Export findings from project to CSV

[vysecurity]

Hey team,

I tried the reptor projects export but when I listed projects it showed 0 projects or findings.

is there some way I’m using it wrong? I literally typed reptor projects with the api key. It was empty.

also, I could list the finding templates so that seemed ok.

thank you!

[aronmolnar]

This is how it looks for me:

1. Configure

   $ reptor conf
   Server [https://<redacted>]:
   API Token [sysreptor_ZDM5N<redacted>]:
   Project ID [c69d5b9f-3964-490b-9831-540d87aa97b2]:
   Store to config to /home/aron/.sysreptor/config.yaml? [y/n]: y

2. I can list projects (no need to set project ID for this in step 1).

   $ reptor project
   ┌───────────────────────┬──────────────────────────────────────┬─────────┐
   │Title                  │ ID                                   │ Archived│
   ├───────────────────────┼──────────────────────────────────────┼─────────┤
   │Project Funghi         │ c69d5b9f-3964-490b-9831-540d87aa97b2 │         │
   │OSCP Exam Report Demo  │ b8d848c8-fe1f-42cb-a738-376a4b79593f │         │
   │Calzone Report Demo    │ be7805b3-f45d-4ead-ab80-4c4e7692fab7 │         │
   │Margherita Report Demo │ 02d6b007-4566-49d0-93b2-41a54ca5db50 │         │
   └───────────────────────┴──────────────────────────────────────┴─────────┘

3. Export project

   
   $ reptor project --export json -o -
   {
   "id": "c69d5b9f-3964-490b-9831-540d87aa97b2",
   "created": "2023-09-22T11:49:49.930799Z",
   "updated": "2023-10-11T08:43:48.263742Z",
   "name": "Project Funghi",

``` Does this help? Or can you tell exactly what is failing?

[vysecurity]

Started getting this:

reptor projects --insecure
/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py:1095: InsecureRequestWarning: Unverified HTTPS request is being made to host '172.18.0.5'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  warnings.warn(
'str' object has no attribute 'id'

And this:

reptor projects --insecure -export json
/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py:1095: InsecureRequestWarning: Unverified HTTPS request is being made to host '172.18.0.5'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  warnings.warn(
Incompatible data and designs: Fields in data but not in design: appid

I do have an appid parameter in my findings though, but not sure why the report doesn't seem to capture that.

I also reapplied the design to the project, but doesn't seem to help.

[aronmolnar]

From the first command, can you run with --debug and send last lines of the stack trace?

Regarding the second command I'll have a look

[vysecurity]

                      File "/opt/homebrew/lib/python3.11/site-packages/reptor/models/Base.py", line 20, in __init__
                        self._fill_from_api(data)
                      File "/opt/homebrew/lib/python3.11/site-packages/reptor/models/Base.py", line 83, in _fill_from_api
                        item_list.append(model_class(item))
                                         ^^^^^^^^^^^^^^^^^
                      File "/opt/homebrew/lib/python3.11/site-packages/reptor/models/Finding.py", line 95, in __init__
                        self.__setattr__(attr[0], raw.__getattribute__(attr[0]))
                                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                    AttributeError: 'str' object has no attribute 'id'

'str' object has no attribute 'id'
           INFO     'str' object has no attribute 'id' 

[aronmolnar]

You are probably using version 0.3 of reptor. Can you try to upgrade to 0.4?

However, also 0.4 contains a bug that does not correctly export sections and custom finding fields.
Working on a fix.

[aronmolnar]

You can now upgrade via pip install --upgrade reptor to install v0.5.

Export should now work flawlessly.