def upload_policy(self): # if a policy of the same name already exists, delete it prior to upload try: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) # bit of ugliness here. I'd like to just have the policy name at this point but I don't # so find it in the full path # TODO: Verify split here response = api.get_policy_by_name( ntpath.basename(self.webinspect_upload_policy).split('.')[0]) if response.success and response.response_code == 200: # the policy exists on the server already api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.delete_policy(response.data['uniqueId']) if response.success: Logger.app.debug("Deleted policy {} from server".format( ntpath.basename( self.webinspect_upload_policy).split('.')[0])) except (ValueError, UnboundLocalError, TypeError) as e: Logger.app.error( "Verify if deletion of existing policy failed: {}".format(e)) try: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.upload_policy(self.webinspect_upload_policy) if response.success: Logger.console.debug("Uploaded policy {} to server.".format( self.webinspect_upload_policy)) else: Logger.app.error("Error uploading policy {0}. {1}".format( self.webinspect_upload_policy, response.message)) except (ValueError, UnboundLocalError, TypeError) as e: Logger.app.error("Error uploading policy {}".format(e))
def export_scan_results(self, scan_id, scan_name, extension): """ Download scan as a xml for Threadfix or other Vuln Management System :param scan_id: :param scan_name: :param extension: """ try: scan_name = self.trim_ext(scan_name) Logger.app.debug('Exporting scan: {}'.format(scan_id)) detail_type = 'Full' if extension == 'xml' else None api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.export_scan_format(scan_id, extension, detail_type) if response.success: try: with open('{0}.{1}'.format(scan_name, extension), 'wb') as f: Logger.app.info('Scan results file is available: {0}.{1}'.format(scan_name, extension)) f.write(response.data) except UnboundLocalError as e: Logger.app.error('Error saving file locally {}'.format(e)) elif response.response_code == 401: Logger.app.critical("An Authorization Error occured.") sys.exit(ExitStatus.failure) else: Logger.app.error('Unable to retrieve scan results. {} '.format(response.message)) except (ValueError, UnboundLocalError, NameError) as e: logexceptionhelper.LogErrorWebInspectDownload(e)
def list_proxy(self): api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.list_proxies() if response.success: return response.data else: Logger.app.critical("{}".format(response.message))
def create_scan(self): """ Launches and monitors a scan :return: If scan was able to launch, scan_id. Otherwise none. """ Logger.app.debug("Creating Scan in webinspect client") overrides = json.dumps( webinspectjson.formatted_settings_payload( self.settings, self.scan_name, self.runenv, self.scan_mode, self.scan_scope, self.login_macro, self.scan_policy, self.scan_start, self.start_urls, self.workflow_macros, self.allowed_hosts)) api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.create_scan(overrides) logger_response = json.dumps(response, default=lambda o: o.__dict__, sort_keys=True) Logger.app.debug("Request sent to {0}:\n{1}".format( self.url, overrides)) Logger.app.debug("Response from {0}:\n{1}\n".format( self.url, logger_response)) if response.success: scan_id = response.data['ScanId'] sys.stdout.write( str('WebInspect scan launched on {0} your scan id: {1}\n'. format(self.url, scan_id))) else: Logger.app.error("No scan was launched!") Logger.app.error("{}".format(response.message)) return False return scan_id
def export_scan_results(self, scan_id, extension): """ Save scan results to file :param scan_id: :param extension: :return: """ # Export scan as a xml for Threadfix or other Vuln Management System Logger.app.info('Exporting scan: {} as {}'.format(scan_id, extension)) detail_type = 'Full' if extension == 'xml' else None api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.export_scan_format(scan_id, extension, detail_type) if response.success: try: with open('{0}.{1}'.format(self.scan_name, extension), 'wb') as f: Logger.app.debug( str('Scan results file is available: {0}.{1}\n'.format( self.scan_name, extension))) f.write(response.data) print( str('Scan results file is available: {0}.{1}\n'.format( self.scan_name, extension))) except UnboundLocalError as e: Logger.app.error('Error saving file locally {}'.format(e)) else: Logger.app.error('Unable to retrieve scan results. {} '.format( response.message))
def download_proxy(self, webmacro, setting): Logger.app.debug('Downloading from: {}'.format(self.proxy_name)) api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) if webmacro: response = api.download_proxy_webmacro(self.proxy_name) extension = 'webmacro' elif setting: response = api.download_proxy_setting(self.proxy_name) extension = 'xml' else: Logger.app.error("Please enter a file type to download.") return 1 if response.success: try: with open('{0}-proxy.{1}'.format(self.proxy_name, extension), 'wb') as f: Logger.app.info( 'Scan results file is available: {0}-proxy.{1}'.format( self.proxy_name, extension)) f.write(response.data) except UnboundLocalError as e: Logger.app.error('Error saving file locally {}'.format(e)) else: Logger.app.error('Unable to retrieve file. {} '.format( response.message))
def get_policy_by_name(self, policy_name): api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.get_policy_by_name(policy_name) if response.success: return response.data else: return None
def start_proxy(self): api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.start_proxy(self.proxy_name, self.port, "") if response.success: return response.data else: Logger.app.critical("{}".format(response.message))
def get_scan_by_name(self, scan_name): """ Search Webinspect server for a scan matching scan_name :param scan_name: :return: List of search results """ api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) return api.get_scan_by_name(scan_name).data
def get_proxy(self): api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.get_proxy_information(self.proxy_name) if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") exit(1) if response.success: return response.data
def get_scan_status(self, scan_guid): api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) try: response = api.get_current_status(scan_guid) status = json.loads(response.data_json())['ScanStatus'] return status except (ValueError, UnboundLocalError, TypeError) as e: Logger.app.error("get_scan_status failed: {}".format(e)) return "Unknown"
def delete_proxy(self): api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.delete_proxy(self.proxy_name) if response.success: Logger.app.info("Proxy: '{0}' deleted from '{1}'".format( self.proxy_name, self.host)) else: Logger.app.critical("{}".format(response.message))
def list_proxy(self): api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.list_proxies() if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") exit(1) if response.success: return response.data else: Logger.app.critical("{}".format(response.message))
def get_scan_log(self, scan_name=None, scan_guid=None): try: if scan_name: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.get_scan_by_name(scan_name) if response.success: scan_guid = response.data[0]['ID'] else: Logger.app.error(response.message) return None api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.get_scan_log(scan_guid) if response.success: return response.data_json() else: return None except (ValueError, UnboundLocalError) as e: Logger.app.error("get_scan_log failed: {}".format(e))
def delete_proxy(self): api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.delete_proxy(self.proxy_name) if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") exit(1) if response.success: Logger.app.info("Proxy: '{0}' deleted from '{1}'".format(self.proxy_name, self.host)) else: Logger.app.critical("{}".format(response.message))
def list_scans(self): """ List all scans found on host :return: response.data from the Webinspect server """ api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.list_scans() if response.success: return response.data else: Logger.app.critical("{}".format(response.message))
def list_webmacros(self): try: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.list_webmacros() if response.success: for webmacro in response.data: Logger.console.info("{}".format(webmacro)) else: Logger.app.error("{}".format(response.message)) except (ValueError, UnboundLocalError) as e: Logger.app.error("list_webmacros failed: {}".format(e))
def list_scans(self): """ List all scans found on host :param scan_id: :return: """ api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.list_scans() if response.success: for scan in response.data: Logger.console.info("{0:80} {1:40} {2:10}".format(scan['Name'], scan['ID'], scan['Status'])) else: Logger.app.critical("{}".format(response.message))
def get_scan_status(self, scan_guid): """ Get scan status from the Webinspect server :param scan_guid: :return: Current status of scan """ api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) try: response = api.get_current_status(scan_guid) status = json.loads(response.data_json())['ScanStatus'] return status except (ValueError, TypeError, UnboundLocalError) as e: Logger.app.error("get_scan_status failed: {}".format(e)) return None
def __settings_exists__(self): try: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.list_settings() if response.success: for setting in response.data: if setting in self.settings: return True except (ValueError, UnboundLocalError) as e: Logger.app.error( "Unable to determine if setting file exists, scan will continue without setting!" "Error: {}".format(e)) return False
def upload_webmacros(self): try: for webmacro in self.webinspect_upload_webmacros: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.upload_webmacro(webmacro) if response.success: Logger.console.debug( "Uploaded webmacro {} to server.".format(webmacro)) else: Logger.app.error( "Error uploading webmacro {0}. {1}".format( webmacro, response.message)) except (ValueError, UnboundLocalError) as e: Logger.app.error("Error uploading webmacro {}".format(e))
def upload_settings(self): try: api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.upload_settings(self.webinspect_upload_settings) if response.success: Logger.console.debug("Uploaded settings {} to server.".format( self.webinspect_upload_settings)) else: Logger.app.error("Error uploading settings {0}. {1}".format( self.webinspect_upload_settings, response.message)) except (ValueError, UnboundLocalError) as e: Logger.app.error("Error uploading settings {}".format(e))
def upload_proxy(self, upload_file): Logger.app.info("Uploading to: '{}'".format(self.proxy_name)) try: api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.upload_webmacro_proxy(self.proxy_name, upload_file) if response.success: Logger.app.info("Uploaded '{0}' to '{1}' on: {2}.".format( upload_file, self.proxy_name, self.host)) else: Logger.app.error("Uploading {0} gave error: {1}".format( upload_file, response.message)) return 1 except (ValueError, UnboundLocalError) as e: Logger.app.error("Error uploading policy {}".format(e)) return 1
def wait_for_scan_status_change(self, scan_id): """ Blocking call, will remain in this method until status of scan changes :param scan_id: :return: """ # WebInspect Scan has started, wait here until it's done api = webinspectapi.WebInspectApi(self.url, verify_ssl=False) response = api.wait_for_status_change( scan_id) # this line is the blocker if response.success: Logger.console.debug('Scan status {}'.format(response.data)) else: Logger.app.debug('Scan status not known because: {}'.format( response.message))
def get_cert_proxy(self): path = Config().cert api = webinspectapi.WebInspectApi(self.host, verify_ssl=False) response = api.cert_proxy() if response.success: try: with open(path, 'wb') as f: f.write(response.data) Logger.app.info( 'Cert has downloaded to\t:\t{}'.format(path)) except UnboundLocalError as e: Logger.app.error('Error saving cert locally {}'.format(e)) else: Logger.app.error('Unable to retrieve cert.\n ERROR: {} '.format( response.message))
def get_scan_by_name(self, scan_name): """ Search Webinspect server for a scan matching scan_name :param scan_name: :return: List of search results """ scan_name = self.trim_ext(scan_name) api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.get_scan_by_name(scan_name) if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") sys.exit(ExitStatus.failure) return response.data
def upload_proxy(self, upload_file): Logger.app.info("Uploading to: '{}'".format(self.proxy_name)) try: api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.upload_webmacro_proxy(self.proxy_name, upload_file) if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") exit(1) if response.success: Logger.app.info("Uploaded '{0}' to '{1}' on: {2}.".format(upload_file, self.proxy_name, self.host)) else: Logger.app.error("Uploading {0} gave error: {1}".format(upload_file, response.message)) return 1 except (ValueError, UnboundLocalError) as e: Logger.app.error("Error uploading policy {}".format(e)) return 1
def list_scans(self): """ List all scans found on host :return: response.data from the Webinspect server """ try: api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.list_scans() if response.success: return response.data elif response.response_code == 401: Logger.app.critical("An Authorization Error occured.") sys.exit(ExitStatus.failure) else: Logger.app.critical("{}".format(response.message)) except (ValueError, UnboundLocalError, NameError) as e: Logger.app.error("There was an error listing WebInspect scans! {}".format(e))
def get_scan_status(self, scan_guid): """ Get scan status from the Webinspect server :param scan_guid: :return: Current status of scan """ api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) try: response = api.get_current_status(scan_guid) if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") sys.exit(ExitStatus.failure) status = json.loads(response.data_json())['ScanStatus'] return status except (ValueError, TypeError, UnboundLocalError) as e: Logger.app.error("There was an error getting scan status: {}".format(e)) return None
def get_cert_proxy(self): path = Config().cert api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password) response = api.cert_proxy() if response.response_code == 401: Logger.app.critical("An Authorization Error occured.") exit(1) if response.success: try: with open(path, 'wb') as f: f.write(response.data) Logger.app.info('Cert has downloaded to\t:\t{}'.format(path)) except UnboundLocalError as e: Logger.app.error('Error saving cert locally {}'.format(e)) else: Logger.app.error('Unable to retrieve cert.\n ERROR: {} '.format(response.message))