fbb3509e324183ddedee614437ec27291a2","sha1": "032e8e56ae36205075f11cef6a7e91890a8425bd","md5": "c0afffd453201ac29e0ca75e0c7e1842"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseIteratee.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseIteratee.js","sha256": "94575a6628739b81cd429d95e81a6fbb3509e324183ddedee614437ec27291a2","sha1": "032e8e56ae36205075f11cef6a7e91890a8425bd","md5": "c0afffd453201ac29e0ca75e0c7e1842"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseKeys.js","md5": "7cbefd191c1a4bafe13780554813c130","sha1": "29d99b03db5dad4affa41a388470c89595e44991","sha256": "92683af4e78a9e10b38d5d56306cee637556938a2bead6c214dac14f1d769d33","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseKeys.js","sha256": "92683af4e78a9e10b38d5d56306cee637556938a2bead6c214dac14f1d769d33","sha1": "29d99b03db5dad4affa41a388470c89595e44991","md5": "7cbefd191c1a4bafe13780554813c130"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseKeys.js","sha256": "92683af4e78a9e10b38d5d56306cee637556938a2bead6c214dac14f1d769d33","sha1": "29d99b03db5dad4affa41a388470c89595e44991","md5": "7cbefd191c1a4bafe13780554813c130"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseKeys.js","sha256": "92683af4e78a9e10b38d5d56306cee637556938a2bead6c214dac14f1d769d33","sha1": "29d99b03db5dad4affa41a388470c89595e44991","md5": "7cbefd191c1a4bafe13780554813c130"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseKeysIn.js","md5": "74fdf3b8803b4da3c36940133e45d820","sha1": "eb88d9e4d4f429c250f3ee2f22312b885ce7a75d","sha256": "89ca96a614e59b757ac3aa72c0b9ca454c015ed8de2e38264a2b9daa49b55e09","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseKeysIn.js","sha256": "89ca96a614e59b757ac3aa72c0b9ca454c015ed8de2e38264a2b9daa49b55e09","sha1": "eb88d9e4d4f429c250f3ee2f22312b885ce7a75d","md5": "74fdf3b8803b4da3c36940133e45d820"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseKeysIn.js","sha256": "89ca96a614e59b757ac3aa72c0b9ca454c015ed8de2e38264a2b9daa49b55e09","sha1": "eb88d9e4d4f429c250f3ee2f22312b885ce7a75d","md5": "74fdf3b8803b4da3c36940133e45d820"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseKeysIn.js","sha256": "89ca96a614e59b757ac3aa72c0b9ca454c015ed8de2e38264a2b9daa49b55e09","sha1": "eb88d9e4d4f429c250f3ee2f22312b885ce7a75d","md5": "74fdf3b8803b4da3c36940133e45d820"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLodash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseLodash.js","md5": "b33672506fdb05cea731f5b8e36ae559","sha1": "dfebf25a399f77aa4b416e1a92ba11ca59c2a8e9","sha256": "a53c8b4383d2fc7564db703c83cce4a462da10eac356fdd5a77a0f82b4133e50","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLodash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseLodash.js","sha256": "a53c8b4383d2fc7564db703c83cce4a462da10eac356fdd5a77a0f82b4133e50","sha1": "dfebf25a399f77aa4b416e1a92ba11ca59c2a8e9","md5": "b33672506fdb05cea731f5b8e36ae559"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLodash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseLodash.js","sha256": "a53c8b4383d2fc7564db703c83cce4a462da10eac356fdd5a77a0f82b4133e50","sha1": "dfebf25a399f77aa4b416e1a92ba11ca59c2a8e9","md5": "b33672506fdb05cea731f5b8e36ae559"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLodash.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseLodash.js","sha256": "a53c8b4383d2fc7564db703c83cce4a462da10eac356fdd5a77a0f82b4133e50","sha1": "dfebf25a399f77aa4b416e1a92ba11ca59c2a8e9","md5": "b33672506fdb05cea731f5b8e36ae559"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseLt.js","md5": "fe948b10d92f8c2a7ea1be37cbc9e6ca","sha1": "92e621a7798bec567f79b006e1608a434b18d22c","sha256": "66854d33e10ee86969f206173cb0d37f2c67f2f8566c7d48dce17f400c53ec90","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseLt.js","sha256": "66854d33e10ee86969f206173cb0d37f2c67f2f8566c7d48dce17f400c53ec90","sha1": "92e621a7798bec567f79b006e1608a434b18d22c","md5": "fe948b10d92f8c2a7ea1be37cbc9e6ca"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseLt.js","sha256": "66854d33e10ee86969f206173cb0d37f2c67f2f8566c7d48dce17f400c53ec90","sha1": "92e621a7798bec567f79b006e1608a434b18d22c","md5": "fe948b10d92f8c2a7ea1be37cbc9e6ca"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseLt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseLt.js","sha256": "66854d33e10ee86969f206173cb0d37f2c67f2f8566c7d48dce17f400c53ec90","sha1": "92e621a7798bec567f79b006e1608a434b18d22c","md5": "fe948b10d92f8c2a7ea1be37cbc9e6ca"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseMap.js","md5": "5692a4be696adaa890207cd57dc9af96","sha1": "e4d4a4031106e999c0f44a81dd62afc0f84f3fe0","sha256": "7787722e7cd97155c5cf3e6d09ce7c2599fab924424d527b0b4705306ff04dae","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseMap.js","sha256": "7787722e7cd97155c5cf3e6d09ce7c2599fab924424d527b0b4705306ff04dae","sha1": "e4d4a4031106e999c0f44a81dd62afc0f84f3fe0","md5": "5692a4be696adaa890207cd57dc9af96"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseMap.js","sha256": "7787722e7cd97155c5cf3e6d09ce7c2599fab924424d527b0b4705306ff04dae","sha1": "e4d4a4031106e999c0f44a81dd62afc0f84f3fe0","md5": "5692a4be696adaa890207cd57dc9af96"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseMap.js","sha256": "7787722e7cd97155c5cf3e6d09ce7c2599fab924424d527b0b4705306ff04dae","sha1": "e4d4a4031106e999c0f44a81dd62afc0f84f3fe0","md5": "5692a4be696adaa890207cd57dc9af96"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatches.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseMatches.js","md5": "4a9f64ea0fddf7e0fe13033bed7b342d","sha1": "bb2332567191ebdf1e2414efb7279d989fa223ed","sha256": "78ce86cd7f9815f492bd652eb75456d1b5bef696e70b845df5d2747b3b5bf1ea","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatches.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseMatches.js","sha256": "78ce86cd7f9815f492bd652eb75456d1b5bef696e70b845df5d2747b3b5bf1ea","sha1": "bb2332567191ebdf1e2414efb7279d989fa223ed","md5": "4a9f64ea0fddf7e0fe13033bed7b342d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatches.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseMatches.js","sha256": "78ce86cd7f9815f492bd652eb75456d1b5bef696e70b845df5d2747b3b5bf1ea","sha1": "bb2332567191ebdf1e2414efb7279d989fa223ed","md5": "4a9f64ea0fddf7e0fe13033bed7b342d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatches.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseMatches.js","sha256": "78ce86cd7f9815f492bd652eb75456d1b5bef696e70b845df5d2747b3b5bf1ea","sha1": "bb2332567191ebdf1e2414efb7279d989fa223ed","md5": "4a9f64ea0fddf7e0fe13033bed7b342d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatchesProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseMatchesProperty.js","md5": "62edfa6b61b3a018d71d000d65c5545f","sha1": "0a4a914477d3d5a170f0c5bc7c5b2abd106bbfbf","sha256": "2544a0ffe23adc5be309104c5831bcdc7c29d3e4211b6990cfbef28cc9e7ad9c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatchesProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseMatchesProperty.js","sha256": "2544a0ffe23adc5be309104c5831bcdc7c29d3e4211b6990cfbef28cc9e7ad9c","sha1": "0a4a914477d3d5a170f0c5bc7c5b2abd106bbfbf","md5": "62edfa6b61b3a018d71d000d65c5545f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatchesProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseMatchesProperty.js","sha256": "2544a0ffe23adc5be309104c5831bcdc7c29d3e4211b6990cfbef28cc9e7ad9c","sha1": "0a4a914477d3d5a170f0c5bc7c5b2abd106bbfbf","md5": "62edfa6b61b3a018d71d000d65c5545f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMatchesProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseMatchesProperty.js","sha256": "2544a0ffe23adc5be309104c5831bcdc7c29d3e4211b6990cfbef28cc9e7ad9c","sha1": "0a4a914477d3d5a170f0c5bc7c5b2abd106bbfbf","md5": "62edfa6b61b3a018d71d000d65c5545f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMean.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseMean.js","md5": "2b1043cbf9c4123988fede43d83d39a4","sha1": "0e536b0da31875ca4a97989a76d851b5589cc867","sha256": "08de6692935e8ef6c3ac35f2231d0c19dbadecf92177e912096e65871c0ca512","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMean.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseMean.js","sha256": "08de6692935e8ef6c3ac35f2231d0c19dbadecf92177e912096e65871c0ca512","sha1": "0e536b0da31875ca4a97989a76d851b5589cc867","md5": "2b1043cbf9c4123988fede43d83d39a4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMean.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseMean.js","sha256": "08de6692935e8ef6c3ac35f2231d0c19dbadecf92177e912096e65871c0ca512","sha1": "0e536b0da31875ca4a97989a76d851b5589cc867","md5": "2b1043cbf9c4123988fede43d83d39a4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMean.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseMean.js","sha256": "08de6692935e8ef6c3ac35f2231d0c19dbadecf92177e912096e65871c0ca512","sha1": "0e536b0da31875ca4a97989a76d851b5589cc867","md5": "2b1043cbf9c4123988fede43d83d39a4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseMerge.js","md5": "052f0e6c909278ebc19ca2cb027f0acd","sha1": "7351665a72f5448392a3dce645946fd1368c5c87","sha256": "142a0add697e0ebc9698368d1bb28fba98b2e3188d36159a3bf16f9e2a33761d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseMerge.js","sha256": "142a0add697e0ebc9698368d1bb28fba98b2e3188d36159a3bf16f9e2a33761d","sha1": "7351665a72f5448392a3dce645946fd1368c5c87","md5": "052f0e6c909278ebc19ca2cb027f0acd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseMerge.js","sha256": "142a0add697e0ebc9698368d1bb28fba98b2e3188d36159a3bf16f9e2a33761d","sha1": "7351665a72f5448392a3dce645946fd1368c5c87","md5": "052f0e6c909278ebc19ca2cb027f0acd"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseMerge.js","sha256": "142a0add697e0ebc9698368d1bb28fba98b2e3188d36159a3bf16f9e2a33761d","sha1": "7351665a72f5448392a3dce645946fd1368c5c87","md5": "052f0e6c909278ebc19ca2cb027f0acd"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMergeDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseMergeDeep.js","md5": "8f6ddd518425499fed57a3c39aaef0f4","sha1": "b20f414c41bf4446a4723ad001247e14568a91b7","sha256": "5a3f178cccdab4ee9f3adb1ce1fef7794c60db8f7b2a0e221d38a15ee87aa7a9","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMergeDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseMergeDeep.js","sha256": "5a3f178cccdab4ee9f3adb1ce1fef7794c60db8f7b2a0e221d38a15ee87aa7a9","sha1": "b20f414c41bf4446a4723ad001247e14568a91b7","md5": "8f6ddd518425499fed57a3c39aaef0f4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMergeDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseMergeDeep.js","sha256": "5a3f178cccdab4ee9f3adb1ce1fef7794c60db8f7b2a0e221d38a15ee87aa7a9","sha1": "b20f414c41bf4446a4723ad001247e14568a91b7","md5": "8f6ddd518425499fed57a3c39aaef0f4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseMergeDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseMergeDeep.js","sha256": "5a3f178cccdab4ee9f3adb1ce1fef7794c60db8f7b2a0e221d38a15ee87aa7a9","sha1": "b20f414c41bf4446a4723ad001247e14568a91b7","md5": "8f6ddd518425499fed57a3c39aaef0f4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseNth.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseNth.js","md5": "d867679f9df2805a7213a5499cb5fe01","sha1": "7afabca34c7963943eab1dc70a433231283cc8c5","sha256": "f18816d81835e27b700c2a03814a7478d8e5d7e4169d87a666b2b7e9f350fbe0","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseNth.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseNth.js","sha256": "f18816d81835e27b700c2a03814a7478d8e5d7e4169d87a666b2b7e9f350fbe0","sha1": "7afabca34c7963943eab1dc70a433231283cc8c5","md5": "d867679f9df2805a7213a5499cb5fe01"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseNth.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseNth.js","sha256": "f18816d81835e27b700c2a03814a7478d8e5d7e4169d87a666b2b7e9f350fbe0","sha1": "7afabca34c7963943eab1dc70a433231283cc8c5","md5": "d867679f9df2805a7213a5499cb5fe01"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseNth.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseNth.js","sha256": "f18816d81835e27b700c2a03814a7478d8e5d7e4169d87a666b2b7e9f350fbe0","sha1": "7afabca34c7963943eab1dc70a433231283cc8c5","md5": "d867679f9df2805a7213a5499cb5fe01"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseOrderBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseOrderBy.js","md5": "4fbd9a8cb1ddc40e26818f33a4df2962","sha1": "60e9fa4d43223b0e0948a0bd13c1234ffcd29b48","sha256": "36b05eeea5d10c43aa3c0c68ea2e18f0a38c643e7ff07c8464086e1d65ba3e32","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseOrderBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseOrderBy.js","sha256": "36b05eeea5d10c43aa3c0c68ea2e18f0a38c643e7ff07c8464086e1d65ba3e32","sha1": "60e9fa4d43223b0e0948a0bd13c1234ffcd29b48","md5": "4fbd9a8cb1ddc40e26818f33a4df2962"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseOrderBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseOrderBy.js","sha256": "36b05eeea5d10c43aa3c0c68ea2e18f0a38c643e7ff07c8464086e1d65ba3e32","sha1": "60e9fa4d43223b0e0948a0bd13c1234ffcd29b48","md5": "4fbd9a8cb1ddc40e26818f33a4df2962"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseOrderBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseOrderBy.js","sha256": "36b05eeea5d10c43aa3c0c68ea2e18f0a38c643e7ff07c8464086e1d65ba3e32","sha1": "60e9fa4d43223b0e0948a0bd13c1234ffcd29b48","md5": "4fbd9a8cb1ddc40e26818f33a4df2962"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePick.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_basePick.js","md5": "bab148cedf89c0e2bf85e8f3f636e3ba","sha1": "1eb8ddfe3a55363b22404e9cfe3723a56c9715cf","sha256": "6ab2e82a534e80f3aef3bb6e83d1415e9c7529d0216a2c5734a42203520b737f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePick.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_basePick.js","sha256": "6ab2e82a534e80f3aef3bb6e83d1415e9c7529d0216a2c5734a42203520b737f","sha1": "1eb8ddfe3a55363b22404e9cfe3723a56c9715cf","md5": "bab148cedf89c0e2bf85e8f3f636e3ba"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePick.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_basePick.js","sha256": "6ab2e82a534e80f3aef3bb6e83d1415e9c7529d0216a2c5734a42203520b737f","sha1": "1eb8ddfe3a55363b22404e9cfe3723a56c9715cf","md5": "bab148cedf89c0e2bf85e8f3f636e3ba"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePick.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_basePick.js","sha256": "6ab2e82a534e80f3aef3bb6e83d1415e9c7529d0216a2c5734a42203520b737f","sha1": "1eb8ddfe3a55363b22404e9cfe3723a56c9715cf","md5": "bab148cedf89c0e2bf85e8f3f636e3ba"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePickBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_basePickBy.js","md5": "295775d911fa1893b6d5692e70a6c032","sha1": "2749eb539f38c35b694e6b8f74d20f5cdc37ca15","sha256": "83f341d6be6b36e1231682cdb914ba116beb9a60a0630895f56a95f5d563d2c2","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePickBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_basePickBy.js","sha256": "83f341d6be6b36e1231682cdb914ba116beb9a60a0630895f56a95f5d563d2c2","sha1": "2749eb539f38c35b694e6b8f74d20f5cdc37ca15","md5": "295775d911fa1893b6d5692e70a6c032"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePickBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_basePickBy.js","sha256": "83f341d6be6b36e1231682cdb914ba116beb9a60a0630895f56a95f5d563d2c2","sha1": "2749eb539f38c35b694e6b8f74d20f5cdc37ca15","md5": "295775d911fa1893b6d5692e70a6c032"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePickBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_basePickBy.js","sha256": "83f341d6be6b36e1231682cdb914ba116beb9a60a0630895f56a95f5d563d2c2","sha1": "2749eb539f38c35b694e6b8f74d20f5cdc37ca15","md5": "295775d911fa1893b6d5692e70a6c032"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseProperty.js","md5": "2c7afe7ea6bf3d325dc5c6444a3f9347","sha1": "31d8d961f7383f581a360947b0b752e95d35cd14","sha256": "9168de234c552d79a2fd00fdb8c49a4050b47e28fe89886cbbb57d4753ee3b3f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseProperty.js","sha256": "9168de234c552d79a2fd00fdb8c49a4050b47e28fe89886cbbb57d4753ee3b3f","sha1": "31d8d961f7383f581a360947b0b752e95d35cd14","md5": "2c7afe7ea6bf3d325dc5c6444a3f9347"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseProperty.js","sha256": "9168de234c552d79a2fd00fdb8c49a4050b47e28fe89886cbbb57d4753ee3b3f","sha1": "31d8d961f7383f581a360947b0b752e95d35cd14","md5": "2c7afe7ea6bf3d325dc5c6444a3f9347"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseProperty.js","sha256": "9168de234c552d79a2fd00fdb8c49a4050b47e28fe89886cbbb57d4753ee3b3f","sha1": "31d8d961f7383f581a360947b0b752e95d35cd14","md5": "2c7afe7ea6bf3d325dc5c6444a3f9347"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_basePropertyDeep.js","md5": "1a3e80fb7141e64267811a0eca982060","sha1": "b9329f5af409f1578f2fb9fd34ccbdf8cbe54070","sha256": "65fae1f40433d51cb6c8fbb6a41caf7febd1189ba2b1296af34bc7e4bafa22c2","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_basePropertyDeep.js","sha256": "65fae1f40433d51cb6c8fbb6a41caf7febd1189ba2b1296af34bc7e4bafa22c2","sha1": "b9329f5af409f1578f2fb9fd34ccbdf8cbe54070","md5": "1a3e80fb7141e64267811a0eca982060"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_basePropertyDeep.js","sha256": "65fae1f40433d51cb6c8fbb6a41caf7febd1189ba2b1296af34bc7e4bafa22c2","sha1": "b9329f5af409f1578f2fb9fd34ccbdf8cbe54070","md5": "1a3e80fb7141e64267811a0eca982060"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyDeep.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_basePropertyDeep.js","sha256": "65fae1f40433d51cb6c8fbb6a41caf7febd1189ba2b1296af34bc7e4bafa22c2","sha1": "b9329f5af409f1578f2fb9fd34ccbdf8cbe54070","md5": "1a3e80fb7141e64267811a0eca982060"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_basePropertyOf.js","md5": "8377ece3f8b729a6cf8c4be49956afb7","sha1": "33b60f71f3cbf5f26607a2b7356070f8f6953223","sha256": "c7eb2d3492b419cd85b585615e2b1618300891b13fb750e52ab473616e8e7efa","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_basePropertyOf.js","sha256": "c7eb2d3492b419cd85b585615e2b1618300891b13fb750e52ab473616e8e7efa","sha1": "33b60f71f3cbf5f26607a2b7356070f8f6953223","md5": "8377ece3f8b729a6cf8c4be49956afb7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_basePropertyOf.js","sha256": "c7eb2d3492b419cd85b585615e2b1618300891b13fb750e52ab473616e8e7efa","sha1": "33b60f71f3cbf5f26607a2b7356070f8f6953223","md5": "8377ece3f8b729a6cf8c4be49956afb7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePropertyOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_basePropertyOf.js","sha256": "c7eb2d3492b419cd85b585615e2b1618300891b13fb750e52ab473616e8e7efa","sha1": "33b60f71f3cbf5f26607a2b7356070f8f6953223","md5": "8377ece3f8b729a6cf8c4be49956afb7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAll.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_basePullAll.js","md5": "16806247283623c374b4f2a5cba838e2","sha1": "a140d4775d1ee69b9d6d434d5729f82b7e55bc8e","sha256": "bba30e5ff749bb138fb61863f96df81b4f086fa982e49ff30d395568d7a0c409","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAll.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_basePullAll.js","sha256": "bba30e5ff749bb138fb61863f96df81b4f086fa982e49ff30d395568d7a0c409","sha1": "a140d4775d1ee69b9d6d434d5729f82b7e55bc8e","md5": "16806247283623c374b4f2a5cba838e2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAll.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_basePullAll.js","sha256": "bba30e5ff749bb138fb61863f96df81b4f086fa982e49ff30d395568d7a0c409","sha1": "a140d4775d1ee69b9d6d434d5729f82b7e55bc8e","md5": "16806247283623c374b4f2a5cba838e2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAll.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_basePullAll.js","sha256": "bba30e5ff749bb138fb61863f96df81b4f086fa982e49ff30d395568d7a0c409","sha1": "a140d4775d1ee69b9d6d434d5729f82b7e55bc8e","md5": "16806247283623c374b4f2a5cba838e2"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_basePullAt.js","md5": "3600cafb76ab9c97dcc5f27fe40f3c8e","sha1": "7b291db76db38fc2850529f7e519f5a273dd1f5b","sha256": "4edd40dac0897bc73302f2104663d475b186f26ca6443997a34c80a19fb14a0c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_basePullAt.js","sha256": "4edd40dac0897bc73302f2104663d475b186f26ca6443997a34c80a19fb14a0c","sha1": "7b291db76db38fc2850529f7e519f5a273dd1f5b","md5": "3600cafb76ab9c97dcc5f27fe40f3c8e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_basePullAt.js","sha256": "4edd40dac0897bc73302f2104663d475b186f26ca6443997a34c80a19fb14a0c","sha1": "7b291db76db38fc2850529f7e519f5a273dd1f5b","md5": "3600cafb76ab9c97dcc5f27fe40f3c8e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _basePullAt.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_basePullAt.js","sha256": "4edd40dac0897bc73302f2104663d475b186f26ca6443997a34c80a19fb14a0c","sha1": "7b291db76db38fc2850529f7e519f5a273dd1f5b","md5": "3600cafb76ab9c97dcc5f27fe40f3c8e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRandom.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseRandom.js","md5": "6d6a60bdb7e381d0c1a34d56b41caae1","sha1": "86fe0bbec2bf3b242a8d861abd894f9281c2408a","sha256": "39bece02108b5787e902970ea62319b179a8982c3b41176a78b961201756713d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRandom.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseRandom.js","sha256": "39bece02108b5787e902970ea62319b179a8982c3b41176a78b961201756713d","sha1": "86fe0bbec2bf3b242a8d861abd894f9281c2408a","md5": "6d6a60bdb7e381d0c1a34d56b41caae1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRandom.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseRandom.js","sha256": "39bece02108b5787e902970ea62319b179a8982c3b41176a78b961201756713d","sha1": "86fe0bbec2bf3b242a8d861abd894f9281c2408a","md5": "6d6a60bdb7e381d0c1a34d56b41caae1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRandom.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseRandom.js","sha256": "39bece02108b5787e902970ea62319b179a8982c3b41176a78b961201756713d","sha1": "86fe0bbec2bf3b242a8d861abd894f9281c2408a","md5": "6d6a60bdb7e381d0c1a34d56b41caae1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseRange.js","md5": "09f2117cf80de80988550ba4f2851746","sha1": "8816c954f5f5c9c100a51ae5be416a4661e418ed","sha256": "134600a369e098c5f6a5892d2020ce6ad7c51da158b4fec85b80926edee48372","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseRange.js","sha256": "134600a369e098c5f6a5892d2020ce6ad7c51da158b4fec85b80926edee48372","sha1": "8816c954f5f5c9c100a51ae5be416a4661e418ed","md5": "09f2117cf80de80988550ba4f2851746"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseRange.js","sha256": "134600a369e098c5f6a5892d2020ce6ad7c51da158b4fec85b80926edee48372","sha1": "8816c954f5f5c9c100a51ae5be416a4661e418ed","md5": "09f2117cf80de80988550ba4f2851746"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseRange.js","sha256": "134600a369e098c5f6a5892d2020ce6ad7c51da158b4fec85b80926edee48372","sha1": "8816c954f5f5c9c100a51ae5be416a4661e418ed","md5": "09f2117cf80de80988550ba4f2851746"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseReduce.js","md5": "6544221866fc625ffc651b474ce8d598","sha1": "96e87d251b7bbf30707b39b529243e5d3a7f5c2f","sha256": "8df7676809cbc9424be921801554cb99a5cc31cbb7513d1e891ec986fe07106f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseReduce.js","sha256": "8df7676809cbc9424be921801554cb99a5cc31cbb7513d1e891ec986fe07106f","sha1": "96e87d251b7bbf30707b39b529243e5d3a7f5c2f","md5": "6544221866fc625ffc651b474ce8d598"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseReduce.js","sha256": "8df7676809cbc9424be921801554cb99a5cc31cbb7513d1e891ec986fe07106f","sha1": "96e87d251b7bbf30707b39b529243e5d3a7f5c2f","md5": "6544221866fc625ffc651b474ce8d598"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseReduce.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseReduce.js","sha256": "8df7676809cbc9424be921801554cb99a5cc31cbb7513d1e891ec986fe07106f","sha1": "96e87d251b7bbf30707b39b529243e5d3a7f5c2f","md5": "6544221866fc625ffc651b474ce8d598"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRepeat.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseRepeat.js","md5": "5fd77e960cb0da80a6eed6ffd1468185","sha1": "e5acd9c33e9026b8848de16db87d9ee1dfe293db","sha256": "81f68d89a4e906997ed62b210341999c6e2f61c4aaf6e1404e661a87ba79d61a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRepeat.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseRepeat.js","sha256": "81f68d89a4e906997ed62b210341999c6e2f61c4aaf6e1404e661a87ba79d61a","sha1": "e5acd9c33e9026b8848de16db87d9ee1dfe293db","md5": "5fd77e960cb0da80a6eed6ffd1468185"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRepeat.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseRepeat.js","sha256": "81f68d89a4e906997ed62b210341999c6e2f61c4aaf6e1404e661a87ba79d61a","sha1": "e5acd9c33e9026b8848de16db87d9ee1dfe293db","md5": "5fd77e960cb0da80a6eed6ffd1468185"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRepeat.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseRepeat.js","sha256": "81f68d89a4e906997ed62b210341999c6e2f61c4aaf6e1404e661a87ba79d61a","sha1": "e5acd9c33e9026b8848de16db87d9ee1dfe293db","md5": "5fd77e960cb0da80a6eed6ffd1468185"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseRest.js","md5": "1458f0c78cdd63a2dfe50b7b16b9c777","sha1": "e31a38bffa598aef97317e7b1970a212a4d44d00","sha256": "4945f6523dc4a6b9af9a470772863f5b0ab917c28d33b99530c736e0cf6e09ef","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseRest.js","sha256": "4945f6523dc4a6b9af9a470772863f5b0ab917c28d33b99530c736e0cf6e09ef","sha1": "e31a38bffa598aef97317e7b1970a212a4d44d00","md5": "1458f0c78cdd63a2dfe50b7b16b9c777"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseRest.js","sha256": "4945f6523dc4a6b9af9a470772863f5b0ab917c28d33b99530c736e0cf6e09ef","sha1": "e31a38bffa598aef97317e7b1970a212a4d44d00","md5": "1458f0c78cdd63a2dfe50b7b16b9c777"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseRest.js","sha256": "4945f6523dc4a6b9af9a470772863f5b0ab917c28d33b99530c736e0cf6e09ef","sha1": "e31a38bffa598aef97317e7b1970a212a4d44d00","md5": "1458f0c78cdd63a2dfe50b7b16b9c777"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSample.js","md5": "5fc8ce020703802e3bcc25cbe4430d74","sha1": "bf50189b8b304ff4bafec174b108a7fe25a6a003","sha256": "c34db7ce1be5d26a2d06eb8fcf4983e01187d71601030d4f142db9dc5e1b35da","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSample.js","sha256": "c34db7ce1be5d26a2d06eb8fcf4983e01187d71601030d4f142db9dc5e1b35da","sha1": "bf50189b8b304ff4bafec174b108a7fe25a6a003","md5": "5fc8ce020703802e3bcc25cbe4430d74"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSample.js","sha256": "c34db7ce1be5d26a2d06eb8fcf4983e01187d71601030d4f142db9dc5e1b35da","sha1": "bf50189b8b304ff4bafec174b108a7fe25a6a003","md5": "5fc8ce020703802e3bcc25cbe4430d74"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSample.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSample.js","sha256": "c34db7ce1be5d26a2d06eb8fcf4983e01187d71601030d4f142db9dc5e1b35da","sha1": "bf50189b8b304ff4bafec174b108a7fe25a6a003","md5": "5fc8ce020703802e3bcc25cbe4430d74"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSampleSize.js","md5": "d62b48319135ffc96a5dd3a7c865647a","sha1": "b05eb913d80f60e274e00632d5499319bd0204f2","sha256": "fddbed1714457a56bf4da3fddfeccbde039cae8cc06621b82ce2518b38625cee","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSampleSize.js","sha256": "fddbed1714457a56bf4da3fddfeccbde039cae8cc06621b82ce2518b38625cee","sha1": "b05eb913d80f60e274e00632d5499319bd0204f2","md5": "d62b48319135ffc96a5dd3a7c865647a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSampleSize.js","sha256": "fddbed1714457a56bf4da3fddfeccbde039cae8cc06621b82ce2518b38625cee","sha1": "b05eb913d80f60e274e00632d5499319bd0204f2","md5": "d62b48319135ffc96a5dd3a7c865647a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSampleSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSampleSize.js","sha256": "fddbed1714457a56bf4da3fddfeccbde039cae8cc06621b82ce2518b38625cee","sha1": "b05eb913d80f60e274e00632d5499319bd0204f2","md5": "d62b48319135ffc96a5dd3a7c865647a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSet.js","md5": "0dfb32fd6d118bfc3d3d9db017ac4a05","sha1": "a1300000c1947b2a68f6a94bfce5c81065ae8961","sha256": "a07beb6817764c5f7e3e7a345c8218238e93c895ce80f2b822663441d832e4ef","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSet.js","sha256": "a07beb6817764c5f7e3e7a345c8218238e93c895ce80f2b822663441d832e4ef","sha1": "a1300000c1947b2a68f6a94bfce5c81065ae8961","md5": "0dfb32fd6d118bfc3d3d9db017ac4a05"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSet.js","sha256": "a07beb6817764c5f7e3e7a345c8218238e93c895ce80f2b822663441d832e4ef","sha1": "a1300000c1947b2a68f6a94bfce5c81065ae8961","md5": "0dfb32fd6d118bfc3d3d9db017ac4a05"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSet.js","sha256": "a07beb6817764c5f7e3e7a345c8218238e93c895ce80f2b822663441d832e4ef","sha1": "a1300000c1947b2a68f6a94bfce5c81065ae8961","md5": "0dfb32fd6d118bfc3d3d9db017ac4a05"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSetData.js","md5": "14c3f7e30daa444e6e3375770efb254b","sha1": "fa3ddde4d03be0d225fb7e96d1b5f86f0e321453","sha256": "b2a2251c265920e355cf5542ac81d3535947c87db99fb329eb9addfee85515b4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSetData.js","sha256": "b2a2251c265920e355cf5542ac81d3535947c87db99fb329eb9addfee85515b4","sha1": "fa3ddde4d03be0d225fb7e96d1b5f86f0e321453","md5": "14c3f7e30daa444e6e3375770efb254b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSetData.js","sha256": "b2a2251c265920e355cf5542ac81d3535947c87db99fb329eb9addfee85515b4","sha1": "fa3ddde4d03be0d225fb7e96d1b5f86f0e321453","md5": "14c3f7e30daa444e6e3375770efb254b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSetData.js","sha256": "b2a2251c265920e355cf5542ac81d3535947c87db99fb329eb9addfee85515b4","sha1": "fa3ddde4d03be0d225fb7e96d1b5f86f0e321453","md5": "14c3f7e30daa444e6e3375770efb254b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSetToString.js","md5": "a9984db5890afd943fdc0afccfcf9093","sha1": "4fa840e62be63264b265b19fff3dbad4540a376b","sha256": "88bc4bdb5f6ccfd8823ab3c9cfcd9ae4c52ac62c9e9c3c8d8d34323f838b42ea","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSetToString.js","sha256": "88bc4bdb5f6ccfd8823ab3c9cfcd9ae4c52ac62c9e9c3c8d8d34323f838b42ea","sha1": "4fa840e62be63264b265b19fff3dbad4540a376b","md5": "a9984db5890afd943fdc0afccfcf9093"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSetToString.js","sha256": "88bc4bdb5f6ccfd8823ab3c9cfcd9ae4c52ac62c9e9c3c8d8d34323f838b42ea","sha1": "4fa840e62be63264b265b19fff3dbad4540a376b","md5": "a9984db5890afd943fdc0afccfcf9093"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSetToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSetToString.js","sha256": "88bc4bdb5f6ccfd8823ab3c9cfcd9ae4c52ac62c9e9c3c8d8d34323f838b42ea","sha1": "4fa840e62be63264b265b19fff3dbad4540a376b","md5": "a9984db5890afd943fdc0afccfcf9093"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseShuffle.js","md5": "3267e5b52be5e2c3bc30dcbdd3fea29a","sha1": "62b58e90df1ca7ee5d44cd923fd531f1964f37a7","sha256": "47152f92f55df85e1723b4748cc995a727450efa4e13d773573b711ad3677bf9","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseShuffle.js","sha256": "47152f92f55df85e1723b4748cc995a727450efa4e13d773573b711ad3677bf9","sha1": "62b58e90df1ca7ee5d44cd923fd531f1964f37a7","md5": "3267e5b52be5e2c3bc30dcbdd3fea29a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseShuffle.js","sha256": "47152f92f55df85e1723b4748cc995a727450efa4e13d773573b711ad3677bf9","sha1": "62b58e90df1ca7ee5d44cd923fd531f1964f37a7","md5": "3267e5b52be5e2c3bc30dcbdd3fea29a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseShuffle.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseShuffle.js","sha256": "47152f92f55df85e1723b4748cc995a727450efa4e13d773573b711ad3677bf9","sha1": "62b58e90df1ca7ee5d44cd923fd531f1964f37a7","md5": "3267e5b52be5e2c3bc30dcbdd3fea29a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSlice.js","md5": "e2bdc872cf1dc17694cdb300a31c1bbb","sha1": "959756556fea236343ff752adb6b869bcac82e4b","sha256": "5df69d6963ecb7c6319a26005341dcae0d94daf86b822be3cfb4cc29cd3f029d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSlice.js","sha256": "5df69d6963ecb7c6319a26005341dcae0d94daf86b822be3cfb4cc29cd3f029d","sha1": "959756556fea236343ff752adb6b869bcac82e4b","md5": "e2bdc872cf1dc17694cdb300a31c1bbb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSlice.js","sha256": "5df69d6963ecb7c6319a26005341dcae0d94daf86b822be3cfb4cc29cd3f029d","sha1": "959756556fea236343ff752adb6b869bcac82e4b","md5": "e2bdc872cf1dc17694cdb300a31c1bbb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSlice.js","sha256": "5df69d6963ecb7c6319a26005341dcae0d94daf86b822be3cfb4cc29cd3f029d","sha1": "959756556fea236343ff752adb6b869bcac82e4b","md5": "e2bdc872cf1dc17694cdb300a31c1bbb"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSome.js","md5": "7fd58eead1fc6be368fa2d505970b003","sha1": "4be43bfa949a8292f8f780eeeb83bb5da00f58b7","sha256": "fdfc7ec17738f062aef67828fc6ed1ac933c194471214924eb4fa7df2657b5d3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSome.js","sha256": "fdfc7ec17738f062aef67828fc6ed1ac933c194471214924eb4fa7df2657b5d3","sha1": "4be43bfa949a8292f8f780eeeb83bb5da00f58b7","md5": "7fd58eead1fc6be368fa2d505970b003"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSome.js","sha256": "fdfc7ec17738f062aef67828fc6ed1ac933c194471214924eb4fa7df2657b5d3","sha1": "4be43bfa949a8292f8f780eeeb83bb5da00f58b7","md5": "7fd58eead1fc6be368fa2d505970b003"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSome.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSome.js","sha256": "fdfc7ec17738f062aef67828fc6ed1ac933c194471214924eb4fa7df2657b5d3","sha1": "4be43bfa949a8292f8f780eeeb83bb5da00f58b7","md5": "7fd58eead1fc6be368fa2d505970b003"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSortBy.js","md5": "e2b9dbe227488505c0a18e0360dfd19c","sha1": "77483347d5381f336bed3174c5b301f40dfc7a24","sha256": "5cb138975dd23c1edee76417b442a011776310ba98e7bfc0192dafa18c4687ce","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSortBy.js","sha256": "5cb138975dd23c1edee76417b442a011776310ba98e7bfc0192dafa18c4687ce","sha1": "77483347d5381f336bed3174c5b301f40dfc7a24","md5": "e2b9dbe227488505c0a18e0360dfd19c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSortBy.js","sha256": "5cb138975dd23c1edee76417b442a011776310ba98e7bfc0192dafa18c4687ce","sha1": "77483347d5381f336bed3174c5b301f40dfc7a24","md5": "e2b9dbe227488505c0a18e0360dfd19c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSortBy.js","sha256": "5cb138975dd23c1edee76417b442a011776310ba98e7bfc0192dafa18c4687ce","sha1": "77483347d5381f336bed3174c5b301f40dfc7a24","md5": "e2b9dbe227488505c0a18e0360dfd19c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSortedIndex.js","md5": "84afbf7241a1fd72a6036551e1020cb1","sha1": "6a353c6feb19a86665f9ea37ae0ff7f5ff5a1d9b","sha256": "ae9ad3a007da156f796188f9745c226fe98006204ae29a797ba7c3ccff35cb08","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSortedIndex.js","sha256": "ae9ad3a007da156f796188f9745c226fe98006204ae29a797ba7c3ccff35cb08","sha1": "6a353c6feb19a86665f9ea37ae0ff7f5ff5a1d9b","md5": "84afbf7241a1fd72a6036551e1020cb1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSortedIndex.js","sha256": "ae9ad3a007da156f796188f9745c226fe98006204ae29a797ba7c3ccff35cb08","sha1": "6a353c6feb19a86665f9ea37ae0ff7f5ff5a1d9b","md5": "84afbf7241a1fd72a6036551e1020cb1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSortedIndex.js","sha256": "ae9ad3a007da156f796188f9745c226fe98006204ae29a797ba7c3ccff35cb08","sha1": "6a353c6feb19a86665f9ea37ae0ff7f5ff5a1d9b","md5": "84afbf7241a1fd72a6036551e1020cb1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndexBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSortedIndexBy.js","md5": "7071dfd42c2cc048d0264b3f87260090","sha1": "715d82780c566576483359be4984144223a14e8c","sha256": "6eb38e6a9462189bbe19f507f67d0035d55e3f0fd034e8aa3ddafb7119ec0333","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndexBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSortedIndexBy.js","sha256": "6eb38e6a9462189bbe19f507f67d0035d55e3f0fd034e8aa3ddafb7119ec0333","sha1": "715d82780c566576483359be4984144223a14e8c","md5": "7071dfd42c2cc048d0264b3f87260090"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndexBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSortedIndexBy.js","sha256": "6eb38e6a9462189bbe19f507f67d0035d55e3f0fd034e8aa3ddafb7119ec0333","sha1": "715d82780c566576483359be4984144223a14e8c","md5": "7071dfd42c2cc048d0264b3f87260090"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedIndexBy.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSortedIndexBy.js","sha256": "6eb38e6a9462189bbe19f507f67d0035d55e3f0fd034e8aa3ddafb7119ec0333","sha1": "715d82780c566576483359be4984144223a14e8c","md5": "7071dfd42c2cc048d0264b3f87260090"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSortedUniq.js","md5": "c02e43aecc98ae4952843eb30fd31a42","sha1": "c2ad97df99636c7977b6374e44cb61dedd64aece","sha256": "5009c2932320106ac433b7567e2e35e6b502f973dafa4d7ed93b457fb0f63edb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSortedUniq.js","sha256": "5009c2932320106ac433b7567e2e35e6b502f973dafa4d7ed93b457fb0f63edb","sha1": "c2ad97df99636c7977b6374e44cb61dedd64aece","md5": "c02e43aecc98ae4952843eb30fd31a42"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSortedUniq.js","sha256": "5009c2932320106ac433b7567e2e35e6b502f973dafa4d7ed93b457fb0f63edb","sha1": "c2ad97df99636c7977b6374e44cb61dedd64aece","md5": "c02e43aecc98ae4952843eb30fd31a42"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSortedUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSortedUniq.js","sha256": "5009c2932320106ac433b7567e2e35e6b502f973dafa4d7ed93b457fb0f63edb","sha1": "c2ad97df99636c7977b6374e44cb61dedd64aece","md5": "c02e43aecc98ae4952843eb30fd31a42"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseSum.js","md5": "2c1f31cf251ebe54107cf22dcbacd6b5","sha1": "e96a801668916a3027558a8795a4957e11c791f1","sha256": "7f39b622a6b544cc9619752799b2db854d67c0b77a3f34a9162fa69ffc9228b8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseSum.js","sha256": "7f39b622a6b544cc9619752799b2db854d67c0b77a3f34a9162fa69ffc9228b8","sha1": "e96a801668916a3027558a8795a4957e11c791f1","md5": "2c1f31cf251ebe54107cf22dcbacd6b5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseSum.js","sha256": "7f39b622a6b544cc9619752799b2db854d67c0b77a3f34a9162fa69ffc9228b8","sha1": "e96a801668916a3027558a8795a4957e11c791f1","md5": "2c1f31cf251ebe54107cf22dcbacd6b5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseSum.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseSum.js","sha256": "7f39b622a6b544cc9619752799b2db854d67c0b77a3f34a9162fa69ffc9228b8","sha1": "e96a801668916a3027558a8795a4957e11c791f1","md5": "2c1f31cf251ebe54107cf22dcbacd6b5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTimes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseTimes.js","md5": "dc3763002a7a61582bff4038218715c5","sha1": "7f3edc2bfd65d843b592ff123759c9d616ce3a64","sha256": "bd054701039e1090817e5d8f6fb4871966cd3abdc2c283efd98a0c1683707886","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTimes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseTimes.js","sha256": "bd054701039e1090817e5d8f6fb4871966cd3abdc2c283efd98a0c1683707886","sha1": "7f3edc2bfd65d843b592ff123759c9d616ce3a64","md5": "dc3763002a7a61582bff4038218715c5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTimes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseTimes.js","sha256": "bd054701039e1090817e5d8f6fb4871966cd3abdc2c283efd98a0c1683707886","sha1": "7f3edc2bfd65d843b592ff123759c9d616ce3a64","md5": "dc3763002a7a61582bff4038218715c5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTimes.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseTimes.js","sha256": "bd054701039e1090817e5d8f6fb4871966cd3abdc2c283efd98a0c1683707886","sha1": "7f3edc2bfd65d843b592ff123759c9d616ce3a64","md5": "dc3763002a7a61582bff4038218715c5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToNumber.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseToNumber.js","md5": "50aa9230f6c0eb42eed7e92d33a0f7e8","sha1": "1d6f1a52fdbddf557ef5d870c3ad6fecb7089af9","sha256": "48470af278354e767e87281c02e5f7792a99281d1345885d3e282dae0322c5c6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToNumber.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseToNumber.js","sha256": "48470af278354e767e87281c02e5f7792a99281d1345885d3e282dae0322c5c6","sha1": "1d6f1a52fdbddf557ef5d870c3ad6fecb7089af9","md5": "50aa9230f6c0eb42eed7e92d33a0f7e8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToNumber.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseToNumber.js","sha256": "48470af278354e767e87281c02e5f7792a99281d1345885d3e282dae0322c5c6","sha1": "1d6f1a52fdbddf557ef5d870c3ad6fecb7089af9","md5": "50aa9230f6c0eb42eed7e92d33a0f7e8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToNumber.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseToNumber.js","sha256": "48470af278354e767e87281c02e5f7792a99281d1345885d3e282dae0322c5c6","sha1": "1d6f1a52fdbddf557ef5d870c3ad6fecb7089af9","md5": "50aa9230f6c0eb42eed7e92d33a0f7e8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseToPairs.js","md5": "b73abf74d52c3635139845be7c269ab7","sha1": "d6ad1c204c16fee82d17a5b4febca922a78cda47","sha256": "78bc3c33291a79f9a06be05c51b8cadbcb4d843d390a0e56dac402f9212c9a22","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseToPairs.js","sha256": "78bc3c33291a79f9a06be05c51b8cadbcb4d843d390a0e56dac402f9212c9a22","sha1": "d6ad1c204c16fee82d17a5b4febca922a78cda47","md5": "b73abf74d52c3635139845be7c269ab7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseToPairs.js","sha256": "78bc3c33291a79f9a06be05c51b8cadbcb4d843d390a0e56dac402f9212c9a22","sha1": "d6ad1c204c16fee82d17a5b4febca922a78cda47","md5": "b73abf74d52c3635139845be7c269ab7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseToPairs.js","sha256": "78bc3c33291a79f9a06be05c51b8cadbcb4d843d390a0e56dac402f9212c9a22","sha1": "d6ad1c204c16fee82d17a5b4febca922a78cda47","md5": "b73abf74d52c3635139845be7c269ab7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseToString.js","md5": "4bef09e874a5ecf61bedbf8e637d41ed","sha1": "f2a75bd83872d649b56a1c0fe7b785ee13ac3cf5","sha256": "02703516b1d594c96987c84f7d016411d0ed7825bec23280fb974e86db178fc8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseToString.js","sha256": "02703516b1d594c96987c84f7d016411d0ed7825bec23280fb974e86db178fc8","sha1": "f2a75bd83872d649b56a1c0fe7b785ee13ac3cf5","md5": "4bef09e874a5ecf61bedbf8e637d41ed"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseToString.js","sha256": "02703516b1d594c96987c84f7d016411d0ed7825bec23280fb974e86db178fc8","sha1": "f2a75bd83872d649b56a1c0fe7b785ee13ac3cf5","md5": "4bef09e874a5ecf61bedbf8e637d41ed"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseToString.js","sha256": "02703516b1d594c96987c84f7d016411d0ed7825bec23280fb974e86db178fc8","sha1": "f2a75bd83872d649b56a1c0fe7b785ee13ac3cf5","md5": "4bef09e874a5ecf61bedbf8e637d41ed"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTrim.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseTrim.js","md5": "6a3f0ff2e91d0a156af6a500a412ab68","sha1": "f092653ffbdbdee10c589e682bc9eac2d91d14cc","sha256": "8aa33808ed188e825125d8fb0abaf638b5eacc4e312ea068e2d05cc37321b52b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTrim.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseTrim.js","sha256": "8aa33808ed188e825125d8fb0abaf638b5eacc4e312ea068e2d05cc37321b52b","sha1": "f092653ffbdbdee10c589e682bc9eac2d91d14cc","md5": "6a3f0ff2e91d0a156af6a500a412ab68"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTrim.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseTrim.js","sha256": "8aa33808ed188e825125d8fb0abaf638b5eacc4e312ea068e2d05cc37321b52b","sha1": "f092653ffbdbdee10c589e682bc9eac2d91d14cc","md5": "6a3f0ff2e91d0a156af6a500a412ab68"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseTrim.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseTrim.js","sha256": "8aa33808ed188e825125d8fb0abaf638b5eacc4e312ea068e2d05cc37321b52b","sha1": "f092653ffbdbdee10c589e682bc9eac2d91d14cc","md5": "6a3f0ff2e91d0a156af6a500a412ab68"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnary.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseUnary.js","md5": "feb78ff096f781e3a15b68b06d7b185e","sha1": "5dbba7edab4fb0d361906358fa2d49dc35c1e603","sha256": "70c60c7f965c08178b59b2bd4d0988ea73a9c52522f53390d108b3c5f7ffa188","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnary.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseUnary.js","sha256": "70c60c7f965c08178b59b2bd4d0988ea73a9c52522f53390d108b3c5f7ffa188","sha1": "5dbba7edab4fb0d361906358fa2d49dc35c1e603","md5": "feb78ff096f781e3a15b68b06d7b185e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnary.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseUnary.js","sha256": "70c60c7f965c08178b59b2bd4d0988ea73a9c52522f53390d108b3c5f7ffa188","sha1": "5dbba7edab4fb0d361906358fa2d49dc35c1e603","md5": "feb78ff096f781e3a15b68b06d7b185e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnary.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseUnary.js","sha256": "70c60c7f965c08178b59b2bd4d0988ea73a9c52522f53390d108b3c5f7ffa188","sha1": "5dbba7edab4fb0d361906358fa2d49dc35c1e603","md5": "feb78ff096f781e3a15b68b06d7b185e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseUniq.js","md5": "9829c6eaf154df05b44c44c59eb67390","sha1": "ae7942f5facf5430171081eb0d2ee341f69c9fd2","sha256": "0441219faeeb60c196f99f8258a92b48bf87189d4cb04379d51dcecb003ffa18","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseUniq.js","sha256": "0441219faeeb60c196f99f8258a92b48bf87189d4cb04379d51dcecb003ffa18","sha1": "ae7942f5facf5430171081eb0d2ee341f69c9fd2","md5": "9829c6eaf154df05b44c44c59eb67390"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseUniq.js","sha256": "0441219faeeb60c196f99f8258a92b48bf87189d4cb04379d51dcecb003ffa18","sha1": "ae7942f5facf5430171081eb0d2ee341f69c9fd2","md5": "9829c6eaf154df05b44c44c59eb67390"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUniq.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseUniq.js","sha256": "0441219faeeb60c196f99f8258a92b48bf87189d4cb04379d51dcecb003ffa18","sha1": "ae7942f5facf5430171081eb0d2ee341f69c9fd2","md5": "9829c6eaf154df05b44c44c59eb67390"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnset.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseUnset.js","md5": "04b293e23202bd78ac594399d81880fc","sha1": "d9a16888d3995c743789eb2003d8d5c438f00ca5","sha256": "b246cdf2a6d701349ee331fcaf6db235def81702abaccb3193da2d91e560eccc","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnset.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseUnset.js","sha256": "b246cdf2a6d701349ee331fcaf6db235def81702abaccb3193da2d91e560eccc","sha1": "d9a16888d3995c743789eb2003d8d5c438f00ca5","md5": "04b293e23202bd78ac594399d81880fc"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnset.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseUnset.js","sha256": "b246cdf2a6d701349ee331fcaf6db235def81702abaccb3193da2d91e560eccc","sha1": "d9a16888d3995c743789eb2003d8d5c438f00ca5","md5": "04b293e23202bd78ac594399d81880fc"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUnset.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseUnset.js","sha256": "b246cdf2a6d701349ee331fcaf6db235def81702abaccb3193da2d91e560eccc","sha1": "d9a16888d3995c743789eb2003d8d5c438f00ca5","md5": "04b293e23202bd78ac594399d81880fc"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUpdate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseUpdate.js","md5": "218c5afa97285e1ae2834bc349242d5d","sha1": "12682de8a3a7f8d6e89f4872bbc2bf1c2b66f8b0","sha256": "66de044bd9356189a3d9e438748585dd0b4a7e4120448ac6f6cd898a21b068f5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUpdate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseUpdate.js","sha256": "66de044bd9356189a3d9e438748585dd0b4a7e4120448ac6f6cd898a21b068f5","sha1": "12682de8a3a7f8d6e89f4872bbc2bf1c2b66f8b0","md5": "218c5afa97285e1ae2834bc349242d5d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUpdate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseUpdate.js","sha256": "66de044bd9356189a3d9e438748585dd0b4a7e4120448ac6f6cd898a21b068f5","sha1": "12682de8a3a7f8d6e89f4872bbc2bf1c2b66f8b0","md5": "218c5afa97285e1ae2834bc349242d5d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseUpdate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseUpdate.js","sha256": "66de044bd9356189a3d9e438748585dd0b4a7e4120448ac6f6cd898a21b068f5","sha1": "12682de8a3a7f8d6e89f4872bbc2bf1c2b66f8b0","md5": "218c5afa97285e1ae2834bc349242d5d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseValues.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseValues.js","md5": "8529c2e0ac9dfd0cc5b0de2b759d9d60","sha1": "a8cfeda4f95c958cb46ac71f77a631e57617c1f7","sha256": "979a132abe06044e924d9d857f974bdd1be4107d390ef8ba31640e0917b7f9ce","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseValues.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseValues.js","sha256": "979a132abe06044e924d9d857f974bdd1be4107d390ef8ba31640e0917b7f9ce","sha1": "a8cfeda4f95c958cb46ac71f77a631e57617c1f7","md5": "8529c2e0ac9dfd0cc5b0de2b759d9d60"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseValues.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseValues.js","sha256": "979a132abe06044e924d9d857f974bdd1be4107d390ef8ba31640e0917b7f9ce","sha1": "a8cfeda4f95c958cb46ac71f77a631e57617c1f7","md5": "8529c2e0ac9dfd0cc5b0de2b759d9d60"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseValues.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseValues.js","sha256": "979a132abe06044e924d9d857f974bdd1be4107d390ef8ba31640e0917b7f9ce","sha1": "a8cfeda4f95c958cb46ac71f77a631e57617c1f7","md5": "8529c2e0ac9dfd0cc5b0de2b759d9d60"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWhile.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseWhile.js","md5": "2a34629231c9bbd2ee9a085ad958272b","sha1": "4fb4c4f09282c0e560a1bb289caaac7d58d64a10","sha256": "8d25d09663040086d16864b180ed9b04fa02c0d19b6a0d9ff97cd49a8d8be818","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWhile.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseWhile.js","sha256": "8d25d09663040086d16864b180ed9b04fa02c0d19b6a0d9ff97cd49a8d8be818","sha1": "4fb4c4f09282c0e560a1bb289caaac7d58d64a10","md5": "2a34629231c9bbd2ee9a085ad958272b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWhile.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseWhile.js","sha256": "8d25d09663040086d16864b180ed9b04fa02c0d19b6a0d9ff97cd49a8d8be818","sha1": "4fb4c4f09282c0e560a1bb289caaac7d58d64a10","md5": "2a34629231c9bbd2ee9a085ad958272b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWhile.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseWhile.js","sha256": "8d25d09663040086d16864b180ed9b04fa02c0d19b6a0d9ff97cd49a8d8be818","sha1": "4fb4c4f09282c0e560a1bb289caaac7d58d64a10","md5": "2a34629231c9bbd2ee9a085ad958272b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWrapperValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseWrapperValue.js","md5": "543821d689889165d50a020c41b2ffb4","sha1": "1b1d0a42b03e95693fc88d6a24e4a3473d15392c","sha256": "bf1e26e0b6474f3ad67e1145fea232b3e5436a069947bc46a199222ad56b3a61","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWrapperValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseWrapperValue.js","sha256": "bf1e26e0b6474f3ad67e1145fea232b3e5436a069947bc46a199222ad56b3a61","sha1": "1b1d0a42b03e95693fc88d6a24e4a3473d15392c","md5": "543821d689889165d50a020c41b2ffb4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWrapperValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseWrapperValue.js","sha256": "bf1e26e0b6474f3ad67e1145fea232b3e5436a069947bc46a199222ad56b3a61","sha1": "1b1d0a42b03e95693fc88d6a24e4a3473d15392c","md5": "543821d689889165d50a020c41b2ffb4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseWrapperValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseWrapperValue.js","sha256": "bf1e26e0b6474f3ad67e1145fea232b3e5436a069947bc46a199222ad56b3a61","sha1": "1b1d0a42b03e95693fc88d6a24e4a3473d15392c","md5": "543821d689889165d50a020c41b2ffb4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseXor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseXor.js","md5": "05b92b1205fcb4bcfa5b6c5332a79bc3","sha1": "0077b838e654fac3f5ebcc99ab1dafbd158e4e71","sha256": "671b23dd36dbd57a7c18d9efef2627def32173a0446cc689bc8726115a65bfbf","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseXor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseXor.js","sha256": "671b23dd36dbd57a7c18d9efef2627def32173a0446cc689bc8726115a65bfbf","sha1": "0077b838e654fac3f5ebcc99ab1dafbd158e4e71","md5": "05b92b1205fcb4bcfa5b6c5332a79bc3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseXor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseXor.js","sha256": "671b23dd36dbd57a7c18d9efef2627def32173a0446cc689bc8726115a65bfbf","sha1": "0077b838e654fac3f5ebcc99ab1dafbd158e4e71","md5": "05b92b1205fcb4bcfa5b6c5332a79bc3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseXor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseXor.js","sha256": "671b23dd36dbd57a7c18d9efef2627def32173a0446cc689bc8726115a65bfbf","sha1": "0077b838e654fac3f5ebcc99ab1dafbd158e4e71","md5": "05b92b1205fcb4bcfa5b6c5332a79bc3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseZipObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_baseZipObject.js","md5": "9c2bb1cd9e749908a1d4248b86d94062","sha1": "7995093c8f43666bf1f2dc15cc1d752dacc55e35","sha256": "61731c67cde5f3cc5998335e8436968e3e09ec196e9d9ab4f1aa083d9a8ca947","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseZipObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_baseZipObject.js","sha256": "61731c67cde5f3cc5998335e8436968e3e09ec196e9d9ab4f1aa083d9a8ca947","sha1": "7995093c8f43666bf1f2dc15cc1d752dacc55e35","md5": "9c2bb1cd9e749908a1d4248b86d94062"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseZipObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_baseZipObject.js","sha256": "61731c67cde5f3cc5998335e8436968e3e09ec196e9d9ab4f1aa083d9a8ca947","sha1": "7995093c8f43666bf1f2dc15cc1d752dacc55e35","md5": "9c2bb1cd9e749908a1d4248b86d94062"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _baseZipObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_baseZipObject.js","sha256": "61731c67cde5f3cc5998335e8436968e3e09ec196e9d9ab4f1aa083d9a8ca947","sha1": "7995093c8f43666bf1f2dc15cc1d752dacc55e35","md5": "9c2bb1cd9e749908a1d4248b86d94062"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cacheHas.js","md5": "acb765ee27ed7db33b1c3bf24dc1737d","sha1": "d676b44402e7e4ff04011e54a086f7efe819ef81","sha256": "cf025a5fb7e480701d61e4ed60ed869fa835e0d0aed126daf0c62ba9b4d348ae","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cacheHas.js","sha256": "cf025a5fb7e480701d61e4ed60ed869fa835e0d0aed126daf0c62ba9b4d348ae","sha1": "d676b44402e7e4ff04011e54a086f7efe819ef81","md5": "acb765ee27ed7db33b1c3bf24dc1737d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cacheHas.js","sha256": "cf025a5fb7e480701d61e4ed60ed869fa835e0d0aed126daf0c62ba9b4d348ae","sha1": "d676b44402e7e4ff04011e54a086f7efe819ef81","md5": "acb765ee27ed7db33b1c3bf24dc1737d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cacheHas.js","sha256": "cf025a5fb7e480701d61e4ed60ed869fa835e0d0aed126daf0c62ba9b4d348ae","sha1": "d676b44402e7e4ff04011e54a086f7efe819ef81","md5": "acb765ee27ed7db33b1c3bf24dc1737d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castArrayLikeObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_castArrayLikeObject.js","md5": "e3974a7b1ec27e97db530e1cd0902d15","sha1": "0a049ad2b5e466bb2173738787645d6aa97b9e03","sha256": "3a6f533812e836bb88bf2a656ca51860fa0af543461d97c135814c01652f7bb6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castArrayLikeObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_castArrayLikeObject.js","sha256": "3a6f533812e836bb88bf2a656ca51860fa0af543461d97c135814c01652f7bb6","sha1": "0a049ad2b5e466bb2173738787645d6aa97b9e03","md5": "e3974a7b1ec27e97db530e1cd0902d15"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castArrayLikeObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_castArrayLikeObject.js","sha256": "3a6f533812e836bb88bf2a656ca51860fa0af543461d97c135814c01652f7bb6","sha1": "0a049ad2b5e466bb2173738787645d6aa97b9e03","md5": "e3974a7b1ec27e97db530e1cd0902d15"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castArrayLikeObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_castArrayLikeObject.js","sha256": "3a6f533812e836bb88bf2a656ca51860fa0af543461d97c135814c01652f7bb6","sha1": "0a049ad2b5e466bb2173738787645d6aa97b9e03","md5": "e3974a7b1ec27e97db530e1cd0902d15"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castFunction.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_castFunction.js","md5": "20863aaf7c1fb665a5da84f30de8b660","sha1": "af88042305fb1cc58dde3bca997c206dd0359bf7","sha256": "d7b164a9bfc94ce4df4c26d318fbec98320fc8c26a0d9dabd011efde368048f1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castFunction.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_castFunction.js","sha256": "d7b164a9bfc94ce4df4c26d318fbec98320fc8c26a0d9dabd011efde368048f1","sha1": "af88042305fb1cc58dde3bca997c206dd0359bf7","md5": "20863aaf7c1fb665a5da84f30de8b660"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castFunction.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_castFunction.js","sha256": "d7b164a9bfc94ce4df4c26d318fbec98320fc8c26a0d9dabd011efde368048f1","sha1": "af88042305fb1cc58dde3bca997c206dd0359bf7","md5": "20863aaf7c1fb665a5da84f30de8b660"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castFunction.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_castFunction.js","sha256": "d7b164a9bfc94ce4df4c26d318fbec98320fc8c26a0d9dabd011efde368048f1","sha1": "af88042305fb1cc58dde3bca997c206dd0359bf7","md5": "20863aaf7c1fb665a5da84f30de8b660"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_castPath.js","md5": "64c4755d6783fd856577a35360d903c6","sha1": "a7a03888171be1aa22a92d12b9a02b8c8798375c","sha256": "1a0281926af5b014526f5c9def6a891e090adba86afff99fcc3a08184b90f023","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_castPath.js","sha256": "1a0281926af5b014526f5c9def6a891e090adba86afff99fcc3a08184b90f023","sha1": "a7a03888171be1aa22a92d12b9a02b8c8798375c","md5": "64c4755d6783fd856577a35360d903c6"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_castPath.js","sha256": "1a0281926af5b014526f5c9def6a891e090adba86afff99fcc3a08184b90f023","sha1": "a7a03888171be1aa22a92d12b9a02b8c8798375c","md5": "64c4755d6783fd856577a35360d903c6"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_castPath.js","sha256": "1a0281926af5b014526f5c9def6a891e090adba86afff99fcc3a08184b90f023","sha1": "a7a03888171be1aa22a92d12b9a02b8c8798375c","md5": "64c4755d6783fd856577a35360d903c6"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_castRest.js","md5": "0ad93e0759cd75297096c2f8023e2a57","sha1": "82020a1342ba8656765ac9141410d1af2b7730f0","sha256": "7d5dab849a479da5624b1b3fe9cd372f2bcf8c6cb17e5b8ec8c71bf0c50f4d02","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_castRest.js","sha256": "7d5dab849a479da5624b1b3fe9cd372f2bcf8c6cb17e5b8ec8c71bf0c50f4d02","sha1": "82020a1342ba8656765ac9141410d1af2b7730f0","md5": "0ad93e0759cd75297096c2f8023e2a57"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_castRest.js","sha256": "7d5dab849a479da5624b1b3fe9cd372f2bcf8c6cb17e5b8ec8c71bf0c50f4d02","sha1": "82020a1342ba8656765ac9141410d1af2b7730f0","md5": "0ad93e0759cd75297096c2f8023e2a57"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_castRest.js","sha256": "7d5dab849a479da5624b1b3fe9cd372f2bcf8c6cb17e5b8ec8c71bf0c50f4d02","sha1": "82020a1342ba8656765ac9141410d1af2b7730f0","md5": "0ad93e0759cd75297096c2f8023e2a57"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_castSlice.js","md5": "74a774d2c04a6425e843b0d59553eeb3","sha1": "9b963fc73a75bdb6cde5c38b2ab1fac07835a800","sha256": "b5397cf5ac2791636e00a380ce3d3c591b0de0aa45bc4cd0942a378c92218e71","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_castSlice.js","sha256": "b5397cf5ac2791636e00a380ce3d3c591b0de0aa45bc4cd0942a378c92218e71","sha1": "9b963fc73a75bdb6cde5c38b2ab1fac07835a800","md5": "74a774d2c04a6425e843b0d59553eeb3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_castSlice.js","sha256": "b5397cf5ac2791636e00a380ce3d3c591b0de0aa45bc4cd0942a378c92218e71","sha1": "9b963fc73a75bdb6cde5c38b2ab1fac07835a800","md5": "74a774d2c04a6425e843b0d59553eeb3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _castSlice.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_castSlice.js","sha256": "b5397cf5ac2791636e00a380ce3d3c591b0de0aa45bc4cd0942a378c92218e71","sha1": "9b963fc73a75bdb6cde5c38b2ab1fac07835a800","md5": "74a774d2c04a6425e843b0d59553eeb3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_charsEndIndex.js","md5": "c96bf8f92332cc8b6e2233aef9b3ee85","sha1": "4164a27a922efe0dfb1dc15496d199152fd96599","sha256": "f5600b654adf18830a72edc7795cfd90e44a63cc30a5ee99b3d38b6824f44717","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_charsEndIndex.js","sha256": "f5600b654adf18830a72edc7795cfd90e44a63cc30a5ee99b3d38b6824f44717","sha1": "4164a27a922efe0dfb1dc15496d199152fd96599","md5": "c96bf8f92332cc8b6e2233aef9b3ee85"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_charsEndIndex.js","sha256": "f5600b654adf18830a72edc7795cfd90e44a63cc30a5ee99b3d38b6824f44717","sha1": "4164a27a922efe0dfb1dc15496d199152fd96599","md5": "c96bf8f92332cc8b6e2233aef9b3ee85"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_charsEndIndex.js","sha256": "f5600b654adf18830a72edc7795cfd90e44a63cc30a5ee99b3d38b6824f44717","sha1": "4164a27a922efe0dfb1dc15496d199152fd96599","md5": "c96bf8f92332cc8b6e2233aef9b3ee85"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsStartIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_charsStartIndex.js","md5": "ebc17df5400a1d6a6266ca3bc53e9f3e","sha1": "c4db2a95b12b0a442f73d3ad3d27c0048193b216","sha256": "33ee500387c9d29e2ec9ab5f7c7e1d66891b7f531b403afff0e282c123a25acb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsStartIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_charsStartIndex.js","sha256": "33ee500387c9d29e2ec9ab5f7c7e1d66891b7f531b403afff0e282c123a25acb","sha1": "c4db2a95b12b0a442f73d3ad3d27c0048193b216","md5": "ebc17df5400a1d6a6266ca3bc53e9f3e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsStartIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_charsStartIndex.js","sha256": "33ee500387c9d29e2ec9ab5f7c7e1d66891b7f531b403afff0e282c123a25acb","sha1": "c4db2a95b12b0a442f73d3ad3d27c0048193b216","md5": "ebc17df5400a1d6a6266ca3bc53e9f3e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _charsStartIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_charsStartIndex.js","sha256": "33ee500387c9d29e2ec9ab5f7c7e1d66891b7f531b403afff0e282c123a25acb","sha1": "c4db2a95b12b0a442f73d3ad3d27c0048193b216","md5": "ebc17df5400a1d6a6266ca3bc53e9f3e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cloneArrayBuffer.js","md5": "a8816d8941a6be069912f77f659a5958","sha1": "ffbada38bb191bc5290fc3ae51f6c01c3f8f6d7f","sha256": "04d0e9fb36e4c8612a9ae693a2b10f74a3687a9fdc9dcb22f00855eeca57a37b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cloneArrayBuffer.js","sha256": "04d0e9fb36e4c8612a9ae693a2b10f74a3687a9fdc9dcb22f00855eeca57a37b","sha1": "ffbada38bb191bc5290fc3ae51f6c01c3f8f6d7f","md5": "a8816d8941a6be069912f77f659a5958"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cloneArrayBuffer.js","sha256": "04d0e9fb36e4c8612a9ae693a2b10f74a3687a9fdc9dcb22f00855eeca57a37b","sha1": "ffbada38bb191bc5290fc3ae51f6c01c3f8f6d7f","md5": "a8816d8941a6be069912f77f659a5958"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneArrayBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cloneArrayBuffer.js","sha256": "04d0e9fb36e4c8612a9ae693a2b10f74a3687a9fdc9dcb22f00855eeca57a37b","sha1": "ffbada38bb191bc5290fc3ae51f6c01c3f8f6d7f","md5": "a8816d8941a6be069912f77f659a5958"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cloneBuffer.js","md5": "47fa50412c4aedbba10fe13048af5fdc","sha1": "f0b54438e44d83118f342434cabe99dc438d19c3","sha256": "550ed5b37392bd96493b0c38212a5bf8779890b7ba964d2ac4049c41e80f774a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cloneBuffer.js","sha256": "550ed5b37392bd96493b0c38212a5bf8779890b7ba964d2ac4049c41e80f774a","sha1": "f0b54438e44d83118f342434cabe99dc438d19c3","md5": "47fa50412c4aedbba10fe13048af5fdc"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cloneBuffer.js","sha256": "550ed5b37392bd96493b0c38212a5bf8779890b7ba964d2ac4049c41e80f774a","sha1": "f0b54438e44d83118f342434cabe99dc438d19c3","md5": "47fa50412c4aedbba10fe13048af5fdc"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneBuffer.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cloneBuffer.js","sha256": "550ed5b37392bd96493b0c38212a5bf8779890b7ba964d2ac4049c41e80f774a","sha1": "f0b54438e44d83118f342434cabe99dc438d19c3","md5": "47fa50412c4aedbba10fe13048af5fdc"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneDataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cloneDataView.js","md5": "89d1e3c2837c8db07cfe3345d3984e7c","sha1": "c8e9d1cd47aab00655a7ad7d3103cdddf2fd92a6","sha256": "135cb42922b80e96fbf921cc4e6262bcf9f35e23cb5b592f3c91ae11d2c4ee94","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneDataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cloneDataView.js","sha256": "135cb42922b80e96fbf921cc4e6262bcf9f35e23cb5b592f3c91ae11d2c4ee94","sha1": "c8e9d1cd47aab00655a7ad7d3103cdddf2fd92a6","md5": "89d1e3c2837c8db07cfe3345d3984e7c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneDataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cloneDataView.js","sha256": "135cb42922b80e96fbf921cc4e6262bcf9f35e23cb5b592f3c91ae11d2c4ee94","sha1": "c8e9d1cd47aab00655a7ad7d3103cdddf2fd92a6","md5": "89d1e3c2837c8db07cfe3345d3984e7c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneDataView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cloneDataView.js","sha256": "135cb42922b80e96fbf921cc4e6262bcf9f35e23cb5b592f3c91ae11d2c4ee94","sha1": "c8e9d1cd47aab00655a7ad7d3103cdddf2fd92a6","md5": "89d1e3c2837c8db07cfe3345d3984e7c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cloneRegExp.js","md5": "4770ac762c5ed1c33dd14a07e38f6764","sha1": "d0318f8d44ff0e8720cf498982e3183e23579919","sha256": "eea40d65b8981196ddfd6bb07b259ed35bc1387cf827b922ecf344a88693c6c6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cloneRegExp.js","sha256": "eea40d65b8981196ddfd6bb07b259ed35bc1387cf827b922ecf344a88693c6c6","sha1": "d0318f8d44ff0e8720cf498982e3183e23579919","md5": "4770ac762c5ed1c33dd14a07e38f6764"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cloneRegExp.js","sha256": "eea40d65b8981196ddfd6bb07b259ed35bc1387cf827b922ecf344a88693c6c6","sha1": "d0318f8d44ff0e8720cf498982e3183e23579919","md5": "4770ac762c5ed1c33dd14a07e38f6764"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneRegExp.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cloneRegExp.js","sha256": "eea40d65b8981196ddfd6bb07b259ed35bc1387cf827b922ecf344a88693c6c6","sha1": "d0318f8d44ff0e8720cf498982e3183e23579919","md5": "4770ac762c5ed1c33dd14a07e38f6764"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneSymbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cloneSymbol.js","md5": "85aa0ecb3c4f13fd4c22dc850391e363","sha1": "8b27dca2415595e97e38d9fa7fb3f854c4051048","sha256": "ae5f8ddeecd67e4ab2f539ca4cbdbac72d73bd86ea84956535316dc14a8d62d4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneSymbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cloneSymbol.js","sha256": "ae5f8ddeecd67e4ab2f539ca4cbdbac72d73bd86ea84956535316dc14a8d62d4","sha1": "8b27dca2415595e97e38d9fa7fb3f854c4051048","md5": "85aa0ecb3c4f13fd4c22dc850391e363"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneSymbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cloneSymbol.js","sha256": "ae5f8ddeecd67e4ab2f539ca4cbdbac72d73bd86ea84956535316dc14a8d62d4","sha1": "8b27dca2415595e97e38d9fa7fb3f854c4051048","md5": "85aa0ecb3c4f13fd4c22dc850391e363"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneSymbol.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cloneSymbol.js","sha256": "ae5f8ddeecd67e4ab2f539ca4cbdbac72d73bd86ea84956535316dc14a8d62d4","sha1": "8b27dca2415595e97e38d9fa7fb3f854c4051048","md5": "85aa0ecb3c4f13fd4c22dc850391e363"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_cloneTypedArray.js","md5": "f12f0f6f64c5dbf2653265d3a374f876","sha1": "b50a151594d841fdb56e8cf04619529fed4891f7","sha256": "e4a07e9bc192acec93c967f52426333e3209e861b6591d7f122256db573d9288","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_cloneTypedArray.js","sha256": "e4a07e9bc192acec93c967f52426333e3209e861b6591d7f122256db573d9288","sha1": "b50a151594d841fdb56e8cf04619529fed4891f7","md5": "f12f0f6f64c5dbf2653265d3a374f876"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_cloneTypedArray.js","sha256": "e4a07e9bc192acec93c967f52426333e3209e861b6591d7f122256db573d9288","sha1": "b50a151594d841fdb56e8cf04619529fed4891f7","md5": "f12f0f6f64c5dbf2653265d3a374f876"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _cloneTypedArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_cloneTypedArray.js","sha256": "e4a07e9bc192acec93c967f52426333e3209e861b6591d7f122256db573d9288","sha1": "b50a151594d841fdb56e8cf04619529fed4891f7","md5": "f12f0f6f64c5dbf2653265d3a374f876"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareAscending.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_compareAscending.js","md5": "62d6c1d57651524b7f868647fc8a9865","sha1": "456fc00f7549c8ea36a3d2f3b818b50bfcf016e6","sha256": "437f05eed3eea4f1617208098dd090e28238a18fc1dfe6e29bbcf21d30917ebf","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareAscending.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_compareAscending.js","sha256": "437f05eed3eea4f1617208098dd090e28238a18fc1dfe6e29bbcf21d30917ebf","sha1": "456fc00f7549c8ea36a3d2f3b818b50bfcf016e6","md5": "62d6c1d57651524b7f868647fc8a9865"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareAscending.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_compareAscending.js","sha256": "437f05eed3eea4f1617208098dd090e28238a18fc1dfe6e29bbcf21d30917ebf","sha1": "456fc00f7549c8ea36a3d2f3b818b50bfcf016e6","md5": "62d6c1d57651524b7f868647fc8a9865"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareAscending.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_compareAscending.js","sha256": "437f05eed3eea4f1617208098dd090e28238a18fc1dfe6e29bbcf21d30917ebf","sha1": "456fc00f7549c8ea36a3d2f3b818b50bfcf016e6","md5": "62d6c1d57651524b7f868647fc8a9865"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareMultiple.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_compareMultiple.js","md5": "f57979f4477b4bc8cae0c7a6b33b6bb6","sha1": "798b323506b11fa866904e39771daf98df260bca","sha256": "b04aff9f4e4b74672a0031202b66dc9b1116c7817e103bcb56954e284ab00765","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareMultiple.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_compareMultiple.js","sha256": "b04aff9f4e4b74672a0031202b66dc9b1116c7817e103bcb56954e284ab00765","sha1": "798b323506b11fa866904e39771daf98df260bca","md5": "f57979f4477b4bc8cae0c7a6b33b6bb6"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareMultiple.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_compareMultiple.js","sha256": "b04aff9f4e4b74672a0031202b66dc9b1116c7817e103bcb56954e284ab00765","sha1": "798b323506b11fa866904e39771daf98df260bca","md5": "f57979f4477b4bc8cae0c7a6b33b6bb6"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _compareMultiple.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_compareMultiple.js","sha256": "b04aff9f4e4b74672a0031202b66dc9b1116c7817e103bcb56954e284ab00765","sha1": "798b323506b11fa866904e39771daf98df260bca","md5": "f57979f4477b4bc8cae0c7a6b33b6bb6"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_composeArgs.js","md5": "c02811fd7074b5a12f458f6a9fb914d3","sha1": "18e0c7dbd15ff30fb10ccaa4ef651751eea88ff7","sha256": "28808649a653c40a4983ea61110e3e1ba70d638bba05c92d4b2513544402f9eb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_composeArgs.js","sha256": "28808649a653c40a4983ea61110e3e1ba70d638bba05c92d4b2513544402f9eb","sha1": "18e0c7dbd15ff30fb10ccaa4ef651751eea88ff7","md5": "c02811fd7074b5a12f458f6a9fb914d3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_composeArgs.js","sha256": "28808649a653c40a4983ea61110e3e1ba70d638bba05c92d4b2513544402f9eb","sha1": "18e0c7dbd15ff30fb10ccaa4ef651751eea88ff7","md5": "c02811fd7074b5a12f458f6a9fb914d3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_composeArgs.js","sha256": "28808649a653c40a4983ea61110e3e1ba70d638bba05c92d4b2513544402f9eb","sha1": "18e0c7dbd15ff30fb10ccaa4ef651751eea88ff7","md5": "c02811fd7074b5a12f458f6a9fb914d3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgsRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_composeArgsRight.js","md5": "b30c44b619b88f826f937260b7142f58","sha1": "b826dac099cb5bdc350361b3fb6df6a3c743b49d","sha256": "ace319b9262515267ee22b7274549a3bfa37979644ca8206e64e368d9c928d26","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgsRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_composeArgsRight.js","sha256": "ace319b9262515267ee22b7274549a3bfa37979644ca8206e64e368d9c928d26","sha1": "b826dac099cb5bdc350361b3fb6df6a3c743b49d","md5": "b30c44b619b88f826f937260b7142f58"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgsRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_composeArgsRight.js","sha256": "ace319b9262515267ee22b7274549a3bfa37979644ca8206e64e368d9c928d26","sha1": "b826dac099cb5bdc350361b3fb6df6a3c743b49d","md5": "b30c44b619b88f826f937260b7142f58"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _composeArgsRight.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_composeArgsRight.js","sha256": "ace319b9262515267ee22b7274549a3bfa37979644ca8206e64e368d9c928d26","sha1": "b826dac099cb5bdc350361b3fb6df6a3c743b49d","md5": "b30c44b619b88f826f937260b7142f58"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _convertBrowser.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/_convertBrowser.js","md5": "05747cda55f6ad83d1cd810d9368656f","sha1": "b4cceca914f9af59a7c47c384127602dce2abf6a","sha256": "95ca01b0535de617fc0ba0f5b5b6a804e2c21fd762ff93d73cf2753101f83caf","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _convertBrowser.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/_convertBrowser.js","sha256": "95ca01b0535de617fc0ba0f5b5b6a804e2c21fd762ff93d73cf2753101f83caf","sha1": "b4cceca914f9af59a7c47c384127602dce2abf6a","md5": "05747cda55f6ad83d1cd810d9368656f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _convertBrowser.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/_convertBrowser.js","sha256": "95ca01b0535de617fc0ba0f5b5b6a804e2c21fd762ff93d73cf2753101f83caf","sha1": "b4cceca914f9af59a7c47c384127602dce2abf6a","md5": "05747cda55f6ad83d1cd810d9368656f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _convertBrowser.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/_convertBrowser.js","sha256": "95ca01b0535de617fc0ba0f5b5b6a804e2c21fd762ff93d73cf2753101f83caf","sha1": "b4cceca914f9af59a7c47c384127602dce2abf6a","md5": "05747cda55f6ad83d1cd810d9368656f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_copyArray.js","md5": "e9bd394a37453dfcc28f881fbb022170","sha1": "cec6a29544aa38261f7cfc1bf123f3289d22c377","sha256": "4a828cecfb989f5ec5dfb5627c98a49e90ff7d1249c4910ef2de74cd8c677a85","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_copyArray.js","sha256": "4a828cecfb989f5ec5dfb5627c98a49e90ff7d1249c4910ef2de74cd8c677a85","sha1": "cec6a29544aa38261f7cfc1bf123f3289d22c377","md5": "e9bd394a37453dfcc28f881fbb022170"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_copyArray.js","sha256": "4a828cecfb989f5ec5dfb5627c98a49e90ff7d1249c4910ef2de74cd8c677a85","sha1": "cec6a29544aa38261f7cfc1bf123f3289d22c377","md5": "e9bd394a37453dfcc28f881fbb022170"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_copyArray.js","sha256": "4a828cecfb989f5ec5dfb5627c98a49e90ff7d1249c4910ef2de74cd8c677a85","sha1": "cec6a29544aa38261f7cfc1bf123f3289d22c377","md5": "e9bd394a37453dfcc28f881fbb022170"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_copyObject.js","md5": "79db3f2c724dd71a15285ee5e9decec2","sha1": "3bfeeec32b43433683d931621a2bf53dbc3db3d0","sha256": "540cc88da53fd6db2c8faeeb5a37ffd5ee3dbd291a4d9a6233d779ff03f162dc","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_copyObject.js","sha256": "540cc88da53fd6db2c8faeeb5a37ffd5ee3dbd291a4d9a6233d779ff03f162dc","sha1": "3bfeeec32b43433683d931621a2bf53dbc3db3d0","md5": "79db3f2c724dd71a15285ee5e9decec2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_copyObject.js","sha256": "540cc88da53fd6db2c8faeeb5a37ffd5ee3dbd291a4d9a6233d779ff03f162dc","sha1": "3bfeeec32b43433683d931621a2bf53dbc3db3d0","md5": "79db3f2c724dd71a15285ee5e9decec2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copyObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_copyObject.js","sha256": "540cc88da53fd6db2c8faeeb5a37ffd5ee3dbd291a4d9a6233d779ff03f162dc","sha1": "3bfeeec32b43433683d931621a2bf53dbc3db3d0","md5": "79db3f2c724dd71a15285ee5e9decec2"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_copySymbols.js","md5": "be5537221ee34886ad108ded3d43514a","sha1": "871986e31fddf247cd65b93aa92b69392b9bde8d","sha256": "cd82623cd5c4454026e3afe1b1a11054b7ab4d8115436394f23209183b6df00d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_copySymbols.js","sha256": "cd82623cd5c4454026e3afe1b1a11054b7ab4d8115436394f23209183b6df00d","sha1": "871986e31fddf247cd65b93aa92b69392b9bde8d","md5": "be5537221ee34886ad108ded3d43514a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_copySymbols.js","sha256": "cd82623cd5c4454026e3afe1b1a11054b7ab4d8115436394f23209183b6df00d","sha1": "871986e31fddf247cd65b93aa92b69392b9bde8d","md5": "be5537221ee34886ad108ded3d43514a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_copySymbols.js","sha256": "cd82623cd5c4454026e3afe1b1a11054b7ab4d8115436394f23209183b6df00d","sha1": "871986e31fddf247cd65b93aa92b69392b9bde8d","md5": "be5537221ee34886ad108ded3d43514a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_copySymbolsIn.js","md5": "de3b0fe0d6f6f87285cd71e4a9eb3801","sha1": "92a72efc51ad106ed6bc2e4dc03d0f23751523fd","sha256": "bc2c0518d3708d754814b5657c90bbaa0d1494d06f32d21af0af01853f06a045","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_copySymbolsIn.js","sha256": "bc2c0518d3708d754814b5657c90bbaa0d1494d06f32d21af0af01853f06a045","sha1": "92a72efc51ad106ed6bc2e4dc03d0f23751523fd","md5": "de3b0fe0d6f6f87285cd71e4a9eb3801"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_copySymbolsIn.js","sha256": "bc2c0518d3708d754814b5657c90bbaa0d1494d06f32d21af0af01853f06a045","sha1": "92a72efc51ad106ed6bc2e4dc03d0f23751523fd","md5": "de3b0fe0d6f6f87285cd71e4a9eb3801"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _copySymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_copySymbolsIn.js","sha256": "bc2c0518d3708d754814b5657c90bbaa0d1494d06f32d21af0af01853f06a045","sha1": "92a72efc51ad106ed6bc2e4dc03d0f23751523fd","md5": "de3b0fe0d6f6f87285cd71e4a9eb3801"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _coreJsData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_coreJsData.js","md5": "73c31c0f1d9ed6bd5c34ab3b10ec96ae","sha1": "15e60e7a6363ae6df943c85e4b9e1078457b06e6","sha256": "9960c73f0dced1bc32511551e31cfece7fc2c3373b62f5e934eab7291796a8e0","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _coreJsData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_coreJsData.js","sha256": "9960c73f0dced1bc32511551e31cfece7fc2c3373b62f5e934eab7291796a8e0","sha1": "15e60e7a6363ae6df943c85e4b9e1078457b06e6","md5": "73c31c0f1d9ed6bd5c34ab3b10ec96ae"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _coreJsData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_coreJsData.js","sha256": "9960c73f0dced1bc32511551e31cfece7fc2c3373b62f5e934eab7291796a8e0","sha1": "15e60e7a6363ae6df943c85e4b9e1078457b06e6","md5": "73c31c0f1d9ed6bd5c34ab3b10ec96ae"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _coreJsData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_coreJsData.js","sha256": "9960c73f0dced1bc32511551e31cfece7fc2c3373b62f5e934eab7291796a8e0","sha1": "15e60e7a6363ae6df943c85e4b9e1078457b06e6","md5": "73c31c0f1d9ed6bd5c34ab3b10ec96ae"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _countHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_countHolders.js","md5": "22ff47f3014c41f5fb9bd6dff7bf7ba8","sha1": "9ff8f78133806ffbcc60d281c0152897aa7640bf","sha256": "dca76f5213ffeddd57a87db1babf85b64e4295710d2c64b9a15830f07ae846b8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _countHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_countHolders.js","sha256": "dca76f5213ffeddd57a87db1babf85b64e4295710d2c64b9a15830f07ae846b8","sha1": "9ff8f78133806ffbcc60d281c0152897aa7640bf","md5": "22ff47f3014c41f5fb9bd6dff7bf7ba8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _countHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_countHolders.js","sha256": "dca76f5213ffeddd57a87db1babf85b64e4295710d2c64b9a15830f07ae846b8","sha1": "9ff8f78133806ffbcc60d281c0152897aa7640bf","md5": "22ff47f3014c41f5fb9bd6dff7bf7ba8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _countHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_countHolders.js","sha256": "dca76f5213ffeddd57a87db1babf85b64e4295710d2c64b9a15830f07ae846b8","sha1": "9ff8f78133806ffbcc60d281c0152897aa7640bf","md5": "22ff47f3014c41f5fb9bd6dff7bf7ba8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createAggregator.js","md5": "672a108095d147d14a78ad39dc3346d8","sha1": "261d83069fe95d76ef0dcf16aecf4d21af132baf","sha256": "23d62e008e8c578443e4a55f56e6582a8b04e68650b18e78931bb423935d525d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createAggregator.js","sha256": "23d62e008e8c578443e4a55f56e6582a8b04e68650b18e78931bb423935d525d","sha1": "261d83069fe95d76ef0dcf16aecf4d21af132baf","md5": "672a108095d147d14a78ad39dc3346d8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createAggregator.js","sha256": "23d62e008e8c578443e4a55f56e6582a8b04e68650b18e78931bb423935d525d","sha1": "261d83069fe95d76ef0dcf16aecf4d21af132baf","md5": "672a108095d147d14a78ad39dc3346d8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAggregator.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createAggregator.js","sha256": "23d62e008e8c578443e4a55f56e6582a8b04e68650b18e78931bb423935d525d","sha1": "261d83069fe95d76ef0dcf16aecf4d21af132baf","md5": "672a108095d147d14a78ad39dc3346d8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAssigner.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createAssigner.js","md5": "4483c936954ec5465295fcf818b04c1a","sha1": "0125f6e53a2b16619993e408f3511862079717e5","sha256": "244a92bbbc71a52c87e34638189f95fd69f671fb39a1a32729511f054548ffa4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAssigner.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createAssigner.js","sha256": "244a92bbbc71a52c87e34638189f95fd69f671fb39a1a32729511f054548ffa4","sha1": "0125f6e53a2b16619993e408f3511862079717e5","md5": "4483c936954ec5465295fcf818b04c1a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAssigner.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createAssigner.js","sha256": "244a92bbbc71a52c87e34638189f95fd69f671fb39a1a32729511f054548ffa4","sha1": "0125f6e53a2b16619993e408f3511862079717e5","md5": "4483c936954ec5465295fcf818b04c1a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createAssigner.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createAssigner.js","sha256": "244a92bbbc71a52c87e34638189f95fd69f671fb39a1a32729511f054548ffa4","sha1": "0125f6e53a2b16619993e408f3511862079717e5","md5": "4483c936954ec5465295fcf818b04c1a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createBaseEach.js","md5": "f7bb2b68af0c067fccb8bc885662e888","sha1": "ade31f23b8e144e8588af940219fc4c8bda2ce53","sha256": "8fde6568230f3a01ec34320a3ddb29ba4e9608725bf27c634bdc363ddde2ff08","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createBaseEach.js","sha256": "8fde6568230f3a01ec34320a3ddb29ba4e9608725bf27c634bdc363ddde2ff08","sha1": "ade31f23b8e144e8588af940219fc4c8bda2ce53","md5": "f7bb2b68af0c067fccb8bc885662e888"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createBaseEach.js","sha256": "8fde6568230f3a01ec34320a3ddb29ba4e9608725bf27c634bdc363ddde2ff08","sha1": "ade31f23b8e144e8588af940219fc4c8bda2ce53","md5": "f7bb2b68af0c067fccb8bc885662e888"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseEach.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createBaseEach.js","sha256": "8fde6568230f3a01ec34320a3ddb29ba4e9608725bf27c634bdc363ddde2ff08","sha1": "ade31f23b8e144e8588af940219fc4c8bda2ce53","md5": "f7bb2b68af0c067fccb8bc885662e888"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createBaseFor.js","md5": "ab3021a98ea50849008ba21f86923e62","sha1": "77c64903d26461aaff6bb22d3e2739a5ac9a5e0e","sha256": "39e0842e9dfb572b59b8237a5edafece23ca372cc20e768ce8e5e27fc9b52996","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createBaseFor.js","sha256": "39e0842e9dfb572b59b8237a5edafece23ca372cc20e768ce8e5e27fc9b52996","sha1": "77c64903d26461aaff6bb22d3e2739a5ac9a5e0e","md5": "ab3021a98ea50849008ba21f86923e62"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createBaseFor.js","sha256": "39e0842e9dfb572b59b8237a5edafece23ca372cc20e768ce8e5e27fc9b52996","sha1": "77c64903d26461aaff6bb22d3e2739a5ac9a5e0e","md5": "ab3021a98ea50849008ba21f86923e62"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBaseFor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createBaseFor.js","sha256": "39e0842e9dfb572b59b8237a5edafece23ca372cc20e768ce8e5e27fc9b52996","sha1": "77c64903d26461aaff6bb22d3e2739a5ac9a5e0e","md5": "ab3021a98ea50849008ba21f86923e62"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createBind.js","md5": "e0aa4b8e423b116d924bbae8930fb9f3","sha1": "56e3d29a4d8774c9709ba42dd15e204a693a8a42","sha256": "5fbbec0d516e93505ae43dd9277e0980aed3d98c27d741321b7a3f8373fefa6e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createBind.js","sha256": "5fbbec0d516e93505ae43dd9277e0980aed3d98c27d741321b7a3f8373fefa6e","sha1": "56e3d29a4d8774c9709ba42dd15e204a693a8a42","md5": "e0aa4b8e423b116d924bbae8930fb9f3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createBind.js","sha256": "5fbbec0d516e93505ae43dd9277e0980aed3d98c27d741321b7a3f8373fefa6e","sha1": "56e3d29a4d8774c9709ba42dd15e204a693a8a42","md5": "e0aa4b8e423b116d924bbae8930fb9f3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createBind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createBind.js","sha256": "5fbbec0d516e93505ae43dd9277e0980aed3d98c27d741321b7a3f8373fefa6e","sha1": "56e3d29a4d8774c9709ba42dd15e204a693a8a42","md5": "e0aa4b8e423b116d924bbae8930fb9f3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCaseFirst.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createCaseFirst.js","md5": "87ab8be910b955601f6284146c28e3a9","sha1": "4eda4cc9710593950268262489e79a507679356f","sha256": "c7e18c887a1871cd4fbc21cc79ce0976e180cd2c3b96dd8832aff658c07bb210","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCaseFirst.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createCaseFirst.js","sha256": "c7e18c887a1871cd4fbc21cc79ce0976e180cd2c3b96dd8832aff658c07bb210","sha1": "4eda4cc9710593950268262489e79a507679356f","md5": "87ab8be910b955601f6284146c28e3a9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCaseFirst.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createCaseFirst.js","sha256": "c7e18c887a1871cd4fbc21cc79ce0976e180cd2c3b96dd8832aff658c07bb210","sha1": "4eda4cc9710593950268262489e79a507679356f","md5": "87ab8be910b955601f6284146c28e3a9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCaseFirst.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createCaseFirst.js","sha256": "c7e18c887a1871cd4fbc21cc79ce0976e180cd2c3b96dd8832aff658c07bb210","sha1": "4eda4cc9710593950268262489e79a507679356f","md5": "87ab8be910b955601f6284146c28e3a9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCompounder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createCompounder.js","md5": "a979cd3acef512f716756dc289b40a28","sha1": "195c16455366a158b8b855547fafdc602f0be9e9","sha256": "43758b67806c676c6d9a38ebbb4263147cfeaa036cb8dc56d136b36fad262a51","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCompounder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createCompounder.js","sha256": "43758b67806c676c6d9a38ebbb4263147cfeaa036cb8dc56d136b36fad262a51","sha1": "195c16455366a158b8b855547fafdc602f0be9e9","md5": "a979cd3acef512f716756dc289b40a28"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCompounder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createCompounder.js","sha256": "43758b67806c676c6d9a38ebbb4263147cfeaa036cb8dc56d136b36fad262a51","sha1": "195c16455366a158b8b855547fafdc602f0be9e9","md5": "a979cd3acef512f716756dc289b40a28"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCompounder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createCompounder.js","sha256": "43758b67806c676c6d9a38ebbb4263147cfeaa036cb8dc56d136b36fad262a51","sha1": "195c16455366a158b8b855547fafdc602f0be9e9","md5": "a979cd3acef512f716756dc289b40a28"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCtor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createCtor.js","md5": "f263d3d18491e59171924c0e12918ec5","sha1": "12be272e2dcd00624119d859d78459c9dae1baa0","sha256": "40ffde082a93d3733672aa387ddb4a02b20501705cd93143f998cb01f583f8b7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCtor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createCtor.js","sha256": "40ffde082a93d3733672aa387ddb4a02b20501705cd93143f998cb01f583f8b7","sha1": "12be272e2dcd00624119d859d78459c9dae1baa0","md5": "f263d3d18491e59171924c0e12918ec5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCtor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createCtor.js","sha256": "40ffde082a93d3733672aa387ddb4a02b20501705cd93143f998cb01f583f8b7","sha1": "12be272e2dcd00624119d859d78459c9dae1baa0","md5": "f263d3d18491e59171924c0e12918ec5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCtor.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createCtor.js","sha256": "40ffde082a93d3733672aa387ddb4a02b20501705cd93143f998cb01f583f8b7","sha1": "12be272e2dcd00624119d859d78459c9dae1baa0","md5": "f263d3d18491e59171924c0e12918ec5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createCurry.js","md5": "06410d4f5acb83d0118c29955705f227","sha1": "30c237eecdcbbf00b48be6b716264799e0f32c1e","sha256": "e4f4ea0b7c6c2e23d679d8b1f05d8c9cef3236c44746cf5f2d59bf86fe45a3b8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createCurry.js","sha256": "e4f4ea0b7c6c2e23d679d8b1f05d8c9cef3236c44746cf5f2d59bf86fe45a3b8","sha1": "30c237eecdcbbf00b48be6b716264799e0f32c1e","md5": "06410d4f5acb83d0118c29955705f227"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createCurry.js","sha256": "e4f4ea0b7c6c2e23d679d8b1f05d8c9cef3236c44746cf5f2d59bf86fe45a3b8","sha1": "30c237eecdcbbf00b48be6b716264799e0f32c1e","md5": "06410d4f5acb83d0118c29955705f227"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createCurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createCurry.js","sha256": "e4f4ea0b7c6c2e23d679d8b1f05d8c9cef3236c44746cf5f2d59bf86fe45a3b8","sha1": "30c237eecdcbbf00b48be6b716264799e0f32c1e","md5": "06410d4f5acb83d0118c29955705f227"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createFind.js","md5": "777368719d7488e9b7615dbb055d765d","sha1": "3eb3975cd88173810656e3ab17de9c210773a1f4","sha256": "6a15236257a0c09dbb7084c5ae795721a24df5bd5ad9c5ac5fe54c0b6f4c6e32","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createFind.js","sha256": "6a15236257a0c09dbb7084c5ae795721a24df5bd5ad9c5ac5fe54c0b6f4c6e32","sha1": "3eb3975cd88173810656e3ab17de9c210773a1f4","md5": "777368719d7488e9b7615dbb055d765d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createFind.js","sha256": "6a15236257a0c09dbb7084c5ae795721a24df5bd5ad9c5ac5fe54c0b6f4c6e32","sha1": "3eb3975cd88173810656e3ab17de9c210773a1f4","md5": "777368719d7488e9b7615dbb055d765d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFind.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createFind.js","sha256": "6a15236257a0c09dbb7084c5ae795721a24df5bd5ad9c5ac5fe54c0b6f4c6e32","sha1": "3eb3975cd88173810656e3ab17de9c210773a1f4","md5": "777368719d7488e9b7615dbb055d765d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFlow.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createFlow.js","md5": "0b5094d38bb7f6d92cae94b6ad1e62f3","sha1": "c9408be96649f6431781578ada26509a567005a8","sha256": "a65305d3ff738e6c9692a0396a16c226a92b88f9caa6be9a76ca520036190ddb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFlow.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createFlow.js","sha256": "a65305d3ff738e6c9692a0396a16c226a92b88f9caa6be9a76ca520036190ddb","sha1": "c9408be96649f6431781578ada26509a567005a8","md5": "0b5094d38bb7f6d92cae94b6ad1e62f3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFlow.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createFlow.js","sha256": "a65305d3ff738e6c9692a0396a16c226a92b88f9caa6be9a76ca520036190ddb","sha1": "c9408be96649f6431781578ada26509a567005a8","md5": "0b5094d38bb7f6d92cae94b6ad1e62f3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createFlow.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createFlow.js","sha256": "a65305d3ff738e6c9692a0396a16c226a92b88f9caa6be9a76ca520036190ddb","sha1": "c9408be96649f6431781578ada26509a567005a8","md5": "0b5094d38bb7f6d92cae94b6ad1e62f3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createHybrid.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createHybrid.js","md5": "77b3c28215139ece5e26b38e1f9f32a7","sha1": "15282c26201bfcfdc26829ced58fa9785f1db1fe","sha256": "d6773f5ea7f7a580879a32300583de93c886f1f98343ca181f63096cfd3eb345","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createHybrid.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createHybrid.js","sha256": "d6773f5ea7f7a580879a32300583de93c886f1f98343ca181f63096cfd3eb345","sha1": "15282c26201bfcfdc26829ced58fa9785f1db1fe","md5": "77b3c28215139ece5e26b38e1f9f32a7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createHybrid.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createHybrid.js","sha256": "d6773f5ea7f7a580879a32300583de93c886f1f98343ca181f63096cfd3eb345","sha1": "15282c26201bfcfdc26829ced58fa9785f1db1fe","md5": "77b3c28215139ece5e26b38e1f9f32a7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createHybrid.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createHybrid.js","sha256": "d6773f5ea7f7a580879a32300583de93c886f1f98343ca181f63096cfd3eb345","sha1": "15282c26201bfcfdc26829ced58fa9785f1db1fe","md5": "77b3c28215139ece5e26b38e1f9f32a7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createInverter.js","md5": "0145a137de29504b952d24865847f0fa","sha1": "3b149fffb0fb7fe82cf00dbd794973ddc33f33e4","sha256": "b9618d906573bc74fe3b34c5cfd6b86f30ff72e1292d4fcc26025d71b8e130cb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createInverter.js","sha256": "b9618d906573bc74fe3b34c5cfd6b86f30ff72e1292d4fcc26025d71b8e130cb","sha1": "3b149fffb0fb7fe82cf00dbd794973ddc33f33e4","md5": "0145a137de29504b952d24865847f0fa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createInverter.js","sha256": "b9618d906573bc74fe3b34c5cfd6b86f30ff72e1292d4fcc26025d71b8e130cb","sha1": "3b149fffb0fb7fe82cf00dbd794973ddc33f33e4","md5": "0145a137de29504b952d24865847f0fa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createInverter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createInverter.js","sha256": "b9618d906573bc74fe3b34c5cfd6b86f30ff72e1292d4fcc26025d71b8e130cb","sha1": "3b149fffb0fb7fe82cf00dbd794973ddc33f33e4","md5": "0145a137de29504b952d24865847f0fa"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createMathOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createMathOperation.js","md5": "d1373646249f4255bbbaab54732dbb07","sha1": "d02710cbdbf76e2b2001750b355238b9a0e951c9","sha256": "335738807b39951fd64cb6469bba3a94764786fe3d926938f2275420df34f86c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createMathOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createMathOperation.js","sha256": "335738807b39951fd64cb6469bba3a94764786fe3d926938f2275420df34f86c","sha1": "d02710cbdbf76e2b2001750b355238b9a0e951c9","md5": "d1373646249f4255bbbaab54732dbb07"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createMathOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createMathOperation.js","sha256": "335738807b39951fd64cb6469bba3a94764786fe3d926938f2275420df34f86c","sha1": "d02710cbdbf76e2b2001750b355238b9a0e951c9","md5": "d1373646249f4255bbbaab54732dbb07"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createMathOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createMathOperation.js","sha256": "335738807b39951fd64cb6469bba3a94764786fe3d926938f2275420df34f86c","sha1": "d02710cbdbf76e2b2001750b355238b9a0e951c9","md5": "d1373646249f4255bbbaab54732dbb07"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createOver.