def fortify_list(config, fortify_user, fortify_password, application): fortify_config = FortifyConfig() try: if not fortify_user or not fortify_password: Logger.console.info("No Fortify username or password provided. Checking fortify.ini for secret") if fortify_config.secret: Logger.console.info("Fortify secret found in fortify.ini") fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, token=fortify_config.secret) else: Logger.console.info("Fortify secret not found in fortify.ini") fortify_user = click.prompt('Fortify user') fortify_password = click.prompt('Fortify password', hide_input=True) fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") if application: reauth = fortify_client.list_application_versions(application) if reauth == -1 and fortify_config.secret: Logger.console.info("Fortify secret invalid...reauthorizing") fortify_user = click.prompt('Fortify user') fortify_password = click.prompt('Fortify password', hide_input=True) fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") Logger.console.info("Attempting to rerun 'fortify list --application'") fortify_client.list_application_versions(application) else: reauth = fortify_client.list_versions() if reauth == -1 and fortify_config.secret: Logger.console.info("Fortify secret invalid...reauthorizing") fortify_user = click.prompt('Fortify user') fortify_password = click.prompt('Fortify password', hide_input=True) fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") Logger.console.info("Attempting to rerun 'fortify list'") fortify_client.list_versions() else: fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") if application: fortify_client.list_application_versions(application) else: fortify_client.list_versions() except: Logger.console.critical("Unable to complete command 'fortify list'")
def __init__(self, agent_json): self.pid = os.getpid() self.fqdn = socket.getfqdn() data = self.__read_json__(agent_json) try: self.payload = self.__formatted_elk_payload__(scan=data['fortify_build_id'], host=self.fqdn, version=__version__, notifiers=data['git_emails'], git_url=data['git_url'], fortify_url=data['fortify_pv_url']) self.payload['start'] = datetime.now().isoformat() self.fortify_config = FortifyConfig() self.check_count = 0 self.timeout = 15 except (KeyError, AttributeError, UnboundLocalError) as e: self.log("Agent was either misconfigured or unable to initialize {0}\n".format(e))
def upload(config, fortify_user, fortify_password, application, version, scan_name): fortify_config = FortifyConfig() # Fortify only accepts fpr scan files x = 'fpr' if application: fortify_config.application_name = application if not scan_name: scan_name = version try: if not fortify_user or not fortify_password: Logger.console.info( "No Fortify username or password provided. Checking fortify.ini for secret" ) if fortify_config.secret: Logger.console.info("Fortify secret found in fortify.ini") fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, token=fortify_config.secret, scan_name=version, extension=x) else: Logger.console.info("Fortify secret not found in fortify.ini") fortify_user = click.prompt('Fortify user') fortify_password = click.prompt('Fortify password', hide_input=True) fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version, extension=x) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") else: fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version, extension=x) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") reauth = fortify_client.upload_scan(file_name=scan_name) if reauth == -2: # The given application doesn't exist Logger.console.critical( "Fortify Application {} does not exist. Unable to upload scan." .format(application)) if reauth == -1 and fortify_config.secret: Logger.console.info("Fortify secret invalid...reauthorizing") fortify_user = click.prompt('Fortify user') fortify_password = click.prompt('Fortify password', hide_input=True) fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version, extension=x) fortify_config.write_secret(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") Logger.console.info("Attempting to re-run 'fortify upload'") app_error = fortify_client.upload_scan(file_name=scan_name) if app_error == -2: # The given application doesn't exist Logger.console.critical( "Fortify Application {} does not exist. Unable to upload scan." .format(application)) except: Logger.console.critical("Unable to complete command 'fortify upload'")
def fortify_scan(config, fortify_user, fortify_password, application, version, build_id): fortify_config = FortifyConfig() if application: fortify_config.application_name = application if not fortify_user or not fortify_password: Logger.console.info( "No Fortify username or password provided. Checking fortify.ini for secret" ) if fortify_config.token or fortify_config.has_auth_creds(): Logger.console.info("Fortify secret found in fortify.ini") fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, token=fortify_config.token, scan_name=version, fortify_username=fortify_config.username, fortify_password=fortify_config.password) fortify_config.write_token(fortify_client.token) else: Logger.console.info("Fortify secret not found in fortify.ini") fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version) fortify_config.write_token(fortify_client.token) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify secret written to fortify.ini") pv_url = fortify_client.build_pv_url() if pv_url == -1: Logger.console.info("Fortify secret invalid...reauthorizing") if fortify_config.has_auth_creds(): fortify_user = fortify_config.username fortify_password = fortify_config.password else: fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) fortify_config.write_token(fortify_client.token) Logger.console.info("Fortify secret written to fortify.ini") Logger.console.info("Attempting to rerun 'fortify scan'") pv_url = fortify_client.build_pv_url() if pv_url and pv_url != -1: write_agent_info('fortify_pv_url', pv_url) write_agent_info('fortify_build_id', build_id) else: Logger.console.critical( "Unable to complete command 'fortify scan'") else: fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version) fortify_config.write_token(fortify_client.token) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify secret written to fortify.ini") pv_url = fortify_client.build_pv_url() if pv_url and pv_url != -1: write_agent_info('fortify_pv_url', pv_url) write_agent_info('fortify_build_id', build_id) else: Logger.console.critical( "Unable to complete command 'fortify scan'")
