search

tenable / pyTenable

Python Library for interfacing into Tenable's platform APIs
https://pytenable.readthedocs.io
MIT License
343 stars 172 forks source link

analysis.py appends non-existent filter "wasVuln" to filters list, resulting in 100% failure rate #828

Closed poroslay closed 6 days ago

poroslay commented 1 month ago

Description Hi Tenable team. I'm writing in with a single-line bug/typo in analysis.py > vulns() function that results in a 100% failure rate. The vulns() function contains if/else logic that appends 'wasVuln' to the filters list by "default." This is a typo/unexpected behavior causing 100% failure since 'wasVuln' is no longer a valid filter but the user-provided filter object is overwritten with this value.

In analysis.py > function vulns() > Lines 337-349 > Line 349

else:
            # If the request is for a cumulative result, then we will an
            # implicit filter to exclude WAS findings.
            incl_filter = True
            for f in filters:
                if (
                    (isinstance(f, tuple) and f[0] == 'wasVuln')
                    or (isinstance(f, dict) and f['filterName'] == 'wasVuln')
                ):
                    incl_filter = False # <--- IGNORES USER-PROVIDED FILTER TUPLE
            if incl_filter:
                filters = list(filters)
               filters.append(('wasVuln', '=', 'excludeWas')) # <--- THIS LOGIC ADDS THE "wasVuln" filter to the filters list!

Solution:

Comment out line 349 filters.append(('wasVuln', '=', 'excludeWas'))

else:
            # If the request is for a cumulative result, then we will an
            # implicit filter to exclude WAS findings.
            incl_filter = True
            for f in filters:
                if (
                    (isinstance(f, tuple) and f[0] == 'wasVuln')
                    or (isinstance(f, dict) and f['filterName'] == 'wasVuln')
                ):
                    incl_filter = False 
            if incl_filter:
                filters = list(filters)
               # filters.append(('wasVuln', '=', 'excludeWas')) # <--- COMMENT OUT THIS LINE TO RESOLVE

To Reproduce Assuming the following import statement: from tenable.sc import TenableSC

  1. Try: vulns = sc.analysis.vulns(filters=filters) (It does not matter what is provided in the filters object, all API calls will have 'wasVuln' appended to the request parameter, resulting in a 100% failure rate.)

Expected behavior analysis.py > vulns() function should accept the user-provided filter object and should not append a non-existent filter to the request parameters. Instead, the user provided filter object should be included in the API request as-is.

SteveMcGrath commented 1 month ago

So that filter was explicitly added for SC 6.2+. What version of SC are you on?

poroslay commented 1 month ago

We're on SC 5.19.1 - thanks

SteveMcGrath commented 1 month ago

Is there any reason you're still on a version of SC that's that old?