Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

platform(sca): Run package scan using API #3812

Merged
merged 30 commits into from
Nov 8, 2022
Merged
Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions checkov/sca_package_2/runner.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,13 @@ def prepare_and_scan(
logging.info("The --bc-api-key flag needs to be set to run SCA package scanning")
return None

logging.info("SCA package scanning searching for scannable files")

self._code_repo_path = Path(root_folder) if root_folder else None

excluded_paths = {*ignored_directories}
if runner_filter.excluded_paths:
excluded_paths.update(runner_filter.excluded_paths)

if not self.upload_scannable_files(
if not self.upload_package_files(
root_path=self._code_repo_path,
files=files,
excluded_paths=excluded_paths,
Expand Down Expand Up @@ -119,14 +117,15 @@ def run(

return report

def upload_scannable_files(
def upload_package_files(
self,
root_path: Path | None,
files: list[str] | None,
excluded_paths: set[str],
excluded_file_names: set[str] | None = None,
) -> List[FileToPersist]:
""" upload scannable files to s3"""
""" upload package files to s3"""
logging.info("SCA package scanning upload for package files")
excluded_file_names = excluded_file_names or set()
package_files_to_persist: List[FileToPersist] = []
if root_path:
Expand Down
33 changes: 31 additions & 2 deletions checkov/sca_package_2/scanner.py
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
from __future__ import annotations

import logging
import os
from collections.abc import Sequence
from pathlib import Path
from typing import Any

from checkov.common.util.http_utils import request_wrapper

from checkov.common.bridgecrew.platform_integration import bc_integration

from checkov.common.util.tqdm_utils import ProgressBar
Expand All @@ -24,10 +28,35 @@ def __init__(self, pbar: ProgressBar | None = None, root_folder: str | Path | No

def scan(self) -> Sequence[dict[str, Any]]:
"""run SCA package scan and poll scan results"""
pass
self.run_scan()
return []

def run_scan(self) -> dict[str, Any]:
pass
logging.info("Start to scan package files.")

request_body = {
"branch": "",
"commit": "",
"path": os.path.join(bc_integration.repo_path, '') if bc_integration.repo_path else "",
gruebel marked this conversation as resolved.
Show resolved Hide resolved
"repoId": bc_integration.repo_id,
"id": bc_integration.timestamp,
"repositoryId": ""
}

response = request_wrapper(
"POST", f"{self._base_url}/api/v1/vulnerabilities/cli/scan",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you move f"{self._base_url}/api/v1/vulnerabilities/cli/scan" to the __init__ then it can be used for the polling to0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure

headers=bc_integration.get_default_headers("POST"),
json=request_body,
should_call_raise_for_status=True
)

response_json = response.json()

if not response_json["startedSuccessfully"]:
logging.info("Failed to run package scanning.")
return dict()

return self.poll_scan_result()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the polling should be under def scan(), just return the id here so, it can be used by poll_scan_result()


def poll_scan_result(self) -> dict[str, Any]:
pass
Empty file added tests/sca_package_2/__init__.py
Empty file.
60 changes: 60 additions & 0 deletions tests/sca_package_2/examples/go.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
module github.com/gruebel/checkov

require (
github.com/abbot/go-http-auth v0.4.0
github.com/aryszka/jobqueue v0.0.2
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cjoudrey/gluahttp v0.0.0-20190104103309-101c19a37344
github.com/cjoudrey/gluaurl v0.0.0-20161028222611-31cbb9bef199
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
github.com/coreos/go-oidc v2.0.0+incompatible
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/dimfeld/httppath v0.0.0-20170720192232-ee938bf73598
github.com/felixge/httpsnoop v1.0.0 // indirect
github.com/ghodss/yaml v1.0.0
github.com/go-redis/redis/v8 v8.3.3
github.com/google/go-cmp v0.5.2
github.com/hashicorp/memberlist v0.1.4
github.com/instana/go-sensor v1.4.16
github.com/lightstep/lightstep-tracer-go v0.24.1-0.20210318180546-a67254760a58
github.com/looplab/fsm v0.1.0 // indirect
github.com/miekg/dns v1.1.41 // indirect
github.com/oklog/ulid v1.3.1
github.com/opentracing/basictracer-go v1.0.0
github.com/opentracing/opentracing-go v1.1.0
github.com/pkg/errors v0.8.1
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
github.com/prometheus/client_golang v1.0.0
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a
github.com/sanity-io/litter v1.1.0
github.com/sarslanhan/cronmask v0.0.0-20190709075623-766eca24d011
github.com/shirou/gopsutil v3.21.2+incompatible // indirect
github.com/sirupsen/logrus v1.4.2
github.com/sony/gobreaker v0.4.1
github.com/stretchr/testify v1.6.1
github.com/szuecs/rate-limit-buffer v0.7.1
github.com/szuecs/routegroup-client v0.17.7
github.com/tidwall/gjson v1.7.4
github.com/tklauser/go-sysconf v0.3.5 // indirect
github.com/uber-go/atomic v1.4.0 // indirect
github.com/uber/jaeger-client-go v2.16.0+incompatible
github.com/uber/jaeger-lib v2.0.0+incompatible
github.com/yookoala/gofast v0.6.0
github.com/yuin/gopher-lua v0.0.0-20200603152657-dc2b0ca8b37e
go.uber.org/atomic v1.4.0 // indirect
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
golang.org/x/net v0.0.0-20210415231046-e915ea6b2b7d
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/sys v0.0.0-20210415045647-66c3f260301c // indirect
golang.org/x/tools v0.1.0 // indirect
google.golang.org/grpc v1.22.0 // indirect
gopkg.in/alecthomas/kingpin.v2 v2.2.6
gopkg.in/square/go-jose.v2 v2.3.1
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.18.6
k8s.io/apimachinery v0.18.6
layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427
)

go 1.13
Loading