On Friday August 14th. from 9 p.m. to 9:30 p.m., we will upgrade GitLab software and its cloud platform release. Service may not be available during this maintenance window. Please schedule your work accordingly.

Commit 77f95cc2 authored by Marcello Golfieri's avatar Marcello Golfieri

removing all code to pick the right scanner since now it does not matter...

removing all code to pick the right scanner since now it does not matter anymore - see https://stanford-uit.slack.com/archives/CD5S7NP4Z/p1562044494016700
parent df94ea39
......@@ -63,7 +63,6 @@ class Qapi:
vm_fields = ["TYPE", "SEVERITY", 'QID', 'RESULTS', "PORT", "PROTOCOL", "LAST_FOUND_DATETIME"]
hosts = []
url = None
scanners = None
cache = None
auth = None
headers = {
......@@ -82,15 +81,12 @@ class Qapi:
password=None,
hostname=None,
cache=None,
load_scanners=False,
):
conf = configparser.RawConfigParser()
buffer = StringIO(config)
conf.read_file(buffer)
self.url = "https://" + conf.get('info','hostname')
self.auth = (conf.get('info','username'), conf.get('info','password'))
if load_scanners:
self.scanners = ",".join(self.get_scanner_appliances_list())
self.cache = cache
self._tag = 'TCG'
......@@ -131,23 +127,6 @@ class Qapi:
else:
oxml = objectify.fromstring(response.text.encode("utf-8"))
return oxml
# I couldn't get the qualysapi python lib to work with remediation tickets, going manual
def get_scanner_appliances_list(self):
oxml = self._get_xml("/api/2.0/fo/appliance/", {"action": "list"})
scanners = [
str(x)
for x in oxml.xpath('//RESPONSE/APPLIANCE_LIST/*[STATUS="Online"]/NAME')
]
return scanners
def get_scanner_appliances_given_fwzone(self, fwzone):
scanners = [
str(x)
for x in self.scanners.split(",")
if re.match(".*{}.*$".format(fwzone.upper()), str(x))
]
return ",".join(scanners)
def get_rest_api_version(self):
return self._get_xml(
......@@ -239,32 +218,13 @@ class Qapi:
self.hosts = [x.replace(".stanford.edu", "") for x in self.hosts]
def start_new_scan(self, hostname):
asset_id = self.get_asset_id(hostname)
oxml = self.get_asset_details_xml(asset_id)
scanner_tags = oxml.xpath(
'//data/HostAsset/tags/list/*/name[contains(text(), "x-")]'
)
params = {
"action": "launch",
"scan_title": "TCG_scanning_for_" + hostname,
"ip": resolve_to_ip(hostname),
"option_title": "ISO Official 3/4/5 (Site-wide)",
"default_scanner": 1
}
# The following block is to get the fw zone tag to then use
associated_scanners = []
for scanner_tag in scanner_tags:
match = re.match("^x-([\w\d]+).*", str(scanner_tag))
if match:
associated_scanners.append(match.group(1))
break # Will support multiple scanners later if needed
if associated_scanners:
params["iscanner_name"] = self.get_scanner_appliances_given_fwzone(
associated_scanners[0]
) # set enforces uniqueness in a list
elif self.scanners:
params["iscanner_name"] = self.scanners
else:
params["default_scanner"] = "1"
# DO NOT ask me why, but somehow one day I realized start new scan is a post call that needs get style params???
return self._post_xml(
"/api/2.0/fo/scan/" + self._make_get_params(params),
......@@ -405,9 +365,6 @@ if __name__ == "__main__":
action="store_true",
help="List all available vulnerabilities scans",
)
parser.add_argument(
"-S", "--list_scanners", action="store_true", help="List the scanners available"
)
parser.add_argument(
"-a",
"--appliances-lookup-by-fwzone-tag",
......@@ -496,8 +453,6 @@ if __name__ == "__main__":
)
args = parser.parse_args()
# configuration = yaml.load(args.configuration, Loader=yaml.SafeLoader)
config = None
with open(args.config_file, "r") as f:
config = f.read()
......@@ -507,12 +462,6 @@ if __name__ == "__main__":
print(q.get_rest_api_version())
elif args.lookup:
print(q.get_asset_id(args.lookup))
elif args.appliance_lookup:
print(q.get_scanner_appliances_given_fwzone(args.appliance_lookup))
# elif args.query:
# print(q.get_hostasset_xml(args.query)
elif args.list_scanners:
print(q.get_scanner_appliances_list())
elif args.list_agents and args.tag:
print(q.get_agents_by_tag_xml(args.tag))
elif args.show_software_info and (args.hostid or args.host):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment