зеркало из https://github.com/mozilla/scanapi.git
add flag to optionally filter plugin output
This commit is contained in:
Aaron Meihm
Родитель
ae5465da80
Коммит
67c4f79385
|
|
@ -73,8 +73,12 @@ class ScanAPIRequestor(object):
|
|||
def request_scan_completed(self, scanid):
|
||||
return self.request_results(scanid)['completed']
|
||||
|
||||
def request_results(self, scanid, mincvss=None):
|
||||
self.request('scan/results', 'get', params={'scanid': scanid, 'mincvss': mincvss})
|
||||
def request_results(self, scanid, mincvss=None, nooutput=False):
|
||||
noflag = None
|
||||
if nooutput:
|
||||
noflag = '1'
|
||||
self.request('scan/results', 'get', params={'scanid': scanid, 'mincvss': mincvss,
|
||||
'nooutput': noflag})
|
||||
return self.body
|
||||
|
||||
def request_results_csv(self, scanid):
|
||||
|
|
@ -180,14 +184,15 @@ def get_policies():
|
|||
sys.stdout.write('id={} name=\'{}\' description=\'{}\'\n'.format(x['id'],
|
||||
x['name'], x['description']))
|
||||
|
||||
def get_results(scanid, mozdef=None, mincvss=None, serviceapi=None, csv=False):
|
||||
def get_results(scanid, mozdef=None, mincvss=None, serviceapi=None, csv=False,
|
||||
nooutput=False):
|
||||
if not requestor.request_scan_completed(scanid):
|
||||
sys.stdout.write('Scan incomplete\n')
|
||||
return
|
||||
if csv:
|
||||
sys.stdout.write(requestor.request_results_csv(scanid))
|
||||
return
|
||||
resp = requestor.request_results(scanid, mincvss=mincvss)
|
||||
resp = requestor.request_results(scanid, mincvss=mincvss, nooutput=nooutput)
|
||||
if serviceapi != None:
|
||||
resp = ScanAPIServices(resp, serviceapi).execute()
|
||||
if mozdef == None:
|
||||
|
|
@ -230,6 +235,8 @@ def domain():
|
|||
metavar='mozdefurl')
|
||||
parser.add_argument('--mincvss', help='filter vulnerabilities below specified cvss score',
|
||||
metavar='cvss')
|
||||
parser.add_argument('--nooutput', help='don\'t include plugin output in results',
|
||||
action='store_true')
|
||||
parser.add_argument('--serviceapi', help='integrate with serviceapi for host ownership and indicators' +
|
||||
', used when fetching results', metavar='sapiurl')
|
||||
parser.add_argument('-s', help='run scan on comma separated targets, can also be filename with targets',
|
||||
|
|
@ -252,7 +259,7 @@ def domain():
|
|||
get_policies()
|
||||
elif args.r != None:
|
||||
get_results(args.r, mozdef=args.mozdef, mincvss=args.mincvss,
|
||||
serviceapi=args.serviceapi, csv=args.csv)
|
||||
serviceapi=args.serviceapi, csv=args.csv, nooutput=args.nooutput)
|
||||
elif args.D != None:
|
||||
purge_scans(args.D)
|
||||
elif args.s != None:
|
||||
|
|
@ -271,7 +278,7 @@ def domain():
|
|||
while not requestor.request_scan_completed(scanid):
|
||||
time.sleep(15)
|
||||
get_results(scanid, mozdef=args.mozdef, mincvss=args.mincvss,
|
||||
serviceapi=args.serviceapi, csv=args.csv)
|
||||
serviceapi=args.serviceapi, csv=args.csv, nooutput=nooutput)
|
||||
else:
|
||||
sys.stdout.write(scanid + '\n')
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -32,11 +32,12 @@ class ScanAPIConfig(object):
|
|||
self.appkeys = []
|
||||
|
||||
class ScanAPIParser(object):
|
||||
def __init__(self, content, hostinfo, timeinfo, mincvss=None):
|
||||
def __init__(self, content, hostinfo, timeinfo, mincvss=None, nooutput=False):
|
||||
self._result = []
|
||||
self._content = content
|
||||
self._hostinfo = hostinfo
|
||||
self._timeinfo = timeinfo
|
||||
self._nooutput = nooutput
|
||||
self._fd = StringIO.StringIO(self._content)
|
||||
self._reader = csv.reader(self._fd)
|
||||
self._state = {}
|
||||
|
|
@ -117,9 +118,10 @@ class ScanAPIParser(object):
|
|||
newvuln = {
|
||||
'risk': entry['risk'].lower(),
|
||||
'name': entry['name'],
|
||||
'output': entry['output'],
|
||||
'vulnerable_packages': []
|
||||
}
|
||||
if not self._nooutput:
|
||||
newvuln['output'] = entry['output']
|
||||
if entry['cve'] != '':
|
||||
newvuln.update({'cve': entry['cve'], 'cvss': entry['cvss']})
|
||||
|
||||
|
|
@ -330,14 +332,15 @@ class ScanAPIScanner(object):
|
|||
return self._scanner.action('scans/' + str(scan['id']) + '/export/' +
|
||||
str(fileid) + '/download', method='get', download=True)
|
||||
|
||||
def scan_results(self, scanid, mincvss=None):
|
||||
def scan_results(self, scanid, mincvss=None, nooutput=False):
|
||||
ret = {}
|
||||
# export and transform the entire scan result set; use csv output here
|
||||
content = self.scan_results_csv(scanid)
|
||||
hostinfo = self._supplemental_hostinfo(scanid)
|
||||
timeinfo = self._supplemental_timeinfo(scanid)
|
||||
ret['zone'] = cfg.zone
|
||||
ret['details'] = ScanAPIParser(content, hostinfo, timeinfo, mincvss=mincvss).result()
|
||||
ret['details'] = ScanAPIParser(content, hostinfo, timeinfo,
|
||||
mincvss=mincvss, nooutput=nooutput).result()
|
||||
return ret
|
||||
|
||||
def get_policies(self, filter_scanapi=False):
|
||||
|
|
@ -451,10 +454,13 @@ def api_get_scan_results():
|
|||
ret = {'completed': False}
|
||||
scanid = request.args.get('scanid')
|
||||
mincvss = request.args.get('mincvss')
|
||||
nooutput = False
|
||||
if request.args.get('nooutput') != None:
|
||||
nooutput = True
|
||||
if not scanner.scan_completed(scanid):
|
||||
return json.dumps(ret)
|
||||
ret['completed'] = True
|
||||
ret['results'] = scanner.scan_results(scanid, mincvss=mincvss)
|
||||
ret['results'] = scanner.scan_results(scanid, mincvss=mincvss, nooutput=nooutput)
|
||||
return response(json.dumps(ret))
|
||||
|
||||
@app.route('/api/v1/scan', methods=['POST'])
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче