The following things in run_demo.py are not working after the py3 updates:

• DemonstrateVulnerabilityAPI() (fixed in #31)
• DemonstrateBackupAPI()
• DemonstrateCriteriaAPI()
• DemonstrateSharedCredentialsAPI()
• DemonstrateAssetFilterAPI()
• DemonstrateDiscoveryConnectionAPI()
• DemonstrateUserAPI()

The docstring for the RequestSiteConfig method call has some typos.

"""
 Get the configuration of the specified site.
 This function will return a single **SiteConfigesponse** XML object (API 1.1).
"""

The class SiteConfigesponse doesn't exist and appears to be a typo.

https://github.com/rapid7/nexpose-client-python/blob/master/nexpose/nexpose.py#L382

Your Environment

• Nexpose-client-python version: 0.1.0

Expected Behavior

A new site would be created.

Current Behavior

An error of "NexposeFailureException: templateID must be specified."

File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1314, in SaveSiteConfiguration
    return self._ExecuteSave(self.RequestSiteSave, site_configuration, 'SiteSaveResponse', 'site-id') # TODO: if this turns out to be 'id' instead of 'site-id' than remove the paramet
er from the function
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1143, in _ExecuteSave
    response = self.VerifySuccess(save_function(object_to_save.AsXML(exclude_id=False)))
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1280, in VerifySuccess
    raise NexposeFailureException(message)
NexposeFailureException: templateID must be specified.

Steps to Reproduce (for bugs)

Attempt to create a new site using "SaveSiteConfiguration".

Python code that reproduces the issue:

site_name = "Test-Site-Nexpose-" + datetime.now().strftime("%Y%m%dT%H%M%z")
site_desc = "Test Site"

site_cfg = nexpose.SiteConfiguration.Create()
site_cfg.id = -1
site_cfg.name = site_name
site_cfg.description = site_desc
site_cfg.hosts.append(Host("192.168.0.100"))

session.SaveSiteConfiguration(site_cfg)

Context

Attempting to dynamically add hosts to a sites that can then be scanned.

Your Environment

• Nexpose-client-python version: 0.1.0
• Python version: 2.7.13
• Nexpose product version: 6.4.45

When looking up information using GetFilteredAssets you get a list of FilterdAsset objects. These objects have mappings that don't exist when looking at AssetDetails.

I would assume that any Asset returned from any function call should have the same information available from AssetDetails (maybe that's an incorrect assumption).

From FilteredAssets, these values are available but are not available in AssetDetails since these seem to be asset specific, they should also be available from an asset details lookup.

• assessed
• malware_count
• vulnerability_count
• exploit_count
• asset_name
• os_id

Also, various items like the site_id in the filtered asset is using the first value, this should probably be an array and list all assigned sites.

Your Environment

• Nexpose-client-python version: 0.1.1

The following missing features need to be implemented for existing classes:

• AssetGroupConfig Save
• ReportConfig Save (#12)
• VulnerabilityException Save

These are all missing an AsXML() method, so they cannot be used to save these objects in Nexpose API requests currently.

SaveSiteConfiguration doesn't save site blackouts.

Expected Behavior

Specific site blackouts should be saved.

Current Behavior

A site blackout is not included when saved.

Possible Solution

Similar to the tags not being populated. Likely need to update nexpose_site.py

Steps to Reproduce (for bugs)

Python code that reproduces the issue:

    # Load configuration for a site based on site ID
    config = session.GetSiteConfiguration(site_id)

    new_ip_list = []
    for ip in ip_list:
        new_ip_list.append(nexpose.Range(ip, ''))

    # Assign new IPs to the hosts attribute.
    config.hosts = new_ip_list

    try:
        session.SaveSiteConfiguration(config)
        print("[+] Successfully saved IPs to site: {0} (Site ID: {1})".format(config.name, config.id))
    except Exception as e:
        print("[-] Error saving IPs to site: {0} (Site ID: {1})".format(config.name, config.id))
        print("EXCEPTION: {0}".format(e))

Context

Need to save all details of a site when updating it.

