def get_top_cve(session):
# Top ten most common CVEs across entire account: CVE ID, CVSS score, with
# counts.
# Need to go through each issues, get all the CVEs (there might be a list) and count them all as we go.
# then we need to look up the score for the CVEs once we have them
top_cve_issues = {}
csp_issues = cloudpassage.Issue(session)
list_of_issues = csp_issues.list_all()
for s in list_of_issues:
list_of_cves_from_issues = {}
if "cves" in s.keys():
list_of_cves_from_issues = s["cves"]
#pp.pprint(list_of_cves_from_issues)
for l in list_of_cves_from_issues:
if l in top_cve_issues.keys():
top_cve_issues[l] += 1
else:
top_cve_issues[l] = 0
top_cve_issues_sorted = sorted(top_cve_issues.items(),
key=lambda kv: (kv[1], kv[0]),
reverse=True)
cve = cloudpassage.CveDetails(session)
for i in range(0, 10):
print(
top_cve_issues_sorted[i][0], " |",
cve.describe(top_cve_issues_sorted[i][0])["CVSS Metrics"]["score"],
" |", top_cve_issues_sorted[i][1])
def build_issue_object(self):
session = cloudpassage.HaloSession(key_id, secret_key,
api_host=api_hostname,
api_port=api_port,
integration_string="SDK-Smoke")
issue_object = cloudpassage.Issue(session)
return(issue_object)
def test_describe_asset(self):
halo = self.get_halo_object()
issues_obj = cloudpassage.Issue(halo.session, endpoint_version=3)
target_issue = issues_obj.list_all()[0]
pprint.pprint(target_issue)
asset_url = target_issue["asset_url"]
result = halo.describe(asset_url)
assert result is not None
def test_describe_finding(self):
halo = self.get_halo_object()
issues_obj = cloudpassage.Issue(halo.session, endpoint_version=3)
target_issue = issues_obj.list_all()[0]
pprint.pprint(target_issue)
finding_url = target_issue["last_finding_urls"][-1]
result = halo.describe(finding_url)
assert result is not None
def __init__(self, key, secret, api_host):
"""Instantiate with key, secret, and API host.
Args:
config (ConfigHelper): Config Object
"""
self.logger = Logger()
integration = self.get_integration_string()
self.session = cloudpassage.HaloSession(key,
secret,
api_host=api_host,
integration_string=integration)
self.issue = cloudpassage.Issue(self.session, endpoint_version=3)
self.http_helper = cloudpassage.HttpHelper(self.session)
self.cve_detail = cloudpassage.CveDetails(self.session)
def get_server_config_issues(session):
# Top ten most common server configuration mistakes: CIS IDs, descriptions, and
#counts.
# Get the list of all the CSP issues by server limited to "csm" then count, and order the output.
top_server_issues = {}
csp_issues = cloudpassage.Issue(session)
list_of_issues = csp_issues.list_all(issue_type=["csm"])
for s in list_of_issues:
name_id = "%s" % (s["name"])
if name_id in top_server_issues.keys():
top_server_issues[name_id] += 1
else:
top_server_issues[name_id] = 1
top_server_issues_sorted = sorted(top_server_issues.items(),
key=lambda kv: (kv[1], kv[0]),
reverse=True)
for i in range(0, 10):
print(top_server_issues_sorted[i][0], " |",
top_server_issues_sorted[i][1])
def test_instantiation(self):
session = cloudpassage.HaloSession(key_id,
secret_key,
api_host=api_hostname,
api_port=api_port)
assert cloudpassage.Issue(session)
def __init__(self):
super(IssueController, self).__init__()
self.issue_obj = cloudpassage.Issue(self.session)
def test_instantiation(self):
assert cloudpassage.Issue(None)
class API(object):
api_key = '0039d8c0'
api_secret = '89b242b61b7f285cfc860a7e8ab13601'
session = cloudpassage.HaloSession(api_key, api_secret)
issue = cloudpassage.Issue(session)
def __init__(self):
list_of_servers = self.issue.list_all()
for s in list_of_servers:
print(s)
@classmethod
def get_root_group(cls, limit=10):
"""Return root group name via HALO API."""
return 'TEST'
@classmethod
def get_top_csp_issues(cls, limit=10):
"""Return top CSP issues via HALO API.
Args:
limit: The number of issues to return
Returns list of lists representing data for Rank, Account Name, and Count
"""
return [[i, 'CSP Account {}'.format(i), i * 3]
for i in range(1, limit + 1)]
@classmethod
def get_top_sva_issues(cls, limit=10):
"""Return top SVA issues via HALO API.
Args:
limit: The number of issues to return
Returns list of lists representing data for Rank, Account Name, and Count
"""
return [[i, 'CSP (SVA) Account {}'.format(i), i * 3]
for i in range(1, limit + 1)]
@classmethod
def get_top_config_issues(cls, limit=10):
"""Return top configuration issues via HALO API.
Args:
limit: The number of issues to return
Returns list of lists representing data for Rank, Account Name, and Count
"""
return [[i, 'CSP (Config) Account {}'.format(i), i * 3]
for i in range(1, limit + 1)]
@classmethod
def get_most_common_config_issues(cls, limit=10):
"""Return most common config issues via HALO API.
Args:
limit: The number of issues to return
Returns list of lists representing data for Description and Counts
"""
return [['Description {}'.format(i), i * 2]
for i in range(1, limit + 1)]
@classmethod
def get_most_common_server_config_mistakes(cls, limit=10):
"""Return most common server configuration mistakes via HALO API.
Args:
limit: The number of mistakes to return
Returns list of lists representing data for CIS ID, Description, and Counts
"""
return [[
'CIS ID {}'.format(i), 'CSP (Config) Account {}'.format(i), i * 4
] for i in range(1, limit + 1)]
@classmethod
def get_most_common_cves(cls, limit=10):
"""Return most common CVEs via HALO API.
Args:
limit: The number of CVEs to return
Returns list of lists representing data for CVE ID, CVSS score, Publish Date, link to NIST page, and Counts
"""
return [[
'CVE ID {}'.format(i), 'CVSS Score {}'.format(i), '2018-01-02',
'http://google.com', i * 5
] for i in range(1, limit + 1)]
import requests
import cloudpassage
from bs4 import BeautifulSoup
api_key = "cloud_passage_api_key"
api_secret = "cloud_passage_api_secret"
session = cloudpassage.HaloSession(api_key, api_secret)
issues = cloudpassage.Issue(session)
issue_list = issues.list_all()
all_cves = {}
for issue in issue_list:
if issue['issue_type'] == 'sva':
if issue['package_name'] != all_cves:
all_cves[issue['package_name']] = []
for cve in issue['cve_ids']:
all_cves[issue['package_name']].append(cve)
for package in all_cves:
all_cves[package] = sorted(set(all_cves[package]))
# Query the Ubuntu site for the cve
for cve in all_cves[package]:
url = 'https://people.canonical.com/~ubuntu-security/cve/{0}/{1}.html'.format(cve.split("-")[1],cve)
resp = requests.get(url)
page = BeautifulSoup(resp.content, 'html.parser')
tables = page.findAll(lambda tag: tag.name=='table')
for table in tables
for row in table.findAll("tr"):
# Check if the package is patched in Ubuntu 16.04
