-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontrast_mark_vulnerabilities.py
92 lines (81 loc) · 2.2 KB
/
contrast_mark_vulnerabilities.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Script toset the status of Contrast vulnerabilities, with an optional comment
# Author: [email protected]
import argparse
import logging
import sys
from contrast_api import contrast_instance_from_json, load_config
substatus_mappings = {
"FP": "False Positive",
"EC": "Attack is defended by an external control",
"SC": "Goes through an internal security control",
"OT": "Other",
"URL": "URL is only accessible by trusted power users",
}
args_parser = argparse.ArgumentParser(
description="Set the status of Contrast vulnerabilities with an optional comment."
)
# Required arguments
args_parser.add_argument(
"-t",
"--trace-id",
help="ID(s) of the trace(s) you want to update.",
type=str,
nargs="*",
required=True,
action="extend",
)
args_parser.add_argument(
"-s",
"--status",
help="Status to mark these vulnerabilities.",
choices=[
"Reported",
"Suspicious",
"Confirmed",
"NotAProblem",
"Remediated",
"Fixed",
],
type=str,
required=True,
)
args_parser.add_argument(
"-b",
"--sub-status",
help=f"Substatus to mark these vulnerabilities when using NotAProblem. Allowed values: {substatus_mappings}",
choices=substatus_mappings.keys(),
type=str,
)
args_parser.add_argument(
"-o",
"--org-id",
"--organization-id",
help="ID of the organization with the trace(s).",
type=str,
required=True,
)
# Optional arguments
args_parser.add_argument(
"-m",
"--message",
"--explanation",
help="Optional comment to add to these vulnerabilities with the status change.",
type=str,
)
args = args_parser.parse_args()
logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s")
logger = logging.getLogger(__file__)
config = load_config()
contrast = contrast_instance_from_json(config)
body = {
"traces": args.trace_id,
"status": args.status,
"note": args.message,
}
response = contrast.api_request(f"{args.org_id}/orgtraces/mark", "PUT", body=body)
exit_code = 0
logger.info(" - ".join(response["messages"]))
if not response["success"]:
logger.error("Mark vulnerabilities failed")
exit_code = 1
sys.exit(exit_code)