Product
Pricing
Resources
Docs
Product
Pricing
Resources
Docs

Example CLI Usage

 

 

Use python pip install to download and run the uleska-automate CLI directly, as shown in the following example
 
Plain Text
 
  python3 -m pip install requests uleska-automate
  uleska-automate <host> --application_name <app_name> --version_name <version name> --token <token> --test_and_compare
 
 
An example usage to run a test and compare the results is as follows.
 
Application or version name passed, looking up ids...
Application ID found for [demo_UnSAFE_Bank]: 00b17c86-62f8-4031-8fe9-d7ab319a0c3e
Version ID found for [v1]: a2bb3d88-cf9d-496f-9920-bee9122b43a0
Mapped names to ids: application name [demo_UnSAFE_Bank], id [00b17c86-62f8-4031-8fe9-d7ab319a0c3e], version name [v1] id [a2bb3d88-cf9d-496f-9920-bee9122b43a0]
Running blocking scan
Kicking off the scan
Scan running
Our Toolkit a2bb3d88-cf9d-496f-9920-bee9122b43a0 is still running, waiting...

Our Toolkit a2bb3d88-cf9d-496f-9920-bee9122b43a0 is still running, waiting...

Our Toolkit a2bb3d88-cf9d-496f-9920-bee9122b43a0 is still running, waiting...

No more scans running

Getting list of reports for this pipeline
Getting information on this report
Getting information on this report
Comparing the latest scan report with the previous one

=== Listing issues in Latest report =======================

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2017-2155] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2017-2155]
Cost [$62,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2018-6261] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2018-6261]
Cost [$62,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2018-1151] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2018-1151]
Cost [$62,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2016-9013] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2016-9013]
Cost [$62,000]

Issue [SQL_Injection: specificinputs.py] from tool [Demo Checkmarx]
Resource affected [/src/project/specificinputs.py]
Summary [Potential SQL injection found to be investigated.]
Cost [$44,000]

Issue [SQL_Injection: commoninputs.py] from tool [Demo Checkmarx]
Resource affected [/src/project/commoninputs.py]
Summary [Potential SQL injection found to be investigated.]
Cost [$81,000]

Issue [Using parseString to parse untrusted XML data is known to be vulnerable to XML attacks: reinvent.py] from tool [Demo Bandit]
Resource affected [/]
Summary [Using parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace parseString with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Confidence Level: HIGH]
Cost [$10,000]

Issue [Possible hardcoded password: 'h++jszpm)i@p%ay_b=cp#()^od!qns14)h%@qm3)p=cuo+st^a'] from tool [Demo Bandit]
Resource affected [/]
Summary [Possible hardcoded password: 'h++jszpm)i@p%ay_b=cp#()^od!qns14)h%@qm3)p=cuo+st^a' Confidence Level: MEDIUM]
Cost [$62,000]

Issue [Possible hardcoded password: 'secret'] from tool [Demo Bandit]
Resource affected [/]
Summary [Possible hardcoded password: 'secret' Confidence Level: MEDIUM]
Cost [$62,000]

Issue [Database queries should not be vulnerable to injection attacks: create_view.py] from tool [Demo SonarQube]
Resource affected [/]
Summary [Database queries should not be vulnerable to injection attacks]
Cost [$312,000]

Issue [HTTP response headers should not be vulnerable to injection attacks] from tool [Demo SonarQube]
Resource affected [/]
Summary [HTTP response headers should not be vulnerable to injection attacks]
Cost [$81,000]

Issue [Databases should be password-protected.] from tool [Demo SonarQube]
Resource affected [/]
Summary [Databases should be password-protected]
Cost [$310,000]

Issue [Server certificates should be verified during SSL/TLS connections] from tool [Demo SonarQube]
Resource affected [/]
Summary [Server certificates should be verified during SSL/TLS connections]
Cost [$80,000]

Latest security toolkit run:
Total risk: = $1,290,000
Total issues: = 13

==============================================

=== Listing issues in Previous report =======================

Issue [Database queries should not be vulnerable to injection attacks: create_view.py] from tool [Demo SonarQube]
Resource affected [/]
Summary [Database queries should not be vulnerable to injection attacks]
Cost [$312,000]

Issue [Databases should be password-protected.] from tool [Demo SonarQube]
Resource affected [/]
Summary [Databases should be password-protected]
Cost [$310,000]

Issue [Server certificates should be verified during SSL/TLS connections] from tool [Demo SonarQube]
Resource affected [/]
Summary [Server certificates should be verified during SSL/TLS connections]
Cost [$80,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2017-2155] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2017-2155]
Cost [$62,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2018-6261] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2018-6261]
Cost [$62,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2018-1151] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2018-1151]
Cost [$62,000]

Issue [pkg:pypi/django@1.9.6 has the vulnerability CVE-2016-9013] from tool [Demo OWASP Dep Check]
Resource affected [/]
Summary [CVE-2016-9013]
Cost [$62,000]

Issue [SQL_Injection: specificinputs.py] from tool [Demo Checkmarx]
Resource affected [/src/project/specificinputs.py]
Summary [Potential SQL injection found to be investigated.]
Cost [$44,000]

Issue [SQL_Injection: commoninputs.py] from tool [Demo Checkmarx]
Resource affected [/src/project/commoninputs.py]
Summary [Potential SQL injection found to be investigated.]
Cost [$81,000]

Previous security toolkit run:
Total risk: = $1,075,000
Total issues: = 9

==============================================

Risk level has INCREASED by $215,000
Risk level has INCREASED by 19.9%

Number of issues has INCREASED by 4
Number of issues has INCREASED by 44.4%

NEW ISSUE in this toolkit run:
Using parseString to parse untrusted XML data is known to be vulnerable to XML attacks: reinvent.py: tool [Demo Bandit]: Risk $10,000
CVSS : 6.2 : CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

NEW ISSUE in this toolkit run:
Possible hardcoded password: 'h++jszpm)i@p%ay_b=cp#()^od!qns14)h%@qm3)p=cuo+st^a': tool [Demo Bandit]: Risk $62,000
CVSS : 7.3 : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

NEW ISSUE in this toolkit run:
Possible hardcoded password: 'secret': tool [Demo Bandit]: Risk $62,000
CVSS : 7.3 : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

NEW ISSUE in this toolkit run:
HTTP response headers should not be vulnerable to injection attacks: tool [Demo SonarQube]: Risk $81,000
CVSS : 8.2 : CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

New risk in this tookit run = $215,000
 
 
 
If you wish to extract the issue and risk information as JSON instead of printing to stdout, you can pass the --print_json flag will will output the information similar to the following:
 
{
"new_issues": [
{
"cvss": "9.3 : CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"explanation": "Databases should always be password protected. The use of a database connection with an empty password is a clear indication of a database that is not protected. This rule flags database connections with empty passwords.",
"recommendation": "Ensure database connection objects have passwords included",
"risk": 384000,
"severity": "HIGH",
"summary": "Databases should be password-protected",
"title": "Databases should be password-protected.",
"tool": "SonarQube Demo"
},
{
"cvss": "8.2 : CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"explanation": "Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)",
"recommendation": "Upgrade pkg:pypi/django@1.9.6",
"risk": 237000,
"severity": "MEDIUM",
"summary": "[CVE-2019-19844] Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account tak...",
"title": "pkg:pypi/django@1.9.6 has the vulnerability CVE-2019-19844",
"tool": "OWASP Check Demo"
},
{
"cvss": "9.6 : CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"explanation": "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.",
"recommendation": "Upgrade pkg:pypi/django@1.9.6",
"risk": 192000,
"severity": "HIGH",
"summary": "CVE-2018-1151",
"title": "pkg:pypi/django@1.9.6 has the vulnerability CVE-2018-1151",
"tool": "OWASP Check Demo"
},
{
"cvss": "7.3 : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"explanation": "Code: 89 # Make this unique, and don't share it with anybody. 90 SECRET_KEY = 'secret' 91 92 # List of callables that know how to import templates from various sources. 93 TEMPLATE_LOADERS = (",
"recommendation": https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html,
"risk": 189000,
"severity": "MEDIUM",
"summary": "Possible hardcoded password: 'secret' Confidence Level: MEDIUM",
"title": "Possible hardcoded password: 'secret'",
"tool": "Bandit Demo"
},
{
"cvss": "6.2 : CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"explanation": "Code: 1 from xml.dom.pulldom import parseString 2 from xml.sax import make_parser 3 from xml.sax.handler import feature_external_ges",
"recommendation": https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b409-import-xml-pulldom,
"risk": 24000,
"severity": "MEDIUM",
"summary": "Using parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace parseString with the equivalent defusedxml package, or make sure defusedxml.defuse_stdlib() is called. Confidence Level: HIGH",
"title": "Using parseString to parse untrusted XML data is known to be vulnerable to XML attacks: reinvent.py",
"tool": "Bandit Demo"
},
{
"cvss": "4.2 : CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"explanation": "Validation of X.509 certificates is essential to create secure SSL/TLS sessions not vulnerable to man-in-the-middle attacks. The certificate chain validation includes these steps: The certificate is issued by its parent Certificate Authority or the root CA trusted by the system. Each CA is allowed to issue certificates. Each certificate in the chain is not expired. It's not recommended to reinvent the wheel by implementing custom certificate chain validation. TLS libraries provide built-in certificate validation functions that should be used",
"recommendation": "Secure installation processes should be implemented, including: * A repeatable hardening process that makes it fast and easy to deploy another environment that is properly locked down. Development, QA, and production environments should all be configured identically, with different credentials used in each environment. This process should be automated to minimize the effort required to setup a new secure environment. * A minimal platform without any unnecessary features, components, documentation, and samples. Remove or do not install unused features and frameworks.",
"risk": 236000,
"severity": "MEDIUM",
"summary": "Server certificates should be verified during SSL/TLS connections",
"title": "Server certificates should be verified during SSL/TLS connections",
"tool": "SonarQube Demo"
}
],
"num_decrease": 0,
"num_decrease_percentage": 0,
"num_increase": 6,
"num_increase_percentage": 66.66666666666666,
"risk_decrease": 0,
"risk_decrease_percentage": 0,
"risk_increase": 1262000,
"risk_increase_percentage": 68.96174863387978
}
 
 
Plain Text