def get_top_cve(session): # Top ten most common CVEs across entire account: CVE ID, CVSS score, with # counts. # Need to go through each issues, get all the CVEs (there might be a list) and count them all as we go. # then we need to look up the score for the CVEs once we have them top_cve_issues = {} csp_issues = cloudpassage.Issue(session) list_of_issues = csp_issues.list_all() for s in list_of_issues: list_of_cves_from_issues = {} if "cves" in s.keys(): list_of_cves_from_issues = s["cves"] #pp.pprint(list_of_cves_from_issues) for l in list_of_cves_from_issues: if l in top_cve_issues.keys(): top_cve_issues[l] += 1 else: top_cve_issues[l] = 0 top_cve_issues_sorted = sorted(top_cve_issues.items(), key=lambda kv: (kv[1], kv[0]), reverse=True) cve = cloudpassage.CveDetails(session) for i in range(0, 10): print( top_cve_issues_sorted[i][0], " |", cve.describe(top_cve_issues_sorted[i][0])["CVSS Metrics"]["score"], " |", top_cve_issues_sorted[i][1])
def build_issue_object(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port, integration_string="SDK-Smoke") issue_object = cloudpassage.Issue(session) return(issue_object)
def test_describe_asset(self): halo = self.get_halo_object() issues_obj = cloudpassage.Issue(halo.session, endpoint_version=3) target_issue = issues_obj.list_all()[0] pprint.pprint(target_issue) asset_url = target_issue["asset_url"] result = halo.describe(asset_url) assert result is not None
def test_describe_finding(self): halo = self.get_halo_object() issues_obj = cloudpassage.Issue(halo.session, endpoint_version=3) target_issue = issues_obj.list_all()[0] pprint.pprint(target_issue) finding_url = target_issue["last_finding_urls"][-1] result = halo.describe(finding_url) assert result is not None
def __init__(self, key, secret, api_host): """Instantiate with key, secret, and API host. Args: config (ConfigHelper): Config Object """ self.logger = Logger() integration = self.get_integration_string() self.session = cloudpassage.HaloSession(key, secret, api_host=api_host, integration_string=integration) self.issue = cloudpassage.Issue(self.session, endpoint_version=3) self.http_helper = cloudpassage.HttpHelper(self.session) self.cve_detail = cloudpassage.CveDetails(self.session)
def get_server_config_issues(session): # Top ten most common server configuration mistakes: CIS IDs, descriptions, and #counts. # Get the list of all the CSP issues by server limited to "csm" then count, and order the output. top_server_issues = {} csp_issues = cloudpassage.Issue(session) list_of_issues = csp_issues.list_all(issue_type=["csm"]) for s in list_of_issues: name_id = "%s" % (s["name"]) if name_id in top_server_issues.keys(): top_server_issues[name_id] += 1 else: top_server_issues[name_id] = 1 top_server_issues_sorted = sorted(top_server_issues.items(), key=lambda kv: (kv[1], kv[0]), reverse=True) for i in range(0, 10): print(top_server_issues_sorted[i][0], " |", top_server_issues_sorted[i][1])
def test_instantiation(self): session = cloudpassage.HaloSession(key_id, secret_key, api_host=api_hostname, api_port=api_port) assert cloudpassage.Issue(session)
def __init__(self): super(IssueController, self).__init__() self.issue_obj = cloudpassage.Issue(self.session)
def test_instantiation(self): assert cloudpassage.Issue(None)
class API(object): api_key = '0039d8c0' api_secret = '89b242b61b7f285cfc860a7e8ab13601' session = cloudpassage.HaloSession(api_key, api_secret) issue = cloudpassage.Issue(session) def __init__(self): list_of_servers = self.issue.list_all() for s in list_of_servers: print(s) @classmethod def get_root_group(cls, limit=10): """Return root group name via HALO API.""" return 'TEST' @classmethod def get_top_csp_issues(cls, limit=10): """Return top CSP issues via HALO API. Args: limit: The number of issues to return Returns list of lists representing data for Rank, Account Name, and Count """ return [[i, 'CSP Account {}'.format(i), i * 3] for i in range(1, limit + 1)] @classmethod def get_top_sva_issues(cls, limit=10): """Return top SVA issues via HALO API. Args: limit: The number of issues to return Returns list of lists representing data for Rank, Account Name, and Count """ return [[i, 'CSP (SVA) Account {}'.format(i), i * 3] for i in range(1, limit + 1)] @classmethod def get_top_config_issues(cls, limit=10): """Return top configuration issues via HALO API. Args: limit: The number of issues to return Returns list of lists representing data for Rank, Account Name, and Count """ return [[i, 'CSP (Config) Account {}'.format(i), i * 3] for i in range(1, limit + 1)] @classmethod def get_most_common_config_issues(cls, limit=10): """Return most common config issues via HALO API. Args: limit: The number of issues to return Returns list of lists representing data for Description and Counts """ return [['Description {}'.format(i), i * 2] for i in range(1, limit + 1)] @classmethod def get_most_common_server_config_mistakes(cls, limit=10): """Return most common server configuration mistakes via HALO API. Args: limit: The number of mistakes to return Returns list of lists representing data for CIS ID, Description, and Counts """ return [[ 'CIS ID {}'.format(i), 'CSP (Config) Account {}'.format(i), i * 4 ] for i in range(1, limit + 1)] @classmethod def get_most_common_cves(cls, limit=10): """Return most common CVEs via HALO API. Args: limit: The number of CVEs to return Returns list of lists representing data for CVE ID, CVSS score, Publish Date, link to NIST page, and Counts """ return [[ 'CVE ID {}'.format(i), 'CVSS Score {}'.format(i), '2018-01-02', 'http://google.com', i * 5 ] for i in range(1, limit + 1)]
import requests import cloudpassage from bs4 import BeautifulSoup api_key = "cloud_passage_api_key" api_secret = "cloud_passage_api_secret" session = cloudpassage.HaloSession(api_key, api_secret) issues = cloudpassage.Issue(session) issue_list = issues.list_all() all_cves = {} for issue in issue_list: if issue['issue_type'] == 'sva': if issue['package_name'] != all_cves: all_cves[issue['package_name']] = [] for cve in issue['cve_ids']: all_cves[issue['package_name']].append(cve) for package in all_cves: all_cves[package] = sorted(set(all_cves[package])) # Query the Ubuntu site for the cve for cve in all_cves[package]: url = 'https://people.canonical.com/~ubuntu-security/cve/{0}/{1}.html'.format(cve.split("-")[1],cve) resp = requests.get(url) page = BeautifulSoup(resp.content, 'html.parser') tables = page.findAll(lambda tag: tag.name=='table') for table in tables for row in table.findAll("tr"): # Check if the package is patched in Ubuntu 16.04