Merge pull request #101 from advanced-security/dep-update

Update and Vendor Dependencies

Pipfile

@@ -5,7 +5,7 @@ verify_ssl = true
 
 [packages]
 pyyaml = "*"
-ghastoolkit = "==0.11.3"
+ghastoolkit = "==0.11.9"
 semantic-version = "*"
 
 [dev-packages]

vendor/bin/normalizer

@@ -1,4 +1,4 @@
-#!/usr/local/python/3.10.13/bin/python
+#!/home/codespace/.local/share/virtualenvs/policy-as-code-tZI3uR7_/bin/python
 # -*- coding: utf-8 -*-
 import re
 import sys

vendor/certifi/__init__.py

@@ -1,4 +1,4 @@
 from .core import contents, where
 
 __all__ = ["contents", "where"]
-__version__ = "2023.11.17"
+__version__ = "2024.02.02"

vendor/certifi/cacert.pem

@@ -245,34 +245,6 @@ mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
 4SVhM7JZG+Ju1zdXtg2pEto=
 -----END CERTIFICATE-----
 
-# Issuer: O=SECOM Trust.net OU=Security Communication RootCA1
-# Subject: O=SECOM Trust.net OU=Security Communication RootCA1
-# Label: "Security Communication Root CA"
-# Serial: 0
-# MD5 Fingerprint: f1:bc:63:6a:54:e0:b5:27:f5:cd:e7:1a:e3:4d:6e:4a
-# SHA1 Fingerprint: 36:b1:2b:49:f9:81:9e:d7:4c:9e:bc:38:0f:c6:56:8f:5d:ac:b2:f7
-# SHA256 Fingerprint: e7:5e:72:ed:9f:56:0e:ec:6e:b4:80:00:73:a4:3f:c3:ad:19:19:5a:39:22:82:01:78:95:97:4a:99:02:6b:6c
------BEGIN CERTIFICATE-----
-MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
-MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
-dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
-WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
-VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
-9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
-DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
-Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
-QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
-xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
-A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
-kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
-Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
-Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
-JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
-RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
------END CERTIFICATE-----
-
 # Issuer: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com
 # Subject: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com
 # Label: "XRamp Global CA Root"
@@ -4776,3 +4748,67 @@ lklyALKrdVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670
 v64fG9PiO/yzcnMcmyiQiRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17O
 rg3bhzjlP1v9mxnhMUF6cKojawHhRUzNlM47ni3niAIi9G7oyOzWPPO5std3eqx7
 -----END CERTIFICATE-----
+
+# Issuer: CN=Telekom Security TLS ECC Root 2020 O=Deutsche Telekom Security GmbH
+# Subject: CN=Telekom Security TLS ECC Root 2020 O=Deutsche Telekom Security GmbH
+# Label: "Telekom Security TLS ECC Root 2020"
+# Serial: 72082518505882327255703894282316633856
+# MD5 Fingerprint: c1:ab:fe:6a:10:2c:03:8d:bc:1c:22:32:c0:85:a7:fd
+# SHA1 Fingerprint: c0:f8:96:c5:a9:3b:01:06:21:07:da:18:42:48:bc:e9:9d:88:d5:ec
+# SHA256 Fingerprint: 57:8a:f4:de:d0:85:3f:4e:59:98:db:4a:ea:f9:cb:ea:8d:94:5f:60:b6:20:a3:8d:1a:3c:13:b2:bc:7b:a8:e1
+-----BEGIN CERTIFICATE-----
+MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw
+CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH
+bWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw
+MB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIzNTk1OVowYzELMAkGA1UEBhMCREUx
+JzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkGA1UE
+AwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/O
+tdKPD/M12kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDP
+f8iAC8GXs7s1J8nCG6NCMEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6f
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
+MGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZMo7k+5Dck2TOrbRBR2Di
+z6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn
+27iQ7t0l
+-----END CERTIFICATE-----
+
+# Issuer: CN=Telekom Security TLS RSA Root 2023 O=Deutsche Telekom Security GmbH
+# Subject: CN=Telekom Security TLS RSA Root 2023 O=Deutsche Telekom Security GmbH
+# Label: "Telekom Security TLS RSA Root 2023"
+# Serial: 44676229530606711399881795178081572759
+# MD5 Fingerprint: bf:5b:eb:54:40:cd:48:71:c4:20:8d:7d:de:0a:42:f2
+# SHA1 Fingerprint: 54:d3:ac:b3:bd:57:56:f6:85:9d:ce:e5:c3:21:e2:d4:ad:83:d0:93
+# SHA256 Fingerprint: ef:c6:5c:ad:bb:59:ad:b6:ef:e8:4d:a2:23:11:b3:56:24:b7:1b:3b:1e:a0:da:8b:66:55:17:4e:c8:97:86:46
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj
+MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0
+eSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy
+MDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMyNzIzNTk1OVowYzELMAkGA1UEBhMC
+REUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkG
+A1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9
+cUD/h3VCKSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHV
+cp6R+SPWcHu79ZvB7JPPGeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMA
+U6DksquDOFczJZSfvkgdmOGjup5czQRxUX11eKvzWarE4GC+j4NSuHUaQTXtvPM6
+Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWol8hHD/BeEIvnHRz+sTug
+BTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9FIS3R/qy
+8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73J
+co4vzLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg
+8qKrBC7m8kwOFjQgrIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8
+rFEz0ciD0cmfHdRHNCk+y7AO+oMLKFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12
+mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7SWWO/gLCMk3PLNaaZlSJhZQNg
++y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtqeX
+gj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2
+p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQ
+pGv7qHBFfLp+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm
+9S3ul0A8Yute1hTWjOKWi0FpkzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErw
+M807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy/SKE8YXJN3nptT+/XOR0so8RYgDd
+GGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4mZqTuXNnQkYRIer+
+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtzaL1t
+xKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+
+w6jv/naaoqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aK
+L4x35bcF7DvB7L6Gs4a8wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+lj
+X273CXE2whJdV/LItM3z7gLfEdxquVeEHVlNjM7IDiPCtyaaEBRx/pOyiriA8A4Q
+ntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0o82bNSQ3+pCTE4FCxpgm
+dTdmQRCsu/WU48IxK63nI1bMNSWSs1A=
+-----END CERTIFICATE-----

