QGIS-Plugins-Website/qgis-app/plugins/security_utils.py at 0f7bc83727da8ac6f764811e5cf7dc51f9b585c5 · qgis/QGIS-Plugins-Website · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
"""
Utility functions for running security scans on plugin versions
"""

import logging

from plugins.models import PluginVersionSecurityScan
from plugins.security_scanner import PluginSecurityScanner

logger = logging.getLogger(__name__)


def run_security_scan(plugin_version):
    """
    Run security scan on a plugin version and save results

    Args:
        plugin_version: PluginVersion instance

    Returns:
        PluginVersionSecurityScan instance or None if scan fails
    """
    try:
        from django.utils import timezone

        # Get the package file path
        package_path = plugin_version.package.path

        # Initialize and run scanner
        scanner = PluginSecurityScanner(package_path)
        report = scanner.scan()

        # Create or update security scan record
        security_scan, created = PluginVersionSecurityScan.objects.update_or_create(
            plugin_version=plugin_version,
            defaults={
                "scanned_on": timezone.now(),
                "total_checks": report["summary"]["total_checks"],
                "passed_checks": report["summary"]["passed"],
                "warning_count": report["summary"]["warnings"],
                "critical_count": report["summary"]["critical"],
                "info_count": report["summary"]["info"],
                "files_scanned": report["summary"]["files_scanned"],
                "total_issues": report["summary"]["total_issues"],
                "scan_report": report,
            },
        )

        logger.info(
            f"Security scan {'created' if created else 'updated'} for "
            f"{plugin_version.plugin.package_name} v{plugin_version.version}"
        )

        return security_scan

    except Exception as e:
        logger.error(
            f"Error running security scan for {plugin_version.plugin.package_name} "
            f"v{plugin_version.version}: {str(e)}"
        )
        return None


def get_scan_badge_info(security_scan):
    """
    Get badge information for display based on scan results

    Args:
        security_scan: PluginVersionSecurityScan instance

    Returns:
        dict with badge information (color, text, icon)
    """
    if not security_scan:
        return {
            "color": "secondary",
            "text": "Not Scanned",
            "icon": "fa-question-circle",
            "class": "badge-secondary",
        }

    status = security_scan.overall_status

    badges = {
        "passed": {
            "color": "success",
            "text": f"✓ All Checks Passed ({security_scan.pass_rate}%)",
            "icon": "fa-check-circle",
            "class": "badge-success",
        },
        "info": {
            "color": "info",
            "text": f"{security_scan.info_count} Info Items",
            "icon": "fa-info-circle",
            "class": "badge-info",
        },
        "warning": {
            "color": "warning",
            "text": f"{security_scan.warning_count} Warnings",
            "icon": "fa-exclamation-triangle",
            "class": "badge-warning",
        },
        "critical": {
            "color": "danger",
            "text": f"{security_scan.critical_count} Critical Issues",
            "icon": "fa-exclamation-circle",
            "class": "badge-danger",
        },
    }

    return badges.get(status, badges["passed"])