def upload_policy(self):
# if a policy of the same name already exists, delete it prior to upload
try:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
# bit of ugliness here. I'd like to just have the policy name at this point but I don't
# so find it in the full path
# TODO: Verify split here
response = api.get_policy_by_name(
ntpath.basename(self.webinspect_upload_policy).split('.')[0])
if response.success and response.response_code == 200: # the policy exists on the server already
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.delete_policy(response.data['uniqueId'])
if response.success:
Logger.app.debug("Deleted policy {} from server".format(
ntpath.basename(
self.webinspect_upload_policy).split('.')[0]))
except (ValueError, UnboundLocalError, TypeError) as e:
Logger.app.error(
"Verify if deletion of existing policy failed: {}".format(e))
try:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.upload_policy(self.webinspect_upload_policy)
if response.success:
Logger.console.debug("Uploaded policy {} to server.".format(
self.webinspect_upload_policy))
else:
Logger.app.error("Error uploading policy {0}. {1}".format(
self.webinspect_upload_policy, response.message))
except (ValueError, UnboundLocalError, TypeError) as e:
Logger.app.error("Error uploading policy {}".format(e))
def export_scan_results(self, scan_id, scan_name, extension):
"""
Download scan as a xml for Threadfix or other Vuln Management System
:param scan_id:
:param scan_name:
:param extension:
"""
try:
scan_name = self.trim_ext(scan_name)
Logger.app.debug('Exporting scan: {}'.format(scan_id))
detail_type = 'Full' if extension == 'xml' else None
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.export_scan_format(scan_id, extension, detail_type)
if response.success:
try:
with open('{0}.{1}'.format(scan_name, extension), 'wb') as f:
Logger.app.info('Scan results file is available: {0}.{1}'.format(scan_name, extension))
f.write(response.data)
except UnboundLocalError as e:
Logger.app.error('Error saving file locally {}'.format(e))
elif response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
sys.exit(ExitStatus.failure)
else:
Logger.app.error('Unable to retrieve scan results. {} '.format(response.message))
except (ValueError, UnboundLocalError, NameError) as e:
logexceptionhelper.LogErrorWebInspectDownload(e)
def list_proxy(self):
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.list_proxies()
if response.success:
return response.data
else:
Logger.app.critical("{}".format(response.message))
def create_scan(self):
"""
Launches and monitors a scan
:return: If scan was able to launch, scan_id. Otherwise none.
"""
Logger.app.debug("Creating Scan in webinspect client")
overrides = json.dumps(
webinspectjson.formatted_settings_payload(
self.settings, self.scan_name, self.runenv, self.scan_mode,
self.scan_scope, self.login_macro, self.scan_policy,
self.scan_start, self.start_urls, self.workflow_macros,
self.allowed_hosts))
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.create_scan(overrides)
logger_response = json.dumps(response,
default=lambda o: o.__dict__,
sort_keys=True)
Logger.app.debug("Request sent to {0}:\n{1}".format(
self.url, overrides))
Logger.app.debug("Response from {0}:\n{1}\n".format(
self.url, logger_response))
if response.success:
scan_id = response.data['ScanId']
sys.stdout.write(
str('WebInspect scan launched on {0} your scan id: {1}\n'.
format(self.url, scan_id)))
else:
Logger.app.error("No scan was launched!")
Logger.app.error("{}".format(response.message))
return False
return scan_id
def export_scan_results(self, scan_id, extension):
"""
Save scan results to file
:param scan_id:
:param extension:
:return:
"""
# Export scan as a xml for Threadfix or other Vuln Management System
Logger.app.info('Exporting scan: {} as {}'.format(scan_id, extension))
detail_type = 'Full' if extension == 'xml' else None
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.export_scan_format(scan_id, extension, detail_type)
if response.success:
try:
with open('{0}.{1}'.format(self.scan_name, extension),
'wb') as f:
Logger.app.debug(
str('Scan results file is available: {0}.{1}\n'.format(
self.scan_name, extension)))
f.write(response.data)
print(
str('Scan results file is available: {0}.{1}\n'.format(
self.scan_name, extension)))
except UnboundLocalError as e:
Logger.app.error('Error saving file locally {}'.format(e))
else:
Logger.app.error('Unable to retrieve scan results. {} '.format(
response.message))
def download_proxy(self, webmacro, setting):
Logger.app.debug('Downloading from: {}'.format(self.proxy_name))
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
if webmacro:
response = api.download_proxy_webmacro(self.proxy_name)
extension = 'webmacro'
elif setting:
response = api.download_proxy_setting(self.proxy_name)
extension = 'xml'
else:
Logger.app.error("Please enter a file type to download.")
