Skip to content

Latest commit

 

History

History
1214 lines (729 loc) · 32.4 KB

CHANGELOG.md

File metadata and controls

1214 lines (729 loc) · 32.4 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Added

  • Tenable.sc plugin listing now supports the filters parameter #718
  • Tenable.sc report definition launching capability #656
  • Tenable.io (TVM) WAS Export support #850
  • Tenable.sc HostUUID support for accept & recast risks #843

Changed

  • Moved cryptography to be an optional package only for the pkcs12 extra

Changed

  • Corrected the pyproject.toml config for the readme
  • Linted CHANGELOG.md
  • Fixed missing variable passing within graphql queries #839
  • Updated the GQL Queries for Cloud Security #840
  • Updated pipeline w/ pre-commit checks

Fixed

  • Updated default ovject params for Security Center #714
  • Agents List throws an exception when no agents are available #687
  • Updated Security Center users endpoints with user migration upon delete #541

Added

  • Adding support for GET /api/v1/vectors endpoint by @naumraviz in #818 #819 #822
  • Adding support for GET /api/v1/vectors endpoint - run_ai_summarization param by @naumraviz in #829
  • Support for Export phase 2 Filters and Endpoints by @aseemsavio in #826
  • Simple shim for support importing as TVM as well as TIO. by @SteveMcGrath in #821
  • Feature/gql support by @SteveMcGrath in #832
  • Agent export csv writer by @JosephPerri in #830
  • Initial ASM support & Tests by @SteveMcGrath in #835

Changed

  • Improved Export Iterator logging. by @SteveMcGrath in #820
  • Updated tooling and GH Actions by @SteveMcGrath in #833
  • Updated Analysis iterator to improve record keeping. by @SteveMcGrath in #834
  • Fixed cert auth issues by @SteveMcGrath in #836
  • Corrected last_modified issue #810 by @SteveMcGrath in #837

Added

  • Merged in all of the remaining Tenable Identity Exposure API modules #466 #468 #484 #487 #496 #497 #498 #499 #500 #501 #503 #505 #507 #509 #510 #511 #516 #517 #519 #522 #525 #526 #527 #528 #529 #531 #537 #538
  • Added support for Python 3.12 to testing framework #773
  • Refactored Audit Log module to support pagination updates #772
  • Added Job Adoption support to Export sub-pkg #779
  • Added Access control to main IO package

Fixed

  • Corrected issue with TSC Files module #771

Removed

  • Pulled v3 Explore sub-pkgs as the API has been deprecated for some time.

Changed

  • Added deprecation notice to v3 base sub-pkg. Only applies to access control.
  • Added deprecation notice to Target Groups module (Deprecated APIs)
  • Added deprecation notice to Workbenches module (Soon to be Deprecated APIs)
  • Added deprecation notice to Access Groups module (Deprecated APIs)

[1.4.22]

Added

  • Support for New ACR APIs (#654)
  • Added Implicit WAS exclude for Tenable Security Center (#763)
  • Support for currentPassword field in SC Users API.

Added

  • Support for new Compliance Export Enhancement fields in Vulnerability Management.
  • Support for currentPassword field in SC Users API.

Fixed

  • Bug that causes pyTenable to error out when srcInterface or dstInterface values in events object in OT is non-null.

Added

  • Support for inactivity_timeout during a Security Center scan creation.
  • Loosened up validations on the preference object in Security Center policies API.

Added

  • Support for file_type property in upload method in Vulnerability Management Credentials API.

Fixed

  • Vulnerability CVE-2023-38325 by upgrading the test dependency requests-pkcs12.

Added

  • Support for include_open_ports property in Vulnerability Management asset export request.

Fixed

  • Pagination bug in the Tenable OT Security Exports - Plugin Query.

Added

  • New Tenable OT Security Exports package #742

Added

  • Support for source and severity_modification_type filters to Vulnerability Management vulnerability export.
  • Support for filtering out hidden assets from Operational technology asset list method by default.
  • Product Rebranding in the SDK documentation.

Deprecated

  • Support for V3 Vulnerability Management API methods.

Added

  • Support for exporting Web App Scan Results.

