search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
343 stars 172 forks source link

TenableSC.scan_instances.import_scan does not fail clearly #722

Closed sjr0228 closed 2 months ago

sjr0228 commented 12 months ago

Description

Calling sc.scan_instances.import_scan with str('filename') returns an empty string. It appears that if the argument fileobj is a plain str instead of _io.TextIOWrapper than the string is simply added as the file content.

Reproduction

import json

from tenable.sc import TenableSC

keys = json.loads(open("keys.json").read())

def get_access_key():
    return keys["access_key"]

def get_secret_key():
    return keys["secret_key"]

sc = TenableSC(
    url = "https://tenablesc.localdomain",
    verify = False,
    access_key = get_access_key(),
    secret_key = get_secret_key(),
)

r = sc.scan_instances.import_scan('<file-that-does-not-exist>', 40)
assert r=='',"R is not empty"

Expected Behavior

I expected something like TypeError(f'{fileobj} is not of type <expected type>')

As defined in the Python Glossary file objects expose "a file-oriented API (with methods such as read() or write())" like the handle returned from calling open(). Since str does not implement read() or write() I argue that this function should raise TypeError.

Sysinfo

SteveMcGrath commented 2 months ago

The upstream FilesAPI module has been rewritten and should be properly handling this now.