def search_cve(self, org_id: str, search_term: str) \
-> resources.CVEListResource:
r = self.s.get(f"{self.app_url}api/v1/organizations/{org_id}/cve/?q="
f"{search_term}")
check_status_code(r)
return resources.CVEListResource(r.json())
def get_vulnerability(
self, org_id: str, asset_id: int,
vulnerability_id: int) -> resources.VulnerabilityResource:
r = self.s.get(
f"{self.app_url}api/v1/organizations/{org_id}/assets/{asset_id}/"
f"bugs/{str(vulnerability_id)}/")
check_status_code(r)
return resources.VulnerabilityResource(r.json())
def update_vulnerability_tags(self, org_id: str, asset_id: int,
vulnerability_id: int, bug_tags: List[str]) \
-> resources.VulnerabilityResource:
r1 = self.get_vulnerability(org_id, asset_id, vulnerability_id)
for tag in r1.bug_tags:
bug_tags.append(tag["name"])
r2 = self.s.post(
f"{self.app_url}api/v1/organizations/{org_id}/assets/{asset_id}/"
f"bugs/{str(vulnerability_id)}/tags/",
json={"tag_list": bug_tags})
check_status_code(r2)
return r1
def update_vulnerability(self, org_id: str, asset_id: int,
vulnerability_id: int, state: int = None,
severity: int = None) \
-> resources.VulnerabilityResource:
patch_data: Dict[str, Union[str, int]] = {}
if state:
patch_data["state"] = state
if severity:
patch_data["severity"] = severity
r = self.s.patch(
f"{self.app_url}api/v1/organizations/{org_id}/assets/{asset_id}/"
f"bugs/{str(vulnerability_id)}/",
json=patch_data)
check_status_code(r)
return resources.VulnerabilityResource(r.json())
def update_asset(self,
org_id: str,
asset_id: int,
name: str = None,
exposed: int = None,
mac_address: str = None,
hostname: str = None,
sensitivity: int = None,
ipaddress: str = None) -> resources.AssetResource:
patch_data: Dict[str, Union[str, int]] = {}
r = self.s.get(f"{self.app_url}api/v1/organizations/{org_id}/assets/"
f"{str(asset_id)}/")
check_status_code(r)
asset_data = resources.AssetResource(r.json())
if name:
patch_data["name"] = name
else:
patch_data["name"] = asset_data.name
if exposed:
patch_data["exposed"] = exposed
else:
patch_data["exposed"] = asset_data.exposed
if mac_address:
patch_data["mac_address"] = mac_address
else:
patch_data["mac_address"] = asset_data.data.mac_address
if hostname:
patch_data["hostname"] = hostname
else:
patch_data["hostname"] = asset_data.data.hostname
if sensitivity:
patch_data["sensitivity"] = sensitivity
else:
patch_data["sensitivity"] = asset_data.sensitivity
if ipaddress:
patch_data["ipaddress"] = ipaddress
else:
patch_data["ipaddress"] = asset_data.data.ipaddress
r = self.s.patch(
f"{self.app_url}api/v1/organizations/{org_id}/assets/"
f"{str(asset_id)}/",
json=patch_data)
check_status_code(r)
return resources.AssetResource(r.json())
def list_assets(self,
org_id: str,
page: int = 1,
asset_type: List[int] = []) -> resources.AssetListResource:
if len(asset_type):
qs = "&"
for t in asset_type:
qs += f"type[]={t}&"
r = self.s.get(
f"{self.app_url}api/v1/organizations/{org_id}/assets/?page="
f"{str(page)}{qs}")
else:
r = self.s.get(
f"{self.app_url}api/v1/organizations/{org_id}/assets/?page="
f"{str(page)}")
check_status_code(r)
return resources.AssetListResource(r.json())
def list_vulnerabilities(
self,
org_id: str,
severity: List[int] = [1, 2, 3, 4, 5],
state: List[int] = [0, 1, 2, 3, 4, 5, 6, 7],
asset_type: List[int] = [1, 2, 3, 4],
assets: List[int] = [],
page: int = 1,
cve: str = "") -> resources.VulnerabilityListResource:
qs = "&"
if len(asset_type):
qs += "filter_by[]=asset_type&"
for at in asset_type:
qs += f"asset_type[]={str(at)}&"
if len(state):
qs += "filter_by[]=state&"
for st in state:
qs += f"state[]={str(st)}&"
if len(assets):
qs += "filter_by[]=assets&"
for a in assets:
qs += f"assets[]={str(a)}&"
if len(severity):
qs += "filter_by[]=severity&"
for sv in severity:
qs += f"severity[]={str(sv)}&"
if cve:
qs += "filter_by[]=cve&"
cve_data = self.search_cve(org_id, cve).results
if len(cve_data) > 0:
cve_id = cve_data[0].id
qs += f"cve[]={str(cve_id)}"
r = self.s.get(
f"{self.app_url}api/v1/organizations/{org_id}/bugs/?page="
f"{str(page)}{qs}")
check_status_code(r)
return resources.VulnerabilityListResource(r.json())
def get_asset(self, org_id: str, asset_id: int) -> resources.AssetResource:
r = self.s.get(f"{self.app_url}api/v1/organizations/{org_id}/assets/"
f"{str(asset_id)}/")
check_status_code(r)
return resources.AssetResource(r.json())
def get_organization(self, org_id: str) -> resources.OrganizationResource:
r = self.s.get(f"{self.app_url}api/v1/organizations/{org_id}/")
check_status_code(r)
return resources.OrganizationResource(r.json())
def list_organizations(self, page: int = 1) -> \
resources.OrganizationListResource:
r = self.s.get(f"{self.app_url}api/v1/organizations/?page={str(page)}")
check_status_code(r)
return resources.OrganizationListResource(r.json())