Skip to content
Snippets Groups Projects
Commit c45b6b57 authored by Aaron Weaver's avatar Aaron Weaver
Browse files

Container support

parent 483e22ee
Branches
No related tags found
No related merge requests found
__version__ = '0.1.1' __version__ = '0.1.2'
...@@ -85,6 +85,16 @@ class DefectDojoAPI(object): ...@@ -85,6 +85,16 @@ class DefectDojoAPI(object):
""" """
return self.api_version return self.api_version
def get_id_from_url(self, url):
"""Returns the ID from the DefectDojo API.
:param url: URL returned by the API
"""
url = url.split('/')
return url[len(url)-2]
###### User API ####### ###### User API #######
def list_users(self, username=None, limit=20): def list_users(self, username=None, limit=20):
"""Retrieves all the users. """Retrieves all the users.
...@@ -642,6 +652,166 @@ class DefectDojoAPI(object): ...@@ -642,6 +652,166 @@ class DefectDojoAPI(object):
files=data files=data
) )
##### Credential API #####
def list_credentials(self, name=None, username=None, limit=20):
"""Retrieves all the globally configured credentials.
:param name_contains: Search by credential name.
:param username: Search by username
:param limit: Number of records to return.
"""
params = {}
if limit:
params['limit'] = limit
if name:
params['name__contains'] = name
if username:
params['username__contains'] = username
return self._request('GET', 'credentials/', params)
def get_credential(self, cred_id, limit=20):
"""
Retrieves a credential using the given credential id.
:param credential_id: Credential identification.
"""
return self._request('GET', 'credentials/' + str(cred_id) + '/')
##### Credential Mapping API #####
def list_credential_mappings(self, name=None, product_id_in=None, engagement_id_in=None, test_id_in=None, finding_id_in=None, limit=20):
"""Retrieves mapped credentials.
:param name_contains: Search by credential name.
:param username: Search by username
:param limit: Number of records to return.
"""
params = {}
if limit:
params['limit'] = limit
if name:
params['name'] = name
if product_id_in:
params['product__id__in'] = product_id_in
if engagement_id_in:
params['engagement__id__in'] = engagement_id_in
if test_id_in:
params['test__id__in'] = test_id_in
if finding_id_in:
params['finding__id__in'] = finding_id_in
return self._request('GET', 'credential_mappings/', params)
def get_credential_mapping(self, cred_mapping_id, limit=20):
"""
Retrieves a credential using the given credential id.
:param cred_mapping_id: Credential identification.
"""
return self._request('GET', 'credential_mappings/' + str(cred_mapping_id) + '/')
##### Container API #####
def list_containers(self, name=None, container_type=None, limit=20):
"""Retrieves all the globally configured credentials.
:param name_contains: Search by credential name.
:param username: Search by username
:param limit: Number of records to return.
"""
params = {}
if limit:
params['limit'] = limit
if name:
params['name__contains'] = name
if container_type:
params['container_type__contains'] = container_type
return self._request('GET', 'container/', params)
def get_container(self, container_id, limit=20):
"""
Retrieves a finding using the given container id.
:param container_id: Container identification.
"""
return self._request('GET', 'container/' + str(container_id) + '/')
###### Tool API #######
def list_tool_types(self, name=None, limit=20):
"""Retrieves all the tool types.
:param name_contains: Search by tool type name.
:param limit: Number of records to return.
"""
params = {}
if limit:
params['limit'] = limit
if name:
params['name__contains'] = name
return self._request('GET', 'tool_types/', params)
def list_tools(self, name=None, tool_type_id=None, limit=20):
"""Retrieves all the tools.
:param name_contains: Search by tool name.
:param tool_type_id: Search by tool type id
:param limit: Number of records to return.
"""
params = {}
if limit:
params['limit'] = limit
if name:
params['name__contains'] = name
if tool_type_id:
params['tool_type__id'] = tool_type_id
return self._request('GET', 'tools/', params)
def list_tool_products(self, name=None, tool_configuration_id=None, limit=20):
"""Retrieves all the tools.
:param name_contains: Search by tool name.
:param tool_type_id: Search by tool type id
:param limit: Number of records to return.
