Modules

ElevenPaths methods

class elevenpaths_auth.mASAPP_CI_auth(key, secret)[source]

This class contains the necessary authorized methods for working with the mASAPPs API. Inherited from the HttpSdk class it uses the X11PathsAuthentication authentication which performs safer requests. Without this request implementation the user wouldn’t be available to communicate with the mASAPPs API.

The initialization of this class needs two parameters obtained from mASAPP in the API Clients section. This parameters are:

mASAPP_CI_auth param Equivalent mASAPP value
key Client ID
secret Secret

For more information about HttpSdk: https://github.com/ivanprjcts/sdklib

get_auth_scan_by_hashPath(hashPath, workgroup=None)[source]
Parameters:
  • hashPath – The sha1 of the application whose scan the user wants to get
  • workgroup (String) – The workgroup where the user belongs to. (Not mandatory)
Returns:

The associated scan to the given hashPath.
get_auth_scans(workgroup=None)[source]
Parameters:workgroup (String) – The workgroup where the user belongs to. (Not mandatory)
Returns:The response to the authenticated request /scans to the mASAPP API, which returns a brief summary of all the apps contained in the user scans.
get_auth_workgroup()[source]
Returns:The response to the authenticated request /workgroups to the mASAPP API, which returns the mASAPPs workgroups which the user belongs to.
get_scan_result(scan_id, scan_date, app_key, lang, workgroup=None)[source]
Parameters:
  • scan_id (String) – The scan ID from the scan which the user wants to obtain the result.
  • scan_date (Date) – The date from the scan which the user wants to obtain the result.
  • app_key (String) – The key of the app which the user wants to obtain the result.
  • lang ("en", "es") – The language in which the user wants to get the analysis result.
  • workgroup (String) – The workgroup where the user belongs to. (Not mandatory)
Returns:

The response to the authenticated request /scanResults to the mASAPP API, which returns the result of the mASAPPs analysis for the scan with the scan_id, scan_date and app_key introduced, including vulnerabilities and behaviors among other things.
get_scan_summary(scan_id, workgroup=None)[source]
Parameters:
  • scan_id (String) – The scan ID from the scan which the user wants to obtain a summary.
  • workgroup (String) – The workgroup where the user belongs to. (Not mandatory)
Returns:

The response to the authenticated request /scanSummary to the mASAPP API, which returns a summary of the scan with the scan_id introduced.
post_auth_upload_app(allowTacyt, app_path, workgroup=None)[source]
Parameters:
  • allowTacyt (Boolean) – If the user wants to share the app with the Tacyt/mASAPP community or not.
  • app_path (String) – The absolute path to the application which the user wants to upload.
  • workgroup (String) – The workgroup where the user belongs to. (Not mandatory) (Not mandatory)
Returns:

The response to the authenticated request /upload to the mASAPP API, which returns the result of the uploading the app to mASAPP.

masappcli

masappstage

The file masappstage.groovy from the current folder contains a standard jenkinsfile for adding mASAPP CI to your Jenkins Pipeline.

HowTo:

  • You have to configure your Jenkins Pipeline for working with the variables MASAPP_KEY and MASAPP_SECRET:

In this variables you will add the key and secret of mASAPP API as Jenkins credentials. You can remove it and add them as masappcli params with -key and -secret modifying masappstage.groovy but it is not recommended (key and secret will be printed in the job logs as plain text).

  • Replace some of the Jenkinsfile values for adapting the file to your Jenkins and your own needs. You could find the

elements that must be replaced looking for ‘TRP:’ in the file (I love Ctrl + F too :smile: )

  • Make particular fixes to your Pipeline like modifying the PATH or whatever.
  • Run one time the job and all the configuration will be applied … Let’s analyze :fire: !!!!