def __init__(self, host, port=443, ssl_verify=False, cert=None, adapter=None,
scheme='https', retries=None, backoff=None, ua_identity=None,
session=None, proxies=None):
# As we will always be passing a URL to the APISession class, we will
# want to construct a URL that APISession (and further requests)
# understands.
base = '{}://{}:{}'.format(scheme, host, port)
url = '{}/rest'.format(base)
# Now lets pass the relevent parts off to the APISession's constructor
# to make sure we have everything lined up as we expect.
APISession.__init__(self, url,
retries=retries,
backoff=backoff,
ua_identity=ua_identity,
session=session,
proxies=proxies)
# Also, as Tenable.sc is generally installed without a certificate
# chain that we can validate, we will want to turn off verification
# and the associated warnings unless told to otherwise:
self._session.verify = ssl_verify
if not ssl_verify:
warnings.filterwarnings('ignore', 'Unverified HTTPS request')
# If a client-side certificate is specified, then we will want to add
# it into the session object as well. The cert parameter is expecting
# a path pointing to the client certificate file.
if cert:
self._session.cert = cert
# If an adapter for requests was provided, we should pull that in as
# well.
if adapter:
self._session.mount(base, adapter)
# We will attempt to make the first call to the Tenable.sc instance
# and get the system information. If this call fails, then we likely
# aren't pointing to a SecurityCenter at all and should throw an error
# stating this.
try:
self.info = self.system.details()
except:
raise ConnectionError('No Tenable.sc Instance at {}:{}'.format(host, port))
# Now we will try to interpret the Tenable.sc information into
# something usable.
try:
self.version = self.info['version']
self.build_id = self.info['buildID']
self.license = self.info['licenseStatus']
self.uuid = self.info['uuid']
if 'token' in self.info:
# if a token was passed in the system info page, then we should
# update the X-SecurityCenter header with the token info.
self._session.headers.update({
'X-SecurityCenter': str(d['response']['token'])
})
except:
raise ConnectionError('Invalid Tenable.sc Instance')
def __init__(self, access_key, secret_key,
url=None, retries=None, backoff=None, registry=None):
self._access_key = access_key
self._secret_key = secret_key
if registry:
self._registry = registry
APISession.__init__(self, url, retries, backoff)
def __init__(self,
access_key=None,
secret_key=None,
url=None,
retries=None,
backoff=None,
ua_identity=None,
session=None,
proxies=None):
if access_key:
self._access_key = access_key
else:
self._access_key = os.getenv('TIO_ACCESS_KEY')
if secret_key:
self._secret_key = secret_key
else:
self._secret_key = os.getenv('TIO_SECRET_KEY')
if not self._access_key or not self._secret_key:
raise UnexpectedValueError('No valid API Keypair Defined')
APISession.__init__(self,
url,
retries=retries,
backoff=backoff,
ua_identity=ua_identity,
session=session,
proxies=proxies)
def _build_session(self, session=None):
APISession._build_session(self, session)
# As Tenable.sc is generally installed without a certificate chain that
# we can validate, we will want to turn off verification and the
# associated warnings unless told to otherwise:
self._session.verify = self._ssl_verify
if not self._ssl_verify:
warnings.filterwarnings('ignore', 'Unverified HTTPS request')
def _build_session(self, session):
'''
Build the session and add the API Keys into the session
'''
APISession._build_session(self, session)
self._session.trust_env = False
self._session.headers.update(
{'Authorization': 'Bearer {}'.format(self._api_key)})
def __init__(self,
host,
port=443,
ssl_verify=False,
cert=None,
scheme='https',
retries=None,
backoff=None):
'''SecurityCenter 5 API Wrapper
This class is designed to handle authentication management for the
SecurityCenter 5.x API. This is by no means a complete model of
everything that the API can handle, it is simply meant to be a thin
wrapper into the API. Convenience functions will be added as time
passes and there is a desire to develop them.
