def test_create_project_with_default_configuration():
projects_api = ProjectsAPI()
project_name = "test1"
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name)
team_api = TeamAPI()
team_id = team_api.get_team_id_by_team_full_name()
response = projects_api.create_project_with_default_configuration(
project_name, team_id, True)
assert response.id is not None
def test_sample():
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
team_id = team_api.get_team_id_by_team_full_name()
projects = projects_api.get_all_project_details(project_name="jvl_git",
team_id=team_id)
for project in projects:
scans = scan_api.get_all_scans_for_project(
project_id=project.project_id, scan_status='Finished')
for scan in scans:
print(str(scan.id))
def test_update_project_name_team_id():
projects_api = ProjectsAPI()
team_id = TeamAPI().get_team_id_by_team_full_name()
project_name = "test_update"
project_id = projects_api.get_project_id_by_project_name_and_team_full_name(
project_name)
result = projects_api.update_project_name_team_id(project_id,
project_name="test1",
team_id=team_id)
assert result is True
def osa_scan():
team_full_name = "/CxServer"
project_name = "OSA_demo"
projects_api = ProjectsAPI()
team_api = TeamAPI()
osa_api = OsaAPI()
# 1. create project
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name, team_full_name)
# 2. get team id
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
# 3. create project with default configuration, will get project id
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
# 4. create an OSA scan
scan_id = osa_api.create_an_osa_scan_request(
project_id=project_id,
zipped_source_path=zip_file_path,
origin="REST API")
# 5. check scan status
while True:
osa_scan_detail = osa_api.get_osa_scan_by_scan_id(scan_id)
osa_scan_state = osa_scan_detail.state.name
if osa_scan_state == "Succeeded":
break
elif osa_scan_state == "Failed":
print("OSA scan failed")
return
else:
time.sleep(1)
# 6. get summary report
summary_report = osa_api.get_osa_scan_summary_report(scan_id=scan_id)
print(summary_report)
def test_update_project_by_id():
projects_api = ProjectsAPI()
project_name = "test1"
project_id = projects_api.get_project_id_by_project_name_and_team_full_name(
project_name)
branched_project_name = "test_update"
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
branched_project_name)
team_id = TeamAPI().get_team_id_by_team_full_name()
result = projects_api.update_project_by_id(
project_id, project_name=branched_project_name, team_id=team_id)
assert result is True
def scan_from_local():
team_full_name = "/CxServer"
project_name = "jvl_local"
directory = os.path.dirname(__file__)
# the absolute path of the file config.ini
zip_file_path = normpath(join(directory, "JavaVulnerableLab-master.zip"))
if not exists(zip_file_path):
print(
"JavaVulnerableLab-master.zip not found under current directory.")
report_name = "local_report.xml"
filter_xml = True
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name, team_full_name)
# 2. get team id
print("2. get team id")
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
# 3. create project with default configuration, will get project id
print("3. create project with default configuration, will get project id")
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
# 4. upload source code zip file
print("4. upload source code zip file")
projects_api.upload_source_code_zip_file(project_id, str(zip_file_path))
# 6. set data retention settings by project id
print("6. set data retention settings by project id")
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
print("7. define SAST scan settings")
preset_id = projects_api.get_preset_id_by_name()
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
# 8. create new scan, will get a scan id
print("8. create new scan, will get a scan id")
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
print("scan_id: {}".format(scan_id))
# 9. get scan details by scan id
print("9. get scan details by scan id")
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(1)
# 11[optional]. get statistics results by scan id
print("11[optional]. get statistics results by scan id")
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
print("12. register scan report")
report = scan_api.register_scan_report(scan_id=scan_id, report_type="XML")
report_id = report.report_id
print("report_id: {}".format(report_id))
# 13. get report status by id
print("13. get report status by id")
while not scan_api.is_report_generation_finished(report_id):
time.sleep(1)
# 14. get report by id
print("14. get report by id")
report_content = scan_api.get_report_by_id(report_id)
# # optional, filter XML report data
# file_name = Path(__file__).parent.absolute() / "filter_by_severity.xml"
# if "xml" in report_name and filter_xml:
# f = io.BytesIO(report_content)
# xml_report = CxScanReportXmlContent(f)
# xml_report.filter_by_severity(high=True, medium=True)
# xml_report.write_new_xml(str(file_name))
report_path = normpath(join(directory, report_name))
with open(str(report_path), "wb") as f:
f.write(report_content)
def scan_from_git():
team_full_name = "/CxServer"
project_name = "jvl_git"
report_name = "report.pdf"
file_name = normpath(join(dirname(__file__), report_name))
print(file_name)
url = "https://github.com/CSPF-Founder/JavaVulnerableLab.git"
branch = "refs/heads/master"
projects_api = ProjectsAPI()
team_api = TeamAPI()
scan_api = ScansAPI()
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name, team_full_name)
# 2. get team id
print("2. get team id")
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
# 3. create project with default configuration, will get project id
print("3. create project with default configuration, will get project id")
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
# 4. set remote source setting to git
print("4. set remote source setting to git")
projects_api.set_remote_source_setting_to_git(project_id=project_id,
url=url,
branch=branch)
# 6. set data retention settings by project id
print("6. set data retention settings by project id")
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
print("7. define SAST scan settings")
preset_id = projects_api.get_preset_id_by_name()
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
projects_api.set_project_exclude_settings_by_project_id(
project_id, exclude_folders_pattern="", exclude_files_pattern="")
# 8. create new scan, will get a scan id
print("8. create new scan, will get a scan id")
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
print("scan_id : {}".format(scan_id))
# 9. get scan details by scan id
print("9. get scan details by scan id")
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(10)
# 11[optional]. get statistics results by scan id
print("11[optional]. get statistics results by scan id")
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
print("12. register scan report")
report = scan_api.register_scan_report(scan_id=scan_id, report_type="PDF")
report_id = report.report_id
print("report_id : {}".format(report_id))
# 13. get report status by id
print("13. get report status by id")
while not scan_api.is_report_generation_finished(report_id):
time.sleep(10)
# 14. get report by id
print("14. get report by id")
report_content = scan_api.get_report_by_id(report_id)
with open(str(file_name), "wb") as f_out:
f_out.write(report_content)
def scan_from_local(team_full_name,
project_name,
report_type,
zip_file_path,
report_folder=None):
"""
Args:
team_full_name (str):
project_name (str):
report_type (str):
zip_file_path (str)
report_folder (str):
Returns:
"""
if not report_folder or not exists(report_folder):
report_folder = dirname(__file__)
if not exists(zip_file_path):
print("zip file not found. \n abort scan.")
