def dojo_connection(host, api_key, user, proxy=None): if proxy is not None: proxies = { 'http': 'http://' + proxy, 'https': 'http://' + proxy, } print proxy # Instantiate the DefectDojo api wrapper dd = defectdojo.DefectDojoAPI(host, api_key, user, proxies=proxies, verify_ssl=False, timeout=360, debug=True) else: dd = defectdojo.DefectDojoAPI(host, api_key, user, verify_ssl=False, timeout=360, debug=False) return dd
def Defect_Dojo_Output(Title, Description): DD_Details = Load_Defect_Dojo_Configuration() if DD_Details: try: Impact = 'All Scrummage findings have the potential to cause significant damage to a business\' finances, efficiency and reputation. Therefore, findings should be investigated to assist in reducing this risk.' Mitigation = 'It is recommended that this issue be investigated further by the security team to determine whether or not further action needs to be taken.' DD_Connection = defectdojo.DefectDojoAPI(DD_Details[1], DD_Details[0], DD_Details[2], debug=False) Finding = DD_Connection.create_finding( Title, Description, 'Low', '', str(datetime.datetime.now().strftime( '%Y-%m-%d %H:%M:%S').strftime('%Y-%m-%d')), DD_Details[4], DD_Details[3], DD_Details[5], DD_Details[6], Impact, True, False, Mitigation) try: Finding = str(int(str(Finding))) logging.info( f"{Date()} Connectors Library - DefectDojo finding {Finding} created." ) except: logging.info( f"{Date()} Connectors Library - Failed to create DefectDojo finding." ) except (Exception, psycopg2.DatabaseError) as Error: logging.warning(Date() + str(Error))
def __init__(self): """ Init method """ self.defect_dojo = defectdojo.DefectDojoAPI(DEFECT_DOJO_HOST, DEFECT_DOJO_API_KEY, DEFECT_DOJO_USERNAME, debug=False)
def setUp(self): host = 'http://localhost:8000' api_key = os.environ['DOJO_API_KEY'] user = '******' """ proxies = { 'http': 'http://localhost:8080', 'https': 'http://localhost:8080', } proxies=proxies """ self.dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False)
def dojo_connection(host, api_key, user, proxy): #Optionally, specify a proxy proxies = None if proxy: proxies = { 'http': proxy, 'https': proxy, } # Instantiate the DefectDojo api wrapper dd = defectdojo.DefectDojoAPI(host, api_key, user, proxies=proxies, verify_ssl=False, timeout=360, debug=False) return dd
def dojo_connection(host, api_key, user): #Optionally, specify a proxy proxies = { 'http': 'http://localhost:8081', 'https': 'http://localhost:8081', } #if DEBUG: # Instantiate the DefectDojo api wrapper dd = defectdojo.DefectDojoAPI(host, api_key, user, proxies=proxies, verify_ssl=False, timeout=360, debug=False) #else: # dd = defectdojo.DefectDojoAPI(host, api_key, user, verify_ssl=False, timeout=360, debug=False) return dd
def run(self, testid, scantype): # check params print("testid = {}".format(testid)) print("scan type = {}".format(scantype)) # instantiate the DefectDojo api wrapper dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=True) if scantype == 'Nmap Scan': filepath = "/opt/stackstorm/scan_results/nmap/nmap_standard.xml" elif scantype == 'Burp Scan': filepath = "/opt/stackstorm/scan_results/burp/burp_scan.xml" elif scantype == 'Nessus Scan': filepath = "/opt/stackstorm/scan_results/nessus/nessus_scan.xml" # perform upload request + print response upload_scan = dd.reupload_scan(testid, scantype, filepath, "true", "2024/1/1", "API") print("Test number: {}".format(upload_scan))
# @p3r1c0 from defectdojo_api import defectdojo import os, traceback import psycopg2 import psycopg2.extras from datetime import datetime, timedelta # setup DefectDojo connection information global api defectdojo_url = os.getenv('DEFECTDOJO_URL') defectdojo_api_key = os.getenv('DD_API_KEY') defectdojo_user = os.getenv('DEFECTDOJO_USER') # instantiate the DefectDojo api wrapper api = defectdojo.DefectDojoAPI(defectdojo_url, defectdojo_api_key, defectdojo_user, debug=False) # method to get the connection directly with dd bbdd def get_connection_defect(): conn = None try: conn = psycopg2.connect(dbname=os.getenv('DEFECT_BBDD_NAME'), user=os.getenv('DEFECT_BBDD_USER'), password=os.getenv('DEFECT_PASS'), host=os.getenv('DEFECT_BBDD_HOST'), port=os.getenv('DEFECT_BBDD_PORT'), sslmode='require') return conn
def _createDojoFindings(): try: from defectdojo_api import defectdojo defect_api = defectdojo.DefectDojoAPI(os.getenv('DEFECTDOJO_HOST'), os.getenv('DEFECTDOJO_APIKEY'), os.getenv('DEFECTDOJO_USER'), debug=False) except ImportError: criticalMsg = "The DefectDojo library is not installed. Install it with 'pip install git+https://github.com/kn0wm4d/defectdojo_api.git'." logger.critical(criticalMsg) return None except TypeError: criticalMsg = "The DefectDojo environment variables are not set." logger.critical(criticalMsg) return None # Get Engagement from DefectDojo engagement = defect_api.get_engagement(conf.engagementDojo) if engagement.response_code == -1: criticalMsg = "This DefectDojo Engagement doesn\'t exist. " logger.critical(criticalMsg) return None # Get the Product ID related to this Engagement product_id = re.match('/api/v1/products/(.*)/', engagement.data['product'])[1] # List all tests on this engagement tests = defect_api.list_tests(engagement_in=engagement.data['id']) # Get list of SQLMap Tests on this engagement tests_sqlmap = [ test for test in tests.data['objects'] if test['test_type'] == "SQLMap Scan" ] if any(tests_sqlmap): # If an SQLMap Test exists, get the first one test_id = tests_sqlmap[0]['id'] if not any(tests_sqlmap): # If not, create an SQLMap test for this engagement test_type = defect_api.list_test_types(name="SQLMap Scan") if test_type.count() > 0: # Get SQLMap Test Type ID test_type = test_type.data['objects'][0]['id'] else: # If it doesn't exist, tell the user to create it criticalMsg = "Please first create SQLMap Scan test type on DefectDojo." logger.critical(criticalMsg) return None # Finally, create the SQLMap Test in this Engagement test_id = defect_api.create_test( environment=1, target_start=engagement.data['target_start'], target_end=engagement.data['target_end'], engagement_id=engagement.data['id'], test_type=test_type).data for injection in kb.injections: for stype, sdata in injection.data.items(): title = 'SQL Injection - (%s)' % PAYLOAD.SQLINJECTION[stype] payload = agent.adjustLateValues(sdata.payload) payload = urldecode(payload, unsafe="&", spaceplus=(injection.place != PLACE.GET and kb.postSpaceToPlus)) description = 'Injection Type: %s\nVulnerable URL: %s %s\nCookie: %s\nOriginal Payload: %s\nPayload: %s' % ( sdata.title.title(), injection.place, conf.url, conf.cookie, conf.data, payload) severity = "Critical" # Create the Finding on DefectDojo finding = defect_api.create_finding( title, description, severity, cwe=89, date=time.strftime("%Y-%m-%d", time.gmtime()), product_id=product_id, engagement_id=engagement.data['id'], test_id=test_id, user_id=1, impact="Integrity, Confidentiality", active="True", verified="True", mitigation= "https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet", references= "https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet" ).data infoMsg = 'uploaded finding to DefectDojo: %sfinding/%s' % ( os.getenv('DEFECTDOJO_HOST'), finding) logger.info(infoMsg)
# Setup DefectDojo connection information host = 'http://localhost:8000' api_key = os.environ['DOJO_API_KEY'] user = '******' #Optionally, specify a proxy proxies = { 'http': 'http://localhost:8080', 'https': 'http://localhost:8080', } #proxies=proxies # Instantiate the DefectDojo api wrapper dd = defectdojo.DefectDojoAPI(host, api_key, user, proxies=proxies, debug=False) # List Tool Types tool_types = dd.list_tool_types() #print "Configured Tool Types" #print tool_types.data_json(pretty=True) list_credential_mappings = dd.list_credential_mappings(product_id_in=2) print "Creds" #print list_credential_mappings.data_json(pretty=True) for cred in list_credential_mappings.data["objects"]: print cred["id"]
# Setup DefectDojo connection information host = 'http://localhost:8000' api_key = os.environ['DOJO_API_KEY'] user = '******' #Optionally, specify a proxy proxies = { 'http': 'http://localhost:8080', 'https': 'http://localhost:8080', } #proxies=proxies # Instantiate the DefectDojo api wrapper dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False) # List Tool Types tool_types = dd.list_tool_types() #print "Configured Tool Types" #print tool_types.data_json(pretty=True) list_credential_mappings = dd.list_credential_mappings() print "CredMappings" print list_credential_mappings.data_json(pretty=True) list_credentials = dd.list_credentials() print "Creds" print list_credentials.data_json(pretty=True)