vendor/certifi/core.py

@@ -5,6 +5,10 @@
 This module returns the installation location of cacert.pem or its contents.
 """
 import sys
+import atexit
+
+def exit_cacert_ctx() -> None:
+    _CACERT_CTX.__exit__(None, None, None)  # type: ignore[union-attr]
 
 
 if sys.version_info >= (3, 11):
@@ -35,6 +39,7 @@ def where() -> str:
             # we will also store that at the global level as well.
             _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem"))
             _CACERT_PATH = str(_CACERT_CTX.__enter__())
+            atexit.register(exit_cacert_ctx)
 
         return _CACERT_PATH
 
@@ -70,6 +75,7 @@ def where() -> str:
             # we will also store that at the global level as well.
             _CACERT_CTX = get_path("certifi", "cacert.pem")
             _CACERT_PATH = str(_CACERT_CTX.__enter__())
+            atexit.register(exit_cacert_ctx)
 
         return _CACERT_PATH
 

vendor/ghastoolkit/__init__.py

@@ -1,8 +1,9 @@
 """GitHub Advanced Security Toolkit."""
+
 __name__ = "ghastoolkit"
 __title__ = "GHAS Toolkit"
 
-__version__ = "0.11.3"
+__version__ = "0.11.9"
 
 __description__ = "GitHub Advanced Security Python Toolkit"
 __summary__ = """\

vendor/ghastoolkit/codeql/__main__.py

@@ -1,4 +1,5 @@
 """CodeQL CLI for ghastoolkit."""
+
 import logging
 from argparse import Namespace
 from ghastoolkit.codeql.cli import CodeQL

vendor/ghastoolkit/codeql/cli.py

@@ -1,4 +1,5 @@
 """This is the CodeQL CLI Module."""
+
 import os
 import csv
 import json

vendor/ghastoolkit/codeql/packs/__main__.py

@@ -1,4 +1,5 @@
 """GitHub CodeQL Packs CLI."""
+
 import os
 import logging
 from argparse import Namespace

vendor/ghastoolkit/codeql/results.py

@@ -1,4 +1,5 @@
 """CodeQL Results."""
+
 from dataclasses import dataclass, field
 from typing import Optional
 

vendor/ghastoolkit/octokit/advisories.py

@@ -1,4 +1,5 @@
 """GitHub Security Advisories API."""
+
 from typing import Dict, Optional
 from ghastoolkit.octokit.github import GitHub, Repository
 from ghastoolkit.octokit.octokit import RestRequest

vendor/ghastoolkit/octokit/codescanning.py

@@ -1,4 +1,5 @@
 """GitHub Code Scanning API Module."""
+
 from dataclasses import dataclass
 import json
 import logging

vendor/ghastoolkit/octokit/dependabot.py

@@ -1,4 +1,5 @@
 """Dependabot API."""
+
 import logging
 from typing import Optional
 

vendor/ghastoolkit/octokit/dependencygraph.py

@@ -1,4 +1,5 @@
 """Dependency Graph Octokit."""
+
 import logging
 from typing import Any, Dict
 import urllib.parse

vendor/ghastoolkit/octokit/github.py

@@ -1,4 +1,5 @@
 """GitHub and Repository APIs."""
+
 import logging
 import os
 from typing import Dict, Optional, Tuple
@@ -21,6 +22,13 @@ class GitHub:
 
     repository: Repository = Repository("GeekMasher", "ghastoolkit")
     """Repository"""
+
+    owner: Optional[str] = None
+    """Owner / Organisation"""
+
+    enterprise: Optional[str] = None
+    """Enterprise Name"""
+
     token: Optional[str] = None
     """GitHub Access Token"""
 
@@ -32,8 +40,8 @@ class GitHub:
     api_graphql: str = "https://api.github.com/graphql"
     """GraphQL API URL"""
 
-    enterprise: Optional[str] = None
     server_version: Optional[Version] = None
+    """GitHub Enterprise Server Version"""
 
     github_app: bool = False
     """GitHub App setting"""
@@ -51,10 +59,14 @@ def init(
         retrieve_metadata: bool = True,
     ) -> None:
         """Initialise a GitHub class using a number of properties."""
-        if repository:
+        if repository and "/" in repository:
             GitHub.repository = Repository.parseRepository(repository)
+            GitHub.owner = GitHub.repository.owner
+        elif repository or owner:
+            GitHub.owner = owner or repository
         elif owner and repo:
             GitHub.repository = Repository(owner, repo)
+            GitHub.owner = owner
 
         if GitHub.repository:
             if reference:
@@ -106,6 +118,11 @@ def display() -> str:
         """Display the GitHub Settings."""
         return f"GitHub('{GitHub.repository.display()}', '{GitHub.instance}')"
 
+    @staticmethod
+    def getOrganization() -> str:
+        """Get the Organization."""
+        return GitHub.owner or GitHub.repository.owner
+
     @staticmethod
     def getMetaInformation() -> Dict:
         """Get the GitHub Meta Information."""

vendor/ghastoolkit/octokit/repository.py

@@ -1,6 +1,7 @@
-import logging
 import os
+import re
 import shutil
+import logging
 import tempfile
 import subprocess
 from dataclasses import dataclass
@@ -25,6 +26,9 @@ class Repository:
     branch: Optional[str] = None
     """Branch / Tab name"""
 
+    path: Optional[str] = None
+    """Path inside the repository"""
+
     __prinfo__: Optional[dict] = None
 
     sha: Optional[str] = None
@@ -231,12 +235,33 @@ def display(self) -> str:
 
