From 67c4f7938568b9b5171f46b4f7f7a707080af5f0 Mon Sep 17 00:00:00 2001
From: Aaron Meihm <ameihm@mozilla.com>
Date: Thu, 24 Nov 2016 10:39:36 -0600
Subject: [PATCH] add flag to optionally filter plugin output

---
 runscan/runscan.py | 19 +++++++++++++------
 scanapi/scanapi.py | 16 +++++++++++-----
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/runscan/runscan.py b/runscan/runscan.py
index 10fb5c4..11a3e5b 100755
--- a/runscan/runscan.py
+++ b/runscan/runscan.py
@@ -73,8 +73,12 @@ class ScanAPIRequestor(object):
     def request_scan_completed(self, scanid):
         return self.request_results(scanid)['completed']
 
-    def request_results(self, scanid, mincvss=None):
-        self.request('scan/results', 'get', params={'scanid': scanid, 'mincvss': mincvss})
+    def request_results(self, scanid, mincvss=None, nooutput=False):
+        noflag = None
+        if nooutput:
+            noflag = '1'
+        self.request('scan/results', 'get', params={'scanid': scanid, 'mincvss': mincvss,
+            'nooutput': noflag})
         return self.body
 
     def request_results_csv(self, scanid):
@@ -180,14 +184,15 @@ def get_policies():
         sys.stdout.write('id={} name=\'{}\' description=\'{}\'\n'.format(x['id'],
             x['name'], x['description']))
 
-def get_results(scanid, mozdef=None, mincvss=None, serviceapi=None, csv=False):
+def get_results(scanid, mozdef=None, mincvss=None, serviceapi=None, csv=False,
+        nooutput=False):
     if not requestor.request_scan_completed(scanid):
         sys.stdout.write('Scan incomplete\n')
         return
     if csv:
         sys.stdout.write(requestor.request_results_csv(scanid))
         return
-    resp = requestor.request_results(scanid, mincvss=mincvss)
+    resp = requestor.request_results(scanid, mincvss=mincvss, nooutput=nooutput)
     if serviceapi != None:
         resp = ScanAPIServices(resp, serviceapi).execute()
     if mozdef == None:
@@ -230,6 +235,8 @@ def domain():
             metavar='mozdefurl')
     parser.add_argument('--mincvss', help='filter vulnerabilities below specified cvss score',
             metavar='cvss')
+    parser.add_argument('--nooutput', help='don\'t include plugin output in results',
+            action='store_true')
     parser.add_argument('--serviceapi', help='integrate with serviceapi for host ownership and indicators' +
             ', used when fetching results', metavar='sapiurl')
     parser.add_argument('-s', help='run scan on comma separated targets, can also be filename with targets',
@@ -252,7 +259,7 @@ def domain():
         get_policies()
     elif args.r != None:
         get_results(args.r, mozdef=args.mozdef, mincvss=args.mincvss,
-                serviceapi=args.serviceapi, csv=args.csv)
+                serviceapi=args.serviceapi, csv=args.csv, nooutput=args.nooutput)
     elif args.D != None:
         purge_scans(args.D)
     elif args.s != None:
@@ -271,7 +278,7 @@ def domain():
             while not requestor.request_scan_completed(scanid):
                 time.sleep(15)
             get_results(scanid, mozdef=args.mozdef, mincvss=args.mincvss,
-                    serviceapi=args.serviceapi, csv=args.csv)
+                    serviceapi=args.serviceapi, csv=args.csv, nooutput=nooutput)
         else:
             sys.stdout.write(scanid + '\n')
     else:
diff --git a/scanapi/scanapi.py b/scanapi/scanapi.py
index 5cc3593..4ca02cb 100755
--- a/scanapi/scanapi.py
+++ b/scanapi/scanapi.py
@@ -32,11 +32,12 @@ class ScanAPIConfig(object):
         self.appkeys = []
 
 class ScanAPIParser(object):
-    def __init__(self, content, hostinfo, timeinfo, mincvss=None):
+    def __init__(self, content, hostinfo, timeinfo, mincvss=None, nooutput=False):
         self._result = []
         self._content = content
         self._hostinfo = hostinfo
         self._timeinfo = timeinfo
+        self._nooutput = nooutput
         self._fd = StringIO.StringIO(self._content)
         self._reader = csv.reader(self._fd)
         self._state = {}
@@ -117,9 +118,10 @@ class ScanAPIParser(object):
         newvuln = {
                 'risk': entry['risk'].lower(),
                 'name': entry['name'],
-                'output': entry['output'],
                 'vulnerable_packages': []
                 }
+        if not self._nooutput:
+            newvuln['output'] = entry['output']
         if entry['cve'] != '':
             newvuln.update({'cve': entry['cve'], 'cvss': entry['cvss']})
 
@@ -330,14 +332,15 @@ class ScanAPIScanner(object):
         return self._scanner.action('scans/' + str(scan['id']) + '/export/' +
                 str(fileid) + '/download', method='get', download=True)
 
-    def scan_results(self, scanid, mincvss=None):
+    def scan_results(self, scanid, mincvss=None, nooutput=False):
         ret = {}
         # export and transform the entire scan result set; use csv output here
         content = self.scan_results_csv(scanid)
         hostinfo = self._supplemental_hostinfo(scanid)
         timeinfo = self._supplemental_timeinfo(scanid)
         ret['zone'] = cfg.zone
-        ret['details'] = ScanAPIParser(content, hostinfo, timeinfo, mincvss=mincvss).result()
+        ret['details'] = ScanAPIParser(content, hostinfo, timeinfo,
+                mincvss=mincvss, nooutput=nooutput).result()
         return ret
 
     def get_policies(self, filter_scanapi=False):
@@ -451,10 +454,13 @@ def api_get_scan_results():
     ret = {'completed': False}
     scanid = request.args.get('scanid')
     mincvss = request.args.get('mincvss')
+    nooutput = False
+    if request.args.get('nooutput') != None:
+        nooutput = True
     if not scanner.scan_completed(scanid):
         return json.dumps(ret)
     ret['completed'] = True
-    ret['results'] = scanner.scan_results(scanid, mincvss=mincvss)
+    ret['results'] = scanner.scan_results(scanid, mincvss=mincvss, nooutput=nooutput)
     return response(json.dumps(ret))
 
 @app.route('/api/v1/scan', methods=['POST'])