def scan_from_local(): team_full_name = "/CxServer" project_name = "jvl_local" zip_file_path = Path( __file__).parent.absolute() / "JavaVulnerableLab-master.zip" report_name = "local_report.xml" filter_xml = True team_api = TeamAPI() projects_api = ProjectsAPI() scan_api = ScansAPI() projects_api.delete_project_if_exists_by_project_name_and_team_full_name( project_name, team_full_name) # 2. get team id print("2. get team id") team_id = team_api.get_team_id_by_team_full_name(team_full_name) # 3. create project with default configuration, will get project id print("3. create project with default configuration, will get project id") project = projects_api.create_project_with_default_configuration( project_name=project_name, team_id=team_id) project_id = project.id # 4. upload source code zip file print("4. upload source code zip file") projects_api.upload_source_code_zip_file(project_id, str(zip_file_path)) # 6. set data retention settings by project id print("6. set data retention settings by project id") projects_api.set_data_retention_settings_by_project_id( project_id=project_id, scans_to_keep=3) # 7. define SAST scan settings print("7. define SAST scan settings") preset_id = projects_api.get_preset_id_by_name() scan_api.define_sast_scan_settings(project_id=project_id, preset_id=preset_id) # 8. create new scan, will get a scan id print("8. create new scan, will get a scan id") scan = scan_api.create_new_scan(project_id=project_id) scan_id = scan.id print("scan_id: {}".format(scan_id)) # 9. get scan details by scan id print("9. get scan details by scan id") while True: scan_detail = scan_api.get_sast_scan_details_by_scan_id( scan_id=scan_id) scan_status = scan_detail.status.name if scan_status == "Finished": break elif scan_status == "Failed": return time.sleep(1) # 11[optional]. get statistics results by scan id print("11[optional]. get statistics results by scan id") statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id) if statistics: print(statistics) # 12. register scan report print("12. register scan report") report = scan_api.register_scan_report(scan_id=scan_id, report_type="XML") report_id = report.report_id print("report_id: {}".format(report_id)) # 13. get report status by id print("13. get report status by id") while not scan_api.is_report_generation_finished(report_id): time.sleep(1) # 14. get report by id print("14. get report by id") report_content = scan_api.get_report_by_id(report_id) # optional, filter XML report data file_name = Path(__file__).parent.absolute() / "filter_by_severity.xml" if "xml" in report_name and filter_xml: f = io.BytesIO(report_content) xml_report = CxScanReportXmlContent(f) xml_report.filter_by_severity(high=True, medium=True) xml_report.write_new_xml(str(file_name)) report_path = Path(__file__).parent.absolute() / report_name with open(str(report_path), "wb") as file: file.write(report_content)
def test_filter_by_query_names(): xml_report = CxScanReportXmlContent(xml_path) xml_report.filter_by_query_names(query_names=["Stored_XSS"]) xml_report.write_new_xml("filter_by_query_names.xml")
def test_filter_by_categories(): xml_report = CxScanReportXmlContent(xml_path) xml_report.filter_by_categories(categories_list=["OWASP Top 10 2013"]) xml_report.write_new_xml("filter_by_categories.xml")
def test_filter_by_assign_to_user(): xml_report = CxScanReportXmlContent(xml_path) xml_report.filter_by_assign_to_user(user_list=['Admin']) xml_report.write_new_xml("filter_by_assign_to_user.xml")
def test_filter_by_state(): xml_report = CxScanReportXmlContent(xml_path) xml_report.filter_by_state(confirmed=True) xml_report.write_new_xml("filter_by_state.xml")
def test_filter_by_severity(): xml_report = CxScanReportXmlContent(xml_path) xml_report.filter_by_severity(high=True) xml_report.write_new_xml("filter_by_severity.xml")