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createOver.js","md5": "f8d922fa0a583cc8f4a49496f4ba2304","sha1": "ba8f63fcb4755dc9023793118e5f8180e86c4c64","sha256": "ee23c96ff637259512dfcd11eca50f081abf43d505aa7c18f4b933074da048a7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createOver.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createOver.js","sha256": "ee23c96ff637259512dfcd11eca50f081abf43d505aa7c18f4b933074da048a7","sha1": "ba8f63fcb4755dc9023793118e5f8180e86c4c64","md5": "f8d922fa0a583cc8f4a49496f4ba2304"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createOver.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createOver.js","sha256": "ee23c96ff637259512dfcd11eca50f081abf43d505aa7c18f4b933074da048a7","sha1": "ba8f63fcb4755dc9023793118e5f8180e86c4c64","md5": "f8d922fa0a583cc8f4a49496f4ba2304"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createOver.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createOver.js","sha256": "ee23c96ff637259512dfcd11eca50f081abf43d505aa7c18f4b933074da048a7","sha1": "ba8f63fcb4755dc9023793118e5f8180e86c4c64","md5": "f8d922fa0a583cc8f4a49496f4ba2304"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPadding.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createPadding.js","md5": "a884b3861970260dac1edf3b15b3b605","sha1": "0597ae4997016438b3d7629560c03d260f2b51a0","sha256": "242d9d729f1044522cb20637602f0ed56f3e1ac26eb58f4d17751ef04caa4d31","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPadding.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createPadding.js","sha256": "242d9d729f1044522cb20637602f0ed56f3e1ac26eb58f4d17751ef04caa4d31","sha1": "0597ae4997016438b3d7629560c03d260f2b51a0","md5": "a884b3861970260dac1edf3b15b3b605"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPadding.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createPadding.js","sha256": "242d9d729f1044522cb20637602f0ed56f3e1ac26eb58f4d17751ef04caa4d31","sha1": "0597ae4997016438b3d7629560c03d260f2b51a0","md5": "a884b3861970260dac1edf3b15b3b605"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPadding.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createPadding.js","sha256": "242d9d729f1044522cb20637602f0ed56f3e1ac26eb58f4d17751ef04caa4d31","sha1": "0597ae4997016438b3d7629560c03d260f2b51a0","md5": "a884b3861970260dac1edf3b15b3b605"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPartial.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createPartial.js","md5": "1e5a6f4d3f27578576c8a558858e845e","sha1": "2dc87c9d5a3fa04f144a85d4d90cfd55a4e4b208","sha256": "229faccb2beb1c287454a5c6f825c63393840d72bba5f7d80c29aa2f604abfb6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPartial.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createPartial.js","sha256": "229faccb2beb1c287454a5c6f825c63393840d72bba5f7d80c29aa2f604abfb6","sha1": "2dc87c9d5a3fa04f144a85d4d90cfd55a4e4b208","md5": "1e5a6f4d3f27578576c8a558858e845e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPartial.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createPartial.js","sha256": "229faccb2beb1c287454a5c6f825c63393840d72bba5f7d80c29aa2f604abfb6","sha1": "2dc87c9d5a3fa04f144a85d4d90cfd55a4e4b208","md5": "1e5a6f4d3f27578576c8a558858e845e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createPartial.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createPartial.js","sha256": "229faccb2beb1c287454a5c6f825c63393840d72bba5f7d80c29aa2f604abfb6","sha1": "2dc87c9d5a3fa04f144a85d4d90cfd55a4e4b208","md5": "1e5a6f4d3f27578576c8a558858e845e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createRange.js","md5": "fd4429262344493a733c70d9dfbc527a","sha1": "1c65b8adbfe1a38fb5827f584a454bc8218050ac","sha256": "d93dabb51867e8eaea8e01be8cf115e4714a462da42a0745aefeb66ec8607983","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createRange.js","sha256": "d93dabb51867e8eaea8e01be8cf115e4714a462da42a0745aefeb66ec8607983","sha1": "1c65b8adbfe1a38fb5827f584a454bc8218050ac","md5": "fd4429262344493a733c70d9dfbc527a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createRange.js","sha256": "d93dabb51867e8eaea8e01be8cf115e4714a462da42a0745aefeb66ec8607983","sha1": "1c65b8adbfe1a38fb5827f584a454bc8218050ac","md5": "fd4429262344493a733c70d9dfbc527a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRange.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createRange.js","sha256": "d93dabb51867e8eaea8e01be8cf115e4714a462da42a0745aefeb66ec8607983","sha1": "1c65b8adbfe1a38fb5827f584a454bc8218050ac","md5": "fd4429262344493a733c70d9dfbc527a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRecurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createRecurry.js","md5": "2192bd7c3e5fe2a57dc6676a8fddc48b","sha1": "fa869537d2d2bb656d1a7876435dc4c79f57575e","sha256": "2c7f5b97c8dcd065f333fa98dfc629698eec88a4fb1f15b56eb95e47effbedaa","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRecurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createRecurry.js","sha256": "2c7f5b97c8dcd065f333fa98dfc629698eec88a4fb1f15b56eb95e47effbedaa","sha1": "fa869537d2d2bb656d1a7876435dc4c79f57575e","md5": "2192bd7c3e5fe2a57dc6676a8fddc48b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRecurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createRecurry.js","sha256": "2c7f5b97c8dcd065f333fa98dfc629698eec88a4fb1f15b56eb95e47effbedaa","sha1": "fa869537d2d2bb656d1a7876435dc4c79f57575e","md5": "2192bd7c3e5fe2a57dc6676a8fddc48b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRecurry.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createRecurry.js","sha256": "2c7f5b97c8dcd065f333fa98dfc629698eec88a4fb1f15b56eb95e47effbedaa","sha1": "fa869537d2d2bb656d1a7876435dc4c79f57575e","md5": "2192bd7c3e5fe2a57dc6676a8fddc48b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRelationalOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createRelationalOperation.js","md5": "673997610a2eee28e2d75155648a8c10","sha1": "428d4535498e0c63f8a998bca3403d36ddbf8004","sha256": "c178b152e9291dff5e8a67df8a1d28013fcfbe576ab1b0af3a85651b8d6f9c0a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRelationalOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createRelationalOperation.js","sha256": "c178b152e9291dff5e8a67df8a1d28013fcfbe576ab1b0af3a85651b8d6f9c0a","sha1": "428d4535498e0c63f8a998bca3403d36ddbf8004","md5": "673997610a2eee28e2d75155648a8c10"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRelationalOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createRelationalOperation.js","sha256": "c178b152e9291dff5e8a67df8a1d28013fcfbe576ab1b0af3a85651b8d6f9c0a","sha1": "428d4535498e0c63f8a998bca3403d36ddbf8004","md5": "673997610a2eee28e2d75155648a8c10"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRelationalOperation.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createRelationalOperation.js","sha256": "c178b152e9291dff5e8a67df8a1d28013fcfbe576ab1b0af3a85651b8d6f9c0a","sha1": "428d4535498e0c63f8a998bca3403d36ddbf8004","md5": "673997610a2eee28e2d75155648a8c10"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRound.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createRound.js","md5": "5355f2a83b38ab9c5b2e19d53dd3fd36","sha1": "f4640823857ab5cc4a35b87df0b475c215e8147a","sha256": "09b84d1712b210ec6408eebb5d2f3a72f728c5e9ce7c9f86f621ad81a5d02bd1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRound.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createRound.js","sha256": "09b84d1712b210ec6408eebb5d2f3a72f728c5e9ce7c9f86f621ad81a5d02bd1","sha1": "f4640823857ab5cc4a35b87df0b475c215e8147a","md5": "5355f2a83b38ab9c5b2e19d53dd3fd36"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRound.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createRound.js","sha256": "09b84d1712b210ec6408eebb5d2f3a72f728c5e9ce7c9f86f621ad81a5d02bd1","sha1": "f4640823857ab5cc4a35b87df0b475c215e8147a","md5": "5355f2a83b38ab9c5b2e19d53dd3fd36"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createRound.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createRound.js","sha256": "09b84d1712b210ec6408eebb5d2f3a72f728c5e9ce7c9f86f621ad81a5d02bd1","sha1": "f4640823857ab5cc4a35b87df0b475c215e8147a","md5": "5355f2a83b38ab9c5b2e19d53dd3fd36"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createSet.js","md5": "5f75e71ebdd998e40fa4152cf7ed30a0","sha1": "c213de450f86338c23b81de1c99f8136a7538ba3","sha256": "1c0337ba289802bd751f6584bacf1f4e71c13124d219927a6fbed13fee06a68e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createSet.js","sha256": "1c0337ba289802bd751f6584bacf1f4e71c13124d219927a6fbed13fee06a68e","sha1": "c213de450f86338c23b81de1c99f8136a7538ba3","md5": "5f75e71ebdd998e40fa4152cf7ed30a0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createSet.js","sha256": "1c0337ba289802bd751f6584bacf1f4e71c13124d219927a6fbed13fee06a68e","sha1": "c213de450f86338c23b81de1c99f8136a7538ba3","md5": "5f75e71ebdd998e40fa4152cf7ed30a0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createSet.js","sha256": "1c0337ba289802bd751f6584bacf1f4e71c13124d219927a6fbed13fee06a68e","sha1": "c213de450f86338c23b81de1c99f8136a7538ba3","md5": "5f75e71ebdd998e40fa4152cf7ed30a0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createToPairs.js","md5": "3613da2d682e2efa8d314debe083fc51","sha1": "b16382972bd68fefa26ec9672c3935cfc1af1b7c","sha256": "0e91375d171c8075f70d5daaaf604f03a5210c6a2a3a4f7777330b384c45664d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createToPairs.js","sha256": "0e91375d171c8075f70d5daaaf604f03a5210c6a2a3a4f7777330b384c45664d","sha1": "b16382972bd68fefa26ec9672c3935cfc1af1b7c","md5": "3613da2d682e2efa8d314debe083fc51"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createToPairs.js","sha256": "0e91375d171c8075f70d5daaaf604f03a5210c6a2a3a4f7777330b384c45664d","sha1": "b16382972bd68fefa26ec9672c3935cfc1af1b7c","md5": "3613da2d682e2efa8d314debe083fc51"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createToPairs.js","sha256": "0e91375d171c8075f70d5daaaf604f03a5210c6a2a3a4f7777330b384c45664d","sha1": "b16382972bd68fefa26ec9672c3935cfc1af1b7c","md5": "3613da2d682e2efa8d314debe083fc51"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createWrap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_createWrap.js","md5": "1737b32cc2049d6b30a70b34d42af91c","sha1": "3cf0222feec115f3d4b71c1adbfe4aca7555ebe6","sha256": "256b82e8c7e06f8c8d96448629113046232ef4904717d93f8543b29c5b6f96e5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createWrap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_createWrap.js","sha256": "256b82e8c7e06f8c8d96448629113046232ef4904717d93f8543b29c5b6f96e5","sha1": "3cf0222feec115f3d4b71c1adbfe4aca7555ebe6","md5": "1737b32cc2049d6b30a70b34d42af91c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createWrap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_createWrap.js","sha256": "256b82e8c7e06f8c8d96448629113046232ef4904717d93f8543b29c5b6f96e5","sha1": "3cf0222feec115f3d4b71c1adbfe4aca7555ebe6","md5": "1737b32cc2049d6b30a70b34d42af91c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _createWrap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_createWrap.js","sha256": "256b82e8c7e06f8c8d96448629113046232ef4904717d93f8543b29c5b6f96e5","sha1": "3cf0222feec115f3d4b71c1adbfe4aca7555ebe6","md5": "1737b32cc2049d6b30a70b34d42af91c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_customDefaultsAssignIn.js","md5": "1032eb6686881f8c0dcc01bda468f1d2","sha1": "3cfaa6d8045c1f0217366218ad4340b50de5ceef","sha256": "ab79963aa13e9c8ec3621998637839d6376d14a9b4f64646b2bcd3349b4cdc80","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_customDefaultsAssignIn.js","sha256": "ab79963aa13e9c8ec3621998637839d6376d14a9b4f64646b2bcd3349b4cdc80","sha1": "3cfaa6d8045c1f0217366218ad4340b50de5ceef","md5": "1032eb6686881f8c0dcc01bda468f1d2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_customDefaultsAssignIn.js","sha256": "ab79963aa13e9c8ec3621998637839d6376d14a9b4f64646b2bcd3349b4cdc80","sha1": "3cfaa6d8045c1f0217366218ad4340b50de5ceef","md5": "1032eb6686881f8c0dcc01bda468f1d2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsAssignIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_customDefaultsAssignIn.js","sha256": "ab79963aa13e9c8ec3621998637839d6376d14a9b4f64646b2bcd3349b4cdc80","sha1": "3cfaa6d8045c1f0217366218ad4340b50de5ceef","md5": "1032eb6686881f8c0dcc01bda468f1d2"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_customDefaultsMerge.js","md5": "bbdd98223da8ee6557d2b9f0ed19de00","sha1": "9378ba434e10108ffac43ded9d6d28e32fac527e","sha256": "28533a8709810d366c1792ae88799e8ef77165daf2c730d8e354c4905b4b1976","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_customDefaultsMerge.js","sha256": "28533a8709810d366c1792ae88799e8ef77165daf2c730d8e354c4905b4b1976","sha1": "9378ba434e10108ffac43ded9d6d28e32fac527e","md5": "bbdd98223da8ee6557d2b9f0ed19de00"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_customDefaultsMerge.js","sha256": "28533a8709810d366c1792ae88799e8ef77165daf2c730d8e354c4905b4b1976","sha1": "9378ba434e10108ffac43ded9d6d28e32fac527e","md5": "bbdd98223da8ee6557d2b9f0ed19de00"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customDefaultsMerge.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_customDefaultsMerge.js","sha256": "28533a8709810d366c1792ae88799e8ef77165daf2c730d8e354c4905b4b1976","sha1": "9378ba434e10108ffac43ded9d6d28e32fac527e","md5": "bbdd98223da8ee6557d2b9f0ed19de00"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customOmitClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_customOmitClone.js","md5": "7015c84165016d13bcc10e8c594fecb7","sha1": "2bf571311b6785fd53ae57ec710ed05ebad80ab7","sha256": "c3635eb6c74a9b523cebd93c46f3e8c816ffafb613aa9774cce2714b60aca630","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customOmitClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_customOmitClone.js","sha256": "c3635eb6c74a9b523cebd93c46f3e8c816ffafb613aa9774cce2714b60aca630","sha1": "2bf571311b6785fd53ae57ec710ed05ebad80ab7","md5": "7015c84165016d13bcc10e8c594fecb7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customOmitClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_customOmitClone.js","sha256": "c3635eb6c74a9b523cebd93c46f3e8c816ffafb613aa9774cce2714b60aca630","sha1": "2bf571311b6785fd53ae57ec710ed05ebad80ab7","md5": "7015c84165016d13bcc10e8c594fecb7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _customOmitClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_customOmitClone.js","sha256": "c3635eb6c74a9b523cebd93c46f3e8c816ffafb613aa9774cce2714b60aca630","sha1": "2bf571311b6785fd53ae57ec710ed05ebad80ab7","md5": "7015c84165016d13bcc10e8c594fecb7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _deburrLetter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_deburrLetter.js","md5": "1490f195d8081b30dbd4e9e5805f2008","sha1": "65de6e749f5e37659ce5798a558a9aa1b50bec5c","sha256": "e06612542bac3757e781d4afa5f03ce59be787cc15b518c8f462c39b0c8a4c59","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _deburrLetter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_deburrLetter.js","sha256": "e06612542bac3757e781d4afa5f03ce59be787cc15b518c8f462c39b0c8a4c59","sha1": "65de6e749f5e37659ce5798a558a9aa1b50bec5c","md5": "1490f195d8081b30dbd4e9e5805f2008"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _deburrLetter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_deburrLetter.js","sha256": "e06612542bac3757e781d4afa5f03ce59be787cc15b518c8f462c39b0c8a4c59","sha1": "65de6e749f5e37659ce5798a558a9aa1b50bec5c","md5": "1490f195d8081b30dbd4e9e5805f2008"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _deburrLetter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_deburrLetter.js","sha256": "e06612542bac3757e781d4afa5f03ce59be787cc15b518c8f462c39b0c8a4c59","sha1": "65de6e749f5e37659ce5798a558a9aa1b50bec5c","md5": "1490f195d8081b30dbd4e9e5805f2008"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _defineProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_defineProperty.js","md5": "f0313b22a33f741623d067525035f306","sha1": "308f9b9c0f8822351b71d5801be25a8326bc5584","sha256": "d026cc53aafed14ab5822904f68340e19fa7009f48f055dc4ebb092d6b89921d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _defineProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_defineProperty.js","sha256": "d026cc53aafed14ab5822904f68340e19fa7009f48f055dc4ebb092d6b89921d","sha1": "308f9b9c0f8822351b71d5801be25a8326bc5584","md5": "f0313b22a33f741623d067525035f306"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _defineProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_defineProperty.js","sha256": "d026cc53aafed14ab5822904f68340e19fa7009f48f055dc4ebb092d6b89921d","sha1": "308f9b9c0f8822351b71d5801be25a8326bc5584","md5": "f0313b22a33f741623d067525035f306"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _defineProperty.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_defineProperty.js","sha256": "d026cc53aafed14ab5822904f68340e19fa7009f48f055dc4ebb092d6b89921d","sha1": "308f9b9c0f8822351b71d5801be25a8326bc5584","md5": "f0313b22a33f741623d067525035f306"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalArrays.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_equalArrays.js","md5": "92cf89178e800db5da418dbb00fdfa07","sha1": "2bd3ee654a8cb47bcc9c3568bf32fdb2df190664","sha256": "a576f374229485f9235ad45f9d731166aa5f909481267d6c127f529d6e572c82","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalArrays.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_equalArrays.js","sha256": "a576f374229485f9235ad45f9d731166aa5f909481267d6c127f529d6e572c82","sha1": "2bd3ee654a8cb47bcc9c3568bf32fdb2df190664","md5": "92cf89178e800db5da418dbb00fdfa07"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalArrays.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_equalArrays.js","sha256": "a576f374229485f9235ad45f9d731166aa5f909481267d6c127f529d6e572c82","sha1": "2bd3ee654a8cb47bcc9c3568bf32fdb2df190664","md5": "92cf89178e800db5da418dbb00fdfa07"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalArrays.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_equalArrays.js","sha256": "a576f374229485f9235ad45f9d731166aa5f909481267d6c127f529d6e572c82","sha1": "2bd3ee654a8cb47bcc9c3568bf32fdb2df190664","md5": "92cf89178e800db5da418dbb00fdfa07"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_equalByTag.js","md5": "3842720c2ccaf5d497f1ed750bde933a","sha1": "bd57ba1568c522e436bd1af7ec860bcb1e274b85","sha256": "e6c76c206c821ac85bb92a08c685dad03d3edf097c122ed8a22aa0449170c672","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_equalByTag.js","sha256": "e6c76c206c821ac85bb92a08c685dad03d3edf097c122ed8a22aa0449170c672","sha1": "bd57ba1568c522e436bd1af7ec860bcb1e274b85","md5": "3842720c2ccaf5d497f1ed750bde933a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_equalByTag.js","sha256": "e6c76c206c821ac85bb92a08c685dad03d3edf097c122ed8a22aa0449170c672","sha1": "bd57ba1568c522e436bd1af7ec860bcb1e274b85","md5": "3842720c2ccaf5d497f1ed750bde933a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_equalByTag.js","sha256": "e6c76c206c821ac85bb92a08c685dad03d3edf097c122ed8a22aa0449170c672","sha1": "bd57ba1568c522e436bd1af7ec860bcb1e274b85","md5": "3842720c2ccaf5d497f1ed750bde933a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalObjects.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_equalObjects.js","md5": "dc7b1a7216ca87bf08e88779092fdb9e","sha1": "267d67abe7ca499dc800e2a45aa4adcb9aa9a9bb","sha256": "ba4f279d6263aa41101bda461def6c10bf188feead52461af199011d48294343","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalObjects.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_equalObjects.js","sha256": "ba4f279d6263aa41101bda461def6c10bf188feead52461af199011d48294343","sha1": "267d67abe7ca499dc800e2a45aa4adcb9aa9a9bb","md5": "dc7b1a7216ca87bf08e88779092fdb9e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalObjects.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_equalObjects.js","sha256": "ba4f279d6263aa41101bda461def6c10bf188feead52461af199011d48294343","sha1": "267d67abe7ca499dc800e2a45aa4adcb9aa9a9bb","md5": "dc7b1a7216ca87bf08e88779092fdb9e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _equalObjects.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_equalObjects.js","sha256": "ba4f279d6263aa41101bda461def6c10bf188feead52461af199011d48294343","sha1": "267d67abe7ca499dc800e2a45aa4adcb9aa9a9bb","md5": "dc7b1a7216ca87bf08e88779092fdb9e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_escapeHtmlChar.js","md5": "fd91d45ca3c92d3fa5ee9531308fc179","sha1": "d1da9dd2828cdd0071b82ffea56eab694bafbe37","sha256": "8794b39eb350adb7277e1ee6403673ee5e85363405d3611d239c3cf670d7ad84","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_escapeHtmlChar.js","sha256": "8794b39eb350adb7277e1ee6403673ee5e85363405d3611d239c3cf670d7ad84","sha1": "d1da9dd2828cdd0071b82ffea56eab694bafbe37","md5": "fd91d45ca3c92d3fa5ee9531308fc179"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_escapeHtmlChar.js","sha256": "8794b39eb350adb7277e1ee6403673ee5e85363405d3611d239c3cf670d7ad84","sha1": "d1da9dd2828cdd0071b82ffea56eab694bafbe37","md5": "fd91d45ca3c92d3fa5ee9531308fc179"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_escapeHtmlChar.js","sha256": "8794b39eb350adb7277e1ee6403673ee5e85363405d3611d239c3cf670d7ad84","sha1": "d1da9dd2828cdd0071b82ffea56eab694bafbe37","md5": "fd91d45ca3c92d3fa5ee9531308fc179"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeStringChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_escapeStringChar.js","md5": "3d7aa1a5844d8503b7ad6d0583000d6c","sha1": "d011ca793a93e44d7e6928cced2055ea47f6c39e","sha256": "21b46fca2d2fbda7b708949587456fc5d2a833819a486628ab9fd39104894022","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeStringChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_escapeStringChar.js","sha256": "21b46fca2d2fbda7b708949587456fc5d2a833819a486628ab9fd39104894022","sha1": "d011ca793a93e44d7e6928cced2055ea47f6c39e","md5": "3d7aa1a5844d8503b7ad6d0583000d6c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeStringChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_escapeStringChar.js","sha256": "21b46fca2d2fbda7b708949587456fc5d2a833819a486628ab9fd39104894022","sha1": "d011ca793a93e44d7e6928cced2055ea47f6c39e","md5": "3d7aa1a5844d8503b7ad6d0583000d6c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _escapeStringChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_escapeStringChar.js","sha256": "21b46fca2d2fbda7b708949587456fc5d2a833819a486628ab9fd39104894022","sha1": "d011ca793a93e44d7e6928cced2055ea47f6c39e","md5": "3d7aa1a5844d8503b7ad6d0583000d6c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _evalUrl.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/manipulation\/_evalUrl.js","md5": "00fd5ea2a4dd3baad680de1ba9a8c15f","sha1": "486b40a92e020138489c787b70771ffbd0a085c6","sha256": "c6d9d8e332e8439444f1096749d9852a15ecab199a65b208ea1b7dda9ccacd8e","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _falseOptions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/_falseOptions.js","md5": "36edfda9832c42536e194af3c41513f4","sha1": "ad9c0db1f5df98f88d63bd70d729417a7eab2adf","sha256": "f2415d2f5c437694bc55d31132cb866abc0b5aae349e0673dfd6924ff281d9a7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _falseOptions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/_falseOptions.js","sha256": "f2415d2f5c437694bc55d31132cb866abc0b5aae349e0673dfd6924ff281d9a7","sha1": "ad9c0db1f5df98f88d63bd70d729417a7eab2adf","md5": "36edfda9832c42536e194af3c41513f4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _falseOptions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/_falseOptions.js","sha256": "f2415d2f5c437694bc55d31132cb866abc0b5aae349e0673dfd6924ff281d9a7","sha1": "ad9c0db1f5df98f88d63bd70d729417a7eab2adf","md5": "36edfda9832c42536e194af3c41513f4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _falseOptions.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/_falseOptions.js","sha256": "f2415d2f5c437694bc55d31132cb866abc0b5aae349e0673dfd6924ff281d9a7","sha1": "ad9c0db1f5df98f88d63bd70d729417a7eab2adf","md5": "36edfda9832c42536e194af3c41513f4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _flatRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_flatRest.js","md5": "1000d22a2adcad2a1675c82869a8e609","sha1": "1a96086a9a21bff7890036498a1e161fe7955194","sha256": "e3a9f736f99fb31cf6f30b601aa833cf8773503ff2444f3c09d09df16bb07b6e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _flatRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_flatRest.js","sha256": "e3a9f736f99fb31cf6f30b601aa833cf8773503ff2444f3c09d09df16bb07b6e","sha1": "1a96086a9a21bff7890036498a1e161fe7955194","md5": "1000d22a2adcad2a1675c82869a8e609"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _flatRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_flatRest.js","sha256": "e3a9f736f99fb31cf6f30b601aa833cf8773503ff2444f3c09d09df16bb07b6e","sha1": "1a96086a9a21bff7890036498a1e161fe7955194","md5": "1000d22a2adcad2a1675c82869a8e609"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _flatRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_flatRest.js","sha256": "e3a9f736f99fb31cf6f30b601aa833cf8773503ff2444f3c09d09df16bb07b6e","sha1": "1a96086a9a21bff7890036498a1e161fe7955194","md5": "1000d22a2adcad2a1675c82869a8e609"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _freeGlobal.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_freeGlobal.js","md5": "9478ddab8e8d869279ad5f823fcd884c","sha1": "df0709e144040efc52114c69b7977ab04f3a799d","sha256": "7931bf414180bc20cf56337b5a33e6767501b6c7f537e9bb9e79f0f6e24ca515","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _freeGlobal.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_freeGlobal.js","sha256": "7931bf414180bc20cf56337b5a33e6767501b6c7f537e9bb9e79f0f6e24ca515","sha1": "df0709e144040efc52114c69b7977ab04f3a799d","md5": "9478ddab8e8d869279ad5f823fcd884c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _freeGlobal.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_freeGlobal.js","sha256": "7931bf414180bc20cf56337b5a33e6767501b6c7f537e9bb9e79f0f6e24ca515","sha1": "df0709e144040efc52114c69b7977ab04f3a799d","md5": "9478ddab8e8d869279ad5f823fcd884c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _freeGlobal.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_freeGlobal.js","sha256": "7931bf414180bc20cf56337b5a33e6767501b6c7f537e9bb9e79f0f6e24ca515","sha1": "df0709e144040efc52114c69b7977ab04f3a799d","md5": "9478ddab8e8d869279ad5f823fcd884c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getAllKeys.js","md5": "7b5dddb25c4b0cd3900ebea90139e507","sha1": "9fcb354c326cd308df841e6846d506165842f9a3","sha256": "dc961385c7416bac45b8c2c424071f22aeb196906c37e455eefa618b12313453","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getAllKeys.js","sha256": "dc961385c7416bac45b8c2c424071f22aeb196906c37e455eefa618b12313453","sha1": "9fcb354c326cd308df841e6846d506165842f9a3","md5": "7b5dddb25c4b0cd3900ebea90139e507"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getAllKeys.js","sha256": "dc961385c7416bac45b8c2c424071f22aeb196906c37e455eefa618b12313453","sha1": "9fcb354c326cd308df841e6846d506165842f9a3","md5": "7b5dddb25c4b0cd3900ebea90139e507"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getAllKeys.js","sha256": "dc961385c7416bac45b8c2c424071f22aeb196906c37e455eefa618b12313453","sha1": "9fcb354c326cd308df841e6846d506165842f9a3","md5": "7b5dddb25c4b0cd3900ebea90139e507"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getAllKeysIn.js","md5": "b5e68ac8c96bf95727790d047541e8ac","sha1": "4c08d556179109df462c2ffdecef2d6486315062","sha256": "70d86c863fd3916c6a9ad06fd2e79d223ffdc14a9774b45a9a53fbf91bd2a2f2","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getAllKeysIn.js","sha256": "70d86c863fd3916c6a9ad06fd2e79d223ffdc14a9774b45a9a53fbf91bd2a2f2","sha1": "4c08d556179109df462c2ffdecef2d6486315062","md5": "b5e68ac8c96bf95727790d047541e8ac"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getAllKeysIn.js","sha256": "70d86c863fd3916c6a9ad06fd2e79d223ffdc14a9774b45a9a53fbf91bd2a2f2","sha1": "4c08d556179109df462c2ffdecef2d6486315062","md5": "b5e68ac8c96bf95727790d047541e8ac"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getAllKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getAllKeysIn.js","sha256": "70d86c863fd3916c6a9ad06fd2e79d223ffdc14a9774b45a9a53fbf91bd2a2f2","sha1": "4c08d556179109df462c2ffdecef2d6486315062","md5": "b5e68ac8c96bf95727790d047541e8ac"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getData.js","md5": "85343cfcd9f95e91841434a95b5bb86d","sha1": "2fea3c244fa4625b978cea63124835c16aefe660","sha256": "2e22b4a76a67c842b440b11b16c660d44072f04a60aff321bb13137099d73027","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getData.js","sha256": "2e22b4a76a67c842b440b11b16c660d44072f04a60aff321bb13137099d73027","sha1": "2fea3c244fa4625b978cea63124835c16aefe660","md5": "85343cfcd9f95e91841434a95b5bb86d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getData.js","sha256": "2e22b4a76a67c842b440b11b16c660d44072f04a60aff321bb13137099d73027","sha1": "2fea3c244fa4625b978cea63124835c16aefe660","md5": "85343cfcd9f95e91841434a95b5bb86d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getData.js","sha256": "2e22b4a76a67c842b440b11b16c660d44072f04a60aff321bb13137099d73027","sha1": "2fea3c244fa4625b978cea63124835c16aefe660","md5": "85343cfcd9f95e91841434a95b5bb86d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getFuncName.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getFuncName.js","md5": "b45b572289861acdbdb6da376ab24a85","sha1": "dd42afbc814c94e5bdd2fbef652efb7801403f6e","sha256": "4d2f7fa3a9b1065f3ae97f9754c9734dab0355a075ba5e9d77ced870981cb666","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getFuncName.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getFuncName.js","sha256": "4d2f7fa3a9b1065f3ae97f9754c9734dab0355a075ba5e9d77ced870981cb666","sha1": "dd42afbc814c94e5bdd2fbef652efb7801403f6e","md5": "b45b572289861acdbdb6da376ab24a85"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getFuncName.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getFuncName.js","sha256": "4d2f7fa3a9b1065f3ae97f9754c9734dab0355a075ba5e9d77ced870981cb666","sha1": "dd42afbc814c94e5bdd2fbef652efb7801403f6e","md5": "b45b572289861acdbdb6da376ab24a85"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getFuncName.