Added

  • Support for Python 3.11

Fixed

  • tsc.analysis.scan(1) not honoring Scan ID with Tenable.sc 6.0.0.
  • pyTenable crashes when pagination key with a null value is in the HTTP response in Tenable.io v3 APIs.

Added

  • Support for Scan UUID (last_scan_id) filter for assets exports.

Added

  • Support for scan_uuid filter for vulnerability exports.

Fixed

  • Bug in tenable/io/scanners.py that invoked the /settings/{} endpoint instead of the correct /scanners/{} endpoint.
  • Error in the documentation of the sc.scans.edit() method. The property - policy was renamed to policy_id.
  • tests module getting into the pypi package. Now, the module will no longer be part of pypi package.

Removed

  • plugin_id param from the sc.scans.create() method as it is no longer supported by Tenable.sc.
  • Python 3.6 references from all documentation.
  • search_host_audit() method from io/v3/explore/findings.

Added

  • Support for initiating exports (and getting the export UUID).
  • Support for Tenable.ot plugins, events, more support for asset details.

Fixed

  • Bug in tio.scans.results() fixed to pass history_id and history_uuid.

Changed

  • Refactored Tenable.ot session client.

Removed

  • Support for Python Version 3.6.

Added

  • Support for Role Based Access Control endpoints.
  • Support for specifying Agent UUIDs instead of numeric IDs for bulk group addition.

Added

  • Added support for querying v3 Findings for Hosts, Cloud Resources, Web Applications and Host Audits modules. #592 #595
  • Added support for querying v3 Assets data for Hosts, Cloud Resources, and Web Applications modules. #592 #594

Fixed

  • Fixed Tenable.io - Tags example #590
  • Fixed Nessus import issue #589

Added

  • Initial support for Nessus #556
  • Wheels published to PyPi #536
  • Python 3.10 support #540

Fixed

  • Corrected broken security step in pipeline #563
  • Export param regression with plugin family #555
  • NessusReportv2 doesnt handle Nonetype in cvss scoring #552

Added

  • Initial support for additional Tenable.ad APIs

Changed

  • Upgraded restfly to 1.4.5

Fixed

  • Issue with Content-Type errors around case sensitivity #520

Added

  • Initial support for Tenable.ad #487 #484 #468 #466

Fixed

  • Fixed PR pipeline issue #490
  • typing-extension requirement fixed #489
  • Added required init files #491
  • deprecated use of "default" in marshmallow schemas #493

Added

  • TenableSC version checking refactored to handle an APIError on the response when unauthenticated. (breaking issue for 5.20.0) #475
  • GraphQL support for TenableOT #461
  • hard_delete param #465

Changed

  • Updated Github Actions to add style checking and security checking
  • Refactored the API Docsite to be easier to navigate, read, and link. #460 #464
  • Rebased low-level connection logic to use RESTfly instead. (v2 work) #457
  • Refactored Container Security Package to be within the IO package and recoded to properly follow the API docs. #459 #474
  • Refactored Exports API code to follow v2 standard #463

Fixed

  • OrgID should be optional for repositories #444

[1.4.1]: yanked - broken build

[1.4.0]: yanked - broken build

Added

  • Added Python 3.9 in the pypi changes #380 #376
  • Added pylint to JenkinsFile #378
  • code owners file is added #366
  • Added export compliance API in IO package #358
  • Added for the session object,in logout ,session close in tenable.sc and Added 'UnknownError' and 'RetryError' (PR #386,PR #363 closed) added that changes in PR #387

Changed

  • Deprecation warning for io session API #391
  • For attribute plugin_version in plugin_detail #389
  • Reverse of Appsdir dependencies PR #382
  • Requirements patch 1.3.2 for library appdir #379

Fixed

  • had added the fix for the issue #236 and fix done for credentials safe in PR #388
  • Bugfix asset details PR #384
  • Fixed pylint issues in tenable.sc PR #381
  • Fixed self log in tenable.io, base, cs, downloads, dl, ot, reports #353 #370,#371
  • Fixed Remediation and Compliance doc #365
  • Fixed Remediation scan with selected plugins only #362
  • Fixed github issue 321 update_assets_ttl_days #360
  • Fixed github issue 304 tags.create() function #357
  • Fixed github issue 298 io_exception_handling #354
  • Fixed the documentation issue in exclusions #352
  • Fixed the import os problem of PR 299 #351
  • Fixed invalid creation date in row num #341

