Added function to download all JSON reports #2
Conversation
Every scan has its own JSON report. The objective of this function is to download all of the JSON reports of all the scans and save them locally, in order to be able to extract all of the findings and send them to an aggregator. The reason of this has been to integrate Detectify to VulnWhisperer (see more at https://github.com/austin-taylor/VulnWhisperer)
There was a problem hiding this comment.
Nice contribution in general, I only have a few minor notes. Although not sure if this the right place for the JSON download function. This is an "API examples" project, and that function seems to be more important than just laying around in this repo. We do have a community projects repo now, so maybe move it there?
| if req != None: | ||
| return json.loads(req.text) | ||
|
|
||
| def profiles_findings(api_key, secret_key): |
There was a problem hiding this comment.
Could you possibly add some comments and/or update function name to be more accurate on what it does?
| for files in report_files: | ||
| scan, report = (files.split(".json")[0]).split("_") | ||
| if scan in all_reports.keys(): | ||
| if report in all_reports[scan]["reports"]: |
There was a problem hiding this comment.
I would recommend to make sure the report was completed when last downloaded, incomplete reports should be replaced. You can use the stopped timestamp to check if the report is complete.
There was a problem hiding this comment.
I was checking now on this, and when downloading the reports, I was expecting that they were already finished before being stored as report; in the case of using the stopped timestamp, that value is represented as empty?
Also, at that point of the code I am working with only the filenames, not the full report data, so this check should be done at #L141 or #L142 when I am going through the reports. Will check on that.
| if profiles != None: | ||
| for scan in profiles: | ||
| #print i["token"] | ||
| scan_status(scan["token"], api_key, "") | ||
| scan_status(scan["token"], api_key, secret_key) |
|
Sure, it would be great to move it over there! I am actually working on this script in order to add it as a module to the VulnWhisperer project, although right now I am stuck with other stuff. I will definitely do the mentioned changes as soon as I am able :) Cheers! |
|
Hey @robertogiachetta! There is an issue with the new community projects repo (https://github.com/detectify/community-projects): it doesn't have any file, so you are presented with |
|
Hi @qmontal, sorry about that! Added a short README, so you can clone. Will add more content next week. |
Every scan has its own JSON report. The objective of this function
is to download all of the JSON reports of all the scans and save
them locally, in order to be able to extract all of the findings
and send them to an aggregator.
The reason of this has been to integrate Detectify to VulnWhisperer
(see more at https://github.com/austin-taylor/VulnWhisperer)