in dusty/scanners/dast/qualys/scanner.py [0:0]
def fill_config(data_obj):
""" Make sample config """
data_obj.insert(
len(data_obj), "qualys_api_server", "https://qualysapi.qualys.eu",
comment="Qualys API server URL"
)
data_obj.insert(
len(data_obj), "qualys_login", "some-user",
comment="Qualys user login"
)
data_obj.insert(
len(data_obj), "qualys_password", "S0m3P@ssw0rd",
comment="Qualys user password"
)
data_obj.insert(
len(data_obj), "qualys_option_profile_id", 12345,
comment="Qualys option profile ID"
)
data_obj.insert(
len(data_obj), "qualys_report_template_id", 12345,
comment="Qualys report template ID"
)
data_obj.insert(
len(data_obj), "qualys_scanner_type", "EXTERNAL",
comment="Qualys scanner type: EXTERNAL or INTERNAL"
)
data_obj.insert(
len(data_obj), "qualys_scanner_pool", CommentedSeq(),
comment="(INTERNAL only) Qualys scanner pool: list of scanner appliances to choose from"
)
pool_obj = data_obj["qualys_scanner_pool"]
pool_obj.append("MY_SCANNER_Name1")
pool_obj.append("MY_SCANNER_Name2")
pool_obj.append("MY_OTHERSCANNER_Name")
data_obj.insert(len(data_obj), "random_name", False, comment="Use random project name")
data_obj.insert(len(data_obj), "target", "http://app:8080", comment="scan target")
data_obj.insert(
len(data_obj), "exclude", ["http://app:8080/logout.*"],
comment="(optional) URLs regex to exclude from scan"
)
data_obj.insert(
len(data_obj), "auth_login", "user",
comment="(optional) User login for authenticated scan"
)
data_obj.insert(
len(data_obj), "auth_password", "P@ssw0rd",
comment="(optional) User password for authenticated scan"
)
data_obj.insert(
len(data_obj), "auth_script", CommentedSeq(),
comment="(optional) Selenium-like script for authenticated scan"
)
script_obj = data_obj["auth_script"]
for command in [
{"command": "open", "target": "%Target%/login", "value": ""},
{"command": "waitForElementPresent", "target": "id=login_login", "value": ""},
{"command": "waitForElementPresent", "target": "id=login_password", "value": ""},
{"command": "waitForElementPresent", "target": "id=login_0", "value": ""},
{"command": "type", "target": "id=login_login", "value": "%Username%"},
{"command": "type", "target": "id=login_password", "value": "%Password%"},
{"command": "clickAndWait", "target": "id=login_0", "value": ""}
]:
command_obj = CommentedMap()
command_obj.fa.set_flow_style()
for key in ["command", "target", "value"]:
command_obj.insert(len(command_obj), key, command[key])
script_obj.append(command_obj)
data_obj.insert(
len(data_obj), "logged_in_indicator", "Logout",
comment="(optional) Response regex that is always present for authenticated user"
)
data_obj.insert(
len(data_obj), "sleep_interval", 10,
comment="(optional) Seconds to sleep after creating new resource"
)
data_obj.insert(
len(data_obj), "status_check_interval", 60,
comment="(optional) Seconds to wait between scan/report status checks"
)
data_obj.insert(
len(data_obj), "retries", 10,
comment="(optional) API request retry count"
)
data_obj.insert(
len(data_obj), "retry_delay", 30,
comment="(optional) API request retry delay"
)
data_obj.insert(
len(data_obj), "timeout", 120,
comment="(optional) API request timeout"
)
data_obj.insert(
len(data_obj), "save_intermediates_to", "/data/intermediates/dast",
comment="(optional) Save scan intermediates (raw results, logs, ...)"
)