pyTenable icon indicating copy to clipboard operation
pyTenable copied to clipboard
verified publisher icon tenable

Calling `scan.details(<UUID>)` returns an error.

Open perfectra1n opened this issue 2 years ago • 1 comments

Describe the bug Either I'm losing my mind, or calling a scan via UUID isn't working as expected.

To Reproduce

tio = TenableIO(secrets['TIO_ACCESS_KEY'], secrets['TIO_SECRET_KEY'])
print(tio.scans.details("bd721b19-31c9-4d12-8ba7-abca89aa60f0"))

Returns:

[400: GET] https://cloud.tenable.com/editor/scan/bd721b19-31c9-4d12-8ba7-abca89aa60f0 body=b'{"error":"Invalid \'id\' field: invalid type \'string\', expecting \'int\' / invalid uuid format"}'

However, in the documentation:

        Args:
            scan_id (int or uuid): The unique identifier for the scan.

I tried converting it to the Python UUID type, and submitting it:

tio = TenableIO(secrets['TIO_ACCESS_KEY'], secrets['TIO_SECRET_KEY'])
print(tio.scans.details(UUID("bd721b19-31c9-4d12-8ba7-abca89aa60f0")))

It still returned an error.

Expected behavior Be able to fetch scan details via UUID: https://developer.tenable.com/reference/scans-details

System Information (please complete the following information): pyTenable 1.4.13

perfectra1n avatar Oct 18 '23 21:10 perfectra1n

lol I'm crazy or this issue is the exact opposite of : https://github.com/tenable/pyTenable/issues/726#issuecomment-1768463544

""error":"Invalid 'id' field: invalid type 'string', expecting 'int' "

image

On SC we need to force it to be a string, it was an int before.

SecOpsQC avatar Oct 19 '23 00:10 SecOpsQC

Any update on this? @SteveMcGrath

miguelvalente avatar May 13 '24 11:05 miguelvalente

lol I'm crazy or this issue is the exact opposite of : #726 (comment)

""error":"Invalid 'id' field: invalid type 'string', expecting 'int' "

image

On SC we need to force it to be a string, it was an int before.

This is actually a very different issue thanks to some error handling that was erroneously introduced into the Tenable SecurityCenter API that required the integers to be string formatted.

As for the issue relating to the TVM scan.details method, that method routed through the editor API, which currently only accepts an integer value.

scans.details attempts to recreate the config of the scan using the editor API: https://pytenable.readthedocs.io/en/stable/api/io/scans.html#tenable.io.scans.ScansAPI.details

the API's "scan details" is actually a truncated JSON report of the last scan that was run with some config data thrown in as well. To use that API, refer to the scans.results method instead.

https://pytenable.readthedocs.io/en/stable/api/io/scans.html#tenable.io.scans.ScansAPI.results

SteveMcGrath avatar Jun 18 '24 15:06 SteveMcGrath

Gotchya, so what would you say is the workaround or fix? To use the scan.results() method instead of scan.details(<UUID>) @SteveMcGrath?

perfectra1n avatar Jun 18 '24 16:06 perfectra1n

yes, in the SDK/library re linked that API to "results" as its a more correct name to what it's doing. "details" is a term we reserve for the configuration of that object. The Nessus and TVM GET /scans/<ID> call currently does not conform to REST guidelines, so we try to remap it to the appropriate action name.

SteveMcGrath avatar Jun 20 '24 14:06 SteveMcGrath