Add: Support for the openvasd HTTP API #1215
Conversation
Dependency ReviewThe following issues were found:
Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. License Issuespoetry.lock
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1 OpenSSF Scorecard
Scanned Files
|
Conventional Commits Report
🚀 Conventional commits found. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
timopollmeier
force-pushed
the
add-openvasd
branch
from
e09dc48 to
2a75e5a
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1215 +/- ##
==========================================
+ Coverage 97.85% 97.95% +0.10%
==========================================
Files 75 83 +8
Lines 5163 5431 +268
Branches 935 962 +27
==========================================
+ Hits 5052 5320 +268
Misses 75 75
Partials 36 36 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
timopollmeier
force-pushed
the
add-openvasd
branch
from
9cda0bb to
ec59911
Compare
timopollmeier
force-pushed
the
add-openvasd
branch
2 times, most recently
from
ae6a432 to
6dbe31d
Compare
There was a problem hiding this comment.
Finally I took some time to review the PR. I am not sure if we should provide an abstraction over http like done in gvm.protocols.core for GMP. The gvm.protocols.core module is modeled like http libraries work internally and to provide a similar low level API.
IMHO the code in gvm.protocols.http.core is not really necessary. We could use the httpx classes (for example the HttpClient) directly. An Http abstraction should not be necessary. I am also not sure if we should provide access to http internals at all. Do we need such a low level access or should we abstract the scanner-api on a higher level? If we abstract the scanner-api I would go for returning json based dicts from the OpenvasdHttpApiV1 methods or even more advanced some models bases on dataclasses. An inspiration could be our GitHub API or the python docker libarary.
Maybe we even should split the API into several sub classes similar to https://github.com/greenbone/pontos/blob/main/pontos/github/api/api.py so we get something like openvasdapi.health.get_health_alive() openvasdapi.notus.get_notus_os_list(). This is something I also wanted for GMP for a long time.
There was a problem hiding this comment.
Hi, I pushed some changes to get this PR forward as fast as possible.
For me two things still need improvements. First of all the input of create_scan should take objects to make the creation of a new scan way more easier without having to know all the details of the input json. Second the scan preferences API is missing. The missing API should not block this PR at the end and could be added in a separate PR.
A new subpackage for sending requests to HTTP APIs has been added which also includes the first version of the openvasd API.
Sphinx documentation pages and some additional docstrings have been added. The "api" module in gvm.http.core is renamed to "_api" and url_join is now a class method of HttpApiConnector.
The client class just creates a httpx.Client instance. Therefore it should be a function. Rename the module and remove the v from the name to be consistent with other module names.
Use a consistent naming.
Users should import the class from gvm.protocols.http.openvasd.
Users should not import anything from these modules.
Drop the safe argument from all methods and replace it with a instance variable. Improve the types and docstrings of all methods.
Use markdown for all sources.
Return dataclasses instead of untyped dicts.
…rver Add this tooling for easier docs development.
What
A new subpackage for sending requests to HTTP APIs has been added which
also includes the first version of the openvasd API.
Why
References
GEA-939
Checklist