boriphuth · May 17, 2023 20:43
diff --git a/upload-results.py b/upload-results.py
 import argparse
 from datetime import datetime
 import json
 import os
 import requests

 def upload_results(host, user, api_key, scanner, result_file, engagement_id, verify=False): # set verify to False if ssl cert is self-signed
    API_URL = "http://"+host+"/api/v1"
    IMPORT_SCAN_URL = API_URL+ "/importscan/"
    AUTH_TOKEN = "ApiKey " + user + ":" + api_key

    headers = dict()
    json = dict()
    files = dict()

    headers['Authorization'] = AUTH_TOKEN
    print (headers)
    
 	# 	payload = {'scan_date': '2020-11-03',
 	# 'minimum_severity': 'Low',
 	# 'active': 'false',
 	# 'verified': 'false',
 	# 'tags': '',
 	# 'engagement': '/api/v1/engagements/2/',
 	# 'lead': '/api/v1/users/1/',
 	# 'test_type': 'Bandit Scan',
 	# 'scan_type': 'Bandit Scan'}
    json['scan_date'] = datetime.now().strftime("%Y-%m-%d")
    json['minimum_severity'] = "Low"
    json['active'] = False
    json['verified'] = False
    json['tags'] = ""
    json['engagement'] = "/api/v1/engagements/"+ engagement_id + "/"
    json['lead'] ="/api/v1/users/"+ "1" + "/"
    json['test_type'] = scanner
    json['scan_type'] = scanner
    print (json)

    # Prepare file data to send to API
    files['file'] = open(result_file, 'rb')

    # Make a request to API
    response = requests.post(IMPORT_SCAN_URL, headers=headers, files=files, data=json, verify=verify)
    return response.status_code


 if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='CI/CD integration for DefectDojo')
    parser.add_argument('--host', help="DefectDojo Hostname", required=True)
    parser.add_argument('--api_key', help="API Key", required=True)
    parser.add_argument('--username', help="Username of Defect dojo user", required=True)
    parser.add_argument('--engagement_id', help="Engagement ID (optional)", required=True)
    parser.add_argument('--result_file', help="Scanner file", required=True)
    parser.add_argument('--scanner', help="Type of scanner", required=True)
    parser.add_argument('--product_id', help="DefectDojo Product ID", required=False)
    parser.add_argument('--build_id', help="Reference to external build id", required=False)

    # Parse out arguments
    args = vars(parser.parse_args())
    host = args["host"]
    api_key = args["api_key"]
    user = args["username"]
    product_id = args["product_id"]
    result_file = args["result_file"]
    scanner = args["scanner"]
    engagement_id = args["engagement_id"]
    build_id = args["build_id"]

    # upload_results(self, host, user, api_key, scanner, result_file, engagement_id, verify=False): # set verify to False if ssl cert is self-signed
    result = upload_results(host, user, api_key, scanner, result_file, engagement_id)

    if result == 201 :
         print ("Successfully uploaded the results to Defect Dojo")
    else:
         print ("Something went wrong, please debug " + str(result))
	import argparse
	from datetime import datetime
	import json
	import os
	import requests

	def upload_results(host, user, api_key, scanner, result_file, engagement_id, verify=False): # set verify to False if ssl cert is self-signed
	API_URL = "http://"+host+"/api/v1"
	IMPORT_SCAN_URL = API_URL+ "/importscan/"
	AUTH_TOKEN = "ApiKey " + user + ":" + api_key

	headers = dict()
	json = dict()
	files = dict()

	headers['Authorization'] = AUTH_TOKEN
	print (headers)

	# payload = {'scan_date': '2020-11-03',
	# 'minimum_severity': 'Low',
	# 'active': 'false',
	# 'verified': 'false',
	# 'tags': '',
	# 'engagement': '/api/v1/engagements/2/',
	# 'lead': '/api/v1/users/1/',
	# 'test_type': 'Bandit Scan',
	# 'scan_type': 'Bandit Scan'}
	json['scan_date'] = datetime.now().strftime("%Y-%m-%d")
	json['minimum_severity'] = "Low"
	json['active'] = False
	json['verified'] = False
	json['tags'] = ""
	json['engagement'] = "/api/v1/engagements/"+ engagement_id + "/"
	json['lead'] ="/api/v1/users/"+ "1" + "/"
	json['test_type'] = scanner
	json['scan_type'] = scanner
	print (json)

	# Prepare file data to send to API
	files['file'] = open(result_file, 'rb')

	# Make a request to API
	response = requests.post(IMPORT_SCAN_URL, headers=headers, files=files, data=json, verify=verify)
	return response.status_code


	if __name__ == "__main__":
	parser = argparse.ArgumentParser(description='CI/CD integration for DefectDojo')
	parser.add_argument('--host', help="DefectDojo Hostname", required=True)
	parser.add_argument('--api_key', help="API Key", required=True)
	parser.add_argument('--username', help="Username of Defect dojo user", required=True)
	parser.add_argument('--engagement_id', help="Engagement ID (optional)", required=True)
	parser.add_argument('--result_file', help="Scanner file", required=True)
	parser.add_argument('--scanner', help="Type of scanner", required=True)
	parser.add_argument('--product_id', help="DefectDojo Product ID", required=False)
	parser.add_argument('--build_id', help="Reference to external build id", required=False)

	# Parse out arguments
	args = vars(parser.parse_args())
	host = args["host"]
	api_key = args["api_key"]
	user = args["username"]
	product_id = args["product_id"]
	result_file = args["result_file"]
	scanner = args["scanner"]
	engagement_id = args["engagement_id"]
	build_id = args["build_id"]

	# upload_results(self, host, user, api_key, scanner, result_file, engagement_id, verify=False): # set verify to False if ssl cert is self-signed
	result = upload_results(host, user, api_key, scanner, result_file, engagement_id)

	if result == 201 :
	print ("Successfully uploaded the results to Defect Dojo")
	else:
	print ("Something went wrong, please debug " + str(result))