feat: #comment updated version string resolution, single source of tr…

…uth is now in pyproject.toml, set default ASH_OUTPUT_FORMAT value
awslabs · Jun 24, 2024 · 559dc32 · 559dc32
1 parent 6cfd934
commit 559dc32
Show file tree

Hide file tree

Showing 14 changed files with 51 additions and 18 deletions.
diff --git a/__version__ b/__version__
diff --git a/ash-multi b/ash-multi
@@ -279,7 +279,7 @@ run_security_check() {
 
 set -e
 START_TIME=$(date +%s)
-VERSION=$(cat "$(dirname "${BASH_SOURCE[0]}")"/"__version__")
+VERSION=v$(cat "$(dirname "${BASH_SOURCE[0]}")"/"pyproject.toml" | sed -n 's/^version = "\(.*\)"$/\1/p' | head -n 1)
 OCI_RUNNER="docker"
 
 # Overrides default OCI Runner used by ASH
@@ -618,7 +618,7 @@ then
   RESOLVED_OUTPUT_DIR=${ACTUAL_OUTPUT_DIR:-${OUTPUT_DIR}}
   echo -e "${GREEN}\nYour final report can be found here:${NC} ${RESOLVED_OUTPUT_DIR}/${AGGREGATED_RESULTS_REPORT_FILENAME}"
 
-  if [[ "${ASH_OUTPUT_FORMAT}" != "text" ]]; then
+  if [[ "${ASH_OUTPUT_FORMAT:-text}" != "text" ]]; then
     echo -e "${GREEN}Converting${NC} ${RESOLVED_OUTPUT_DIR}/${AGGREGATED_RESULTS_REPORT_FILENAME}${GREEN} to ASHARP JSON model${NC}"
     asharp --input "${RESOLVED_OUTPUT_DIR}/${AGGREGATED_RESULTS_REPORT_FILENAME}" --output "${RESOLVED_OUTPUT_DIR}/${AGGREGATED_RESULTS_REPORT_FILENAME}.json"
   fi

diff --git a/asharp/adapters/__init__.py b/asharp/adapters/__init__.py
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,15 +1,16 @@
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 [tool.poetry]
-name = "asharp"
-version = "0.1.0"
+name = "automated-security-helper"
+version = "1.4.0"
 description = ""
 authors = ["Nate Ferrell <[email protected]>"]
 license = "Apache-2.0"
 readme = "README.md"
+repository = "https://github.com/awslabs/automated-security-helper"
 
 [tool.poetry.scripts]
-asharp = 'asharp.asharp:main'
+asharp = 'automated_security_helper.asharp:main'
 
 [tool.poetry.dependencies]
 python = "^3.10"

diff --git a/src/README.md b/src/README.md
@@ -0,0 +1,9 @@
+# src/automated_security_helper
+
+This directory contains the Python package code for the automated_security_helper package.
+
+This package provides some Python-based functions for ASH and is intended to be the project
+location for any new Python development for ASH.
+
+This package uses Poetry to manage dependencies and packaging. To read more about Poetry,
+please see the [Poetry documentation](https://python-poetry.org/docs/).
diff --git a/src/automated_security_helper/__init__.py b/src/automated_security_helper/__init__.py
@@ -0,0 +1,6 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+import importlib.metadata
+
+__version__ = importlib.metadata.version('automated_security_helper')
diff --git a/asharp/__init__.py → ...ated_security_helper/adapters/__init__.py b/asharp/__init__.py → ...ated_security_helper/adapters/__init__.py
diff --git a/asharp/asharp.py → src/automated_security_helper/asharp.py b/asharp/asharp.py → src/automated_security_helper/asharp.py
@@ -5,14 +5,12 @@
 # asharp.py / Automated Security Helper - Aggregated Report Parser
 # A tool to parse, ingest, and output ASH aggregated reports.
 
-version = 'asharp.py/0.1.0'
-
 import datetime
 import regex as re
 import argparse
 import json
 from json import JSONEncoder
-#import jq
+from automated_security_helper import __version__
 
 # default filenames for input and output
 DEF_INFILE='aggregated_results.txt'
@@ -31,7 +29,7 @@
 
 # simply output version and exit
 if args.version:
-    print(version)
+    print(__version__)
     exit(0)
 
 # data parsing/collection from ASH aggregated report

diff --git a/src/automated_security_helper/models/__init__.py b/src/automated_security_helper/models/__init__.py
@@ -0,0 +1,2 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
diff --git a/src/automated_security_helper/models/asharp_model.py b/src/automated_security_helper/models/asharp_model.py
@@ -0,0 +1,18 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+from pydantic import BaseModel, Field
+from typing import Literal, Optional, List, Dict, Any, Union
+
+
+class ASHARPModel(BaseModel):
+
+    def to_json_schema(
+        self,
+        format: Literal["dict", "str"] = "dict",
+        *args,
+        **kwargs,
+    ) -> Dict[str, Any] | str:
+        if format == "dict":
+            return self.model_dump(*args, **kwargs)
+        return self.model_dump_json(*args, **kwargs)
diff --git a/utils/grype-docker-execute.sh b/utils/grype-docker-execute.sh
@@ -53,8 +53,8 @@ scan_paths=("${_ASH_SOURCE_DIR}" "${_ASH_OUTPUT_DIR}/work")
 GRYPE_ARGS="-f medium --exclude=**/*-converted.py --exclude=**/*_report_result.txt"
 SYFT_ARGS="--exclude=**/*-converted.py --exclude=**/*_report_result.txt"
 SEMGREP_ARGS="--legacy --error --config=auto --exclude=\"*-converted.py,*_report_result.txt\""
-debug_echo "[grype] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT}'"
-if [[ "${ASH_OUTPUT_FORMAT}" != "text" ]]; then
+debug_echo "[grype] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT:-text}'"
+if [[ "${ASH_OUTPUT_FORMAT:-text}" != "text" ]]; then
   debug_echo "[grype] Output format is not 'text', setting output format options to JSON to enable easy translation into desired output format"
   GRYPE_ARGS="-o json ${GRYPE_ARGS}"
   SYFT_ARGS="-o json ${SYFT_ARGS}"

diff --git a/utils/js-docker-execute.sh b/utils/js-docker-execute.sh
@@ -52,8 +52,8 @@ touch ${REPORT_PATH}
 scan_paths=("${_ASH_SOURCE_DIR}" "${_ASH_OUTPUT_DIR}/work")
 
 AUDIT_ARGS=""
-debug_echo "[js] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT}'"
-if [[ "${ASH_OUTPUT_FORMAT}" != "text" ]]; then
+debug_echo "[js] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT:-text}'"
+if [[ "${ASH_OUTPUT_FORMAT:-text}" != "text" ]]; then
   debug_echo "[js] Output format is not 'text', setting output format options to JSON to enable easy translation into desired output format"
   AUDIT_ARGS="--json ${AUDIT_ARGS}"
 fi

diff --git a/utils/py-docker-execute.sh b/utils/py-docker-execute.sh
@@ -58,8 +58,8 @@ echo "<<<<<< end identifyipynb output for Jupyter notebook conversion <<<<<<" >>
 scan_paths=("${_ASH_SOURCE_DIR}" "${_ASH_OUTPUT_DIR}/work")
 
 BANDIT_ARGS="--exclude=\"*venv/*\" --severity-level=all"
-debug_echo "[py] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT}'"
-if [[ "${ASH_OUTPUT_FORMAT}" != "text" ]]; then
+debug_echo "[py] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT:-text}'"
+if [[ "${ASH_OUTPUT_FORMAT:-text}" != "text" ]]; then
   debug_echo "[py] Output format is not 'text', setting output format options to JSON to enable easy translation into desired output format"
   BANDIT_ARGS="-f json ${BANDIT_ARGS}"
 fi

diff --git a/utils/yaml-docker-execute.sh b/utils/yaml-docker-execute.sh
@@ -66,8 +66,8 @@ scan_paths=("${_ASH_SOURCE_DIR}" "${_ASH_OUTPUT_DIR}/work")
 
 CHECKOV_ARGS=""
 CFNNAG_ARGS="--print-suppression --rule-directory ${_ASH_CFNRULES_LOCATION}"
-debug_echo "[yaml] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT}'"
-if [[ "${ASH_OUTPUT_FORMAT}" != "text" ]]; then
+debug_echo "[yaml] ASH_OUTPUT_FORMAT: '${ASH_OUTPUT_FORMAT:-text}'"
+if [[ "${ASH_OUTPUT_FORMAT:-text}" != "text" ]]; then
   debug_echo "[yaml] Output format is not 'text', setting output format options to JSON to enable easy translation into desired output format"
   CHECKOV_ARGS="--output=json"
   CFNNAG_ARGS="--output-format json ${CFNNAG_ARGS}"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
		# SPDX-License-Identifier: Apache-2.0