Your Environment

• Nexpose-client-python version: nexpose==0.1.4
• Python version: Python 2.7.13
• Operating System and version: Ubuntu 14.04.5 LTS
• Nexpose product version: 6.4.58

Refactor the project to work in both Python2 and Python3

https://docs.python.org/3/howto/pyporting.html

http://python-future.org/compatible_idioms.html

Using the requests library would make life a lot easier for library developers.

Parsing XML from sources you don't control opens the door for multiple XML parser vulnerabilities. lxml prevents some, but not all, with quadratic blowup being one of them. Switching to defusedxml would fix this.

Expected Behavior

nexpose-client-python should avoid entity expansion when parsing incoming XML.

Current Behavior

nexpose-client-python may open up the user to XML parser vulnerabilities if pointed at a fake nexpose instance.

Possible Solution

Use defusedxml, which is a drop-in replacement for lxml.

Generating a CSV AdHoc report with a large result leads to the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/nexpose/nexpose.py", line 306, in _Execute_APIv1d1
    return Execute_APIv1d1(self._URI_APIv1d1, request, self.timeout)
  File "/usr/local/lib/python3.6/site-packages/nexpose/nexpose.py", line 66, in Execute_APIv1d1
    return as_xml(response)
  File "/usr/local/lib/python3.6/site-packages/nexpose/xml_utils.py", line 65, in as_xml
    return from_large_string(s).getchildren()[0]
  File "/usr/local/lib/python3.6/site-packages/nexpose/xml_utils.py", line 51, in from_large_string
    return etree.XML(s.encode('utf-8'))
  File "src/lxml/etree.pyx", line 3209, in lxml.etree.XML (src/lxml/etree.c:80823)
  File "src/lxml/parser.pxi", line 1871, in lxml.etree._parseMemoryDocument (src/lxml/etree.c:121250)
  File "src/lxml/parser.pxi", line 1759, in lxml.etree._parseDoc (src/lxml/etree.c:119926)
  File "src/lxml/parser.pxi", line 1125, in lxml.etree._BaseParser._parseDoc (src/lxml/etree.c:114173)
  File "src/lxml/parser.pxi", line 598, in lxml.etree._ParserContext._handleParseResultDoc (src/lxml/etree.c:107738)
  File "src/lxml/parser.pxi", line 709, in lxml.etree._handleParseResult (src/lxml/etree.c:109447)
  File "src/lxml/parser.pxi", line 638, in lxml.etree._raiseParseError (src/lxml/etree.c:108301)
  File "<string>", line 129881
lxml.etree.XMLSyntaxError: xmlSAX2Characters: huge text node, line 129881, column 54

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/vulnbutler/app.py", line 169, in sync_with_nexpose_api
    scan_created_issues = process_scan_id(scan_id, site_id)
  File "/usr/local/lib/python3.6/site-packages/vulnbutler/app.py", line 75, in process_scan_id
    results = nexpose_connection.get_nexpose_connection().export_scan(scan_id)
  File "/usr/local/lib/python3.6/site-packages/vulnbutler/nexpose_connection.py", line 30, in export_scan
    scan_id, format='csv', template_id=template_id,
  File "/usr/local/lib/python3.6/site-packages/nexpose/nexpose.py", line 2052, in GenerateScanReport
    data = self.RequestReportAdhocGenerate(scan_or_id, format, template_id)
  File "/usr/local/lib/python3.6/site-packages/nexpose/nexpose.py", line 638, in RequestReportAdhocGenerate
    return self.ExecuteBasicWithElement("ReportAdhocGenerateRequest", {}, as_xml(request_data))
  File "/usr/local/lib/python3.6/site-packages/nexpose/nexpose.py", line 334, in ExecuteBasicWithElement
    return self._Execute_APIv1d1(request)
  File "/usr/local/lib/python3.6/site-packages/nexpose/nexpose.py", line 308, in _Execute_APIv1d1
    raise NexposeConnectionException("Unable to execute the request: {0}!".format(ex), ex)
nexpose.nexpose.NexposeConnectionException: Unable to execute the request: xmlSAX2Characters: huge text node, line 129881, column 54 (<string>, line 129881)!

Possible Solution

I haven't looked at the format of the response yet but I assume the CSV is wrapped in an XML which means there is a huge text node inside. Possibly it could be streamed or the limit can be raised (or made configurable). Any change in limit will always be prone to fail at some point though, only solutions such as streaming the text will provide an appropriate fix.

Steps to Reproduce (for bugs)

• Run scan that produces a large number of results (or just results with long text for solution and/or description? not sure)
• Execute code similar to the one above, i.e. call ReportAdhocGenerateRequest API endpoint.

Context

This is in an attempt to export results as CSV. This was introduced (by me) in #43, specifically e80bd81 contains the changes. This bug prevents larger scans from being exported as CSV.

SaveSiteConfiguration doesn't save excluded assets IPs.

Expected Behavior

Specified assets that should not be scanned should be saved.

Current Behavior

The excluded scan asset IPs are not included.

Possible Solution

Similar to the tags not being populated. Likely need to update nexpose_site.py

Steps to Reproduce (for bugs)

Python code that reproduces the issue:

    # Load configuration for a site based on site ID
    config = session.GetSiteConfiguration(site_id)

    new_ip_list = []
    for ip in ip_list:
        new_ip_list.append(nexpose.Range(ip, ''))

    # Assign new IPs to the hosts attribute.
    config.hosts = new_ip_list

    try:
        session.SaveSiteConfiguration(config)
        print("[+] Successfully saved IPs to site: {0} (Site ID: {1})".format(config.name, config.id))
    except Exception as e:
        print("[-] Error saving IPs to site: {0} (Site ID: {1})".format(config.name, config.id))
        print("EXCEPTION: {0}".format(e))

Context

Need to save all details of a site when updating it.

Your Environment

• Nexpose-client-python version: nexpose==0.1.4
• Python version: Python 2.7.13
• Operating System and version: Ubuntu 14.04.5 LTS
• Nexpose product version: 6.4.58

It would be very helpful to be able to look up an Asset by the device MAC Address using the GetFilteredAssets method.

Along with my other commits, experimenting with saving sites that have tags since they are deleted when re-saving the site.

Expected Behavior

Should pull existing site tags and save them back to site.

Current Behavior

Uncommented the "print as_string(as_xml(as_string(xml_data)))" in nexpose_site.py to view the XML data.

It tries to save a tag with the format:

<Tags><Tag id="15" name="MYTAG" type="CUSTOM"><param name="COLOR" value="#a0392e"/><param name="SOURCE" value="Nexpose"/><param name="CREATOR_USER_ID" value="1"/><param name="CREATION_DATE" value="Thu Feb 20 13:02:01 CDT 2017"/></Tag></Tags>

and I narrowed it down to throwing an exception on the CREATION_DATE

EXCEPTION: For input string: "Thu Feb 20 13:02:01 CDT 2017"

Possible Solution

I don't know how it is pulling the "param" variables and are not experienced enough to parse the lxml object and remove them. Maybe the time format is wrong?

Steps to Reproduce (for bugs)

Python code that reproduces the issue...I can provide a PR of that would help. Updated nexpose_site.py

def CreateFromXML(xml_data):
        config = SiteConfiguration()
        config.InitalizeFromXML(xml_data)
        config.description = get_content_of(xml_data, 'Description', config.description)
        config.is_dynamic = get_attribute(xml_data, 'isDynamic', config.is_dynamic) in ['1', 'true', True]
        config.hosts = [_host_to_object(host) for host in get_children_of(xml_data, 'Hosts')]
        config.alerting = [alert for alert in get_children_of(xml_data, 'Alerting')]
        config.credentials = [credential for credential in get_children_of(xml_data, 'Credentials')]
        config.users = [user for user in get_children_of(xml_data, 'Users')]
        config.tags = [tag for tag in get_children_of(xml_data, 'Tags')]
.
.
.
def __init__(self):
        SiteBase.__init__(self)
        self.description = ''
        self.is_dynamic = False
        self.hosts = []
        self.credentials = []
        self.alerting = []
        self.scan_configuration = []  # TODO
        self.configid = self.id
        self.configtemplateid = "full-audit-without-web-spider"
        self.configname = "Full audit without Web Spider"
        self.configversion = 3
        self.configengineid = 3
        self.users = []
        self.schedules = []
        self.tags = []
.
.
.
    def AsXML(self, exclude_id):
        attributes = {}
        if not exclude_id:
            attributes['id'] = self.id
        attributes['name'] = self.name
        attributes['description'] = self.short_description
        attributes['isDynamic'] = '1' if self.is_dynamic else '0'
        attributes['riskfactor'] = self.risk_factor
.
.
.
        xml_tags = create_element('Tags')
        for tag in self.tags:
            xml_tags.append(tag)
        xml_data.append(xml_tags)

Context

Trying to save a site and keep the existing tags.

Your Environment

• Nexpose-client-python version: 0.1.2
• Python version: Python 2.7.6
• Operating System and version: Ubuntu 14.04.5 LTS
• Nexpose product version: 6.4.51

Could someone please let me know how to connect to a silo using the python API?

Thanks !

I'm using v0.1.2 of the nexpose library in this instance (older deployment).

Background:
I am attempting to create a new site in Nexpose with host information.

In some Nexpose environments (both running 6.5.1) the error NexposeFailureException: java.lang.NullPointerException is generated, but in other environments, everything works fine. Does anyone have any idea of why the call would work in one environment but not in another?

Here is part of a stack trace.

File "test_nexpose.py", line 340, in createNexposeSite
    return session.SaveSiteConfiguration(site_cfg)

File "/usr/local/lib/python2.7/site-packages/nexpose/nexpose.py", line 1347, in SaveSiteConfiguration\n",
    return self._ExecuteSave(self.RequestSiteSave, site_configuration, 'SiteSaveResponse', 'site-id')  # TODO: if this turns out to be 'id' instead of 'site-id' than remove the parameter from the function,

File "/usr/local/lib/python2.7/site-packages/nexpose/nexpose.py", line 1176, in _ExecuteSave,
    response = self.VerifySuccess(save_function(object_to_save.AsXML(exclude_id=False))),

File "/usr/local/lib/python2.7/site-packages/nexpose/nexpose.py", line 1312, in VerifySuccess,
    raise NexposeFailureException(message)",

NexposeFailureException: java.lang.NullPointerException

Here is the basics of how i'm creating the site:

def createNexposeSite(session=None, hosts=list()):
    """
    Create a new site containing the specified hosts.
    This uses the default scan engine 'full-audit-without-web-spider'
    (Full audit without Web Spider).
    """
    if session is None:
        session = initNexposeSession()

    if session is None:
        LOG.error('Unable to open session. Exiting.')
        return None

    site_name = "TempSite-Nexpose-" + datetime.now().strftime("%Y%m%dT%H%M%z")
    site_desc = "Temp Site for hosts that should be scanned."
    site_cfg = nexpose.SiteConfiguration.Create()
    site_cfg.id = -1
    site_cfg.name = site_name
    site_cfg.description = site_desc

    if len(hosts) > 0:
        for h in hosts:
            s_host_range = Range(h, None)
            site_cfg.hosts.append(s_host_range)

    return session.SaveSiteConfiguration(site_cfg)

With the REST API v3 recently released in version 6.5.0 (https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.5.0), do you plan on continuing to maintain this repo? I'm not sure if the functionality parity is the same just yet, but it looks promising.

Expected Behavior

getting a SiteConfig object with GetSiteConfiguration(site), and then saving it with SaveSiteConfiguration(site) shouldn't change anything about the site's configuration.

Current Behavior

If you get a SiteConfig object with GetSiteConfiguration, then save it with SaveSiteConfiguration, without making any changes to the object, scan schedules will lose their:

• names
• templates
• targets

Possible Solution

I'm not sure what populates the 'schedules' object on a SiteConfiguration object, but update it so it also fetches names + templates (and make sure SaveSiteConfiguration respects those)

Steps to Reproduce (for bugs)

1. Create a scan schedule in a site, with a name and a non-default template.
2. run the code below
3. look at the scan schedule for your site, see name=n/a, template=default, targets=n/a

Python code that reproduces the issue:

site = client.GetSiteConfiguration(site_summary_object)
client.SaveSiteConfiguration(site)

Context

We're trying to automate some scheduling but we kept finding out schedule details wiped (we were using names to update schedules when required, and can't)

Your Environment

• Nexpose-client-python version: 0.1.7
• Python version: 3.6.5
• Operating System and version: various
• Nexpose product version: 6.5.21

When querying an asset, the risk_factor value is available via an AssetSummary, but not via AssetDetails.

The code in AssetSummary (risk_factor) should probably be in AssetDetails as well.

Thanks!

• Verify/update doc coverage
• Figure out publish workflow/hosting
• Create example scripts/programs

Verify: Make sure all source-based docs are suitable for use with doc tools. A probably useful reference: http://docs.python-guide.org/en/latest/writing/documentation/

Publish: Figure out how to publish/host the docs appropriately. https://readthedocs.org/ seems to be commonly used, similar to http://rubydoc.info.

Examples: Like the Ruby nexpose-client repo, we should also provide example scripts that show how to accomplish some useful tasks. Users could then build upon those examples for real world use.

@gschneider-r7 opening per our conversation. A few of the report actions are unfinished: RequestAdHocReportGenerate is only partially written and doesn't handle most of the parameters that the endpoint accepts and RequestReportsSave is not implemented at all.

Expected Behavior

There is a list of vulnerabilities provided in asset details, this list shouldn't be empty.

Current Behavior

List is empty

Steps to Reproduce (for bugs)

Load asset details

Python code that reproduces the issue:

for site in session.GetSiteSummaries():
        config = session.GetSiteConfiguration(site)
        print "Site:"
        print "  ID:", site.id
        print "  Name:", config.name
        print "  Short Description:", repr(site.short_description)
        print "  Description:", repr(config.description)
        print "  Risk Factor:", site.risk_factor
        print "  Risk Score:", site.risk_score
        print "  Type:", "Dynamic" if config.is_dynamic else "Static"
        print "  Asset Summaries:"
        for asset in session.GetSiteAssetSummaries(site):
            details = session.GetAssetDetails(asset)

Expected Behavior

The call to GetFilteredAssets should return a list of assets matching the specified criteria.

Current Behavior

The call to GetFilteredAssets returns with the following error.

  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1395, in GetFilteredAssets
    result = self.ExecuteGetRecords('data/asset/filterAssets', filter_or_criteria_or_criterion)
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1201, in ExecuteGetRecords
    raw_data = self.ExecuteFormPost(sub_url, filter_data)
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 1176, in ExecuteFormPost
    return ExecuteWithPostData_FORM(self._session_id, self._URI_root, sub_url, self.timeout, post_data)
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 96, in ExecuteWithPostData_FORM
    return ExecuteWebRequest(uri + sub_url, post_data, headers, timeout, lambda: 'POST')
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 52, in ExecuteWebRequest
    response = OpenWebRequest(uri, post_data, headers, timeout, get_method)
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 48, in OpenWebRequest
    response = urllib2.urlopen(request, timeout=timeout)
  File "W:\Python27\lib\urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "W:\Python27\lib\urllib2.py", line 435, in open
    response = meth(req, response)
  File "W:\Python27\lib\urllib2.py", line 548, in http_response
    'http', request, response, code, msg, hdrs)
  File "W:\Python27\lib\urllib2.py", line 473, in error
    return self._call_chain(*args)
  File "W:\Python27\lib\urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "W:\Python27\lib\urllib2.py", line 556, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
HTTPError: HTTP Error 500: Internal Server Error

Python code that reproduces the issue:

SESSION = nexpose.NexposeSession.Create(host, port, user, pwd)
SESSION.Open()

n_criteria = Criterion.Create(nexpose.Criteria.RISK_SCORE, nexpose.Criteria.GREATER_THAN, minRiskScore)
n_filter = AssetFilter(n_criteria)
n_assets = SESSION.GetFilteredAssets(n_filter)

Context

Attempting to get a list of all assets that have been scanned and have a risk score over a certain value.

Your Environment

• Nexpose-client-python version: 0.1.0
• Python version: 2.7.13
• Operating System and version: Windows 10 (Version 1607, Build 14393.1358)
• Nexpose product version: 6.4.45

When attempting to run the v0.1.5 code using Python 2.7 the following error is returned.

Traceback (most recent call last):
  File ".\aruba_nexpose.py", line 15, in <module>
    from nexpose import nexpose
  File "W:\Python27\lib\site-packages\nexpose\nexpose.py", line 5, in <module>
    import urllib.request
ImportError: No module named request

I believe this breaks the backwards compatibility for python 2.7 due to the changes in the urllib modules between the two versions.

> python27 --version
Python 2.7.13

• Travis-CI commit/PR automation for existing tests
• Documentation for running tests locally
• Create Cucumber (or similar) integration tests against real Nexpose console (maybe)

Setup test automation with travis-ci, which will test every commit to master and every pull request (and each new commit on an open pull request). Similar to how the Ruby nexpose-client is setup.

Right now I am liking py.test, but I'm open to other suggestions.

Simple enough to run py.test tests (tests being the tests directory relative to project root). Add the -v flag for nice colored output on each file as well.

Example:

$ py.test -v tests
====================================================== test session starts ======================================================
platform darwin -- Python 2.7.10, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /Users/gschneider/rapid7/nexpose-client-python/venv/bin/python
cachedir: .cache
rootdir: /Users/gschneider/rapid7/nexpose-client-python, inifile:
collected 27 items

tests/test_LoadFixture.py::LoadFixtureTestCase::testThatLoadingInvalidFixtureTypeResultsInAnException PASSED
tests/test_LoadFixture.py::LoadFixtureTestCase::testThatLoadingNonExistingFixtureResultsInAnException PASSED
tests/test_LoadFixture.py::LoadFixtureTestCase::testThatOurFixturesWillLoadCorrectly PASSED
tests/test_NexposeNode.py::NexposeNodeTestCase::testCreateFromJSON PASSED
tests/test_NexposeReportConfigurationSummary.py::NexposeReportConfigurationSummaryTestCase::testCreateFromXML PASSED
tests/test_NexposeReportConfigurationSummary.py::NexposeReportSummaryTestCase::testCreateFromXML PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testConstructionOfLoginRequest PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testConstructionOfURI_APIv1d1 PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testCorrectLogin PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testDefaultConstructionOfURI_APIv1d1 PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testIncorrectLogin PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testLoginWithInvalidHtmlReply PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testRequestSiteDeviceListing PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testRequestSiteListing PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testRequestSiteScanHistory PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testRequestSystemInformation PASSED
tests/test_NexposeSession.py::NexposeSessionTestCase::testShouldNotLoginIfSessionIsOpen PASSED
tests/test_NexposeTag.py::NexposeTagAttributeTestCase::testCreate PASSED
tests/test_NexposeTag.py::NexposeTagTestCase::testCreate PASSED
tests/test_NexposeTag.py::NexposeTagTestCase::testCreateCustom PASSED
tests/test_NexposeTag.py::NexposeTagTestCase::testCreateFromJSON PASSED
tests/test_NexposeTag.py::NexposeTagTestCase::testCustomTagWithAttributes PASSED
tests/test_NexposeUserAuthenticatorSummary.py::NexposeUserAuthenticatorSummaryTestCase::testCreateFromXML PASSED
tests/test_NexposeVulnerability.py::NexposeVulnerabilitySummaryTestCase::testCreatingFromXML PASSED
tests/test_NexposeVulnerability.py::NexposeVulnerabilitySummaryTestCase::testIfAnEmptyXmlElementResultsInDefaultValues PASSED
tests/test_NexposeVulnerability.py::NexposeVulnerabilityDetailTestCase::testCreatingFromXML PASSED
tests/test_NexposeVulnerability.py::NexposeVulnerabilityDetailTestCase::testIfAnEmptyXmlElementResultsInDefaultValues PASSED

=================================================== 27 passed in 0.07 seconds ===================================================

Let's do this sooner than later so it's less painful for people to upgrade as the project matures.

https://www.python.org/dev/peps/pep-0008/

The run_demo.py script is useful for testing things out with a real console, but it would be more valuable to have replay data to use for testing. We should also add documentation (sphinx or github wiki) explaining how to use the library features since the demo script is where most people are going to look for "how to" info currently.

Use something like https://github.com/kevin1024/vcrpy to record and replay (sanitized) requests and responses, and add test coverage that can be run by py.test.

Have not been able to get the version 0.1.3 working.

Expected Behavior

Establish session with Nexpose console.

Current Behavior

It's happening in both a 3.5 virtualenv and a system-wide install of both Python2 'pip install nexpose' and Python3 'pip3 install nexpose'. Reverted to the 0.1.2 tag and not having any issues with the Python2 working. Another observation is that after importing the nexpose module in ipython, tab completion of nexpose. does not provide any hints of the module's attributes. That may be an ipython thing, but I don't have the issue with other libraries like requests. The run_demo.py code that calls make_dlnexpose_importable() seems redundant and unnecessary.

Possible Solution

Version 0.1.3 broke something.

Steps to Reproduce (for bugs)

To set up the environment

virtualenv -p /usr/bin/python3.5 .venv
source .venv/bin/activate
pip install nexpose
pip install ipython

Python code that reproduces the issue:

Copy/pasted from run_demo.py

# ipython
Python 3.5.4 (default, Aug 12 2017, 14:08:14) 
Type 'copyright', 'credits' or 'license' for more information
IPython 6.1.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: from __future__ import (absolute_import, division, print_function,
   ...:                         unicode_literals)
   ...: 
   ...: from builtins import map
   ...: from builtins import input
   ...: from builtins import range
   ...: from fix_path import make_dlnexpose_importable
   ...: from time import sleep
   ...: from io import BytesIO
   ...: from zipfile import ZipFile
   ...: import sslfix
   ...: import nexpose as nexpose
   ...: from future import standard_library
   ...: standard_library.install_aliases()
   ...: make_dlnexpose_importable()
   ...: 

In [2]: def GetNexposeLoginSettings():
   ...:     """
   ...:     Returns a list with following information: hostname_or_ip, port, username, password.
   ...:     An exception is raised if "demo.cfg" is not found or contains invalid/no data.
   ...:     """
   ...:     try:
   ...:         with open("demo.cfg") as config_file:
   ...:             for line in config_file.readlines():
   ...:                 if not line.strip().startswith('#'):
   ...:                     data = line.split()
   ...:                     if len(data) != 4:
   ...:                         raise ValueError("demo.cfg contains invalid data")
   ...:                     return data
   ...:         raise ValueError("demo.cfg contains no data")
   ...:     except:
   ...:         raise Exception("demo.cfg could not be found, please refer to demo.cfg.default")
   ...: 
   ...: 
   ...: def InitializeGlobalSession():
   ...:     """Returns a tuple with following information: (hostname_or_ip, port, username, password)"""
   ...:     global session
   ...: 
   ...:     login_info = GetNexposeLoginSettings()
   ...:     session = nexpose.NexposeSession.Create(*login_info)
   ...:     wait_for_status(nexpose.NexposeStatus.NORMAL_MODE, "Waiting for the console to be ready:")
   ...:     print("The Security Console is ready...")
   ...:     session.Open()
   ...:     

In [3]: InitializeGlobalSession()
---------------------------------------------------------------------------
AttributeError                            Traceback (most recent call last)
<ipython-input-3-858a2516dfcf> in <module>()
----> 1 InitializeGlobalSession()

<ipython-input-2-3a662e0ec35d> in InitializeGlobalSession()
     22 
     23     login_info = GetNexposeLoginSettings()
---> 24     session = nexpose.NexposeSession.Create(*login_info)
     25     wait_for_status(nexpose.NexposeStatus.NORMAL_MODE, "Waiting for the console to be ready:")
     26     print("The Security Console is ready...")

AttributeError: module 'nexpose' has no attribute 'NexposeSession'

Context

nexpose module isn't working.

Your Environment

• Nexpose-client-python version: 0.1.3
• Python version: 2.7.13 and 3.5.4

We need to document how to setup a development environment so anyone can contribute easily.

Desired:

• Be tool-agnostic, i.e. don't pick a specific IDE; Stick to text editors - perhaps suggest some tools and configurations if we want to provide options.
• Linux instructions to setup python environment (virtualenv, dependencies, etc)
• Mac OS X instructions to setup python environment (virtualenv, dependencies, etc)
• Windows instructions to setup python environment (vitualenv possible? dependencies, etc)

Additional instructions for the following tools would also be nice to have:

• Sublime Text
• Atom
• Visual Studio Code
• PyCharm
• WingIDE
• PyScripter
• Others?