diff --git a/defectdojo_api/__init__.py b/defectdojo_api/__init__.py index df9144c549004a8808bf5fb861828762673393d8..10939f01be01b705d43126b5a824a2017c2c46a5 100644 --- a/defectdojo_api/__init__.py +++ b/defectdojo_api/__init__.py @@ -1 +1 @@ -__version__ = '0.1.1' +__version__ = '0.1.2' diff --git a/defectdojo_api/defectdojo.py b/defectdojo_api/defectdojo.py index ad73582000912c5735458649ff592ef0afc7b130..6ea664feaef4bbb54ff775b1272c55986afba7e9 100644 --- a/defectdojo_api/defectdojo.py +++ b/defectdojo_api/defectdojo.py @@ -85,6 +85,16 @@ class DefectDojoAPI(object): """ return self.api_version + def get_id_from_url(self, url): + """Returns the ID from the DefectDojo API. + + :param url: URL returned by the API + + """ + url = url.split('/') + return url[len(url)-2] + + ###### User API ####### def list_users(self, username=None, limit=20): """Retrieves all the users. @@ -642,6 +652,166 @@ class DefectDojoAPI(object): files=data ) + ##### Credential API ##### + + def list_credentials(self, name=None, username=None, limit=20): + """Retrieves all the globally configured credentials. + + :param name_contains: Search by credential name. + :param username: Search by username + :param limit: Number of records to return. + + """ + + params = {} + if limit: + params['limit'] = limit + + if name: + params['name__contains'] = name + + if username: + params['username__contains'] = username + + return self._request('GET', 'credentials/', params) + + def get_credential(self, cred_id, limit=20): + """ + Retrieves a credential using the given credential id. + :param credential_id: Credential identification. + """ + return self._request('GET', 'credentials/' + str(cred_id) + '/') + + ##### Credential Mapping API ##### + + def list_credential_mappings(self, name=None, product_id_in=None, engagement_id_in=None, test_id_in=None, finding_id_in=None, limit=20): + """Retrieves mapped credentials. + + :param name_contains: Search by credential name. + :param username: Search by username + :param limit: Number of records to return. + + """ + + params = {} + if limit: + params['limit'] = limit + + if name: + params['name'] = name + + if product_id_in: + params['product__id__in'] = product_id_in + + if engagement_id_in: + params['engagement__id__in'] = engagement_id_in + + if test_id_in: + params['test__id__in'] = test_id_in + + if finding_id_in: + params['finding__id__in'] = finding_id_in + + return self._request('GET', 'credential_mappings/', params) + + def get_credential_mapping(self, cred_mapping_id, limit=20): + """ + Retrieves a credential using the given credential id. + :param cred_mapping_id: Credential identification. + """ + return self._request('GET', 'credential_mappings/' + str(cred_mapping_id) + '/') + + ##### Container API ##### + + def list_containers(self, name=None, container_type=None, limit=20): + """Retrieves all the globally configured credentials. + + :param name_contains: Search by credential name. + :param username: Search by username + :param limit: Number of records to return. + + """ + + params = {} + if limit: + params['limit'] = limit + + if name: + params['name__contains'] = name + + if container_type: + params['container_type__contains'] = container_type + + return self._request('GET', 'container/', params) + + def get_container(self, container_id, limit=20): + """ + Retrieves a finding using the given container id. + :param container_id: Container identification. + """ + return self._request('GET', 'container/' + str(container_id) + '/') + + ###### Tool API ####### + + def list_tool_types(self, name=None, limit=20): + """Retrieves all the tool types. + + :param name_contains: Search by tool type name. + :param limit: Number of records to return. + + """ + + params = {} + if limit: + params['limit'] = limit + + if name: + params['name__contains'] = name + + return self._request('GET', 'tool_types/', params) + + def list_tools(self, name=None, tool_type_id=None, limit=20): + """Retrieves all the tools. + + :param name_contains: Search by tool name. + :param tool_type_id: Search by tool type id + :param limit: Number of records to return. + + """ + + params = {} + if limit: + params['limit'] = limit + + if name: + params['name__contains'] = name + + if tool_type_id: + params['tool_type__id'] = tool_type_id + + return self._request('GET', 'tools/', params) + + def list_tool_products(self, name=None, tool_configuration_id=None, limit=20): + """Retrieves all the tools. + + :param name_contains: Search by tool name. + :param tool_type_id: Search by tool type id + :param limit: Number of records to return. + + """ + + params = {} + if limit: + params['limit'] = limit + + if name: + params['name__contains'] = name + + if tool_configuration_id: + params['tool_configuration__id'] = tool_configuration_id + + return self._request('GET', 'tool_configs/', params) + # Utility @staticmethod diff --git a/examples/dojo-git.py b/examples/dojo-git.py