Merge pull request #65 from MackenzieBingham/main

New Python Files

.gitignore

@@ -42,4 +42,7 @@ obj
 *.pem
 
 # NodeJS files
-node_modules
+node_modules
+
+# do not copy any download files
+python/download/*

python/bulkAddChecklistsToSystemPackageFromTemplateRecords.py

@@ -0,0 +1,31 @@
+# To bulk add checklists from template records you can call the below API
+# The Template IDs you can view by listing all templates or searching templates
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/bulkadd/?applicationKey={applicationKey}
+# ex: python3 bulkAddChecklistsToSystemPackageFromTemplateRecords.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxx "61b9e3df407f722ecf0ca361,61b9e3d4407f722ecf0ca2b6,61b9e3dd407f722ecf0ca345" # "FILESVR1"
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+
+# Assign the API variables that are needed within the request's URL
+TemplateIds=sys.argv[5]
+checklistHostname=sys.argv[6]
+
+# Build the API URL in order to make the request
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/bulkadd/?applicationKey=" + sys.argv[3]
+
+# Assign the request headers for this particular API
+headers = CaseInsensitiveDict()
+headers["Content-Type"] = "application/x-www-form-urlencoded"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+data = "templateIds="+TemplateIds+"&checklistHostname="+checklistHostname
+
+# Make the API request
+resp = requests.post(url, headers=headers, data=data)
+
+# print to the screen the status code (i.e. 200, 400, 404, etc)
+print(resp.status_code)
+
+#print(resp.json)
+print(resp.text)

python/checklist/deleteSystemPackageChecklist.py

@@ -1,4 +1,4 @@
-# deletes a checklist in a system package
+# deletes a checklist in a system package listing
 # API call from Developer's Guide: /api/external/systempackage/{systemKey}/checklist/{checklistId}/?applicationKey={applicationKey}
 # ex: python3 deleteSystemPackageChecklist.py http://192.168.13.111:8080 companyinfra 627d44fbff17ea6dfdf0d702 openrmfprosvc hvs.xxxxxxxxxxxxxx
 
@@ -13,7 +13,7 @@
 headers["Accept"] = "application/json"
 headers["Authorization"] = "Bearer " + sys.argv[5]
 
-resp = requests.get(url, headers=headers)
+resp = requests.delete(url, headers=headers)
 
 # print(resp.status_code)
 

python/checklist/updateChecklistDetailsAndMetadata.py

@@ -0,0 +1,25 @@
+# Update the hostname, MAC, IP, role, Asset Type, and other data within the specified checklist
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/checklist/{checklistId}/details/?applicationKey={applicationKey}
+# ex: python3 updateChecklistDetailsAndMetadata.py http://192.168.13.111:8080 companyinfra 627d44fbff17ea6dfdf0d702 "desktop" true openrmfprosvc hvs.xxxxxxxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+from html import escape
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/checklist/" + sys.argv[3] + "/details/?applicationKey=" + sys.argv[6]
+
+data = "tagList=" + escape(sys.argv[4]) + "&locked=" + escape(sys.argv[5])
+
+# Assign the request headers for this particular API
+headers = CaseInsensitiveDict() # Does not change
+headers["Accept"] = "application/json"
+headers["Authorization"] = "Bearer " + sys.argv[7]
+headers["Content-Type"] = "application/x-www-form-urlencoded"
+
+# Make the API request
+resp = requests.put(url, headers=headers, data=data)
+
+# print to the screen the status code (i.e. 200, 400, 404, etc)
+print(resp.status_code)
+print(resp.text)

python/checklist/updateChecklistVulnerability.py

@@ -0,0 +1,25 @@
+# Update the details, status, comments, severity override and override justification as well as locked status of a vulnerability V-xxxxxx identifier within the specified checklist
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/checklist/{checklistId}/vulnid/{vulnerabilityId}/?applicationKey={applicationKey}
+# ex: python3 updateChecklistVulnerability.py http://192.168.13.111:8080 companyinfra 627d44fbff17ea6dfdf0d702 V-220703 "NotAFinding" "This is in the GPO push" "Automated push to fix nightly" openrmfprosvc hvs.xxxxxxxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+from html import escape
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/checklist/" + sys.argv[3] + "/vulnid/" + sys.argv[4] + "?applicationKey=" + sys.argv[8]
+
+data = "status=" + escape(sys.argv[5]) + "&details=" + escape(sys.argv[6]) + "&comments=" + escape(sys.argv[7]) 
+
+# Assign the request headers for this particular API
+headers = CaseInsensitiveDict() # Does not change
+headers["Accept"] = "application/json"
+headers["Authorization"] = "Bearer " + sys.argv[9]
+headers["Content-Type"] = "application/x-www-form-urlencoded"
+
+# Make the API request
+resp = requests.put(url, headers=headers, data=data)
+
+# print to the screen the status code (i.e. 200, 400, 404, etc)
+print(resp.status_code)
+print(resp.text)

python/patch/deleteSystemPackageHardwareDevice.py

@@ -13,7 +13,7 @@
 headers["Accept"] = "application/json"
 headers["Authorization"] = "Bearer " + sys.argv[5]
 