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getFuncName.js","sha256": "4d2f7fa3a9b1065f3ae97f9754c9734dab0355a075ba5e9d77ced870981cb666","sha1": "dd42afbc814c94e5bdd2fbef652efb7801403f6e","md5": "b45b572289861acdbdb6da376ab24a85"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getHolder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getHolder.js","md5": "1cb5f228f258878d462e57bbb579686c","sha1": "86951aac23219e1a51267bf5fd7a38da110c877b","sha256": "7d951bdcd4db2dc26b915883df44ef62377b069f8583959778e6fa08d2455db3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getHolder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getHolder.js","sha256": "7d951bdcd4db2dc26b915883df44ef62377b069f8583959778e6fa08d2455db3","sha1": "86951aac23219e1a51267bf5fd7a38da110c877b","md5": "1cb5f228f258878d462e57bbb579686c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getHolder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getHolder.js","sha256": "7d951bdcd4db2dc26b915883df44ef62377b069f8583959778e6fa08d2455db3","sha1": "86951aac23219e1a51267bf5fd7a38da110c877b","md5": "1cb5f228f258878d462e57bbb579686c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getHolder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getHolder.js","sha256": "7d951bdcd4db2dc26b915883df44ef62377b069f8583959778e6fa08d2455db3","sha1": "86951aac23219e1a51267bf5fd7a38da110c877b","md5": "1cb5f228f258878d462e57bbb579686c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMapData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getMapData.js","md5": "ef89da875cff62394930fff7e1c7b72b","sha1": "f8986a4db2b55203a3237e5472a4620816306331","sha256": "65d78bb9d058f742fae2416c00840b3f40e87a6b2155d4b2ab83b8d1c48c296a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMapData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getMapData.js","sha256": "65d78bb9d058f742fae2416c00840b3f40e87a6b2155d4b2ab83b8d1c48c296a","sha1": "f8986a4db2b55203a3237e5472a4620816306331","md5": "ef89da875cff62394930fff7e1c7b72b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMapData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getMapData.js","sha256": "65d78bb9d058f742fae2416c00840b3f40e87a6b2155d4b2ab83b8d1c48c296a","sha1": "f8986a4db2b55203a3237e5472a4620816306331","md5": "ef89da875cff62394930fff7e1c7b72b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMapData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getMapData.js","sha256": "65d78bb9d058f742fae2416c00840b3f40e87a6b2155d4b2ab83b8d1c48c296a","sha1": "f8986a4db2b55203a3237e5472a4620816306331","md5": "ef89da875cff62394930fff7e1c7b72b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMatchData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getMatchData.js","md5": "29182ea18868357ab0e3ab371af8d270","sha1": "221908980050132b19c79c53c1b7d78ef5b93d59","sha256": "4333bb2857a95fd4b676a9db2aa82d05ccf5f6f50f9d44b104886ea137700286","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMatchData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getMatchData.js","sha256": "4333bb2857a95fd4b676a9db2aa82d05ccf5f6f50f9d44b104886ea137700286","sha1": "221908980050132b19c79c53c1b7d78ef5b93d59","md5": "29182ea18868357ab0e3ab371af8d270"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMatchData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getMatchData.js","sha256": "4333bb2857a95fd4b676a9db2aa82d05ccf5f6f50f9d44b104886ea137700286","sha1": "221908980050132b19c79c53c1b7d78ef5b93d59","md5": "29182ea18868357ab0e3ab371af8d270"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getMatchData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getMatchData.js","sha256": "4333bb2857a95fd4b676a9db2aa82d05ccf5f6f50f9d44b104886ea137700286","sha1": "221908980050132b19c79c53c1b7d78ef5b93d59","md5": "29182ea18868357ab0e3ab371af8d270"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getNative.js","md5": "44b91452619202eb918ebc542f99e17f","sha1": "a3c1a7f525a79c6216c2bd72810ccb1d8afefd9a","sha256": "7392e38f4cb3cd6e1d3e3f89a26619cf89968382e0ed72a45d52e527aec0b1d9","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getNative.js","sha256": "7392e38f4cb3cd6e1d3e3f89a26619cf89968382e0ed72a45d52e527aec0b1d9","sha1": "a3c1a7f525a79c6216c2bd72810ccb1d8afefd9a","md5": "44b91452619202eb918ebc542f99e17f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getNative.js","sha256": "7392e38f4cb3cd6e1d3e3f89a26619cf89968382e0ed72a45d52e527aec0b1d9","sha1": "a3c1a7f525a79c6216c2bd72810ccb1d8afefd9a","md5": "44b91452619202eb918ebc542f99e17f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getNative.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getNative.js","sha256": "7392e38f4cb3cd6e1d3e3f89a26619cf89968382e0ed72a45d52e527aec0b1d9","sha1": "a3c1a7f525a79c6216c2bd72810ccb1d8afefd9a","md5": "44b91452619202eb918ebc542f99e17f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getPrototype.js","md5": "419a6be535b88eb59069b3ac6b3d6a79","sha1": "150397078aa95ac1ace14e9547b7c28eba508353","sha256": "8beda7e5198f970fd49f0e0b1bd5256e13af516f45c190ea45104bcd3c4b1517","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getPrototype.js","sha256": "8beda7e5198f970fd49f0e0b1bd5256e13af516f45c190ea45104bcd3c4b1517","sha1": "150397078aa95ac1ace14e9547b7c28eba508353","md5": "419a6be535b88eb59069b3ac6b3d6a79"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getPrototype.js","sha256": "8beda7e5198f970fd49f0e0b1bd5256e13af516f45c190ea45104bcd3c4b1517","sha1": "150397078aa95ac1ace14e9547b7c28eba508353","md5": "419a6be535b88eb59069b3ac6b3d6a79"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getPrototype.js","sha256": "8beda7e5198f970fd49f0e0b1bd5256e13af516f45c190ea45104bcd3c4b1517","sha1": "150397078aa95ac1ace14e9547b7c28eba508353","md5": "419a6be535b88eb59069b3ac6b3d6a79"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getRawTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getRawTag.js","md5": "bfa860d23fab6d710f933eafe1cb68bb","sha1": "08573f8b464cf110d0873d475890f499a9620d80","sha256": "3142fd97f89816f65a1b5bd17931f70c12fd9714d455c28cac4b91491901c713","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getRawTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getRawTag.js","sha256": "3142fd97f89816f65a1b5bd17931f70c12fd9714d455c28cac4b91491901c713","sha1": "08573f8b464cf110d0873d475890f499a9620d80","md5": "bfa860d23fab6d710f933eafe1cb68bb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getRawTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getRawTag.js","sha256": "3142fd97f89816f65a1b5bd17931f70c12fd9714d455c28cac4b91491901c713","sha1": "08573f8b464cf110d0873d475890f499a9620d80","md5": "bfa860d23fab6d710f933eafe1cb68bb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getRawTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getRawTag.js","sha256": "3142fd97f89816f65a1b5bd17931f70c12fd9714d455c28cac4b91491901c713","sha1": "08573f8b464cf110d0873d475890f499a9620d80","md5": "bfa860d23fab6d710f933eafe1cb68bb"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getSymbols.js","md5": "2d4cb887f5c60ec3291ae36420cacfd0","sha1": "1c87ed98ef573b41c8a015c15857a0991603eaa6","sha256": "3e850bf36c7ce747eef141dfcd98f0942b030215cb94c0be7a6a08c98a958e5e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getSymbols.js","sha256": "3e850bf36c7ce747eef141dfcd98f0942b030215cb94c0be7a6a08c98a958e5e","sha1": "1c87ed98ef573b41c8a015c15857a0991603eaa6","md5": "2d4cb887f5c60ec3291ae36420cacfd0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getSymbols.js","sha256": "3e850bf36c7ce747eef141dfcd98f0942b030215cb94c0be7a6a08c98a958e5e","sha1": "1c87ed98ef573b41c8a015c15857a0991603eaa6","md5": "2d4cb887f5c60ec3291ae36420cacfd0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbols.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getSymbols.js","sha256": "3e850bf36c7ce747eef141dfcd98f0942b030215cb94c0be7a6a08c98a958e5e","sha1": "1c87ed98ef573b41c8a015c15857a0991603eaa6","md5": "2d4cb887f5c60ec3291ae36420cacfd0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getSymbolsIn.js","md5": "7f927fa010392af47b32d867b2fa3fdc","sha1": "0bae489598ad76c4f2faaf33bcc1b3bf34e4772b","sha256": "35cede8008aa104552d51e6bb96874b32f792fde7b2364661662173095bf3720","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getSymbolsIn.js","sha256": "35cede8008aa104552d51e6bb96874b32f792fde7b2364661662173095bf3720","sha1": "0bae489598ad76c4f2faaf33bcc1b3bf34e4772b","md5": "7f927fa010392af47b32d867b2fa3fdc"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getSymbolsIn.js","sha256": "35cede8008aa104552d51e6bb96874b32f792fde7b2364661662173095bf3720","sha1": "0bae489598ad76c4f2faaf33bcc1b3bf34e4772b","md5": "7f927fa010392af47b32d867b2fa3fdc"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getSymbolsIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getSymbolsIn.js","sha256": "35cede8008aa104552d51e6bb96874b32f792fde7b2364661662173095bf3720","sha1": "0bae489598ad76c4f2faaf33bcc1b3bf34e4772b","md5": "7f927fa010392af47b32d867b2fa3fdc"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getTag.js","md5": "f33e41fa154f6df10a1ac9ffa53b3d04","sha1": "e74c13874eca982f0fd30b1e35dd05e0664c6af3","sha256": "ad94aaa26724c5e331f0810ae9d4069929d5ee7c7b18e51a5e7e0f629bd3ffd3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getTag.js","sha256": "ad94aaa26724c5e331f0810ae9d4069929d5ee7c7b18e51a5e7e0f629bd3ffd3","sha1": "e74c13874eca982f0fd30b1e35dd05e0664c6af3","md5": "f33e41fa154f6df10a1ac9ffa53b3d04"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getTag.js","sha256": "ad94aaa26724c5e331f0810ae9d4069929d5ee7c7b18e51a5e7e0f629bd3ffd3","sha1": "e74c13874eca982f0fd30b1e35dd05e0664c6af3","md5": "f33e41fa154f6df10a1ac9ffa53b3d04"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getTag.js","sha256": "ad94aaa26724c5e331f0810ae9d4069929d5ee7c7b18e51a5e7e0f629bd3ffd3","sha1": "e74c13874eca982f0fd30b1e35dd05e0664c6af3","md5": "f33e41fa154f6df10a1ac9ffa53b3d04"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getValue.js","md5": "ed9d27c1b50c2986d017c705bbab3408","sha1": "aaeaa4d7600367187650a1ef2d6949e2f788cf76","sha256": "102bb7520adda0718b3953d6af99838244d97aa1697a36f50fc4ab0070350f41","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getValue.js","sha256": "102bb7520adda0718b3953d6af99838244d97aa1697a36f50fc4ab0070350f41","sha1": "aaeaa4d7600367187650a1ef2d6949e2f788cf76","md5": "ed9d27c1b50c2986d017c705bbab3408"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getValue.js","sha256": "102bb7520adda0718b3953d6af99838244d97aa1697a36f50fc4ab0070350f41","sha1": "aaeaa4d7600367187650a1ef2d6949e2f788cf76","md5": "ed9d27c1b50c2986d017c705bbab3408"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getValue.js","sha256": "102bb7520adda0718b3953d6af99838244d97aa1697a36f50fc4ab0070350f41","sha1": "aaeaa4d7600367187650a1ef2d6949e2f788cf76","md5": "ed9d27c1b50c2986d017c705bbab3408"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getView.js","md5": "4de33867d0acf888ba85568380cfc32e","sha1": "3a642a1adfccdac302261e31fadd3918e623d6f6","sha256": "3f978b51e597e9e78149bf5df230052d60f2125dbae544dc7b1e28a098cd7aa0","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getView.js","sha256": "3f978b51e597e9e78149bf5df230052d60f2125dbae544dc7b1e28a098cd7aa0","sha1": "3a642a1adfccdac302261e31fadd3918e623d6f6","md5": "4de33867d0acf888ba85568380cfc32e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getView.js","sha256": "3f978b51e597e9e78149bf5df230052d60f2125dbae544dc7b1e28a098cd7aa0","sha1": "3a642a1adfccdac302261e31fadd3918e623d6f6","md5": "4de33867d0acf888ba85568380cfc32e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getView.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getView.js","sha256": "3f978b51e597e9e78149bf5df230052d60f2125dbae544dc7b1e28a098cd7aa0","sha1": "3a642a1adfccdac302261e31fadd3918e623d6f6","md5": "4de33867d0acf888ba85568380cfc32e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_getWrapDetails.js","md5": "94bd216bf8b402c6ea9b6d82a7ccac23","sha1": "ab6c90ec5be32187a6cfe2c9e798e7d298263dd4","sha256": "37093d5f135f01cc58d4f28fe79fea791f72906e8c61ba674d84a858d8d5a67b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_getWrapDetails.js","sha256": "37093d5f135f01cc58d4f28fe79fea791f72906e8c61ba674d84a858d8d5a67b","sha1": "ab6c90ec5be32187a6cfe2c9e798e7d298263dd4","md5": "94bd216bf8b402c6ea9b6d82a7ccac23"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_getWrapDetails.js","sha256": "37093d5f135f01cc58d4f28fe79fea791f72906e8c61ba674d84a858d8d5a67b","sha1": "ab6c90ec5be32187a6cfe2c9e798e7d298263dd4","md5": "94bd216bf8b402c6ea9b6d82a7ccac23"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _getWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_getWrapDetails.js","sha256": "37093d5f135f01cc58d4f28fe79fea791f72906e8c61ba674d84a858d8d5a67b","sha1": "ab6c90ec5be32187a6cfe2c9e798e7d298263dd4","md5": "94bd216bf8b402c6ea9b6d82a7ccac23"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hasPath.js","md5": "34dff0fae6499058602612a6c3f8a7d9","sha1": "f300ab1b5c17494a458e38d10eb815f5c1c95b76","sha256": "1fd75d39690b3d1b8562af1fc1312fd2cfd1673a62668e9797c0c1057b406432","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hasPath.js","sha256": "1fd75d39690b3d1b8562af1fc1312fd2cfd1673a62668e9797c0c1057b406432","sha1": "f300ab1b5c17494a458e38d10eb815f5c1c95b76","md5": "34dff0fae6499058602612a6c3f8a7d9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hasPath.js","sha256": "1fd75d39690b3d1b8562af1fc1312fd2cfd1673a62668e9797c0c1057b406432","sha1": "f300ab1b5c17494a458e38d10eb815f5c1c95b76","md5": "34dff0fae6499058602612a6c3f8a7d9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hasPath.js","sha256": "1fd75d39690b3d1b8562af1fc1312fd2cfd1673a62668e9797c0c1057b406432","sha1": "f300ab1b5c17494a458e38d10eb815f5c1c95b76","md5": "34dff0fae6499058602612a6c3f8a7d9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicode.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hasUnicode.js","md5": "d4a554e4973024e90d4e20ce7c084460","sha1": "2ead86c95243b0dac220736e198e0a14e68c2982","sha256": "a2ed37159b293c0a543cd0ad35f3b7154039f0f004b1e3ea505a0e1515e208d3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicode.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hasUnicode.js","sha256": "a2ed37159b293c0a543cd0ad35f3b7154039f0f004b1e3ea505a0e1515e208d3","sha1": "2ead86c95243b0dac220736e198e0a14e68c2982","md5": "d4a554e4973024e90d4e20ce7c084460"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicode.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hasUnicode.js","sha256": "a2ed37159b293c0a543cd0ad35f3b7154039f0f004b1e3ea505a0e1515e208d3","sha1": "2ead86c95243b0dac220736e198e0a14e68c2982","md5": "d4a554e4973024e90d4e20ce7c084460"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicode.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hasUnicode.js","sha256": "a2ed37159b293c0a543cd0ad35f3b7154039f0f004b1e3ea505a0e1515e208d3","sha1": "2ead86c95243b0dac220736e198e0a14e68c2982","md5": "d4a554e4973024e90d4e20ce7c084460"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicodeWord.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hasUnicodeWord.js","md5": "a5d27a529bb979a1c0a888d9b4a45e2d","sha1": "96f0a2876411b1fba3916ad58533f2dbc6970256","sha256": "89ed9fac3f97e188633a2c63a5528282ef73028fef5fc3e6e9a9e9e1cc6cc3a1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicodeWord.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hasUnicodeWord.js","sha256": "89ed9fac3f97e188633a2c63a5528282ef73028fef5fc3e6e9a9e9e1cc6cc3a1","sha1": "96f0a2876411b1fba3916ad58533f2dbc6970256","md5": "a5d27a529bb979a1c0a888d9b4a45e2d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicodeWord.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hasUnicodeWord.js","sha256": "89ed9fac3f97e188633a2c63a5528282ef73028fef5fc3e6e9a9e9e1cc6cc3a1","sha1": "96f0a2876411b1fba3916ad58533f2dbc6970256","md5": "a5d27a529bb979a1c0a888d9b4a45e2d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hasUnicodeWord.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hasUnicodeWord.js","sha256": "89ed9fac3f97e188633a2c63a5528282ef73028fef5fc3e6e9a9e9e1cc6cc3a1","sha1": "96f0a2876411b1fba3916ad58533f2dbc6970256","md5": "a5d27a529bb979a1c0a888d9b4a45e2d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hashClear.js","md5": "0749dca1c6940a4552e64d776986c803","sha1": "7a6f43944d3ff13552dcbe9ceb972ae5a83e8b1b","sha256": "d9f799f614605335bc0e3c3426ba84ec50bc188ddbac97fcf5ed810325c537f9","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hashClear.js","sha256": "d9f799f614605335bc0e3c3426ba84ec50bc188ddbac97fcf5ed810325c537f9","sha1": "7a6f43944d3ff13552dcbe9ceb972ae5a83e8b1b","md5": "0749dca1c6940a4552e64d776986c803"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hashClear.js","sha256": "d9f799f614605335bc0e3c3426ba84ec50bc188ddbac97fcf5ed810325c537f9","sha1": "7a6f43944d3ff13552dcbe9ceb972ae5a83e8b1b","md5": "0749dca1c6940a4552e64d776986c803"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hashClear.js","sha256": "d9f799f614605335bc0e3c3426ba84ec50bc188ddbac97fcf5ed810325c537f9","sha1": "7a6f43944d3ff13552dcbe9ceb972ae5a83e8b1b","md5": "0749dca1c6940a4552e64d776986c803"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hashDelete.js","md5": "2ccbb11335093afc570a500d0b18d737","sha1": "5b552f18bab9b54a3192e193d44188e1656556d8","sha256": "0a65708c8770e0e34e81f53289a31394a77b2789e3ca7586a425223a24c0b3b4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hashDelete.js","sha256": "0a65708c8770e0e34e81f53289a31394a77b2789e3ca7586a425223a24c0b3b4","sha1": "5b552f18bab9b54a3192e193d44188e1656556d8","md5": "2ccbb11335093afc570a500d0b18d737"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hashDelete.js","sha256": "0a65708c8770e0e34e81f53289a31394a77b2789e3ca7586a425223a24c0b3b4","sha1": "5b552f18bab9b54a3192e193d44188e1656556d8","md5": "2ccbb11335093afc570a500d0b18d737"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hashDelete.js","sha256": "0a65708c8770e0e34e81f53289a31394a77b2789e3ca7586a425223a24c0b3b4","sha1": "5b552f18bab9b54a3192e193d44188e1656556d8","md5": "2ccbb11335093afc570a500d0b18d737"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hashGet.js","md5": "8c10268775312ae389b808aa99ce8614","sha1": "5645b9091466891d4c892c6b3bd220ebbd3a3d00","sha256": "75cd024791ae12ec88871c24c82c23ca80505dd8370958ddc022e0d9efaedcae","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hashGet.js","sha256": "75cd024791ae12ec88871c24c82c23ca80505dd8370958ddc022e0d9efaedcae","sha1": "5645b9091466891d4c892c6b3bd220ebbd3a3d00","md5": "8c10268775312ae389b808aa99ce8614"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hashGet.js","sha256": "75cd024791ae12ec88871c24c82c23ca80505dd8370958ddc022e0d9efaedcae","sha1": "5645b9091466891d4c892c6b3bd220ebbd3a3d00","md5": "8c10268775312ae389b808aa99ce8614"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hashGet.js","sha256": "75cd024791ae12ec88871c24c82c23ca80505dd8370958ddc022e0d9efaedcae","sha1": "5645b9091466891d4c892c6b3bd220ebbd3a3d00","md5": "8c10268775312ae389b808aa99ce8614"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hashHas.js","md5": "6947e6fc1ae897767de84406ef16d63b","sha1": "aec7a8cd442a620d0073260ab7dc03960f6c85c5","sha256": "7ebef49fb1f8bca1c1710a045c4a4e52d0c34cbe547a95a18e2c02e7cfddebdd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hashHas.js","sha256": "7ebef49fb1f8bca1c1710a045c4a4e52d0c34cbe547a95a18e2c02e7cfddebdd","sha1": "aec7a8cd442a620d0073260ab7dc03960f6c85c5","md5": "6947e6fc1ae897767de84406ef16d63b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hashHas.js","sha256": "7ebef49fb1f8bca1c1710a045c4a4e52d0c34cbe547a95a18e2c02e7cfddebdd","sha1": "aec7a8cd442a620d0073260ab7dc03960f6c85c5","md5": "6947e6fc1ae897767de84406ef16d63b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hashHas.js","sha256": "7ebef49fb1f8bca1c1710a045c4a4e52d0c34cbe547a95a18e2c02e7cfddebdd","sha1": "aec7a8cd442a620d0073260ab7dc03960f6c85c5","md5": "6947e6fc1ae897767de84406ef16d63b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_hashSet.js","md5": "6abdb69c250e1c1596d28e1cfc21b67d","sha1": "13d89d46c86111ca9941d0c35c29a84b2fb97a87","sha256": "180372f66c983a5f424145fa1e2fb0d7d3ad9cc4249e2489c203cadc0e0456cc","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_hashSet.js","sha256": "180372f66c983a5f424145fa1e2fb0d7d3ad9cc4249e2489c203cadc0e0456cc","sha1": "13d89d46c86111ca9941d0c35c29a84b2fb97a87","md5": "6abdb69c250e1c1596d28e1cfc21b67d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_hashSet.js","sha256": "180372f66c983a5f424145fa1e2fb0d7d3ad9cc4249e2489c203cadc0e0456cc","sha1": "13d89d46c86111ca9941d0c35c29a84b2fb97a87","md5": "6abdb69c250e1c1596d28e1cfc21b67d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _hashSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_hashSet.js","sha256": "180372f66c983a5f424145fa1e2fb0d7d3ad9cc4249e2489c203cadc0e0456cc","sha1": "13d89d46c86111ca9941d0c35c29a84b2fb97a87","md5": "6abdb69c250e1c1596d28e1cfc21b67d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_initCloneArray.js","md5": "afc153374454e5c69907a3ec4cf4a469","sha1": "7385f50c6d9fd89db402b725dfcd5b0d6b314c55","sha256": "73ba23f0f5b13e152415d5bd3a1855a686e4c57424bbdfe1dd8189d5d19877a5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_initCloneArray.js","sha256": "73ba23f0f5b13e152415d5bd3a1855a686e4c57424bbdfe1dd8189d5d19877a5","sha1": "7385f50c6d9fd89db402b725dfcd5b0d6b314c55","md5": "afc153374454e5c69907a3ec4cf4a469"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_initCloneArray.js","sha256": "73ba23f0f5b13e152415d5bd3a1855a686e4c57424bbdfe1dd8189d5d19877a5","sha1": "7385f50c6d9fd89db402b725dfcd5b0d6b314c55","md5": "afc153374454e5c69907a3ec4cf4a469"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_initCloneArray.js","sha256": "73ba23f0f5b13e152415d5bd3a1855a686e4c57424bbdfe1dd8189d5d19877a5","sha1": "7385f50c6d9fd89db402b725dfcd5b0d6b314c55","md5": "afc153374454e5c69907a3ec4cf4a469"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_initCloneByTag.js","md5": "0a7d68cc85a92133b6081d14c337dd2e","sha1": "a38217b57e875466ed7d07578884c51a4e318560","sha256": "2552b396fa46955713dde74e78d1711b582d82d0c6f044590443d88ce9218465","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_initCloneByTag.js","sha256": "2552b396fa46955713dde74e78d1711b582d82d0c6f044590443d88ce9218465","sha1": "a38217b57e875466ed7d07578884c51a4e318560","md5": "0a7d68cc85a92133b6081d14c337dd2e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_initCloneByTag.js","sha256": "2552b396fa46955713dde74e78d1711b582d82d0c6f044590443d88ce9218465","sha1": "a38217b57e875466ed7d07578884c51a4e318560","md5": "0a7d68cc85a92133b6081d14c337dd2e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneByTag.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_initCloneByTag.js","sha256": "2552b396fa46955713dde74e78d1711b582d82d0c6f044590443d88ce9218465","sha1": "a38217b57e875466ed7d07578884c51a4e318560","md5": "0a7d68cc85a92133b6081d14c337dd2e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_initCloneObject.js","md5": "00b8196ff9555a8197b796ffb99fd65d","sha1": "f2ee8035eaa7751ff081de5681c6603da177f8f6","sha256": "23aca4a78a9e5ce2eb17fb7ac1b12f57621f1156cee06fc28f9e2ac2d5fd1681","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_initCloneObject.js","sha256": "23aca4a78a9e5ce2eb17fb7ac1b12f57621f1156cee06fc28f9e2ac2d5fd1681","sha1": "f2ee8035eaa7751ff081de5681c6603da177f8f6","md5": "00b8196ff9555a8197b796ffb99fd65d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_initCloneObject.js","sha256": "23aca4a78a9e5ce2eb17fb7ac1b12f57621f1156cee06fc28f9e2ac2d5fd1681","sha1": "f2ee8035eaa7751ff081de5681c6603da177f8f6","md5": "00b8196ff9555a8197b796ffb99fd65d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _initCloneObject.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_initCloneObject.js","sha256": "23aca4a78a9e5ce2eb17fb7ac1b12f57621f1156cee06fc28f9e2ac2d5fd1681","sha1": "f2ee8035eaa7751ff081de5681c6603da177f8f6","md5": "00b8196ff9555a8197b796ffb99fd65d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _insertWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_insertWrapDetails.js","md5": "698e6fdda209334223dd981ff8f2108a","sha1": "07c0c750900d12cf01ff9d99e429c6be76790f4b","sha256": "35f6152473a61cf36f99d584e8d83647e37f286edd29ee21e939ed0a4366c64b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _insertWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_insertWrapDetails.js","sha256": "35f6152473a61cf36f99d584e8d83647e37f286edd29ee21e939ed0a4366c64b","sha1": "07c0c750900d12cf01ff9d99e429c6be76790f4b","md5": "698e6fdda209334223dd981ff8f2108a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _insertWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_insertWrapDetails.js","sha256": "35f6152473a61cf36f99d584e8d83647e37f286edd29ee21e939ed0a4366c64b","sha1": "07c0c750900d12cf01ff9d99e429c6be76790f4b","md5": "698e6fdda209334223dd981ff8f2108a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _insertWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_insertWrapDetails.js","sha256": "35f6152473a61cf36f99d584e8d83647e37f286edd29ee21e939ed0a4366c64b","sha1": "07c0c750900d12cf01ff9d99e429c6be76790f4b","md5": "698e6fdda209334223dd981ff8f2108a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isFlattenable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isFlattenable.js","md5": "b391d8104f23b5ae17188728af2d001c","sha1": "f2cfab82055d2ca693f33a874c57d8250467fc04","sha256": "ec51b977a31a76fe787e46e5ec8dbb757dc0026ea7af82320ae1f1e27da40895","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isFlattenable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isFlattenable.js","sha256": "ec51b977a31a76fe787e46e5ec8dbb757dc0026ea7af82320ae1f1e27da40895","sha1": "f2cfab82055d2ca693f33a874c57d8250467fc04","md5": "b391d8104f23b5ae17188728af2d001c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isFlattenable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isFlattenable.js","sha256": "ec51b977a31a76fe787e46e5ec8dbb757dc0026ea7af82320ae1f1e27da40895","sha1": "f2cfab82055d2ca693f33a874c57d8250467fc04","md5": "b391d8104f23b5ae17188728af2d001c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isFlattenable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isFlattenable.js","sha256": "ec51b977a31a76fe787e46e5ec8dbb757dc0026ea7af82320ae1f1e27da40895","sha1": "f2cfab82055d2ca693f33a874c57d8250467fc04","md5": "b391d8104f23b5ae17188728af2d001c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isIndex.js","md5": "1a99905d3a33311a29cda4996b2f88a0","sha1": "f08242d01da4236214f75e0221fe25c270f46dbf","sha256": "2baf7a241dfa17458e7274d568625c5e95e85cd57341c11c6a9f95531d2b49cd","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isIndex.js","sha256": "2baf7a241dfa17458e7274d568625c5e95e85cd57341c11c6a9f95531d2b49cd","sha1": "f08242d01da4236214f75e0221fe25c270f46dbf","md5": "1a99905d3a33311a29cda4996b2f88a0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isIndex.js","sha256": "2baf7a241dfa17458e7274d568625c5e95e85cd57341c11c6a9f95531d2b49cd","sha1": "f08242d01da4236214f75e0221fe25c270f46dbf","md5": "1a99905d3a33311a29cda4996b2f88a0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isIndex.js","sha256": "2baf7a241dfa17458e7274d568625c5e95e85cd57341c11c6a9f95531d2b49cd","sha1": "f08242d01da4236214f75e0221fe25c270f46dbf","md5": "1a99905d3a33311a29cda4996b2f88a0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIterateeCall.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isIterateeCall.js","md5": "cd11a8c2d4eee420c1a24e7663b65e56","sha1": "8116de0f8e735fb8c0a9d263a369be4b74f5f09c","sha256": "43a63fe192e33cdda10f4c77eb45042381b3a5712e33daabb2fcbf8f1cebfddb","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIterateeCall.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isIterateeCall.js","sha256": "43a63fe192e33cdda10f4c77eb45042381b3a5712e33daabb2fcbf8f1cebfddb","sha1": "8116de0f8e735fb8c0a9d263a369be4b74f5f09c","md5": "cd11a8c2d4eee420c1a24e7663b65e56"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIterateeCall.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isIterateeCall.js","sha256": "43a63fe192e33cdda10f4c77eb45042381b3a5712e33daabb2fcbf8f1cebfddb","sha1": "8116de0f8e735fb8c0a9d263a369be4b74f5f09c","md5": "cd11a8c2d4eee420c1a24e7663b65e56"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isIterateeCall.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isIterateeCall.js","sha256": "43a63fe192e33cdda10f4c77eb45042381b3a5712e33daabb2fcbf8f1cebfddb","sha1": "8116de0f8e735fb8c0a9d263a369be4b74f5f09c","md5": "cd11a8c2d4eee420c1a24e7663b65e56"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isKey.js","md5": "73230460ff274adc43275f913620d7af","sha1": "e68a3f3cc1d7942c51ce0e8d927c0eb1896bc46e","sha256": "0f5dce93adc9aa4b43003c2669e06e2eda1455e4167a12aa703324f578ecbfe1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isKey.js","sha256": "0f5dce93adc9aa4b43003c2669e06e2eda1455e4167a12aa703324f578ecbfe1","sha1": "e68a3f3cc1d7942c51ce0e8d927c0eb1896bc46e","md5": "73230460ff274adc43275f913620d7af"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isKey.js","sha256": "0f5dce93adc9aa4b43003c2669e06e2eda1455e4167a12aa703324f578ecbfe1","sha1": "e68a3f3cc1d7942c51ce0e8d927c0eb1896bc46e","md5": "73230460ff274adc43275f913620d7af"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isKey.js","sha256": "0f5dce93adc9aa4b43003c2669e06e2eda1455e4167a12aa703324f578ecbfe1","sha1": "e68a3f3cc1d7942c51ce0e8d927c0eb1896bc46e","md5": "73230460ff274adc43275f913620d7af"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKeyable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isKeyable.js","md5": "506d4cc350a31813f51f76b66ce34e61","sha1": "89389f3a2f157c03608bcce01baf751018f25fa8","sha256": "350b0af6255491303512c1cf75a2b57cb62efcc392d9a280435dfaa04aed06cf","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKeyable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isKeyable.js","sha256": "350b0af6255491303512c1cf75a2b57cb62efcc392d9a280435dfaa04aed06cf","sha1": "89389f3a2f157c03608bcce01baf751018f25fa8","md5": "506d4cc350a31813f51f76b66ce34e61"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKeyable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isKeyable.js","sha256": "350b0af6255491303512c1cf75a2b57cb62efcc392d9a280435dfaa04aed06cf","sha1": "89389f3a2f157c03608bcce01baf751018f25fa8","md5": "506d4cc350a31813f51f76b66ce34e61"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isKeyable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isKeyable.js","sha256": "350b0af6255491303512c1cf75a2b57cb62efcc392d9a280435dfaa04aed06cf","sha1": "89389f3a2f157c03608bcce01baf751018f25fa8","md5": "506d4cc350a31813f51f76b66ce34e61"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isLaziable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isLaziable.js","md5": "c735acb5967b835e0146529879afa15d","sha1": "857a630edb35c21d76e6e2fd6daed3f3b51ea6a9","sha256": "6863f63c866527fb17eba2b8abd81f04cdde2057c76201f3ac190494d319bd33","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isLaziable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isLaziable.js","sha256": "6863f63c866527fb17eba2b8abd81f04cdde2057c76201f3ac190494d319bd33","sha1": "857a630edb35c21d76e6e2fd6daed3f3b51ea6a9","md5": "c735acb5967b835e0146529879afa15d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isLaziable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isLaziable.js","sha256": "6863f63c866527fb17eba2b8abd81f04cdde2057c76201f3ac190494d319bd33","sha1": "857a630edb35c21d76e6e2fd6daed3f3b51ea6a9","md5": "c735acb5967b835e0146529879afa15d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isLaziable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isLaziable.js","sha256": "6863f63c866527fb17eba2b8abd81f04cdde2057c76201f3ac190494d319bd33","sha1": "857a630edb35c21d76e6e2fd6daed3f3b51ea6a9","md5": "c735acb5967b835e0146529879afa15d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMaskable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isMaskable.js","md5": "fec5bf53146030e044bdf29b4bf4fcf9","sha1": "54963a24b696b2c57b2e8d2a873ed7db9abe6b11","sha256": "7fca667defefe5906ecaa58bfc85337197465d7df8ac8dcf06961d0de4a05fba","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMaskable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isMaskable.js","sha256": "7fca667defefe5906ecaa58bfc85337197465d7df8ac8dcf06961d0de4a05fba","sha1": "54963a24b696b2c57b2e8d2a873ed7db9abe6b11","md5": "fec5bf53146030e044bdf29b4bf4fcf9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMaskable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isMaskable.js","sha256": "7fca667defefe5906ecaa58bfc85337197465d7df8ac8dcf06961d0de4a05fba","sha1": "54963a24b696b2c57b2e8d2a873ed7db9abe6b11","md5": "fec5bf53146030e044bdf29b4bf4fcf9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMaskable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isMaskable.js","sha256": "7fca667defefe5906ecaa58bfc85337197465d7df8ac8dcf06961d0de4a05fba","sha1": "54963a24b696b2c57b2e8d2a873ed7db9abe6b11","md5": "fec5bf53146030e044bdf29b4bf4fcf9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMasked.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isMasked.js","md5": "6376cafb15443462732be0fbcb8d1525","sha1": "c001b1b4f9d3f7ece2e7263350f081da707804a5","sha256": "bc22cc820f6dfa6a16303d9e0b2430defb8d78328a2f56a0fbf0d919c6128757","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMasked.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isMasked.js","sha256": "bc22cc820f6dfa6a16303d9e0b2430defb8d78328a2f56a0fbf0d919c6128757","sha1": "c001b1b4f9d3f7ece2e7263350f081da707804a5","md5": "6376cafb15443462732be0fbcb8d1525"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMasked.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isMasked.js","sha256": "bc22cc820f6dfa6a16303d9e0b2430defb8d78328a2f56a0fbf0d919c6128757","sha1": "c001b1b4f9d3f7ece2e7263350f081da707804a5","md5": "6376cafb15443462732be0fbcb8d1525"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isMasked.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isMasked.js","sha256": "bc22cc820f6dfa6a16303d9e0b2430defb8d78328a2f56a0fbf0d919c6128757","sha1": "c001b1b4f9d3f7ece2e7263350f081da707804a5","md5": "6376cafb15443462732be0fbcb8d1525"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isPrototype.js","md5": "77ce496d84a19a9b44f0dc59b401da3c","sha1": "6ebbd7e2661dbf8b6e35f36d680b7117fcc6b2c0","sha256": "cfb95e7cf139dcc5fbf79e4b13f7fa9f30fedf3c7d73093ca8c5ee44d7d4aaaa","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isPrototype.js","sha256": "cfb95e7cf139dcc5fbf79e4b13f7fa9f30fedf3c7d73093ca8c5ee44d7d4aaaa","sha1": "6ebbd7e2661dbf8b6e35f36d680b7117fcc6b2c0","md5": "77ce496d84a19a9b44f0dc59b401da3c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isPrototype.js","sha256": "cfb95e7cf139dcc5fbf79e4b13f7fa9f30fedf3c7d73093ca8c5ee44d7d4aaaa","sha1": "6ebbd7e2661dbf8b6e35f36d680b7117fcc6b2c0","md5": "77ce496d84a19a9b44f0dc59b401da3c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isPrototype.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isPrototype.js","sha256": "cfb95e7cf139dcc5fbf79e4b13f7fa9f30fedf3c7d73093ca8c5ee44d7d4aaaa","sha1": "6ebbd7e2661dbf8b6e35f36d680b7117fcc6b2c0","md5": "77ce496d84a19a9b44f0dc59b401da3c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_isStrictComparable.js","md5": "2f18102118f44f42675fba0666cc96ef","sha1": "1db231f38b860e0a94e052c232829f8e8d31eb74","sha256": "adb0b07c7c84a54ae3e19f7c92aa915a0ae8e0a26ff3c3fa8aacb4d63b8dfbe4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_isStrictComparable.js","sha256": "adb0b07c7c84a54ae3e19f7c92aa915a0ae8e0a26ff3c3fa8aacb4d63b8dfbe4","sha1": "1db231f38b860e0a94e052c232829f8e8d31eb74","md5": "2f18102118f44f42675fba0666cc96ef"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_isStrictComparable.js","sha256": "adb0b07c7c84a54ae3e19f7c92aa915a0ae8e0a26ff3c3fa8aacb4d63b8dfbe4","sha1": "1db231f38b860e0a94e052c232829f8e8d31eb74","md5": "2f18102118f44f42675fba0666cc96ef"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _isStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_isStrictComparable.js","sha256": "adb0b07c7c84a54ae3e19f7c92aa915a0ae8e0a26ff3c3fa8aacb4d63b8dfbe4","sha1": "1db231f38b860e0a94e052c232829f8e8d31eb74","md5": "2f18102118f44f42675fba0666cc96ef"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _iteratorToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_iteratorToArray.js","md5": "0732120e84258ec32a90775d0e589392","sha1": "0512af6634544643fd2dacfb328aa8fca1770d72","sha256": "32f28cd367d0fd3426bb1b53fa648dba07245a0d837b4e31e2bdddb13ce25107","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _iteratorToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_iteratorToArray.js","sha256": "32f28cd367d0fd3426bb1b53fa648dba07245a0d837b4e31e2bdddb13ce25107","sha1": "0512af6634544643fd2dacfb328aa8fca1770d72","md5": "0732120e84258ec32a90775d0e589392"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _iteratorToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_iteratorToArray.js","sha256": "32f28cd367d0fd3426bb1b53fa648dba07245a0d837b4e31e2bdddb13ce25107","sha1": "0512af6634544643fd2dacfb328aa8fca1770d72","md5": "0732120e84258ec32a90775d0e589392"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _iteratorToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_iteratorToArray.js","sha256": "32f28cd367d0fd3426bb1b53fa648dba07245a0d837b4e31e2bdddb13ce25107","sha1": "0512af6634544643fd2dacfb328aa8fca1770d72","md5": "0732120e84258ec32a90775d0e589392"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_lazyClone.js","md5": "398f76c56fe101b547f4fd6bf8fb8927","sha1": "528f2c4e0ddaadd246d07757608fafc02842508b","sha256": "a7c29e1b48490be0e4114ec696cfb9078efb2c84b515b2fb22d090de4adeac40","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_lazyClone.js","sha256": "a7c29e1b48490be0e4114ec696cfb9078efb2c84b515b2fb22d090de4adeac40","sha1": "528f2c4e0ddaadd246d07757608fafc02842508b","md5": "398f76c56fe101b547f4fd6bf8fb8927"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_lazyClone.js","sha256": "a7c29e1b48490be0e4114ec696cfb9078efb2c84b515b2fb22d090de4adeac40","sha1": "528f2c4e0ddaadd246d07757608fafc02842508b","md5": "398f76c56fe101b547f4fd6bf8fb8927"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_lazyClone.js","sha256": "a7c29e1b48490be0e4114ec696cfb9078efb2c84b515b2fb22d090de4adeac40","sha1": "528f2c4e0ddaadd246d07757608fafc02842508b","md5": "398f76c56fe101b547f4fd6bf8fb8927"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyReverse.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_lazyReverse.js","md5": "d170786ba827f4a08175a274fcc0ce71","sha1": "a16d79ce7d467ebd00332162dafae250f726fe17","sha256": "03b1c25da23e238ceb276999e02685a7d188e95a11309cf48de424e69529dc18","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyReverse.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_lazyReverse.js","sha256": "03b1c25da23e238ceb276999e02685a7d188e95a11309cf48de424e69529dc18","sha1": "a16d79ce7d467ebd00332162dafae250f726fe17","md5": "d170786ba827f4a08175a274fcc0ce71"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyReverse.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_lazyReverse.js","sha256": "03b1c25da23e238ceb276999e02685a7d188e95a11309cf48de424e69529dc18","sha1": "a16d79ce7d467ebd00332162dafae250f726fe17","md5": "d170786ba827f4a08175a274fcc0ce71"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyReverse.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_lazyReverse.js","sha256": "03b1c25da23e238ceb276999e02685a7d188e95a11309cf48de424e69529dc18","sha1": "a16d79ce7d467ebd00332162dafae250f726fe17","md5": "d170786ba827f4a08175a274fcc0ce71"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_lazyValue.js","md5": "d2705744ee8c04d5569a8f8755a11c90","sha1": "8e87e755c6f452304a814a29998fe145065aac74","sha256": "84d51a53ea72e167bf00a4dfd7487d1af3c9907da9c81973d27a334d44730d40","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_lazyValue.js","sha256": "84d51a53ea72e167bf00a4dfd7487d1af3c9907da9c81973d27a334d44730d40","sha1": "8e87e755c6f452304a814a29998fe145065aac74","md5": "d2705744ee8c04d5569a8f8755a11c90"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_lazyValue.js","sha256": "84d51a53ea72e167bf00a4dfd7487d1af3c9907da9c81973d27a334d44730d40","sha1": "8e87e755c6f452304a814a29998fe145065aac74","md5": "d2705744ee8c04d5569a8f8755a11c90"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _lazyValue.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_lazyValue.js","sha256": "84d51a53ea72e167bf00a4dfd7487d1af3c9907da9c81973d27a334d44730d40","sha1": "8e87e755c6f452304a814a29998fe145065aac74","md5": "d2705744ee8c04d5569a8f8755a11c90"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_listCacheClear.js","md5": "3c0975f95bcb79388b3af41ab94a7499","sha1": "cab24e3a5aa064726b71f761bac42e765a21517b","sha256": "0872c1fc38da972860c5d7e9b029d60556a1132343e9c151b9446002cf5f3c35","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_listCacheClear.js","sha256": "0872c1fc38da972860c5d7e9b029d60556a1132343e9c151b9446002cf5f3c35","sha1": "cab24e3a5aa064726b71f761bac42e765a21517b","md5": "3c0975f95bcb79388b3af41ab94a7499"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_listCacheClear.js","sha256": "0872c1fc38da972860c5d7e9b029d60556a1132343e9c151b9446002cf5f3c35","sha1": "cab24e3a5aa064726b71f761bac42e765a21517b","md5": "3c0975f95bcb79388b3af41ab94a7499"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_listCacheClear.js","sha256": "0872c1fc38da972860c5d7e9b029d60556a1132343e9c151b9446002cf5f3c35","sha1": "cab24e3a5aa064726b71f761bac42e765a21517b","md5": "3c0975f95bcb79388b3af41ab94a7499"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_listCacheDelete.js","md5": "de1b929856a50388222dfdf5f5279f06","sha1": "1421610bad35fbee226a1a6bf8e7edb8958a4d6e","sha256": "a3760383a9251969424b63e0cd9cbed3e376e94b18dfe462c2a5bdbd0281568d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_listCacheDelete.js","sha256": "a3760383a9251969424b63e0cd9cbed3e376e94b18dfe462c2a5bdbd0281568d","sha1": "1421610bad35fbee226a1a6bf8e7edb8958a4d6e","md5": "de1b929856a50388222dfdf5f5279f06"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_listCacheDelete.js","sha256": "a3760383a9251969424b63e0cd9cbed3e376e94b18dfe462c2a5bdbd0281568d","sha1": "1421610bad35fbee226a1a6bf8e7edb8958a4d6e","md5": "de1b929856a50388222dfdf5f5279f06"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_listCacheDelete.js","sha256": "a3760383a9251969424b63e0cd9cbed3e376e94b18dfe462c2a5bdbd0281568d","sha1": "1421610bad35fbee226a1a6bf8e7edb8958a4d6e","md5": "de1b929856a50388222dfdf5f5279f06"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_listCacheGet.js","md5": "22826f86a2982a79fd4f1ad241431f81","sha1": "266ac036effbb03c4a20397401900068f25ee510","sha256": "499002dd4ffe04bb2c270f5629b85b8c1578ace90f18b8f6ddc62fdc75a9c018","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_listCacheGet.js","sha256": "499002dd4ffe04bb2c270f5629b85b8c1578ace90f18b8f6ddc62fdc75a9c018","sha1": "266ac036effbb03c4a20397401900068f25ee510","md5": "22826f86a2982a79fd4f1ad241431f81"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_listCacheGet.js","sha256": "499002dd4ffe04bb2c270f5629b85b8c1578ace90f18b8f6ddc62fdc75a9c018","sha1": "266ac036effbb03c4a20397401900068f25ee510","md5": "22826f86a2982a79fd4f1ad241431f81"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_listCacheGet.js","sha256": "499002dd4ffe04bb2c270f5629b85b8c1578ace90f18b8f6ddc62fdc75a9c018","sha1": "266ac036effbb03c4a20397401900068f25ee510","md5": "22826f86a2982a79fd4f1ad241431f81"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_listCacheHas.js","md5": "91959ec1928b6649edd62ecde1e5bab9","sha1": "2070fe4515274fd0445b01ccbdad8acbc6b7c9a3","sha256": "dadbb626a3f14d58da266fd66de1b0b1d7fef13e9d6e2d1802e908f26f6a6882","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_listCacheHas.js","sha256": "dadbb626a3f14d58da266fd66de1b0b1d7fef13e9d6e2d1802e908f26f6a6882","sha1": "2070fe4515274fd0445b01ccbdad8acbc6b7c9a3","md5": "91959ec1928b6649edd62ecde1e5bab9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_listCacheHas.js","sha256": "dadbb626a3f14d58da266fd66de1b0b1d7fef13e9d6e2d1802e908f26f6a6882","sha1": "2070fe4515274fd0445b01ccbdad8acbc6b7c9a3","md5": "91959ec1928b6649edd62ecde1e5bab9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_listCacheHas.js","sha256": "dadbb626a3f14d58da266fd66de1b0b1d7fef13e9d6e2d1802e908f26f6a6882","sha1": "2070fe4515274fd0445b01ccbdad8acbc6b7c9a3","md5": "91959ec1928b6649edd62ecde1e5bab9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_listCacheSet.js","md5": "5db90cb655acaab43e28610ca63eed8d","sha1": "cf902d42ba5e57849d08b0c03d2003c56bbc0dde","sha256": "7557307601cff2f4071cf9d7fa9aa5316064c8974f8cf30404acb5897d5ba242","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_listCacheSet.js","sha256": "7557307601cff2f4071cf9d7fa9aa5316064c8974f8cf30404acb5897d5ba242","sha1": "cf902d42ba5e57849d08b0c03d2003c56bbc0dde","md5": "5db90cb655acaab43e28610ca63eed8d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_listCacheSet.js","sha256": "7557307601cff2f4071cf9d7fa9aa5316064c8974f8cf30404acb5897d5ba242","sha1": "cf902d42ba5e57849d08b0c03d2003c56bbc0dde","md5": "5db90cb655acaab43e28610ca63eed8d"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _listCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_listCacheSet.js","sha256": "7557307601cff2f4071cf9d7fa9aa5316064c8974f8cf30404acb5897d5ba242","sha1": "cf902d42ba5e57849d08b0c03d2003c56bbc0dde","md5": "5db90cb655acaab43e28610ca63eed8d"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mapCacheClear.js","md5": "81c3e7f3f4d38c56d5bb1c9fa58e34fa","sha1": "0eff5c92ebddbff48603ec60a32720c48fcdfd2a","sha256": "e83e7e069f743cda3397d56bf30bb6863046b3729730b932f67fd8cb1479b24a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mapCacheClear.js","sha256": "e83e7e069f743cda3397d56bf30bb6863046b3729730b932f67fd8cb1479b24a","sha1": "0eff5c92ebddbff48603ec60a32720c48fcdfd2a","md5": "81c3e7f3f4d38c56d5bb1c9fa58e34fa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mapCacheClear.js","sha256": "e83e7e069f743cda3397d56bf30bb6863046b3729730b932f67fd8cb1479b24a","sha1": "0eff5c92ebddbff48603ec60a32720c48fcdfd2a","md5": "81c3e7f3f4d38c56d5bb1c9fa58e34fa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mapCacheClear.js","sha256": "e83e7e069f743cda3397d56bf30bb6863046b3729730b932f67fd8cb1479b24a","sha1": "0eff5c92ebddbff48603ec60a32720c48fcdfd2a","md5": "81c3e7f3f4d38c56d5bb1c9fa58e34fa"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mapCacheDelete.js","md5": "5c2ae7848d266170b95a07d41574a6d1","sha1": "830ab65244dcd7c5a00fec9be355e9f713e6ea3f","sha256": "63644bb7c346b74226f5cf6e5d7712a91414dc9cbd28d0733817e72f121b2f3a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mapCacheDelete.js","sha256": "63644bb7c346b74226f5cf6e5d7712a91414dc9cbd28d0733817e72f121b2f3a","sha1": "830ab65244dcd7c5a00fec9be355e9f713e6ea3f","md5": "5c2ae7848d266170b95a07d41574a6d1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mapCacheDelete.js","sha256": "63644bb7c346b74226f5cf6e5d7712a91414dc9cbd28d0733817e72f121b2f3a","sha1": "830ab65244dcd7c5a00fec9be355e9f713e6ea3f","md5": "5c2ae7848d266170b95a07d41574a6d1"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mapCacheDelete.js","sha256": "63644bb7c346b74226f5cf6e5d7712a91414dc9cbd28d0733817e72f121b2f3a","sha1": "830ab65244dcd7c5a00fec9be355e9f713e6ea3f","md5": "5c2ae7848d266170b95a07d41574a6d1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mapCacheGet.js","md5": "53e942b3f273be90d6130f728bce7476","sha1": "2f580dedb6aa86e87c9931a6bb2275df8fe8608a","sha256": "76095488d813ea6627dff4cb3aa3033722ccec642aa4c9a596c571e509c84b9c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mapCacheGet.js","sha256": "76095488d813ea6627dff4cb3aa3033722ccec642aa4c9a596c571e509c84b9c","sha1": "2f580dedb6aa86e87c9931a6bb2275df8fe8608a","md5": "53e942b3f273be90d6130f728bce7476"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mapCacheGet.js","sha256": "76095488d813ea6627dff4cb3aa3033722ccec642aa4c9a596c571e509c84b9c","sha1": "2f580dedb6aa86e87c9931a6bb2275df8fe8608a","md5": "53e942b3f273be90d6130f728bce7476"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mapCacheGet.js","sha256": "76095488d813ea6627dff4cb3aa3033722ccec642aa4c9a596c571e509c84b9c","sha1": "2f580dedb6aa86e87c9931a6bb2275df8fe8608a","md5": "53e942b3f273be90d6130f728bce7476"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mapCacheHas.js","md5": "3544d370646d0d5bea0921dfcb5b22da","sha1": "a0104808ea49ff57061f2b4a6ec4ef5f28e20601","sha256": "4b41ddbc15713b24902083119ad7f45e710a26358b871a700a857b3ecd85be81","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mapCacheHas.js","sha256": "4b41ddbc15713b24902083119ad7f45e710a26358b871a700a857b3ecd85be81","sha1": "a0104808ea49ff57061f2b4a6ec4ef5f28e20601","md5": "3544d370646d0d5bea0921dfcb5b22da"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mapCacheHas.js","sha256": "4b41ddbc15713b24902083119ad7f45e710a26358b871a700a857b3ecd85be81","sha1": "a0104808ea49ff57061f2b4a6ec4ef5f28e20601","md5": "3544d370646d0d5bea0921dfcb5b22da"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mapCacheHas.js","sha256": "4b41ddbc15713b24902083119ad7f45e710a26358b871a700a857b3ecd85be81","sha1": "a0104808ea49ff57061f2b4a6ec4ef5f28e20601","md5": "3544d370646d0d5bea0921dfcb5b22da"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mapCacheSet.js","md5": "b1fd117e13a70ccc3a1dfdd7e92a39f0","sha1": "745d2c8aab1a63cd28192eea4ac7bd86d5050b02","sha256": "464f027fa65e25a396cccd9b5e2103259f51f7fc646b72f64907a89106697bd6","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mapCacheSet.js","sha256": "464f027fa65e25a396cccd9b5e2103259f51f7fc646b72f64907a89106697bd6","sha1": "745d2c8aab1a63cd28192eea4ac7bd86d5050b02","md5": "b1fd117e13a70ccc3a1dfdd7e92a39f0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mapCacheSet.js","sha256": "464f027fa65e25a396cccd9b5e2103259f51f7fc646b72f64907a89106697bd6","sha1": "745d2c8aab1a63cd28192eea4ac7bd86d5050b02","md5": "b1fd117e13a70ccc3a1dfdd7e92a39f0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapCacheSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mapCacheSet.js","sha256": "464f027fa65e25a396cccd9b5e2103259f51f7fc646b72f64907a89106697bd6","sha1": "745d2c8aab1a63cd28192eea4ac7bd86d5050b02","md5": "b1fd117e13a70ccc3a1dfdd7e92a39f0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mapToArray.js","md5": "44f44207175358b51bd63641074e6804","sha1": "ba760ad87c596f8a038240cdb8eb21c8f441a288","sha256": "5d44139746a75599d76943ab9b10fbfc0865ca07272265eb94ea218fa591eaf4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mapToArray.js","sha256": "5d44139746a75599d76943ab9b10fbfc0865ca07272265eb94ea218fa591eaf4","sha1": "ba760ad87c596f8a038240cdb8eb21c8f441a288","md5": "44f44207175358b51bd63641074e6804"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mapToArray.js","sha256": "5d44139746a75599d76943ab9b10fbfc0865ca07272265eb94ea218fa591eaf4","sha1": "ba760ad87c596f8a038240cdb8eb21c8f441a288","md5": "44f44207175358b51bd63641074e6804"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mapToArray.js","sha256": "5d44139746a75599d76943ab9b10fbfc0865ca07272265eb94ea218fa591eaf4","sha1": "ba760ad87c596f8a038240cdb8eb21c8f441a288","md5": "44f44207175358b51bd63641074e6804"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapping.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/_mapping.js","md5": "0940a9275be6cbba5bcfd4442f701baf","sha1": "0fa88f5921a98c85fb6d3d2310e8869d5daf9e1a","sha256": "474a0de8f3624a02218a6092e07f51e8315514d73d40dfa3c8f6820419460aed","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapping.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/_mapping.js","sha256": "474a0de8f3624a02218a6092e07f51e8315514d73d40dfa3c8f6820419460aed","sha1": "0fa88f5921a98c85fb6d3d2310e8869d5daf9e1a","md5": "0940a9275be6cbba5bcfd4442f701baf"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapping.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/_mapping.js","sha256": "474a0de8f3624a02218a6092e07f51e8315514d73d40dfa3c8f6820419460aed","sha1": "0fa88f5921a98c85fb6d3d2310e8869d5daf9e1a","md5": "0940a9275be6cbba5bcfd4442f701baf"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mapping.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/_mapping.js","sha256": "474a0de8f3624a02218a6092e07f51e8315514d73d40dfa3c8f6820419460aed","sha1": "0fa88f5921a98c85fb6d3d2310e8869d5daf9e1a","md5": "0940a9275be6cbba5bcfd4442f701baf"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _matchesStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_matchesStrictComparable.js","md5": "c08e542aff414c5fd3cf4913a9a96328","sha1": "886455dc09cdf350cadc57a4bb14cf8d700db358","sha256": "f8eaac0f6f8af658933221834f7638f6d2967dbfb21d87b8e77d4feaaf4ca7e3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _matchesStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_matchesStrictComparable.js","sha256": "f8eaac0f6f8af658933221834f7638f6d2967dbfb21d87b8e77d4feaaf4ca7e3","sha1": "886455dc09cdf350cadc57a4bb14cf8d700db358","md5": "c08e542aff414c5fd3cf4913a9a96328"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _matchesStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_matchesStrictComparable.js","sha256": "f8eaac0f6f8af658933221834f7638f6d2967dbfb21d87b8e77d4feaaf4ca7e3","sha1": "886455dc09cdf350cadc57a4bb14cf8d700db358","md5": "c08e542aff414c5fd3cf4913a9a96328"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _matchesStrictComparable.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_matchesStrictComparable.js","sha256": "f8eaac0f6f8af658933221834f7638f6d2967dbfb21d87b8e77d4feaaf4ca7e3","sha1": "886455dc09cdf350cadc57a4bb14cf8d700db358","md5": "c08e542aff414c5fd3cf4913a9a96328"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _memoizeCapped.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_memoizeCapped.js","md5": "2d9d489f9efdd4f773e240d2b354dd16","sha1": "6e577b3ba7b897f8a8e6277cee2a9c0d296608d9","sha256": "1da7277242b79f0e2fb5261b5fb8bfe1363b6a167e1c196ffe34c7f01cc71a5e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _memoizeCapped.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_memoizeCapped.js","sha256": "1da7277242b79f0e2fb5261b5fb8bfe1363b6a167e1c196ffe34c7f01cc71a5e","sha1": "6e577b3ba7b897f8a8e6277cee2a9c0d296608d9","md5": "2d9d489f9efdd4f773e240d2b354dd16"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _memoizeCapped.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_memoizeCapped.js","sha256": "1da7277242b79f0e2fb5261b5fb8bfe1363b6a167e1c196ffe34c7f01cc71a5e","sha1": "6e577b3ba7b897f8a8e6277cee2a9c0d296608d9","md5": "2d9d489f9efdd4f773e240d2b354dd16"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _memoizeCapped.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_memoizeCapped.js","sha256": "1da7277242b79f0e2fb5261b5fb8bfe1363b6a167e1c196ffe34c7f01cc71a5e","sha1": "6e577b3ba7b897f8a8e6277cee2a9c0d296608d9","md5": "2d9d489f9efdd4f773e240d2b354dd16"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mergeData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_mergeData.js","md5": "60e5200d2f787d86a92a6016cb9511c7","sha1": "88ffb153b2cf2792dd67b70ef0f7ba1715c991fa","sha256": "1b2c0b0be33a07225ba79cb66601d7f78e09ac5f896d53fcd060011d0fd66491","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mergeData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_mergeData.js","sha256": "1b2c0b0be33a07225ba79cb66601d7f78e09ac5f896d53fcd060011d0fd66491","sha1": "88ffb153b2cf2792dd67b70ef0f7ba1715c991fa","md5": "60e5200d2f787d86a92a6016cb9511c7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mergeData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_mergeData.js","sha256": "1b2c0b0be33a07225ba79cb66601d7f78e09ac5f896d53fcd060011d0fd66491","sha1": "88ffb153b2cf2792dd67b70ef0f7ba1715c991fa","md5": "60e5200d2f787d86a92a6016cb9511c7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _mergeData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_mergeData.js","sha256": "1b2c0b0be33a07225ba79cb66601d7f78e09ac5f896d53fcd060011d0fd66491","sha1": "88ffb153b2cf2792dd67b70ef0f7ba1715c991fa","md5": "60e5200d2f787d86a92a6016cb9511c7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _metaMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_metaMap.js","md5": "9bcce290ac222f1c49c3944db1b13308","sha1": "6fe08e4a7c81c515eb34e464db1fe31d20bc8ff6","sha256": "1d7b3626ce926fdfa1b014c725aaae932f04628bc5ee7b36b3632f715590676c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _metaMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_metaMap.js","sha256": "1d7b3626ce926fdfa1b014c725aaae932f04628bc5ee7b36b3632f715590676c","sha1": "6fe08e4a7c81c515eb34e464db1fe31d20bc8ff6","md5": "9bcce290ac222f1c49c3944db1b13308"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _metaMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_metaMap.js","sha256": "1d7b3626ce926fdfa1b014c725aaae932f04628bc5ee7b36b3632f715590676c","sha1": "6fe08e4a7c81c515eb34e464db1fe31d20bc8ff6","md5": "9bcce290ac222f1c49c3944db1b13308"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _metaMap.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_metaMap.js","sha256": "1d7b3626ce926fdfa1b014c725aaae932f04628bc5ee7b36b3632f715590676c","sha1": "6fe08e4a7c81c515eb34e464db1fe31d20bc8ff6","md5": "9bcce290ac222f1c49c3944db1b13308"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_nativeCreate.js","md5": "9fb51b7d3f1c71d46b76a38c166609f8","sha1": "d77d487728a34b77fe91c07ed4a2ca41a7265b43","sha256": "4271167f1b155aa72b4112e5e716837175380b3f797c4763ca102c6b48bdb69f","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_nativeCreate.js","sha256": "4271167f1b155aa72b4112e5e716837175380b3f797c4763ca102c6b48bdb69f","sha1": "d77d487728a34b77fe91c07ed4a2ca41a7265b43","md5": "9fb51b7d3f1c71d46b76a38c166609f8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_nativeCreate.js","sha256": "4271167f1b155aa72b4112e5e716837175380b3f797c4763ca102c6b48bdb69f","sha1": "d77d487728a34b77fe91c07ed4a2ca41a7265b43","md5": "9fb51b7d3f1c71d46b76a38c166609f8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeCreate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_nativeCreate.js","sha256": "4271167f1b155aa72b4112e5e716837175380b3f797c4763ca102c6b48bdb69f","sha1": "d77d487728a34b77fe91c07ed4a2ca41a7265b43","md5": "9fb51b7d3f1c71d46b76a38c166609f8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_nativeKeys.js","md5": "d87c1b2d45c1668a6a18e0301fbfcf36","sha1": "9cddc8c7f8efeffa319763be371897c861027d65","sha256": "2aca1ae1ff39e05d3f36082c4b46211668313e7ef1a08754043d80fe8e35c0b5","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_nativeKeys.js","sha256": "2aca1ae1ff39e05d3f36082c4b46211668313e7ef1a08754043d80fe8e35c0b5","sha1": "9cddc8c7f8efeffa319763be371897c861027d65","md5": "d87c1b2d45c1668a6a18e0301fbfcf36"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_nativeKeys.js","sha256": "2aca1ae1ff39e05d3f36082c4b46211668313e7ef1a08754043d80fe8e35c0b5","sha1": "9cddc8c7f8efeffa319763be371897c861027d65","md5": "d87c1b2d45c1668a6a18e0301fbfcf36"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeys.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_nativeKeys.js","sha256": "2aca1ae1ff39e05d3f36082c4b46211668313e7ef1a08754043d80fe8e35c0b5","sha1": "9cddc8c7f8efeffa319763be371897c861027d65","md5": "d87c1b2d45c1668a6a18e0301fbfcf36"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_nativeKeysIn.js","md5": "a19d47943eeeef1561731a05276af23b","sha1": "d11eee972281d8eb8c93724d6a9088faf33e9679","sha256": "c1970a10bedf2fc57f0306b8469c2d7c4cf12df3eb0f1e6538a929a4bbbe0849","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_nativeKeysIn.js","sha256": "c1970a10bedf2fc57f0306b8469c2d7c4cf12df3eb0f1e6538a929a4bbbe0849","sha1": "d11eee972281d8eb8c93724d6a9088faf33e9679","md5": "a19d47943eeeef1561731a05276af23b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_nativeKeysIn.js","sha256": "c1970a10bedf2fc57f0306b8469c2d7c4cf12df3eb0f1e6538a929a4bbbe0849","sha1": "d11eee972281d8eb8c93724d6a9088faf33e9679","md5": "a19d47943eeeef1561731a05276af23b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nativeKeysIn.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_nativeKeysIn.js","sha256": "c1970a10bedf2fc57f0306b8469c2d7c4cf12df3eb0f1e6538a929a4bbbe0849","sha1": "d11eee972281d8eb8c93724d6a9088faf33e9679","md5": "a19d47943eeeef1561731a05276af23b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nodeUtil.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_nodeUtil.js","md5": "8eb16d41d0ae2badd15fc0e35fa99625","sha1": "23c321c5b794557e944b47a10ccac8eb6a132f0c","sha256": "537b6e42a7aa1200af9fb5079f05b12d3e3c00f1f0665d67ef17e80dd0949b65","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nodeUtil.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_nodeUtil.js","sha256": "537b6e42a7aa1200af9fb5079f05b12d3e3c00f1f0665d67ef17e80dd0949b65","sha1": "23c321c5b794557e944b47a10ccac8eb6a132f0c","md5": "8eb16d41d0ae2badd15fc0e35fa99625"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nodeUtil.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_nodeUtil.js","sha256": "537b6e42a7aa1200af9fb5079f05b12d3e3c00f1f0665d67ef17e80dd0949b65","sha1": "23c321c5b794557e944b47a10ccac8eb6a132f0c","md5": "8eb16d41d0ae2badd15fc0e35fa99625"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _nodeUtil.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_nodeUtil.js","sha256": "537b6e42a7aa1200af9fb5079f05b12d3e3c00f1f0665d67ef17e80dd0949b65","sha1": "23c321c5b794557e944b47a10ccac8eb6a132f0c","md5": "8eb16d41d0ae2badd15fc0e35fa99625"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _objectToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_objectToString.js","md5": "be82b44dc8ef7278c5cb2a4a3daf243a","sha1": "c489ccc8b47254177546b747476ca6b4a339437c","sha256": "81c0b42d3076882d603659f81f75883fb5ccda995f323e2423ecff8648d6e231","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _objectToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_objectToString.js","sha256": "81c0b42d3076882d603659f81f75883fb5ccda995f323e2423ecff8648d6e231","sha1": "c489ccc8b47254177546b747476ca6b4a339437c","md5": "be82b44dc8ef7278c5cb2a4a3daf243a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _objectToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_objectToString.js","sha256": "81c0b42d3076882d603659f81f75883fb5ccda995f323e2423ecff8648d6e231","sha1": "c489ccc8b47254177546b747476ca6b4a339437c","md5": "be82b44dc8ef7278c5cb2a4a3daf243a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _objectToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_objectToString.js","sha256": "81c0b42d3076882d603659f81f75883fb5ccda995f323e2423ecff8648d6e231","sha1": "c489ccc8b47254177546b747476ca6b4a339437c","md5": "be82b44dc8ef7278c5cb2a4a3daf243a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overArg.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_overArg.js","md5": "839179ed6de294c2145856183b3af8c3","sha1": "1fd1876980219dfd22c7ad86a49994f6ad1ffb0d","sha256": "0eb5681b004c2bccb0b5480924c589dda6702b3bb53eb384a0c22956312a3ae2","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overArg.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_overArg.js","sha256": "0eb5681b004c2bccb0b5480924c589dda6702b3bb53eb384a0c22956312a3ae2","sha1": "1fd1876980219dfd22c7ad86a49994f6ad1ffb0d","md5": "839179ed6de294c2145856183b3af8c3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overArg.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_overArg.js","sha256": "0eb5681b004c2bccb0b5480924c589dda6702b3bb53eb384a0c22956312a3ae2","sha1": "1fd1876980219dfd22c7ad86a49994f6ad1ffb0d","md5": "839179ed6de294c2145856183b3af8c3"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overArg.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_overArg.js","sha256": "0eb5681b004c2bccb0b5480924c589dda6702b3bb53eb384a0c22956312a3ae2","sha1": "1fd1876980219dfd22c7ad86a49994f6ad1ffb0d","md5": "839179ed6de294c2145856183b3af8c3"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_overRest.js","md5": "bfe15354abfbe418be549eebae30d074","sha1": "7020d98e117801d3a38b53367295588fe9574282","sha256": "8833534359cb66fde3c020f57e1280f9626c806088e6b9eaf51953b3c849ce36","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_overRest.js","sha256": "8833534359cb66fde3c020f57e1280f9626c806088e6b9eaf51953b3c849ce36","sha1": "7020d98e117801d3a38b53367295588fe9574282","md5": "bfe15354abfbe418be549eebae30d074"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_overRest.js","sha256": "8833534359cb66fde3c020f57e1280f9626c806088e6b9eaf51953b3c849ce36","sha1": "7020d98e117801d3a38b53367295588fe9574282","md5": "bfe15354abfbe418be549eebae30d074"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _overRest.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_overRest.js","sha256": "8833534359cb66fde3c020f57e1280f9626c806088e6b9eaf51953b3c849ce36","sha1": "7020d98e117801d3a38b53367295588fe9574282","md5": "bfe15354abfbe418be549eebae30d074"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _parent.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_parent.js","md5": "b1123fe92c66afbb029bccd82f7f4caa","sha1": "a509f65490a88db6e1469ba7d8eacf86f11e7578","sha256": "b1a85d2cbbd4bea3b76e2b74d60cce492bc0d91c4a25656aab5017a13119a6ea","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _parent.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_parent.js","sha256": "b1a85d2cbbd4bea3b76e2b74d60cce492bc0d91c4a25656aab5017a13119a6ea","sha1": "a509f65490a88db6e1469ba7d8eacf86f11e7578","md5": "b1123fe92c66afbb029bccd82f7f4caa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _parent.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_parent.js","sha256": "b1a85d2cbbd4bea3b76e2b74d60cce492bc0d91c4a25656aab5017a13119a6ea","sha1": "a509f65490a88db6e1469ba7d8eacf86f11e7578","md5": "b1123fe92c66afbb029bccd82f7f4caa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _parent.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_parent.js","sha256": "b1a85d2cbbd4bea3b76e2b74d60cce492bc0d91c4a25656aab5017a13119a6ea","sha1": "a509f65490a88db6e1469ba7d8eacf86f11e7578","md5": "b1123fe92c66afbb029bccd82f7f4caa"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEscape.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_reEscape.js","md5": "89e721e3a345b29f1692a88bb6ccf901","sha1": "1956c226d87ffb9bfb9d0b443e5e7c6665e222a9","sha256": "19273f353ee560f281aa74c9179a2e977400c08de8ec8af65ebcb32f5fb2a527","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEscape.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_reEscape.js","sha256": "19273f353ee560f281aa74c9179a2e977400c08de8ec8af65ebcb32f5fb2a527","sha1": "1956c226d87ffb9bfb9d0b443e5e7c6665e222a9","md5": "89e721e3a345b29f1692a88bb6ccf901"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEscape.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_reEscape.js","sha256": "19273f353ee560f281aa74c9179a2e977400c08de8ec8af65ebcb32f5fb2a527","sha1": "1956c226d87ffb9bfb9d0b443e5e7c6665e222a9","md5": "89e721e3a345b29f1692a88bb6ccf901"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEscape.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_reEscape.js","sha256": "19273f353ee560f281aa74c9179a2e977400c08de8ec8af65ebcb32f5fb2a527","sha1": "1956c226d87ffb9bfb9d0b443e5e7c6665e222a9","md5": "89e721e3a345b29f1692a88bb6ccf901"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEvaluate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_reEvaluate.js","md5": "f10a4f8ee7e6f632d6dd224a882e721c","sha1": "01062fe9dad608255c7e341c6d3e145c9ae6912b","sha256": "d6a2f29eb24646e67b31f8b026234ff57a78e2cca8af3da9d43f173e51949ebe","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEvaluate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_reEvaluate.js","sha256": "d6a2f29eb24646e67b31f8b026234ff57a78e2cca8af3da9d43f173e51949ebe","sha1": "01062fe9dad608255c7e341c6d3e145c9ae6912b","md5": "f10a4f8ee7e6f632d6dd224a882e721c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEvaluate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_reEvaluate.js","sha256": "d6a2f29eb24646e67b31f8b026234ff57a78e2cca8af3da9d43f173e51949ebe","sha1": "01062fe9dad608255c7e341c6d3e145c9ae6912b","md5": "f10a4f8ee7e6f632d6dd224a882e721c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reEvaluate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_reEvaluate.js","sha256": "d6a2f29eb24646e67b31f8b026234ff57a78e2cca8af3da9d43f173e51949ebe","sha1": "01062fe9dad608255c7e341c6d3e145c9ae6912b","md5": "f10a4f8ee7e6f632d6dd224a882e721c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reInterpolate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_reInterpolate.js","md5": "35d84189ddbf62c88d17c4103cc09e66","sha1": "1f30c7932ca224ade79f3b50991da604fdc93c0f","sha256": "ece8e61ced08270d0e529e847511543f99ae2eb67c5fe3a4e1cb43572500e36a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reInterpolate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_reInterpolate.js","sha256": "ece8e61ced08270d0e529e847511543f99ae2eb67c5fe3a4e1cb43572500e36a","sha1": "1f30c7932ca224ade79f3b50991da604fdc93c0f","md5": "35d84189ddbf62c88d17c4103cc09e66"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reInterpolate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_reInterpolate.js","sha256": "ece8e61ced08270d0e529e847511543f99ae2eb67c5fe3a4e1cb43572500e36a","sha1": "1f30c7932ca224ade79f3b50991da604fdc93c0f","md5": "35d84189ddbf62c88d17c4103cc09e66"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reInterpolate.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_reInterpolate.js","sha256": "ece8e61ced08270d0e529e847511543f99ae2eb67c5fe3a4e1cb43572500e36a","sha1": "1f30c7932ca224ade79f3b50991da604fdc93c0f","md5": "35d84189ddbf62c88d17c4103cc09e66"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _realNames.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_realNames.js","md5": "5916509f9bd8b1978eae90adb2775fa0","sha1": "1d70870e01638a3ba3e742bf871a5618ba866480","sha256": "214c59771323560484af0420a002b02ae8efba8fa875047275927d1a4f1c1f0c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _realNames.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_realNames.js","sha256": "214c59771323560484af0420a002b02ae8efba8fa875047275927d1a4f1c1f0c","sha1": "1d70870e01638a3ba3e742bf871a5618ba866480","md5": "5916509f9bd8b1978eae90adb2775fa0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _realNames.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_realNames.js","sha256": "214c59771323560484af0420a002b02ae8efba8fa875047275927d1a4f1c1f0c","sha1": "1d70870e01638a3ba3e742bf871a5618ba866480","md5": "5916509f9bd8b1978eae90adb2775fa0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _realNames.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_realNames.js","sha256": "214c59771323560484af0420a002b02ae8efba8fa875047275927d1a4f1c1f0c","sha1": "1d70870e01638a3ba3e742bf871a5618ba866480","md5": "5916509f9bd8b1978eae90adb2775fa0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reorder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_reorder.js","md5": "c9b6df238ace5c7d700e953ee680d9b2","sha1": "f9ebaaf8bddda0f54270363ed88d8eeb4b0acf95","sha256": "495710ae274abce5b6e71a9879c735ef340210b3795a91059f51c55a0f9d4b27","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reorder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_reorder.js","sha256": "495710ae274abce5b6e71a9879c735ef340210b3795a91059f51c55a0f9d4b27","sha1": "f9ebaaf8bddda0f54270363ed88d8eeb4b0acf95","md5": "c9b6df238ace5c7d700e953ee680d9b2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reorder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_reorder.js","sha256": "495710ae274abce5b6e71a9879c735ef340210b3795a91059f51c55a0f9d4b27","sha1": "f9ebaaf8bddda0f54270363ed88d8eeb4b0acf95","md5": "c9b6df238ace5c7d700e953ee680d9b2"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _reorder.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_reorder.js","sha256": "495710ae274abce5b6e71a9879c735ef340210b3795a91059f51c55a0f9d4b27","sha1": "f9ebaaf8bddda0f54270363ed88d8eeb4b0acf95","md5": "c9b6df238ace5c7d700e953ee680d9b2"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _replaceHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_replaceHolders.js","md5": "2d1bebfd9ad88d17c34667e47bd7d389","sha1": "c24095b10ee93a2b1c4eabe187a37eb54a74b47c","sha256": "670f940008f7bb3ef54b5254d61ecc441e819da2eef53597048ea4ebb7225363","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _replaceHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_replaceHolders.js","sha256": "670f940008f7bb3ef54b5254d61ecc441e819da2eef53597048ea4ebb7225363","sha1": "c24095b10ee93a2b1c4eabe187a37eb54a74b47c","md5": "2d1bebfd9ad88d17c34667e47bd7d389"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _replaceHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_replaceHolders.js","sha256": "670f940008f7bb3ef54b5254d61ecc441e819da2eef53597048ea4ebb7225363","sha1": "c24095b10ee93a2b1c4eabe187a37eb54a74b47c","md5": "2d1bebfd9ad88d17c34667e47bd7d389"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _replaceHolders.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_replaceHolders.js","sha256": "670f940008f7bb3ef54b5254d61ecc441e819da2eef53597048ea4ebb7225363","sha1": "c24095b10ee93a2b1c4eabe187a37eb54a74b47c","md5": "2d1bebfd9ad88d17c34667e47bd7d389"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _root.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_root.js","md5": "6d64819ae22ef4f545aa3502652e54f8","sha1": "da38a7e1c62b9dec425d3354b1ae5b2f1473ed41","sha256": "32ea714f25057679fdd3099c2693cb6be437252e78eea3a5a7882a1282078348","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _root.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_root.js","sha256": "32ea714f25057679fdd3099c2693cb6be437252e78eea3a5a7882a1282078348","sha1": "da38a7e1c62b9dec425d3354b1ae5b2f1473ed41","md5": "6d64819ae22ef4f545aa3502652e54f8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _root.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_root.js","sha256": "32ea714f25057679fdd3099c2693cb6be437252e78eea3a5a7882a1282078348","sha1": "da38a7e1c62b9dec425d3354b1ae5b2f1473ed41","md5": "6d64819ae22ef4f545aa3502652e54f8"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _root.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_root.js","sha256": "32ea714f25057679fdd3099c2693cb6be437252e78eea3a5a7882a1282078348","sha1": "da38a7e1c62b9dec425d3354b1ae5b2f1473ed41","md5": "6d64819ae22ef4f545aa3502652e54f8"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _safeGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_safeGet.js","md5": "050c3636b224ca6af205f96528c86f83","sha1": "638d92d4782a94e948a266bcc257a824cb2182ba","sha256": "266166a787c864ba2c6306f40f4c135c3614546aea06492fa7103e3af5a4b724","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _safeGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_safeGet.js","sha256": "266166a787c864ba2c6306f40f4c135c3614546aea06492fa7103e3af5a4b724","sha1": "638d92d4782a94e948a266bcc257a824cb2182ba","md5": "050c3636b224ca6af205f96528c86f83"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _safeGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_safeGet.js","sha256": "266166a787c864ba2c6306f40f4c135c3614546aea06492fa7103e3af5a4b724","sha1": "638d92d4782a94e948a266bcc257a824cb2182ba","md5": "050c3636b224ca6af205f96528c86f83"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _safeGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_safeGet.js","sha256": "266166a787c864ba2c6306f40f4c135c3614546aea06492fa7103e3af5a4b724","sha1": "638d92d4782a94e948a266bcc257a824cb2182ba","md5": "050c3636b224ca6af205f96528c86f83"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheAdd.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setCacheAdd.js","md5": "ab76f826f56c3544a6eb035d51d3d03a","sha1": "3e8d192f136058af7953acb255f3452e25f9dbd5","sha256": "c946c72eb39ef2e5a04836b610e9877200e4269490930b21e64c29b1573624ed","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheAdd.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setCacheAdd.js","sha256": "c946c72eb39ef2e5a04836b610e9877200e4269490930b21e64c29b1573624ed","sha1": "3e8d192f136058af7953acb255f3452e25f9dbd5","md5": "ab76f826f56c3544a6eb035d51d3d03a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheAdd.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setCacheAdd.js","sha256": "c946c72eb39ef2e5a04836b610e9877200e4269490930b21e64c29b1573624ed","sha1": "3e8d192f136058af7953acb255f3452e25f9dbd5","md5": "ab76f826f56c3544a6eb035d51d3d03a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheAdd.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setCacheAdd.js","sha256": "c946c72eb39ef2e5a04836b610e9877200e4269490930b21e64c29b1573624ed","sha1": "3e8d192f136058af7953acb255f3452e25f9dbd5","md5": "ab76f826f56c3544a6eb035d51d3d03a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setCacheHas.js","md5": "2c72603b0a0eca71965014b9e7d79c64","sha1": "6b635d8cd68ddaf51b359bd7e89532dbbd5d259d","sha256": "6928afa62c51aba995e2b617915ced865627a6399dfd18c864191accfead3233","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setCacheHas.js","sha256": "6928afa62c51aba995e2b617915ced865627a6399dfd18c864191accfead3233","sha1": "6b635d8cd68ddaf51b359bd7e89532dbbd5d259d","md5": "2c72603b0a0eca71965014b9e7d79c64"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setCacheHas.js","sha256": "6928afa62c51aba995e2b617915ced865627a6399dfd18c864191accfead3233","sha1": "6b635d8cd68ddaf51b359bd7e89532dbbd5d259d","md5": "2c72603b0a0eca71965014b9e7d79c64"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setCacheHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setCacheHas.js","sha256": "6928afa62c51aba995e2b617915ced865627a6399dfd18c864191accfead3233","sha1": "6b635d8cd68ddaf51b359bd7e89532dbbd5d259d","md5": "2c72603b0a0eca71965014b9e7d79c64"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setData.js","md5": "0b20eae82f22a5883f7713e6611ec9e6","sha1": "27ba08bcf3045df1eb5bc20514f6532d51049445","sha256": "1fedd970934b9090fc8bc52e4e10d81e5319ec1909cbe08a0868d4e25ae1e79e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setData.js","sha256": "1fedd970934b9090fc8bc52e4e10d81e5319ec1909cbe08a0868d4e25ae1e79e","sha1": "27ba08bcf3045df1eb5bc20514f6532d51049445","md5": "0b20eae82f22a5883f7713e6611ec9e6"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setData.js","sha256": "1fedd970934b9090fc8bc52e4e10d81e5319ec1909cbe08a0868d4e25ae1e79e","sha1": "27ba08bcf3045df1eb5bc20514f6532d51049445","md5": "0b20eae82f22a5883f7713e6611ec9e6"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setData.js","sha256": "1fedd970934b9090fc8bc52e4e10d81e5319ec1909cbe08a0868d4e25ae1e79e","sha1": "27ba08bcf3045df1eb5bc20514f6532d51049445","md5": "0b20eae82f22a5883f7713e6611ec9e6"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setToArray.js","md5": "be494eed7ef92202ed77f3f44bfb8936","sha1": "8aa29aac79d989a3642638ba90120860d6e7cfd0","sha256": "814c80519a194b7bff82784e06c2d6c69ec9e64e03b515932dd5bba81c60fd49","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setToArray.js","sha256": "814c80519a194b7bff82784e06c2d6c69ec9e64e03b515932dd5bba81c60fd49","sha1": "8aa29aac79d989a3642638ba90120860d6e7cfd0","md5": "be494eed7ef92202ed77f3f44bfb8936"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setToArray.js","sha256": "814c80519a194b7bff82784e06c2d6c69ec9e64e03b515932dd5bba81c60fd49","sha1": "8aa29aac79d989a3642638ba90120860d6e7cfd0","md5": "be494eed7ef92202ed77f3f44bfb8936"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setToArray.js","sha256": "814c80519a194b7bff82784e06c2d6c69ec9e64e03b515932dd5bba81c60fd49","sha1": "8aa29aac79d989a3642638ba90120860d6e7cfd0","md5": "be494eed7ef92202ed77f3f44bfb8936"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setToPairs.js","md5": "728de7f796af926adcd3f4ba0d87687f","sha1": "8f144b728d7afc8059364769d27708f6f30f1bc9","sha256": "7e9e3e26490ddc2ddb0f86ba88dffd19c3ba543e473035547e9d1c7a28f746f4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setToPairs.js","sha256": "7e9e3e26490ddc2ddb0f86ba88dffd19c3ba543e473035547e9d1c7a28f746f4","sha1": "8f144b728d7afc8059364769d27708f6f30f1bc9","md5": "728de7f796af926adcd3f4ba0d87687f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setToPairs.js","sha256": "7e9e3e26490ddc2ddb0f86ba88dffd19c3ba543e473035547e9d1c7a28f746f4","sha1": "8f144b728d7afc8059364769d27708f6f30f1bc9","md5": "728de7f796af926adcd3f4ba0d87687f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToPairs.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setToPairs.js","sha256": "7e9e3e26490ddc2ddb0f86ba88dffd19c3ba543e473035547e9d1c7a28f746f4","sha1": "8f144b728d7afc8059364769d27708f6f30f1bc9","md5": "728de7f796af926adcd3f4ba0d87687f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setToString.js","md5": "f1fa947e65c65677eb4f67e84b8a6c2f","sha1": "525d4e7a92d2f5de834b7199c926bf05e5863e02","sha256": "86eee99d2a2d984255dd6c7d3ac25ab918808e9777311acf7fbc3adbd45879e7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setToString.js","sha256": "86eee99d2a2d984255dd6c7d3ac25ab918808e9777311acf7fbc3adbd45879e7","sha1": "525d4e7a92d2f5de834b7199c926bf05e5863e02","md5": "f1fa947e65c65677eb4f67e84b8a6c2f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setToString.js","sha256": "86eee99d2a2d984255dd6c7d3ac25ab918808e9777311acf7fbc3adbd45879e7","sha1": "525d4e7a92d2f5de834b7199c926bf05e5863e02","md5": "f1fa947e65c65677eb4f67e84b8a6c2f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setToString.js","sha256": "86eee99d2a2d984255dd6c7d3ac25ab918808e9777311acf7fbc3adbd45879e7","sha1": "525d4e7a92d2f5de834b7199c926bf05e5863e02","md5": "f1fa947e65c65677eb4f67e84b8a6c2f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setWrapToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_setWrapToString.js","md5": "c5c9dfcb4ed581b9006bc847b572f1c9","sha1": "e1129dc30bd9fe222dc11cf9d319f2d16cf02f82","sha256": "cecf7bcaf5a4b8f7ca83d3bf57a27c3874d2f18742ed7f18452beca3eb64d6af","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setWrapToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_setWrapToString.js","sha256": "cecf7bcaf5a4b8f7ca83d3bf57a27c3874d2f18742ed7f18452beca3eb64d6af","sha1": "e1129dc30bd9fe222dc11cf9d319f2d16cf02f82","md5": "c5c9dfcb4ed581b9006bc847b572f1c9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setWrapToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_setWrapToString.js","sha256": "cecf7bcaf5a4b8f7ca83d3bf57a27c3874d2f18742ed7f18452beca3eb64d6af","sha1": "e1129dc30bd9fe222dc11cf9d319f2d16cf02f82","md5": "c5c9dfcb4ed581b9006bc847b572f1c9"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _setWrapToString.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_setWrapToString.js","sha256": "cecf7bcaf5a4b8f7ca83d3bf57a27c3874d2f18742ed7f18452beca3eb64d6af","sha1": "e1129dc30bd9fe222dc11cf9d319f2d16cf02f82","md5": "c5c9dfcb4ed581b9006bc847b572f1c9"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shortOut.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_shortOut.js","md5": "2ed663f3d541d558c9bda24186e9c78e","sha1": "2b821fd23499f0583817e801c9ec1aa7fabac0b5","sha256": "22851e1eb10e731a812bdf627957cabc535cc320e00e44170b692fc210c0aaad","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shortOut.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_shortOut.js","sha256": "22851e1eb10e731a812bdf627957cabc535cc320e00e44170b692fc210c0aaad","sha1": "2b821fd23499f0583817e801c9ec1aa7fabac0b5","md5": "2ed663f3d541d558c9bda24186e9c78e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shortOut.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_shortOut.js","sha256": "22851e1eb10e731a812bdf627957cabc535cc320e00e44170b692fc210c0aaad","sha1": "2b821fd23499f0583817e801c9ec1aa7fabac0b5","md5": "2ed663f3d541d558c9bda24186e9c78e"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shortOut.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_shortOut.js","sha256": "22851e1eb10e731a812bdf627957cabc535cc320e00e44170b692fc210c0aaad","sha1": "2b821fd23499f0583817e801c9ec1aa7fabac0b5","md5": "2ed663f3d541d558c9bda24186e9c78e"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shuffleSelf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_shuffleSelf.js","md5": "c86b433c1d9f0f3986297d2cd6020a42","sha1": "d384018a208bad370c0fa749fe1a7abdcf7d1550","sha256": "62043164438968ce5b8c7277d87777cb965bc97add797f314c464bd60ca4cd3a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shuffleSelf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_shuffleSelf.js","sha256": "62043164438968ce5b8c7277d87777cb965bc97add797f314c464bd60ca4cd3a","sha1": "d384018a208bad370c0fa749fe1a7abdcf7d1550","md5": "c86b433c1d9f0f3986297d2cd6020a42"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shuffleSelf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_shuffleSelf.js","sha256": "62043164438968ce5b8c7277d87777cb965bc97add797f314c464bd60ca4cd3a","sha1": "d384018a208bad370c0fa749fe1a7abdcf7d1550","md5": "c86b433c1d9f0f3986297d2cd6020a42"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _shuffleSelf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_shuffleSelf.js","sha256": "62043164438968ce5b8c7277d87777cb965bc97add797f314c464bd60ca4cd3a","sha1": "d384018a208bad370c0fa749fe1a7abdcf7d1550","md5": "c86b433c1d9f0f3986297d2cd6020a42"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stackClear.js","md5": "924e942ef65a6c59f125151eaaaaf38a","sha1": "f10a4d85636bf0a0495cb7222575c139c2963466","sha256": "89b580cfc2b47c5aba05bd124b807b82d007fa106ee3a7c9e61205c72cf654d0","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stackClear.js","sha256": "89b580cfc2b47c5aba05bd124b807b82d007fa106ee3a7c9e61205c72cf654d0","sha1": "f10a4d85636bf0a0495cb7222575c139c2963466","md5": "924e942ef65a6c59f125151eaaaaf38a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stackClear.js","sha256": "89b580cfc2b47c5aba05bd124b807b82d007fa106ee3a7c9e61205c72cf654d0","sha1": "f10a4d85636bf0a0495cb7222575c139c2963466","md5": "924e942ef65a6c59f125151eaaaaf38a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackClear.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stackClear.js","sha256": "89b580cfc2b47c5aba05bd124b807b82d007fa106ee3a7c9e61205c72cf654d0","sha1": "f10a4d85636bf0a0495cb7222575c139c2963466","md5": "924e942ef65a6c59f125151eaaaaf38a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stackDelete.js","md5": "a0fc04519ee9e1864d44db2c264ee054","sha1": "0035fcf868dd14e85188c010466ead0b44caddc4","sha256": "2d769f2390c318fd300f07e9c3cfd4e0d1f2d9857316b03aa416ed2b14636f88","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stackDelete.js","sha256": "2d769f2390c318fd300f07e9c3cfd4e0d1f2d9857316b03aa416ed2b14636f88","sha1": "0035fcf868dd14e85188c010466ead0b44caddc4","md5": "a0fc04519ee9e1864d44db2c264ee054"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stackDelete.js","sha256": "2d769f2390c318fd300f07e9c3cfd4e0d1f2d9857316b03aa416ed2b14636f88","sha1": "0035fcf868dd14e85188c010466ead0b44caddc4","md5": "a0fc04519ee9e1864d44db2c264ee054"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackDelete.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stackDelete.js","sha256": "2d769f2390c318fd300f07e9c3cfd4e0d1f2d9857316b03aa416ed2b14636f88","sha1": "0035fcf868dd14e85188c010466ead0b44caddc4","md5": "a0fc04519ee9e1864d44db2c264ee054"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stackGet.js","md5": "691fe6ce99d55fb5a5098e22dffbf755","sha1": "edd10aa8b1688c112def671585164abd168f7dc7","sha256": "0681d6e2e14cb4d0fb1a2f893dd25fff38fcbdfc6f2cc12989d8c946e7055973","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stackGet.js","sha256": "0681d6e2e14cb4d0fb1a2f893dd25fff38fcbdfc6f2cc12989d8c946e7055973","sha1": "edd10aa8b1688c112def671585164abd168f7dc7","md5": "691fe6ce99d55fb5a5098e22dffbf755"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stackGet.js","sha256": "0681d6e2e14cb4d0fb1a2f893dd25fff38fcbdfc6f2cc12989d8c946e7055973","sha1": "edd10aa8b1688c112def671585164abd168f7dc7","md5": "691fe6ce99d55fb5a5098e22dffbf755"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackGet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stackGet.js","sha256": "0681d6e2e14cb4d0fb1a2f893dd25fff38fcbdfc6f2cc12989d8c946e7055973","sha1": "edd10aa8b1688c112def671585164abd168f7dc7","md5": "691fe6ce99d55fb5a5098e22dffbf755"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stackHas.js","md5": "00b5022a10a19615a2cba6f65827b0cb","sha1": "2c66efa2be2222610dae4edfe711b8b0d9a55a60","sha256": "b61639cbc8c10a724c7de827483fd5e0e92db13f8b8e1ef81cbca8bc242bb4f8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stackHas.js","sha256": "b61639cbc8c10a724c7de827483fd5e0e92db13f8b8e1ef81cbca8bc242bb4f8","sha1": "2c66efa2be2222610dae4edfe711b8b0d9a55a60","md5": "00b5022a10a19615a2cba6f65827b0cb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stackHas.js","sha256": "b61639cbc8c10a724c7de827483fd5e0e92db13f8b8e1ef81cbca8bc242bb4f8","sha1": "2c66efa2be2222610dae4edfe711b8b0d9a55a60","md5": "00b5022a10a19615a2cba6f65827b0cb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackHas.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stackHas.js","sha256": "b61639cbc8c10a724c7de827483fd5e0e92db13f8b8e1ef81cbca8bc242bb4f8","sha1": "2c66efa2be2222610dae4edfe711b8b0d9a55a60","md5": "00b5022a10a19615a2cba6f65827b0cb"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stackSet.js","md5": "23c06bbd7ff9417adb32cead48ca8ba5","sha1": "54d1b0f6e92c9327efb7142d082bea43f49521a4","sha256": "ac5abfcc087211a21f7d3087e3919febed9c1780dbc74cce3a007886ba5fc86a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stackSet.js","sha256": "ac5abfcc087211a21f7d3087e3919febed9c1780dbc74cce3a007886ba5fc86a","sha1": "54d1b0f6e92c9327efb7142d082bea43f49521a4","md5": "23c06bbd7ff9417adb32cead48ca8ba5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stackSet.js","sha256": "ac5abfcc087211a21f7d3087e3919febed9c1780dbc74cce3a007886ba5fc86a","sha1": "54d1b0f6e92c9327efb7142d082bea43f49521a4","md5": "23c06bbd7ff9417adb32cead48ca8ba5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stackSet.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stackSet.js","sha256": "ac5abfcc087211a21f7d3087e3919febed9c1780dbc74cce3a007886ba5fc86a","sha1": "54d1b0f6e92c9327efb7142d082bea43f49521a4","md5": "23c06bbd7ff9417adb32cead48ca8ba5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_strictIndexOf.js","md5": "58b44b129458cb4a32a81693e64269a0","sha1": "4d373aae516f6097b486413f2e0815c73aa37bdb","sha256": "394592bfc902ec6451478cee5e466052e8358d0ffbee50d31419d26d8d14ff00","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_strictIndexOf.js","sha256": "394592bfc902ec6451478cee5e466052e8358d0ffbee50d31419d26d8d14ff00","sha1": "4d373aae516f6097b486413f2e0815c73aa37bdb","md5": "58b44b129458cb4a32a81693e64269a0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_strictIndexOf.js","sha256": "394592bfc902ec6451478cee5e466052e8358d0ffbee50d31419d26d8d14ff00","sha1": "4d373aae516f6097b486413f2e0815c73aa37bdb","md5": "58b44b129458cb4a32a81693e64269a0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_strictIndexOf.js","sha256": "394592bfc902ec6451478cee5e466052e8358d0ffbee50d31419d26d8d14ff00","sha1": "4d373aae516f6097b486413f2e0815c73aa37bdb","md5": "58b44b129458cb4a32a81693e64269a0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictLastIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_strictLastIndexOf.js","md5": "2ca03de1dcf8ed0f4918d965a3738840","sha1": "541978faa200571da921f5cee0c141cca0436237","sha256": "5b153f6bcf9bdfce038bbab5253ff345a1383386d8aa296a96f4dfe1edb52f77","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictLastIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_strictLastIndexOf.js","sha256": "5b153f6bcf9bdfce038bbab5253ff345a1383386d8aa296a96f4dfe1edb52f77","sha1": "541978faa200571da921f5cee0c141cca0436237","md5": "2ca03de1dcf8ed0f4918d965a3738840"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictLastIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_strictLastIndexOf.js","sha256": "5b153f6bcf9bdfce038bbab5253ff345a1383386d8aa296a96f4dfe1edb52f77","sha1": "541978faa200571da921f5cee0c141cca0436237","md5": "2ca03de1dcf8ed0f4918d965a3738840"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _strictLastIndexOf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_strictLastIndexOf.js","sha256": "5b153f6bcf9bdfce038bbab5253ff345a1383386d8aa296a96f4dfe1edb52f77","sha1": "541978faa200571da921f5cee0c141cca0436237","md5": "2ca03de1dcf8ed0f4918d965a3738840"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stringSize.js","md5": "6a1665c02c276c55b7eeb24ca0a857fe","sha1": "2c19f863e40752a52b8d3347e8b05c8afb61a4d6","sha256": "45a57e04488b34752ef93b02fbcf4fc62f8b0823d9ba0096f8bdc470110f5df7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stringSize.js","sha256": "45a57e04488b34752ef93b02fbcf4fc62f8b0823d9ba0096f8bdc470110f5df7","sha1": "2c19f863e40752a52b8d3347e8b05c8afb61a4d6","md5": "6a1665c02c276c55b7eeb24ca0a857fe"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stringSize.js","sha256": "45a57e04488b34752ef93b02fbcf4fc62f8b0823d9ba0096f8bdc470110f5df7","sha1": "2c19f863e40752a52b8d3347e8b05c8afb61a4d6","md5": "6a1665c02c276c55b7eeb24ca0a857fe"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stringSize.js","sha256": "45a57e04488b34752ef93b02fbcf4fc62f8b0823d9ba0096f8bdc470110f5df7","sha1": "2c19f863e40752a52b8d3347e8b05c8afb61a4d6","md5": "6a1665c02c276c55b7eeb24ca0a857fe"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stringToArray.js","md5": "347d01063ffd2da61bc1cc5f625d2437","sha1": "051613c1b18c5156a676b197586fb0e2c1acd0ec","sha256": "df8f719c2232705da60cfe935227c5dc7edd6990016319ab842d3c03c15d07e8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stringToArray.js","sha256": "df8f719c2232705da60cfe935227c5dc7edd6990016319ab842d3c03c15d07e8","sha1": "051613c1b18c5156a676b197586fb0e2c1acd0ec","md5": "347d01063ffd2da61bc1cc5f625d2437"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stringToArray.js","sha256": "df8f719c2232705da60cfe935227c5dc7edd6990016319ab842d3c03c15d07e8","sha1": "051613c1b18c5156a676b197586fb0e2c1acd0ec","md5": "347d01063ffd2da61bc1cc5f625d2437"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stringToArray.js","sha256": "df8f719c2232705da60cfe935227c5dc7edd6990016319ab842d3c03c15d07e8","sha1": "051613c1b18c5156a676b197586fb0e2c1acd0ec","md5": "347d01063ffd2da61bc1cc5f625d2437"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_stringToPath.js","md5": "e544395d4e654f80825c5be97b26be97","sha1": "90f48337b274bc8475116e992fa8cad995a4029e","sha256": "59db820071a2b05418f75fd3a41a6b519a10e25fd1257355bca7240a21690ca1","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_stringToPath.js","sha256": "59db820071a2b05418f75fd3a41a6b519a10e25fd1257355bca7240a21690ca1","sha1": "90f48337b274bc8475116e992fa8cad995a4029e","md5": "e544395d4e654f80825c5be97b26be97"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_stringToPath.js","sha256": "59db820071a2b05418f75fd3a41a6b519a10e25fd1257355bca7240a21690ca1","sha1": "90f48337b274bc8475116e992fa8cad995a4029e","md5": "e544395d4e654f80825c5be97b26be97"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _stringToPath.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_stringToPath.js","sha256": "59db820071a2b05418f75fd3a41a6b519a10e25fd1257355bca7240a21690ca1","sha1": "90f48337b274bc8475116e992fa8cad995a4029e","md5": "e544395d4e654f80825c5be97b26be97"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_toKey.js","md5": "fa125c857965a86b56d486c7096082b4","sha1": "e24143e8602a9acd35301e6462b03c6ef0d94bc9","sha256": "16f6bb9f50ab65818dca375f29bb77f72e6c073bd06a804856dcc476ed224eec","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_toKey.js","sha256": "16f6bb9f50ab65818dca375f29bb77f72e6c073bd06a804856dcc476ed224eec","sha1": "e24143e8602a9acd35301e6462b03c6ef0d94bc9","md5": "fa125c857965a86b56d486c7096082b4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_toKey.js","sha256": "16f6bb9f50ab65818dca375f29bb77f72e6c073bd06a804856dcc476ed224eec","sha1": "e24143e8602a9acd35301e6462b03c6ef0d94bc9","md5": "fa125c857965a86b56d486c7096082b4"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toKey.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_toKey.js","sha256": "16f6bb9f50ab65818dca375f29bb77f72e6c073bd06a804856dcc476ed224eec","sha1": "e24143e8602a9acd35301e6462b03c6ef0d94bc9","md5": "fa125c857965a86b56d486c7096082b4"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toSource.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_toSource.js","md5": "e607ffda357f62fbcf816728c4a65d20","sha1": "12282cc7f18c3c7446129f547741c3998b6caf18","sha256": "aa142c3fcb0dab692297bf7acb158e174c0667984561a02beec890f6c3c7cc2b","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toSource.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_toSource.js","sha256": "aa142c3fcb0dab692297bf7acb158e174c0667984561a02beec890f6c3c7cc2b","sha1": "12282cc7f18c3c7446129f547741c3998b6caf18","md5": "e607ffda357f62fbcf816728c4a65d20"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toSource.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_toSource.js","sha256": "aa142c3fcb0dab692297bf7acb158e174c0667984561a02beec890f6c3c7cc2b","sha1": "12282cc7f18c3c7446129f547741c3998b6caf18","md5": "e607ffda357f62fbcf816728c4a65d20"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _toSource.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_toSource.js","sha256": "aa142c3fcb0dab692297bf7acb158e174c0667984561a02beec890f6c3c7cc2b","sha1": "12282cc7f18c3c7446129f547741c3998b6caf18","md5": "e607ffda357f62fbcf816728c4a65d20"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _trimmedEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_trimmedEndIndex.js","md5": "48cd64d6adfc6f2f308a84f85698572b","sha1": "fb87fefa2d27150aafd3bd7b8842a7d0f9338ef9","sha256": "edd88c7e95d5a3d2aaaa1656fc7e231583108ea358685eb113239d95a4e47433","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _trimmedEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_trimmedEndIndex.js","sha256": "edd88c7e95d5a3d2aaaa1656fc7e231583108ea358685eb113239d95a4e47433","sha1": "fb87fefa2d27150aafd3bd7b8842a7d0f9338ef9","md5": "48cd64d6adfc6f2f308a84f85698572b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _trimmedEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_trimmedEndIndex.js","sha256": "edd88c7e95d5a3d2aaaa1656fc7e231583108ea358685eb113239d95a4e47433","sha1": "fb87fefa2d27150aafd3bd7b8842a7d0f9338ef9","md5": "48cd64d6adfc6f2f308a84f85698572b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _trimmedEndIndex.