"""
params = {}
if limit:
params['limit'] = limit
if name:
params['name__contains'] = name
if tool_configuration_id:
params['tool_configuration__id'] = tool_configuration_id
return self._request('GET', 'tool_configs/', params)
# Utility # Utility
@staticmethod @staticmethod
......
from git import Repo
Repo.clone_from(git_url, repo_dir)
...@@ -11,7 +11,7 @@ import os ...@@ -11,7 +11,7 @@ import os
# Setup DefectDojo connection information # Setup DefectDojo connection information
host = 'http://localhost:8000' host = 'http://localhost:8000'
api_key = os.environ['DOJO_API_KEY'] api_key = os.environ['DOJO_API_KEY']
user = 'admin' user = 'admin1'
""" """
#Optionally, specify a proxy #Optionally, specify a proxy
......
"""
Example written by Aaron Weaver <aaron.weaver@owasp.org>
as part of the OWASP DefectDojo and OWASP AppSec Pipeline Security projects
Description: Creates a product in DefectDojo and returns information about the newly created product
"""
from defectdojo_api import defectdojo
import os
# Setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = os.environ['DOJO_API_KEY']
user = 'admin1'
#Optionally, specify a proxy
proxies = {
'http': 'http://localhost:8080',
'https': 'http://localhost:8080',
}
#proxies=proxies
# Instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, proxies=proxies, debug=False)
# List Tool Types
tool_types = dd.list_tool_types()
#print "Configured Tool Types"
#print tool_types.data_json(pretty=True)
list_credential_mappings = dd.list_credential_mappings(product_id_in=2)
print "Creds"
#print list_credential_mappings.data_json(pretty=True)
for cred in list_credential_mappings.data["objects"]:
print cred["id"]
print cred["credential"]
get_credential = dd.get_credential(dd.get_id_from_url(cred["credential"]))
print get_credential.data["selenium_script"]
if get_credential.data["selenium_script"] != "None":
file = open("testfile.py","w")
file.write(get_credential.data["selenium_script"])
file.close()
print get_credential.data_json(pretty=True)
"""
list_containers = dd.list_containers()
print "Containers"
print list_containers.data_json(pretty=True)
# Search Tool Types by Name
tool_types = dd.list_tool_types(name="Source Code Repository")
print "Source Code Repository Tool Types"
print tool_types.data["objects"][0]['id']
print tool_types.data_json(pretty=True)
print "Configured Source Code Repository Tools"
tool = dd.list_tools(tool_type_id=tool_types.data["objects"][0]['id'])
print tool.data_json(pretty=True)
print "Products Configured to use source code repos"
tool = dd.list_tool_products(tool_configuration_id=tool.data["objects"][0]['id'])
print tool.data_json(pretty=True)
"""
"""
Example written by Aaron Weaver <aaron.weaver@owasp.org>
as part of the OWASP DefectDojo and OWASP AppSec Pipeline Security projects
Description: Creates a product in DefectDojo and returns information about the newly created product
"""
from defectdojo_api import defectdojo
import os
# Setup DefectDojo connection information
host = 'http://localhost:8000'
api_key = os.environ['DOJO_API_KEY']
user = 'admin1'
#Optionally, specify a proxy
proxies = {
'http': 'http://localhost:8080',
'https': 'http://localhost:8080',
}
#proxies=proxies
# Instantiate the DefectDojo api wrapper
dd = defectdojo.DefectDojoAPI(host, api_key, user, debug=False)
# List Tool Types
tool_types = dd.list_tool_types()
#print "Configured Tool Types"
#print tool_types.data_json(pretty=True)
list_credential_mappings = dd.list_credential_mappings()
print "CredMappings"
print list_credential_mappings.data_json(pretty=True)
list_credentials = dd.list_credentials()
print "Creds"
print list_credentials.data_json(pretty=True)
list_containers = dd.list_containers()
print "Containers"
print list_containers.data_json(pretty=True)
# Search Tool Types by Name
tool_types = dd.list_tool_types(name="Source Code Repository")
print "Source Code Repository Tool Types"
print tool_types.data["objects"][0]['id']
print tool_types.data_json(pretty=True)
print "Configured Source Code Repository Tools"
tool = dd.list_tools(tool_type_id=tool_types.data["objects"][0]['id'])
print tool.data_json(pretty=True)
print "Products Configured to use source code repos"
tool = dd.list_tool_products(tool_configuration_id=tool.data["objects"][0]['id'])
print tool.data_json(pretty=True)
"""
Scan by product id
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment