Beispiel #1
0
    def upload_policy(self):
        # if a policy of the same name already exists, delete it prior to upload
        try:
            api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
            # bit of ugliness here. I'd like to just have the policy name at this point but I don't
            # so find it in the full path
            # TODO: Verify split here
            response = api.get_policy_by_name(
                ntpath.basename(self.webinspect_upload_policy).split('.')[0])
            if response.success and response.response_code == 200:  # the policy exists on the server already
                api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
                response = api.delete_policy(response.data['uniqueId'])
                if response.success:
                    Logger.app.debug("Deleted policy {} from server".format(
                        ntpath.basename(
                            self.webinspect_upload_policy).split('.')[0]))
        except (ValueError, UnboundLocalError, TypeError) as e:
            Logger.app.error(
                "Verify if deletion of existing policy failed: {}".format(e))

        try:
            api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
            response = api.upload_policy(self.webinspect_upload_policy)

            if response.success:
                Logger.console.debug("Uploaded policy {} to server.".format(
                    self.webinspect_upload_policy))
            else:
                Logger.app.error("Error uploading policy {0}. {1}".format(
                    self.webinspect_upload_policy, response.message))

        except (ValueError, UnboundLocalError, TypeError) as e:
            Logger.app.error("Error uploading policy {}".format(e))
Beispiel #2
0
    def export_scan_results(self, scan_id, scan_name, extension):
        """
        Download scan as a xml for Threadfix or other Vuln Management System
        :param scan_id:
        :param scan_name:
        :param extension:
        """
        try:
            scan_name = self.trim_ext(scan_name)
            Logger.app.debug('Exporting scan: {}'.format(scan_id))
            detail_type = 'Full' if extension == 'xml' else None
            api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
            response = api.export_scan_format(scan_id, extension, detail_type)

            if response.success:
                try:
                    with open('{0}.{1}'.format(scan_name, extension), 'wb') as f:
                        Logger.app.info('Scan results file is available: {0}.{1}'.format(scan_name, extension))
                        f.write(response.data)
                except UnboundLocalError as e:
                    Logger.app.error('Error saving file locally {}'.format(e))
            elif response.response_code == 401:
                Logger.app.critical("An Authorization Error occured.")
                sys.exit(ExitStatus.failure)
            else:
                Logger.app.error('Unable to retrieve scan results. {} '.format(response.message))
        except (ValueError, UnboundLocalError, NameError) as e:
            logexceptionhelper.LogErrorWebInspectDownload(e)
Beispiel #3
0
 def list_proxy(self):
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
     response = api.list_proxies()
     if response.success:
         return response.data
     else:
         Logger.app.critical("{}".format(response.message))
Beispiel #4
0
    def create_scan(self):
        """
        Launches and monitors a scan
        :return: If scan was able to launch, scan_id. Otherwise none.
        """
        Logger.app.debug("Creating Scan in webinspect client")
        overrides = json.dumps(
            webinspectjson.formatted_settings_payload(
                self.settings, self.scan_name, self.runenv, self.scan_mode,
                self.scan_scope, self.login_macro, self.scan_policy,
                self.scan_start, self.start_urls, self.workflow_macros,
                self.allowed_hosts))

        api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
        response = api.create_scan(overrides)

        logger_response = json.dumps(response,
                                     default=lambda o: o.__dict__,
                                     sort_keys=True)
        Logger.app.debug("Request sent to {0}:\n{1}".format(
            self.url, overrides))
        Logger.app.debug("Response from {0}:\n{1}\n".format(
            self.url, logger_response))

        if response.success:
            scan_id = response.data['ScanId']
            sys.stdout.write(
                str('WebInspect scan launched on {0} your scan id: {1}\n'.
                    format(self.url, scan_id)))
        else:
            Logger.app.error("No scan was launched!")
            Logger.app.error("{}".format(response.message))
            return False
        return scan_id
Beispiel #5
0
    def export_scan_results(self, scan_id, extension):
        """
        Save scan results to file
        :param scan_id:
        :param extension:
        :return:
        """
        # Export scan as a xml for Threadfix or other Vuln Management System
        Logger.app.info('Exporting scan: {} as {}'.format(scan_id, extension))
        detail_type = 'Full' if extension == 'xml' else None
        api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
        response = api.export_scan_format(scan_id, extension, detail_type)

