diff --git a/README.md b/README.md index 740f693..fa84253 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,9 @@ The following methods call Veracode REST APIs and return JSON. - `add_annotation(app,issue_list,comment,action,sandbox(opt))`: add an annotation (comment, mitigation proposal/acceptance/rejection) to the findings in `issue_list` for `app` (guid) (or optionally `sandbox` (guid)). Note that you must have the Mitigation Approver role (regular user) to use the ACCEPTED or REJECTED action, or the Mitigation and Comments API role for an API service account to use this call. - `issue_list`: must be passed as a Python list of `issue_id`s - `action`: must be one of COMMENT, POTENTIAL_FALSE_POSITIVE, APP_BY_DESIGN, OS_ENV, NET_ENV, LIBRARY, ACCEPT_RISK, ACCEPTED, REJECTED -- `match_findings(origin_finding,potential_matches,approved_findings_only(opt))`: return a matching finding from `potential_matches` for the `origin_finding`, based on the finding type. +- `match_findings(origin_finding,potential_matches,approved_findings_only(opt),allow_fuzzy_match(opt))`: return a matching finding from `potential_matches` for the `origin_finding`, based on the finding type. + - `approved_findings_only`: limits matches to findings with approved mitigations. + - `allow_fuzzy_match`: look for matches within a range of source lines around the origin finding. This allows for code movement but can result in flaws being mismatched; use sparingly. #### Collections diff --git a/requirements.txt b/requirements.txt index 69af007..fdc5b3e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ requests>=2.24.0 veracode-api-signing>=19.9.0 -urllib3 == 1.26.5 -Pygments == 2.7.4 \ No newline at end of file +urllib3 == 1.26.6 +Pygments == 2.9.0 \ No newline at end of file diff --git a/setup.py b/setup.py index a167b07..4dafb36 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name = 'veracode_api_py', packages = ['veracode_api_py'], - version = '0.9.17', + version = '0.9.18', license='MIT', description = 'Python helper library for working with the Veracode APIs. Handles retries, pagination, and other features of the modern Veracode REST APIs.', author = 'Tim Jarrett', diff --git a/veracode_api_py/findings.py b/veracode_api_py/findings.py index 75050eb..91bd532 100644 --- a/veracode_api_py/findings.py +++ b/veracode_api_py/findings.py @@ -55,7 +55,7 @@ def add_annotation(self,app,issue_list,comment,action,sandbox=None): payload = json.dumps(annotation_def) return APIHelper()._rest_request(uri,"POST",body=payload,params=params) - def match(self,origin_finding,potential_matches,approved_matches_only=True): + def match(self,origin_finding,potential_matches,approved_matches_only=True,allow_fuzzy_match=False): # match a finding against an array of potential matches match = None @@ -68,7 +68,7 @@ def match(self,origin_finding,potential_matches,approved_matches_only=True): pm = self._create_match_format_policy(policy_findings=potential_matches,finding_type=scan_type) if scan_type == 'STATIC': - match = self._match_static (of[0], pm) + match = self._match_static (of[0], pm, allow_fuzzy_match) elif scan_type == 'DYNAMIC': match = self._match_dynamic (of[0], pm) return match @@ -93,7 +93,7 @@ def format_file_path(self,file_path): return formatted_file_path - def _match_static(self,origin_finding,potential_matches): + def _match_static(self,origin_finding,potential_matches,allow_fuzzy_match=False): match = None if origin_finding['source_file'] not in ('', None): #attempt precise match first @@ -101,7 +101,7 @@ def _match_static(self,origin_finding,potential_matches): (origin_finding['source_file'].find(pf['source_file']) > -1 ) & (origin_finding['line'] == pf['line'] ))), None) - if match is None: + if match is None and allow_fuzzy_match: #then fall to fuzzy match match = next((pf for pf in potential_matches if ((origin_finding['cwe'] == int(pf['cwe'])) & (origin_finding['source_file'].find(pf['source_file']) > -1 ) &