search

leonjza / PHPNessusNG

PHP wrapper functions for interfacing with the Nessus V6.x API
MIT License
15 stars 9 forks source link

Added a method to retrieve a reports host list. #4

Closed oodgaard closed 10 years ago

oodgaard commented 10 years ago

Not sure if you were planning on implementing this feature. I found it handy to report scan progress just like the Nessus control panel.

oodgaard commented 10 years ago

It would be great to get some feed back on this. The app I'm using it for requires a method to retrieve the report hosts.

leonjza commented 10 years ago

It looks fine at a quick glance, but I would like to test the PR first. I also need to check in detail the need for the hostObjectToArray() function.

I'll let you know asap thanks!

oodgaard commented 10 years ago

The hostObjectToArray method was just to save duplication.

leonjza commented 10 years ago

Ok I have had a look at this now, and have some quick questions if you don't mind? Consider the below response from the API for /report/hosts

{
  "reply": {
    "seq": "2752",
    "status": "OK",
    "contents": {
      "hostlist": {
        "host": [
          {
            "hostname": "[redact]",
            "severity": "13",
            "severitycount": {
              "item": [
                {
                  "severitylevel": "0",
                  "count": "0"
                },
                {
                  "severitylevel": "1",
                  "count": "13"
                },
                {
                  "severitylevel": "2",
                  "count": "0"
                },
                {
                  "severitylevel": "3",
                  "count": "0"
                }
              ]
            },
            "scanprogresscurrent": "60164",
            "scanprogresstotal": "60164",
            "numchecksconsidered": "66392",
            "totalchecksconsidered": "66392"
          },
          {
            "hostname": "[redact]",
            "severity": "26",
            "severitycount": {
              "item": [
                {
                  "severitylevel": "0",
                  "count": "0"
                },
                {
                  "severitylevel": "1",
                  "count": "25"
                },
                {
                  "severitylevel": "2",
                  "count": "1"
                },
                {
                  "severitylevel": "3",
                  "count": "0"
                }
              ]
            },
            "scanprogresscurrent": "4966",
            "scanprogresstotal": "4966",
            "numchecksconsidered": "66392",
            "totalchecksconsidered": "66392"
          },
[...]

Why do we have to do the is_array() and is_object() checks? Can't we simply check if hostlist is set and that it contains more than 0 entries, and then loop populating the return array? I think if I understand this it will explain the need for the hostObjectToArray() function.

Thanks for the contribution :)

leonjza commented 10 years ago

Oh yes. Before I forget, we also need to add the required testing to NessusTesting.php for this new function.

oodgaard commented 10 years ago

If one host is returned, then:

hostlist": { "host": { ... } }

When more than one host:

hostlist": { "host": [ {...}, {...} ] }

leonjza commented 10 years ago

Aha ok now I understand. Thanks for the explanation. :) I'll admit I don't really like the dangling hostObjectToArray() function, but for now it will be fine.

If we can get the test for this function completed too then a new release can be pushed too.

Thanks! :+1: