Merge pull request #230 from bancolombia/feature/report_sonar

feat(report_sonar): send sonar findings to vulnerability manager
bancolombia · Nov 7, 2024 · c7f8823 · c7f8823
2 parents 4255dd3 + 0fe8380
commit c7f8823
Show file tree

Hide file tree

Showing 39 changed files with 1,049 additions and 6 deletions.
diff --git a/example_remote_config_local/engine_core/ConfigTool.json b/example_remote_config_local/engine_core/ConfigTool.json
@@ -48,5 +48,8 @@
     "ENGINE_CODE": {
         "ENABLED": "true",
         "TOOL": "BEARER"
+    },
+    "REPORT_SONAR": {
+        "ENABLED": "true"
     }
 }
diff --git a/example_remote_config_local/report_sonar/ConfigTool.json b/example_remote_config_local/report_sonar/ConfigTool.json
@@ -0,0 +1,11 @@
+{
+    "PIPELINE_COMPONENTS": {
+        "EXAMPLE_MULTICOMPONENT_PIPELINE": [
+            "component1",
+            "component2",
+            "component3",
+            "component4",
+            "component5"
+        ]
+    }
+}
diff --git a/...ops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py b/...ops_engine_tools/engine_core/src/domain/model/gateway/vulnerability_management_gateway.py
@@ -1,7 +1,7 @@
 from abc import ABCMeta, abstractmethod
 
 from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import VulnerabilityManagement
-
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import DevopsPlatformGateway
 
 class VulnerabilityManagementGateway(metaclass=ABCMeta):
     @abstractmethod

diff --git a/tools/devsecops_engine_tools/engine_core/src/domain/model/report.py b/tools/devsecops_engine_tools/engine_core/src/domain/model/report.py
@@ -31,4 +31,6 @@ def __init__(self, **kwargs):
         self.component_name = kwargs.get("component_name", "")
         self.component_version = kwargs.get("component_version", "")
         self.file_path = kwargs.get("file_path", "")
-        self.endpoints = kwargs.get("endpoints", "")
+        self.endpoints = kwargs.get("endpoints", "")
+        self.unique_id_from_tool = kwargs.get("unique_id_from_tool", "")
+        self.out_of_scope = kwargs.get("out_of_scope", "")
diff --git a/...ps_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py b/...ps_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py
@@ -5,6 +5,9 @@
 from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import (
     VulnerabilityManagement,
 )
+from devsecops_engine_tools.engine_core.src.domain.model.gateway.devops_platform_gateway import (
+    DevopsPlatformGateway
+)
 from devsecops_engine_tools.engine_utilities.defect_dojo import (
     DefectDojo,
     ImportScanRequest,
@@ -67,7 +70,8 @@ def send_vulnerability_management(
                 "KUBESCAPE": "Kubescape Scanner",
                 "KICS": "KICS Scanner",
                 "BEARER": "Bearer CLI",
-                "DEPENDENCY_CHECK": "Dependency Check Scan"
+                "DEPENDENCY_CHECK": "Dependency Check Scan",
+                "SONARQUBE": "SonarQube API Import"
             }
 
             if any(
@@ -426,6 +430,8 @@ def _create_report(self, finding):
             risk_accepted=finding.risk_accepted,
             false_p=finding.false_p,
             service=finding.service,
+            unique_id_from_tool=finding.unique_id_from_tool,
+            out_of_scope=finding.out_of_scope
         )
 
     def _format_date_to_dd_format(self, date_string):

diff --git a/...ine_tools/engine_core/test/infrastructure/driven_adapters/defect_dojo/test_defect_dojo.py b/...ine_tools/engine_core/test/infrastructure/driven_adapters/defect_dojo/test_defect_dojo.py
@@ -8,7 +8,9 @@
 from devsecops_engine_tools.engine_core.src.domain.model.vulnerability_management import (
     VulnerabilityManagement,
 )
-
+from devsecops_engine_tools.engine_utilities.defect_dojo.domain.request_objects.import_scan import (
+    ImportScanRequest
+)
 
 class TestDefectDojoPlatform(unittest.TestCase):
     def setUp(self):

diff --git a/tools/devsecops_engine_tools/engine_utilities/sonarqube/__init__.py b/tools/devsecops_engine_tools/engine_utilities/sonarqube/__init__.py
diff --git a/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/__init__.py b/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/__init__.py
diff --git a/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/applications/__init__.py b/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/applications/__init__.py
diff --git a/...devsecops_engine_tools/engine_utilities/sonarqube/src/applications/runner_report_sonar.py b/...devsecops_engine_tools/engine_utilities/sonarqube/src/applications/runner_report_sonar.py
@@ -0,0 +1,110 @@
+from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.secrets_manager import (
+    SecretsManager
+)
+from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.azure.azure_devops import (
+    AzureDevops
+)
+from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.defect_dojo.defect_dojo import (
+    DefectDojoPlatform
+)
+from devsecops_engine_tools.engine_utilities.sonarqube.src.infrastructure.driven_adapters.sonarqube.sonarqube_report import(
+    SonarAdapter
+)
+from devsecops_engine_tools.engine_core.src.infrastructure.driven_adapters.aws.s3_manager import (
+    S3Manager,
+)
+from devsecops_engine_tools.engine_utilities.sonarqube.src.infrastructure.entry_points.entry_point_report_sonar import (
+    init_report_sonar
+)
+import sys
+import argparse
+from devsecops_engine_tools.engine_utilities.utils.logger_info import MyLogger
+from devsecops_engine_tools.engine_utilities import settings
+
+logger = MyLogger.__call__(**settings.SETTING_LOGGER).get_logger()
+
+def get_inputs_from_cli(args):
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "-rcf",
+        "--remote_config_repo",
+        type=str,
+        required=True,
+        help="Name of Config Repo",
+    )
+    parser.add_argument(
+        "--use_secrets_manager",
+        choices=["true", "false"],
+        type=str,
+        required=True,
+        help="Use Secrets Manager to get the tokens",
+    )
+    parser.add_argument(
+        "--send_metrics",
+        choices=["true", "false"],
+        type=str,
+        required=False,
+        help="Enable or Disable the send metrics to the driven adapter metrics",
+    )
+    parser.add_argument(
+        "--sonar_url",
+        required=False,
+        help="Url to access sonar API",
+    )
+    parser.add_argument(
+        "--token_cmdb", 
+        required=False, 
+        help="Token to connect to the CMDB"
+    )
+    parser.add_argument(
+        "--token_vulnerability_management",
+        required=False,
+        help="Token to connect to the Vulnerability Management",
+    )
+    parser.add_argument(
+        "--token_sonar",
+        required=False,
+        help="Token to access sonar server",
+    )
+
+    args = parser.parse_args()
+    return {
+        "remote_config_repo": args.remote_config_repo,
+        "use_secrets_manager": args.use_secrets_manager,
+        "send_metrics": args.send_metrics,
+        "sonar_url": args.sonar_url,
+        "token_cmdb": args.token_cmdb,
+        "token_vulnerability_management": args.token_vulnerability_management,
+        "token_sonar": args.token_sonar,
+    }
+
+def runner_report_sonar():
+    try:
+        vulnerability_management_gateway = DefectDojoPlatform()
+        secrets_manager_gateway = SecretsManager()
+        devops_platform_gateway = AzureDevops()
+        sonar_gateway = SonarAdapter()
+        metrics_manager_gateway = S3Manager()
+        args = get_inputs_from_cli(sys.argv[1:])
+
+        init_report_sonar(
+            vulnerability_management_gateway=vulnerability_management_gateway,
+            secrets_manager_gateway=secrets_manager_gateway,
+            devops_platform_gateway=devops_platform_gateway,
+            sonar_gateway=sonar_gateway,
+            metrics_manager_gateway=metrics_manager_gateway,
+            args=args,
+        )
+
+    except Exception as e:
+        logger.error("Error report_sonar: {0} ".format(str(e)))
+        print(
+            devops_platform_gateway.message(
+                "error", "Error report_sonar: {0} ".format(str(e))
+            )
+        )
+        print(devops_platform_gateway.result_pipeline("failed"))
+
+
+if __name__ == "__main__":
+    runner_report_sonar()
diff --git a/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/__init__.py b/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/__init__.py
diff --git a/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/__init__.py b/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/__init__.py
diff --git a/...s/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/gateways/__init__.py b/...s/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/model/gateways/__init__.py
diff --git a/...secops_engine_tools/engine_utilities/sonarqube/src/domain/model/gateways/sonar_gateway.py b/...secops_engine_tools/engine_utilities/sonarqube/src/domain/model/gateways/sonar_gateway.py
@@ -0,0 +1,63 @@
+from abc import (
+    ABCMeta,
+    abstractmethod
+)
+
+class SonarGateway(metaclass=ABCMeta):
+    @abstractmethod
+    def get_project_keys(
+        self,
+        pipeline_name: str
+    ):
+        "get sonar project keys"
+
+    @abstractmethod
+    def parse_project_key(
+        self,
+        file_path: str
+    ):
+        "find project key in metadata file"
+
+    @abstractmethod
+    def create_task_report_from_string(
+        self,
+        file_content: str
+    ):
+        "make dict from metadata file"
+
+    @abstractmethod
+    def filter_by_sonarqube_tag(
+        self,
+        findings: list
+    ):
+        "search for sonar findings"
+
+    @abstractmethod
+    def change_finding_status(
+        self,
+        sonar_url: str,
+        sonar_token: str,
+        endpoint: str,
+        data: dict,
+        finding_type: str
+    ):
+        "use API to change vulnerabilities state in sonar"
+
+    @abstractmethod
+    def get_findings(
+        self,
+        sonar_url: str,
+        sonar_token: str,
+        endpoint: str,
+        params: dict,
+        finding_type: str
+    ):
+        "use API to get project findings in sonar"
+
+    @abstractmethod
+    def search_finding_by_id(
+        self,
+        findings: list,
+        finding_id: str
+    ):
+        "search a finding by id"
diff --git a/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/usecases/__init__.py b/tools/devsecops_engine_tools/engine_utilities/sonarqube/src/domain/usecases/__init__.py