def fortify_list(config, fortify_user, fortify_password, application): fortify_config = FortifyConfig() try: if not fortify_user or not fortify_password: Logger.console.info( "No Fortify username or password provided. Checking fortify.ini for secret" ) if fortify_config.token or fortify_config.has_auth_creds(): Logger.console.info("Fortify secret found in fortify.ini") fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, token=fortify_config.token, fortify_username=fortify_config.username, fortify_password=fortify_config.password) fortify_config.write_token(fortify_client.token) else: Logger.console.info("Fortify secret not found in fortify.ini") fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_token(fortify_client.token) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify secret written to fortify.ini") if application: reauth = fortify_client.list_application_versions(application) if reauth == -1 and fortify_config.token: Logger.console.info( "Fortify secret invalid...reauthorizing") if fortify_config.has_auth_creds(): fortify_user = fortify_config.username fortify_password = fortify_config.password else: fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) fortify_config.write_token(fortify_client.token) Logger.console.info( "Fortify secret written to fortify.ini") Logger.console.info( "Attempting to rerun 'fortify list --application'") fortify_client.list_application_versions(application) else: reauth = fortify_client.list_versions() if reauth == -1 and fortify_config.token: Logger.console.info( "Fortify secret invalid...reauthorizing") if fortify_config.has_auth_creds(): fortify_user = fortify_config.username fortify_password = fortify_config.password else: fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) fortify_config.write_token(fortify_client.token) Logger.console.info( "Fortify secret written to fortify.ini") Logger.console.info("Attempting to rerun 'fortify list'") fortify_client.list_versions() else: fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_token(fortify_client.token) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify secret written to fortify.ini") if application: fortify_client.list_application_versions(application) else: fortify_client.list_versions() except (AttributeError, UnboundLocalError) as e: Logger.console.critical("Unable to complete command 'fortify list'")
def credentials(config, fortify, webinspect, clear, username, password): if fortify: fortify_config = FortifyConfig() if clear: fortify_config.clear_credentials() else: if username and password: try: fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=username, fortify_password=password) fortify_config.write_username(username) fortify_config.write_password(password) sys.stdout.write(str("Credentials stored successfully\n")) except ValueError as e: sys.stdout.write( str("Unable to validate Fortify credentials. Credentials were not stored\n" )) else: username, password = fortify_prompt() try: fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=username, fortify_password=password) fortify_config.write_username(username) fortify_config.write_password(password) sys.stdout.write(str("Credentials stored successfully\n")) except ValueError as e: sys.stdout.write( str("Unable to validate Fortify credentials. Credentials were not stored\n" )) elif webinspect: if clear: sys.stdout.write( str("There are currently no stored credentials for WebInspect\n" )) else: sys.stdout.write( str("There are currently no stored credentials for WebInspect\n" )) else: sys.stdout.write( str("Please specify either the --fortify or --webinspect flag\n"))
def fortify_scan(config, fortify_user, fortify_password, application, version, build_id): fortify_config = FortifyConfig() if application: fortify_config.application_name = application if not fortify_user or not fortify_password: Logger.console.info( "No Fortify username or password provided. Checking fortify.ini for secret" ) if fortify_config.has_auth_creds(): Logger.console.info("Fortify credentials found in fortify.ini") fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, scan_name=version, fortify_username=fortify_config.username, fortify_password=fortify_config.password) else: Logger.console.info("Fortify credentials not found in fortify.ini") fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify credentials stored") pv_url = fortify_client.build_pv_url() if pv_url and pv_url != -1: write_agent_info('fortify_pv_url', pv_url) write_agent_info('fortify_build_id', build_id) else: Logger.console.critical( "Unable to complete command 'fortify scan'") else: fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify credentials stored") pv_url = fortify_client.build_pv_url() if pv_url and pv_url != -1: write_agent_info('fortify_pv_url', pv_url) write_agent_info('fortify_build_id', build_id) else: Logger.console.critical( "Unable to complete command 'fortify scan'")
def upload(config, fortify_user, fortify_password, application, version, scan_name): fortify_config = FortifyConfig() # Fortify only accepts fpr scan files x = 'fpr' if application: fortify_config.application_name = application if not scan_name: scan_name = version try: if not fortify_user or not fortify_password: Logger.console.info( "No Fortify username or password provided. Checking fortify.ini for secret" ) if fortify_config.has_auth_creds(): Logger.console.info("Fortify credentials found in fortify.ini") fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, scan_name=version, extension=x, fortify_username=fortify_config.username, fortify_password=fortify_config.password) else: Logger.console.info( "Fortify credentials not found in fortify.ini") fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version, extension=x) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify credentials stored") else: fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, project_template=fortify_config.project_template, application_name=fortify_config.application_name, fortify_username=fortify_user, fortify_password=fortify_password, scan_name=version, extension=x) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify credentials stored") reauth = fortify_client.upload_scan(file_name=scan_name) if reauth == -2: # The given application doesn't exist Logger.console.critical( "Fortify Application {} does not exist. Unable to upload scan." .format(application)) except: Logger.console.critical("Unable to complete command 'fortify upload'")
def fortify_list(config, fortify_user, fortify_password, application): fortify_config = FortifyConfig() try: if not fortify_user or not fortify_password: Logger.console.info( "No Fortify username or password provided. Checking fortify.ini for credentials" ) if fortify_config.has_auth_creds(): fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=fortify_config.username, fortify_password=fortify_config.password) else: Logger.console.info("Fortify credentials not found") fortify_user, fortify_password = fortify_prompt() fortify_client = FortifyClient( fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify credentials stored") if application: fortify_client.list_application_versions(application) else: fortify_client.list_versions() else: fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user, fortify_password=fortify_password) fortify_config.write_username(fortify_user) fortify_config.write_password(fortify_password) Logger.console.info("Fortify credentials stored") if application: fortify_client.list_application_versions(application) else: fortify_client.list_versions() except (AttributeError, UnboundLocalError) as e: Logger.console.critical("Unable to complete command 'fortify list'")