search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
354 stars 173 forks source link

Filter Vuln Export by plugin_id #285

Closed Aclucas1 closed 3 years ago

Aclucas1 commented 3 years ago

Describe the bug Unable to apply plugin_ids filter to vuln export: tio.exports.vulns().

To Reproduce

  1. Sample Code from tenable.io import TenableIO tio = TenableIO('ak', 'pk') export = tio.exports.vulns(plugin_ids=[10863], since=1615472615)

  2. Check the applied filters

{'state': ['OPEN', 'REOPENED'], 'tags': {}, 'since': 1615472615, 'first_found': 0, 'last_found': 0, 'last_fixed': 0, 'first_seen': 0, 'last_seen': 0, 'last_found_or_fixed': 0}

Expected behavior

An export of vulnerabilities for the specified plugins.

Screenshots pip_tenable

System Information (please complete the following information):

Additional context I am using pyTenable ver. 1.2.8

SteveMcGrath commented 3 years ago

can you please enable debug logging and post the output like so?

>>> tio = TenableIO()
>>> logging.basicConfig(level=logging.DEBUG)
>>> tio.exports.vulns(plugin_ids=[10863], since=1615472615)
DEBUG:tenable.io.TenableIO:since=1615472615
DEBUG:tenable.io.TenableIO:first_found=None
DEBUG:tenable.io.TenableIO:last_found=None
DEBUG:tenable.io.TenableIO:last_fixed=None
DEBUG:tenable.io.TenableIO:first_scan_time=None
DEBUG:tenable.io.TenableIO:last_authenticated_scan_time=None
DEBUG:tenable.io.TenableIO:last_assessed=None
DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"since": 1615472615, "plugin_id": [10863]}, "num_assets": "500"}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 3ab4d25e07c0932832eb9571e59ea293 for https://cloud.tenable.com/vulns/export
DEBUG:tenable.io.TenableIO:Initiated vuln export 3712af12-6511-4861-a2c1-2d3a73c92b40
<tenable.io.exports.ExportsIterator object at 0x10f62d820>
>>>
Aclucas1 commented 3 years ago 
> logging.basicConfig(level=logging.DEBUG)
> export = tio.exports.vulns(plugin_ids=[10863], since=1616061492)
DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"since": 1616061492}, "num_assets": "500"}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 99df419425ba41c5cdc3528b59920bee for https://cloud.tenable.com/vulns/export
DEBUG:tenable.io.TenableIO:Initiated vuln export 9a8d8c85-003b-4409-87d1-84e6668d75e5
>
SteveMcGrath commented 3 years ago

if you change plugin_ids to plugin_id, does it work then?

Aclucas1 commented 3 years ago

I can definitely try it. Kind of related got this error when canceling the previous request. 

> export.cancel()
DEBUG:tenable.io.TenableIO:{"method": "GET", "url": "https://cloud.tenable.com/vulns/export/52609661-f0c1-40b0-b9ab-c5a318822923/cancel", "params": {}, "body": {}}
DEBUG:urllib3.connectionpool:Resetting dropped connection: cloud.tenable.com
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "GET /vulns/export/52609661-f0c1-40b0-b9ab-c5a318822923/cancel HTTP/1.1" 403 None
DEBUG:tenable.io.TenableIO:Request-UUID ceeae77b8ed2b27e1716e1b4f54c8056 for https://cloud.tenable.com/vulns/export/52609661-f0c1-40b0-b9ab-c5a318822923/cancel
ERROR:tenable.errors.PermissionError:GET https://cloud.tenable.com/vulns/export/52609661-f0c1-40b0-b9ab-c5a318822923/cancel >> ceeae77b8ed2b27e1716e1b4f54c8056:403 {"statusCode":403,"error":"Forbidden","message":"Insufficient scope"}

It seems to be making a GET instead of a POST to /cancel.

Aclucas1 commented 3 years ago 
> export = tio.exports.vulns(plugin_id=[10863], since=1616061492)
DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"since": 1616061492}, "num_assets": "500"}}
DEBUG:urllib3.connectionpool:Resetting dropped connection: cloud.tenable.com
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID ba13fd81c2585c21367cef584d67b721 for https://cloud.tenable.com/vulns/export
DEBUG:tenable.io.TenableIO:Initiated vuln export 9c8ed8c3-50fe-47db-8ba2-7700669d592e
Aclucas1 commented 3 years ago

My ENV was lying to me and using Ver. 1.1.8. I removed the old version, updated again and there is no longer an issue. Thank you for the help.

SteveMcGrath commented 3 years ago

that is really bizarre. I can't replicate your issue.

❯ pyenv virtualenv 3.8.6 pytenable-issue285
Looking in links: /var/folders/4y/ghzxvntn1vqg1vt0vr6hhzl8lsy3zq/T/tmp3gu8nxrg
Requirement already satisfied: setuptools in /Users/smcgrath/.pyenv/versions/3.8.6/envs/pytenable-issue285/lib/python3.8/site-packages (49.2.1)
Requirement already satisfied: pip in /Users/smcgrath/.pyenv/versions/3.8.6/envs/pytenable-issue285/lib/python3.8/site-packages (20.2.1)
❯ pyenv activate pytenable-issue285
❯ pip install bpython pytenable
Collecting bpython
  Using cached bpython-0.21-py3-none-any.whl (180 kB)
Collecting pytenable
  Downloading pyTenable-1.2.8.tar.gz (152 kB)
     |████████████████████████████████| 152 kB 3.5 MB/s
Collecting pyxdg
  Using cached pyxdg-0.27-py2.py3-none-any.whl (49 kB)
Collecting requests
  Using cached requests-2.25.1-py2.py3-none-any.whl (61 kB)
Collecting pygments
  Downloading Pygments-2.8.1-py3-none-any.whl (983 kB)
     |████████████████████████████████| 983 kB 45.4 MB/s
Collecting cwcwidth
  Using cached cwcwidth-0.1.4-cp38-cp38-macosx_10_9_x86_64.whl (15 kB)
Processing ./Library/Caches/pip/wheels/5e/0c/93/071e8cd9549a478fe062b9d3f3680c69d857ca75286dd30b47/curtsies-0.3.5-py3-none-any.whl
Collecting greenlet
  Using cached greenlet-1.0.0-cp38-cp38-macosx_10_14_x86_64.whl (86 kB)
Collecting python-dateutil>=2.6
  Using cached python_dateutil-2.8.1-py2.py3-none-any.whl (227 kB)
Collecting semver>=2.8.1
  Using cached semver-2.13.0-py2.py3-none-any.whl (12 kB)
Processing ./Library/Caches/pip/wheels/5f/0e/93/3bfb8ecce566ffbcd9da2436e45368c3719d8cdc28210bdfcd/restfly-1.3.5-py3-none-any.whl
Collecting marshmallow>=3.6
  Using cached marshmallow-3.10.0-py2.py3-none-any.whl (46 kB)
Collecting python-box>=4.0
  Using cached python_box-5.3.0-py3-none-any.whl (21 kB)
Collecting idna<3,>=2.5
  Using cached idna-2.10-py2.py3-none-any.whl (58 kB)
Collecting certifi>=2017.4.17
  Using cached certifi-2020.12.5-py2.py3-none-any.whl (147 kB)
Collecting urllib3<1.27,>=1.21.1
  Downloading urllib3-1.26.4-py2.py3-none-any.whl (153 kB)
     |████████████████████████████████| 153 kB 23.7 MB/s
Collecting chardet<5,>=3.0.2
  Using cached chardet-4.0.0-py2.py3-none-any.whl (178 kB)
Collecting blessings>=1.5
  Using cached blessings-1.7-py3-none-any.whl (18 kB)
Collecting six>=1.5
  Using cached six-1.15.0-py2.py3-none-any.whl (10 kB)
Using legacy 'setup.py install' for pytenable, since package 'wheel' is not installed.
Installing collected packages: pyxdg, idna, certifi, urllib3, chardet, requests, pygments, cwcwidth, six, blessings, curtsies, greenlet, bpython, python-dateutil, semver, python-box, restfly, marshmallow, pytenable
    Running setup.py install for pytenable ... done
Successfully installed blessings-1.7 bpython-0.21 certifi-2020.12.5 chardet-4.0.0 curtsies-0.3.5 cwcwidth-0.1.4 greenlet-1.0.0 idna-2.10 marshmallow-3.10.0 pygments-2.8.1 pytenable-1.2.8 python-box-5.3.0 python-dateutil-2.8.1 pyxdg-0.27 requests-2.25.1 restfly-1.3.5 semver-2.13.0 six-1.15.0 urllib3-1.26.4
WARNING: You are using pip version 20.2.1; however, version 21.0.1 is available.
You should consider upgrading via the '/Users/smcgrath/.pyenv/versions/3.8.6/envs/pytenable-issue285/bin/python3.8 -m pip install --upgrade pip' command.
❯ bpython
bpython version 0.21 on top of Python 3.8.6 /Users/smcgrath/.pyenv/versions/3.8.6/envs/pytenable-issue285/bin/python3.8
>>> from tenable.io import TenableIO
>>> tio = TenableIO()
>>> import logging
>>> logging.basicConfig(level=logging.DEBUG)
>>> e = tio.exports.vulns(plugin_id=[10863], since=1616061492)
DEBUG:tenable.io.TenableIO:since=1616061492
DEBUG:tenable.io.TenableIO:first_found=None
DEBUG:tenable.io.TenableIO:last_found=None
DEBUG:tenable.io.TenableIO:last_fixed=None
DEBUG:tenable.io.TenableIO:first_scan_time=None
DEBUG:tenable.io.TenableIO:last_authenticated_scan_time=None
DEBUG:tenable.io.TenableIO:last_assessed=None
DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"since": 1616061492, "plugin_id": [10863]}, "num_assets": "500"}}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): cloud.tenable.com:443
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 1406f4b9cc060d03fdf42c38011eb850 for https://cloud.tenable.com/vulns/export
DEBUG:tenable.io.TenableIO:Initiated vuln export d3673144-c983-4c40-a269-4f11c08aaaaa
>>> e = tio.exports.vulns(plugin_ids=[10863], since=1616061492)
DEBUG:tenable.io.TenableIO:since=1616061492
DEBUG:tenable.io.TenableIO:first_found=None
DEBUG:tenable.io.TenableIO:last_found=None
DEBUG:tenable.io.TenableIO:last_fixed=None
DEBUG:tenable.io.TenableIO:first_scan_time=None
DEBUG:tenable.io.TenableIO:last_authenticated_scan_time=None
DEBUG:tenable.io.TenableIO:last_assessed=None
DEBUG:tenable.io.TenableIO:{"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"since": 1616061492, "plugin_id": [10863]}, "num_assets": "500"}}
DEBUG:urllib3.connectionpool:https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
DEBUG:tenable.io.TenableIO:Request-UUID 7c2467da1c47f0010cff679b47539a86 for https://cloud.tenable.com/vulns/export
DEBUG:tenable.io.TenableIO:Initiated vuln export 446a89e7-ce3a-4750-9feb-5dbf824b213d
>>>
SteveMcGrath commented 3 years ago

can you fully uninstall and re-install the package?