def template_details(self, id, fields=None, remove_editor=True):
'''
Retrieves the details for a specified policy template.
:sc-api:`scan-policy: template-details <Scan-Policy-Templates.html#policyTemplate_id_GET>`
Args:
id (int): The unique identifier for the policy template
fields (list, optional):
The list of fields that are desired to be returned. For details
on what fields are available, please refer to the details on the
request within the policy template details API doc.
remove_editor (bol, optional):
Should the response have the raw editor string removed? The
default is yes.
Returns:
:obj:`dict`:
Details about the scan policy template
Examples:
>>> template = sc.policies.template_details(2)
>>> pprint(template)
'''
params = dict()
if fields:
params['fields'] = ','.join([
self._check('field', f, str)
for f in self._check('fields', fields, list)
])
resp = self._api.get('policyTemplate/{}'.format(
self._check('id', id, int)),
params=params).json()['response']
if 'editor' in resp:
# Everything is packed JSON, so lets decode the JSON documents into
editor = json.loads(resp['editor'])
# Now to decompose the embeddable credentials settings. What we
# intend to do here is return the default settings for every
# credential set that can be returned.
resp['credentials'] = dict()
if 'credentials' in editor:
emcreds = json.loads(editor['credentials'])
for group in emcreds['groups']:
for item in group['credentials']:
resp['credentials'][item['id']] = policy_settings(item)
# Now to perform the same action as we did for the credentials with
# the policy preferences as well.
resp['preferences'] = dict()
for section in editor['sections']:
if section['id'] != 'setup':
resp['preferences'] = dict_merge(resp['preferences'],
policy_settings(section))
if remove_editor:
del (resp['editor'])
return resp
def parse_creds(self, data):
'''
Walks through the credential data list and returns the configured
settings for a given scan policy/scan
'''
resp = dict()
for dtype in data:
for item in dtype['types']:
if len(item['instances']) > 0:
for i in item['instances']:
# Get the settings from the inputs.
settings = policy_settings(i)
settings['id'] = i['id']
settings['summary'] = i['summary']
if dtype['name'] not in resp:
# if the Datatype doesn't exist yet, create it.
resp[dtype['name']] = dict()
if item['name'] not in resp[dtype['name']]:
# if the data subtype doesn't exist yet,
# create it.
resp[dtype['name']][item['name']] = list()
# Add the configured settings to the key-value
# dictionary
resp[dtype['name']][item['name']].append(settings)
return resp
def parse_audits(self, data):
'''
Walks through the compliance data list and returns the configured
settings for a given policy/scan
'''
resp = {
'custom': dict(),
'feed': dict()
}
for atype in data:
for audit in atype['audits']:
if audit['free'] == 0:
if audit['type'] == 'custom':
# if the audit is a custom-uploaded file, then we
# need to return the data using the format below,
# which appears to be how the UI sends the data.
fn = audit['summary'].split('File: ')[1]
resp['custom'].append({
'id': audit['id'],
'category': atype['name'],
'file': fn,
'variables': {
'file': fn,
}
})
else:
# if we're using a audit file from the feed, then
# we will want to pull all of the parameterized
# variables with the set values and store them in
# the variables dictionary.
if atype['name'] not in resp['feed']:
resp['feed'][atype['name']] = list()
resp['feed'][atype['name']].append({
'id': audit['id'],
'variables': policy_settings(audit)
})
return resp
def template_details(self, name):
'''
Calls the editor API and parses the policy template config to return a
document that closely matches what the API expects to be POSTed or PUTed
via the policy create and configure methods. The compliance audits and
credentials are populated into the 'current' sub-document for the
relevant resources.
Args:
name (str): The name of the scan .
Returns:
dict: The policy configuration resource.
Examples:
>>> template = tio.policies.template('basic')
>>> pprint(template)
Please note that template_details is reverse-engineered from the
responses from the editor API and isn't guaranteed to work.
'''
# Get the policy template UUID
tmpl = self.templates()
tmpl_uuid = tmpl[self._check('name', name, str, choices=tmpl.keys())]
# Get the editor object
editor = self._api.get('editor/policy/templates/{}'.format(
self._check('tmpl_uuid', tmpl_uuid, str))).json()
# define the initial skeleton of the scan object
scan = {
'settings': policy_settings(editor['settings']),
'uuid': editor['uuid']
}
# graft on the basic settings that aren't stored in any input sections.
for item in editor['settings']['basic']['groups']:
for setting in item.keys():
if setting not in ['name', 'title', 'inputs']:
scan['settings'][setting] = item[setting]
if 'credentials' in editor:
# if the credentials sub-document exists, then lets walk down the
# credentials dataset
scan['credentials'] = {
'current':
self._api.editor.parse_creds(editor['credentials']['data'])
}
# We also need to gather the settings from the various credential
# settings that are unique to the scan.
for ctype in editor['credentials']['data']:
for citem in ctype['types']:
if 'settings' in citem and citem['settings']:
scan['settings'] = dict_merge(
scan['settings'],
policy_settings(citem['settings']))
if 'compliance' in editor:
# if the audits sub-document exists, then lets walk down the
# audits dataset.
scan['compliance'] = {
'current':
self._api.editor.parse_audits(editor['compliance']['data'])
}
# We also need to add in the "compliance" settings into the scan
# settings.
for item in editor['compliance']['data']:
if 'settings' in item:
scan['settings'] = dict_merge(
scan['settings'], policy_settings(item['settings']))
print(editor['plugins']['families'])
if 'plugins' in editor:
# if the plugins sub-document exists, then lets walk down the
# plugins dataset.
scan['plugins'] = self._api.editor.parse_plugins(
editor['plugins']['families'], tmpl_uuid)
return scan
def details(self, scan_id):
'''
Calls the editor API and parses the scan config details to return a
document that closely matches what the API expects to be POSTed or PUTed
via the create and configure methods. The compliance audits and
credentials are populated into the 'current' sub-document for the
relevant resources.
Args:
scan_id (int): The unique identifier for the scan.
Returns:
:obj:`dict`:
The scan configuration resource.
Examples:
>>> scan = tio.scans.details(1)
>>> pprint(scan)
Please note that flatten_scan is reverse-engineered from the responses
from the editor API and isn't guaranteed to work.
'''
# Get the editor object
editor = self._api.get('editor/scan/{}'.format(
self._check('scan_id', scan_id, int))).json()
# define the initial skeleton of the scan object
scan = {
'settings': policy_settings(editor['settings']),
'uuid': editor['uuid']
}
# graft on the basic settings that aren't stored in any input sections.
for item in editor['settings']['basic']['groups']:
for setting in item.keys():
if setting not in ['name', 'title', 'inputs']:
scan['settings'][setting] = item[setting]
if 'credentials' in editor:
# if the credentials sub-document exists, then lets walk down the
# credentials dataset
scan['credentials'] = {
'current': self._api.editor.parse_creds(
editor['credentials']['data'])
}
# We also need to gather the settings from the various credential
# settings that are unique to the scan.
for ctype in editor['credentials']['data']:
for citem in ctype['types']:
if 'settings' in citem and citem['settings']:
scan['settings'] = dict_merge(
scan['settings'], policy_settings(
citem['settings']))
if 'compliance' in editor:
# if the audits sub-document exists, then lets walk down the
# audits dataset.
scan['compliance'] = {
'current': self._api.editor.parse_audits(
editor['compliance']['data'])
}
# We also need to add in the "compliance" settings into the scan
# settings.
for item in editor['compliance']['data']:
if 'settings' in item:
scan['settings'] = dict_merge(
scan['settings'], policy_settings(
item['settings']))
if 'plugins' in editor:
# if the plugins sub-document exists, then lets walk down the
# plugins dataset.
scan['plugins'] = self._api.editor.parse_plugins(
editor['plugins']['families'], scan_id)
# We next need to do a little post-parsing of the ACLs to find the
# owner and put owner_id attribute into the appropriate location.
for acl in scan['settings']['acls']:
if acl['owner'] == 1:
scan['settings']['owner_id'] = acl['id']
# return the scan document to the caller.
return scan
def details(self, etype, id):
'''
Constructs a valid scan document from the specified item.
.. important::
Please note that the details method is reverse-engineered from the
responses from the editor API, and while we are reasonably sure that
the response should align almost exactly to what the API expects to
be pushed to it, this method by very nature of what it's doing isn't
guaranteed to always work.
Args:
etype (str): The type of object to request.
scan_id (int): The unique identifier for the scan.
Returns:
:obj:`dict`:
The constructed scan configuration resource.
Examples:
>>> policy = tio.editor.details('scan', 1)
>>> pprint(scan)
'''
# Get the editor object
editor = self.obj_details(etype, id)
# define the initial skeleton of the scan object
obj = {
'settings': policy_settings(editor['settings']),
'uuid': editor['uuid']
}
# graft on the basic settings that aren't stored in any input sections.
for item in editor['settings']['basic']['groups']:
for setting in item.keys():
if setting not in ['name', 'title', 'inputs', 'sections']:
obj['settings'][setting] = item[setting]
if 'credentials' in editor:
# if the credentials sub-document exists, then lets walk down the
# credentials dataset
obj['credentials'] = {
'current': self._api.editor.parse_creds(
editor['credentials']['data'])
}
# We also need to gather the settings from the various credential
# settings that are unique to the scan.
for ctype in editor['credentials']['data']:
for citem in ctype['types']:
if 'settings' in citem and citem['settings']:
obj['settings'] = dict_merge(
obj['settings'], policy_settings(
citem['settings']))
if 'compliance' in editor:
# if the audits sub-document exists, then lets walk down the
# audits dataset.
obj['compliance'] = {
'current': self._api.editor.parse_audits(
editor['compliance']['data'])
}
# We also need to add in the "compliance" settings into the scan
# settings.
for item in editor['compliance']['data']:
if 'settings' in item:
obj['settings'] = dict_merge(
obj['settings'], policy_settings(
item['settings']))
if 'plugins' in editor:
# if the plugins sub-document exists, then lets walk down the
# plugins dataset.
obj['plugins'] = self._api.editor.parse_plugins(
etype, editor['plugins']['families'], id)
# We next need to do a little post-parsing of the ACLs to find the
# owner and put owner_id attribute into the appropriate location.
if 'acls' in obj['settings'] and isinstance(obj['settings']['acls'], list):
for acl in obj['settings']['acls']:
if acl['owner'] == 1:
obj['settings']['owner_id'] = acl['id']
# Clean out the empty attributes for templates:
if etype == 'scan/policy':
for key in list(obj['settings'].keys()):
if obj['settings'][key] == None:
del(obj['settings'][key])
# return the scan document to the caller.
return obj