new file mode 100644 index 0000000000000000000000000000000000000000..259ee911cce7f38dfba4627828086163d969ce08 --- /dev/null +++ b/examples/dojo-git.py @@ -0,0 +1,3 @@ +from git import Repo + +Repo.clone_from(git_url, repo_dir) diff --git a/examples/dojo_product.py b/examples/dojo_product.py index 69faf7c84d82d1087d11051d61f802b9c9affec5..65e6e4f741c307d254d4293c20aa9808e45dabf7 100644 --- a/examples/dojo_product.py +++ b/examples/dojo_product.py @@ -11,7 +11,7 @@ import os # Setup DefectDojo connection information host = 'http://localhost:8000' api_key = os.environ['DOJO_API_KEY'] -user = 'admin' +user = 'admin1' """ #Optionally, specify a proxy diff --git a/examples/dojo_tools.py b/examples/dojo_tools.py new file mode 100644 index 0000000000000000000000000000000000000000..4df6174cf75ee8985df6fe3a2922d83a90aeea21 --- /dev/null +++ b/examples/dojo_tools.py @@ -0,0 +1,67 @@ +""" +Example written by Aaron Weaver <aaron.weaver@owasp.org> +as part of the OWASP DefectDojo and OWASP AppSec Pipeline Security projects + +Description: Creates a product in DefectDojo and returns information about the newly created product +""" +from defectdojo_api import defectdojo + +import os + +# Setup DefectDojo connection information +host = 'http://localhost:8000' +api_key = os.environ['DOJO_API_KEY'] +user = 'admin1' + +#Optionally, specify a proxy +proxies = { + 'http': 'http://localhost:8080', + 'https': 'http://localhost:8080', +} +#proxies=proxies + + +# Instantiate the DefectDojo api wrapper +dd = defectdojo.DefectDojoAPI(host, api_key, user, proxies=proxies, debug=False) + +# List Tool Types +tool_types = dd.list_tool_types() + +#print "Configured Tool Types" +#print tool_types.data_json(pretty=True) + +list_credential_mappings = dd.list_credential_mappings(product_id_in=2) +print "Creds" +#print list_credential_mappings.data_json(pretty=True) + +for cred in list_credential_mappings.data["objects"]: + print cred["id"] + print cred["credential"] + get_credential = dd.get_credential(dd.get_id_from_url(cred["credential"])) + print get_credential.data["selenium_script"] + if get_credential.data["selenium_script"] != "None": + file = open("testfile.py","w") + file.write(get_credential.data["selenium_script"]) + file.close() + print get_credential.data_json(pretty=True) + + +""" +list_containers = dd.list_containers() +print "Containers" +print list_containers.data_json(pretty=True) +# Search Tool Types by Name +tool_types = dd.list_tool_types(name="Source Code Repository") + +print "Source Code Repository Tool Types" +print tool_types.data["objects"][0]['id'] +print tool_types.data_json(pretty=True) + +print "Configured Source Code Repository Tools" +tool = dd.list_tools(tool_type_id=tool_types.data["objects"][0]['id']) +print tool.data_json(pretty=True) + +print "Products Configured to use source code repos" +tool = dd.list_tool_products(tool_configuration_id=tool.data["objects"][0]['id']) +print tool.data_json(pretty=True) +""" diff --git a/examples/dojo_zap.py b/examples/dojo_zap.py new file mode 100644 index 0000000000000000000000000000000000000000..a3e0cea22959144da311f22a3cb6648f5f12a0d8 --- /dev/null +++ b/examples/dojo_zap.py @@ -0,0 +1,60 @@ +""" +Example written by Aaron Weaver <aaron.weaver@owasp.org> +as part of the OWASP DefectDojo and OWASP AppSec Pipeline Security projects + +Description: Creates a product in DefectDojo and returns information about the newly created product +""" +from defectdojo_api import defectdojo + +import os + +# Setup DefectDojo connection information +host = 'http://localhost:8000' +api_key = os.environ['DOJO_API_KEY'] +user = 'admin1' + +#Optionally, specify a proxy +proxies = { + 'http': 'http://localhost:8080', + 'https': 'http://localhost:8080', +} +#proxies=proxies + + +# Instantiate the DefectDojo api wrapper +dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False) + +# List Tool Types +tool_types = dd.list_tool_types() + +#print "Configured Tool Types" +#print tool_types.data_json(pretty=True) + +list_credential_mappings = dd.list_credential_mappings() +print "CredMappings" +print list_credential_mappings.data_json(pretty=True) + +list_credentials = dd.list_credentials() +print "Creds" +print list_credentials.data_json(pretty=True) + +list_containers = dd.list_containers() +print "Containers" +print list_containers.data_json(pretty=True) +# Search Tool Types by Name +tool_types = dd.list_tool_types(name="Source Code Repository") + +print "Source Code Repository Tool Types" +print tool_types.data["objects"][0]['id'] +print tool_types.data_json(pretty=True) + +print "Configured Source Code Repository Tools" +tool = dd.list_tools(tool_type_id=tool_types.data["objects"][0]['id']) +print tool.data_json(pretty=True) + +print "Products Configured to use source code repos" +tool = dd.list_tool_products(tool_configuration_id=tool.data["objects"][0]['id']) +print tool.data_json(pretty=True) + +""" +Scan by product id