Skip to content

Add: Support for the openvasd HTTP API #1215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Add: Support for the openvasd HTTP API #1215

wants to merge 19 commits into from

Conversation

timopollmeier
Copy link
Member

What

A new subpackage for sending requests to HTTP APIs has been added which
also includes the first version of the openvasd API.

Why

References

GEA-939

Checklist

  • Tests

@timopollmeier timopollmeier requested review from a team as code owners April 4, 2025 07:32
@greenbonebot greenbonebot enabled auto-merge (rebase) April 4, 2025 07:32
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA bd3edc8.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
types-requests2.32.0.20250328Apache-2.0 AND MITIncompatible License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
pip/types-requests 2.32.0.20250328 🟢 6.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 9Found 24/25 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/httpx ^ 0.28.1 🟢 6.8
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 6Found 18/28 approved changesets -- score normalized to 6
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 106 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • poetry.lock
  • pyproject.toml

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2025

Conventional Commits Report

Type Number
Added 1

🚀 Conventional commits found.

@timopollmeier timopollmeier disabled auto-merge April 4, 2025 08:55
@timopollmeier timopollmeier enabled auto-merge (squash) April 4, 2025 08:55
@codecov Codecov
Copy link

codecov bot commented Apr 4, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 98.83721% with 2 lines in your changes missing coverage. Please review.

Project coverage is 97.78%. Comparing base (27994c9) to head (bd3edc8).

Files with missing lines Patch % Lines
gvm/protocols/http/core/headers.py 96.55% 0 Missing and 1 partial ⚠️
gvm/protocols/http/core/response.py 96.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1215      +/-   ##
==========================================
+ Coverage   97.74%   97.78%   +0.03%     
==========================================
  Files          71       76       +5     
  Lines        4967     5139     +172     
  Branches      895      915      +20     
==========================================
+ Hits         4855     5025     +170     
  Misses         76       76              
- Partials       36       38       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@timopollmeier
Add: Support for the openvasd HTTP API
a596566 
A new subpackage for sending requests to HTTP APIs has been added which
also includes the first version of the openvasd API.
@timopollmeier
Add documentation for HTTP APIs, small refactoring
048b51e 
Sphinx documentation pages and some additional docstrings have
been added.
The "api" module in gvm.http.core is renamed to "_api" and
url_join is now a class method of HttpApiConnector.
@timopollmeier
Reformat HTTP package and tests
320caeb
@timopollmeier
Address linter warnings
89a14ab
@timopollmeier
Break some overlong docstring lines
a961bea
@timopollmeier
Address linter warnings in HTTP tests
2e28788
@timopollmeier
Use workaround for typing.Self missing in older Python versions
3636a33
@timopollmeier
Move misplaced assertion in test_create_scan to correct place
73ffbba
@timopollmeier
Clean up type hints for HTTP APIs
44f67ea
@timopollmeier
Reformat gvm/http/core/_api.py
1c1ac5b
@timopollmeier
Use correct vts list in test_create_scan assertions
0709d37
@timopollmeier
Reorganize imports
8a1bab3
@timopollmeier
Make type hints for mock HTTP responses work in older Python
e11fd5f
@timopollmeier
Move types-requests to dev dependencies
ec59911
bjoernricks
bjoernricks reviewed Apr 7, 2025
View reviewed changes
Copy link
Contributor

@bjoernricks bjoernricks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Timo, could you replace requests with httpx please? requests doesn't support asyncio and httpx has sync and asyncio APIs very similar to requests.

bjoernricks
bjoernricks reviewed Apr 7, 2025
View reviewed changes
Copy link
Contributor

@bjoernricks bjoernricks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And I think it should be gvm/protocols/http as osp and gmp can be found in gvm.protocols currently.

bjoernricks
bjoernricks reviewed May 2, 2025
View reviewed changes
Copy link
Contributor

@bjoernricks bjoernricks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finally I took some time to review the PR. I am not sure if we should provide an abstraction over http like done in gvm.protocols.core for GMP. The gvm.protocols.core module is modeled like http libraries work internally and to provide a similar low level API.

IMHO the code in gvm.protocols.http.core is not really necessary. We could use the httpx classes (for example the HttpClient) directly. An Http abstraction should not be necessary. I am also not sure if we should provide access to http internals at all. Do we need such a low level access or should we abstract the scanner-api on a higher level? If we abstract the scanner-api I would go for returning json based dicts from the OpenvasdHttpApiV1 methods or even more advanced some models bases on dataclasses. An inspiration could be our GitHub API or the python docker libarary.

Maybe we even should split the API into several sub classes similar to https://github.com/greenbone/pontos/blob/main/pontos/github/api/api.py so we get something like openvasdapi.health.get_health_alive() openvasdapi.notus.get_notus_os_list(). This is something I also wanted for GMP for a long time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjoernricks bjoernricks bjoernricks left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timopollmeier @bjoernricks