-resp = requests.get(url, headers=headers)
+resp = requests.delete(url, headers=headers)
 
 # print(resp.status_code)
 # print(resp.text)

python/patch/uploadApprovedPortsAndProtocolsListFile.py

@@ -0,0 +1,21 @@
+#Post a JSON record array payload to add / update ports, protocols, and services items in the host scan area for your system package
+# API call from Developer's Guide:/api/external/systempackage/{systemKey}/ppsm/?applicationKey={applicationKey}
+# ex: python3 uploadApprovedPortsAndProtocolsListFile.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2]+ "/ppsm/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/json"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+# file name of PPSM file to be uploaded hosted locally, passing in the directory name and filename
+with open(sys.argv[5] + sys.argv[6], "rb") as a_file:
+    ppsFile = {sys.argv[6] : a_file}
+    resp = requests.post(url, headers=headers, files=ppsFile)
+
+print(resp.status_code)
+print(resp.text)

python/poam/downloadPOAMXLSXMCCAST.py

@@ -1,6 +1,6 @@
-# download the system package POAM listing to an XLSX file
+# Get the actual MS Excel file of the Plan of Action and Milestones listing for the Marine Corps MCCAST system and save to a file
 # API call from Developer's Guide: /api/external/systempackage/{systemKey}/poam/?applicationKey={applicationKey}&days=365&devicename=sot-win2k22
-# ex: python3 downloadPOAMXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+# ex: python3 downloadPOAMXLSXMCCAST.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
 
 import sys
 import requests

python/poam/downloadPOAMXLSXWithColumnsAndRows.py

@@ -1,6 +1,6 @@
-# download the system package POAM listing to an XLSX file
+# Get the actual MS Excel file of the Plan of Action and Milestones listing with all rows and columns including the Device column
 # API call from Developer's Guide: /api/external/systempackage/{systemKey}/poam/?applicationKey={applicationKey}&days=365&devicename=sot-win2k22
-# ex: python3 downloadPOAMXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+# ex: python3 downloadPOAMXLSXWithColumnsAndRows.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
 
 import sys
 import requests

python/poam/downloadPOAMXLSXeMASS.py

@@ -1,6 +1,6 @@
-# download the system package POAM listing to an XLSX file
+# Get the actual MS Excel file of the Plan of Action and Milestones listing and save to a file
 # API call from Developer's Guide: /api/external/systempackage/{systemKey}/poam/?applicationKey={applicationKey}&days=365&devicename=sot-win2k22
-# ex: python3 downloadPOAMXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+# ex: python3 downloadPOAMXLSXeMASS.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
 
 import sys
 import requests

python/systempackage/deleteCyberReadinessSettings.py

@@ -0,0 +1,22 @@
+# To delete the cyber readiness settings and weights specified for this system package and use the site-wide default settings for the cyber readiness score calculation
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/readinesssettings/?applicationKey={applicationKey}
+# ex: python3 deleteCyberReadinessSettings.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxxxxxxx
+
+import sys
+import json
+import requests
+from requests.structures import CaseInsensitiveDict
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/readinesssettings/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/json"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+resp = requests.delete(url, headers=headers)
+
+# print(resp.status_code)
+# print(resp.text)
+
+json_object = json.loads(resp.text)
+print(json.dumps(json_object, indent=1))

python/systempackage/downloadRARXLSX.py

@@ -0,0 +1,34 @@
+# Get the actual MS Excel file of the Risk Assessment Report (SAR) and save to a file
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/rar/?applicationKey={applicationKey}
+
+# ex: python3 downloadRARXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+import os
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/rar/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+resp = requests.get(url, headers=headers)
+filename = sys.argv[2] + "RAR.xlsx"
+filepath = '../download/'
+file_path = os.path.join(filepath, filename)
+r = requests.get(url, headers=headers, stream=True)
+if r.ok:
+  print("saving to", os.path.abspath(file_path))
+  with open(file_path, 'wb') as f:
+    for chunk in r.iter_content(chunk_size=1024 * 8):
+      if chunk:
+        f.write(chunk)
+        f.flush()
+        os.fsync(f.fileno())
+else:  # HTTP status code 4XX/5XX
+  print("Download failed: status code {}\n{}".format(r.status_code, r.text))
+
+print(resp.status_code)
+print("Request Completed")

