Added logic accepted/know issues during oid validation

files/gvm_library.py

@@ -447,7 +447,9 @@ class Task:
         with open(filename, "wb") as fh:
             fh.write(base64.b64decode(code))
             
-    def get_report_info(self, issues_to_drop: List[str]) -> Dict:
+    def get_report_info(self,
+                        accepted_issues: List[str],
+                        known_issues: List[str]) -> Dict:
         report = dict()
         res = self.client.get_report(self.report_id,
                                      report_format_id=ReportFormats.anonymous_xml,
@@ -462,7 +464,7 @@ class Task:
         glob_threat = 'None'
         for o, s, t, p in zip(o_ids, severities, treats, ports):
             logging.debug(f"Detected oid: {o}, severity: {s}, threat: {t} and port: {p}")
-            if o in issues_to_drop: 
+            if (o not in accepted_issues) and (o in known_issues):
                 logging.debug(f"Dropped issue {o}") 
                 continue
             if p in report:

files/scan.py

@@ -5,7 +5,7 @@ import json
 import os
 from gvm_library import GVMClient, ReportFormats, GvmException, pretty_json
 from gvm_library import PortList, Task, Target
-from utilities import import_dep_info, process_global_reports_info, read_not_relevant_issues
+from utilities import import_dep_info, process_global_reports_info, read_issues
 import argparse
 
 ### GVM Options ###
@@ -79,7 +79,7 @@ gvm = GVMClient(auth_n = auth_name, auth_p = auth_passwd)
 logging.info(f"gvm version: {gvm.get_version()}")
 
 # Retrieve issues irrelevant for INFN
-issues_to_drop = read_not_relevant_issues()
+accepted_issues, known_issues = read_issues()
 
 tasks = list()
 targets = list()
@@ -124,7 +124,7 @@ for host,ports in endpoints.items():
                          filename = f"{report_filename}.pdf")
         task.save_report(format = ReportFormats.txt, 
                          filename = f"{report_filename}.txt")
-        reports[host] = task.get_report_info(issues_to_drop)
+        reports[host] = task.get_report_info(accepted_issues, known_issues)
     else:
         reports[host] = {'global': {"severity": -1, "threat": f"Scan Error. task.id: {task.id}"} }
 

files/utilities.py

 import json
 import logging
-from typing import Dict, List
+from typing import Dict, List, Tuple
 import git
 import os
 
@@ -74,4 +74,28 @@ def read_not_relevant_issues() -> List[str]:
     with open(file_path, 'r') as file:
         return [line.strip() for line in file.readlines() if not line.startswith('#')]
     
+def read_issues() -> Tuple[List[str],List[str]]:
+    git_sec_user = os.environ.get("GIT_SEC_USER")
+    git_sec_token = os.environ.get("GIT_SEC_TOKEN")
+    git_repo = "baltig.infn.it/infn-cloud/security-scans.git"
+    repo_url = f"https://{git_sec_user}:{git_sec_token}@{git_repo}"
+    destination_folder = 'repo'
+    git.Repo.clone_from(repo_url, destination_folder)
+
+    accepted_file_paths = ['repo/queues/accepted.txt']
+    known_file_path = ['repo/queues/held.txt',
+                       'repo/queues/new.txt',
+                       'repo/queues/overridden.txt']
+    accepted_issues = []
+    known_issues = []
+
+    for f in accepted_file_paths:
+        with open(f, 'r') as file:
+            accepted_issues += [line.strip() for line in file.readlines()
+                                    if not line.startswith('#')]
+    for f in known_file_path:
+        with open(f, 'r') as file:
+            known_issues += [line.strip() for line in file.readlines()
+                                    if not line.startswith('#')]
+    return accepted_issues, known_issues
     
\ No newline at end of file