return
print(
("team_full_name: {}, \n"
"project_name: {}, \n"
"report_type: {}, \n"
"zip_file_path: {}, \n"
"report_folder: {}").format(team_full_name, project_name, report_type,
zip_file_path, report_folder))
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
# 2. get team id
print("2. get team id")
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
if not team_id:
print("team: {} not exist".format(team_full_name))
return
project_id = projects_api.get_project_id_by_project_name_and_team_full_name(
project_name=project_name, team_full_name=team_full_name)
# 3. create project with default configuration, will get project id
print("3. create project with default configuration, will get project id")
if not project_id:
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
print("project_id: {}".format(project_id))
# 4. upload source code zip file
print("4. upload source code zip file")
projects_api.upload_source_code_zip_file(project_id, str(zip_file_path))
# 6. set data retention settings by project id
print("6. set data retention settings by project id")
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
print("7. define SAST scan settings")
preset_id = projects_api.get_preset_id_by_name()
print("preset id: {}".format(preset_id))
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
projects_api.set_project_exclude_settings_by_project_id(
project_id, exclude_folders_pattern="", exclude_files_pattern="")
# 8. create new scan, will get a scan id
print("8. create new scan, will get a scan id")
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
print("scan_id : {}".format(scan_id))
# 9. get scan details by scan id
print("9. get scan details by scan id")
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
print("scan_status: {}".format(scan_status))
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(10)
# 11[optional]. get statistics results by scan id
print("11[optional]. get statistics results by scan id")
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
print("12. register scan report")
report = scan_api.register_scan_report(scan_id=scan_id,
report_type=report_type)
report_id = report.report_id
print("report_id : {}".format(report_id))
# 13. get report status by id
print("13. get report status by id")
while not scan_api.is_report_generation_finished(report_id):
time.sleep(10)
# 14. get report by id
print("14. get report by id")
report_content = scan_api.get_report_by_id(report_id)
time_stamp = datetime.now().strftime('_%Y_%m_%d_%H_%M_%S')
file_name = normpath(
join(report_folder, project_name + time_stamp + "." + report_type))
with open(str(file_name), "wb") as f_out:
f_out.write(report_content)
def test_team():
team_api = TeamAPI()
teams = team_api.get_all_teams()
assert len(teams) > 0
team_id = team_api.get_team_id_by_team_full_name("/CxServer")
assert team_id is not None
def test_get_team_id_by_team_full_name():
team_api = TeamAPI()
team_id = team_api.get_team_id_by_team_full_name(r"CxServer\SP\Company")
assert team_id is not None
def scan_from_local():
team_full_name = "/CxServer"
project_name = "jvl_local"
zip_file_path = Path(
__file__).parent.absolute() / "JavaVulnerableLab-master.zip"
report_name = "local_report.xml"
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name, team_full_name)
# 2. get team id
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
# 3. create project with default configuration, will get project id
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
# 4. upload source code zip file
projects_api.upload_source_code_zip_file(project_id, str(zip_file_path))
# 6. set data retention settings by project id
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
preset_id = projects_api.get_preset_id_by_name()
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
# 8. create new scan, will get a scan id
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
# 9. get scan details by scan id
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(1)
# 11[optional]. get statistics results by scan id
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
report = scan_api.register_scan_report(scan_id=scan_id, report_type="XML")
report_id = report.report_id
# 13. get report status by id
while not scan_api.is_report_generation_finished(report_id):
time.sleep(1)
# 14. get report by id
report_content = scan_api.get_report_by_id(report_id)
file_name = Path(__file__).parent.absolute() / report_name
with open(str(file_name), "wb") as file:
file.write(report_content)