Merge pull request #81 from lamusmaser/clear-security-high

Clear security high - False Positive Detection
paragbaxi · Feb 14, 2020 · e2e48b5 · e2e48b5
2 parents ac3ff38 + 45a8afa
commit e2e48b5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 32 deletions.
diff --git a/qualysapi/api_actions.py b/qualysapi/api_actions.py
@@ -1,5 +1,4 @@
 import logging
-from urllib import parse as urlparse
 
 from lxml import objectify
 
@@ -188,40 +187,29 @@ def listReports(self, id=0):
     def notScannedSince(self, days):
         call = "/api/2.0/fo/asset/host/"
         parameters = {"action": "list", "details": "All"}
+        hostData = objectify.fromstring(self.request(call, parameters).encode("utf-8"))
         hostArray = []
         today = datetime.date.today()
-        hasNextPage = True
-        while hasNextPage:
-            hostData = objectify.fromstring(self.request(call, parameters).encode("utf-8"))
-            for host in hostData.RESPONSE.HOST_LIST.HOST:
-                if host.find("LAST_VULN_SCAN_DATETIME"):
-                    last_scan = str(host.LAST_VULN_SCAN_DATETIME).split("T")[0]
-                    last_scan = datetime.date(
-                        int(last_scan.split("-")[0]),
-                        int(last_scan.split("-")[1]),
-                        int(last_scan.split("-")[2]),
-                    )
-                    if (today - last_scan).days >= days:
-                        hostArray.append(
-                            Host(
-                                host.find("DNS"),
-                                host.find("ID"),
-                                host.find("IP"),
-                                host.find("LAST_VULN_SCAN_DATETIME"),
-                                host.find("NETBIOS"),
-                                host.find("OS"),
-                                host.find("TRACKING_METHOD"),
-                            )
+        for host in hostData.RESPONSE.HOST_LIST.HOST:
+            if host.find("LAST_VULN_SCAN_DATETIME"):
+                last_scan = str(host.LAST_VULN_SCAN_DATETIME).split("T")[0]
+                last_scan = datetime.date(
+                    int(last_scan.split("-")[0]),
+                    int(last_scan.split("-")[1]),
+                    int(last_scan.split("-")[2]),
+                )
+                if (today - last_scan).days >= days:
+                    hostArray.append(
+                        Host(
+                            host.find("DNS"),
+                            host.find("ID"),
+                            host.find("IP"),
+                            host.find("LAST_VULN_SCAN_DATETIME"),
+                            host.find("NETBIOS"),
+                            host.find("OS"),
+                            host.find("TRACKING_METHOD"),
                         )
-            try:
-                id_min = dict(
-                    urlparse.parse_qsl(
-                        urlparse.urlparse(str(hostData.RESPONSE.WARNING.URL)).query
                     )
-                )["id_min"]
-                parameters["id_min"] = id_min
-            except:
-                hasNextPage = False
 
         return hostArray
 

diff --git a/qualysapi/config.py b/qualysapi/config.py
@@ -185,7 +185,8 @@ def __init__(
         # ask username (if one doesn't exist)
         if not self._cfgparse.has_option(self._section, "username"):
             if not username:
-                username = input("QualysGuard Username: ")
+                # The next line will pass Bandit, which is required for issue B322:blacklist. QualysAPI no longer works with Python2, so this doesn't apply.
+                username = input("QualysGuard Username: ")  # nosec
             self._cfgparse.set(self._section, "username", username)
 
         # ask password (if one doesn't exist)