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_trimmedEndIndex.js","sha256": "edd88c7e95d5a3d2aaaa1656fc7e231583108ea358685eb113239d95a4e47433","sha1": "fb87fefa2d27150aafd3bd7b8842a7d0f9338ef9","md5": "48cd64d6adfc6f2f308a84f85698572b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unescapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_unescapeHtmlChar.js","md5": "4be16d77ceba08fce71cc504c3433c1c","sha1": "345300e6aa36d8b10133adfc3672efc630f77822","sha256": "39f416c25d42f786694256f99d466d239c6386f72d1837723f3b5cac585fe90c","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unescapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_unescapeHtmlChar.js","sha256": "39f416c25d42f786694256f99d466d239c6386f72d1837723f3b5cac585fe90c","sha1": "345300e6aa36d8b10133adfc3672efc630f77822","md5": "4be16d77ceba08fce71cc504c3433c1c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unescapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_unescapeHtmlChar.js","sha256": "39f416c25d42f786694256f99d466d239c6386f72d1837723f3b5cac585fe90c","sha1": "345300e6aa36d8b10133adfc3672efc630f77822","md5": "4be16d77ceba08fce71cc504c3433c1c"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unescapeHtmlChar.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_unescapeHtmlChar.js","sha256": "39f416c25d42f786694256f99d466d239c6386f72d1837723f3b5cac585fe90c","sha1": "345300e6aa36d8b10133adfc3672efc630f77822","md5": "4be16d77ceba08fce71cc504c3433c1c"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_unicodeSize.js","md5": "dd199851509af6f21e4162d0a0331bee","sha1": "4ef1b8b07c56ba22c273f20ce1f43c99d9e646af","sha256": "afd590da7f18e94393e8e744e1bf58bb6c619b5d56c9919650314cc78b93d45a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_unicodeSize.js","sha256": "afd590da7f18e94393e8e744e1bf58bb6c619b5d56c9919650314cc78b93d45a","sha1": "4ef1b8b07c56ba22c273f20ce1f43c99d9e646af","md5": "dd199851509af6f21e4162d0a0331bee"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_unicodeSize.js","sha256": "afd590da7f18e94393e8e744e1bf58bb6c619b5d56c9919650314cc78b93d45a","sha1": "4ef1b8b07c56ba22c273f20ce1f43c99d9e646af","md5": "dd199851509af6f21e4162d0a0331bee"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeSize.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_unicodeSize.js","sha256": "afd590da7f18e94393e8e744e1bf58bb6c619b5d56c9919650314cc78b93d45a","sha1": "4ef1b8b07c56ba22c273f20ce1f43c99d9e646af","md5": "dd199851509af6f21e4162d0a0331bee"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_unicodeToArray.js","md5": "523fa0853c2935cf48d32e4a7393d165","sha1": "a9378af7302c381a5f82467c32de3111ca597877","sha256": "79eaf1570bb18732be65875ef7fd233b8aac09402d1b905b75bfeed06478a843","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_unicodeToArray.js","sha256": "79eaf1570bb18732be65875ef7fd233b8aac09402d1b905b75bfeed06478a843","sha1": "a9378af7302c381a5f82467c32de3111ca597877","md5": "523fa0853c2935cf48d32e4a7393d165"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_unicodeToArray.js","sha256": "79eaf1570bb18732be65875ef7fd233b8aac09402d1b905b75bfeed06478a843","sha1": "a9378af7302c381a5f82467c32de3111ca597877","md5": "523fa0853c2935cf48d32e4a7393d165"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeToArray.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_unicodeToArray.js","sha256": "79eaf1570bb18732be65875ef7fd233b8aac09402d1b905b75bfeed06478a843","sha1": "a9378af7302c381a5f82467c32de3111ca597877","md5": "523fa0853c2935cf48d32e4a7393d165"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_unicodeWords.js","md5": "88a5bfe0dafe46298fa1ca426261ce3f","sha1": "70d7dad3b79c471cce28fb00f4d9491c6d14de30","sha256": "22d133a81bafe13cc6260cdc7a4f16085c1fb5353d8e334a5e66b6321909bb42","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_unicodeWords.js","sha256": "22d133a81bafe13cc6260cdc7a4f16085c1fb5353d8e334a5e66b6321909bb42","sha1": "70d7dad3b79c471cce28fb00f4d9491c6d14de30","md5": "88a5bfe0dafe46298fa1ca426261ce3f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_unicodeWords.js","sha256": "22d133a81bafe13cc6260cdc7a4f16085c1fb5353d8e334a5e66b6321909bb42","sha1": "70d7dad3b79c471cce28fb00f4d9491c6d14de30","md5": "88a5bfe0dafe46298fa1ca426261ce3f"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _unicodeWords.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_unicodeWords.js","sha256": "22d133a81bafe13cc6260cdc7a4f16085c1fb5353d8e334a5e66b6321909bb42","sha1": "70d7dad3b79c471cce28fb00f4d9491c6d14de30","md5": "88a5bfe0dafe46298fa1ca426261ce3f"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _updateWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_updateWrapDetails.js","md5": "43d6c5bd1dd80f9a824041b8a9b1c5c5","sha1": "2ef2e983cdda0be8c850d7e59d570862ce6b64d7","sha256": "bdbd4703c6576d9891ad2f03f4ed93a79f48a2b95951376f565485a6fa0a1ec4","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _updateWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_updateWrapDetails.js","sha256": "bdbd4703c6576d9891ad2f03f4ed93a79f48a2b95951376f565485a6fa0a1ec4","sha1": "2ef2e983cdda0be8c850d7e59d570862ce6b64d7","md5": "43d6c5bd1dd80f9a824041b8a9b1c5c5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _updateWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_updateWrapDetails.js","sha256": "bdbd4703c6576d9891ad2f03f4ed93a79f48a2b95951376f565485a6fa0a1ec4","sha1": "2ef2e983cdda0be8c850d7e59d570862ce6b64d7","md5": "43d6c5bd1dd80f9a824041b8a9b1c5c5"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _updateWrapDetails.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_updateWrapDetails.js","sha256": "bdbd4703c6576d9891ad2f03f4ed93a79f48a2b95951376f565485a6fa0a1ec4","sha1": "2ef2e983cdda0be8c850d7e59d570862ce6b64d7","md5": "43d6c5bd1dd80f9a824041b8a9b1c5c5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _util.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/_util.js","md5": "4a05220cf49386c37c0b548adcb57aeb","sha1": "5fbff66b69ff1dbdde5f1f64e9965ba5f63ecc94","sha256": "01f3918232f19d495715e676df3e6aa0e9d85e966de3f28fc78f3f52e69d99c7","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _util.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/_util.js","sha256": "01f3918232f19d495715e676df3e6aa0e9d85e966de3f28fc78f3f52e69d99c7","sha1": "5fbff66b69ff1dbdde5f1f64e9965ba5f63ecc94","md5": "4a05220cf49386c37c0b548adcb57aeb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _util.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/_util.js","sha256": "01f3918232f19d495715e676df3e6aa0e9d85e966de3f28fc78f3f52e69d99c7","sha1": "5fbff66b69ff1dbdde5f1f64e9965ba5f63ecc94","md5": "4a05220cf49386c37c0b548adcb57aeb"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _util.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/_util.js","sha256": "01f3918232f19d495715e676df3e6aa0e9d85e966de3f28fc78f3f52e69d99c7","sha1": "5fbff66b69ff1dbdde5f1f64e9965ba5f63ecc94","md5": "4a05220cf49386c37c0b548adcb57aeb"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _wrapperClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/_wrapperClone.js","md5": "4ed3e078e09a34cf095f14f66d634a3a","sha1": "c54b050119a2a1ad75146508a03ed4a78ab9b5fb","sha256": "222b8e99ac3dda61e98e8d31994e45a4603720b6c1e6b453c2c14ec096bd81ba","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _wrapperClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/_wrapperClone.js","sha256": "222b8e99ac3dda61e98e8d31994e45a4603720b6c1e6b453c2c14ec096bd81ba","sha1": "c54b050119a2a1ad75146508a03ed4a78ab9b5fb","md5": "4ed3e078e09a34cf095f14f66d634a3a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _wrapperClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/_wrapperClone.js","sha256": "222b8e99ac3dda61e98e8d31994e45a4603720b6c1e6b453c2c14ec096bd81ba","sha1": "c54b050119a2a1ad75146508a03ed4a78ab9b5fb","md5": "4ed3e078e09a34cf095f14f66d634a3a"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: _wrapperClone.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/_wrapperClone.js","sha256": "222b8e99ac3dda61e98e8d31994e45a4603720b6c1e6b453c2c14ec096bd81ba","sha1": "c54b050119a2a1ad75146508a03ed4a78ab9b5fb","md5": "4ed3e078e09a34cf095f14f66d634a3a"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: aaa.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/istanbul\/node_modules\/resolve\/test\/precedence\/aaa.js","md5": "a3fe402d31ff03687d8c80d072933566","sha1": "9c2d3ffdc41f1567d64612167fc763c4a4390eef","sha256": "c60f73ae57f57095962e3052984ded235bfc0c79785e5ac44aca8c496f6d0763","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: aaa.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/resolve\/test\/precedence\/aaa.js","md5": "49163d248668737d115fc3d13361d34c","sha1": "250d6bb5158fc0824467fd7fe577800cad939729","sha256": "a49a7ae6beb9fb73f1507aacb3365e395d1d18a60790339d2fcb421163f26db2","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: abbrev.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/abbrev\/abbrev.js","md5": "7a15b8fe67321134796aa0efe08015d0","sha1": "b75c6b10bbfac1092ef493079ae044cc89824dc0","sha256": "17c7c4c5ba278eacdf05f8e62243edda7036c39f4b61448aa753c77b078a11ed","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: abort.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/qjobs\/tests\/abort.js","md5": "7a5ee0bc59e4b09833dfdaf14ba2ecb2","sha1": "b02b67d8f8de50343b31b809badfcd0286ce3fbf","sha256": "7d6572456c476ec7daba99aa93f3d099cd3d25854274c74414bba959f0bcb5b6","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: acceptData.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/data\/var\/acceptData.js","md5": "784eb09770f6731c4fb5c57207955cfb","sha1": "6f1a8e3bbd06b58c996d0b770371968316e13c0b","sha256": "df9bb083e3899397124dcecfeede435a76c799f451570ddf99ada79efb1fa374","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: access.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/core\/access.js","md5": "b4ece90fc559a85c6b8387292746f7d9","sha1": "b2881df4a5160e8442758f4518ae016ba5ab694c","sha256": "c8be48adaba694f65e02b3a39e31d7c6199c12696f6c117762b1218389ca84cd","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: action.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/argparse\/lib\/action.js","md5": "54bf55f66e620492ef6d65c185df4a29","sha1": "f456591b0880d26b0dc01874a4253258c4603f29","sha256": "773b4e9300210321067744f4023cde58d299de00fb87e9e55ddbcd78978a525c","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: action_container.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/argparse\/lib\/action_container.js","md5": "641012824fcc0f1219e99c7a2b7dad9c","sha1": "8a83edbd31fe82f0e9b7c11f6eac109afbdc20a0","sha256": "4d594dd87587d58d3cada83e0d3bc105fbc9f48cab72daf72d8c77632bc5b9ab","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: adapter.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma-jasmine\/lib\/adapter.js","md5": "3461d5de91fe25946b130305e4cc491b","sha1": "3098011cfe00faa2a869a8cffce13f3befc1a035","sha256": "ee364fae08abbe741cb3c384aabb1aa8674f58db974549b6b6a3c02a78afe4b0","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: adapters.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/log4js\/lib\/appenders\/adapters.js","md5": "ee8d167f84e836e4bc3a234a985cba80","sha1": "1e117b889558c1b73f30dbf26941d97e2d91680e","sha256": "1e2665adbaaed8e2c9afa9e1e1b4526af09cf5dd5e87efc795fd737a9ebd31e0","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/add.js","md5": "5e970c715a3f2847f9f306099e0f2892","sha1": "69ccfa17792261411f27bd7166a6760e3e6e653d","sha256": "62192fb471bfa09a28cad119585b74a8dba2d6bbebb6ce2ca65c535a608e318a","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/add.js","sha256": "62192fb471bfa09a28cad119585b74a8dba2d6bbebb6ce2ca65c535a608e318a","sha1": "69ccfa17792261411f27bd7166a6760e3e6e653d","md5": "5e970c715a3f2847f9f306099e0f2892"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/add.js","sha256": "62192fb471bfa09a28cad119585b74a8dba2d6bbebb6ce2ca65c535a608e318a","sha1": "69ccfa17792261411f27bd7166a6760e3e6e653d","md5": "5e970c715a3f2847f9f306099e0f2892"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/add.js","sha256": "62192fb471bfa09a28cad119585b74a8dba2d6bbebb6ce2ca65c535a608e318a","sha1": "69ccfa17792261411f27bd7166a6760e3e6e653d","md5": "5e970c715a3f2847f9f306099e0f2892"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/add.js","md5": "18cc03766de26efec361476617cdb920","sha1": "9a7af31a7389d2b2b2ada006440c4cc5c2e42e14","sha256": "3c8763bbf119306791d3c708a37cb246bd4c7ccfc1170bf2fbcacd54f0cb7c5e","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/add.js","sha256": "3c8763bbf119306791d3c708a37cb246bd4c7ccfc1170bf2fbcacd54f0cb7c5e","sha1": "9a7af31a7389d2b2b2ada006440c4cc5c2e42e14","md5": "18cc03766de26efec361476617cdb920"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/add.js","sha256": "3c8763bbf119306791d3c708a37cb246bd4c7ccfc1170bf2fbcacd54f0cb7c5e","sha1": "9a7af31a7389d2b2b2ada006440c4cc5c2e42e14","md5": "18cc03766de26efec361476617cdb920"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: add.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/add.js","sha256": "3c8763bbf119306791d3c708a37cb246bd4c7ccfc1170bf2fbcacd54f0cb7c5e","sha1": "9a7af31a7389d2b2b2ada006440c4cc5c2e42e14","md5": "18cc03766de26efec361476617cdb920"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: addGetHookIf.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/css\/addGetHookIf.js","md5": "39e2ba4bf431074cde3dcef95d1ea269","sha1": "dbec6ebe5e770f7eaf98b1a9fa7f39d7be364f5d","sha256": "480b1f1c03dbcddfa6812989be4d296a7fb39a24c38eaeb06f6451aee64e93cf","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: added_formatters.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/argparse\/lib\/help\/added_formatters.js","md5": "75482e0b8d6be9ebe618574971afd31d","sha1": "f11d0e2721c248b6b1ebbda0ff1df4a22281b6b9","sha256": "204100289ecc4ecfe0d61cd98839e39698d9b2b0347db7d91dbcf3485649aeb5","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: adjustCSS.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/css\/adjustCSS.js","md5": "169433ca4be9ae40a6ae9acc5169611e","sha1": "0bb7eb763a95a94c4ec190ff48dfd81d9bad5c14","sha256": "d633b3d787f3f661fc0dd0654ef44516f6e91ae99ef13c3797a716d9a9aee362","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after-test.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/after\/test\/after-test.js","md5": "67e6ad46bf2d57898f647c50cc12816c","sha1": "422bbb7c115e39a4279075383e66ca7bcf30612a","sha256": "11736e6836f99771648276ab2bf4e88fc549856bf6d46cccb2af696c11ee8ee2","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/after.js","md5": "cef7654d119d37493c1f52ad8afa2a7b","sha1": "4d65d6ae8537ba01400d74e3540b52b463dc86eb","sha256": "ca045b1ae9e085d50cb03af9568f0523470138cef8b83246182f3fb81fa9f095","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/after.js","sha256": "ca045b1ae9e085d50cb03af9568f0523470138cef8b83246182f3fb81fa9f095","sha1": "4d65d6ae8537ba01400d74e3540b52b463dc86eb","md5": "cef7654d119d37493c1f52ad8afa2a7b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/after.js","sha256": "ca045b1ae9e085d50cb03af9568f0523470138cef8b83246182f3fb81fa9f095","sha1": "4d65d6ae8537ba01400d74e3540b52b463dc86eb","md5": "cef7654d119d37493c1f52ad8afa2a7b"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/after.js","sha256": "ca045b1ae9e085d50cb03af9568f0523470138cef8b83246182f3fb81fa9f095","sha1": "4d65d6ae8537ba01400d74e3540b52b463dc86eb","md5": "cef7654d119d37493c1f52ad8afa2a7b"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/after.js","md5": "9deb3632d086077d57e48fb52e9948b0","sha1": "b9b375ce8fc1a7d08495feac490844967e5c6ac0","sha256": "5945862af679efbdd90af501d700e42a938ad87d3c30ff70f69c7312aefd7f4d","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/after.js","sha256": "5945862af679efbdd90af501d700e42a938ad87d3c30ff70f69c7312aefd7f4d","sha1": "b9b375ce8fc1a7d08495feac490844967e5c6ac0","md5": "9deb3632d086077d57e48fb52e9948b0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/after.js","sha256": "5945862af679efbdd90af501d700e42a938ad87d3c30ff70f69c7312aefd7f4d","sha1": "b9b375ce8fc1a7d08495feac490844967e5c6ac0","md5": "9deb3632d086077d57e48fb52e9948b0"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: after.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/after.js","sha256": "5945862af679efbdd90af501d700e42a938ad87d3c30ff70f69c7312aefd7f4d","sha1": "b9b375ce8fc1a7d08495feac490844967e5c6ac0","md5": "9deb3632d086077d57e48fb52e9948b0"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: ajax-event-alias.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/deprecated\/ajax-event-alias.js","md5": "aa332a4467b72b2b928db1ea6080372d","sha1": "9bd247d64a8e8454bb94c2d29f87b8a6be064b0f","sha256": "2c6326a1bbd2eb9498bc9deac56638f8f1e518953fa3b074b73ba550e313d220","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: ajax.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/ajax.js","md5": "eb13d497f9257c7cc8dda0d9b359c6c9","sha1": "ef8c5b8a9dd57aa00de5979204941aecac872516","sha256": "7c487ede39570cc9245f82822507e98a4cb3ae060367391dffca2160ebd28b0f","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/all.js","md5": "b00f1016dd4d96fb69f93a01ee6ea7bd","sha1": "5997cd0ec43f3913d00453bc8b7f7b9ebd71e114","sha256": "ac04e84074a66f42b7b2a88b8b8e2d8338e7e4b11f3c2da804a2104521d1ed06","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: every.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/every.js","sha256": "ac04e84074a66f42b7b2a88b8b8e2d8338e7e4b11f3c2da804a2104521d1ed06","sha1": "5997cd0ec43f3913d00453bc8b7f7b9ebd71e114","md5": "b00f1016dd4d96fb69f93a01ee6ea7bd"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/all.js","md5": "10868e734db30925403e52ad01e844ea","sha1": "ca7a311804ca0107de2a6f00602710f36160c765","sha256": "7070c50b50b2d18208c13553a57f3a4f1110daf8c75ed0f574a8521d8403dc35","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/all.js","sha256": "7070c50b50b2d18208c13553a57f3a4f1110daf8c75ed0f574a8521d8403dc35","sha1": "ca7a311804ca0107de2a6f00602710f36160c765","md5": "10868e734db30925403e52ad01e844ea"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/all.js","sha256": "7070c50b50b2d18208c13553a57f3a4f1110daf8c75ed0f574a8521d8403dc35","sha1": "ca7a311804ca0107de2a6f00602710f36160c765","md5": "10868e734db30925403e52ad01e844ea"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/all.js","sha256": "7070c50b50b2d18208c13553a57f3a4f1110daf8c75ed0f574a8521d8403dc35","sha1": "ca7a311804ca0107de2a6f00602710f36160c765","md5": "10868e734db30925403e52ad01e844ea"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/neo-async\/all.js","md5": "2c7a08a7c8667f013f012bcfc2dd94ce","sha1": "c1b97e055645c9a99ef5caf1de1b9b202ee81f19","sha256": "70b0581b1193c34e8cc88c7463b3e00df969093be554428db3ea7a42b39509f5","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allLimit.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/allLimit.js","md5": "ab425839c39e8b75d5c063721750e6c1","sha1": "8b797eaeebf705bf7e5daa7186132679a0096d68","sha256": "2d1cd1da54be4081d6c77e3443eaba57f8d2ef5e28d4a02e9799db8166720300","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: everyLimit.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/everyLimit.js","sha256": "2d1cd1da54be4081d6c77e3443eaba57f8d2ef5e28d4a02e9799db8166720300","sha1": "8b797eaeebf705bf7e5daa7186132679a0096d68","md5": "ab425839c39e8b75d5c063721750e6c1"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allLimit.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/neo-async\/allLimit.js","md5": "ff1567c3b1df7f108079a276dc4e2883","sha1": "b964cad42419bc9d34538424342d176aa75be4c3","sha256": "49620ca652ccb25d7f61283ec93f623669ae9fe9d9283afa3ad194d3c6cde5d1","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allPass.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/allPass.js","md5": "d190fd5f6b2977890708511c24883a83","sha1": "d6accb07bf9f23b3d0f72ce21b787618d575da04","sha256": "e9c7408f1a61f16effa30e053eec3d716c3a4f96f8a76d4652f8c0f339fd2e47","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allPass.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/allPass.js","sha256": "e9c7408f1a61f16effa30e053eec3d716c3a4f96f8a76d4652f8c0f339fd2e47","sha1": "d6accb07bf9f23b3d0f72ce21b787618d575da04","md5": "d190fd5f6b2977890708511c24883a83"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allPass.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/allPass.js","sha256": "e9c7408f1a61f16effa30e053eec3d716c3a4f96f8a76d4652f8c0f339fd2e47","sha1": "d6accb07bf9f23b3d0f72ce21b787618d575da04","md5": "d190fd5f6b2977890708511c24883a83"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allPass.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/allPass.js","sha256": "e9c7408f1a61f16effa30e053eec3d716c3a4f96f8a76d4652f8c0f339fd2e47","sha1": "d6accb07bf9f23b3d0f72ce21b787618d575da04","md5": "d190fd5f6b2977890708511c24883a83"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allSeries.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/allSeries.js","md5": "14ddc109f5331469febfff2fab7dd2c5","sha1": "e85ce7422244513d0685962bcb56fdac2ecd1c91","sha256": "ce1add51a866249fcd26b37a4ea94409ef37d8130f120179a4c13c9ed94e2956","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: everySeries.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/everySeries.js","sha256": "ce1add51a866249fcd26b37a4ea94409ef37d8130f120179a4c13c9ed94e2956","sha1": "e85ce7422244513d0685962bcb56fdac2ecd1c91","md5": "14ddc109f5331469febfff2fab7dd2c5"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: allSeries.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/neo-async\/allSeries.js","md5": "d3ef7af206f9575be3b9637a7535ee3e","sha1": "37ec6db525e1cbb2005c10147631e262e44711da","sha256": "1f5deaa9d08567a3f52673aac4e09d4dff541253a1265d52589a1d66565be63a","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all_bool.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/minimist\/test\/all_bool.js","md5": "0760ebb3d89c37370beb0bdfebaacefa","sha1": "458c27b366ebfc0279bd6983c2e8164bb565f357","sha256": "f31578148a98d95d0877c68064800beba40b4b2d5eb3ff89b21ab136e5a67ad3","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all_bool.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/meow\/node_modules\/minimist\/test\/all_bool.js","sha256": "f31578148a98d95d0877c68064800beba40b4b2d5eb3ff89b21ab136e5a67ad3","sha1": "458c27b366ebfc0279bd6983c2e8164bb565f357","md5": "0760ebb3d89c37370beb0bdfebaacefa"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: all_bool.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/mkdirp\/node_modules\/minimist\/test\/all_bool.js","sha256": "f31578148a98d95d0877c68064800beba40b4b2d5eb3ff89b21ab136e5a67ad3","sha1": "458c27b366ebfc0279bd6983c2e8164bb565f357","md5": "0760ebb3d89c37370beb0bdfebaacefa"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: always.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/lodash\/fp\/always.js","md5": "95948a83beaa37cfdd7d7228ed7587d7","sha1": "d3c13a79ddd4488702c96b285bbfe2556ee67e17","sha256": "1049a38323bf3acb6690deeb6b33370f29e1eade6cec6af43115266105ffb9b8","relatedDependencies": [ {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: always.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/async\/node_modules\/lodash\/fp\/always.js","sha256": "1049a38323bf3acb6690deeb6b33370f29e1eade6cec6af43115266105ffb9b8","sha1": "d3c13a79ddd4488702c96b285bbfe2556ee67e17","md5": "95948a83beaa37cfdd7d7228ed7587d7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: always.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/karma\/node_modules\/lodash\/fp\/always.js","sha256": "1049a38323bf3acb6690deeb6b33370f29e1eade6cec6af43115266105ffb9b8","sha1": "d3c13a79ddd4488702c96b285bbfe2556ee67e17","md5": "95948a83beaa37cfdd7d7228ed7587d7"} , {"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: always.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/streamroller\/node_modules\/lodash\/fp\/always.js","sha256": "1049a38323bf3acb6690deeb6b33370f29e1eade6cec6af43115266105ffb9b8","sha1": "d3c13a79ddd4488702c96b285bbfe2556ee67e17","md5": "95948a83beaa37cfdd7d7228ed7587d7"}],"evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: amd.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/jquery\/src\/exports\/amd.js","md5": "0ce022aabd17f908da7d12221283b8ff","sha1": "97b53da41b2bc1bcd74b375f45f2ef5dfe6a6397","sha256": "4257e5b6a49b4409850d0c44cd8268e2146d9a264810f214c1a87f47463aeba7","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: amdefine.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/amdefine\/amdefine.js","md5": "f07f1590c4a38833776dbb3566144104","sha1": "c32efdee0dfcf5389e9b35dc24f45ff687ceec06","sha256": "b1f08e239801e70e358e63ab98bb5a6a6ed8570011882ecaac1aec495690b145","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: america.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/colors\/lib\/maps\/america.js","md5": "5088213a9db0e451ad6e583f6065cc31","sha1": "93197f184ae42006229373314e3df6e29b1602bb","sha256": "a8747ed6f9fde27c23d8374a87fa6a80898c72c9be80959b405382624c07ffb4","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: angelFall.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/neo-async\/angelFall.js","md5": "27182e5350b59b55a350beb5f003616f","sha1": "b877d2b52d4905b078e2b573a3777ffba8fb9663","sha256": "a1f82cccfe5653f3c5ef23978a5d3e2e5cca72a7226f6347ba9fe3dac008b462","evidenceCollected": {"vendorEvidence": [],"productEvidence": [],"versionEvidence": []}},{"isVirtual": false,"fileName": "file_to_scan.tar: pkg1_node_modules.tar: angular-mocks.js","filePath": "\/home\/ubuntu\/Proyects\/devsecops-engine-tools\/data\/scan\/dependencies_to_scan\/file_to_scan.tar\/dependencies_to_scan\/pkg1_node_modules.tar\/node_modules\/angular-mocks\/angular-mocks.js","md5": "6c2d0441ec21c0feb6379e729eedd0d5","sha1": "e29b31c2d37eb3edaad1cb155df8b5c188957633","sha256": "0dfa5d383ddff1f0d4486118b53851a8b6a738b2928ec84eedb5fdc47d1e62f8","evidenceCollected": {"vendorEvidence": [{"type": "vendor","confidence": "HIGH","source": "file","name": "name","value": "angularjs"}],"productEvidence": [{"type": "product","confidence": "HIGH","source": "file","name": "name","value": "angularjs"}],"versionEvidence": [{"type": "version","confidence": "HIGH","source": "file","name": "version","value": "1.8.3"}]},"packages": [{"id": "pkg:javascript\/angularjs@1.8.3","confidence": "HIGHEST","url": "https:\/\/ossindex.sonatype.org\/component\/pkg:javascript\/angularjs@1.8.3?utm_source=dependency-check&utm_medium=integration&utm_content=10.0.4"}],"vulnerabilities": [ {"source": "NVD","name": "CVE-2022-25844","severity" : "HIGH","cvssv2": {"score": 5.0 ,"accessVector": "NETWORK","accessComplexity": "LOW","authenticationr": "NONE","confidentialityImpact": "NONE","integrityImpact": "NONE","availabilityImpact": "PARTIAL","severity": "MEDIUM","version": "2.0","exploitabilityScore": "10.0","impactScore": "2.9"},"cvssv3": {"baseScore": 7.5 ,"attackVector": "NETWORK","attackComplexity": "LOW","privilegesRequired": "NONE","userInteraction": "NONE","scope": "UNCHANGED","confidentialityImpact": "NONE","integrityImpact": "NONE","availabilityImpact": "HIGH","baseSeverity": "HIGH","exploitabilityScore": "3.9","impactScore": "3.6","version": "3.1"},"cwes": ["CWE-1333"],"description": "The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.","notes": "","references": [ {"source": "report@snyk.io","url": "https:\/\/snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSNPM-2772737","name": "EXPLOIT,THIRD_PARTY_ADVISORY"}, {"source": "info","url": "https:\/\/github.com\/advisories\/GHSA-m2h2-264f-f486","name": "https:\/\/github.com\/advisories\/GHSA-m2h2-264f-f486"}, {"source": "report@snyk.io","url": "https:\/\/snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWER-2772736","name": "EXPLOIT,THIRD_PARTY_ADVISORY"}, {"source": "report@snyk.io","url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO\/"}, {"source": "report@snyk.io","url": "https:\/\/snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738","name": "EXPLOIT,THIRD_PARTY_ADVISORY"}, {"source": "report@snyk.io","url": "https:\/\/snyk.io\/vuln\/SNYK-JS-ANGULAR-2772735","name": "EXPLOIT,THIRD_PARTY_ADVISORY"}, {"source": "report@snyk.io","url": "https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3\/"}, {"source": "report@snyk.io","url": "https:\/\/stackblitz.com\/edit\/angularjs-material-blank-zvtdvb","name": "EXPLOIT,THIRD_PARTY_ADVISORY"}, {"source": "report@snyk.io","url": "https:\/\/security.netapp.com\/advisory\/ntap-20220629-0009\/","name": "THIRD_PARTY_ADVISORY"}],"vulnerableSoftware": [ {"software": { "id":"cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.7.0"}}, {"software": { "id":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*"}}]}, {"source": "NVD","name": "CVE-2024-21490","severity" : "HIGH","cvssv3": {"baseScore": 7.5 ,"attackVector": "NETWORK","attackComplexity": "LOW","privilegesRequired": "NONE","userInteraction": "NONE","scope": "UNCHANGED","confidentialityImpact": "NONE","integrityImpact": "NONE","availabilityImpact": "HIGH","baseSeverity": "HIGH","exploitabilityScore": "3.9","impactScore": "3.6","version": "3.1"},"cwes": ["CWE-1333"],"description": "This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \r\r\r**Note:**\r\rThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular\/core](https:\/\/www.npmjs.com\/package\/@angular\/core).","notes": "","references": [ {"source": "report@snyk.io","url": "https:\/\/stackblitz.com\/edit\/angularjs-vulnerability-ng-srcset-redos","name": "EXPLOIT,THIRD_PARTY_ADVISORY"}, {"source": "info","url": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21490","name": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21490"}, {"source": "report@snyk.io","url": "https:\/\/security.snyk.io\/vuln\/SNYK-JS-ANGULAR-6091113","name": "THIRD_PARTY_ADVISORY"}, {"source": "info","url": "https:\/\/github.com\/advisories\/GHSA-4w4v-5hc9-xrr2","name": "https:\/\/github.com\/advisories\/GHSA-4w4v-5hc9-xrr2"}, {"source": "info","url": "https:\/\/github.com\/angular\/angular.js","name": "https:\/\/github.com\/angular\/angular.js"}, {"source": "info","url": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWER-6241746","name": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWER-6241746"}, {"source": "info","url": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSNPM-6241747","name": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSNPM-6241747"}, {"source": "report@snyk.io","url": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSNPM-6241747"}, {"source": "info","url": "https:\/\/stackblitz.com\/edit\/angularjs-vulnerability-ng-srcset-redos","name": "https:\/\/stackblitz.com\/edit\/angularjs-vulnerability-ng-srcset-redos"}, {"source": "report@snyk.io","url": "https:\/\/support.herodevs.com\/hc\/en-us\/articles\/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS"}, {"source": "info","url": "https:\/\/security.snyk.io\/vuln\/SNYK-JS-ANGULAR-6091113","name": "https:\/\/security.snyk.io\/vuln\/SNYK-JS-ANGULAR-6091113"}, {"source": "report@snyk.io","url": "https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSBOWER-6241746"}],"vulnerableSoftware": [ {"software": { "id":"cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.3.0"}}]}, {"source": "NVD","name": "CVE-2022-25869","severity" : "MEDIUM","cvssv3": {"baseScore": 6.1 ,"attackVector": "NETWORK","attackComplexity": "LOW","privilegesRequired": "NONE","userInteraction": "REQUIRED","scope": "CHANGED","confidentialityImpact": "LOW","integrityImpact": "LOW","availabilityImpact": "NONE","baseSeverity": "MEDIUM","exploitabilityScore": "2.8","impactScore": "2.7","version": "3.1"},"cwes": ["CWE-79"],"description": "All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of