search

rapid7 / nexpose-client-python

DEPRECATED : Rapid7 Nexpose API client library written in Python
https://www.rapid7.com/
BSD 3-Clause "New" or "Revised" License
25 stars 20 forks source link

Creating a new site fails with "NexposeFailureException: templateID must be specified." #6

Closed santsys closed 7 years ago

santsys commented 7 years ago

Expected Behavior

A new site would be created.

Current Behavior

An error of "NexposeFailureException: templateID must be specified."

File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1314, in SaveSiteConfiguration
    return self._ExecuteSave(self.RequestSiteSave, site_configuration, 'SiteSaveResponse', 'site-id') # TODO: if this turns out to be 'id' instead of 'site-id' than remove the paramet
er from the function
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1143, in _ExecuteSave
    response = self.VerifySuccess(save_function(object_to_save.AsXML(exclude_id=False)))
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1280, in VerifySuccess
    raise NexposeFailureException(message)
NexposeFailureException: templateID must be specified.

Steps to Reproduce (for bugs)

Attempt to create a new site using "SaveSiteConfiguration".

Python code that reproduces the issue:

site_name = "Test-Site-Nexpose-" + datetime.now().strftime("%Y%m%dT%H%M%z")
site_desc = "Test Site"

site_cfg = nexpose.SiteConfiguration.Create()
site_cfg.id = -1
site_cfg.name = site_name
site_cfg.description = site_desc
site_cfg.hosts.append(Host("192.168.0.100"))

session.SaveSiteConfiguration(site_cfg)

Context

Attempting to dynamically add hosts to a sites that can then be scanned.

Your Environment

gschneider-r7 commented 7 years ago

The Nexpose API requires a scan template ID to be specified in a SiteConfigSaveRequest so we should update the code here to default to full-audit-without-webspider to match what the Ruby gem does.

santsys commented 7 years ago

The templateId is set in the AsXML call, however it's after the XML is built (or so it appears).

https://github.com/rapid7/nexpose-client-python/blob/master/nexpose/nexpose_site.py#L129

gschneider-r7 commented 7 years ago

Ah, yep I noticed this the other day when first looking into it.

santsys commented 7 years ago

@gschneider-r7 Is there any timeline for releasing bug fixes? Thanks!

scottjpack commented 7 years ago

@gschneider-r7 , I've made a PR that addresses this.

https://github.com/rapid7/nexpose-client-python/pull/8

gschneider-r7 commented 7 years ago

Fix has been merged and a new version, 0.1.1, will be released shortly.

Side note: please use Range(from, to) for IP addresses, even single addresses, instead of Host.

e.g.

site_cfg.hosts.append(Range("192.168.0.100", None))
gschneider-r7 commented 7 years ago

I should be able to release the new version tomorrow as I've run into issues with the pypi service today.

gschneider-r7 commented 7 years ago

Version 0.1.1 is now published on pypi (for pip install) and the packages are also available on the github release page: https://github.com/rapid7/nexpose-client-python/releases/tag/0.1.1