        if response.success:
            try:
                with open('{0}.{1}'.format(self.scan_name, extension),
                          'wb') as f:
                    Logger.app.debug(
                        str('Scan results file is available: {0}.{1}\n'.format(
                            self.scan_name, extension)))
                    f.write(response.data)
                    print(
                        str('Scan results file is available: {0}.{1}\n'.format(
                            self.scan_name, extension)))
            except UnboundLocalError as e:
                Logger.app.error('Error saving file locally {}'.format(e))
        else:
            Logger.app.error('Unable to retrieve scan results. {} '.format(
                response.message))
Beispiel #6
0
    def download_proxy(self, webmacro, setting):
        Logger.app.debug('Downloading from: {}'.format(self.proxy_name))
        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
        if webmacro:
            response = api.download_proxy_webmacro(self.proxy_name)
            extension = 'webmacro'
        elif setting:
            response = api.download_proxy_setting(self.proxy_name)
            extension = 'xml'
        else:
            Logger.app.error("Please enter a file type to download.")
            return 1

        if response.success:
            try:
                with open('{0}-proxy.{1}'.format(self.proxy_name, extension),
                          'wb') as f:
                    Logger.app.info(
                        'Scan results file is available: {0}-proxy.{1}'.format(
                            self.proxy_name, extension))
                    f.write(response.data)
            except UnboundLocalError as e:
                Logger.app.error('Error saving file locally {}'.format(e))
        else:
            Logger.app.error('Unable to retrieve file. {} '.format(
                response.message))
Beispiel #7
0
 def get_policy_by_name(self, policy_name):
     api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
     response = api.get_policy_by_name(policy_name)
     if response.success:
         return response.data
     else:
         return None
Beispiel #8
0
    def start_proxy(self):

        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
        response = api.start_proxy(self.proxy_name, self.port, "")
        if response.success:
            return response.data
        else:
            Logger.app.critical("{}".format(response.message))
 def get_scan_by_name(self, scan_name):
     """
     Search Webinspect server for a scan matching scan_name
     :param scan_name:
     :return: List of search results
     """
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
     return api.get_scan_by_name(scan_name).data
Beispiel #10
0
 def get_proxy(self):
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
     response = api.get_proxy_information(self.proxy_name)
     if response.response_code == 401:
         Logger.app.critical("An Authorization Error occured.")
         exit(1)
     if response.success:
         return response.data
Beispiel #11
0
 def get_scan_status(self, scan_guid):
     api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
     try:
         response = api.get_current_status(scan_guid)
         status = json.loads(response.data_json())['ScanStatus']
         return status
     except (ValueError, UnboundLocalError, TypeError) as e:
         Logger.app.error("get_scan_status failed: {}".format(e))
         return "Unknown"
Beispiel #12
0
    def delete_proxy(self):

        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
        response = api.delete_proxy(self.proxy_name)
        if response.success:
            Logger.app.info("Proxy: '{0}' deleted from '{1}'".format(
                self.proxy_name, self.host))
        else:
            Logger.app.critical("{}".format(response.message))
Beispiel #13
0
 def list_proxy(self):
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
     response = api.list_proxies()
     if response.response_code == 401:
         Logger.app.critical("An Authorization Error occured.")
         exit(1)
     if response.success:
         return response.data
     else:
         Logger.app.critical("{}".format(response.message))
Beispiel #14
0
    def get_scan_log(self, scan_name=None, scan_guid=None):
        try:

            if scan_name:
                api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
                response = api.get_scan_by_name(scan_name)
                if response.success:
                    scan_guid = response.data[0]['ID']
                else:
                    Logger.app.error(response.message)
                    return None

            api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
            response = api.get_scan_log(scan_guid)
            if response.success:
                return response.data_json()
            else:
                return None
        except (ValueError, UnboundLocalError) as e:
            Logger.app.error("get_scan_log failed: {}".format(e))
Beispiel #15
0
    def delete_proxy(self):