For more information, please See Tenable's official API documentation
at: https://support.tenable.com/support-center/cerberus-support-center/includes/widgets/sc_api/index.html
'''
# As we will always be passing a URL to the APISession class, we will
# want to construct a URL that APISession (and further requests)
# understands.
url = '{}://{}:{}/rest'.format(scheme, host, port)
# Now lets pass the relevent parts off to the APISession's constructor
# to make sure we have everything lined up as we expect.
APISession.__init__(self, url, retries, backoff)
# Also, as SecurityCenter is generally installed without a certificate
# chain that we can validate, we will want to turn off verification
# and the associated warnings unless told to otherwise:
self._session.verify = ssl_verify
if not ssl_verify:
warnings.filterwarnings('ignore', 'Unverified HTTPS request')
# If a client-side certificate is specified, then we will want to add
# it into the session object as well. The cert parameter is expecting
# a path pointing to the client certificate file.
if cert:
self._session.cert = cert
# We will attempt to make the first call to the SecurityCenter instance
# and get the system information. If this call fails, then we likely
# aren't pointing to a SecurityCenter at all and should throw an error
# stating this.
try:
d = self.get('system').json()
except:
raise ServerError('No SecurityCenter Instance at {}'.format(host))
# Now we will try to interpret the SecurityCenter information into
# something usable.
try:
self.version = d['response']['version']
self.build_id = d['response']['buildID']
self.license = d['response']['licenseStatus']
self.uuid = d['response']['uuid']
except:
raise ServerError('Invalid SecurityCenter Instance')
def _build_session(self):
'''
Build the session and add the API Keys into the session
'''
APISession._build_session(self)
self._session.headers.update({
'X-APIKeys': 'accessKey={}; secretKey={};'.format(
self._access_key, self._secret_key)
})
def __init__(self,
api_key=None,
url=None,
retries=None,
backoff=None,
ua_identity=None,
session=None):
self._api_key = api_key
APISession.__init__(self, url, retries, backoff, ua_identity, session)
def __init__(self,
access_key,
secret_key,
url=None,
retries=None,
backoff=None,
ua_identity=None,
session=None):
self._access_key = access_key
self._secret_key = secret_key
APISession.__init__(self, url, retries, backoff, ua_identity, session)
def _build_session(self):
'''
Build the session and add the API Keys into the session
'''
APISession._build_session(self)
self._session.headers.update({
'X-APIKeys':
'accessKey={}; secretKey={};'.format(self._access_key,
self._secret_key)
})
'''
Add SSL Verification flag
'''
self._session.verify = self._verify
def __init__(self, host, port=443, ssl_verify=False, cert=None,
scheme='https', retries=None, backoff=None):
# As we will always be passing a URL to the APISession class, we will
# want to construct a URL that APISession (and further requests)
# understands.
url = '{}://{}:{}/rest'.format(scheme, host, port)
# Now lets pass the relevent parts off to the APISession's constructor
# to make sure we have everything lined up as we expect.
APISession.__init__(self, url, retries, backoff)
# Also, as SecurityCenter is generally installed without a certificate
# chain that we can validate, we will want to turn off verification
# and the associated warnings unless told to otherwise:
self._session.verify = ssl_verify
if not ssl_verify:
warnings.filterwarnings('ignore', 'Unverified HTTPS request')
# If a client-side certificate is specified, then we will want to add
# it into the session object as well. The cert parameter is expecting
# a path pointing to the client certificate file.
if cert:
self._session.cert = cert
# We will attempt to make the first call to the SecurityCenter instance
# and get the system information. If this call fails, then we likely
# aren't pointing to a SecurityCenter at all and should throw an error
# stating this.
try:
d = self.get('system').json()
except:
raise ServerError('No SecurityCenter Instance at {}'.format(host))
# Now we will try to interpret the SecurityCenter information into
# something usable.
try:
self.version = d['response']['version']
self.build_id = d['response']['buildID']
self.license = d['response']['licenseStatus']
self.uuid = d['response']['uuid']
except:
raise ServerError('Invalid SecurityCenter Instance')
def __init__(self,
access_key,
secret_key,
url=None,
retries=None,
backoff=None,
registry=None):
if access_key:
self._access_key = access_key
else:
self._access_key = os.getenv('TIO_ACCESS_KEY')
if secret_key:
self._secret_key = secret_key
else:
self._secret_key = os.getenv('TIO_SECRET_KEY')
if not self._access_key or not self._secret_key:
raise UnexpectedValueError('No valid API Keypair Defined')
if registry:
self._registry = registry
APISession.__init__(self, url, retries, backoff)
def __init__(self, keyfile, source_id):
creds = service_account.Credentials.from_service_account_file(keyfile)
scoped = creds.with_scopes(self._scopes)
session = requests.AuthorizedSession(scoped)
self.source_id = source_id
APISession.__init__(self, session=session)