def cli():
# Show something pretty to start
webbreaker_ascii = WebBreakerHelper.ascii_motd()
b = WebBreakerHelper.banner(text=(webbreaker_ascii))
sys.stdout.write(str("{0}\nVersion {1}\n".format(b, version)))
sys.stdout.write(str("Logging to files: {}\n".format(Logger.app_logfile)))
SecretClient().verify_secret()
def __init__(self, override_dict):
try:
# used in some of the parse_overrides functions
self.webinspect_dir = override_dict['git']
self.username = override_dict['username']
self.password = override_dict['password']
self.settings = override_dict['settings']
self.scan_name = override_dict['scan_name']
# Deprecate these click options
self.webinspect_upload_settings = override_dict['upload_settings']
self.webinspect_upload_policy = override_dict['upload_policy']
self.webinspect_upload_webmacros = override_dict[
'upload_webmacros']
# end deprecation
self.scan_mode = override_dict['scan_mode']
self.scan_scope = override_dict['scan_scope']
self.login_macro = override_dict['login_macro']
self.scan_policy = override_dict['scan_policy']
self.scan_start = override_dict['scan_start']
self.scan_size = override_dict['size']
self.fortify_user = override_dict['fortify_user']
self.targets = None # to be set in a parse function
# need to convert tuple to list
self.start_urls = list(override_dict['start_urls'])
self.workflow_macros = list(override_dict['workflow_macros'])
self.allowed_hosts = list(override_dict['allowed_hosts'])
self.endpoint = self.get_endpoint()
self.runenv = WebBreakerHelper.check_run_env()
# prepare the options
self._parse_webinspect_overrides()
Logger.app.debug("Completed webinspect client initialization")
Logger.app.debug("url: {}".format(self.endpoint))
Logger.app.debug("settings: {}".format(self.settings))
Logger.app.debug("scan_name: {}".format(self.scan_name))
Logger.app.debug("upload_settings: {}".format(
self.webinspect_upload_settings))
Logger.app.debug("upload_policy: {}".format(
self.webinspect_upload_policy))
Logger.app.debug("upload_webmacros: {}".format(
self.webinspect_upload_webmacros))
Logger.app.debug("workflow_macros: {}".format(
self.workflow_macros))
Logger.app.debug("allowed_hosts: {}".format(self.allowed_hosts))
Logger.app.debug("scan_mode: {}".format(self.scan_mode))
Logger.app.debug("scan_scope: {}".format(self.scan_scope))
Logger.app.debug("login_macro: {}".format(self.login_macro))
Logger.app.debug("scan_policy: {}".format(self.scan_policy))
Logger.app.debug("scan_start: {}".format(self.scan_start))
Logger.app.debug("start_urls: {}".format(self.start_urls))
Logger.app.debug("fortify_user: {}".format(self.fortify_user))
except (EnvironmentError, TypeError) as e:
webinspectloghelper.log_error_scan_overrides_parsing_error(e)
sys.exit(ExitStatus.failure)
class Config(object):
def __init__(self):
self.debug = False
pass_config = click.make_pass_decorator(Config, ensure=True)
def fortify_prompt():
fortify_user = click.prompt('Fortify user')
fortify_password = click.prompt('Fortify password', hide_input=True)
return fortify_user, fortify_password
@click.group(help=WebBreakerHelper().webbreaker_desc())
def cli():
# Show something pretty to start
webbreaker_ascii = WebBreakerHelper.ascii_motd()
b = WebBreakerHelper.banner(text=(webbreaker_ascii))
sys.stdout.write(str("{0}\nVersion {1}\n".format(b, version)))
sys.stdout.write(str("Logging to files: {}\n".format(Logger.app_logfile)))
SecretClient().verify_secret()
@cli.group(
short_help="Interaction with Webinspect RESTFul API",
help=WebBreakerHelper().webinspect_desc(),
)
def webinspect():
# Python2/3 compatibility statements
try:
import ConfigParser as configparser
config = configparser.SafeConfigParser()
except ImportError: # Python3
import configparser
config = configparser.ConfigParser()
try:
FileNotFoundError # Python 3
except NameError: # Python 2
FileNotFoundError = IOError
runenv = WebBreakerHelper.check_run_env()
webinspectloghelper = WebInspectLogHelper()
class WebInspectConfig(object):
def __init__(self):
Logger.app.debug("Starting webinspect config initialization")
try:
webinspect_dict = self._get_webinspect_settings()
self.endpoints = webinspect_dict['endpoints']
self.webinspect_git = webinspect_dict['git']
self.mapped_policies = webinspect_dict['mapped_policies']
self.verify_ssl = convert_verify_ssl_config(webinspect_dict['verify_ssl'])
except KeyError as e:
Logger.app.error("Your configurations file or scan setting is incorrect : {}!!!".format(e))
Logger.app.debug("Completed webinspect config initialization")
def set_config(self):
# SSC URL exclude the /ssc context
# TODO: Change ssc_url -> fortify_url or vice versa. Just standardize
# Default Fortify SSC Application
self.conf_get('fortify', 'application_name', 'WEBINSPECT')
# Default verify_ssl value
self.conf_get('fortify', 'verify_ssl', 'False')
self.conf_get('fortify', 'ssc_url', 'https://fortify.example.com/ssc')
# Fortify SSC authentication execute, webbreaker admin credentials --fortify
self.conf_get('fortify', 'username', '')
self.conf_get('fortify', 'password', '')
# Default & a custom Fortify SSC Application Version attribute values and
# Application (Project) Template associated to the Application Version
self.conf_get('fortify', 'project_template', 'Prioritized High Risk Issue Template')
self.conf_get('fortify', 'business_risk_ranking', 'High')
self.conf_get('fortify', 'development_phase', 'Active')
self.conf_get('fortify', 'development_strategy', 'Internal')
self.conf_get('fortify', 'accessibility', 'externalpublicnetwork')
self.conf_get('fortify', 'custom_attribute_name', '')
self.conf_get('fortify', 'custom_attribute_value', '')
# ThreadFix URL and ThreadFix API Key')
self.conf_get('threadfix', 'host', 'https://threadfix.example.com:8443/threadfix')
self.conf_get('threadfix', 'api_key', '')
# WebInspect load balancing, size of server is bound to CPU & memory available
self.conf_get('webinspect', 'large_server_max_concurrent_scans', '2')
self.conf_get('webinspect', 'medium_server_max_concurrent_scans', '1')
self.conf_get('webinspect', 'small_server_max_concurrent_scans', '1')
# WebInspect server(s) RESTFul API endpoints
self.conf_get('webinspect', 'server_01', 'https://webinspect-server-1.example.com:8083')
self.conf_get('webinspect', 'endpoint_01', '%(server_01)s|%(large_server_max_concurrent_scans)s')
self.conf_get('webinspect', 'git_repo', 'https://github.com/webbreaker/webinspect.git')
# API authentication set to true execute, webbreaker admin credentials --webinspect
self.conf_get('webinspect', 'authenticate', 'false')
self.conf_get('webinspect', 'username', '')
self.conf_get('webinspect', 'password', '')
self.conf_get('webinspect', 'verify_ssl', 'False')
# Built-in WebInspect policies, other policies may be appended
self.conf_get('webinspect_policy', 'aggressivesqlinjection', '032b1266-294d-42e9-b5f0-2a4239b23941')
self.conf_get('webinspect_policy', 'allchecks', '08cd4862-6334-4b0e-abf5-cb7685d0cde7')
self.conf_get('webinspect_policy', 'apachestruts', '786eebac-f962-444c-8c59-7bf08a6640fd')
self.conf_get('webinspect_policy', 'application', '8761116c-ad40-438a-934c-677cd6d03afb')
self.conf_get('webinspect_policy', 'assault', '0a614b23-31fa-49a6-a16c-8117932345d8')
self.conf_get('webinspect_policy', 'blank', 'adb11ba6-b4b5-45a6-aac7-1f7d4852a2f6')
self.conf_get('webinspect_policy', 'criticalsandhighs', '7235cf62-ee1a-4045-88f8-898c1735856f')
self.conf_get('webinspect_policy', 'crosssitescripting', '49cb3995-b3bc-4c44-8aee-2e77c9285038')
self.conf_get('webinspect_policy', 'development', '9378c6fa-63ec-4332-8539-c4670317e0a6')
self.conf_get('webinspect_policy', 'mobile', 'be20c7a7-8fdd-4bed-beb7-cd035464bfd0')
self.conf_get('webinspect_policy', 'nosqlandnode.js', 'a2c788cc-a3a9-4007-93cf-e371339b2aa9')
self.conf_get('webinspect_policy', 'opensslheartbleed', '5078b547-8623-499d-bdb4-c668ced7693c')
self.conf_get('webinspect_policy', 'owasptop10applicationsecurityrisks2013',
'48cab8a0-669e-438a-9f91-d26bc9a24435')
self.conf_get('webinspect_policy', 'owasptop10applicationsecurityrisks2007',
'ece17001-da82-459a-a163-901549c37b6d')
self.conf_get('webinspect_policy', 'owasptop10applicationsecurityrisks2010',
'8a7152d5-2637-41e0-8b14-1330828bb3b1')
self.conf_get('webinspect_policy', 'passivescan', '40bf42fb-86d5-4355-8177-4b679ef87518')
self.conf_get('webinspect_policy', 'platform', 'f9ae1fc1-3aba-4559-b243-79e1a98fd456')
self.conf_get('webinspect_policy', 'privilegeescalation', 'bab6348e-2a23-4a56-9427-2febb44a7ac4')
self.conf_get('webinspect_policy', 'qa', '5b4d7223-a30f-43a1-af30-0cf0e5cfd8ed')
self.conf_get('webinspect_policy', 'quick', 'e30efb2a-24b0-4a7b-b256-440ab57fe751')
self.conf_get('webinspect_policy', 'safe', 'def6a5b3-d785-40bc-b63b-6b441b315bf0')
self.conf_get('webinspect_policy', 'soap', 'a7eb86b8-c3fb-4e88-bc59-5253887ea5b1')
self.conf_get('webinspect_policy', 'sqlinjection', '6df62f30-4d47-40ec-b3a7-dad80d33f613')
self.conf_get('webinspect_policy', 'standard', 'cb72a7c2-9207-4ee7-94d0-edd14a47c15c')
self.conf_get('webinspect_policy', 'transportlayersecurity', '0fa627de-3f1c-4640-a7d3-154e96cda93c')
# smnp email host, port and email addresses required for email functionality.
self.conf_get('emailer', 'smtp_host', 'smtp.example.com')
self.conf_get('emailer', 'smtp_port', '25')
self.conf_get('emailer', 'from_address', '*****@*****.**')
self.conf_get('emailer', 'to_address', '*****@*****.**')
self.conf_get('emailer', 'default_to_address', '')
self.conf_get('emailer', 'email_template', WebBreakerHelper().email_template_config())