diff --git a/tasks/main.yml b/tasks/main.yml
index 19336075ae5305a3f56d19444f9b52a12439ba8b..596a0981f2730824e48e39e4a04f32aaba7ac9bc 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -70,21 +70,33 @@
- name: Run scan
command: python3 /home/gmp/script.py "{{ endpoints_to_scan }}" "{{ paas_ci_workdir + '/dep.json'}}" "{{ paas_ci_workdir }}"
register: scan_output
-
+
+ - name: Find reports files in workspace forlder"
+ find:
+ paths: "{{ paas_ci_workdir }}"
+ patterns: "*report.txt"
+ file_type: "file"
+ register: report_files
+
- name: display all reports
ansible.builtin.debug: var=item
with_file:
- - "{{ paas_ci_workdir + '/report.txt'}}"
+ - "{{ report_files }}"
- - name: display all severities
+ - name: get Severity file content
ansible.builtin.debug: var=item
with_file:
- "{{ paas_ci_workdir + '/severity.txt'}}"
-
+ register: severity
+
+ - name: save the Json data to a Variable as a Fact
+ set_fact:
+ severity_json: "{{ severity | from_json }}"
+
- name: Get scan outputs (if successful)
assert:
that:
- - deployment.status == 'CREATE_COMPLETE'
+ - deployment.global == 'CREATE_COMPLETE'
fail_msg: "TEST FAILED - deployment uuid: {{ deployment.uuid }}, status: {{ deployment.status }}"
success_msg: "TEST PASSED - deployment uuid: {{ deployment.uuid }}, status: {{ deployment.status }}, outputs: {{ deployment.outputs }}"
diff --git a/utils/script.py b/utils/script.py
index 60c0f3128267c5f792ecbe0335be4fd2af30d601..7f57a240ba2b4bc5c6c916b8c66f2422d281c547 100644
--- a/utils/script.py
+++ b/utils/script.py
@@ -158,7 +158,7 @@ def create_task(name, config_id, target_id, scanner_id):
else:
msg = f"ERROR during Task creation. Status code: {status}, msg: {status_text}"
raise Exception(msg)
-
+
def get_tasks(filter_str):
res = []
with Gmp(connection, transform=transform) as gmp:
@@ -308,6 +308,23 @@ def save_severity_report(task, severity_filename):
with open(severity_filename, "w") as f:
f.write(severity)
+def get_severity(task):
+ dict_severity = {"Log": 0, "Low": 1, "Medium": 2, "High": 3}
+ with Gmp(connection, transform=transform) as gmp:
+ gmp.authenticate(auth_name, auth_passwd)
+ res = gmp.get_report(task['report_id'],
+ report_format_id="5057e5cc-b825-11e4-9d0e-28d24461215b",
+ ignore_pagination=True,
+ details="1")
+ severities = res.xpath('report/report/ports/port/threat/text()')
+ old_num_severity = 0
+ severity = "Log"
+ for sev in severities:
+ if dict_severity[sev] > old_num_severity:
+ old_num_severity = dict_severity[sev]
+ severity = sev
+ return severity
+
def get_reports(filter_str="rows=-1"):
lo = []
with Gmp(connection, transform=transform) as gmp:
@@ -323,6 +340,18 @@ def get_reports(filter_str="rows=-1"):
def print_pretty_json(j):
print(json.dumps(j,sort_keys=True,indent=4))
+def process_global_severity(severities):
+ dict_severity = {"Log": 0, "Low": 1, "Medium": 2, "High": 3}
+ global_sev = "Log"
+ old_num_severity = 0
+ for _,sev in severities.items():
+ if dict_severity[sev] > old_num_severity:
+ old_num_severity = dict_severity[sev]
+ global_sev = sev
+ severities['global'] = global_sev
+ return severities
+
+
################ MAIN #######################################
auth_name = "jenkins"
@@ -369,25 +398,32 @@ for key in data['outputs'].keys():
print(json.dumps(endpoints,sort_keys=True,indent=4))
+severities = dict()
+
for host,ports in endpoints.items():
print(host,ports)
-
-target_name = f"{auth_name}_target_{host}"
-task_name = f"{auth_name}_task_{host}"
-port_list_name = f"{auth_name}_pl_{host}"
-report_filename = f"{output_dir}/report.txt"
-severity_filename = f"{output_dir}/severity.txt"
-
-pl = get_or_create_port_list(port_list_name,ports)
-target = get_or_create_target(target_name,host,pl,ovs_ssh_credential_id)
-task = get_or_create_task(task_name, config_id, target['id'],scanner_id)
-if task['status'] == 'New':
- task = start_task(task)
-if wait_for_task_completition(task,wait_timeout):
- print("Saving report and severity...")
- save_report(task,txt_report_format_id, report_filename)
- save_severity_report(task,severity_filename)
- print("Done")
-delete_task(task)
-delete_target(target)
-delete_port_list(pl)
\ No newline at end of file
+
+ target_name = f"{auth_name}_target_{host}"
+ task_name = f"{auth_name}_task_{host}"
+ port_list_name = f"{auth_name}_pl_{host}"
+ report_filename = f"{output_dir}/report.txt"
+ severity_filename = f"{output_dir}/severity.txt"
+
+ pl = get_or_create_port_list(port_list_name,ports)
+ print_pretty_json(pl)
+ target = get_or_create_target(target_name,host,pl,ovs_ssh_credential_id)
+ print_pretty_json(target)
+ task = get_or_create_task(task_name, config_id, target['id'],scanner_id)
+ print_pretty_json(task)
+ if task['status'] == 'New':
+ task = start_task(task)
+ if wait_for_task_completition(task,wait_timeout):
+ save_report(task,txt_report_format_id, report_filename)
+ severities[host] = get_severity(task)
+ #delete_task(task)
+ #delete_target(target)
+ #delete_port_list(pl)
+
+severities = process_global_severity(severities)
+with open(severity_filename, "w") as f:
+ f.write(json.dumps(severities))