return 1
if response.success:
try:
with open('{0}-proxy.{1}'.format(self.proxy_name, extension),
'wb') as f:
Logger.app.info(
'Scan results file is available: {0}-proxy.{1}'.format(
self.proxy_name, extension))
f.write(response.data)
except UnboundLocalError as e:
Logger.app.error('Error saving file locally {}'.format(e))
else:
Logger.app.error('Unable to retrieve file. {} '.format(
response.message))
def get_policy_by_name(self, policy_name):
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.get_policy_by_name(policy_name)
if response.success:
return response.data
else:
return None
def start_proxy(self):
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.start_proxy(self.proxy_name, self.port, "")
if response.success:
return response.data
else:
Logger.app.critical("{}".format(response.message))
def get_scan_by_name(self, scan_name):
"""
Search Webinspect server for a scan matching scan_name
:param scan_name:
:return: List of search results
"""
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
return api.get_scan_by_name(scan_name).data
def get_proxy(self):
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.get_proxy_information(self.proxy_name)
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
exit(1)
if response.success:
return response.data
def get_scan_status(self, scan_guid):
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
try:
response = api.get_current_status(scan_guid)
status = json.loads(response.data_json())['ScanStatus']
return status
except (ValueError, UnboundLocalError, TypeError) as e:
Logger.app.error("get_scan_status failed: {}".format(e))
return "Unknown"
def delete_proxy(self):
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.delete_proxy(self.proxy_name)
if response.success:
Logger.app.info("Proxy: '{0}' deleted from '{1}'".format(
self.proxy_name, self.host))
else:
Logger.app.critical("{}".format(response.message))
def list_proxy(self):
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.list_proxies()
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
exit(1)
if response.success:
return response.data
else:
Logger.app.critical("{}".format(response.message))
def get_scan_log(self, scan_name=None, scan_guid=None):
try:
if scan_name:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.get_scan_by_name(scan_name)
if response.success:
scan_guid = response.data[0]['ID']
else:
Logger.app.error(response.message)
return None
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.get_scan_log(scan_guid)
if response.success:
return response.data_json()
else:
return None
except (ValueError, UnboundLocalError) as e:
Logger.app.error("get_scan_log failed: {}".format(e))
def delete_proxy(self):
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.delete_proxy(self.proxy_name)
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
exit(1)
if response.success:
Logger.app.info("Proxy: '{0}' deleted from '{1}'".format(self.proxy_name, self.host))
else:
Logger.app.critical("{}".format(response.message))
def list_scans(self):
"""
List all scans found on host
:return: response.data from the Webinspect server
"""
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.list_scans()
if response.success:
return response.data
else:
Logger.app.critical("{}".format(response.message))
def list_webmacros(self):
try:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.list_webmacros()
if response.success:
for webmacro in response.data:
Logger.console.info("{}".format(webmacro))
else:
Logger.app.error("{}".format(response.message))
except (ValueError, UnboundLocalError) as e:
Logger.app.error("list_webmacros failed: {}".format(e))
def list_scans(self):
"""
List all scans found on host
:param scan_id:
:return:
"""
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.list_scans()
if response.success:
for scan in response.data:
Logger.console.info("{0:80} {1:40} {2:10}".format(scan['Name'], scan['ID'], scan['Status']))
else:
Logger.app.critical("{}".format(response.message))
def get_scan_status(self, scan_guid):
"""
Get scan status from the Webinspect server
:param scan_guid:
:return: Current status of scan
"""
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
try:
response = api.get_current_status(scan_guid)
status = json.loads(response.data_json())['ScanStatus']
return status
except (ValueError, TypeError, UnboundLocalError) as e:
Logger.app.error("get_scan_status failed: {}".format(e))
return None
def __settings_exists__(self):
try:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.list_settings()
if response.success:
for setting in response.data:
if setting in self.settings:
return True
except (ValueError, UnboundLocalError) as e:
Logger.app.error(
"Unable to determine if setting file exists, scan will continue without setting!"