python/systempackage/downloadSARXLSX.py

@@ -0,0 +1,33 @@
+# Get the actual MS Excel file of the Security Assessment Report (SAR) and save to a file
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/sar/?applicationKey={applicationKey}
+# ex: python3 downloadSARXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+import os
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/sar/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+resp = requests.get(url, headers=headers)
+filename = sys.argv[2] + "SAR.xlsx"
+filepath = '../download/'
+file_path = os.path.join(filepath, filename)
+r = requests.get(url, headers=headers, stream=True)
+if r.ok:
+  print("saving to", os.path.abspath(file_path))
+  with open(file_path, 'wb') as f:
+    for chunk in r.iter_content(chunk_size=1024 * 8):
+      if chunk:
+        f.write(chunk)
+        f.flush()
+        os.fsync(f.fileno())
+else:  # HTTP status code 4XX/5XX
+  print("Download failed: status code {}\n{}".format(r.status_code, r.text))
+
+print(resp.status_code)
+print("Request Completed")

python/systempackage/downloadSSPControlVulnerabilityMatrixXLSX.py

@@ -0,0 +1,33 @@
+# Get the actual MS Excel file of the System Security Plan (SSP) Controls to Vulnerability Matrix and save to a file
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/sspcontrolmatrix/?applicationKey={applicationKey}
+# ex: python3 downloadSSPControlVulnerabilityMatrixXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+import os
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/sspcontrolmatrix/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+resp = requests.get(url, headers=headers)
+filename = sys.argv[2] + "control-vulnerability.xlsx"
+filepath = '../download/'
+file_path = os.path.join(filepath, filename)
+r = requests.get(url, headers=headers, stream=True)
+if r.ok:
+  print("saving to", os.path.abspath(file_path))
+  with open(file_path, 'wb') as f:
+    for chunk in r.iter_content(chunk_size=1024 * 8):
+      if chunk:
+        f.write(chunk)
+        f.flush()
+        os.fsync(f.fileno())
+else:  # HTTP status code 4XX/5XX
+  print("Download failed: status code {}\n{}".format(r.status_code, r.text))
+
+print(resp.status_code)
+print("Request Completed")

python/systempackage/downloadSSPXLSX.py

@@ -0,0 +1,33 @@
+# Get the actual MS Excel file of the Plan of Action and Milestones listing with all rows and columns including the Device column
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/ssp/?applicationKey={applicationKey}
+# ex: python3 downloadSSPXLSX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+import os
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/ssp/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+resp = requests.get(url, headers=headers)
+filename = sys.argv[2] + "SSP.xlsx"
+filepath = '../download/'
+file_path = os.path.join(filepath, filename)
+r = requests.get(url, headers=headers, stream=True)
+if r.ok:
+  print("saving to", os.path.abspath(file_path))
+  with open(file_path, 'wb') as f:
+    for chunk in r.iter_content(chunk_size=1024 * 8):
+      if chunk:
+        f.write(chunk)
+        f.flush()
+        os.fsync(f.fileno())
+else:  # HTTP status code 4XX/5XX
+  print("Download failed: status code {}\n{}".format(r.status_code, r.text))
+
+print(resp.status_code)
+print("Request Completed")

python/systempackage/downloadSystemPackageSummaryPPTX.py

@@ -0,0 +1,33 @@
+# Get the actual Microsoft Powerpoint file of the System Package Summary
+# API call from Developer's Guide: /api/external/systempackage/{systemKey}/summarypptx/?applicationKey={applicationKey}
+# ex: python3 downloadSystemPackageSummaryPPTX.py http://192.168.13.111:8080 companyinfra openrmfprosvc hvs.xxxxxxxxx
+
+import sys
+import requests
+from requests.structures import CaseInsensitiveDict
+import os
+
+url = sys.argv[1] + "/api/external/systempackage/" + sys.argv[2] + "/summarypptx/?applicationKey=" + sys.argv[3]
+
+headers = CaseInsensitiveDict()
+headers["Accept"] = "application/vnd.openxmlformats-officedocument.presentationml.presentation"
+headers["Authorization"] = "Bearer " + sys.argv[4]
+
+resp = requests.get(url, headers=headers)
+filename = sys.argv[2] + "SP-Summary.pptx"
+filepath = '../download/'
+file_path = os.path.join(filepath, filename)
+r = requests.get(url, headers=headers, stream=True)
+if r.ok:
+  print("saving to", os.path.abspath(file_path))
+  with open(file_path, 'wb') as f:
+    for chunk in r.iter_content(chunk_size=1024 * 8):
+      if chunk:
+        f.write(chunk)
+        f.flush()
+        os.fsync(f.fileno())
+else:  # HTTP status code 4XX/5XX
+  print("Download failed: status code {}\n{}".format(r.status_code, r.text))
+
+print(resp.status_code)
+print("Request Completed")