Merge pull request #432 from KennaSecurity/CON-1641_refactor_aqua_helper

Con 1641 refactor aqua helper

tasks/connectors/aqua/aqua.rb

@@ -39,6 +39,11 @@ def self.metadata
               required: false,
               default: 10,
               description: "Number of pages from Aqua (500 default) that should be batched to Kenna" },
+            { name: "aqua_console_https",
+              type: "boolean",
+              required: false,
+              default: false,
+              description: "Use HTTPS? true/false" },
             { name: "container_data",
               type: "boolean",
               required: true,
@@ -75,10 +80,12 @@ def run(opts)
         password = @options[:aqua_password]
         aqua_port = @options[:aqua_console_port]
         aqua_console = @options[:aqua_console]
+        aqua_console_https = @options[:aqua_console_https]
+        aqua_prefix = aqua_console_https ? "https://" : "http://"
         aqua_url = if aqua_port
-                     "#{aqua_console}:#{aqua_port}"
+                     "#{aqua_prefix}#{aqua_console}:#{aqua_port}"
                    else
-                     aqua_console
+                     "#{aqua_prefix}#{aqua_console}"
                    end
         container_data = @options[:container_data]
         max_batch_size = @options[:batch_pages_count]

tasks/connectors/aqua/lib/aqua_helper.rb

@@ -7,7 +7,7 @@ module Toolkit
     module AquaHelper
       def aqua_get_token(aqua_url, username, password)
         print_debug "Getting Auth Token"
-        aqua_auth_api = "http://#{aqua_url}/api/v1/login"
+        aqua_auth_api = "#{aqua_url}/api/v1/login"
         # auth_headers = { "content-type" => "application/json",
         #            "accept" => "application/json" }
         # auth_body = { "id" => "administrator",
@@ -33,7 +33,7 @@ def aqua_get_token(aqua_url, username, password)
 
       def aqua_get_vuln(aqua_url, token, pagesize, pagenum)
         print_debug "Getting All Image Vulnerabilities"
-        aqua_query_api = "http://#{aqua_url}/api/v2/risks/vulnerabilities?pagesize=#{pagesize}&page=#{pagenum}"
+        aqua_query_api = "#{aqua_url}/api/v2/risks/vulnerabilities?pagesize=#{pagesize}&page=#{pagenum}"
         puts "finding #{aqua_query_api}"
         @headers = { "Content-Type" => "application/json",
                      "accept" => "application/json",
@@ -53,7 +53,7 @@ def aqua_get_vuln(aqua_url, token, pagesize, pagenum)
 
       def aqua_get_containers(aqua_url, token, pagesize, pagenum)
         print_debug "Getting All Containers"
-        aqua_cont_api = "http://#{aqua_url}/api/v2/containers?pagesize=#{pagesize}&page=#{pagenum}"
+        aqua_cont_api = "#{aqua_url}/api/v2/containers?pagesize=#{pagesize}&page=#{pagenum}"
         puts "finding #{aqua_cont_api}"
         @headers = { "Content-Type" => "application/json",
                      "accept" => "application/json",
@@ -73,7 +73,7 @@ def aqua_get_containers(aqua_url, token, pagesize, pagenum)
 
       def aqua_get_vuln_for_container(aqua_url, token, image, pagesize, pagenum)
         print_debug "Getting Vulnerabilities for a Container image"
-        aqua_cont_img_api = "http://#{aqua_url}/api/v2/risks/vulnerabilities?image_name=#{image}&pagesize=#{pagesize}&page=#{pagenum}"
+        aqua_cont_img_api = "#{aqua_url}/api/v2/risks/vulnerabilities?image_name=#{image}&pagesize=#{pagesize}&page=#{pagenum}"
         puts "finding #{aqua_cont_img_api}"
         @headers = { "Content-Type" => "application/json",
                      "accept" => "application/json",

tasks/connectors/aqua/readme.md

@@ -0,0 +1,39 @@
+## Running the Aqua Vulnerabilities task
+
+This toolkit brings in data from Aqua Vulnerabilities
+
+To run this task you need the following information from Aqua Vulnerabilities:
+
+1. Your Aqua Console hostname (without protocol and port), e.g. app.aquasecurity.com
+1. Aqua Username
+1. Aqua Password
+1. Optional filter to limit vulnerabilities using a comma separated list of severities (e.g. CRITICAL,HIGH)
+
+## Command Line
+
+See the main Toolkit for instructions on running tasks. For this task, if you leave off the Kenna API Key and Kenna Connector ID, the task will create a json file in the default or specified output directory. You can review the file before attempting to upload to the Kenna directly.
+
+Recommended Steps:
+
+1. Run with Aqua Vulnerabilities Keys only to ensure you are able to get data properly from the scanner
+1. Review output for expected data
+1. Create Kenna Data Importer connector in Kenna (example name: Aqua Vulnerabilities KDI)
+1. Manually run the connector with the json from step 1
+1. Click on the name of the connector to get the connector id
+1. Run the task with Aqua Vulnerabilities Keys and Kenna Key/connector id
+
+Complete list of Options:
+
+| Option | Required | Description | default |
+| --- | --- | --- | --- |
+| aqua_console | true | Your Aqua Console hostname (without protocol and port), e.g. app.aquasecurity.com | n/a |
+| aqua_console_port | false | Your Aqua Console port, e.g. 8080 | n/a |
+| aqua_user | true | Aqua Username | n/a |
+| aqua_password | true | Aqua Password | n/a |
+| batch_pages_count | false | Number of pages from Aqua (500 default) that should be batched to Kenna | 10 |
+| aqua_console_https | false | Use HTTPS? true/false | n/a |
+| container_data | true | Optional filter to limit vulnerabilities using a comma separated list of severities (e.g. CRITICAL,HIGH) | false |
+| kenna_api_key | false | Kenna API Key | n/a |
+| kenna_api_host | false | Kenna API Hostname | api.kennasecurity.com |
+| kenna_connector_id | false | If set, we'll try to upload to this connector | n/a |
+| output_directory | false | If set, will write a file upon completion. Path is relative to toolkit root directory | output/aqua |