[1.3.2] : yanked - broken build

Added

  • add tio.remediationscans endpoints #339

Changed

  • added stream_hook param to tio.scans.export endpoint #332

Fixed

  • fix all_permisisons var in tio.tags to have correct values #340
  • fix tests and test coverage #336, #328, #344, #338
  • fix links and typos in documentation #335, #323
  • update semver version #334
  • fixed endpoints in sc.organizations #330, #331
  • missing import in ContainerSecurity class #299

Added

  • PyLint and Codacy checks as part of PyTenable test suite / pipeline #316
  • move assets endpoint in tio.assets.move_assets #312
  • access group v2 endpoints added in tio.access_groups_v2 #308
  • add support for "schedule_scan" in tio.scans endpoints #288
  • add list_routes and edit_routes in tio.scanner_groups #290
  • add exclusions_import in tio.exclusions #293
  • add list_auths and edit_auths in tio.users #296
  • add check_auto_targets in tio.scans #301
  • add bulk_delete in tio.assets #302
  • add network_asset_count in tio.networks #303

Changed

  • tags.create and tags.edit now have access_control and filter #309
  • updated tio.exclusions.edit arguments #282
  • added sort arg in tio.scans.history, fixed sort in tio.tags #283
  • added network_id arg to tio.exclusions create/edit #284
  • support bulk delete in tio.tags.delete #295

Fixed

  • many errors and warnings across the code base #320, #317, #314, #313, #281
  • tio.agent_config.edit now returns payload #287
  • error handling in tio.plugins #291

Changed

  • Centralized the SSL Verification process and support passing the verify param to Python Requests regardless of the of the session setting. This addresses the requests issue identified psf/requests#3829 #265 #166 #139

Fixed

  • Tenable.io policy template details required type #271
  • Editing a user would fail if no account name existed #270
  • Export iterator could potentially restart #263

Added

  • TenableIO.credentials.upload method added #269

Fixed

  • Removed integer checks for tio.editor.obj_details
  • Fixed Plugin Family URL for scan policies when using mixed families #255

Added

  • timeout and when_done are now documented and supported for both vuln and asset exports.

Fixed

  • Updated docs to replace "category_name" with "name" in the example in tagging. #241
  • Updated export None checking added in 1.2.3 to check for None correctly #248
  • Updated filter schema to always return the rule.
  • Incorrect endpoint used for sc.organizations.recast_risk_rules #256

Added

  • Added pagination support in tio.agent_groups_details #251
  • Added "linked" to accepted account types #257

Changed

  • Tenable.ot base version is now 3.7
  • TenableOT object now uses secret_key over api_token.
  • Updated VulnInternmixer iterator in Tenable.ot to support new format.

[1.2.4]

This version was pulled due to a dirty build environment. All 1.2.4 notes are in 1.2.5

Fixed

  • Corrected documentation issue #239

Changed

  • Corrected behavior in tio.exports.ExportsIterator now that the API has changed

Fixed

  • Reverted Tenable.sc credential issue #210 as the docs are incorrect.
  • Fixed documentation issues #228 #225 #233 #229
  • Fixed regex escaping in test suite #230

Changed

  • Removed ipaddress requirement as it's part of the standard library #226

Added

  • Embedded new base classes leveraging RESTfly for connection logic instead of the custom-coded ones.
  • Added base schema for filtering using marshmallow.
  • Added Tenable.ot support using new base class.
  • Refactored the Downloads class to use the new RESTfly-based classes.
  • New unit tests will now start to use responses over pytest-vcr when possible.

Changed

  • tenable.downloads.Downloads now will warn about deprecation.

Added

  • history_uuid is now a field that can be used in TenableIO.scans

Changed

  • Relaxed type checking for scan_id in TenableIO.scans

Fixed

  • TenableSC.FeedsAPI.process pointed to the wrong URL. #201

Changed

  • TenableIO.ScansAPI didn't distinctly call out that unknown keyword args are shunted to settings #202
  • Explicitly called out the common themes section of the documentation for TenableSC #200
  • Adjusted case sensitivity guidelines for plugin_family in TenableIO.exports.vulns #199

Added

  • Added assign tags method to TenableIO.assets package #194

Fixed

  • Errant id check in audit file template list #195
  • BytesIO import didn't exist in TenableSC.audit_files package #197

Added

  • Response timeout settings exposed and defaults set. #192 #193

Changed

  • Improved handling of export chunks.
    • Added Error handling of JSON decode errors
    • Added retry logic of chunks that appear to be broken (networking issue?)
    • Added automatic retiring and re-fetch to ignore empty chunks of data.

Fixed

  • Retry documentation wasn't correct, adjusted the default values as necessary.

Fixed

  • TenableSC.queries.create() did not pass filters to the constructor #191

Fixed

  • TenableIO.tags.list_categories() was pointing to values instead of categories #186
  • TenableSC instantiation does not support base path customization #187

Fixed

  • Documentation Examples for TenableSC.feeds use feed instead of feeds #178
  • Documentation Examples for TenableSC.files used feed instead of files. #179
  • TenableSC.credentials used the incorrect parameter for oracleAuthType. #180

Fixed

  • TenableSC.AssetListAPI constructor improperly referred to fobj instead of kw['fobj'] #177
  • TenableSC.ScannerAPI.edit improperly attempted to merge the scanner details into the PATCH call #176

Changed

  • Increased default chunk sizing for TenableIO.exports.assets to 1000
  • Increased default num_assets chunk sizing for TenableIO.exports.vulns to 500
  • Increased default page sizing for TenableSC.analysis calls to 1000
  • Improved debug logs for all API calls. Debug logs now effectively log before, during, and after.
  • Improved debug log format. Pre-Request logs now output a standard JSON format.

Added

  • Will now attempt to retry on lower-level ConnectionErrors.

Changed

  • ExportIterator will now backoff on status calls up to 30 seconds between calls.

Added

  • Exporting WAS scans nor functions as intended. #175

Fixed

  • TenableIO.TagAPI filter check erroneously used self.check instead of self._check

Added

  • API Key support for TenableSC as Tenable.sc version 5.13 introduced key support.
  • TenableSC now supports context management for authentication. (with TenableSC...)
  • Dyanamic tag filter field support for TenableIO.tags create and edit methods. #174

Changed

  • TenableSC.login user && passwd parameters now called username && password

Changed

  • Upped Revision on 0.3.29

Added

  • Testing in travis for Python 3.7 and 3.8

Fixed

  • New UA String code was failing on windows hosts as os.uname isn't x-platform #164
  • Implicit "all" hostType was not set when creating an accepted risk. #162

Changed

  • Converted to new UA String format in an effort to normalize UA strings.

[0.3.37]

Changed

  • Query filters can now be overloadable and removable for TenableSC.analysis

Fixed

  • Documentation was incorrectly calling the wrong method #156
  • Incorrect timezone documentation for SC #145
  • repeatRule parameter for schedules was incorrectly documented as rrule #144
  • host_tracking for scans constructor was documented, however unimplemented #152
  • Unable to set the max scan time to unlimited #149

Fixed

  • Failed to add necessary requirement for the "ipaddress" python package.

Added

  • Added the Tenable.io ScansAPI.history endpoint #141
  • Added the ability for Tenable.io's PolicyAPI.list() iterator to graft on plugin family details.

Fixed

  • Spelling type in Tenable.sc ScansAPI.launch when generating diagnostic passwords #142
  • Incorrect policy UUID passed to scans created in Tenable.io w/ an existing policy. #143

Changed

  • Switched the Nessusv2 file parser to diffusedxml per recommendation with bandit

Fixed

  • TenableSC SSL verification flags were not set in the session builder, which meant that login was a one-time event. #139

Changed

  • Improved documentation for creating scans to include credentials

Added

  • Tenable.io Access Group API Added and Tested #98
  • Tenable.io Networks API Added and Tested #129
  • Tenable.io Managed Credentials API Added and Tested #130

Fixed

  • tio.policies.template_details wasn't correctly constructing the document from the editor API #136
  • tio.agent_groups.list was missing from the documentation

Added

  • Tenable.sc Asset List API Added and Tested #13

Changed

  • Export wait logic is now centralized. Both scan export and workbench export now use this new method.

Fixed

  • Multiple chapters should be merged with ; and not , in Workbenches exports
  • Chapter "vuln_by_asset" was missing from the choices for workbench export #127
  • Docstrings incorrectly state that chapters are only necessary for PDF and HTML #127
  • Scan types weren't being set when passing the subordinate attribute #128

Changed

  • Tenable.io scans.export now supports explicitly defining the filters attribute as well as the implicit argument list #124

Fixed

Added

  • Added support for the new plugins list endpoint.
  • Support for extensible retry logic using the retry_on param.
  • Tested out CSv2 API endpoints #8 #9

Changed

  • Homogenized the docstrings for TenableSC #115
  • Updated docs in tio.scans.create to denote that the name is required. #118

Fixed

  • Streaming responses in TenableSC weren't working as expected #114
  • Files weren't uploading properly in TenableSC Credentials endpoints #122
  • User permissions parameter type #121
  • Typo in docs #120
  • Scanner listing when WAS wasn't enabled caused an error #117

Changed

  • All Tenable.io API doc links have been re-pointed to the new developer portal. #111
  • tio.editor.edit has been renamed to tio.editor.template_details as it was misnamed.
  • tio.editor.list has been renamed to tio.editor.template_list to more accurately describe it's function.

Added

  • Added the asset delete method to the workbenches TenableIO module #110
  • Added and tested out the TenableSC plugin family additions to the plugins module #78
  • Added and tested out the TenableSC OrganizationAPI module #77
  • Added and tested out the TenableSC QueryAPI module #79

Fixed

  • Various documentation issues reported by sphinx addressed
  • TenableSC.scan_instances.list can now support non-standard timeframes #108

Added

  • Added and tested out support for TenableSC Credentials #76

Added

  • Analysis filters now allow for collapsing lists if id dicts into lists of integer ids. e.g. ('name', '=', [{'id': 1}]) is now ('name', '=', [1])
  • Added and tested out support for TenableSC AuditFileAPI #75

Changed

  • Tenable.io Exports iterator now has uuid, chunk_id, chunks, and processed publicly exposed.

Fixed

  • Addressed issue where UnexpectedValueError was sometimes raised when specifying a scanner by name in tio.scans._create_scan_document.

Added

  • Added and tested out support for TenableSC UserAPI #24
  • Added and tested out support for TenableSC GroupAPI #24
  • Added and tested TenableIO.agent_groups.list() #105

Fixed

  • Tenable.sc Schedule document validation extended to support now for scans #102

Added

  • Added and tested out support for TenableSC RoleAPI #24

Fixed

  • Retries would throw an error as they weren't floats.
  • Exports would erroneously set an option if set to none.
  • The scan history test cassette was modified to match the new call.

Fixed

  • Corrected Doc Issue where the downloads API was incorrectly referencing sc.alerts
  • Fixed issue with scan history deletion where the path was incorrect #101

Added

  • Tested out TenableSC StatusAPI #22
  • Tested out TenableSC SystemAPI #22
  • Tested out TenableSC ScanZoneAPI #21
  • Tested out TenableSC ScannerAPI #21
  • Tested out Downloads API

Fixed

  • RetryError no longer itself throws an error due to logging.
  • Fixed type mismatch bug in IO workbench filters #97
  • Corrected issue with ScanZone updates using the wrong HTTP method #95
  • Corrected doc issue with ScanResultAPI.export not referring to the fact that the exported scan is zipped.
  • Corrected the raw HTTP method docs

Added

  • Added view parameter for TenableSC.analysis.scan #73
  • Added accept_risks module #18 (untested)
  • Added system module and converted the TenableSC module to use it over a raw call #22
  • Added status module #22 (untested)

Fixed

  • Fixed issue with TenableSC.analysis.scan not properly passing a view. #73

Added

  • Added proxy support for the IO, SC, etc. #72

Fixed

  • Fixed issue where supplied sessions weren't being properly passed to _build_session.

Added

  • Added example for Workbench CSV Downloads for IO
  • Added support for multi-value filters in IO.
  • Added Request-UUID logging for all responses when available.
  • Added TenableSC scan_instances endpoints and associated tests #19.
  • Added TenableSC scan policies endpoints and associated tests #20.
  • TenableIO can now pull API keys directly from environment variables as well.
  • Added doc page detailing how to run the tests.
  • Added TenableSC repositories endpoint and associated tests #17

Fixed

  • Exports methods in TenableIO now respect 0 integers being passed #69.
  • Errored scan exports in TenableIO will no longer wait forever.
  • Scan Exports using multiple chapters now works as expected #71 #70

Removed

  • schedule_* parameters in scans have been removed in favor of direct checking and documentation of the schedule dictionary. This has larger implications down the line with repositories, alerts, etc.

Added

  • Added the aggregate parameter for scan import.
  • Added Changelog and backfilled changes from 0.1.0 to current
  • Added testing for user outputs #26
  • Added testing for scanner outputs #30
  • Added testing for permissions #34
  • Added testing for groups #35
  • Adjusted the doc format to no longer pin the sidebar #61
  • Added redaction to sensitive pathways #66
  • Added tagging support #44

Changed

  • Tenable.sc files module was incorrectly pointing to self.post instead of self._api.post
  • Launching a scan with alt_targets sends an array instead of a string #64
  • Tenable.sc Analysis will now handle Query IDs #63
  • Agent-Delete within Tenable.io Was using the wrong Endpoint #59
  • Refactored TIOIterator to use less code when subclassing.
  • Documented iterators and other common models.

Added

  • Added TioExportsError to handle status error
  • Tagging support for asset export

Added

  • Added scans.status in Tenable.sc
  • Added scans module for Tenable.sc
  • Added logging support for the whole of pyTenable

Changed

  • Corrected pathway to acceptRiskRule for Tenable.sc package
  • Scans.update renamed to Scans.edit in Tenable.io

Removed

  • analysis_type from being sent to the API

Added

  • Tenable.sc login testing
  • Tenable.sc Analysis testing #10

Changed

  • Fixed iterator looping issue
  • Travis now runs all tests
  • Converted pytest to use conftest standard
  • Improved VCRpy testing

Removed

  • Container Security v1 tests (not VCRed)

Changed

  • Fixed iterator first page problem
  • Adjusted Tenable.sc model constructors to all behave the same uniform way

Added

  • Added tagging support for vulnerability export
  • Added VCRpy to all unit tests
  • Added accept_risks Model to TenableSC

Changed

  • Moved get_status checking for iterators to conform to DRY
  • lxml is now an optional dependency

Added

  • Added scan_instances to TenableSC

Changed

  • tio.scanners.linking_key is now a method instead fo a property

Removed

  • Removed a lot of stubbed models that haven't been worked on yet

Changed

  • Documentation refactored
  • Mocked up some of the libraries for improved testing
  • Fixed typo bug in sc.scans

Added

  • Documented asset_activity to TenableIO

Changed

  • Re-pointed all SecurityCenter references to TenableSC instead
  • Refactored schedule sub-document creation into a separate constructor for re-use
  • Documentation improvements

Added

  • Added unit tests for Inputs & Outputs for IO Scanner Groups
  • Added unit tests for Inputs & Outputs for IO Policies
  • Added unit tests for Inputs & Outputs for IO Plugins
  • Added unit tests for Inputs & Outputs for IO Folders
  • Added unit tests for Inputs & Outputs for IO Filters
  • Added unit tests for Inputs & Outputs for IO Asset Lists
  • Added unit tests for Inputs & Outputs for IO Target Groups
  • Added unit tests for Inputs & Outputs for IO Sessions
  • Added RetryError

Changed

  • Inlined all of the Documentation into the code itself
  • Documentation refactoring effort for the whole package
  • Unit test improvements

Changed

  • Refactored long-description to better suit PyPI inclusion

Changed

  • Inlined the Readme

Added

  • Added TenableSC Analysis Model
  • Added TenableSC Feeds Model
  • Added TenableSC Files Model
  • Added NessusReportv2 Model

Changed

  • Refactored the sub-package pathing
  • Modified importing to be relative

Added

  • Added TenableIO Exports Model
  • Added TenableIO Scans Model
  • Added

Changed

  • Fixed Time Conversion Issue #6