     @staticmethod
     def parseRepository(name: str) -> "Repository":
-        """Parse the repository name."""
+        """Parse the repository name into a Repository object.
+
+        Samples:
+            - owner/repo
+            - owner/repo@branch
+            - owner/repo:relative/path/in/repo
+            - owner/repo/relative/path/in/repo
+            - owner/repo:relative/path/in/repo@branch
+        """
         ref = None
         branch = None
+        path = None
+
+        # validate the repository name
+        regex = re.compile(
+            r"^[a-zA-Z0-9-_\.]+/[a-zA-Z0-9-_\.]+((:|/)[a-zA-Z0-9-_/\.]+)?(@[a-zA-Z0-9-_/]+)?$"
+        )
+        if not regex.match(name):
+            raise SyntaxError(f"Invalid repository name: '{name}'")
+
         if "@" in name:
             name, branch = name.split("@", 1)
             ref = f"refs/heads/{branch}"
-
-        owner, repo = name.split("/", 1)
-        return Repository(owner, repo, reference=ref, branch=branch)
+        if ":" in name:
+            name, path = name.split(":", 1)
+        if name.count("/") > 1:
+            owner, repo, path = name.split("/", 2)
+        else:
+            owner, repo = name.split("/", 1)
+        return Repository(owner, repo, reference=ref, branch=branch, path=path)

vendor/ghastoolkit/secretscanning/secretalerts.py

@@ -33,7 +33,7 @@ def commit_sha(self) -> Optional[str]:
         if self._sha is None:
             for loc in self.locations:
                 if loc.get("type") == "commit":
-                    self._sha = loc.get("details", {}).get("blob_sha")
+                    self._sha = loc.get("details", {}).get("commit_sha")
                     break
         return self._sha
 

vendor/ghastoolkit/supplychain/__main__.py

@@ -1,4 +1,5 @@
 """Supply Chain Toolkit CLI."""
+
 from argparse import Namespace
 import logging
 
@@ -54,18 +55,17 @@ def runOrgAudit(arguments):
 
 
 class SupplyChainCLI(CommandLine):
-    def set_modes(self):
-        """Return a list of supplychain modes."""
-        self.modes.extend(["org-audit"])
-
     def arguments(self):
         """CLI for Supply Chain Toolkit."""
-        parser = self.parser.add_argument_group("supplychain")
-        parser.add_argument(
-            "--licenses",
-            default="GPL-*,AGPL-*,LGPL-*",
-            help="License(s) to check for (default: 'GPL-*,AGPL-*,LGPL-*')",
-        )
+        if self.subparser:
+            self.addModes(["org-audit"])
+
+            parser = self.parser.add_argument_group("supplychain")
+            parser.add_argument(
+                "--licenses",
+                default="GPL-*,AGPL-*,LGPL-*",
+                help="License(s) to check for (default: 'GPL-*,AGPL-*,LGPL-*')",
+            )
 
     def run(self, arguments: Namespace):
         """Run Supply Chain Toolkit."""

vendor/ghastoolkit/supplychain/dependencies.py

@@ -105,6 +105,9 @@ def __str__(self) -> str:
     def __repr__(self) -> str:
         return self.getPurl()
 
+    def __hash__(self) -> int:
+        return hash(self.getPurl())
+
 
 class Dependencies(list[Dependency]):
     """List of Dependencies."""

vendor/ghastoolkit/utils/cli.py

@@ -105,9 +105,11 @@ def default_logger(self):
         """Setup default logger."""
         arguments = self.parse_args()
         logging.basicConfig(
-            level=logging.DEBUG
-            if arguments.debug or os.environ.get("DEBUG")
-            else logging.INFO,
+            level=(
+                logging.DEBUG
+                if arguments.debug or os.environ.get("DEBUG")
+                else logging.INFO
+            ),
             format="%(message)s",
         )