        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
        response = api.delete_proxy(self.proxy_name)
        if response.response_code == 401:
            Logger.app.critical("An Authorization Error occured.")
            exit(1)
        if response.success:
            Logger.app.info("Proxy: '{0}' deleted from '{1}'".format(self.proxy_name, self.host))
        else:
            Logger.app.critical("{}".format(response.message))
Beispiel #16
0
 def list_scans(self):
     """
     List all scans found on host
     :return: response.data from the Webinspect server
     """
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
     response = api.list_scans()
     if response.success:
         return response.data
     else:
         Logger.app.critical("{}".format(response.message))
Beispiel #17
0
    def list_webmacros(self):
        try:
            api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
            response = api.list_webmacros()

            if response.success:
                for webmacro in response.data:
                    Logger.console.info("{}".format(webmacro))
            else:
                Logger.app.error("{}".format(response.message))

        except (ValueError, UnboundLocalError) as e:
            Logger.app.error("list_webmacros failed: {}".format(e))
 def list_scans(self):
     """
     List all scans found on host
     :param scan_id:
     :return:
     """
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
     response = api.list_scans()
     if response.success:
         for scan in response.data:
             Logger.console.info("{0:80} {1:40} {2:10}".format(scan['Name'], scan['ID'], scan['Status']))
     else:
         Logger.app.critical("{}".format(response.message))
Beispiel #19
0
 def get_scan_status(self, scan_guid):
     """
     Get scan status from the Webinspect server
     :param scan_guid:
     :return: Current status of scan
     """
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
     try:
         response = api.get_current_status(scan_guid)
         status = json.loads(response.data_json())['ScanStatus']
         return status
     except (ValueError, TypeError, UnboundLocalError) as e:
         Logger.app.error("get_scan_status failed: {}".format(e))
         return None
Beispiel #20
0
    def __settings_exists__(self):
        try:
            api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
            response = api.list_settings()

            if response.success:
                for setting in response.data:
                    if setting in self.settings:
                        return True

        except (ValueError, UnboundLocalError) as e:
            Logger.app.error(
                "Unable to determine if setting file exists, scan will continue without setting!"
                "Error: {}".format(e))
        return False
Beispiel #21
0
    def upload_webmacros(self):
        try:
            for webmacro in self.webinspect_upload_webmacros:
                api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
                response = api.upload_webmacro(webmacro)
                if response.success:
                    Logger.console.debug(
                        "Uploaded webmacro {} to server.".format(webmacro))
                else:
                    Logger.app.error(
                        "Error uploading webmacro {0}. {1}".format(
                            webmacro, response.message))

        except (ValueError, UnboundLocalError) as e:
            Logger.app.error("Error uploading webmacro {}".format(e))
Beispiel #22
0
    def upload_settings(self):

        try:
            api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
            response = api.upload_settings(self.webinspect_upload_settings)

            if response.success:
                Logger.console.debug("Uploaded settings {} to server.".format(
                    self.webinspect_upload_settings))
            else:
                Logger.app.error("Error uploading settings {0}. {1}".format(
                    self.webinspect_upload_settings, response.message))

        except (ValueError, UnboundLocalError) as e:
            Logger.app.error("Error uploading settings {}".format(e))
Beispiel #23
0
    def upload_proxy(self, upload_file):
        Logger.app.info("Uploading to: '{}'".format(self.proxy_name))
        try:
            api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
            response = api.upload_webmacro_proxy(self.proxy_name, upload_file)

