Sample code snippets for consuming the CloudSploit API
cd sample-python
cd sample-js
cd sample-ruby
bundle
Create .env file for local environment variables.
cp sample.env .env
Edit .env.
vi .env
Update API_KEY and API_SECRET values.
API_KEY=api-key-123
API_SECRET=api-secret-456
The tests.rb example will query all current plugins from the API endpoint and return a JSON object.
ruby tests.rb
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
For either scan_details.py or scan_details_p3.py if I change the key, secret, and scan id, I get...
{"message": "Internal server error"}
and the headers are...
{'Content-Type': 'application/json', 'Content-Length': '36', 'Connection': 'keep-alive', 'Date': 'Wed, 29 May 2019 18:12:35 GMT', 'x-amzn-RequestId': '54a6bce2-823d-11e9-bfde-51de89216955', 'x-amz-apigw-id': 'adS-wGp3IAMFvRg=', 'X-Cache': 'Error from cloudfront', 'Via': '1.1 b4462bd98dd9186cca8c54d37f70d629.cloudfront.net (CloudFront)', 'X-Amz-Cf-Id': 'rQlaKKypuiM46Kp5uZacMwGqDUXp3mjmMYj2NqTTWsoPzPlmZ_0ApQ=='}
My goal is to pull data from the '/v2/scans' endpoint for the past 30 days but the 'start_date' and 'end_date' parameters only give me data for the current and previous day (2 days). Any suggestions on how I could work around this?
Hi,
I'm currently trying to use the API to pull down the compliance reports on some of our scans. I've followed the documentation and confirmed the pre-reqs and also verified the key has global admin permissions currently. I also used one of the Python scripts in this library and modified it slightly to do this. However when posting I'm getting a Error 403.
Is there any other requirements I should check for? GET commands seem to work fine and I can gather info that way but I'm looking to download the PDF reports.
More info below:
{"status":403,"id":"f80b81bf-ed81-4331-bc3f-38ffb7a9ac7b","code":1,"message":"Access denied","errors":["This endpoint is not accessible via API"]}
PYTHON Script:
import sys
import json
import time
import hmac
import base64
import hashlib
import requests
api_key = "Key here"
secret = "Secret"
base_url = "https://api.cloudsploit.com"
method = 'POST'
path = "/v2/pdfs"
body = {
"report": "scan",
"scan_id": 123
}
body_str = json.dumps(body, separators=(',', ':'))
timestamp = str(int(time.time() * 1000))
endpoint = base_url + path
string = timestamp + method + path + body_str
secret_bytes= bytes(secret , 'latin-1')
string_bytes = bytes(string, 'latin-1')
signature = hmac.new(secret_bytes, msg=string_bytes, digestmod=hashlib.sha256).hexdigest()
hdr = {
"Accept": "application/json",
"X-API-Key": api_key,
"X-Signature": signature,
"X-Timestamp": timestamp,
"content-type": "application/json"
}
r=requests.post(endpoint, headers=hdr, data=body_str)
print (r.text)
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.