"Error: {}".format(e))
return False
def upload_webmacros(self):
try:
for webmacro in self.webinspect_upload_webmacros:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.upload_webmacro(webmacro)
if response.success:
Logger.console.debug(
"Uploaded webmacro {} to server.".format(webmacro))
else:
Logger.app.error(
"Error uploading webmacro {0}. {1}".format(
webmacro, response.message))
except (ValueError, UnboundLocalError) as e:
Logger.app.error("Error uploading webmacro {}".format(e))
def upload_settings(self):
try:
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.upload_settings(self.webinspect_upload_settings)
if response.success:
Logger.console.debug("Uploaded settings {} to server.".format(
self.webinspect_upload_settings))
else:
Logger.app.error("Error uploading settings {0}. {1}".format(
self.webinspect_upload_settings, response.message))
except (ValueError, UnboundLocalError) as e:
Logger.app.error("Error uploading settings {}".format(e))
def upload_proxy(self, upload_file):
Logger.app.info("Uploading to: '{}'".format(self.proxy_name))
try:
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.upload_webmacro_proxy(self.proxy_name, upload_file)
if response.success:
Logger.app.info("Uploaded '{0}' to '{1}' on: {2}.".format(
upload_file, self.proxy_name, self.host))
else:
Logger.app.error("Uploading {0} gave error: {1}".format(
upload_file, response.message))
return 1
except (ValueError, UnboundLocalError) as e:
Logger.app.error("Error uploading policy {}".format(e))
return 1
def wait_for_scan_status_change(self, scan_id):
"""
Blocking call, will remain in this method until status of scan changes
:param scan_id:
:return:
"""
# WebInspect Scan has started, wait here until it's done
api = webinspectapi.WebInspectApi(self.url, verify_ssl=False)
response = api.wait_for_status_change(
scan_id) # this line is the blocker
if response.success:
Logger.console.debug('Scan status {}'.format(response.data))
else:
Logger.app.debug('Scan status not known because: {}'.format(
response.message))
def get_cert_proxy(self):
path = Config().cert
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False)
response = api.cert_proxy()
if response.success:
try:
with open(path, 'wb') as f:
f.write(response.data)
Logger.app.info(
'Cert has downloaded to\t:\t{}'.format(path))
except UnboundLocalError as e:
Logger.app.error('Error saving cert locally {}'.format(e))
else:
Logger.app.error('Unable to retrieve cert.\n ERROR: {} '.format(
response.message))
def get_scan_by_name(self, scan_name):
"""
Search Webinspect server for a scan matching scan_name
:param scan_name:
:return: List of search results
"""
scan_name = self.trim_ext(scan_name)
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.get_scan_by_name(scan_name)
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
sys.exit(ExitStatus.failure)
return response.data
def upload_proxy(self, upload_file):
Logger.app.info("Uploading to: '{}'".format(self.proxy_name))
try:
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.upload_webmacro_proxy(self.proxy_name, upload_file)
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
exit(1)
if response.success:
Logger.app.info("Uploaded '{0}' to '{1}' on: {2}.".format(upload_file, self.proxy_name, self.host))
else:
Logger.app.error("Uploading {0} gave error: {1}".format(upload_file, response.message))
return 1
except (ValueError, UnboundLocalError) as e:
Logger.app.error("Error uploading policy {}".format(e))
return 1
def list_scans(self):
"""
List all scans found on host
:return: response.data from the Webinspect server
"""
try:
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.list_scans()
if response.success:
return response.data
elif response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
sys.exit(ExitStatus.failure)
else:
Logger.app.critical("{}".format(response.message))
except (ValueError, UnboundLocalError, NameError) as e:
Logger.app.error("There was an error listing WebInspect scans! {}".format(e))
def get_scan_status(self, scan_guid):
"""
Get scan status from the Webinspect server
:param scan_guid:
:return: Current status of scan
"""
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
try:
response = api.get_current_status(scan_guid)
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
sys.exit(ExitStatus.failure)
status = json.loads(response.data_json())['ScanStatus']
return status
except (ValueError, TypeError, UnboundLocalError) as e:
Logger.app.error("There was an error getting scan status: {}".format(e))
return None
def get_cert_proxy(self):
path = Config().cert
api = webinspectapi.WebInspectApi(self.host, verify_ssl=False, username=self.username, password=self.password)
response = api.cert_proxy()
if response.response_code == 401:
Logger.app.critical("An Authorization Error occured.")
exit(1)
if response.success:
try:
with open(path, 'wb') as f:
f.write(response.data)
Logger.app.info('Cert has downloaded to\t:\t{}'.format(path))
except UnboundLocalError as e:
Logger.app.error('Error saving cert locally {}'.format(e))
else:
Logger.app.error('Unable to retrieve cert.\n ERROR: {} '.format(response.message))