            if response.success:
                Logger.app.info("Uploaded '{0}' to '{1}' on: {2}.".format(
                    upload_file, self.proxy_name, self.host))
            else:
                Logger.app.error("Uploading {0} gave error: {1}".format(
                    upload_file, response.message))
                return 1
        except (ValueError, UnboundLocalError) as e:
            Logger.app.error("Error uploading policy {}".format(e))
            return 1
Beispiel #24
0
    def wait_for_scan_status_change(self, scan_id):
        """
        Blocking call, will remain in this method until status of scan changes
        :param scan_id:
        :return:
        """
        # WebInspect Scan has started, wait here until it's done
        api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
        response = api.wait_for_status_change(
            scan_id)  # this line is the blocker

        if response.success:
            Logger.console.debug('Scan status {}'.format(response.data))
        else:
            Logger.app.debug('Scan status not known because: {}'.format(
                response.message))
Beispiel #25
0
    def get_cert_proxy(self):
        path = Config().cert

        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
        response = api.cert_proxy()
        if response.success:
            try:
                with open(path, 'wb') as f:
                    f.write(response.data)
                    Logger.app.info(
                        'Cert has downloaded to\t:\t{}'.format(path))
            except UnboundLocalError as e:
                Logger.app.error('Error saving cert locally {}'.format(e))
        else:
            Logger.app.error('Unable to retrieve cert.\n ERROR: {} '.format(
                response.message))
Beispiel #26
0
    def get_scan_by_name(self, scan_name):
        """
        Search Webinspect server for a scan matching scan_name
        :param scan_name:
        :return: List of search results
        """
        scan_name = self.trim_ext(scan_name)
        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)

        response = api.get_scan_by_name(scan_name)

        if response.response_code == 401:
            Logger.app.critical("An Authorization Error occured.")
            sys.exit(ExitStatus.failure)

        return response.data
Beispiel #27
0
 def upload_proxy(self, upload_file):
     Logger.app.info("Uploading to: '{}'".format(self.proxy_name))
     try:
         api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
         response = api.upload_webmacro_proxy(self.proxy_name, upload_file)
         if response.response_code == 401:
             Logger.app.critical("An Authorization Error occured.")
             exit(1)
         if response.success:
             Logger.app.info("Uploaded '{0}' to '{1}' on: {2}.".format(upload_file, self.proxy_name, self.host))
         else:
             Logger.app.error("Uploading {0} gave error: {1}".format(upload_file, response.message))
             return 1
     except (ValueError, UnboundLocalError) as e:
         Logger.app.error("Error uploading policy {}".format(e))
         return 1
Beispiel #28
0
 def list_scans(self):
     """
     List all scans found on host
     :return: response.data from the Webinspect server
     """
     try:
         api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
         response = api.list_scans()
         if response.success:
             return response.data
         elif response.response_code == 401:
             Logger.app.critical("An Authorization Error occured.")
             sys.exit(ExitStatus.failure)
         else:
             Logger.app.critical("{}".format(response.message))
     except (ValueError, UnboundLocalError, NameError) as e:
         Logger.app.error("There was an error listing WebInspect scans! {}".format(e))
Beispiel #29
0
 def get_scan_status(self, scan_guid):
     """
     Get scan status from the Webinspect server
     :param scan_guid:
     :return: Current status of scan
     """
     api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
     try:
         response = api.get_current_status(scan_guid)
         if response.response_code == 401:
             Logger.app.critical("An Authorization Error occured.")
             sys.exit(ExitStatus.failure)
         status = json.loads(response.data_json())['ScanStatus']
         return status
     except (ValueError, TypeError, UnboundLocalError) as e:
         Logger.app.error("There was an error getting scan status: {}".format(e))
         return None
Beispiel #30
0
    def get_cert_proxy(self):
        path = Config().cert

        api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
        response = api.cert_proxy()
        if response.response_code == 401:
            Logger.app.critical("An Authorization Error occured.")
            exit(1)
        if response.success:
            try:
                with open(path, 'wb') as f:
                    f.write(response.data)
                    Logger.app.info('Cert has downloaded to\t:\t{}'.format(path))
            except UnboundLocalError as e:
                Logger.app.error('Error saving cert locally {}'.format(e))
        else:
            Logger.app.error('Unable to retrieve cert.\n ERROR: {} '.format(response.message))