Merge pull request #232 from HASecuritySolutions/dependabot/pip/lxml-4.6.5

Bump lxml from 4.1.1 to 4.6.5
Update README.md
2022-06-11 20:39:14 -05:00 · 2022-02-03 10:33:12 -06:00 · 2021-12-13 19:44:12 +00:00 · 2020-07-20 10:45:00 +02:00 · 2020-07-20 10:43:09 +02:00 · 2020-07-20 11:57:36 +09:30
5 changed files with 42 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -6,8 +6,10 @@

 VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one, using that data later to sync with Jira and feed Logstash. Jira does a closed cycle full Sync with the data provided by the Scanners, while Logstash indexes and tags all of the information inside the report (see logstash files at /resources/elk6/pipeline/). Data is then shipped to ElasticSearch to be indexed, and ends up in a visual and searchable format in Kibana with already defined dashboards.

+VulnWhisperer is an open-source community funded project. VulnWhisperer currently works but is due for a documentation overhaul and code review. This is on the roadmap for the next month or two (February or March of 2022 - hopefully). Please note, crowd funding is an option. If you would like help getting VulnWhisperer up and running, are interested in new features, or are looking for paid support (for those of you that require commercial support contracts to implement open-source solutions), please reach out to **info@hasecuritysolutions.com**.
+
 [![Build Status](https://travis-ci.org/HASecuritySolutions/VulnWhisperer.svg?branch=master)](https://travis-ci.org/HASecuritySolutions/VulnWhisperer)
-[![MIT License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat)](http://choosealicense.com/licenses/mit/)
+[![GitHub license](https://img.shields.io/github/license/HASecuritySolutions/VulnWhisperer)](https://github.com/HASecuritySolutions/VulnWhisperer/blob/master/LICENSE)
 [![Twitter](https://img.shields.io/twitter/follow/VulnWhisperer.svg?style=social&label=Follow)](https://twitter.com/VulnWhisperer)

 Currently Supports
@ -30,7 +32,8 @@ Currently Supports

 ### Reporting Frameworks

- [X] [ELK (**v6**/**v7**)](https://www.elastic.co/elk-stack)
+- [X] [Elastic Stack (**v6**/**v7**)](https://www.elastic.co/elk-stack)
+- [ ] [OpenSearch - Being considered for next update](https://opensearch.org/)
 - [X] [Jira](https://www.atlassian.com/software/jira)
 - [ ] [Splunk](https://www.splunk.com/)

--- a/requirements.txt
+++ b/requirements.txt
@ -2,7 +2,7 @@ pandas==0.20.3
 setuptools==40.4.3
 pytz==2017.2
 Requests==2.20.0
-lxml==4.1.1
+lxml==4.6.5
 future-fstrings
 bs4
 jira
--- a/resources/elk5-old_compatibility/docker/3000_openvas.conf
+++ b/resources/elk5-old_compatibility/docker/3000_openvas.conf
@ -2,7 +2,7 @@
 # Email: austin@hasecuritysolutions.com
 # Last Update: 03/04/2018
 # Version 0.3
-# Description: Take in qualys web scan reports from vulnWhisperer and pumps into logstash
+# Description: Take in Openvas web scan reports from vulnWhisperer and pumps into logstash

 input {
  file {
--- a/vulnwhisp/reporting/jira_api.py
+++ b/vulnwhisp/reporting/jira_api.py
@ -68,6 +68,7 @@ class JiraAPI(object):
                self.logger.error("Error creating Ticket: component {} not found".format(component))
                return 0
        
+        try:
            new_issue = self.jira.create_issue(project=project,
                                               summary=title,
                                               description=desc,
@ -80,6 +81,10 @@ class JiraAPI(object):
            if attachment_contents:
                self.add_content_as_attachment(new_issue, attachment_contents)
        
+        except Exception as e:
+            self.logger.error("Failed to create ticket on Jira Project '{}'. Error: {}".format(project, e))
+            new_issue = False
+        
        return new_issue
    
    #Basic JIRA Metrics
@ -485,7 +490,7 @@ class JiraAPI(object):
            if transition.get('name') == self.JIRA_REOPEN_ISSUE:
                self.logger.debug("Ticket is reopenable")
                return True
-        self.logger.warn("Ticket can't be opened. Check Jira transitions.")
+        self.logger.error("Ticket {} can't be opened. Check Jira transitions.".format(ticket_obj))
        return False

    def is_ticket_closeable(self, ticket_obj):
@ -493,7 +498,7 @@ class JiraAPI(object):
        for transition in transitions:
            if transition.get('name') == self.JIRA_CLOSE_ISSUE:
                return True
-        self.logger.warn("Ticket can't closed. Check Jira transitions.")
+        self.logger.error("Ticket {} can't closed. Check Jira transitions.".format(ticket_obj))
        return False

    def is_ticket_resolved(self, ticket_obj):
--- a/vulnwhisp/vulnwhisp.py
+++ b/vulnwhisp/vulnwhisp.py
@ -1247,6 +1247,7 @@ class vulnWhispererJIRA(vulnWhispererBase):
            vulnerabilities = self.parse_qualys_vuln_vulnerabilities(fullpath, source, scan_name, min_critical, dns_resolv)

        #***JIRA sync***
+        try:
            if vulnerabilities:
                self.logger.info('{source} data has been successfuly parsed'.format(source=source.upper()))
                self.logger.info('Starting JIRA sync')
@ -1256,6 +1257,10 @@ class vulnWhispererJIRA(vulnWhispererBase):
                self.logger.info("[{source}.{scan_name}] No vulnerabilities or vulnerabilities not parsed.".format(source=source, scan_name=scan_name))
                self.set_latest_scan_reported(fullpath.split("/")[-1])
                return False
+        except Exception as e:
+            self.logger.error("Error: {}".format(e))
+            return False
+

        #writing to file those assets without DNS resolution
        #if its not empty
@ -1276,7 +1281,10 @@ class vulnWhispererJIRA(vulnWhispererBase):
                try:
                    self.jira_sync(self.config.get(scan, 'source'), self.config.get(scan, 'scan_name'))
                except Exception as e:
-                    self.logger.error("VulnWhisperer wasn't able to report the vulnerabilities from the '{}'s source".format(self.config.get(scan, 'source')))
+                    self.logger.error(
+                        "VulnWhisperer wasn't able to report the vulnerabilities from the '{}'s source, section {}.\
+                         \nError: {}".format(
+                            self.config.get(scan, 'source'), self.config.get(scan, 'scan_name'), e))
            return True
        return False

@ -1318,9 +1326,9 @@ class vulnWhisperer(object):
                self.exit_code += vw.process_web_assets()

        elif self.profile == 'openvas':
-            vw_openvas = vulnWhispererOpenVAS(config=self.config)
+            vw = vulnWhispererOpenVAS(config=self.config)
            if vw:
-                self.exit_code += vw_openvas.process_openvas_scans()
+                self.exit_code += vw.process_openvas_scans()

        elif self.profile == 'tenable':
            vw = vulnWhispererNessus(config=self.config,
Author	SHA1	Message	Date
Justin Henderson	691f45a1dc	Merge pull request #232 from HASecuritySolutions/dependabot/pip/lxml-4.6.5 Bump lxml from 4.1.1 to 4.6.5	2022-06-11 20:39:14 -05:00
Justin Henderson	80197454a3	Update README.md	2022-02-03 10:33:12 -06:00
dependabot[bot]	841cd09f2d	Bump lxml from 4.1.1 to 4.6.5 Bumps [lxml](https://github.com/lxml/lxml) from 4.1.1 to 4.6.5. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](https://github.com/lxml/lxml/compare/lxml-4.1.1...lxml-4.6.5) --- updated-dependencies: - dependency-name: lxml dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-12-13 19:44:12 +00:00
Quim Montal	e7183864d0	Merge pull request #216 from Yashvendra/patch-1 Updated 3000_openvas.conf	2020-07-20 10:45:00 +02:00
Quim Montal	12ac3dbf62	Merge pull request #217 from andrew-bailey/patch-1 Update README.md	2020-07-20 10:43:09 +02:00
andrew-bailey	e41ec93058	Update README.md Fix license badge from MIT to Apache 2.0 which is the current license applied in Github	2020-07-20 11:57:36 +09:30
y_k_007	8a86e3142a	Update 3000_openvas.conf Fixed Description	2020-07-19 14:41:21 +05:30
Quim	9d003d12b4	improved error logging and excepcions	2020-04-08 12:01:47 +02:00
Quim Montal	63c638751b	Merge pull request #207 from spasaintk/patch-1 Update vulnwhisp.py	2020-02-29 20:05:51 +01:00
spasaintk	a3e85b7207	Update vulnwhisp.py Code triggers a crash: ERROR:root:main:local variable 'vw' referenced before assignment ERROR: local variable 'vw' referenced before assignment Proposed fix deals with the issue. After fix: INFO:vulnWhispererOpenVAS:process_openvas_scans:Processing complete	2020-02-28 00:33:38 +01:00