PyPI - offlinesec-client - Versions diffs - 1.1.7__tar.gz → 1.1.9__tar.gz - Mend

offlinesec-client 1.1.7tar.gz → 1.1.9tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: offlinesec_client
-Version: 1.1.7
+Version: 1.1.9
 Summary: Offline Security Client
 Home-page: https://offlinesec.com
 Author: Offline Security
@@ -46,6 +46,14 @@ or
 python3 -m pip install offlinesec_client
 ```
+Check the installation script output. if you see the following warning:
+WARNING: The scripts offlinesec_get_reports, offlinesec_inverse_transform, offlinesec_sap_notes, offlinesec_sap_params and offlinesec_sap_roles are installed in '/Users/<username>/Library/Python/3.8/bin' which is not on PATH.
+Then add Python folder to the PATH variable:
+```sh
+export PATH="$PATH:/Users/<username>/Library/Python/3.8/bin"
+```
 ### Installation last version from repository on [github.com](https://github.com/offlinesec/offlinesec-client)
 ```sh
 git clone https://github.com/offlinesec/offlinesec-client.git
@@ -70,9 +78,11 @@ pip3 show offlinesec_client
 How to discovery missed SAP Security Notes:
 1. Prepare text file with installed SAP software component versions ([details](./docs/how_to_prepare_sap_softs.md))
-2. Send prepared file to server (optional you can set SAP system name):
+2. Download CWBNTCUST table ([details](./docs/how_to_prepare_sap_softs.md))
+3. Check kernel version and kernel patch
+4. Send files to the server (optional you can set SAP system name):
 ```sh
-offlinesec_sap_notes -f "software_components.txt" -s "Demo System"
+offlinesec_sap_notes -f "software_components.txt" -s "Demo System" -k 721 -p 402 -c "cwbntcust.xlsx"
 ```
 3. Wait aprox 5 minutes (Depends on server load)
 4. Download your report:
@@ -105,8 +115,8 @@ offlinesec_get_reports
 * All sensitive information is excluded from the upload file (Role names)
 * Please remember you can create your own check variants. The details are available [here](https://github.com/offlinesec/offlinesec-knowledgebase)
-4. Transport Request Analysis
-* Will be available in next releases
+4. Transport Request Analysis (Available since version 1.1.8)
+* [How to generate report](./docs/how_to_prepare_abap_report.md)
 5. SAP Security Audit Log Analysis
 * Will be available in next releases

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/README.md RENAMED Viewed

@@ -35,6 +35,14 @@ or
 python3 -m pip install offlinesec_client
 ```
+Check the installation script output. if you see the following warning:
+WARNING: The scripts offlinesec_get_reports, offlinesec_inverse_transform, offlinesec_sap_notes, offlinesec_sap_params and offlinesec_sap_roles are installed in '/Users/<username>/Library/Python/3.8/bin' which is not on PATH.
+Then add Python folder to the PATH variable:
+```sh
+export PATH="$PATH:/Users/<username>/Library/Python/3.8/bin"
+```
 ### Installation last version from repository on [github.com](https://github.com/offlinesec/offlinesec-client)
 ```sh
 git clone https://github.com/offlinesec/offlinesec-client.git
@@ -59,9 +67,11 @@ pip3 show offlinesec_client
 How to discovery missed SAP Security Notes:
 1. Prepare text file with installed SAP software component versions ([details](./docs/how_to_prepare_sap_softs.md))
-2. Send prepared file to server (optional you can set SAP system name):
+2. Download CWBNTCUST table ([details](./docs/how_to_prepare_sap_softs.md))
+3. Check kernel version and kernel patch
+4. Send files to the server (optional you can set SAP system name):
 ```sh
-offlinesec_sap_notes -f "software_components.txt" -s "Demo System"
+offlinesec_sap_notes -f "software_components.txt" -s "Demo System" -k 721 -p 402 -c "cwbntcust.xlsx"
 ```
 3. Wait aprox 5 minutes (Depends on server load)
 4. Download your report:
@@ -94,8 +104,8 @@ offlinesec_get_reports
 * All sensitive information is excluded from the upload file (Role names)
 * Please remember you can create your own check variants. The details are available [here](https://github.com/offlinesec/offlinesec-knowledgebase)
-4. Transport Request Analysis
-* Will be available in next releases
+4. Transport Request Analysis (Available since version 1.1.8)
+* [How to generate report](./docs/how_to_prepare_abap_report.md)
 5. SAP Security Audit Log Analysis
 * Will be available in next releases

offlinesec_client-1.1.9/offlinesec_client/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __version__ = "1.1.9"

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/offlinesec_client/api_sec_notes.py RENAMED Viewed

@@ -44,6 +44,7 @@ def process_it(args):
     additional_keys["api_call"] = True
     if args["id"]:
         additional_keys["id"] = args["id"]
+    additional_keys["version"] = offlinesec_client.__version__
     offlinesec_client.func.send_to_server(systems, UPLOAD_URL, additional_keys)

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/offlinesec_client/cwbntcust.py RENAMED Viewed

@@ -22,12 +22,18 @@ class Cwbntcust:
         max_row = sheet_obj.max_row
         for i in range(2, max_row + 1):
             note = str(sheet_obj.cell(row=i, column=1).value)
-            #ntstatus = sheet_obj.cell(row=i, column=2).value
+            ntstatus = str(sheet_obj.cell(row=i, column=2).value)
             prstatus = str(sheet_obj.cell(row=i, column=3).value)
-            if prstatus == "E":             # Completely implemented
+            if Cwbntcust.check_note_status(ntstatus=ntstatus, prstatus=prstatus):
                 outlist.append(note)
         return outlist
+    @staticmethod
+    def check_note_status(ntstatus, prstatus):
+        if prstatus == "E" or prstatus == "O":              # Completely implemented or obsolete
+            return True
+        return False
     def read_txt_file(self):
         outlist = list()
         f = open(self.filename, "r")
@@ -39,9 +45,10 @@ class Cwbntcust:
                     header_flag = False
                 else:
                     splited_line = line.split("|")
-                    note = splited_line[2].strip()
-                    prstatus = splited_line[4].strip()
-                    if prstatus == "E":  # Completely implemented
+                    note = str(splited_line[2].strip())
+                    ntstatus = str(splited_line[3].strip())
+                    prstatus = str(splited_line[4].strip())
+                    if Cwbntcust.check_note_status(ntstatus=ntstatus, prstatus=prstatus):
                         outlist.append(note)
         f.close()

offlinesec_client-1.1.9/offlinesec_client/req_abap_review.py ADDED Viewed

@@ -0,0 +1,133 @@
+import argparse
+import os
+import zipfile
+import binascii
+import json
+import requests
+import offlinesec_client.func as func
+from offlinesec_client.const import SYSTEM_NAME, ERR_MESSAGE
+UPLOAD_URL = "/tran-upload"
+def check_system_name(s):
+    return func.check_system_name(s)
+def check_variant(s):
+    return func.check_variant(s)
+def check_path_arg(s):
+    if os.path.isdir(s):
+        return s
+    raise argparse.ArgumentTypeError("You must choose the transport directory (-p)")
+def check_file_format(filename):
+    magic = "0000003320543030"
+    with open(filename, 'rb') as f:
+        first_8 = f.read(8)
+        if binascii.hexlify(bytearray(first_8)).decode('ascii') == magic:
+            return True
+    return False
+def enum_files(fpath):
+    outlist = list()
+    for file in os.listdir(fpath):
+            full_path = os.path.join(fpath, file)
+            if os.path.isfile(full_path):
+                if check_file_format(full_path):
+                    outlist.append(full_path)
+    return outlist
+def init_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-p", "--path", action="store", help="Transport Directory", type=check_path_arg, required=True)
+    parser.add_argument("-s", "--%s" % (SYSTEM_NAME,), action="store", type=check_system_name,
+                        help="SAP System Name (max 20 characters)", required=False)
+    parser.add_argument("-v", "--variant", action="store", type=check_variant,
+                        help="Check Variant (numeric)", required=False)
+    parser.parse_args()
+    args = parser.parse_args()
+    return vars(args)
+def print_errors(errors):
+    for error in errors:
+        print(error)
+def upload_it(zip_file, args):
+    url = func.get_connection_str(UPLOAD_URL)
+    system_name = args[SYSTEM_NAME] if SYSTEM_NAME in args else ""
+    variant = args["variant"] if "variant" in args else ""
+    data = func.get_base_json(system_name=system_name, variant=variant)
+    with open(zip_file, 'rb') as file_body:
+        files = {
+            'json': ('description', json.dumps(data), 'application/json'),
+            'file': (os.path.basename(zip_file), file_body, 'application/zip')
+        }
+        print(" * Uploading file %s to the server. Please wait (Maximum file size: 100MB)" % (
+            os.path.basename(zip_file)))
+        try:
+            r = requests.post(url, files=files)
+        except TimeoutError:
+            print("Connection timed out")
+        else:
+            if r.content:
+                try:
+                    response = json.loads(r.content)
+                    if ERR_MESSAGE in response:
+                        print(" * " + response[ERR_MESSAGE])
+                        if file_body:
+                            file_body.close()
+                        if os.path.isfile(zip_file):
+                            os.remove(zip_file)
+                        return
+                except Exception as err:
+                    print(r.content)
+def zip_files(files):
+    print(" * %s transport files found in the directory. Compressing" % (len(files),))
+    zipfilename = func.get_file_name("tran.zip")
+    zip = zipfile.ZipFile(zipfilename, mode='w', compression=zipfile.ZIP_DEFLATED, compresslevel=9)
+    for filename in files:
+        zip.write(filename, os.path.basename(filename), compress_type=zipfile.ZIP_DEFLATED)
+    zip.close()
+    if os.path.isfile(zip.filename):
+        stat = os.stat(zip.filename)
+        size_mb = stat.st_size / (1024 * 1024)
+        if size_mb <= 100:
+            print(" * ZIP file created. File size is %s MB" % (round(size_mb),))
+            return zip.filename
+        else:
+            print("[ERROR] ZIP file is too big (Maximum file size: 100MB)")
+def main():
+    args = init_args()
+    if "path" in args and args["path"]:
+        file_list = enum_files(args["path"])
+        if not len(file_list):
+            print("[ERROR] Transport files not found in the directory")
+            return
+        temp_file = zip_files(file_list)
+        if temp_file is None or temp_file == "":
+            print("[ERROR] ZIP archive not created due to error")
+            return
+        upload_it(temp_file, args)
+        if os.path.isfile(temp_file):
+            os.remove(temp_file)
+if __name__ == '__main__':
+    main()

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/offlinesec_client/req_patch_day.py RENAMED Viewed

@@ -42,6 +42,7 @@ def process_it(args):
     additional_keys["patch_day"] = True
     if args["id"]:
         additional_keys["id"] = args["id"]
+    additional_keys["version"] = offlinesec_client.__version__
     offlinesec_client.func.send_to_server(systems, UPLOAD_URL, additional_keys)
     wait = args["wait"]

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/offlinesec_client.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: offlinesec-client
-Version: 1.1.7
+Version: 1.1.9
 Summary: Offline Security Client
 Home-page: https://offlinesec.com
 Author: Offline Security
@@ -46,6 +46,14 @@ or
 python3 -m pip install offlinesec_client
 ```
+Check the installation script output. if you see the following warning:
+WARNING: The scripts offlinesec_get_reports, offlinesec_inverse_transform, offlinesec_sap_notes, offlinesec_sap_params and offlinesec_sap_roles are installed in '/Users/<username>/Library/Python/3.8/bin' which is not on PATH.
+Then add Python folder to the PATH variable:
+```sh
+export PATH="$PATH:/Users/<username>/Library/Python/3.8/bin"
+```
 ### Installation last version from repository on [github.com](https://github.com/offlinesec/offlinesec-client)
 ```sh
 git clone https://github.com/offlinesec/offlinesec-client.git
@@ -70,9 +78,11 @@ pip3 show offlinesec_client
 How to discovery missed SAP Security Notes:
 1. Prepare text file with installed SAP software component versions ([details](./docs/how_to_prepare_sap_softs.md))
-2. Send prepared file to server (optional you can set SAP system name):
+2. Download CWBNTCUST table ([details](./docs/how_to_prepare_sap_softs.md))
+3. Check kernel version and kernel patch
+4. Send files to the server (optional you can set SAP system name):
 ```sh
-offlinesec_sap_notes -f "software_components.txt" -s "Demo System"
+offlinesec_sap_notes -f "software_components.txt" -s "Demo System" -k 721 -p 402 -c "cwbntcust.xlsx"
 ```
 3. Wait aprox 5 minutes (Depends on server load)
 4. Download your report:
@@ -105,8 +115,8 @@ offlinesec_get_reports
 * All sensitive information is excluded from the upload file (Role names)
 * Please remember you can create your own check variants. The details are available [here](https://github.com/offlinesec/offlinesec-knowledgebase)
-4. Transport Request Analysis
-* Will be available in next releases
+4. Transport Request Analysis (Available since version 1.1.8)
+* [How to generate report](./docs/how_to_prepare_abap_report.md)
 5. SAP Security Audit Log Analysis
 * Will be available in next releases

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/offlinesec_client.egg-info/SOURCES.txt RENAMED Viewed

@@ -13,6 +13,7 @@ offlinesec_client/func.py
 offlinesec_client/get_reports.py
 offlinesec_client/java_system.py
 offlinesec_client/multi_systems.py
+offlinesec_client/req_abap_review.py
 offlinesec_client/req_bo_notes.py
 offlinesec_client/req_java_notes.py
 offlinesec_client/req_notes_report.py

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/offlinesec_client.egg-info/entry_points.txt RENAMED Viewed

@@ -1,4 +1,5 @@
 [console_scripts]
+offlinesec_abap_rep = offlinesec_client.req_abap_review:main
 offlinesec_api_secnotes = offlinesec_client.api_sec_notes:main
 offlinesec_bo_notes = offlinesec_client.req_bo_notes:main
 offlinesec_get_reports = offlinesec_client.get_reports:main

{offlinesec_client-1.1.7 → offlinesec_client-1.1.9}/setup.py RENAMED Viewed

@@ -26,6 +26,7 @@ setup(
                                       'offlinesec_sap_roles = offlinesec_client.req_roles_report:main',
                                       'offlinesec_bo_notes = offlinesec_client.req_bo_notes:main',
                                       'offlinesec_java_notes = offlinesec_client.req_java_notes:main',
+                                      'offlinesec_abap_rep = offlinesec_client.req_abap_review:main',
                                       'offlinesec_inverse_transform = offlinesec_client.resolve_report:main'], },
     install_requires=required,
     include_package_data=True